[pkg-cryptsetup-devel] Bug#902116: regression: keyscript=decrypt_keyctl doesn't cache passphrase anymore
Guilhem Moulin
guilhem at debian.org
Sun Jun 24 04:30:40 BST 2018
Control: retitle -1 off-by-one error in CRYPTTAB_TRIED breaks decrypt_keyctl keyscript (doesn't cache anymore)
Control: tag -1 pending
Hi Andras,
On Fri, 22 Jun 2018 at 15:36:26 +0200, Andras Korn wrote:
> This had the result that I was prompted for the passphrase for sda3 during
> the initramfs phase, but sda4 was not unlocked and I wasn't prompted for the
> passphrase either; booting failed, because sda4 contains zfs root pool.
I'm surprised this worked before (without 'initramfs' crypttab option),
cf. #820888 and #838001. The initramfs hook now uses /proc/mounts
rather than /etc/fstab to determine which device holds the root FS (and
also /usr and the swap area). How does the relevant /proc/mounts
entries look like in your case?
> Now booting works but I'm prompted for the passphrase twice (both times with
> "Caching passphrase for", meaning the decrypt_keyctl script gets run, but
> the caching is broken).
This was caused by an an off-by-one error in CRYPTTAB_TRIED (number of
previous tries). Fixed in
https://salsa.debian.org/cryptsetup-team/cryptsetup/commit/2a9946771a3fb9eef522eb933d58a22ab8d86603
Cheers,
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20180624/786081a9/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list