[Bug 2047600] [NEW] cryptsetup-initramfs fails to get hashes with detached luks header
Alexander Geier
2047600 at bugs.launchpad.net
Thu Dec 28 02:03:18 UTC 2023
Public bug reported:
Initramfs creation complains about "Device /dev/sdX is not a valid LUKS
device." for a luks device with detached header.
Example /etc/crypttab as it is used:
#<name> <source device> <key file> <options>
luks_system PARTLABEL=LUKS none luks,header=/usbmnt/luks.header
The issue seems to be with the command in /usr/share/initramfs-tools/hooks/cryptroot (line 224):
hash="$(/sbin/cryptsetup luksDump -- "$source" | sed -nr 's/^\s*(AF hash|Hash|Hash spec)\s*:\s*//Ip')"
$source was resolved to the device without the detached header. It seems
if the detached header file would be used as "source" this command would
work just like that. Otherwise --header should be passed additionally as
a parameter with the detached header file/device.
In my case the created initramfs is booting and works. So for me the
message about the not valid luks device is only a cosmetic thing. But it
seems in case me or anyone else would need the legacy.so (checked in
copy_libssl_legacy_library / https://launchpad.net/bugs/1979159) this
would be more problematic as the hashes could not be checked.
# lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04
# apt-cache policy cryptsetup-initramfs
cryptsetup-initramfs:
Installed: 2:2.4.3-1ubuntu1.2
Candidate: 2:2.4.3-1ubuntu1.2
Version table:
*** 2:2.4.3-1ubuntu1.2 500
500 http://de.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
500 http://de.archive.ubuntu.com/ubuntu jammy-updates/main i386 Packages
100 /var/lib/dpkg/status
2:2.4.3-1ubuntu1 500
500 http://de.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
500 http://de.archive.ubuntu.com/ubuntu jammy/main i386 Packages
** Affects: cryptsetup (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/2047600
Title:
cryptsetup-initramfs fails to get hashes with detached luks header
Status in cryptsetup package in Ubuntu:
New
Bug description:
Initramfs creation complains about "Device /dev/sdX is not a valid
LUKS device." for a luks device with detached header.
Example /etc/crypttab as it is used:
#<name> <source device> <key file> <options>
luks_system PARTLABEL=LUKS none luks,header=/usbmnt/luks.header
The issue seems to be with the command in /usr/share/initramfs-tools/hooks/cryptroot (line 224):
hash="$(/sbin/cryptsetup luksDump -- "$source" | sed -nr 's/^\s*(AF hash|Hash|Hash spec)\s*:\s*//Ip')"
$source was resolved to the device without the detached header. It
seems if the detached header file would be used as "source" this
command would work just like that. Otherwise --header should be passed
additionally as a parameter with the detached header file/device.
In my case the created initramfs is booting and works. So for me the
message about the not valid luks device is only a cosmetic thing. But
it seems in case me or anyone else would need the legacy.so (checked
in copy_libssl_legacy_library / https://launchpad.net/bugs/1979159)
this would be more problematic as the hashes could not be checked.
# lsb_release -rd
Description: Ubuntu 22.04.3 LTS
Release: 22.04
# apt-cache policy cryptsetup-initramfs
cryptsetup-initramfs:
Installed: 2:2.4.3-1ubuntu1.2
Candidate: 2:2.4.3-1ubuntu1.2
Version table:
*** 2:2.4.3-1ubuntu1.2 500
500 http://de.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
500 http://de.archive.ubuntu.com/ubuntu jammy-updates/main i386 Packages
100 /var/lib/dpkg/status
2:2.4.3-1ubuntu1 500
500 http://de.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
500 http://de.archive.ubuntu.com/ubuntu jammy/main i386 Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/2047600/+subscriptions
More information about the foundations-bugs
mailing list