Debian Bug report logs -
#418450
cryptsetup: --key-file=- does not work as advertised
Reported by: Marc Haber <mh+debian-bugs@zugschlus.de>
Date: Mon, 9 Apr 2007 20:00:01 UTC
Severity: minor
Found in version cryptsetup/2:1.0.4+svn26-1
Fixed in version cryptsetup/2:1.0.5-2
Done: Jonas Meurer <mejo@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#418450; Package cryptsetup.
(full text, mbox, link).
Acknowledgement sent to Marc Haber <mh+debian-bugs@zugschlus.de>:
New Bug report received and forwarded. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: cryptsetup
Version: 2:1.0.4+svn26-1
Severity: normal
Hi,
--key-file=- does not take a key from standard input:
root@grml /mnt/hda1 # ./keyscript | cryptsetup -d - luksOpen /dev/hda5 hda5_crypt
Command failed.
root@grml /mnt/hda1 # ./keyscript | cryptsetup --key-file=- luksOpen /dev/hda5 hda5_crypt
Command failed.
root@grml /mnt/hda1 # ./keyscript | cryptsetup --key-file - luksOpen /dev/hda5 hda5_crypt
Command failed.
root@grml /mnt/hda1 # ./keyscript | cryptsetup luksOpen /dev/hda5 hda5_crypt
key slot 0 unlocked.
Command successful.
root@grml /mnt/hda1 #
As --key-file=- is used in
/usr/share/initramfs-tools/scripts/local-top/cryptroot, this bug
breaks initrds which obtain their key from a script. Removing
--key-file=- from the script allows booting with a keyscript.
Greetings
Marc
-- System Information:
Debian Release: lenny/sid
APT prefers oldstable
APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.20.4-scyw00225
Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Versions of packages cryptsetup depends on:
ii dmsetup 2:1.02.12-1 The Linux Kernel Device Mapper use
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libdevma 2:1.02.12-1 The Linux Kernel Device Mapper use
ii libgcryp 1.2.3-2 LGPL Crypto library - runtime libr
ii libgpg-e 1.4-2 library for common error values an
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii libuuid1 1.39+1.40-WIP-2006.11.14+dfsg-2 universally unique id library
cryptsetup recommends no packages.
-- no debconf information
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#418450; Package cryptsetup.
(full text, mbox, link).
Acknowledgement sent to David Härdeman <david@hardeman.nu>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #10 received at 418450@bugs.debian.org (full text, mbox, reply):
On Mon, Apr 09, 2007 at 09:45:42PM +0200, Marc Haber wrote:
>--key-file=- does not take a key from standard input:
>
>root@grml /mnt/hda1 # ./keyscript | cryptsetup -d - luksOpen /dev/hda5 hda5_crypt
>Command failed.
>root@grml /mnt/hda1 # ./keyscript | cryptsetup --key-file=- luksOpen /dev/hda5 hda5_crypt
>Command failed.
>root@grml /mnt/hda1 # ./keyscript | cryptsetup --key-file - luksOpen /dev/hda5 hda5_crypt
>Command failed.
>root@grml /mnt/hda1 # ./keyscript | cryptsetup luksOpen /dev/hda5 hda5_crypt
>key slot 0 unlocked.
>Command successful.
>root@grml /mnt/hda1 #
I'm guessing keyscript generates output which includes a newline which
is not really part of the key?
austin:~# dd if=/dev/zero of=/test.img bs=1k count=1k
1024+0 records in
1024+0 records out
1048576 bytes (1.0 MB) copied, 0.00791454 seconds, 132 MB/s
austin:~# losetup -f /test.img
austin:~# cryptsetup luksFormat /dev/loop0
WARNING!
========
This will overwrite data on /dev/loop0 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase: test
Verify passphrase: test
Command successful.
austin:~# echo -n "test" | cryptsetup --key-file=- luksOpen /dev/loop0 test
key slot 0 unlocked.
Command successful.
austin:~# cryptsetup remove test
austin:~# echo "test" | cryptsetup luksOpen /dev/loop0 test
key slot 0 unlocked.
Command successful.
austin:~# cryptsetup remove test
austin:~# echo "test" | cryptsetup --key-file=- luksOpen /dev/loop0 test
Command failed.
--
David Härdeman
Tags added: moreinfo
Request was from David Härdeman <david@hardeman.nu>
to control@bugs.debian.org.
(Sun, 15 Apr 2007 15:51:07 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#418450; Package cryptsetup.
(full text, mbox, link).
Acknowledgement sent to Marc Haber <mh+debian-bugs@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #17 received at 418450@bugs.debian.org (full text, mbox, reply):
On Thu, Apr 12, 2007 at 10:08:19PM +0200, David H?rdeman wrote:
> I'm guessing keyscript generates output which includes a newline which
> is not really part of the key?
The guess is correct. Sorry for getting this wrong.
Please consider documenting the different behavior with and/or without
--key-file=-, as cryptsetup also takes a passphrase on stdin when
--key-file=- is not given.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Message sent on to Marc Haber <mh+debian-bugs@zugschlus.de>:
Bug#418450.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#418450; Package cryptsetup.
(full text, mbox, link).
Acknowledgement sent to Marc Haber <mh+debian-bugs@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>.
(full text, mbox, link).
Message #25 received at 418450@bugs.debian.org (full text, mbox, reply):
tags #418450 - moreinfo
thanks
Requested information was delivered on June 9.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Tags removed: moreinfo
Request was from Marc Haber <mh+debian-bugs@zugschlus.de>
to control@bugs.debian.org.
(Tue, 17 Jul 2007 12:42:16 GMT) (full text, mbox, link).
Message sent on to Marc Haber <mh+debian-bugs@zugschlus.de>:
Bug#418450.
(full text, mbox, link).
Severity set to `minor' from `normal'
Request was from Jonas Meurer <mejo@debian.org>
to control@bugs.debian.org.
(Fri, 10 Aug 2007 13:45:03 GMT) (full text, mbox, link).
Tags added: pending
Request was from Jonas Meurer <mejo@debian.org>
to control@bugs.debian.org.
(Mon, 13 Aug 2007 02:09:02 GMT) (full text, mbox, link).
Reply sent to Jonas Meurer <mejo@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Marc Haber <mh+debian-bugs@zugschlus.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #39 received at 418450-close@bugs.debian.org (full text, mbox, reply):
Source: cryptsetup
Source-Version: 2:1.0.5-2
We believe that the bug you reported is fixed in the latest version of
cryptsetup, which is due to be installed in the Debian FTP archive:
cryptsetup-udeb_1.0.5-2_amd64.udeb
to pool/main/c/cryptsetup/cryptsetup-udeb_1.0.5-2_amd64.udeb
cryptsetup_1.0.5-2.diff.gz
to pool/main/c/cryptsetup/cryptsetup_1.0.5-2.diff.gz
cryptsetup_1.0.5-2.dsc
to pool/main/c/cryptsetup/cryptsetup_1.0.5-2.dsc
cryptsetup_1.0.5-2_amd64.deb
to pool/main/c/cryptsetup/cryptsetup_1.0.5-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 418450@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonas Meurer <mejo@debian.org> (supplier of updated cryptsetup package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 24 Sep 2007 15:42:06 +0200
Source: cryptsetup
Binary: cryptsetup cryptsetup-udeb
Architecture: source amd64
Version: 2:1.0.5-2
Distribution: unstable
Urgency: low
Maintainer: Jonas Meurer <mejo@debian.org>
Changed-By: Jonas Meurer <mejo@debian.org>
Description:
cryptsetup - configures encrypted block devices
cryptsetup-udeb - configures encrypted block devices (udeb)
Closes: 401766 409775 411784 418450 421693 436434 438169 438198 438450 438473 441428
Changes:
cryptsetup (2:1.0.5-2) unstable; urgency=low
.
[ Jonas Meurer ]
* Add libselinux1-dev and libsepol1-dev to build-depends. Detected by
the build daemon from hell by Steinar H. Gunderson. Thanks to Manoj
Srivastava for advice.
* Fix the watchfile
* Fix cryptopensc-hook to honor key=none. Thanks to Daniel Baumann
(closes: #436434)
* Remove outdated README.html and example usbcrypto.* scripts from
documentation. Add example usbcrypto.udev script. Thanks to Volker Sauer
for the update. (closes: #409775)
* Document that stdin is read different with '--key-file=-' than without.
Thanks to Marc Haber. (closes: #418450)
* Document that --timeout is useless in conjunction with --key-file. Thanks
Alexander Zangerl. (closes: #421693)
* [03_check_for_root.dpatch] Check for UID == 0 before actually doing
something. Thanks to Benjamin Seidenberg. (closes: #401766)
* [04_fix_unused_or_unitialized_variables.dpatch] Fix some gcc warnings
about unused or unitialized variables. Thanks to Ludwig Nussel for the
patch.
* [05_segfault_at_nonexisting_device.dpatch] Fix segfault when trying to
open a non existing device. Thanks to Ludwig Nussel for the patch.
(closes: #438198)
* Add CFLAGS="$(CFLAGS)" before ./configure invocation in debian/rules.
This way CFLAGS are passed to the configure script. Thanks to Gordon
Farquharson for the patch. (closes: #438450)
* Add a warning about missing hash option in crypttab to initramfs
cryptoroot hook. Thanks to Sebastian Leske for the patch.
(closes: #438169)
* Add support for openct using data objects on a smartcard as key. Thanks to
Daniel Baumann <baumann@swiss-it.ch> for patch and documentation.
(closes: #438473)
* Polish opensc_decrypt and openct_decrypt.
* Add initramfs patch by maximilian attems. Bump depends on initramfs-tools
to (>= 0.91). (closes: #441428)
* several cleanups to make lintian happy:
- remove #!/bin/sh from cryptsetup.functions as it is not executable.
- remove unused-override configure-generated-file-in-source config.log.
- add some hyphen fixes to patches/02_manpage.dpatch
* Filter out the detection of filesystem type 'minix' in checks vol_id and
un_vol_id if checking for any valid filesystem. The minix fs signature
seems short enough to be detected erroneously by /lib/udev/vol_id.
Thanks to Fredrik Olofsson and arno for the bugreport. (closes: #411784)
* Add Homepage field to debian/control.
Files:
5ad206a8625c2ce420f31b84003769bf 882 admin optional cryptsetup_1.0.5-2.dsc
5f5e0c8d4b7c3f761e993b290ee0a8ae 44446 admin optional cryptsetup_1.0.5-2.diff.gz
33121c13828ca7200e28aa0f43a81a0a 260504 admin optional cryptsetup_1.0.5-2_amd64.deb
7f100565ef3ffac0c55bfcd9e10dc953 184474 debian-installer optional cryptsetup-udeb_1.0.5-2_amd64.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFG+jGvd6lUs+JfIQIRAj24AJ4xEXFom9SxdB1+5UHpp6IiC+d7BwCdGa3W
Wv0wXBV0cAO4vNN9aLb7jJM=
=dXey
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 13 Feb 2008 07:46:11 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Fri Jan 12 22:44:07 2018;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.