[pkg-cryptsetup-devel] Bug#902733: cryptsetup-initramfs: cryptroot script generates corrupt crypttab in verbose mode

Nathan Schulte nmschulte at gmail.com
Sat Jun 30 01:28:52 BST 2018 

Package: cryptsetup-initramfs
Version: 2:2.0.3-4
Severity: important

Dear Maintainer,

The copy_file routine in hook-functions echo's information ('Adding ... ') about
the copy to stdout in verbose mode.  This makes its way to the crypttab in the
initramfs, as part of copying keyfiles from get_crypttab_entry function in the
cryptroot script.  There is a call to copy_exec which causes similar bad
behavior, when using an explicit keyscript= in /etc/crypttab.
(see also #89516 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898516)

So don't use update-initramfs in verbose mode.  Which makes debugging these
recent changes difficult.  My workaround is to unset and re-set $verbose around
the calls to copy/exec_file.  I'm sure there's a better solution, as this info
needs to make its way to stdout.

Additionally, it's not clear that an empty KEYFILE_PATTERN means no keyfiles
will be copied.  Given the transition to remove CRYPTSETUP, I think this needs
addressed.

Also, I think copying the keyfiles and scripts in get_crypttab_entry will lead
to this being performed multiple times, depending on the particular setup and
how many volumes are un/locked at boot.  Not an issue to the process, but it
makes reading the log interesting.

Thanks!

-- Package-specific info:

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.16.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cryptsetup-initramfs depends on:
ii  busybox                                 1:1.27.2-2
ii  cryptsetup-run                          2:2.0.3-4
ii  initramfs-tools [linux-initramfs-tool]  0.130

Versions of packages cryptsetup-initramfs recommends:
ii  console-setup  1.184
ii  kbd            2.0.4-3

cryptsetup-initramfs suggests no packages.

-- Configuration Files:
/etc/cryptsetup-initramfs/conf-hook changed [not included]

-- no debconf information

More information about the pkg-cryptsetup-devel mailing list