Bug#370180: [Pkg-cryptsetup-devel] Bug#370180: cryptsetup: cryptroot initramfs hook script fails if root blockdevice has no options in /etc/crypttab

[Daniel Kahn Gillmor]

On June 4, [EMAIL PROTECTED] said:

 > I've committed a fix to cryptsetup SVN. It will be included in the next 
 > upload.

Great, thanks!

i'm also attaching a patch for
/usr/share/initramfs/scripts/local-top/cryptroot which should properly
handle missing (i.e. default) arguments for a standard cryptsetup root
blockdevice during the boot phase.  Note that the default
{hash,cipher,size} args that are currently present in this script in
SVN don't actually match the default args as specified in man
cryptsetup!  This seems like potential trouble to me.  i hope you find
the attached patch reasonable and useful.  The patch should apply
against the current pkg-cryptsetup SVN.

Sadly, the hard disk i was testing these changes on developed physical
sector errors just yesterday, and i've had to start over fresh.  so
again, this patch isn't properly tested :( In my new
installation/recovery to a new disk, i've gone with LUKS, since that
seems to be the upcoming standard.

When i get a chance, i'd be happy to try out this installation on a
new rig, but i've got nothing to play with at the moment to really
verify that it all works properly.

Thanks for all your work on this,

        --dkg


Index: initramfs-cryptroot-script
===================================================================
--- initramfs-cryptroot-script	(revision 193)
+++ initramfs-cryptroot-script	(working copy)
@@ -56,9 +56,7 @@
 	# Start by parsing some options, all options are relevant to regular cryptsetup
 	# but only crypttarget and cryptsource is relevant to luks which picks up the 
 	# rest of the parameters by reading the partition header
-	cryptcipher=aes-cbc-essiv:sha256
-	cryptsize=256
-	crypthash=sha256
+	cryptsetupopts=""
 	crypttarget=cryptroot
 	cryptsource=$ROOT
 	cryptlvm=""
@@ -68,13 +66,13 @@
 		for x in $cryptopts; do
 			case $x in
 			hash=*)
-				crypthash=${x#hash=}
+				cryptsetupopts="$cryptsetupopts -h ${x#hash=}"
 				;;
 			size=*)
-				cryptsize=${x#size=}
+				cryptsetupopts="$cryptsetupopts -s ${x#size=}"
 				;;
 			cipher=*)
-				cryptcipher=${x#cipher=}
+				cryptsetupopts="$cryptsetupopts -c ${x#cipher=}"
 				;;
 			target=*)
 				crypttarget=${x#target=}
@@ -121,7 +119,7 @@
 	cryptcreate="/sbin/cryptsetup luksOpen $cryptsource $crypttarget"
 	cryptremove=""
 else
-	cryptcreate="/sbin/cryptsetup -c $cryptcipher -s $cryptsize -h $crypthash create $crypttarget $cryptsource"
+	cryptcreate="/sbin/cryptsetup $cryptsetupopts create $crypttarget $cryptsource"
 	cryptremove="/sbin/cryptsetup remove $crypttarget"
 fi
 NEWROOT="/dev/mapper/$crypttarget"