Your message dated Fri, 21 May 2010 21:37:36 +0000
with message-id <[email protected]>
and subject line Bug#528366: fixed in libpam-mount 2.3-1
has caused the Debian Bug report #528366,
regarding /sbin/mount.crypt: pass keyfile option to cryptsetup luksOpen command
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
528366: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528366
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libpam-mount
Version: 1.10-1
Severity: important
File: /sbin/mount.crypt
/dev/sdb1 contains a LUKS volume with only one key-slot: 0, which comes from a
keyfile.
Cryptsetup opens it without problem:
aris:/home/encmp/gpall# cryptsetup --key-file /home/encmp/gpall/proj/keyfile
luksOpen /dev/sdb1 testluks
sh: /sbin/udevsettle: No such file or directory
key slot 1 unlocked.
sh: /sbin/udevsettle: No such file or directory
Command successful.
aris:/home/encmp/gpall# ls -la /dev/mapper/
total 0
drwxr-xr-x 2 root root 100 2009-05-12 15:16 .
drwxr-xr-x 15 root root 3900 2009-05-12 15:16 ..
crw-rw---- 1 root root 10, 60 2009-05-12 09:00 control
brw-rw---- 1 root disk 254, 0 2009-05-12 09:01 _dev_sdb3
brw-rw---- 1 root disk 254, 1 2009-05-12 15:16 testluks
aris:/home/encmp/gpall#
Now, I am trying to use mount.crypt in order to mount it (I luksClosed testluks
of course after the previous test).
The problem is I can't get mount.crypt to pass the keyfile option to cryptsetup:
# mount.crypt -v -o keyfile=/home/encmp/gpall/proj/keyfile /dev/sdb1
/media/dataspace
command: [readlink] [-fn] [/dev/sdb1]
command: [readlink] [-fn] [/media/dataspace]
mount.crypt: No openssl cipher specified (use -o fsk_cipher=xxx)
OK, I give the cipher (and the hash), although I can't understand why doesn't
it autodetect like cryptsetup does:
aris:/tmp/test# mount.crypt -v -o
fsk_cipher=aes-256-cbc,fsk_hash=ripemd160,keyfile=/home/encmp/gpall/proj/keyfile
/dev/sdb1 /media/dataspace
command: [readlink] [-fn] [/dev/sdb1]
command: [readlink] [-fn] [/media/dataspace]
Password:
mount.crypt(loop.c:266): Using _dev_sdb1 as dmdevice name
command: [cryptsetup] [luksOpen] [/dev/sdb1] [_dev_sdb1]
sh: /sbin/udevsettle: No such file or directory
Command failed: No key available with this passphrase.
mount.crypt(loop.c:198): cryptsetup exited with non-zero status 255
I also tried with various combinations of cipher and hash (eg. sha1 for hash,
and aes256 for cipher) all with the same output.
Why does it even ask for a password since I give a keyfile?
I tend to think that there is a bug, and it is not my fault. In the latter
case, I am very sorry for the report...
Extra info: My /etc/crypttab is empty.
Here is the LUKS dump, in case you need it:
aris:/home/encmp/gpall# cryptsetup luksDump /dev/sdb1
LUKS header information for /dev/sdb1
Version: 1
Cipher name: aes
Cipher mode: cbc-essiv:sha256
Hash spec: sha1
Payload offset: 2056
MK bits: 256
MK digest: eb a6 c9 27 13 5f 0d 72 7f 1a fe 13 cc 25 5a b4 ba 7c 5e 9f
MK salt: f0 6c 68 68 bd 2f 6a 33 7a 7b 98 fe 32 32 81 c3
64 7d a4 47 8d 90 7a d8 5a d4 85 0a fc b3 8c 5c
MK iterations: 10
UUID: 985fcf5e-0a87-4f39-a20f-84c2d2be6cd0
Key Slot 0: DISABLED
Key Slot 1: ENABLED
Iterations: 139573
Salt: 29 1c 1d 95 a8 e0 15 6e f9 34 f1 f3 b5 1a d6 66
7f 26 ff b5 48 82 fe 15 d3 2e c4 ed fc 89 4e f1
Key material offset: 264
AF stripes: 4000
Key Slot 2: DISABLED
Key Slot 3: DISABLED
Key Slot 4: DISABLED
Key Slot 5: DISABLED
Key Slot 6: DISABLED
Key Slot 7: DISABLED
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libpam-mount depends on:
ii libc6 2.9-4 GNU C Library: Shared libraries
ii libhx18 2.5-1 A library providing queue, tree, I
ii libpam0g 1.0.1-9 Pluggable Authentication Modules l
ii libssl0.9.8 0.9.8g-16 SSL shared libraries
ii libxml2 2.7.3.dfsg-1 GNOME XML library
ii mount 2.13.1.1-1 Tools for mounting and manipulatin
libpam-mount recommends no packages.
Versions of packages libpam-mount suggests:
ii cryptsetup 2:1.0.6-7 configures encrypted block devices
pn davfs2 <none> (no description available)
ii fuse-utils 2.7.4-1.1 Filesystem in USErspace (utilities
ii lsof 4.81.dfsg.1-1 List open files
pn ncpfs <none> (no description available)
ii openssl 0.9.8g-16 Secure Socket Layer (SSL) binary a
ii psmisc 22.6-1 Utilities that use the proc filesy
ii smbfs 2:3.3.3-1 Samba file system utilities
pn truecrypt | truecrypt-util <none> (no description available)
pn xfsprogs <none> (no description available)
-- debconf information:
* libpam-mount/convert-xml-config: true
--- End Message ---
--- Begin Message ---
Source: libpam-mount
Source-Version: 2.3-1
We believe that the bug you reported is fixed in the latest version of
libpam-mount, which is due to be installed in the Debian FTP archive:
libpam-mount_2.3-1.debian.tar.gz
to main/libp/libpam-mount/libpam-mount_2.3-1.debian.tar.gz
libpam-mount_2.3-1.dsc
to main/libp/libpam-mount/libpam-mount_2.3-1.dsc
libpam-mount_2.3-1_amd64.deb
to main/libp/libpam-mount/libpam-mount_2.3-1_amd64.deb
libpam-mount_2.3.orig.tar.gz
to main/libp/libpam-mount/libpam-mount_2.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastian Kleineidam <[email protected]> (supplier of updated libpam-mount
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 19 May 2010 04:05:25 +0200
Source: libpam-mount
Binary: libpam-mount
Architecture: source amd64
Version: 2.3-1
Distribution: unstable
Urgency: low
Maintainer: Bastian Kleineidam <[email protected]>
Changed-By: Bastian Kleineidam <[email protected]>
Description:
libpam-mount - PAM module that can mount volumes for a user session
Closes: 528366 581713
Changes:
libpam-mount (2.3-1) unstable; urgency=low
.
* New upstream release.
+ mount.crypt passes keyfile info to open LUKS volumes
(Closes: #528366)
+ umount.crypt works again (Closes: #581713)
Checksums-Sha1:
9b0c8e74766769b30c472ac63221d5dd38151841 1277 libpam-mount_2.3-1.dsc
8553bdc50e2308765c6b4a212383f71b9e64227d 418486 libpam-mount_2.3.orig.tar.gz
5ff2c4f5d0384cfd60f3b89859c9311a8de41b41 24925 libpam-mount_2.3-1.debian.tar.gz
a19844523e0c5979e5f090a27d0ced284d428e44 132614 libpam-mount_2.3-1_amd64.deb
Checksums-Sha256:
483117768d22aff089873894f9aefe6af2b4be19c520cf53ac67539780ff2d0e 1277
libpam-mount_2.3-1.dsc
f0fa778879ee74738719e9500623e5f0a1112484e49ec2c53fb5e899a9be07eb 418486
libpam-mount_2.3.orig.tar.gz
b35730107abb62800f6c5e40fabe58f8b83f7a7bf0692543b5011920f3cdfbd2 24925
libpam-mount_2.3-1.debian.tar.gz
67888794fa952e41baae0c8e97f217eea8d7fccdb1f41014e09bb3424e2691f9 132614
libpam-mount_2.3-1_amd64.deb
Files:
8c1ce3f8aea23f800442d4685e501214 1277 admin extra libpam-mount_2.3-1.dsc
ec002936997cba017732b07c20411f05 418486 admin extra
libpam-mount_2.3.orig.tar.gz
7ada9835534e7ba8e7d0485ae90f7236 24925 admin extra
libpam-mount_2.3-1.debian.tar.gz
ce3b974cb9e2a350fbc7732ca70c9928 132614 admin extra
libpam-mount_2.3-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkv26gAACgkQeBwlBDLsbz6z6gCcDlq3enCPkAxRyRocN87Ofvqk
d/MAn35aj42FiSj+A3z/dqRIjqMYqTo0
=5H9t
-----END PGP SIGNATURE-----
--- End Message ---
