[pkg-cryptsetup-devel] Bug#1080204: cryptsetup-initramfs: try to use passphrase for multiple device

Johannes Berg johannes at sipsolutions.net
Sat Aug 31 16:14:42 BST 2024 

Package: cryptsetup-initramfs
Version: 2:2.7.4-1
Severity: wishlist

Dear Maintainer,

Since I have four devices with the same passphrase (they end
up building a btrfs array, so they're all needed), it'd be
nice to (try) using the passphrase for the first, so I don't
have to enter it four times.

Since I use dropbear-initramfs, I made this patch:

--- a/usr/share/cryptsetup/initramfs/bin/cryptroot-unlock	2024-08-04 20:59:09.000000000 +0000
+++ b/usr/share/cryptsetup/initramfs/bin/cryptroot-unlock	2024-08-31 15:11:50.323309012 +0000
@@ -181,6 +181,10 @@
 			usleep 100000
 			continue
 		fi
+		if ! [ -z "${REPLY+x}" ] ; then
+			printf '%s' "$REPLY" >"$PASSFIFO"
+			wait_for_answer && continue
+		fi
 		read -rs -p "Please unlock disk $CRYPTTAB_NAME: "; echo
 		printf '%s' "$REPLY" >"$PASSFIFO"
 		wait_for_answer || true

which works, but only for the case of dropbear-initramfs,
which is currently sufficient for me, but you might want
to have it set better.

It also requires that disks with the same passphrase are
next to each other in the crypttab, and then perhaps bug
#1055024 will be an issue; I currently only have four that
all have the same.

I'll note that systemd-cryptsetup does this, and that'd be
nice to use, but it's incompatible with dropbear-initramfs.

johannes

-- Package-specific info:

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.10.6-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cryptsetup-initramfs depends on:
ii  busybox                                 1:1.36.1-9+b1
ii  cryptsetup                              2:2.7.4-1
ii  debconf [debconf-2.0]                   1.5.87
ii  initramfs-tools [linux-initramfs-tool]  0.145

Versions of packages cryptsetup-initramfs recommends:
ii  console-setup  1.230
ii  kbd            2.6.4-2

cryptsetup-initramfs suggests no packages.

-- debconf information excluded

More information about the pkg-cryptsetup-devel mailing list