FS#60927 - [cryptsetup] Cannot find cryptkey device with colon in name

Attached to Project: Arch Linux
Opened by Alex E. (branchmispredictor) - Wednesday, 28 November 2018, 15:35 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:13 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Christian Hesse (eworm)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:

The encrypt initcpio hook provided by cryptsetup is unable to find the cryptkey when it is on a device with a colon in the name when cryptkey is provided by grub.

Example:
GRUB_CMDLINE_LINUX="cryptdevice=/dev/disk/by-id/my-disk-part3:cryptroot:allow-discards cryptkey=/dev/disk/by-id/usb-General_USB_Flash_Disk_-0\:0:0:4096 rd.luks.options=discard rd.log"

No amount of escaping the colon of backslashes results in proper execution. The above line, after running through the encrypt hook results in:
ckdev="/dev/disk/by-id/usb-General_USB_Flash_Disk_-0"
ckarg1="0"
ckarg2="0:4096"

or after escaping the backslash in grub:

ckdev="/dev/disk/by-id/usb-General_USB_Flash_Disk_-0\"
ckarg1="0"
ckarg2="0:4096"

Note: This is contrary to the documentation at https://wiki.archlinux.org/index.php/dm-crypt/System_configuration#cryptkey regarding escaping colons in the device path.

Additional info:
* package version: cryptsetup-2.0.5-1
This task depends upon

Closed by  Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:13 GMT
Reason for closing:  Moved
Additional comments about closing:  https://gitlab.archlinux.org/archlinux/p ackaging/packages/cryptsetup/issues/1
Comment by solsTiCe (zebul666) - Saturday, 21 December 2019, 13:46 GMT
I confirm this bug.
My work-around it to use another character to delimiter parameters in cryptkey variable. The best I could come up with is @ (because | fails with grub-mkconfig)

So in `/etc/default/grub` .... use `cryptkey=/dev/disk/by-id/usb-General_USB_Flash_Disk_-0:0@0@4096`

But you need to patch `/usr/lib/initcpio/hooks/encrypt` for that to work:
```
--- /usr/lin/initcpio/hooks/encrypt 2019-12-21 14:42:47.905913808 +0100
+++ /usr/lib/initcpio/hooks/encrypt 2019-12-21 14:33:40.783521193 +0100
@@ -7,7 +7,7 @@
# Get keyfile if specified
ckeyfile="/crypto_keyfile.bin"
if [ -n "$cryptkey" ]; then
- IFS=: read ckdev ckarg1 ckarg2 <<EOF
+ IFS=@ read ckdev ckarg1 ckarg2 <<EOF
$cryptkey
EOF

```

Please fix this
Comment by solsTiCe (zebul666) - Saturday, 13 August 2022, 15:18 GMT
Why is this still not fixed ?

I also use a pacman hook to patch /usr/lib/initcpio/hooks/encrypt automatically whencryptsetup is upgraded

# cat /etc/pacman.d/hooks/10-fix-encrypt-hook.hook
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = cryptsetup

[Action]
Description = Patching encrypt initcpio hook [ FS#60927 ]
When = PostTransaction
Depends = sed
Exec = /usr/bin/sed -i '/IFS=. read ckdev ckarg1 ckarg2/s/:/@/' /usr/lib/initcpio/hooks/encrypt
Comment by Buggy McBugFace (bugbot) - Tuesday, 08 August 2023, 19:11 GMT
This is an automated comment as this bug is open for more then 2 years. Please reply if you still experience this bug otherwise this issue will be closed after 1 month.

Loading...