2008-10-23 01:11:25 |
Nikolaus Rath |
bug |
|
|
added bug |
2009-02-08 04:01:14 |
TJ |
cryptsetup: status |
New |
Confirmed |
|
2009-02-08 04:01:14 |
TJ |
cryptsetup: assignee |
|
intuitivenipple |
|
2009-02-08 04:01:14 |
TJ |
cryptsetup: statusexplanation |
|
Confirmed and still affecting Jaunty.
The root-cause is /usr/share/initramfs-tools/hooks/cryptroot (debian/initramfs/cryptroot-hook in the source package).
The script is called when update-initramfs is executed. It is responsible for correlating /etc/fstab entries with those in /etc/crypttab and then configuring the cryptsetup related parts of the initrd image - such as writing the keyfile name and installing any custom keyscript.
/etc/fstab is searched for the / (root) entry. The add_device() function then tries to canonicalise the name in canonical_device(). Although the function correctly canonicalises LABEL= and UUID= it *does not* return a success result. The only name format that will do that is a name prefixed "/dev/mapper/"
When that fails there is no processing of the crypttab entry and therefore nothing is done to the initrd image.
The solution is two-stage:
1. Add additional returns to the function when LABEL or UUID match
2. In /etc/crypttab, as the target name use the LABEL or UUID itself
The result is that add_device can then correlate the UUID of the unlocked file-system in fstab with the containing device's LABEL or UUID in crypttab. My only concern right now is whether the dereferencing of symbolic links that comes after those checks ought now to be moved to the head of the function.
Here's an example:
== /etc/fstab: ==
# / was on /dev/mapper/root during installation
UUID=c5321f6e-05c0-43a7-8757-03aa29c44b04 / ext4 relatime,errors=remount-ro 0 1
== /etc/crypttab: ==
c5321f6e-05c0-43a7-8757-03aa29c44b04 /dev/disk/by-uuid/ae87e7a1-b65b-4586-9e0a-bfc6d60cebc9 /home/tj/Media/theme-song.mp3 luks,keyscript=/usr/local/sbin/crypto-usb-key.sh
The patch required is:
diff -Nu a/usr/share/initramfs-tools/hooks/cryptroot b/usr/share/initramfs-tools/hooks/cryptroot
--- a/usr/share/initramfs-tools/hooks/cryptroot 2009-02-08 02:09:53.571999044 +0000
+++ b/usr/share/initramfs-tools/hooks/cryptroot 2009-02-08 03:55:47.801000016 +0000
@@ -285,12 +285,14 @@
altdev="${dev#LABEL=}"
if [ "$altdev" != "$dev" ]; then
- dev="/dev/disk/by-label/$altdev"
+ echo "$altdev"
+ return 0
fi
altdev="${dev#UUID=}"
if [ "$altdev" != "$dev" ]; then
- dev="/dev/disk/by-uuid/$altdev"
+ echo "$altdev"
+ return 0
fi
if [ -h "$dev" ]; then
|
|
2009-02-12 16:46:41 |
TJ |
bug |
|
|
added attachment 'cryptsetup_1.0.6-7ubuntu3.debdiff' (Jaunty debdiff) |
2009-02-12 16:49:48 |
TJ |
bug |
|
|
added subscriber Ubuntu Sponsors for main |
2009-02-12 16:49:57 |
TJ |
cryptsetup: assignee |
intuitivenipple |
|
|
2009-02-12 16:49:57 |
TJ |
cryptsetup: statusexplanation |
Confirmed and still affecting Jaunty.
The root-cause is /usr/share/initramfs-tools/hooks/cryptroot (debian/initramfs/cryptroot-hook in the source package).
The script is called when update-initramfs is executed. It is responsible for correlating /etc/fstab entries with those in /etc/crypttab and then configuring the cryptsetup related parts of the initrd image - such as writing the keyfile name and installing any custom keyscript.
/etc/fstab is searched for the / (root) entry. The add_device() function then tries to canonicalise the name in canonical_device(). Although the function correctly canonicalises LABEL= and UUID= it *does not* return a success result. The only name format that will do that is a name prefixed "/dev/mapper/"
When that fails there is no processing of the crypttab entry and therefore nothing is done to the initrd image.
The solution is two-stage:
1. Add additional returns to the function when LABEL or UUID match
2. In /etc/crypttab, as the target name use the LABEL or UUID itself
The result is that add_device can then correlate the UUID of the unlocked file-system in fstab with the containing device's LABEL or UUID in crypttab. My only concern right now is whether the dereferencing of symbolic links that comes after those checks ought now to be moved to the head of the function.
Here's an example:
== /etc/fstab: ==
# / was on /dev/mapper/root during installation
UUID=c5321f6e-05c0-43a7-8757-03aa29c44b04 / ext4 relatime,errors=remount-ro 0 1
== /etc/crypttab: ==
c5321f6e-05c0-43a7-8757-03aa29c44b04 /dev/disk/by-uuid/ae87e7a1-b65b-4586-9e0a-bfc6d60cebc9 /home/tj/Media/theme-song.mp3 luks,keyscript=/usr/local/sbin/crypto-usb-key.sh
The patch required is:
diff -Nu a/usr/share/initramfs-tools/hooks/cryptroot b/usr/share/initramfs-tools/hooks/cryptroot
--- a/usr/share/initramfs-tools/hooks/cryptroot 2009-02-08 02:09:53.571999044 +0000
+++ b/usr/share/initramfs-tools/hooks/cryptroot 2009-02-08 03:55:47.801000016 +0000
@@ -285,12 +285,14 @@
altdev="${dev#LABEL=}"
if [ "$altdev" != "$dev" ]; then
- dev="/dev/disk/by-label/$altdev"
+ echo "$altdev"
+ return 0
fi
altdev="${dev#UUID=}"
if [ "$altdev" != "$dev" ]; then
- dev="/dev/disk/by-uuid/$altdev"
+ echo "$altdev"
+ return 0
fi
if [ -h "$dev" ]; then
|
|
|
2009-02-13 06:08:54 |
TJ |
bug |
|
|
added attachment 'cryptsetup_1.0.6-7ubuntu4.debdiff' (Jaunty debdiff) |
2009-02-16 23:55:49 |
TJ |
bug |
|
|
added attachment 'cryptsetup_1.0.6-7ubuntu5.debdiff' (Jaunty debdiff) |
2009-02-17 17:15:58 |
Kees Cook |
cryptsetup: status |
Confirmed |
Fix Committed |
|
2009-02-17 17:15:58 |
Kees Cook |
cryptsetup: assignee |
|
kees |
|
2009-02-17 17:15:58 |
Kees Cook |
cryptsetup: statusexplanation |
|
I adjusted your patch slightly to declare "original" as a local variable, and to use "by-*" instead of "by*" in the latter check, just to match to if clause directly. Thanks! |
|
2009-02-17 17:30:07 |
Launchpad Janitor |
cryptsetup: status |
Fix Committed |
Fix Released |
|
2009-05-11 00:27:16 |
Kees Cook |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522041 |
|
2009-05-11 00:27:16 |
Kees Cook |
bug task added |
|
cryptsetup (Debian) |
|
2009-05-11 00:33:52 |
Bug Watch Updater |
cryptsetup (Debian): status |
Unknown |
New |
|
2009-06-16 03:52:08 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/karmic/cryptsetup |
|
2010-03-23 18:38:30 |
Colin Watson |
removed subscriber Ubuntu Sponsors for main |
|
|
|
2010-03-27 13:56:17 |
Artur Rona |
cryptsetup (Debian): importance |
Unknown |
Undecided |
|
2010-03-27 13:56:17 |
Artur Rona |
cryptsetup (Debian): remote watch |
Debian Bug tracker #522041 |
|
|
2010-03-27 13:56:30 |
Artur Rona |
cryptsetup (Debian): status |
New |
Fix Released |
|
2010-03-27 16:23:54 |
Benjamin Drung |
removed subscriber Ubuntu Sponsors Team |
|
|
|
2013-11-01 16:56:30 |
Launchpad Janitor |
branch linked |
|
lp:~xnox/debian/sid/cryptsetup/ubuntu |
|