[pkg-cryptsetup-devel] Bug#901795: cryptsetup-initramfs: please provide documented shell functions to validate/sanitize cryptroot entries in 3rd party hook files

Christoph Anton Mitterer calestyo at scientia.net
Mon Sep 27 02:33:37 BST 2021


Seems to be doable with a simply oneliner:

--- a/lib/cryptsetup/functions	2021-09-27 03:30:31.928052985 +0200
+++ b/lib/cryptsetup/functions	2021-09-27 03:30:28.387976358 +0200
@@ -278,6 +278,7 @@
     local keyscriptarg="$1" CRYPTTAB_TRIED="$2" keyscript;
     export CRYPTTAB_NAME CRYPTTAB_SOURCE CRYPTTAB_OPTIONS
     export CRYPTTAB_TRIED
+    export _CRYPTTAB_NAME _CRYPTTAB_SOURCE _CRYPTTAB_KEY _CRYPTTAB_OPTIONS
 
     if [ -n "${CRYPTTAB_OPTION_keyscript+x}" ] && \
             [ "$CRYPTTAB_OPTION_keyscript" != "/lib/cryptsetup/askpass" ]; then


But I'm not sure how you'd want to handle _CRYPTTAB_KEY. It seems to be
there at this point, but CRYPTTAB_KEY is set below in the conditional
from $keyscriptarg .

Cheers,
Chris.



More information about the pkg-cryptsetup-devel mailing list