Ubuntu
cryptsetup package

cryptroot-unlock fails to find the askpass process

Bug #1840752 reported by Paride Legovini
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cryptsetup (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

This bug deserves some attention because it's caused by an Ubuntu specific patch not being in sync with upstream.

The debian/initramfs/cryptroot-unlock script can be used with dropbear-initramfs to remotely unlock an encrypted root partition via SSH. This functionality has been broken since version 2:2.0.4-2ubuntu1. The reason is that upstream (Debian) in version 2:2.0.3-7 started normalizing paths to allow the script to work on UsrMerged installs:

https://salsa.debian.org/cryptsetup-team/cryptsetup/commit/f1c56c19fea6dc988c1f29fb

however the Ubuntu patch introduced to fix LP: 1651818 was brought on to newer versions without introducing the required normalization. The fix is adding a "readlink" where required (patch attached).

Tags: patch
Revision history for this message
Paride Legovini (paride) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "cryptroot-unlock-path-normalization.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cryptsetup - 2:2.2.0-1ubuntu2

---------------
cryptsetup (2:2.2.0-1ubuntu2) eoan; urgency=medium

  * debian/initramfs/cryptroot-unlock: canonicalize executable paths.
    Thanks to Paride Legovini <email address hidden> for the patch.
    LP: #1840752.

 -- Steve Langasek <email address hidden> Tue, 20 Aug 2019 15:34:10 -0700

Changed in cryptsetup (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.