[pkg-cryptsetup-devel] Bug#1062756: cryptsetup-initramfs: cryptkeyctl script fails to discover decrypt_keyctl even when present

abrasamji debian.627of at simplelogin.com
Fri Feb 2 23:44:43 GMT 2024 

Package: cryptsetup-initramfs
Version: 2:2.6.1-4~deb12u1
Severity: important
X-Debbugs-Cc: debian.627of at simplelogin.com

Dear Maintainer,


Not sure what is happening here, but the /usr/share/initramfs-tools/hooks/cryptkeyctl script is no longer properly finding decrypt_keyctl in the initramfs temp file during initramfs build.

This script is meant to be called for usage with decrypt_keyctl in /etc/crypttab, a script to automatically pass the password of one LUKS volume to another during bootup. This script is provided by cryptsetup.
The consequence of this error is a failure to unlock any disks at boot-time that uses the decrypt_keyctl keyscript, and a failure to boot if the device is a root device or otherwise needed to boot.

update-initramfs log excerpt with set -x:

Calling hook cryptkeyctl
+ PREREQ=cryptroot
+ . /usr/share/initramfs-tools/hook-functions
+ [ ! -x /tmp/user/0/mkinitramfs_LhQz6c/lib/cryptsetup/scripts/decrypt_keyctl ]
+ exit 0


A check with ls -la while update-initramfs was running, prior to cryptkeyctl being executed, in order to prove it's presence:

/tmp/user/0/mkinitramfs_LhQz6c/usr/lib/cryptsetup/scripts:
total 4
drwxr-xr-x 2 root root   60 Feb  2 17:44 .
drwxr-xr-x 3 root root  100 Feb  2 17:44 ..
-rwxr-xr-x 1 root root 2042 Apr 20  2023 decrypt_keyctl



I changed the '-x' flag in the if statement to a '-s' flag. This fixed it and I don't know why, and I don't know if its a bug in initramfs, dash, or cryptsetup or something else.


Functioning code with the -s in the cryptkeyctl hook:

if  [ ! -s "$DESTDIR/lib/cryptsetup/scripts/decrypt_keyctl" ]; then
        exit 0
fi

Thank you for your time.

-- Package-specific info:

-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable'), (100, 'bookworm-fasttrack')
Architecture: amd64 (x86_64)

Kernel: Linux 6.5.5-hardened1-stripes-1-s-3.32 (SMP w/2 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND, TAINT_RANDSTRUCT
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cryptsetup-initramfs depends on:
ii  busybox                                 1:1.35.0-4+b3
ii  cryptsetup                              2:2.6.1-4~deb12u1
ii  debconf [debconf-2.0]                   1.5.82
ii  initramfs-tools [linux-initramfs-tool]  0.142

Versions of packages cryptsetup-initramfs recommends:
ii  console-setup  1.221
ii  kbd            2.5.1-1+b1

Version of dash

ii  dash                                          0.5.12-2

cryptsetup-initramfs suggests no packages.

-- debconf information excluded

More information about the pkg-cryptsetup-devel mailing list