hi!
jonas wrote:
That would mean to have a 'killall cryptsetup' at the end of every
>> cryptroot execution.
>
> right. i think that's ok.
Not sure. It's ok in a common setup, but what about users who use custom
scripts in their initrd which invoke cryptsetup as well. sure, sounds
like a corner case, but I still don't like the idea to kill every
cryptsetup process per default in cryptroot initramfs script.
actually the console cryptroot instance (or actually: all) should be
killed by the (shell) cryptroot instance after successful completion.
as this already means the boot process will continue, the killall
cryptsetup could be spared. but this means that in case of unlocking
from remote, this would produce a dangling cryptsetup... so i guess the
killall cryptsetup would still be nicer. theoretically there shouldn't
be any valid cryptsetups left after one of the cryptroots finished.
killing the cryptroots and their child processes would be most elegant i
guess, but i wasn't able to find such a solution with the means
available in initramfs...
also, in this scenario, the check for existence of the crypttarget isn't
necessary anymore, so this change can be spared too.
i attached a new patch according to this.
david wrote:
The addition of "[ "`tty`" == "/dev/console" ]" I did not quite
understand. What was the purpose there? Manual invocations of the
cryptsetup initramfs script I assume?
correct. taking care the splash-stuff is done exclusively by the
instance running on the console.
As for the rest of the patch, I am still not convinced.
the killall cryptsetup/cryptroot? while i, too, would certainly prefer
to kill exactly the pid of the cryptsetup i'm looking for, in the
absence of means allowing this (afaik), i personally think a killall
would be acceptable (and preferable to just letting cryptsetup hang
around doing nothing) at this point.
On the other hand, I already have some code for a simple program (in C)
that automatically uses usplash or console to get a passphrase from a
user. Perhaps it is time to dust it off, add fifo as a third input method
and add it to cryptsetup.
right, i guess in c this could be done, one thread could read from stdin
while another thread reads from the fifo. and atomicity/locking should
be less of an issue there.
It should make writing keyscripts simpler and should allow this ssh
support to be written as a keyscript...in addition, we could remove some
special cases from the initramfs script as that binary could be used as
the keyscript when no particular keyscript has been defined (meaning we
always run a "keyscript" and can move some of the usplash special cases
from the initramfs script).
right, in this case the 'calling cryptsetup and typing in the password'
case would be one (standard/default/shipped) keyscript (that's what i
meant by 'removing the non-keyscript cryptsetup part' from the
cryptroot-script).
I have exams on 4:th, 5:th, 6:th and 12:th of March, so I won't have time
to hack on that for another week or two though (not intended to try your
patience Chris :))
well, no prob for me, as i've got working packages (now even supporting
multiple crypttargets! ;) ) i'm using for etch and lenny installations
for quite a while now...
i just thought this is certainly an issue for quite some people out
there... i wondered what the cases-per-day rate of incidents where
somebody sits some hundereds or thousands of kilometers away from his
box that waits for his cryptroot passphrase at the console might be...
so i felt kind of obliged to provide the solution and the corresponding
amount of work to the community, too. i guess i can rest my conscience
now... :)
On an unrelated note...what host key does the dropbear daemon use in the
initramfs?
in the current dropbear patch the mkinitramfs takes the host- and
authentication-keys from /etc/initramfs-tools and copies them to the
initramfs.
if they aren't already there, the mkinitramfs run will create them.
i.e. the installer could create them on installation, they can be
exchanged as needed, and they don't change over mkinitramfs-runs.
to log in, the secret authentication key from /etc/initramfs-tools is
needed (and the hostkey should be compared/fingerprint checked/added to
known_hosts).
Chris
diff -pruN cryptsetup-1.0.6~pre1.orig/debian/control cryptsetup-1.0.6~pre1/debian/control
--- cryptsetup-1.0.6~pre1.orig/debian/control 2008-02-25 14:30:46.000000000 +0100
+++ cryptsetup-1.0.6~pre1/debian/control 2008-02-25 14:35:15.000000000 +0100
@@ -12,7 +12,7 @@ Vcs-Svn: svn://svn.debian.org/svn/pkg-cr
Package: cryptsetup
Architecture: any
Depends: ${shlibs:Depends}, dmsetup
-Suggests: udev, initramfs-tools (>= 0.91) | linux-initramfs-tool, dosfstools
+Suggests: udev, initramfs-tools (>= 0.91) | linux-initramfs-tool, dropbear, dosfstools
Conflicts: cryptsetup-luks (<= 1.0.1-8), hashalot (<= 0.3-1)
Replaces: cryptsetup-luks (<= 1.0.1-8)
Description: configures encrypted block devices
diff -pruN cryptsetup-1.0.6~pre1.orig/debian/initramfs/cryptroot-script cryptsetup-1.0.6~pre1/debian/initramfs/cryptroot-script
--- cryptsetup-1.0.6~pre1.orig/debian/initramfs/cryptroot-script 2008-02-25 14:30:46.000000000 +0100
+++ cryptsetup-1.0.6~pre1/debian/initramfs/cryptroot-script 2008-02-27 15:51:57.000000000 +0100
@@ -188,14 +188,13 @@ setup_mapping()
return 1
fi
crypttarget="$crypttarget" cryptsource="$cryptsource" \
- $cryptkeyscript $cryptkey < /dev/console 2> /dev/console | \
- $cryptcreate --key-file=- > /dev/console 2>&1
- elif [ -p /dev/.initramfs/usplash_outfifo ] && [ -x /sbin/usplash_write ]; then
+ $cryptkeyscript $cryptkey | $cryptcreate --key-file=-
+ elif [ "`tty`" == "/dev/console" ] && [ -p /dev/.initramfs/usplash_outfifo ] && [ -x /sbin/usplash_write ]; then
usplash_write "INPUTQUIET Enter password for $crypttarget: "
PASS="$(cat /dev/.initramfs/usplash_outfifo)"
echo -n "$PASS" | $cryptcreate > /dev/null 2>&1
else
- $cryptcreate < /dev/console > /dev/console 2>&1
+ $cryptcreate
fi
if [ $? -ne 0 ]; then
@@ -205,7 +204,7 @@ setup_mapping()
elif [ ! -e "$NEWROOT" ]; then
echo "cryptsetup: unknown error setting up device mapping"
return 1
- elif [ -p /dev/.initramfs/usplash_outfifo ] && [ -x /sbin/usplash_write ]; then
+ elif [ "`tty`" == "/dev/console" ] && [ -p /dev/.initramfs/usplash_outfifo ] && [ -x /sbin/usplash_write ]; then
# clean the text, to give feedback that it worked
usplash_write "TEXT-URGENT "
fi
@@ -270,9 +269,15 @@ fi
# Do we have any settings from the /conf/conf.d/cryptroot file?
if [ -r /conf/conf.d/cryptroot ]; then
- while read mapping; do
+ while read mapping <&3; do
setup_mapping "$mapping"
- done < /conf/conf.d/cryptroot
+ done 3< /conf/conf.d/cryptroot
fi
+# We might be called manually from the shell. In this case we have to kill
+# our console instance as well as dangling cryptsetups waiting for input at
+# the console.
+killall cryptroot
+killall cryptsetup
+
exit 0
