[pkg-cryptsetup-devel] Bug#1034695: cryptsetup: If decrypt_keyctl fails, pass password to cryptsetup anyway
Chase Covello
chase at chasecovello.com
Fri Apr 21 21:47:29 BST 2023
Package: cryptsetup
Version: 2:2.6.1-4
Severity: normal
Tags: patch
X-Debbugs-Cc: chase at chasecovello.com
After installing cryptsetup-suspend, the decrypt_keyctl script fails with a keyctl_set_timeout error. May be related to https://bugs.debian.org/939357.
Currently, decrypt_keyctl just terminates with an error message, which leaves me unable to unlock the root disk on resume. I've modified the script to print the passphrase to stdout as a fallback:
--- /lib/cryptsetup/scripts/decrypt_keyctl 2023-04-20 14:46:08.000000000 -0700
+++ src/decrypt_keyctl 2023-04-21 13:18:58.121017360 -0700
@@ -16,6 +16,7 @@
die()
{
echo "$@" >&2
+ printf "%s" "$KEY_"
exit 1
}
I'm not sure if there are any particular security implications of doing this, but on errors decrypt_keyctl is essentially just passing through the result of /lib/cryptsetup/askpass.
Best regards,
Chase Covello
More information about the pkg-cryptsetup-devel
mailing list