[pkg-cryptsetup-devel] Bug#758788: Bug#758788: cryptsetup: Passphrase caching broken in decrypt_keyctl
Luc Maisonobe
luc at spaceroots.org
Sun Oct 12 12:33:31 UTC 2014
Le 12/10/2014 14:20, Jonas Meurer a écrit :
> Hey Luc,
>
> Am 12.10.2014 um 12:57 schrieb Luc Maisonobe:
>> Back to the original problem, without the test partitions and using only
>> my regular two work partitions sda5 and sdb1 holding LVM volumes. The
>> modification of the decrypt_keyctl to display the key on boot showed
>> that after the key for the first partition was entered, it was stored in
>> the user keyring. I got something like:
>>
>> id: cryptkey-sda5b1 | key id: 1007139041
>> key list:
>> 1 key in keyring:
>> 1007139041: --alswrv 0 0 user: cryptkey-sda5b1
>>
>> Then the system asked for the second key, ignoring the one it already
>> known, and the following is displayed:
>>
>> id: cryptkey-sda5b1 | key id: 422064942
>> key list:
>> 1 key in keyring:
>> 422064942: --alswrv 0 0 user: cryptkey-sda5b1
>>
>> So the id was exactly the same, but the key id was a new one. It seems
>> the keyring is cleared sometime between the two runs of the script and
>> in each case only one key was stored in the keyring. I think the culprit
>> is there: why did key 1007139041 disappear from keyring between the two
>> commands?
>
> Is this output from the boot process or did you try to unlock the
> encrypted LVM volumes after boot process finished?
It was the output of the boot process.
>
> So I don't even know at which state systemd executes the cryptdisks
> initscript, and how it interacts with the kernel keyrings.
>
> I'm eager to say that your problems are related to systemd init system.
> Honestly, I don't know when I will find time to give systemd a try and
> further debug this issue :-/
If you can have a running system without systemd, you are lucky. I was
really forced to migrate by some packages updates and so far am really
not happy with it. It changed a lot of things and it seems not all
packages are ready for it.
I'll try to debug further and understand what happens to the keyring.
best regards,
Luc
>
> Cheers,
> jonas
>
More information about the pkg-cryptsetup-devel
mailing list