I got everything working. The README you pointed to is very misleading
since the script is already in the correct place. I'd be inclined to
just delete the README, and mention all the different scripts in
/lib/cryptsetup/scripts in the main crypttab page.
decrypt_keyctl doesn't seem like 'none' as the third column in crypttab
(either that or the ordering confuses it). I changed the ordering so
swap was last, and the third column from 'none' to avoid multiple
prompts.
In cryptdisk.functions there is a section that tries to work out what
program to use for prompting (look for plymouth). In decrypt_keyctl
there is a similar section at the top trying to do the same thing, but
it doesn't look for plymouth. I made two changes:
1) Added code to make plymouth be probed and used. At the top section
as the last entry:
test -x /bin/plymouth && plymouth --ping && PW_READER_='plymouth'
In the case $PW_READER_ section:
plymouth)
KEY_=$(plymouth ask-for-password --prompt "$PROMPT_") || die "Error
executing plymouth"
;;
That makes things work perfectly when plymouth is present.
2) In recovery mode things were unusable. That was because it was using
askpass. I commented out the line beginning test -x "$ASKPASS_" which
means that in a non-plymouth environment the stty mode is being used.
The stty mode worked just fine in recovery mode.
In any event as things currently are shipped on Ubuntu you will have an
unbootable system if you follow the README instructions. Either decrypt_keyctl
should be removed, or fixed.
The documentation should at least mention the script, and also mention
that keyutils must be installed. It should also mention having to run
update-initramfs on changing /etc/crypttab
askpass is broken. It should really be fixed to be able to do plymouth
if it is running, or the various things (eg stty method that the
decrypt_keyctl is doing).
Then everything can just use askpass. Failing that the logic for
picking a password prompt program should be unified into one place. For
example it could be put into a function in cryptdisk.functions and that
sourced/used by decrypt_keyctl.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1022815
Title:
initramfs should try password against other devices
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1022815/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
