[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
** Tags removed: rls-ee-incoming ** Tags added: rls-b-notfixing rls-x-notfixing -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
Doesn't affect post-bionic releases. Marking as fixed. ** Changed in: cryptsetup (Ubuntu) Status: Incomplete => Fix Released ** Changed in: cryptsetup (Ubuntu) Assignee: TJ (tj) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
** Tags added: id-5ce6beabf9917f722923714d -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
** Changed in: cryptsetup (Ubuntu Bionic) Assignee: (unassigned) => Dimitri John Ledkov (xnox) ** Changed in: cryptsetup (Ubuntu Xenial) Assignee: (unassigned) => Dimitri John Ledkov (xnox) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
** Changed in: cryptsetup (Ubuntu) Milestone: ubuntu-15.10 => None -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
** Tags removed: rls-x-incoming ** Tags added: rls-ee-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
** Also affects: cryptsetup (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: cryptsetup (Ubuntu Xenial) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
The code does not seem to exist anymore in cosmic and newer, so marking this an incomplete for those as I'm not sure if they are still affected and what happened there precisely. Anyhow,bionic also seems to be affected looking at a key-file grep. ** Changed in: cryptsetup (Ubuntu) Status: Triaged => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
** Tags added: rls-x-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
** Changed in: cryptsetup (Ubuntu) Status: Fix Released => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
** Changed in: cryptsetup (Ubuntu) Status: In Progress => Confirmed ** Changed in: cryptsetup (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
Instead of simply warning the user I've developed an alternative approach which does away with the problem entirely. In this solution I alter the initramfs 'cryptroot' script to support unlock using the keyfile. Currently it will only do that if supported by a keyscript but the two are actually orthogonal. If a keyscript is specified the keyfile will be available to it via the environment CRYPTTAB_KEY as usual. The new feature: If a keyfile is not specified $cryptkey will contain "-" (for /dev/stdin) and 'cryptsetup' will receive the output of the $cryptkeyscript 'askpass' executable's /dev/stdout as usual. If a keyfile is specified without a keyscript 'cryptroot' will pass it to 'cryptsetup' via --key-file $cryptkey. ** Patch added: "Initramfs: use keyfile without keyscript" https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+attachment/4463643/+files/initramfs-use-keyfile-without-keyscript.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
** Changed in: cryptsetup (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
The attachment "Proposed fix" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript
** Description changed: When crypttab specifies a key-file for the container of the root file- system but there is no keyscript= option no cryptsetup support is installed in the initrd.img. Currently the cryptroot initramfs hook script knows its a problem and will report: cryptsetup: WARNING: target LUKS_OS uses a key file, skipped This is BAD behaviour that renders the root file-system container inaccessible at boot time. Regardless of a key-script being available cryptsetup support should be installed into the initrd.img to enable the user to take manual steps to unlock the container. The hook script has no knowledge about pass phrases that might be set in other LUKS slots that are available to the user. + This is the behaviour when a keyscript is specified but doesn't exist. + The attached patch modifies the behaviour to include cryptsetup in the initrd.img and modify the warning to the user. cryptsetup: WARNING: target LUKS_OS uses a key file, but no keyscript is set. Please ensure there is also a typed pass-phrase set. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1494851 Title: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
