[pkg-cryptsetup-devel] Bug#529527: cryptsetup: in initrd passphrase is shown on console after a misstyped password for non-luks
Gernot Schilling
gernotschilling at gmx.de
Tue May 19 20:29:24 UTC 2009
Package: cryptsetup
Version: 2:1.0.6-7
Severity: important
Tags: patch
the cryptroot script does not call $cryptremove after a misstyped
password,
so in the next round cryptsetup fails due to the already existing
$crypttarget.
now a reboot is required, which is annyoing.
but askpass is still waiting for the password and sends it to stdout,
which is then the console, which is kind of evil...
the included patch solves it, for me at least.
i have it running on two different machines, one with lukes, one without
( where i noticed this ),
and both work fine.
but on both there is a lvm on top of the $crypttarget, so i cannot say
anything about the behavior of plain fs on $crypttarget.
on both machines it is working for the 2.6.26-2-686 kernel of testing
and the 2.6.29.2-686 of unstable
about the patch:
everytime we do a continue of the while-loop or a return out of
setup_mapping ( and possibly into the while-loop of
reading /conf/conf.d/cryptroot ),
we have to check if cryptsetup left a $crypttarget that did not provide
the $ROOT device and, if so, remove it.
the problem is, that an immediately called cryptremove will result in a
"device busy" error, so we need to wait a little.
and then call $cryptremove until it worked
*** cryptroot.patch
--- orig/cryptroot 2009-05-19 13:10:01.000000000 +0200
+++ fixed/cryptroot 2009-05-19 21:41:05.000000000 +0200
@@ -163,6 +163,19 @@
return $?
}
+mapping_failed(){
+ local failed_count=0
+ message "$@"
+ /bin/sleep 0.5
+ if ! [ -e $ROOT ] ; then
+ while [ -e /dev/mapper/$crypttarget -a "$failed_count" -lt 3 ] ; do
+ failed_count=$(($failed_count +1))
+ $cryptremove
+ /bin/sleep 0.5
+ done
+ fi
+}
+
setup_mapping()
{
local opts count cryptcreate cryptremove NEWROOT
@@ -231,7 +244,7 @@
if ! crypttarget="$crypttarget" cryptsource="$cryptsource" \
$cryptkeyscript "$cryptkey" | $cryptcreate --key-file=- ; then
- message "cryptsetup: cryptsetup failed, bad password or options?"
+ mapping_failed "cryptsetup: cryptsetup failed, bad password
or options?"
continue
fi
@@ -246,10 +259,10 @@
# See if we need to setup lvm on the crypto device
if [ "$FSTYPE" = "lvm" ] || [ "$FSTYPE" = "lvm2" ]; then
if [ -z "$cryptlvm" ]; then
- message "cryptsetup: lvm fs found but no lvm configured"
+ mapping_failed "cryptsetup: lvm fs found but no lvm configured"
return 1
elif ! activate_vg "/dev/mapper/$cryptlvm"; then
- message "cryptsetup: failed to setup lvm device"
+ mapping_failed "cryptsetup: failed to setup lvm device"
return 1
fi
@@ -258,8 +271,8 @@
fi
if [ -z "$FSTYPE" ] || [ "$FSTYPE" = "unknown" ]; then
- message "cryptsetup: unknown fstype, bad password or options?"
- $cryptremove
+ mapping_failed "cryptsetup: cryptsetup failed, bad password or
options?"
+
continue
fi
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.29-2-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages cryptsetup depends on:
ii dmsetup 2:1.02.30-3 The Linux Kernel Device
Mapper use
ii libc6 2.9-4 GNU C Library: Shared
libraries
ii libdevmapper1.02.1 2:1.02.30-3 The Linux Kernel Device
Mapper use
ii libpopt0 1.14-4 lib for parsing cmdline
parameters
ii libuuid1 1.41.3-1 universally unique id
library
cryptsetup recommends no packages.
Versions of packages cryptsetup suggests:
ii dosfstools 3.0.2-1 utilities for making and
checking
ii initramfs-tools [linux-initra 0.93.2 tools for generating an
initramfs
ii udev 0.141-1 /dev/ and hotplug
management daemo
-- no debconf information
More information about the pkg-cryptsetup-devel
mailing list