[Bug 1022815] Re: initramfs should try password against other devices

Roger Binns ubuntu at rogerbinns.com
Sun Aug 19 01:17:11 UTC 2012 

I got everything working.  The README you pointed to is very misleading
since the script is already in the correct place.  I'd be inclined to
just delete the README, and mention all the different scripts in
/lib/cryptsetup/scripts in the main crypttab page.

decrypt_keyctl doesn't seem like 'none' as the third column in crypttab
(either that or the ordering confuses it).  I changed the ordering so
swap was last, and the third column from 'none' to avoid multiple
prompts.

In cryptdisk.functions there is a section that tries to work out what
program to use for prompting (look for plymouth).  In decrypt_keyctl
there is a similar section at the top trying to do the same thing, but
it doesn't look for plymouth.  I made two changes:

1) Added code to make plymouth be probed and used.  At the top section
as the last entry:

      test -x /bin/plymouth && plymouth --ping && PW_READER_='plymouth'

In the case $PW_READER_ section:

    plymouth)
            KEY_=$(plymouth ask-for-password --prompt "$PROMPT_") || die "Error executing plymouth"
            ;;

That makes things work perfectly when plymouth is present.

2) In recovery mode things were unusable.  That was because it was using
askpass.  I commented out the line beginning test -x "$ASKPASS_" which
means that in a non-plymouth environment the stty mode is being used.
The stty mode worked just fine in recovery mode.


In any event as things currently are shipped on Ubuntu you will have an unbootable system if you follow the README instructions.  Either decrypt_keyctl should be removed, or fixed.

The documentation should at least mention the script, and also mention
that keyutils must be installed.  It should also mention having to run
update-initramfs on changing /etc/crypttab

askpass is broken.  It should really be fixed to be able to do plymouth
if it is running, or the various things (eg stty method that the
decrypt_keyctl is doing).

Then everything can just use askpass.  Failing that the logic for
picking a password prompt program should be unified into one place.  For
example it could be put into a function in cryptdisk.functions and that
sourced/used by decrypt_keyctl.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1022815

Title:
  initramfs should try password against other devices

Status in “cryptsetup” package in Ubuntu:
  New

Bug description:
  Due to multiple drives I have multiple encrypted volumes.  The
  passphrase for all of them is identical.. However at boot I am asked
  the password for each one, and have to type the same thing over and
  over again.  cryptsetup during boot should at least try the previously
  typed in password against each volume.

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: cryptsetup (not installed)
  ProcVersionSignature: Ubuntu 3.2.0-26.41-generic 3.2.19
  Uname: Linux 3.2.0-26-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.0.1-0ubuntu8
  Architecture: amd64
  Date: Mon Jul  9 22:14:32 2012
  SourcePackage: cryptsetup
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1022815/+subscriptions

More information about the foundations-bugs mailing list