busybox-initramfs needs different compile options to work with cryptroot-unlock

Bug #1651818 reported by Linuxrider on 2016-12-21
146
This bug affects 30 people
Affects Status Importance Assigned to Milestone
busybox (Ubuntu)
Low
Unassigned
cryptsetup (Ubuntu)
Low
Dimitri John Ledkov
Bionic
Undecided
Unassigned

Bug Description

The cryptroot-unlock script in the cryptsetup package does not work in initramfs.
It fails because "ps -e" is not available in busybox for initramfs.
When building the package with

CONFIG_DESKTOP=y
CONFIG_EXTRA_COMPAT=y

the needed commands (ps, grep) with parameter are there and it works.
Tetsted on Ubuntu GNOME 16.10.

Linuxrider (linuxrider) on 2016-12-21
description: updated
Linuxrider (linuxrider) on 2016-12-21
tags: added: yakkety
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in busybox (Ubuntu):
status: New → Confirmed
Changed in cryptsetup (Ubuntu):
status: New → Confirmed
Dimitri John Ledkov (xnox) wrote :

As far as I understand this is about the debian/initramfs/cryptroot-unlock script, that is not used by default. (default unlocking is done via lightdm).

Whilst indeed ps -eo pids,args is used, it doesn't have to be... if the sed regexp is modified, I think it can just use the "ps" output, no?

Changed in busybox (Ubuntu):
importance: Undecided → Low
Changed in cryptsetup (Ubuntu):
importance: Undecided → Low
Changed in cryptsetup (Ubuntu):
assignee: nobody → Dimitri John Ledkov (xnox)
Linuxrider (linuxrider) wrote :

Well of course it is not the default unlocking mechanism.
In my setup cryptroot-unlock is used to unlock remotely over dropbear.
Most probably the regex can adapted. But I have no experience with that.

When I encountered the issue I tested the script with standard busybox and it
worked. Then I compared the config of the two packages and found the two parameters
to be essential. It was the easiest way for me.
Of course I did not check for other side effects of the change.

A second command is not working with the initramfs busybox. It's "grep -Ez".
The z option is not present.

Martin Scheidel (fourstone77) wrote :

Hi,

I would like to see this issue solved asap, IMHO there are several ways of doing that, both quite simple:
1: adapt the unlock script to only use commands and options available in the small version of dropbox, i.e. only ps and adjusting the sed to reflect that (seems possible after reviewing the code)
2: include the regular size busybox in initramfs (works out of the box, I have tried it)
3: use the compile options mentioned above, did not verify that, however.

kind regards, martin

Hamy (hamy-public1) on 2017-06-03
tags: added: zesty
Hamy (hamy-public1) wrote :
HurricaneHernandez (9-carlos) wrote :

This bug is still present in 17.10

Alex (a-t-page) wrote :

18.04 so far as well.

tags: added: artful
tags: added: bionic
mm (mtl-0) wrote :

Its just a shame that no one is interested in this bug. Debian Stretch doesn't have this bug btw and bugs get fixed more quickly there ...

Mark Foster (fostermarkd) wrote :

Still an issue in bionic final beta....

To unlock root partition, and maybe others like swap, run `cryptroot-unlock`

BusyBox v1.27.2 (Ubuntu 1:1.27.2-2ubuntu3) built-in shell (ash)
Enter 'help' for a list of built-in commands.

# cryptroot-unlock
ps: invalid option -- 'e'
BusyBox v1.27.2 (Ubuntu 1:1.27.2-2ubuntu3) multi-call binary.

Usage: ps

Show list of processes

 w Wide output
 l Long output
/bin/cryptroot-unlock: line 186: usleep: not found

I took a crack at patching this. Works without complaints for cryptroot-unlock as shipped with Ubuntu 18.04 Server.

Apply with:
$ cd /usr/share/cryptsetup/initramfs/bin/
$ sudo patch -bp1 < /path/to/cryptroot-unlock-neutered-busybox-progs.patch
$ sudo update-initramfs -uk all

Problems were:
1) Busybox `ps` takes no (useful) args.
2) Busybox `grep` does not accept -z (NULL terminated line handling).
3) Busybox has no `usleep`, it DOES have a `sleep` that accepts fractional seconds.

The attachment "Fix cryptroot-unlock for neutered Busybox env" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Thorsten (thorstenr-42) wrote :

pls fix this!

Thorsten (thorstenr-42) wrote :

@Trent Nelson: thanks for the patch! I applied it and it's working flawlessly!

Thanks for the confirmation @Thorsten!

Now to get some maintainer eyes on it...

no longer affects: busybox (Ubuntu Bionic)
Changed in busybox (Ubuntu):
status: Confirmed → Won't Fix
Changed in cryptsetup (Ubuntu):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cryptsetup (Ubuntu Bionic):
status: New → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cryptsetup - 2:2.0.2-1ubuntu2

---------------
cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium

  * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
    compatibility. LP: #1651818

 -- Dimitri John Ledkov 🌈 <email address hidden> Thu, 21 Jun 2018 16:38:31 +0100

Changed in cryptsetup (Ubuntu):
status: Fix Committed → Fix Released

Thanks Dimitri!

Jeff Y. (jeff-w) wrote :

Sorry, I'm not familiar with Ubuntu packaging.

I see:
```
 "cryptsetup" versions published in Ubuntu
Cosmic (2:2.0.2-1ubuntu2): main/admin
Bionic (2:2.0.2-1ubuntu1): main/admin
```

Out of curiosity, what needs to happen for this change to make it to Bionic?

Joachim Gehrung (josch-ka) wrote :

I would also be interested to see this bug fixed in Bionic.

seeseekey (seeseekey) wrote :

Will 2:2.0.2-1ubuntu2 released for Bionic?

Kwinz (ldm) wrote :

I had to install it manually in Bionic. Can confirm that after installing https://launchpad.net/ubuntu/+source/cryptsetup/2:2.0.2-1ubuntu2/+build/15039246/+files/cryptsetup_2.0.2-1ubuntu2_amd64.deb it is fixed and unlocking works now.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers