[pkg-cryptsetup-devel] Bug#888162: cryptsetup no longer accepts --key-file on stdin (breaks loop-aes)
Jon
nuxi at vault24.org
Tue Jan 23 18:29:19 UTC 2018
Package: cryptsetup
Version: 2:2.0.0-1
Severity: important
The command given in the manpage for mounting old loop-AES filesystems
no longer works because the --key-file option no longer appears to
accept a value of '-' to mean stdin:
open --type loopaes <device> <name> --key-file <keyfile>
loopaesOpen <device> <name> --key-file <keyfile> (old syntax)
Opens the loop-AES <device> and sets up a mapping <name>.
If the key file is encrypted with GnuPG, then you have to use --key-file=- and decrypt it before use, e.g. like this:
gpg --decrypt <keyfile> | cryptsetup loopaesOpen --key-file=- <device> <name>
Both of the variants of the cmd attempt to read a file named '-' when you
try this. Omitting '--key-file' does not result in it reading from stdin, nor
does using '--key-file -' instead of '--key-file=-'
When you try to run the command is just immediately prints 'Failed to
open key file.' over the gpg passphrase prompt.
The only way to get a loop-aes disk mounted right now is to downgrade
cryptsetup.
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-4.14.0-2-amd64 root=/dev/md0 ro rootdelay=3 UUID=4de3140c-eb4c-4dff-a6e9-70af37405f25
-- /etc/crypttab
# <target name> <source device> <key file> <options>
swap /dev/sda2 /dev/urandom swap,cipher=aes-xts-plain64,size=256
tmp /dev/sdb2 /dev/urandom tmp=xfs,cipher=aes-xts-plain64,size=256
-- /etc/fstab
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/md0 / xfs relatime 0 1
/dev/md1 /var xfs relatime,nodev,nosuid 0 2
/dev/mapper/md2 /home/vault24 xfs noauto,relatime,nodev,nosuid 0 0
/dev/mapper/swap none swap sw 0 0
/dev/mapper/tmp /tmp xfs nodev,nosuid,noexec 0 0
#proc /proc proc defaults 0 0
#usbfs /proc/bus/usb usbfs defaults 0 0
#rpc_pipefs /var/lib/nfs/rpc_pipefs rpc_pipefs defaults 0 0
#nfsd /proc/fs/nfsd nfsd defaults 0 0
#sysfs /sys sysfs defaults 0 0
#tmpfs /lib/init/rw tmpfs nosuid,mode=755 0 0
#tmpfs /dev tmpfs size=10240k,mode=755 0 0
#tmpfs /dev/shm tmpfs nosuid,nodev 0 0
#devpts /dev/pts devpts nosuid,noexec,gid=5,mode=620
cgroupfs /sys/fs/cgroup cgroup defaults 0 0
/dev/sr0 /media/cdrom udf,iso9660 user,noauto,exec,relatime 0 0
/dev/sdc1 /media/usb auto user,noauto,exec,relatime 0 0
/dev/sdc2 /media/ipod auto user,noauto,exec,relatime 0 0
/dev/mapper/usb /media/aes auto user,noauto,exec,relatime 0 0
-- lsmod
Module Size Used by
cbc 16384 64
xt_multiport 16384 1
nfsd 335872 11
auth_rpcgss 61440 1 nfsd
nfs_acl 16384 1 nfsd
lockd 90112 1 nfsd
grace 16384 2 nfsd,lockd
sunrpc 331776 17 auth_rpcgss,nfsd,nfs_acl,lockd
autofs4 40960 7
ip6t_rpfilter 16384 1
ip6table_raw 16384 1
nf_conntrack_ipv6 20480 12
nf_defrag_ipv6 36864 1 nf_conntrack_ipv6
ip6table_filter 16384 1
ip6_tables 28672 2 ip6table_filter,ip6table_raw
nf_conntrack_ftp 20480 2
ipt_rpfilter 16384 1
xt_CT 16384 6
iptable_raw 16384 1
xt_tcpudp 16384 47
nf_conntrack_ipv4 16384 22
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
ipt_REJECT 16384 3
nf_reject_ipv4 16384 1 ipt_REJECT
xt_conntrack 16384 32
nf_conntrack 139264 5 nf_conntrack_ipv6,nf_conntrack_ftp,nf_conntrack_ipv4,xt_CT,xt_conntrack
iptable_filter 16384 1
ip_tables 24576 2 iptable_filter,iptable_raw
x_tables 36864 13 ipt_rpfilter,xt_multiport,ipt_REJECT,ip_tables,ip6t_rpfilter,iptable_filter,xt_tcpudp,iptable_raw,ip6table_filter,xt_CT,ip6table_raw,xt_conntrack,ip6_tables
sch_fq_codel 20480 2
f71882fg 36864 0
tun 32768 0
loop 28672 0
ecb 16384 4
crypto_simd 16384 0
glue_helper 16384 0
cryptd 24576 1 crypto_simd
aes_x86_64 20480 69
xts 16384 2
dm_crypt 36864 3
dm_mod 118784 7 dm_crypt
hid_generic 16384 0
usbhid 49152 1
hid 118784 2 hid_generic,usbhid
edac_mce_amd 28672 0
amdkfd 131072 1
kvm_amd 81920 0
evdev 24576 10
psmouse 143360 0
snd_hda_codec_realtek 94208 1
kvm 589824 1 kvm_amd
snd_hda_codec_generic 73728 1 snd_hda_codec_realtek
radeon 1474560 0
irqbypass 16384 1 kvm
snd_hda_intel 40960 0
serio_raw 16384 0
snd_hda_codec 126976 3 snd_hda_intel,snd_hda_codec_generic,snd_hda_codec_realtek
snd_hda_core 81920 4 snd_hda_intel,snd_hda_codec,snd_hda_codec_generic,snd_hda_codec_realtek
snd_hwdep 16384 1 snd_hda_codec
snd_pcm 98304 3 snd_hda_intel,snd_hda_codec,snd_hda_core
snd_timer 32768 1 snd_pcm
k8temp 16384 0
snd 81920 7 snd_hda_intel,snd_hwdep,snd_hda_codec,snd_timer,snd_hda_codec_generic,snd_hda_codec_realtek,snd_pcm
soundcore 16384 1 snd
ttm 98304 1 radeon
ata_generic 16384 0
drm_kms_helper 163840 1 radeon
drm 376832 4 radeon,ttm,drm_kms_helper
sr_mod 24576 0
cdrom 61440 1 sr_mod
r8169 81920 0
i2c_algo_bit 16384 1 radeon
pata_atiixp 16384 0
ohci_pci 16384 0
sg 32768 0
mii 16384 1 r8169
tpm_infineon 20480 0
ohci_hcd 53248 1 ohci_pci
ehci_pci 16384 0
ehci_hcd 81920 1 ehci_pci
button 16384 0
usbcore 249856 6 usbhid,ehci_hcd,ohci_pci,ohci_hcd,ehci_pci
usb_common 16384 1 usbcore
sp5100_tco 16384 0
shpchp 36864 0
i2c_piix4 24576 0
xfs 1212416 4
sd_mod 49152 10
raid10 49152 0
raid456 147456 0
async_raid6_recov 20480 1 raid456
async_memcpy 16384 2 raid456,async_raid6_recov
async_pq 16384 2 raid456,async_raid6_recov
async_xor 16384 3 async_pq,raid456,async_raid6_recov
xor 24576 1 async_xor
async_tx 16384 5 async_xor,async_pq,raid456,async_memcpy,async_raid6_recov
raid6_pq 114688 3 async_pq,raid456,async_raid6_recov
libcrc32c 16384 3 nf_conntrack,xfs,raid456
crc32c_generic 16384 1
raid1 40960 3
raid0 20480 0
multipath 16384 0
linear 16384 0
md_mod 143360 9 raid1,raid10,multipath,linear,raid0,raid456
ahci 36864 8
libahci 32768 1 ahci
libata 241664 4 pata_atiixp,ahci,libahci,ata_generic
scsi_mod 221184 4 sd_mod,libata,sr_mod,sg
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.14.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages cryptsetup depends on:
ii cryptsetup-bin 2:2.0.0-1
ii debconf [debconf-2.0] 1.5.65
ii dmsetup 2:1.02.145-4.1
ii libc6 2.26-4
Versions of packages cryptsetup recommends:
ii busybox 1:1.27.2-2
ii console-setup 1.176
ii initramfs-tools [linux-initramfs-tool] 0.130
ii kbd 2.0.4-2
Versions of packages cryptsetup suggests:
ii dosfstools 4.1-1
ii keyutils 1.5.9-9.2
ii liblocale-gettext-perl 1.07-3+b3
-- debconf information:
cryptsetup/prerm_active_mappings: true
More information about the pkg-cryptsetup-devel
mailing list