Cryptsetup problems.

Josef Wolf jw at
Thu Mar 1 20:30:36 GMT 2007


I had a hard time to get cryptsetup working with Edgy.  I found that the
problem was three-fold:

 1. The detection of stdin seems to be broken.  For some reason, $stdin
    was set to "/dev/null (deleted)" (probably a stale symlink, but who
    would ever delete /dev/null?).  I fixed this with a little help from
    sed by stripping the " (deleted)" portion.

 2. Nevertheless, the check for $stdin beeing /dev/null still fails for
    some reason.  I tried to work around this by adding one more check.

 3. The "egrep .... | while read dst src key opt; do" construct redirects
    stdin to the pipe from egrep, causing the redirect "<&1" later on to
    connect to the pipe instead of the keyboard.  This makes $CRYPTCMD
    complain about not beeing able to read the password.  I fixed this by
    using "<$stdin" instead of "<&1".

While it works great for me, I am not sure whether the attached patch is
a proper fix for the problem.  At least, I hope, it provides some
information what the root of the problem is and helps the gurus to find
a real solution.

BTW: I find the handling of crypted swap somewhat sub-optimal: cryptsetup
     refuses to use a swap partition when it contains a _valid_ swap
     signature.  Instead, it requires to find _no_ signature at all.  Thus
     there's a risk of overwriting filesystems with an unknown type.

     It would be a better solution to dmsetup the swap partition with
     an offset, leaving the swap signature intact.  Suse uses such a
     solution (based on /dev/loop) for a long time, and it works great.
     The swap signature is never lost and the recognition of swap
     partitions is solid as a rock.

--- /usr/cryptdisks/cryptdisks.functions.orig	2007-03-01 13:53:50.000000000 +0100
+++ /usr/cryptdisks/cryptdisks.functions	2007-03-01 16:05:25.000000000 +0100
@@ -11,11 +11,15 @@
 test -f $TABFILE   || exit 0
 # Always output to console
-stdin=`readlink /proc/self/fd/0`
+stdin=`readlink /proc/self/fd/0 | sed 's/ .*//'`
 if [ "${stdin#/dev/null}" != "$stdin" ]; then
     exec </dev/console >/dev/console 2>&1
+if [ "x$stdin" = "x/dev/null" ] ; then
+	stdin=/dev/console
 parse_opts () {
@@ -291,7 +295,7 @@
 		if test "x$INTERACTIVE" != "xyes" ; then
 			PARAMS="$PARAMS --key-file=$key"
-		$CRYPTCMD $PARAMS luksOpen $src $dst <&1
+		$CRYPTCMD $PARAMS luksOpen $src $dst <$stdin
 		if [ $RESULT = 0 ] ; then
 			if [ "$CHECK" != ""  ] && ! $CHECK $MAPPER/$dst $CHECKARGS; then
@@ -315,7 +319,7 @@
 		if test "x$INTERACTIVE" != "xyes" ; then
 			PARAMS="$PARAMS --key-file=$key"
-		$CRYPTCMD $PARAMS create $dst $src <&1
+		$CRYPTCMD $PARAMS create $dst $src <$stdin
 		if [ $RESULT = 0 ] ; then
 			if [ "$CHECK" != ""  ] && ! $CHECK $MAPPER/$dst $CHECKARGS; then

More information about the ubuntu-devel mailing list