Hi, when cryptfs is configured with a public encrypted key via the key= statement sys-fs/cryptsetup-0.1-r3 hangs when trying to access the secret gnupg key (stored on a smartcard) because 1. gnupg cant find its secret-keyring (no homedir) and 2. (in case a smartcard is used) the reader cant be accessed/found (no USB_DEVFS_PATH) actual result: hangs on setting up dm-mapping expected result: should ask for pw or card and pin Workaround: 1. define --homedir /root/.gnupg in the gpgotions 2. define and export USB_DEVFS_PATH see attachment this should work on cardreaders setup via udev. Cheers, Nico Note: This should be the case in sys-fs/cryptsetup-luks too
Created attachment 95522 [details] patch for sys-fs/cryptsetup-0.1-r3 diff -u /lib/rcscripts/addons/dm-crypt-start.sh /usr/portage/sys-fs/cryptsetup/files/dm-crypt-start.sh
no, the entire point of allowing people to set gpg_options is so that they do ... in other words, you should be using: gpg_options="... --homedir ..." in your config file what is the point of the USBDEVPATH ?
ok. and without the USBDEVFSPATH gnupg can't access/find the (usb) smartcard reader. So it will fail ending up in the while loop. (In case the key is stored on a smartcard). I dont know if its correct to set the path, this way at this special point, but it works for me.
what package are you using for reading the smartcard ? gnupg must be using an external library for handling such details right ?
afaik only libusb is required. the rest is handled with the internal ccid driver of gnupg. on boot udev generates a normal usb devfile under /dev/bus/usb/xxx/xxx and gnupg can access it directly. normaly gnupg gets the usbdevfspath from the env-var but in this case they are not set yet. no libpcsclite, pcslite or something like that is needed
Given the current state of cryptsetup, you should be looking to use cryptsetup-luks. I've just put a new version in with some significant changes, check cryptsetup-luks.1.0.3-r3 and see how that goes. Let me know what changes need to be made in order to get your smart card working from that base please.
marking this as a won't fix, switch to cryptsetup-luks and let me know any problems you have there.