busybox-initramfs needs different compile options to work with cryptroot-unlock

Bug #1651818 reported by Linuxrider on 2016-12-21
This bug affects 31 people
Affects Status Importance Assigned to Milestone
busybox (Ubuntu)
cryptsetup (Ubuntu)
Dimitri John Ledkov

Bug Description

SRU for bionic:

Acceptance criteria: An encrypted partition can be decrypted using cryptroot-unlock.

Regression potential: It's not the default method, so unused by the majority of people. Besides that the patched script runs fine in cosmic.

The cryptroot-unlock script in the cryptsetup package does not work in initramfs.
It fails because "ps -e" is not available in busybox for initramfs.
When building the package with


the needed commands (ps, grep) with parameter are there and it works.
Tetsted on Ubuntu GNOME 16.10.

Linuxrider (linuxrider) on 2016-12-21
description: updated
Linuxrider (linuxrider) on 2016-12-21
tags: added: yakkety
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in busybox (Ubuntu):
status: New → Confirmed
Changed in cryptsetup (Ubuntu):
status: New → Confirmed
Dimitri John Ledkov (xnox) wrote :

As far as I understand this is about the debian/initramfs/cryptroot-unlock script, that is not used by default. (default unlocking is done via lightdm).

Whilst indeed ps -eo pids,args is used, it doesn't have to be... if the sed regexp is modified, I think it can just use the "ps" output, no?

Changed in busybox (Ubuntu):
importance: Undecided → Low
Changed in cryptsetup (Ubuntu):
importance: Undecided → Low
Changed in cryptsetup (Ubuntu):
assignee: nobody → Dimitri John Ledkov (xnox)
Linuxrider (linuxrider) wrote :

Well of course it is not the default unlocking mechanism.
In my setup cryptroot-unlock is used to unlock remotely over dropbear.
Most probably the regex can adapted. But I have no experience with that.

When I encountered the issue I tested the script with standard busybox and it
worked. Then I compared the config of the two packages and found the two parameters
to be essential. It was the easiest way for me.
Of course I did not check for other side effects of the change.

A second command is not working with the initramfs busybox. It's "grep -Ez".
The z option is not present.

Martin Scheidel (fourstone77) wrote :


I would like to see this issue solved asap, IMHO there are several ways of doing that, both quite simple:
1: adapt the unlock script to only use commands and options available in the small version of dropbox, i.e. only ps and adjusting the sed to reflect that (seems possible after reviewing the code)
2: include the regular size busybox in initramfs (works out of the box, I have tried it)
3: use the compile options mentioned above, did not verify that, however.

kind regards, martin

Hamy (hamy-public1) on 2017-06-03
tags: added: zesty
Hamy (hamy-public1) wrote :

This bug is still present in 17.10

Alex (a-t-page) wrote :

18.04 so far as well.

tags: added: artful
tags: added: bionic
mm (mtl-0) wrote :

Its just a shame that no one is interested in this bug. Debian Stretch doesn't have this bug btw and bugs get fixed more quickly there ...

Mark Foster (fostermarkd) wrote :

Still an issue in bionic final beta....

To unlock root partition, and maybe others like swap, run `cryptroot-unlock`

BusyBox v1.27.2 (Ubuntu 1:1.27.2-2ubuntu3) built-in shell (ash)
Enter 'help' for a list of built-in commands.

# cryptroot-unlock
ps: invalid option -- 'e'
BusyBox v1.27.2 (Ubuntu 1:1.27.2-2ubuntu3) multi-call binary.

Usage: ps

Show list of processes

 w Wide output
 l Long output
/bin/cryptroot-unlock: line 186: usleep: not found

I took a crack at patching this. Works without complaints for cryptroot-unlock as shipped with Ubuntu 18.04 Server.

Apply with:
$ cd /usr/share/cryptsetup/initramfs/bin/
$ sudo patch -bp1 < /path/to/cryptroot-unlock-neutered-busybox-progs.patch
$ sudo update-initramfs -uk all

Problems were:
1) Busybox `ps` takes no (useful) args.
2) Busybox `grep` does not accept -z (NULL terminated line handling).
3) Busybox has no `usleep`, it DOES have a `sleep` that accepts fractional seconds.

The attachment "Fix cryptroot-unlock for neutered Busybox env" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Thorsten (thorstenr-42) wrote :

pls fix this!

Thorsten (thorstenr-42) wrote :

@Trent Nelson: thanks for the patch! I applied it and it's working flawlessly!

Thanks for the confirmation @Thorsten!

Now to get some maintainer eyes on it...

no longer affects: busybox (Ubuntu Bionic)
Changed in busybox (Ubuntu):
status: Confirmed → Won't Fix
Changed in cryptsetup (Ubuntu):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cryptsetup (Ubuntu Bionic):
status: New → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cryptsetup - 2:2.0.2-1ubuntu2

cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium

  * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
    compatibility. LP: #1651818

 -- Dimitri John Ledkov 🌈 <email address hidden> Thu, 21 Jun 2018 16:38:31 +0100

Changed in cryptsetup (Ubuntu):
status: Fix Committed → Fix Released

Thanks Dimitri!

Jeff Y. (jeff-w) wrote :

Sorry, I'm not familiar with Ubuntu packaging.

I see:
 "cryptsetup" versions published in Ubuntu
Cosmic (2:2.0.2-1ubuntu2): main/admin
Bionic (2:2.0.2-1ubuntu1): main/admin

Out of curiosity, what needs to happen for this change to make it to Bionic?

Joachim Gehrung (josch-ka) wrote :

I would also be interested to see this bug fixed in Bionic.

seeseekey (seeseekey) wrote :

Will 2:2.0.2-1ubuntu2 released for Bionic?

Kwinz (ldm) wrote :

I had to install it manually in Bionic. Can confirm that after installing https://launchpad.net/ubuntu/+source/cryptsetup/2:2.0.2-1ubuntu2/+build/15039246/+files/cryptsetup_2.0.2-1ubuntu2_amd64.deb it is fixed and unlocking works now.

Matthias Klose (doko) on 2018-08-23
description: updated

Hello Linuxrider, or anyone else affected,

Accepted cryptsetup into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cryptsetup/2:2.0.2-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in cryptsetup (Ubuntu Bionic):
status: Confirmed → Fix Committed
tags: added: verification-needed verification-needed-bionic

Tested working! Thanks!

Mohamed Laradji (mlrdji) wrote :

This was tested on Ubuntu 18.04.1 LTS and is working perfectly. Big thanks to everyone who's worked on this.

Thorsten (thorstenr-42) wrote :

works perfect!

Matthias Klose (doko) on 2018-08-28
tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cryptsetup - 2:2.0.2-1ubuntu1.1

cryptsetup (2:2.0.2-1ubuntu1.1) bionic-proposed; urgency=medium

  * SRU
  * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
    compatibility. LP: #1651818

 -- Matthias Klose <email address hidden> Thu, 23 Aug 2018 16:36:42 +0200

Changed in cryptsetup (Ubuntu Bionic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for cryptsetup has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Reinstalled from bionic-updates and confirmed working.

Thanks again to all involved in resolving this!

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers