On Sat, Dec 06, 2008 at 11:53:52AM +0100, Filippo Giunchedi wrote:
> On Sat, Nov 08, 2008 at 02:26:53PM +0200, Eddy Petriiior wrote:
> > Subject: cryptsetup: non-working timeout option can render remote
> > systems unbootable
> > Followup-For: Bug #495509
> > Package: cryptsetup
> > Version: 2:1.0.6-6
> > severity 495509 important # system unbootable when restarted remotely
> > thanks
> >
> > On a remote server where one relies on the timeout feature to skip over
> > the passphrase prompt when the system is started remotely, this pauses
> > the entire boot process, requiring manual intervention.
>
> I agree with the severity, if timeout really can't work anymore please put a
> NEWS.Debian entry giving hints on how to fix the problem as things will break
> for setups expecting a boot timeout.
> FWIW I'm using the same setup as Eddy.
attached there's a patch which fixes the timeout also for non-luks devices
filippo
--
Filippo Giunchedi - http://esaurito.net
PGP key: 0x6B79D401
random quote follows:
Either this man is dead or my watch has stopped.
-- Groucho Marx
--- cryptdisks.functions.orig 2008-11-29 13:17:46.000000000 +0100
+++ cryptdisks.functions 2008-11-29 13:25:08.000000000 +0100
@@ -294,9 +294,9 @@
key="-"
elif [ -z "$key" ]; then
# no keyscript, no key => password
- keyscriptarg="Enter passphrase to unlock the disk $src ($dst): "
+ keyscriptarg="Unlocking $src ($dst): "
key="-"
- KEYSCRIPT="/lib/cryptsetup/askpass"
+ KEYSCRIPT="INTERACTIVE"
elif [ "$key" != "${key%/dev/*}" ]; then
# no keyscript, device key => special treatment
keyscriptarg=""
@@ -313,8 +313,13 @@
while [ "$tried" -lt "$TRIES" ]; do
if [ -n "$KEYSCRIPT" ]; then
- if "$KEYSCRIPT" "$keyscriptarg" | cryptsetup $PARAMS luksOpen "$src" "$dst"; then
- break
+ if [ "$KEYSCRIPT" = "INTERACTIVE" ] ; then
+ echo "$keyscriptarg"
+ if cryptsetup $PARAMS luksOpen "$src" "$dst"; then
+ break
+ fi
+ elif "$KEYSCRIPT" "$keyscriptarg" | cryptsetup $PARAMS luksOpen "$src" "$dst"; then
+ break
fi
else
if cryptsetup $PARAMS luksOpen "$src" "$dst"; then
@@ -360,9 +365,9 @@
key="-"
elif [ -z "$key" ]; then
# no keyscript, no key => password
- keyscriptarg="Enter passphrase to unlock the disk $src ($dst): "
+ keyscriptarg="Unlocking $src ($dst): "
key="-"
- KEYSCRIPT="/lib/cryptsetup/askpass"
+ KEYSCRIPT="INTERACTIVE"
else
# no keyscript, key => file input
keyscriptarg=""
@@ -374,7 +379,12 @@
while [ "$tried" -lt "$TRIES" ]; do
if [ -n "$KEYSCRIPT" ]; then
- "$KEYSCRIPT" "$keyscriptarg" | cryptsetup $PARAMS create "$dst" "$src"
+ if [ "$KEYSCRIPT" = "INTERACTIVE" ] ; then
+ echo "$keyscriptarg"
+ cryptsetup $PARAMS create "$dst" "$src"
+ else
+ "$KEYSCRIPT" "$keyscriptarg" | cryptsetup $PARAMS create "$dst" "$src"
+ fi
else
cryptsetup $PARAMS create "$dst" "$src"
fi
