Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#56161 - [cryptsetup] encrypt hook: fails to detect encrypted volume is already opened
Attached to Project:
Arch Linux
Opened by Romain Bazile (gromain) - Monday, 30 October 2017, 06:38 GMT
Last edited by Christian Hesse (eworm) - Saturday, 04 November 2017, 22:24 GMT
Opened by Romain Bazile (gromain) - Monday, 30 October 2017, 06:38 GMT
Last edited by Christian Hesse (eworm) - Saturday, 04 November 2017, 22:24 GMT
|
DetailsDescription:
I use ykfde (from https://github.com/agherzan/yubikey-full-disk-encryption ) as recommended on the Yubikey page to decrypt my luks drive. The provided hook is this package detects the key, provide the challenge, get the answer from the key and sends it to cryptsetup to open the volume. However, when I use this hook, the encrypt hook following doesn't detect the volume has already been opened. I would like to use both hooks (since I use a keyfile on an external USB key as a backup and only the encrypt hook supports this). The way forward to solve this issue would be either to consider the device already mounted as valid (if the names are the same), or to support the Yubikey. The latter solution would be ideal, but I reckon it would need more work to be integrated. The former solution provide (I think) a more modular solution, since it would not prevent someone from using another hook (or even a custom hook) to unlock a volume while still allowing the encrypt hook to detect the volume is already opened. Additional info: * package version: 1.7.5-1 Steps to reproduce: * Install ykfde from https://github.com/agherzan/yubikey-full-disk-encryption * Setup the ykfde hook just before the encrypt hook in mkinitcpio.conf * Unlock the same volume with ykfde as is setup to be unlocked by encrypt * Watch encrypt complain about the volume existing already but not move forward with the boot :) |
This task depends upon
Closed by Christian Hesse (eworm)
Saturday, 04 November 2017, 22:24 GMT
Reason for closing: Fixed
Additional comments about closing: cryptsetup-1.7.5-2
Saturday, 04 November 2017, 22:24 GMT
Reason for closing: Fixed
Additional comments about closing: cryptsetup-1.7.5-2
A password is required to access the cryptroot volume:
Device cryptroot already exists.
I believe the problem comes from the loop here: https://git.archlinux.org/svntogit/packages.git/tree/trunk/encrypt_hook?h=packages/cryptsetup#n81
There is no check that the device exists before that, and as such we enter an infinite loop.