[pkg-cryptsetup-devel] Bug#700285: Broken redirection in decrypt_ssl

[Christian Kastner]

Package: cryptsetup
Version: 2:1.4.3-4
Severity: normal

in /lib/cryptsetup/scripts/decrypt_ssl:

    if ! /usr/bin/openssl enc -aes-256-cbc -d -salt -in $1 2>/dev/null 2>&1; then
                                                          ^^^^

I guess this is a typo and the first redirection was supposed to send
stdout to /dev/null before stderr being duplicated to it.

Please consider getting rid of these redirections alltogether. 1) These
are ineffective outside of early boot, as openssl apparently opens
/dev/tty directly, and 2) during early boot (where they apparently do
work) the messages provided by openssl can be very helpful. For example,
keyscript=decrypt_ssl did not work for my encrypted root because
openssl's password prompt was being output to stdout as part of the key
material.

You might also want to include a copy of /usr/lib/ssl/openssl.cnf in the
initramfs to avoid a warning for a missing config.

Christian