Cryptsetup problems.
Josef Wolf
jw at raven.inka.de
Thu Mar 1 20:30:36 GMT 2007
Hello!
I had a hard time to get cryptsetup working with Edgy. I found that the
problem was three-fold:
1. The detection of stdin seems to be broken. For some reason, $stdin
was set to "/dev/null (deleted)" (probably a stale symlink, but who
would ever delete /dev/null?). I fixed this with a little help from
sed by stripping the " (deleted)" portion.
2. Nevertheless, the check for $stdin beeing /dev/null still fails for
some reason. I tried to work around this by adding one more check.
3. The "egrep .... | while read dst src key opt; do" construct redirects
stdin to the pipe from egrep, causing the redirect "<&1" later on to
connect to the pipe instead of the keyboard. This makes $CRYPTCMD
complain about not beeing able to read the password. I fixed this by
using "<$stdin" instead of "<&1".
While it works great for me, I am not sure whether the attached patch is
a proper fix for the problem. At least, I hope, it provides some
information what the root of the problem is and helps the gurus to find
a real solution.
BTW: I find the handling of crypted swap somewhat sub-optimal: cryptsetup
refuses to use a swap partition when it contains a _valid_ swap
signature. Instead, it requires to find _no_ signature at all. Thus
there's a risk of overwriting filesystems with an unknown type.
It would be a better solution to dmsetup the swap partition with
an offset, leaving the swap signature intact. Suse uses such a
solution (based on /dev/loop) for a long time, and it works great.
The swap signature is never lost and the recognition of swap
partitions is solid as a rock.
--- /usr/cryptdisks/cryptdisks.functions.orig 2007-03-01 13:53:50.000000000 +0100
+++ /usr/cryptdisks/cryptdisks.functions 2007-03-01 16:05:25.000000000 +0100
@@ -11,11 +11,15 @@
test -f $TABFILE || exit 0
# Always output to console
-stdin=`readlink /proc/self/fd/0`
+stdin=`readlink /proc/self/fd/0 | sed 's/ .*//'`
if [ "${stdin#/dev/null}" != "$stdin" ]; then
exec </dev/console >/dev/console 2>&1
fi
+if [ "x$stdin" = "x/dev/null" ] ; then
+ stdin=/dev/console
+fi
+
parse_opts () {
PARAMS=""
CHECK=""
@@ -291,7 +295,7 @@
if test "x$INTERACTIVE" != "xyes" ; then
PARAMS="$PARAMS --key-file=$key"
fi
- $CRYPTCMD $PARAMS luksOpen $src $dst <&1
+ $CRYPTCMD $PARAMS luksOpen $src $dst <$stdin
RESULT=$?
if [ $RESULT = 0 ] ; then
if [ "$CHECK" != "" ] && ! $CHECK $MAPPER/$dst $CHECKARGS; then
@@ -315,7 +319,7 @@
if test "x$INTERACTIVE" != "xyes" ; then
PARAMS="$PARAMS --key-file=$key"
fi
- $CRYPTCMD $PARAMS create $dst $src <&1
+ $CRYPTCMD $PARAMS create $dst $src <$stdin
RESULT=$?
if [ $RESULT = 0 ] ; then
if [ "$CHECK" != "" ] && ! $CHECK $MAPPER/$dst $CHECKARGS; then
More information about the ubuntu-devel
mailing list