Package: bilibop-lockfs Version: 0.4.22 Severity: grave Tags: patch Justification: renders package unusable
Hi, After installing bilibop-lockfs on a freshly installed Debian (jessie) base system onto a USB key, and then reboot, the boot process fall back in emergency mode (enter root password or type Control-D to continue); then continue. The result is the following: - / is locked (as expected) - /boot and /home are not mounted, and their corresponding entries in the temporary /etc/fstab are inconsistent; they look like: UUID=5c5019dd-77d8-4857-89cf-9b0e1087857b /boot auto -o 0 0 UUID=abcefb92-fa81-4bd8-90b8-0e76c101ccb6 /home auto -o 0 0 The lockfs_mount_helper script does not parse arguments correctly: mount provides arguments to the helper programs with this fixed format: FILESYSTEM MOUNTPOINT [FLAGS] -o MOUNTOPTIONS where FLAGS are optional and generic flags (such as -n, -s, or -v). In the script, FLAGS are not taken into account, so it is unable to mount the lockfs pseudo-filesystem, and the mount_fallback() function fails too. The resulting fstab entries show the shift of the arguments (-o in place of MOUNTOPTIONS) when -n is invoked at boot time. This is fixed by the attached patch. quidame -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 3.16-3-486 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages bilibop-lockfs depends on: ii bilibop-common 0.4.22 ii initramfs-tools 0.116 ii initscripts 2.88dsf-57 Versions of packages bilibop-lockfs recommends: ii cryptsetup 2:1.6.6-3 Versions of packages bilibop-lockfs suggests: pn bilibop-device-policy <none> pn gnome-icon-theme <none> pn libnotify-bin <none> pn plymouth <none> -- no debconf information
diff --git a/lib/bilibop/lockfs_mount_helper b/lib/bilibop/lockfs_mount_helper index 5605f06..dbe9826 100755 --- a/lib/bilibop/lockfs_mount_helper +++ b/lib/bilibop/lockfs_mount_helper @@ -50,7 +50,7 @@ mount_fallback() { esac done sed -i "s;^\s*\([^#][^ ]\+\s\+${2}\s\+\)lockfs\s.*;\1${fstype:-auto} ${options:-defaults} 0 0;" /etc/fstab - mount ${1} ${2} ${fstype:+-t ${fstype}} ${options:+-o ${options}} + mount ${flags} ${1} ${2} ${fstype:+-t ${fstype}} ${options:+-o ${options}} } # ===========================================================================}}} @@ -105,9 +105,36 @@ if [ -f "${BILIBOP_RUNDIR}/plocked" ]; then . ${BILIBOP_RUNDIR}/plocked fi -# the mount command always provides arguments to the helper scripts in this -# order: FILESYSTEM MOUNTPOINT -o OPTIONS. We take advantage of this fixed -# format. +# the mount(8) command, after parsing commandline arguments and/or /etc/fstab, +# always provides arguments to the helper scripts in this order: +# FILESYSTEM MOUNTPOINT [FLAGS] -o MOUNTOPTIONS +# where FLAGS are generic, not filesystem specific: -n, -s, -v for example; -r +# (or --read-only) and -w (or --rw or --read-write) are translated to -o ro and +# -o rw respectively by the mount command itself. + +while [ "${1}" ]; do + if [ -e "${1}" ]; then + MNTARGS="${MNTARGS:+${MNTARGS} }${1}" + shift + else + case "${1}" in + -o) + MNTARGS="${MNTARGS:+${MNTARGS} }${1} ${2}" + shift 2 + ;; + *) + # Do not skip other options (-n, -s, -v), but take them + # apart: we will reuse them for each mount invocation. + flags="${flags:+${flags} }${1}" + shift + ;; + esac + fi +done + +# Reinitialize script arguments +eval set -- "${MNTARGS}" + if [ -b "${1}" ]; then device="${1}" # Check if this device is whitelisted: @@ -197,7 +224,7 @@ fi # Try to mount the readonly branch. In case of failure, undo what has been # done before, do a normal mount, rewrite the fstab entry to be consistent # with that, and exit: -if ! mount ${fstype:+-t ${fstype}} -o ${robr_opts:+${robr_opts},}ro ${device:-${LOFILE}} ${robr}; then +if ! mount ${flags} ${fstype:+-t ${fstype}} -o ${robr_opts:+${robr_opts},}ro ${device:-${LOFILE}} ${robr}; then [ "${RO}" = "rr" ] && [ -b "${device}" ] && blockdev --setrw "${device}" mount_fallback "${@}" exit 3 @@ -223,7 +250,7 @@ fi # Try to mount the writable branch, and in case of failure, undo what # has been done before, etc. -if ! mount -t tmpfs -o ${rwbr_opts:+${rwbr_opts},}${SIZE:+size=${SIZE},}mode=0755 tmpfs ${rwbr}; then +if ! mount ${flags} -t tmpfs -o ${rwbr_opts:+${rwbr_opts},}${SIZE:+size=${SIZE},}mode=0755 tmpfs ${rwbr}; then umount ${robr} [ "${RO}" = "rr" ] && [ -b "${device}" ] && blockdev --setrw "${device}" mount_fallback "${@}" @@ -248,7 +275,7 @@ fi # Try to mount the aufs now. In case of failure, undo what has been done # before, etc. -if ! mount -t aufs -o br:${rwbr}=rw:${robr}=${RO} none ${mntpnt}; then +if ! mount ${flags} -t aufs -o br:${rwbr}=rw:${robr}=${RO} none ${mntpnt}; then umount ${robr} umount ${rwbr} [ "${RO}" = "rr" ] && [ -b "${device}" ] && blockdev --setrw "${device}"