busybox-initramfs needs different compile options to work with cryptroot-unlock

Bug #1651818 reported by Linuxrider
152
This bug affects 31 people
Affects Status Importance Assigned to Milestone
busybox (Ubuntu)
Won't Fix
Low
Unassigned
cryptsetup (Ubuntu)
Fix Released
Low
Dimitri John Ledkov
Bionic
Fix Released
Undecided
Unassigned

Bug Description

SRU for bionic:

Acceptance criteria: An encrypted partition can be decrypted using cryptroot-unlock.

Regression potential: It's not the default method, so unused by the majority of people. Besides that the patched script runs fine in cosmic.

The cryptroot-unlock script in the cryptsetup package does not work in initramfs.
It fails because "ps -e" is not available in busybox for initramfs.
When building the package with

CONFIG_DESKTOP=y
CONFIG_EXTRA_COMPAT=y

the needed commands (ps, grep) with parameter are there and it works.
Tetsted on Ubuntu GNOME 16.10.

Linuxrider (linuxrider)
description: updated
Linuxrider (linuxrider)
tags: added: yakkety
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in busybox (Ubuntu):
status: New → Confirmed
Changed in cryptsetup (Ubuntu):
status: New → Confirmed
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

As far as I understand this is about the debian/initramfs/cryptroot-unlock script, that is not used by default. (default unlocking is done via lightdm).

Whilst indeed ps -eo pids,args is used, it doesn't have to be... if the sed regexp is modified, I think it can just use the "ps" output, no?

Changed in busybox (Ubuntu):
importance: Undecided → Low
Changed in cryptsetup (Ubuntu):
importance: Undecided → Low
Changed in cryptsetup (Ubuntu):
assignee: nobody → Dimitri John Ledkov (xnox)
Revision history for this message
Linuxrider (linuxrider) wrote :

Well of course it is not the default unlocking mechanism.
In my setup cryptroot-unlock is used to unlock remotely over dropbear.
Most probably the regex can adapted. But I have no experience with that.

When I encountered the issue I tested the script with standard busybox and it
worked. Then I compared the config of the two packages and found the two parameters
to be essential. It was the easiest way for me.
Of course I did not check for other side effects of the change.

A second command is not working with the initramfs busybox. It's "grep -Ez".
The z option is not present.

Revision history for this message
Martin Scheidel (fourstone77) wrote :

Hi,

I would like to see this issue solved asap, IMHO there are several ways of doing that, both quite simple:
1: adapt the unlock script to only use commands and options available in the small version of dropbox, i.e. only ps and adjusting the sed to reflect that (seems possible after reviewing the code)
2: include the regular size busybox in initramfs (works out of the box, I have tried it)
3: use the compile options mentioned above, did not verify that, however.

kind regards, martin

Hamy (hamy-public1)
tags: added: zesty
Revision history for this message
Hamy (hamy-public1) wrote :
Revision history for this message
HurricaneHernandez (hurricanehrndz) wrote :

This bug is still present in 17.10

Revision history for this message
Alex (a-t-page) wrote :

18.04 so far as well.

tags: added: artful
tags: added: bionic
Revision history for this message
mm (mtl-0) wrote :

Its just a shame that no one is interested in this bug. Debian Stretch doesn't have this bug btw and bugs get fixed more quickly there ...

Revision history for this message
Mark Foster (fostermarkd) wrote :

Still an issue in bionic final beta....

To unlock root partition, and maybe others like swap, run `cryptroot-unlock`

BusyBox v1.27.2 (Ubuntu 1:1.27.2-2ubuntu3) built-in shell (ash)
Enter 'help' for a list of built-in commands.

# cryptroot-unlock
ps: invalid option -- 'e'
BusyBox v1.27.2 (Ubuntu 1:1.27.2-2ubuntu3) multi-call binary.

Usage: ps

Show list of processes

 w Wide output
 l Long output
/bin/cryptroot-unlock: line 186: usleep: not found

Revision history for this message
Trent Nelson (trent-a-b-nelson) wrote :

I took a crack at patching this. Works without complaints for cryptroot-unlock as shipped with Ubuntu 18.04 Server.

Apply with:
$ cd /usr/share/cryptsetup/initramfs/bin/
$ sudo patch -bp1 < /path/to/cryptroot-unlock-neutered-busybox-progs.patch
$ sudo update-initramfs -uk all

Problems were:
1) Busybox `ps` takes no (useful) args.
2) Busybox `grep` does not accept -z (NULL terminated line handling).
3) Busybox has no `usleep`, it DOES have a `sleep` that accepts fractional seconds.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Fix cryptroot-unlock for neutered Busybox env" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Thorsten (thorstenr-42) wrote :

pls fix this!

Revision history for this message
Thorsten (thorstenr-42) wrote :

@Trent Nelson: thanks for the patch! I applied it and it's working flawlessly!

Revision history for this message
Trent Nelson (trent-a-b-nelson) wrote :

Thanks for the confirmation @Thorsten!

Now to get some maintainer eyes on it...

no longer affects: busybox (Ubuntu Bionic)
Changed in busybox (Ubuntu):
status: Confirmed → Won't Fix
Changed in cryptsetup (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cryptsetup (Ubuntu Bionic):
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cryptsetup - 2:2.0.2-1ubuntu2

---------------
cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium

  * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
    compatibility. LP: #1651818

 -- Dimitri John Ledkov 🌈 <email address hidden> Thu, 21 Jun 2018 16:38:31 +0100

Changed in cryptsetup (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Trent Nelson (trent-a-b-nelson) wrote :

Thanks Dimitri!

Revision history for this message
Jeff Y. (jeff-w) wrote :

Sorry, I'm not familiar with Ubuntu packaging.

I see:
```
 "cryptsetup" versions published in Ubuntu
Cosmic (2:2.0.2-1ubuntu2): main/admin
Bionic (2:2.0.2-1ubuntu1): main/admin
```

Out of curiosity, what needs to happen for this change to make it to Bionic?

Revision history for this message
Joachim Gehrung (josch-ka) wrote :

I would also be interested to see this bug fixed in Bionic.

Revision history for this message
seeseekey (seeseekey) wrote :

Will 2:2.0.2-1ubuntu2 released for Bionic?

Revision history for this message
Kwinz (ldm) wrote :

I had to install it manually in Bionic. Can confirm that after installing https://launchpad.net/ubuntu/+source/cryptsetup/2:2.0.2-1ubuntu2/+build/15039246/+files/cryptsetup_2.0.2-1ubuntu2_amd64.deb it is fixed and unlocking works now.

Matthias Klose (doko)
description: updated
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Linuxrider, or anyone else affected,

Accepted cryptsetup into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cryptsetup/2:2.0.2-1ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in cryptsetup (Ubuntu Bionic):
status: Confirmed → Fix Committed
tags: added: verification-needed verification-needed-bionic
Revision history for this message
Trent Nelson (trent-a-b-nelson) wrote :

Tested working! Thanks!

Revision history for this message
Mohamed Laradji (mlrdji) wrote :

This was tested on Ubuntu 18.04.1 LTS and is working perfectly. Big thanks to everyone who's worked on this.

Revision history for this message
Thorsten (thorstenr-42) wrote :

works perfect!

Matthias Klose (doko)
tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cryptsetup - 2:2.0.2-1ubuntu1.1

---------------
cryptsetup (2:2.0.2-1ubuntu1.1) bionic-proposed; urgency=medium

  * SRU
  * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
    compatibility. LP: #1651818

 -- Matthias Klose <email address hidden> Thu, 23 Aug 2018 16:36:42 +0200

Changed in cryptsetup (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Chris Halse Rogers (raof) wrote : Update Released

The verification of the Stable Release Update for cryptsetup has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Trent Nelson (trent-a-b-nelson) wrote :

Reinstalled from bionic-updates and confirmed working.

Thanks again to all involved in resolving this!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.