Ubuntu
libpam-mount package

Bug #367577
Comment #5

Comment 5 for bug 367577

Revision history for this message

jcfp (jcfp) wrote on 2009-05-23:

For ages had the following in pam_mount.conf (old non-luks):
volume me crypt - /dev/sdb1 /mnt/massa_crypto-2 cipher=blowfish-cbc-essiv:sha256,keysize=448 - -

Until that didn't work anymore after upgrading to jaunty (crashes reoprted in syslog, similar to #353935), even when trying manually and adding ripemd160 for the hash that apparently nowadays defaults to "plain" otherwise:
# /sbin/mount.crypt -v -o cipher=blowfish-cbc-essiv:sha256,hash=ripemd160,keysize=448 /dev/sdb1 /mnt/massa_crypto-2
mount.crypt(mtcrypt.c:149): keysize mount option ignored
command: [readlink] [-fn] [/dev/sdb1]
command: [readlink] [-fn] [/mnt/massa_crypto-2]
Password:
mount.crypt(loop.c:319): Using _dev_sdb1 as dmdevice name
command: [cryptsetup] [-c] [blowfish-cbc-essiv:sha256] [--key-file=-] [-h] [ripemd160] [create] [_dev_sdb1] [/dev/sdb1]
command: [mount] [-n] [/dev/mapper/_dev_sdb1] [/mnt/massa_crypto-2]
mount: you must specify the filesystem type
mount failed with exit status 32

With your patch added, the result is this:
# /sbin/mount.crypt -v -o cipher=blowfish-cbc-essiv:sha256,hash=ripemd160,keysize=448 /dev/sdb1 /mnt/massa_crypto-2
mount.crypt(mtcrypt.c:149): keysize mount option ignored
command: [readlink] [-fn] [/dev/sdb1]
command: [readlink] [-fn] [/mnt/massa_crypto-2]
Password:
mount.crypt(loop.c:325): Using _dev_sdb1 as dmdevice name
command: [cryptsetup] [-c] [blowfish-cbc-essiv:sha256] [--key-file=-] [-h] [ripemd160] [-s] [104] [create] [_dev_sdb1] [/dev/sdb1]
command: [mount] [-n] [/dev/mapper/_dev_sdb1] [/mnt/massa_crypto-2]
mount: you must specify the filesystem type
mount failed with exit status 32

Althought the key here seems to be "mount.crypt(mtcrypt.c:149): keysize mount option ignored", which might well have nothing to do with your patch, I can't see where it's getting this value "104" from. Doing cryptsetup and mount manually as follows:
# cryptsetup -c blowfish-cbc-essiv:sha256 --key-file=- -h ripemd160 -s 448 create _dev_sdb1 /dev/sdb1
# mount /dev/mapper/_dev_sdb1 /mnt/massa_crypto-2

...turned out to work flawlessly, like my other encrypted partitions using "cipher=twofish-cbc-essiv:sha256,keysize=256" (with luks) had been doing all along.

For ages had the following in pam_mount.conf (old non-luks):
volume me crypt - /dev/sdb1 /mnt/massa_crypto-2 cipher=blowfish-cbc-essiv:sha256,keysize=448 - -

Until that didn't work anymore after upgrading to jaunty (crashes reoprted in syslog, similar to #353935), even when trying manually and adding ripemd160 for the hash that apparently nowadays defaults to "plain" otherwise:
# /sbin/mount.crypt -v -o cipher=blowfish-cbc-essiv:sha256,hash=ripemd160,keysize=448 /dev/sdb1 /mnt/massa_crypto-2
mount.crypt(mtcrypt.c:149): keysize mount option ignored
command: [readlink] [-fn] [/dev/sdb1] 
command: [readlink] [-fn] [/mnt/massa_crypto-2] 
Password: 
mount.crypt(loop.c:319): Using _dev_sdb1 as dmdevice name
command: [cryptsetup] [-c] [blowfish-cbc-essiv:sha256] [--key-file=-] [-h] [ripemd160] [create] [_dev_sdb1] [/dev/sdb1] 
command: [mount] [-n] [/dev/mapper/_dev_sdb1] [/mnt/massa_crypto-2] 
mount: you must specify the filesystem type
mount failed with exit status 32

With your patch added, the result is this:
# /sbin/mount.crypt -v -o cipher=blowfish-cbc-essiv:sha256,hash=ripemd160,keysize=448 /dev/sdb1 /mnt/massa_crypto-2
mount.crypt(mtcrypt.c:149): keysize mount option ignored
command: [readlink] [-fn] [/dev/sdb1] 
command: [readlink] [-fn] [/mnt/massa_crypto-2] 
Password: 
mount.crypt(loop.c:325): Using _dev_sdb1 as dmdevice name
command: [cryptsetup] [-c] [blowfish-cbc-essiv:sha256] [--key-file=-] [-h] [ripemd160] [-s] [104] [create] [_dev_sdb1] [/dev/sdb1] 
command: [mount] [-n] [/dev/mapper/_dev_sdb1] [/mnt/massa_crypto-2] 
mount: you must specify the filesystem type
mount failed with exit status 32

...turned out to work flawlessly, like my other encrypted partitions using "cipher=twofish-cbc-essiv:sha256,keysize=256" (with luks) had been doing all along.

Ubuntulibpam-mount package

Comment 5 for bug 367577

Ubuntu
libpam-mount package