[Bug 1903875] Re: cryptgnupg-sc initramfs script with plymouth locks up pinentry

Keeley Hoek 1903875 at bugs.launchpad.net
Wed Nov 11 21:10:19 UTC 2020 

** Description changed:

  It's great that the `cryptgnupg-sc` keyscript exists and runs out-of-
  the-box, and it (and its brethren) should be more widely known!
  
  However, `cryptgnupg-sc` prompts using `pinentry-ncurses` which 1. hides
- behind plymouth so it looks everything has hung, and 2. actually locks
- up when you try to enter a password (try it) because (I believe)
+ behind plymouth so it looks like everything has hung, and 2. actually
+ locks up when you try to enter a password (try it) because (I believe)
  plymouth captures [ENTER] so you can't actually select OK on the
  pinentry dialog.
  
  To fix this, I think all that needs to happen is the copy of `pinentry`
  copied into the initramfs by the `cryptgnupg-sc` hook needs to be
  replaced. Are the maintainers aware of this project:
  https://github.com/werwurm/plymentry which essentially does this? (That
  repository also houses some scripts which are irrelevant for our
  purposes here.)
  
  Is there scope to ship a tiny binary which replaces pinentry with
  `cryptsetup-initramfs`? (GNUPG would be none-the-wiser.) This would make
  the family of shipped keyscripts work really well just by setting up
  `/etc/crypttab`, without any initramfs script hacking at all. At the
  moment its tantalizingly close!
  
  Kind regards,
  Keeley

** Description changed:

  It's great that the `cryptgnupg-sc` keyscript exists and runs out-of-
  the-box, and it (and its brethren) should be more widely known!
  
  However, `cryptgnupg-sc` prompts using `pinentry-ncurses` which 1. hides
  behind plymouth so it looks like everything has hung, and 2. actually
  locks up when you try to enter a password (try it) because (I believe)
  plymouth captures [ENTER] so you can't actually select OK on the
  pinentry dialog.
  
  To fix this, I think all that needs to happen is the copy of `pinentry`
  copied into the initramfs by the `cryptgnupg-sc` hook needs to be
  replaced. Are the maintainers aware of this project:
  https://github.com/werwurm/plymentry which essentially does this? (That
  repository also houses some scripts which are irrelevant for our
  purposes here.)
  
- Is there scope to ship a tiny binary which replaces pinentry with
+ Is there scope to ship a tiny binary which replaces pinentry along with
  `cryptsetup-initramfs`? (GNUPG would be none-the-wiser.) This would make
  the family of shipped keyscripts work really well just by setting up
  `/etc/crypttab`, without any initramfs script hacking at all. At the
  moment its tantalizingly close!
  
  Kind regards,
  Keeley

** Description changed:

  It's great that the `cryptgnupg-sc` keyscript exists and runs out-of-
  the-box, and it (and its brethren) should be more widely known!
  
  However, `cryptgnupg-sc` prompts using `pinentry-ncurses` which 1. hides
  behind plymouth so it looks like everything has hung, and 2. actually
  locks up when you try to enter a password (try it) because (I believe)
  plymouth captures [ENTER] so you can't actually select OK on the
  pinentry dialog.
  
  To fix this, I think all that needs to happen is the copy of `pinentry`
  copied into the initramfs by the `cryptgnupg-sc` hook needs to be
  replaced. Are the maintainers aware of this project:
  https://github.com/werwurm/plymentry which essentially does this? (That
  repository also houses some scripts which are irrelevant for our
  purposes here.)
  
  Is there scope to ship a tiny binary which replaces pinentry along with
  `cryptsetup-initramfs`? (GNUPG would be none-the-wiser.) This would make
  the family of shipped keyscripts work really well just by setting up
  `/etc/crypttab`, without any initramfs script hacking at all. At the
- moment its tantalizingly close!
+ moment it's tantalizingly close!
  
  Kind regards,
  Keeley

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1903875

Title:
  cryptgnupg-sc initramfs script with plymouth locks up pinentry

Status in cryptsetup package in Ubuntu:
  New

Bug description:
  It's great that the `cryptgnupg-sc` keyscript exists and runs out-of-
  the-box, and it (and its brethren) should be more widely known!

  However, `cryptgnupg-sc` prompts using `pinentry-ncurses` which 1.
  hides behind plymouth so it looks like everything has hung, and 2.
  actually locks up when you try to enter a password (try it) because (I
  believe) plymouth captures [ENTER] so you can't actually select OK on
  the pinentry dialog.

  To fix this, I think all that needs to happen is the copy of
  `pinentry` copied into the initramfs by the `cryptgnupg-sc` hook needs
  to be replaced. Are the maintainers aware of this project:
  https://github.com/werwurm/plymentry which essentially does this?
  (That repository also houses some scripts which are irrelevant for our
  purposes here.)

  Is there scope to ship a tiny binary which replaces pinentry along
  with `cryptsetup-initramfs`? (GNUPG would be none-the-wiser.) This
  would make the family of shipped keyscripts work really well just by
  setting up `/etc/crypttab`, without any initramfs script hacking at
  all. At the moment it's tantalizingly close!

  Kind regards,
  Keeley

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1903875/+subscriptions

More information about the foundations-bugs mailing list