[pkg-cryptsetup-devel] Bug#697157: cryptsetup: Install script to prompt for passphrases in ssh sessions
Andres Mejia
amejia004 at gmail.com
Wed Jan 2 00:07:20 UTC 2013
Package: cryptsetup
Version: 2:1.4.3-4
Severity: wishlist
Tags: patch
It would be better if instead of saving passphrases in scripts or passing them
on the command line, use /lib/cryptsetup/askpass instead to prompt for the
passphrases. I'm attaching a custom hook to install a script at
/root/enter-passphrase that will run /scripts/local-top/cryptroot, which I've
modified to pass the passphrases into /lib/cryptsetup/passfifo. The custom
hook should probably be included in README-remote or somewhere in the docs for
cryptsetup.
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-3.2.0-4-amd64 root=/dev/mapper/andres--desktop-root ro quiet
-- /etc/crypttab
sda2_crypt UUID=522e25f9-7e66-49fd-83c9-3bf168b5ddfd none luks
sdb1_crypt UUID=2e1f3d5f-fcc7-4ed9-9b02-f1672cb6206b /var/local/luks/random_key luks
sdc1_crypt UUID=8657c2e9-1d7b-4229-86db-408874c7c944 /var/local/luks/random_key luks
-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/andres--desktop-root / ext4 errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=f4472afd-877c-47a9-979f-13ad302042bc /boot ext4 defaults 0 2
/dev/mapper/andres--desktop--2-drive2 /media/drive2 ext4 defaults 0 2
/dev/mapper/andres--desktop--3-drive3 /media/drive3 ext4 defaults 0 2
/dev/mapper/andres--desktop-swap none swap sw 0 0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
-- lsmod
Module Size Used by
parport_pc 22364 0
ppdev 12763 0
lp 17149 0
parport 31858 3 lp,ppdev,parport_pc
pci_stub 12429 1
vboxpci 19103 0
vboxnetadp 25443 0
vboxnetflt 23608 0
vboxdrv 190105 3 vboxnetflt,vboxnetadp,vboxpci
binfmt_misc 12957 1
nfsd 216029 2
nfs 312283 0
nfs_acl 12511 2 nfs,nfsd
auth_rpcgss 37143 2 nfs,nfsd
fscache 36739 1 nfs
lockd 67306 2 nfs,nfsd
sunrpc 173774 6 lockd,auth_rpcgss,nfs_acl,nfs,nfsd
loop 22641 0
snd_usb_audio 84836 0
snd_usbmidi_lib 23420 1 snd_usb_audio
snd_seq_midi 12848 0
snd_seq_midi_event 13316 1 snd_seq_midi
snd_rawmidi 23060 2 snd_seq_midi,snd_usbmidi_lib
uvcvideo 57744 0
cx18_alsa 13045 0
mxl5005s 37647 1
snd_hda_codec_realtek 188858 1
s5h1409 13142 1
tuner_simple 17175 1
tuner_types 16409 1 tuner_simple
snd_hda_intel 26345 0
cs5345 12628 1
nvidia 11214135 30
tda9887 12645 1
tda8290 17278 0
snd_hda_codec 78031 2 snd_hda_intel,snd_hda_codec_realtek
tuner 17497 2
snd_hwdep 13186 2 snd_hda_codec,snd_usb_audio
snd_pcm 68083 4 snd_hda_codec,snd_hda_intel,cx18_alsa,snd_usb_audio
snd_page_alloc 13003 2 snd_pcm,snd_hda_intel
cx18 103254 1 cx18_alsa
videobuf_vmalloc 12715 1 cx18
cx2341x 21461 1 cx18
dvb_core 77683 1 cx18
tveeprom 20593 1 cx18
snd_seq 45126 2 snd_seq_midi_event,snd_seq_midi
snd_seq_device 13176 3 snd_seq,snd_rawmidi,snd_seq_midi
snd_timer 22917 2 snd_seq,snd_pcm
snd 52889 12 snd_timer,snd_seq_device,snd_seq,snd_pcm,snd_hwdep,snd_hda_codec,snd_hda_intel,snd_hda_codec_realtek,cx18_alsa,snd_rawmidi,snd_usbmidi_lib,snd_usb_audio
coretemp 12898 0
acpi_cpufreq 12935 0
mperf 12453 1 acpi_cpufreq
soundcore 13065 1 snd
mxm_wmi 12515 0
iTCO_wdt 17081 0
wmi 13243 1 mxm_wmi
videobuf_core 17825 2 videobuf_vmalloc,cx18
v4l2_common 13222 4 cx2341x,cx18,tuner,cs5345
videodev 70889 6 v4l2_common,cx2341x,cx18,tuner,cs5345,uvcvideo
i2c_i801 16870 0
v4l2_compat_ioctl32 16655 1 videodev
iTCO_vendor_support 12704 1 iTCO_wdt
media 18148 2 videodev,uvcvideo
i2c_algo_bit 12841 1 cx18
i7core_edac 22454 0
psmouse 64497 0
edac_core 35258 3 i7core_edac
i2c_core 23876 14 i2c_algo_bit,i2c_i801,videodev,v4l2_common,tveeprom,cx18,tuner,tda8290,tda9887,nvidia,cs5345,tuner_simple,s5h1409,mxl5005s
button 12937 0
processor 28157 1 acpi_cpufreq
evdev 17562 10
pcspkr 12579 0
thermal_sys 18040 1 processor
serio_raw 12931 0
ext4 350601 4
crc16 12343 1 ext4
jbd2 62065 1 ext4
mbcache 13114 1 ext4
sha256_generic 16797 6
cryptd 14517 0
aes_x86_64 16843 96
aes_generic 33026 1 aes_x86_64
cbc 12754 48
dm_crypt 22586 3
dm_mod 63645 19 dm_crypt
usbhid 36418 0
hid 81328 1 usbhid
sg 25874 0
sr_mod 21899 0
sd_mod 36136 7
cdrom 35401 1 sr_mod
crc_t10dif 12348 1 sd_mod
usb_storage 43870 0
uhci_hcd 26865 0
pata_marvell 12568 0
ahci 24997 0
libahci 22860 1 ahci
ata_generic 12479 0
crc32c_intel 12747 0
firewire_ohci 35772 0
firewire_core 48449 1 firewire_ohci
crc_itu_t 12347 1 firewire_core
ata_piix 29535 4
ehci_hcd 40215 0
libata 140630 5 ata_piix,ata_generic,libahci,ahci,pata_marvell
usbcore 128681 8 ehci_hcd,uhci_hcd,usb_storage,usbhid,uvcvideo,snd_usbmidi_lib,snd_usb_audio
scsi_mod 162269 5 libata,usb_storage,sd_mod,sr_mod,sg
e1000e 124918 0
usb_common 12354 1 usbcore
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages cryptsetup depends on:
ii cryptsetup-bin 2:1.4.3-4
ii debconf [debconf-2.0] 1.5.48
ii dmsetup 2:1.02.74-4
ii libc6 2.13-37
Versions of packages cryptsetup recommends:
ii busybox 1:1.20.0-7
ii console-setup 1.88
ii initramfs-tools [linux-initramfs-tool] 0.109
ii kbd 1.15.3-9
Versions of packages cryptsetup suggests:
ii dosfstools 3.0.13-1
ii liblocale-gettext-perl 1.05-7+b1
-- debconf information:
cryptsetup/prerm_active_mappings: true
-------------- next part --------------
A non-text attachment was scrubbed...
Name: enter-passphrase
Type: text/x-shellscript
Size: 534 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20130101/5e903577/attachment.bin>
More information about the pkg-cryptsetup-devel
mailing list