Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#22108 - [archboot] installation root on lvm2 on dmcrypt printing cleartext password at boot and shutdown
Attached to Project:
Arch Linux
Opened by spock (spock) - Wednesday, 15 December 2010, 10:39 GMT
Last edited by Tobias Powalowski (tpowa) - Wednesday, 17 October 2012, 13:34 GMT
Opened by spock (spock) - Wednesday, 15 December 2010, 10:39 GMT
Last edited by Tobias Powalowski (tpowa) - Wednesday, 17 October 2012, 13:34 GMT
|
DetailsDescription:
When installing archlinux using the archboot iso (version 2010.12) with root on lvm2 on dmcrypt (probably also without lvm2) the password used for LUKS encryption is printed in cleartext during both bootup and shutdown. The bootup error was something in the line of syntax error of line 228 in /etc/rc.sysinit (do_crypt). And the error message contained the password in cleartext. At shutdown it was "do_uncrypt" error and cleartext password shown again. I do have some strange characters (brackets "(){}" for example) in my password that I guess could break scripts. But it works fine in the official 2010.05 iso. I was in a rush to finish installing the system so I didn't take good notes on the problem before I installed with the official ISO. Sorry if the information is lacking detail. Additional info: * archlinux-2010.12-1-archboot.iso from official ftp Steps to reproduce: Boot archboot installation media. Create luks device. Create LVM2 devices on top of luks. Create filesystems on top of LVM2. Install and configure the system. Reboot. Enter the password to unlock the luks partition. Wait for initscripts to start loading. Password revealed because of error. |
This task depends upon
The problem remains after a full system update (pacman -Syu). I also noticed that quite a bit of packages on the archboot ISO was newer than the official core repo.
archboot is not used anymore on reboot and if a pacman -Syu doesn't solve the issue something is wrong during the normal boot process.
As I wrote in the bug report I later installed using the official 2010.05 iso, and that one worked perfectly, including after 'pacman -Syu'.
After some searching I noticed that the file /etc/crypttab has the line "dmcrypt /dev/xxx <mypassword>" in it, even tho it shouldn't be there (atleast in my case). Removing this line fixed the problem. Also why do we store the password in cleartext like that?
Again, my setup is: root filesystem on top of LVM2 which is on top of LUKS/dmcrypt. The password is entered at boot, so crypttab shouldn't have any info added to it by this kind of installation, right?
dmcrypt /dev/sda4 ASK
No serious errors during boot but when the hook is run it will fail since dmcrypt is already initialized and mounted earlier.
Also noticed a spelling error in the new dialog window, "safe" instead of "save".