[Bug 1968636] Re: cryptroot-unlock doesn't work at all when terminal width is below 51
Irkandur
1968636 at bugs.launchpad.net
Sat Dec 10 09:41:23 UTC 2022
Hello there.
I have Ubuntu 22.04.1 running on a Raspberry Pi, everything is fine and
smooth.
I have an encrypted root partition which I also unlock from initrd thanks to dropbear.
As soon as I'm authenticated with dropbear (pubkey), I normally get askpass screen, type my password, and got disconnected after a sucess cryptsetup message.
Doing this from my phone, it doesn't work (even with rotating the
screen, so my terminal may not report change in width).
Doing this from my computer is fine.
I wanted to do the suggested "ps -w" tricks but the busybox from APT
doesn't have this option for the ps applet.
Btw, this issue may be more linked to the cryptsetup-initramfs package?
Regards
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1968636
Title:
cryptroot-unlock doesn't work at all when terminal width is below 51
Status in cryptsetup package in Ubuntu:
Confirmed
Bug description:
I'm speaking about ubuntu 20.04.4 with cryptsetup 2:2.2.2-3ubuntu2.4.
The behaviour is the same in ubuntu 22.04. I havent tried 18.04 and
older LTS, probably the same problem there as well.
So I have your usual setup with luks encrypted root. I've installed
dropbear-initramfs to make it remotely unlockable, set everything up
and tried to unlock it connecting from termux with my phone. When I
ran cryptroot-unlock it kept silent (not even the prompt) for some
secs and quit with such error:
Error: Timeout reached while waiting for askpass.
Long story short: if I rotated the phone everything worked as
supposed.
I tracked it down to this piece in cryptroot-unlock:
# Print the list of PIDs the executed command of which is $exe.
pgrep_exe() {
local exe pid
exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0
ps | awk '{print $1, $5}' | while read LINE; do
set $LINE
local pid=$1
local cmd=$(readlink -f -- "$2")
if [ "$cmd" == "$exe" ]; then
echo $pid
break
fi
done
}
Notice it walks through "ps" (busybox one) lines which adapts its
output to the terminal width. Check out this shell session:
> stty size
40 115
> /usr/lib/initramfs-tools/bin/busybox ps | grep '[b]usybox'
18944 account 2804 R /usr/lib/initramfs-tools/bin/busybox ps
## resize the terminal width to 50
> stty size
40 50
> /usr/lib/initramfs-tools/bin/busybox ps | grep '[b]usybox'
18947 account 2804 R {busybox} /usr/lib/ini
Look at the last line above. "ps" ensures one terminal line per
process, no wrapping. If a line is too long, cut it. If the full
binary path is to be cut, prepend the binary basename in curly braces.
Here is a shell session over dropbear connection:
> stty size
40 115
> ps | grep '[a]skpass'
285 root 2364 S /lib/cryptsetup/askpass Please unlock disk dm_crypt-0:
## resize the terminal width to 50
> stty size
40 50
> ps | grep '[a]skpass'
285 root 2364 S {askpass} /lib/cryptse
As you can see askpass cmdline is a total mess now and because of that
pgrep_exe cant find askpass PID.
A quick fix could be "ps -w" instead of just "ps" in pgrep_exe. It would make ps assume the terminal width 132 which is enough for askpass line to be printed pristine.
Currently one cant unlock encrypted root with terminal width up to and including 50.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1968636/+subscriptions
More information about the foundations-bugs
mailing list