[pkg-cryptsetup-devel] Bug#653194: cryptsetup: cryptroot hook for update-initramfs silently ignores the key file listed in crypttab
Ryan Castellucci
t2w9dhseu6 at snkmail.com
Sat Dec 24 23:33:12 UTC 2011
Package: cryptsetup
Version: 2:1.1.3-4squeeze2
Severity: critical
Justification: breaks the whole system
When update-initramfs is run, an initrd is built including my keyscript, but
*not* my key file. This rendered the system unbootable without warning. I
was able to recover from a rescue cd by unpacking the initrd, adding my key
file, and repacking the initrd - everything then worked as expected.
This should be trivially reproduceable by using `cat` as a keyscript with a
key file.
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-2.6.32-5-amd64 root=/dev/mapper/sda5_crypt ro quiet
-- /etc/crypttab
sda5_crypt UUID=179b33c0-bb72-4ad3-ad32-ec7fe4521404 /boot/key.tcy luks,keyscript=/usr/local/bin/threshcrypt_static
-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/mapper/sda5_crypt / ext3 errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=6d60dcfa-6afd-4d3f-a8e9-9fc8f31ce93b /boot ext3 defaults 0 2
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
-- lsmod
Module Size Used by
loop 11799 0
snd_ens1371 16938 0
gameport 7416 1 snd_ens1371
snd_rawmidi 15515 1 snd_ens1371
snd_seq_device 4493 1 snd_rawmidi
snd_ac97_codec 99186 1 snd_ens1371
ac97_bus 1086 1 snd_ac97_codec
snd_pcm 60487 2 snd_ens1371,snd_ac97_codec
snd_timer 15598 1 snd_pcm
snd 46526 6 snd_ens1371,snd_rawmidi,snd_seq_device,snd_ac97_codec,snd_pcm,snd_timer
parport_pc 18855 0
soundcore 4598 1 snd
joydev 8459 0
parport 27954 1 parport_pc
snd_page_alloc 6249 1 snd_pcm
i2c_piix4 8328 0
evdev 7352 2
pcspkr 1699 0
container 2389 0
psmouse 49937 0
processor 29935 0
ac 2192 0
shpchp 26264 0
serio_raw 3752 0
button 4650 0
i2c_core 15819 1 i2c_piix4
pci_hotplug 21587 1 shpchp
ext3 106710 2
jbd 37221 1 ext3
mbcache 5050 1 ext3
sha256_generic 8692 2
aes_x86_64 7340 2
aes_generic 25714 1 aes_x86_64
cbc 2539 1
usbhid 33292 0
hid 63257 1 usbhid
dm_crypt 10664 1
dm_mod 53898 3 dm_crypt
sg 24069 0
sd_mod 29921 3
crc_t10dif 1276 1 sd_mod
sr_mod 12602 0
cdrom 29415 1 sr_mod
uhci_hcd 18521 0
ata_generic 3239 0
mptspi 11185 2
mptscsih 16360 1 mptspi
mptbase 48382 2 mptspi,mptscsih
scsi_transport_spi 18774 1 mptspi
ata_piix 21124 0
ehci_hcd 32081 0
libata 133776 2 ata_generic,ata_piix
floppy 49087 0
e1000 85517 0
usbcore 122674 4 usbhid,uhci_hcd,ehci_hcd
nls_base 6377 1 usbcore
scsi_mod 126533 7 sg,sd_mod,sr_mod,mptspi,mptscsih,scsi_transport_spi,libata
thermal 11674 0
thermal_sys 11942 2 processor,thermal
-- System Information:
Debian Release: 6.0.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages cryptsetup depends on:
ii dmsetup 2:1.02.48-5 The Linux Kernel Device Mapper use
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libdevmapper1.02.1 2:1.02.48-5 The Linux Kernel Device Mapper use
ii libpopt0 1.16-1 lib for parsing cmdline parameters
ii libuuid1 2.17.2-9 Universally Unique ID library
cryptsetup recommends no packages.
Versions of packages cryptsetup suggests:
ii busybox 1:1.17.1-8 Tiny utilities for small and embed
pn dosfstools <none> (no description available)
ii initramfs-tools [linux-initra 0.98.8 tools for generating an initramfs
ii udev 164-3 /dev/ and hotplug management daemo
-- no debconf information
More information about the pkg-cryptsetup-devel
mailing list