busybox-initramfs needs different compile options to work with cryptroot-unlock

Status changed to 'Confirmed' because the bug affects multiple users.

As far as I understand this is about the debian/initramfs/cryptroot-unlock script, that is not used by default. (default unlocking is done via lightdm).

Whilst indeed ps -eo pids,args is used, it doesn't have to be... if the sed regexp is modified, I think it can just use the "ps" output, no?

Well of course it is not the default unlocking mechanism.
In my setup cryptroot-unlock is used to unlock remotely over dropbear.
Most probably the regex can adapted. But I have no experience with that.

When I encountered the issue I tested the script with standard busybox and it
worked. Then I compared the config of the two packages and found the two parameters
to be essential. It was the easiest way for me.
Of course I did not check for other side effects of the change.

A second command is not working with the initramfs busybox. It's "grep -Ez".
The z option is not present.

Hi,

I would like to see this issue solved asap, IMHO there are several ways of doing that, both quite simple:
1: adapt the unlock script to only use commands and options available in the small version of dropbox, i.e. only ps and adjusting the sed to reflect that (seems possible after reviewing the code)
2: include the regular size busybox in initramfs (works out of the box, I have tried it)
3: use the compile options mentioned above, did not verify that, however.

kind regards, martin

I have developed a workaround until the bug is fixed:
https://hamy.io/blog/remote-unlocking-of-luks-encrypted-root-in-ubuntu-debian/#workaround

This bug is still present in 17.10

18.04 so far as well.

Its just a shame that no one is interested in this bug. Debian Stretch doesn't have this bug btw and bugs get fixed more quickly there ...

Still an issue in bionic final beta....

To unlock root partition, and maybe others like swap, run `cryptroot-unlock`

BusyBox v1.27.2 (Ubuntu 1:1.27.2-2ubuntu3) built-in shell (ash)
Enter 'help' for a list of built-in commands.

# cryptroot-unlock
ps: invalid option -- 'e'
BusyBox v1.27.2 (Ubuntu 1:1.27.2-2ubuntu3) multi-call binary.

Usage: ps

Show list of processes

 w Wide output
 l Long output
/bin/cryptroot-unlock: line 186: usleep: not found

I took a crack at patching this. Works without complaints for cryptroot-unlock as shipped with Ubuntu 18.04 Server.

Apply with:
$ cd /usr/share/cryptsetup/initramfs/bin/
$ sudo patch -bp1 < /path/to/cryptroot-unlock-neutered-busybox-progs.patch
$ sudo update-initramfs -uk all

Problems were:
1) Busybox `ps` takes no (useful) args.
2) Busybox `grep` does not accept -z (NULL terminated line handling).
3) Busybox has no `usleep`, it DOES have a `sleep` that accepts fractional seconds.

The attachment "Fix cryptroot-unlock for neutered Busybox env" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

pls fix this!

@Trent Nelson: thanks for the patch! I applied it and it's working flawlessly!

Thanks for the confirmation @Thorsten!

Now to get some maintainer eyes on it...

Status changed to 'Confirmed' because the bug affects multiple users.

This bug was fixed in the package cryptsetup - 2:2.0.2-1ubuntu2

---------------
cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium

  * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
    compatibility. LP: #1651818

 -- Dimitri John Ledkov 🌈 <email address hidden> Thu, 21 Jun 2018 16:38:31 +0100

Thanks Dimitri!

Sorry, I'm not familiar with Ubuntu packaging.

I see:
```
 "cryptsetup" versions published in Ubuntu
Cosmic (2:2.0.2-1ubuntu2): main/admin
Bionic (2:2.0.2-1ubuntu1): main/admin
```

Out of curiosity, what needs to happen for this change to make it to Bionic?

I would also be interested to see this bug fixed in Bionic.

Will 2:2.0.2-1ubuntu2 released for Bionic?

I had to install it manually in Bionic. Can confirm that after installing https://launchpad.net/ubuntu/+source/cryptsetup/2:2.0.2-1ubuntu2/+build/15039246/+files/cryptsetup_2.0.2-1ubuntu2_amd64.deb it is fixed and unlocking works now.

Hello Linuxrider, or anyone else affected,

Accepted cryptsetup into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cryptsetup/2:2.0.2-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Tested working! Thanks!

This was tested on Ubuntu 18.04.1 LTS and is working perfectly. Big thanks to everyone who's worked on this.

works perfect!

This bug was fixed in the package cryptsetup - 2:2.0.2-1ubuntu1.1

---------------
cryptsetup (2:2.0.2-1ubuntu1.1) bionic-proposed; urgency=medium

  * SRU
  * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
    compatibility. LP: #1651818

 -- Matthias Klose <email address hidden> Thu, 23 Aug 2018 16:36:42 +0200

The verification of the Stable Release Update for cryptsetup has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Reinstalled from bionic-updates and confirmed working.

Thanks again to all involved in resolving this!