[Pkg-cryptsetup-devel] Bug#467200: Solution found, need input from cryptsetup, udev, hal, devmapper maintainers [was: Re: gnome-mount: Unable to mount encrypted volume]

Sam Morris sam at robots.org.uk
Mon Apr 21 18:41:45 UTC 2008


reassign 467200 udev,cryptsetyp,devmapper,hal
thanks

Maintainers, this bug concerns a race condition between cryptsetup and
hal that occurs when the user inserts a disk encrypted using LUKS. It
breaks a very nice feature, that the user is prompted for their
passphrase and the disk is unlocked automatically. I believe that a
correct fix requires minor modifications lower down in the stack, at the
udev or devmapper level.

Please review the following and let me know what you think; I would
like to get the fixes for this bug in place as soon as possible given
that we are headed towards the release of Lenny.

My solution is to add the following rules to udev's configuration:

        KERNEL!="dm-*", GOTO="device_mapper_end"
        ACTION!="add|change", GOTO="device_mapper_end"
        IMPORT{program}="/sbin/dmsetup export -j $major -m $minor"
        LABEL="device_mapper_end"

        ENV{DM_NAME}=="temporary-cryptsetup-*", OPTIONS+="ignore_device"

This tells udev to not send out a udev event if the device-mapper
mapping name starts with "temporary-cryptsetup-". HAL will therefore
never 'see' the temporary cryptsetup mapping that causes this problem.

I think that the first four udev rules are best added to udev.rules,
assuming that udev handles a missing /sbin/dmsetup sanely. Otherwise
they could be added to a udev rules file shipped by libdevmapper, and
have libdevmapper depend on dmsetup.

The final line of the above configuration should probably be added to
cryptsetup's configuration, since the "temporary-cryptsetup-*" mappings
are a cryptsetup-specific implementation detail. Alternatively, HAL
itself can be modified to ignore udev events where DM_NAME starts with
"temporary-cryptsetup-*".

Regards,

-- 
Sam Morris
http://robots.org.uk/

PGP key id 1024D/5EA01078
3412 EA18 1277 354B 991B  C869 B219 7FDB 5EA0 1078
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20080421/da2be4ee/attachment.pgp 


More information about the Pkg-cryptsetup-devel mailing list