[pkg-cryptsetup-devel] Bug#697157: cryptsetup: Install script to prompt for passphrases in ssh sessions

Andres Mejia amejia004 at gmail.com
Wed Jan 2 00:07:20 UTC 2013


Package: cryptsetup
Version: 2:1.4.3-4
Severity: wishlist
Tags: patch

It would be better if instead of saving passphrases in scripts or passing them
on the command line, use /lib/cryptsetup/askpass instead to prompt for the
passphrases. I'm attaching a custom hook to install a script at
/root/enter-passphrase that will run /scripts/local-top/cryptroot, which I've
modified to pass the passphrases into /lib/cryptsetup/passfifo. The custom
hook should probably be included in README-remote or somewhere in the docs for
cryptsetup.

-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-3.2.0-4-amd64 root=/dev/mapper/andres--desktop-root ro quiet

-- /etc/crypttab
sda2_crypt UUID=522e25f9-7e66-49fd-83c9-3bf168b5ddfd none luks
sdb1_crypt UUID=2e1f3d5f-fcc7-4ed9-9b02-f1672cb6206b /var/local/luks/random_key luks
sdc1_crypt UUID=8657c2e9-1d7b-4229-86db-408874c7c944 /var/local/luks/random_key luks

-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/mapper/andres--desktop-root /               ext4    errors=remount-ro 0       1
# /boot was on /dev/sda1 during installation
UUID=f4472afd-877c-47a9-979f-13ad302042bc /boot           ext4    defaults        0       2
/dev/mapper/andres--desktop--2-drive2 /media/drive2   ext4    defaults        0       2
/dev/mapper/andres--desktop--3-drive3 /media/drive3   ext4    defaults        0       2
/dev/mapper/andres--desktop-swap none            swap    sw              0       0
/dev/sr0        /media/cdrom0   udf,iso9660 user,noauto     0       0

-- lsmod
Module                  Size  Used by
parport_pc             22364  0 
ppdev                  12763  0 
lp                     17149  0 
parport                31858  3 lp,ppdev,parport_pc
pci_stub               12429  1 
vboxpci                19103  0 
vboxnetadp             25443  0 
vboxnetflt             23608  0 
vboxdrv               190105  3 vboxnetflt,vboxnetadp,vboxpci
binfmt_misc            12957  1 
nfsd                  216029  2 
nfs                   312283  0 
nfs_acl                12511  2 nfs,nfsd
auth_rpcgss            37143  2 nfs,nfsd
fscache                36739  1 nfs
lockd                  67306  2 nfs,nfsd
sunrpc                173774  6 lockd,auth_rpcgss,nfs_acl,nfs,nfsd
loop                   22641  0 
snd_usb_audio          84836  0 
snd_usbmidi_lib        23420  1 snd_usb_audio
snd_seq_midi           12848  0 
snd_seq_midi_event     13316  1 snd_seq_midi
snd_rawmidi            23060  2 snd_seq_midi,snd_usbmidi_lib
uvcvideo               57744  0 
cx18_alsa              13045  0 
mxl5005s               37647  1 
snd_hda_codec_realtek   188858  1 
s5h1409                13142  1 
tuner_simple           17175  1 
tuner_types            16409  1 tuner_simple
snd_hda_intel          26345  0 
cs5345                 12628  1 
nvidia              11214135  30 
tda9887                12645  1 
tda8290                17278  0 
snd_hda_codec          78031  2 snd_hda_intel,snd_hda_codec_realtek
tuner                  17497  2 
snd_hwdep              13186  2 snd_hda_codec,snd_usb_audio
snd_pcm                68083  4 snd_hda_codec,snd_hda_intel,cx18_alsa,snd_usb_audio
snd_page_alloc         13003  2 snd_pcm,snd_hda_intel
cx18                  103254  1 cx18_alsa
videobuf_vmalloc       12715  1 cx18
cx2341x                21461  1 cx18
dvb_core               77683  1 cx18
tveeprom               20593  1 cx18
snd_seq                45126  2 snd_seq_midi_event,snd_seq_midi
snd_seq_device         13176  3 snd_seq,snd_rawmidi,snd_seq_midi
snd_timer              22917  2 snd_seq,snd_pcm
snd                    52889  12 snd_timer,snd_seq_device,snd_seq,snd_pcm,snd_hwdep,snd_hda_codec,snd_hda_intel,snd_hda_codec_realtek,cx18_alsa,snd_rawmidi,snd_usbmidi_lib,snd_usb_audio
coretemp               12898  0 
acpi_cpufreq           12935  0 
mperf                  12453  1 acpi_cpufreq
soundcore              13065  1 snd
mxm_wmi                12515  0 
iTCO_wdt               17081  0 
wmi                    13243  1 mxm_wmi
videobuf_core          17825  2 videobuf_vmalloc,cx18
v4l2_common            13222  4 cx2341x,cx18,tuner,cs5345
videodev               70889  6 v4l2_common,cx2341x,cx18,tuner,cs5345,uvcvideo
i2c_i801               16870  0 
v4l2_compat_ioctl32    16655  1 videodev
iTCO_vendor_support    12704  1 iTCO_wdt
media                  18148  2 videodev,uvcvideo
i2c_algo_bit           12841  1 cx18
i7core_edac            22454  0 
psmouse                64497  0 
edac_core              35258  3 i7core_edac
i2c_core               23876  14 i2c_algo_bit,i2c_i801,videodev,v4l2_common,tveeprom,cx18,tuner,tda8290,tda9887,nvidia,cs5345,tuner_simple,s5h1409,mxl5005s
button                 12937  0 
processor              28157  1 acpi_cpufreq
evdev                  17562  10 
pcspkr                 12579  0 
thermal_sys            18040  1 processor
serio_raw              12931  0 
ext4                  350601  4 
crc16                  12343  1 ext4
jbd2                   62065  1 ext4
mbcache                13114  1 ext4
sha256_generic         16797  6 
cryptd                 14517  0 
aes_x86_64             16843  96 
aes_generic            33026  1 aes_x86_64
cbc                    12754  48 
dm_crypt               22586  3 
dm_mod                 63645  19 dm_crypt
usbhid                 36418  0 
hid                    81328  1 usbhid
sg                     25874  0 
sr_mod                 21899  0 
sd_mod                 36136  7 
cdrom                  35401  1 sr_mod
crc_t10dif             12348  1 sd_mod
usb_storage            43870  0 
uhci_hcd               26865  0 
pata_marvell           12568  0 
ahci                   24997  0 
libahci                22860  1 ahci
ata_generic            12479  0 
crc32c_intel           12747  0 
firewire_ohci          35772  0 
firewire_core          48449  1 firewire_ohci
crc_itu_t              12347  1 firewire_core
ata_piix               29535  4 
ehci_hcd               40215  0 
libata                140630  5 ata_piix,ata_generic,libahci,ahci,pata_marvell
usbcore               128681  8 ehci_hcd,uhci_hcd,usb_storage,usbhid,uvcvideo,snd_usbmidi_lib,snd_usb_audio
scsi_mod              162269  5 libata,usb_storage,sd_mod,sr_mod,sg
e1000e                124918  0 
usb_common             12354  1 usbcore


-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages cryptsetup depends on:
ii  cryptsetup-bin         2:1.4.3-4
ii  debconf [debconf-2.0]  1.5.48
ii  dmsetup                2:1.02.74-4
ii  libc6                  2.13-37

Versions of packages cryptsetup recommends:
ii  busybox                                 1:1.20.0-7
ii  console-setup                           1.88
ii  initramfs-tools [linux-initramfs-tool]  0.109
ii  kbd                                     1.15.3-9

Versions of packages cryptsetup suggests:
ii  dosfstools              3.0.13-1
ii  liblocale-gettext-perl  1.05-7+b1

-- debconf information:
  cryptsetup/prerm_active_mappings: true
-------------- next part --------------
A non-text attachment was scrubbed...
Name: enter-passphrase
Type: text/x-shellscript
Size: 534 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20130101/5e903577/attachment.bin>


More information about the pkg-cryptsetup-devel mailing list