FS#60927 - [cryptsetup] Cannot find cryptkey device with colon in name
Attached to Project:
Arch Linux
Opened by Alex E. (branchmispredictor) - Wednesday, 28 November 2018, 15:35 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:13 GMT
Opened by Alex E. (branchmispredictor) - Wednesday, 28 November 2018, 15:35 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:13 GMT
|
Details
Description:
The encrypt initcpio hook provided by cryptsetup is unable to find the cryptkey when it is on a device with a colon in the name when cryptkey is provided by grub. Example: GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by-id/my-disk-part3:cryptroot:allow-discards cryptkey=/dev/disk/by-id/usb-General_USB_Flash_Disk_-0\:0:0:4096 rd.luks.options=discard rd.log" No amount of escaping the colon of backslashes results in proper execution. The above line, after running through the encrypt hook results in: ckdev="/dev/disk/by-id/usb-General_USB_Flash_Disk_-0" ckarg1="0" ckarg2="0:4096" or after escaping the backslash in grub: ckdev="/dev/disk/by-id/usb-General_USB_Flash_Disk_-0\" ckarg1="0" ckarg2="0:4096" Note: This is contrary to the documentation at https://wiki.archlinux.org/index.php/dm-crypt/System_configuration#cryptkey regarding escaping colons in the device path. Additional info: * package version: cryptsetup-2.0.5-1 |
This task depends upon
Closed by Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:13 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/cryptsetup/issues/1
Saturday, 25 November 2023, 20:13 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/cryptsetup/issues/1
My work-around it to use another character to delimiter parameters in cryptkey variable. The best I could come up with is @ (because | fails with grub-mkconfig)
So in `/etc/default/grub` .... use `cryptkey=/dev/disk/by-id/usb-General_USB_Flash_Disk_-0:0@0@4096`
But you need to patch `/usr/lib/initcpio/hooks/encrypt` for that to work:
```
--- /usr/lin/initcpio/hooks/encrypt 2019-12-21 14:42:47.905913808 +0100
+++ /usr/lib/initcpio/hooks/encrypt 2019-12-21 14:33:40.783521193 +0100
@@ -7,7 +7,7 @@
# Get keyfile if specified
ckeyfile="/crypto_keyfile.bin"
if [ -n "$cryptkey" ]; then
- IFS=: read ckdev ckarg1 ckarg2 <<EOF
+ IFS=@ read ckdev ckarg1 ckarg2 <<EOF
$cryptkey
EOF
```
Please fix this
I also use a pacman hook to patch /usr/lib/initcpio/hooks/encrypt automatically whencryptsetup is upgraded
# cat /etc/pacman.d/hooks/10-fix-encrypt-hook.hook
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = cryptsetup
[Action]
Description = Patching encrypt initcpio hook [
FS#60927]When = PostTransaction
Depends = sed
Exec = /usr/bin/sed -i '/IFS=. read ckdev ckarg1 ckarg2/s/:/@/' /usr/lib/initcpio/hooks/encrypt