[Bug 1968636] [NEW] cryptroot-unlock doesn't work at all when terminal width is below 51

Ross 1968636 at bugs.launchpad.net
Mon Apr 11 23:06:42 UTC 2022 

Public bug reported:

I'm speaking about ubuntu 20.04.4 with cryptsetup 2:2.2.2-3ubuntu2.4.
The behaviour is the same in ubuntu 22.04. I havent tried 18.04 and
older LTS, probably the same problem there as well.

So I have your usual setup with luks encrypted root. I've installed
dropbear-initramfs to make it remotely unlockable, set everything up and
tried to unlock it connecting from termux with my phone. When I ran
cryptroot-unlock it kept silent (not even the prompt) for some secs and
quit with such error:

    Error: Timeout reached while waiting for askpass.

Long story short: if I rotated the phone everything worked as supposed.

I tracked it down to this piece in cryptroot-unlock:

    # Print the list of PIDs the executed command of which is $exe.
    pgrep_exe() {
        local exe pid
        exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0
        ps | awk '{print $1, $5}' | while read LINE; do
            set $LINE
            local pid=$1
            local cmd=$(readlink -f -- "$2")
            if [ "$cmd" == "$exe" ]; then
                echo $pid
                break
            fi
        done
    }

Notice it walks through "ps" (busybox one) lines which adapts its output
to the terminal width. Check out this shell session:

    > stty size
    40 115
    > /usr/lib/initramfs-tools/bin/busybox ps | grep '[b]usybox'
    18944 account   2804 R    /usr/lib/initramfs-tools/bin/busybox ps
    ## resize the terminal width to 50
    > stty size
    40 50
    > /usr/lib/initramfs-tools/bin/busybox ps | grep '[b]usybox'
    18947 account   2804 R    {busybox} /usr/lib/ini

Look at the last line above. "ps" ensures one terminal line per process,
no wrapping. If a line is too long, cut it. If the full binary path is
to be cut, prepend the binary basename in curly braces.

Here is a shell session over dropbear connection:

    > stty size
    40 115
    > ps | grep '[a]skpass'
      285 root      2364 S    /lib/cryptsetup/askpass Please unlock disk dm_crypt-0:
    ## resize the terminal width to 50
    > stty size
    40 50
    > ps | grep '[a]skpass'
      285 root      2364 S    {askpass} /lib/cryptse

As you can see askpass cmdline is a total mess now and because of that
pgrep_exe cant find askpass PID.


A quick fix could be "ps -w" instead of just "ps" in pgrep_exe. It would make ps assume the terminal width 132 which is enough for askpass line to be printed pristine.


Currently one cant unlock encrypted root with terminal width up to and including 50.

** Affects: cryptsetup (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: cryptsetup cryptsetup-initramfs

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1968636

Title:
  cryptroot-unlock doesn't work at all when terminal width is below 51

Status in cryptsetup package in Ubuntu:
  New

Bug description:
  I'm speaking about ubuntu 20.04.4 with cryptsetup 2:2.2.2-3ubuntu2.4.
  The behaviour is the same in ubuntu 22.04. I havent tried 18.04 and
  older LTS, probably the same problem there as well.

  So I have your usual setup with luks encrypted root. I've installed
  dropbear-initramfs to make it remotely unlockable, set everything up
  and tried to unlock it connecting from termux with my phone. When I
  ran cryptroot-unlock it kept silent (not even the prompt) for some
  secs and quit with such error:

      Error: Timeout reached while waiting for askpass.

  Long story short: if I rotated the phone everything worked as
  supposed.

  I tracked it down to this piece in cryptroot-unlock:

      # Print the list of PIDs the executed command of which is $exe.
      pgrep_exe() {
          local exe pid
          exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0
          ps | awk '{print $1, $5}' | while read LINE; do
              set $LINE
              local pid=$1
              local cmd=$(readlink -f -- "$2")
              if [ "$cmd" == "$exe" ]; then
                  echo $pid
                  break
              fi
          done
      }

  Notice it walks through "ps" (busybox one) lines which adapts its
  output to the terminal width. Check out this shell session:

      > stty size
      40 115
      > /usr/lib/initramfs-tools/bin/busybox ps | grep '[b]usybox'
      18944 account   2804 R    /usr/lib/initramfs-tools/bin/busybox ps
      ## resize the terminal width to 50
      > stty size
      40 50
      > /usr/lib/initramfs-tools/bin/busybox ps | grep '[b]usybox'
      18947 account   2804 R    {busybox} /usr/lib/ini

  Look at the last line above. "ps" ensures one terminal line per
  process, no wrapping. If a line is too long, cut it. If the full
  binary path is to be cut, prepend the binary basename in curly braces.

  Here is a shell session over dropbear connection:

      > stty size
      40 115
      > ps | grep '[a]skpass'
        285 root      2364 S    /lib/cryptsetup/askpass Please unlock disk dm_crypt-0:
      ## resize the terminal width to 50
      > stty size
      40 50
      > ps | grep '[a]skpass'
        285 root      2364 S    {askpass} /lib/cryptse

  As you can see askpass cmdline is a total mess now and because of that
  pgrep_exe cant find askpass PID.

  
  A quick fix could be "ps -w" instead of just "ps" in pgrep_exe. It would make ps assume the terminal width 132 which is enough for askpass line to be printed pristine.

  
  Currently one cant unlock encrypted root with terminal width up to and including 50.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1968636/+subscriptions

More information about the foundations-bugs mailing list