[Bug 595648] Re: Remote unlocking not possible if plymouth is active (Bug or Feature?)

Nathaniel Homier 595648 at bugs.launchpad.net
Wed Oct 15 20:06:17 UTC 2014 

I'm a server admin, I manage a mail server and DNS server.  The server
is encrypted for valid reasons.  I need to have remote boot via SSH.
This bug needs to be made a higher priority!  I have daily local access
to the sever, but what happens when I'm on vacation and I need to reboot
the encrypted server.  Right now I have to trust a third party to boot
the server and of course they have to know the password, but what
happens when their out of town and I'm out of town, hmmm?

The workarounds in the comments are not the proper Ubuntu/Debian way and
risk breaking with every update that comes down the line.  I simply
don't have the time to test every update to make sure the scripts posted
in the comments don't break.

Would giving money to the Ubuntu programmers solve this or does Ubuntu
not have a $$$ bounty program.  I couldn't afford much, maybe $50.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/595648

Title:
  Remote unlocking not possible if plymouth is active (Bug or Feature?)

Status in “cryptsetup” package in Ubuntu:
  Triaged
Status in “plymouth” package in Ubuntu:
  Confirmed

Bug description:
  Binary package hint: cryptsetup

  If plymouth is active, it is no longer possible in an easy way to remotely unlock the disc(s).
  Which means that with a standard Ubuntu setup the README.remote is wrong or incomplete.

  Reason: Plymouth is "stealing" the password prompt because the
  cryptroot script checks if plymouth is active:

  if [ -z "$cryptkeyscript" ]; then
  			cryptkey="Unlocking the disk $cryptsource ($crypttarget)\nEnter passphrase: "
  			if [ -x /bin/plymouth ] && plymouth --ping; then
  				cryptkeyscript="plymouth ask-for-password --prompt"
  				cryptkey=$(echo -e "$cryptkey")
  			else
  				cryptkeyscript="/lib/cryptsetup/askpass"
  			fi
  		fi

  but only askpass has a feature which is checking for a file with a
  password in it.

  Because I am not so good in writing startup fixes, I am proposing this as a bug.
  Possible solutions:
  1. Include a new script, which doesn't use plymouth at all.
  2. Use command line switches to use askpass instead of plymouth.
  3. Patch plymouth, e.g. to include a "pass-as-password" option, which is passing the password along to a running plymouth(d?).

  My knowledge about the inner workings of the startup process is limited, I would prefer solution no. 3.
  Any suggestions?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/595648/+subscriptions

More information about the foundations-bugs mailing list