[pkg-cryptsetup-devel] Bug#492451: Bug#492451: Bug#492451: cryptsetup doesn't work with encrypted root and splashy in initramfs

Sun Jul 27 21:22:09 UTC 2008

On 27/07/2008 Jonas Meurer wrote:
> On 26/07/2008 John Hughes wrote:
> > The askpass program, used to get the passphrase for decryption, doesn't 
> > know how to talk to splashy.  If splashy is configured in the initramfs 
> > then the boot hangs at the point where crypsetup prompts for the 
> > passprhrase to decrypt the root filesystem.
> > 
> > A simple patch to make askpass work with splashy is attached.  Another, 
> > possibly preferrable way of doing this would be to use the 
> > /sbin/splashy_update program, via popen, to get the password.  This does 
> > imply some horrid shell quoting problems however.
> 
> thanks for your work on support for splashy with cryptsetup/askpass. I
> tested your patch, and unfortunately it doesn't work for me. The splashy
> passphrase prompt is displayed, but then the display seems to be frozen.
> Sometimes some asterisks are printed when I try to input my cryptsetup
> passphrase, but at least after pressing return nothing happens anymore.
> 
> I reproduced that issue on my developing machine and a testing kvm
> environment, both running up-to-date debian/unstable.

I now discovered that the patch works without any issues for cryptroot
(encrypted root fs), when askpass is invoked by the initramfs. Only for
encrypted non-root filesystem which are started in the cryptsetup
initscript, splashy freezes.

I tried to replace askpass with splashy_update directly in
/etc/init.d/cryptdisks (keyscriptarg="getpass Passphrase:" &
KEYSCRIPT=/sbin/splashy_update), but that produced a similar freeze.

Thus I believe that the bug I discovered is neither in your patch nor in
crpytdisks (the initscript of cryptsetup), but rather in splashy itself
(or both in splashy_update and in your patch).

Please see my other message to this bugreport for further information.

I decided to accept your patch into cryptsetup after all, as it adds at
least support for splashy with encrypted root filesystems. I documented
the limited support in README.Debian though:

--- snip cryptsetup/trunk/debian/README.Debian ---

6. Cryptsetup and Splashy
-------------------------

 Splashy support in cryptsetup is currently somehow limited. Splashy is known
to freeze at the password dialog for encrypted non-root filesystems. Only the 
password dialog for the encrypted root filesystem works.

 It seems like splashy freezes for any input dialog in initscripts while
input dialogs at initramfs stage seem to work. This leads to the assumption
that the bug is somewhere in splashy and neither in cryptsetups initscripts
nor in askpass, the keyscript that is responsible for cryptsetups passphrase
input dialogs.

--- snap ---

The upload of cryptsetup 2:1.0.6-4 will close that bugreport. Feel free
to reopen it if the bug I discovered is introduced by the patch.

greetings,
 jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20080727/0d1fac92/attachment.pgp 