Remote unlocking not possible if plymouth is active (Bug or Feature?)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cryptsetup (Debian) |
Fix Released
|
Unknown
|
|||
cryptsetup (Ubuntu) |
Triaged
|
Low
|
Unassigned | ||
plymouth (Ubuntu) |
Confirmed
|
Low
|
Unassigned |
Bug Description
Binary package hint: cryptsetup
If plymouth is active, it is no longer possible in an easy way to remotely unlock the disc(s).
Which means that with a standard Ubuntu setup the README.remote is wrong or incomplete.
Reason: Plymouth is "stealing" the password prompt because the cryptroot script checks if plymouth is active:
if [ -z "$cryptkeyscript" ]; then
cryptkey=
if [ -x /bin/plymouth ] && plymouth --ping; then
cryptkeyscr
cryptkey=$(echo -e "$cryptkey")
else
cryptkeyscr
fi
fi
but only askpass has a feature which is checking for a file with a password in it.
Because I am not so good in writing startup fixes, I am proposing this as a bug.
Possible solutions:
1. Include a new script, which doesn't use plymouth at all.
2. Use command line switches to use askpass instead of plymouth.
3. Patch plymouth, e.g. to include a "pass-as-password" option, which is passing the password along to a running plymouth(d?).
My knowledge about the inner workings of the startup process is limited, I would prefer solution no. 3.
Any suggestions?
Changed in cryptsetup (Ubuntu): | |
status: | Triaged → Confirmed |
Changed in cryptsetup (Ubuntu): | |
status: | Confirmed → Triaged |
tags: | added: trusty vivid |
Changed in plymouth (Ubuntu): | |
importance: | Undecided → Low |
Changed in cryptsetup (Debian): | |
status: | Unknown → New |
Changed in cryptsetup (Debian): | |
status: | New → Fix Released |
You're correct that the documentation is now out of date. However, plymouth is only the /default/ interface used by cryptsetup; you can probably get the same effect as before by using a 'keyscript=' option in /etc/crypttab. Though plymouth is still going to control the console, so you'll have to do some further tuning if you want to be able to unlock using either local console or a remote unlock command.