Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 196602 - sys-fs/cryptsetup-1.0.4 with 1.0.3 config-file destroys partitions
Summary: sys-fs/cryptsetup-1.0.4 with 1.0.3 config-file destroys partitions
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: AMD64 Linux
: High critical (vote)
Assignee: Gentoo Linux bug wranglers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-21 13:50 UTC by Andreas Dehmel
Modified: 2007-10-21 19:50 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Dehmel 2007-10-21 13:50:20 UTC 
You just need an encrypted swap partition and an encrypted "persistent" partition where you want to actually keep data (probably the norm for anyone using this package), and define both in the recommended order (swap first). Since the keyword "mount" changed to "target", this is what'll happen if you accidentally failed to fix your config-file:

1) The parser doesn't abort on a syntax error (unknown "mount" keyword) but just ignores it.
2) The parser doesn't abort on multiple "source" keywords for the same target but happily uses the last one.
3) Consequently, it'll parse the swap section, continue to the regular partition but think it's still swap because it doesn't find "target" and doesn't recognize "mount", until it reaches EOF where it'll execute the information, so the net effect is it'll turn your persistent partition into swap!
4) And of course, after you realized your config-file is wrong, you'll fix it but still won't be able to mount your partition any more because it now carries a swap signature.

Now I don't have a problem with cryptsetup-luks not working (= "not mounting") with the old config file, but it actually _destroying_ critical data because the maintainer was too dumb to put 2 and 2 together and there are absolutely no security measures whatsoever in the parser is simply outrageous.
BTW, you can't really downgrade to 1.0.3 anymore either, because some startup scripts of the 1.0.4 version remain in place and the parser still works the 1.0.4 way.


Reproducible: Always

Steps to Reproduce:
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2007-10-21 14:09:21 UTC 
<snip>
        ewarn "This ebuild introduces a new set of scripts and configuration"
        ewarn "then the previous system. If you are currently using /etc/conf.d/crypfs"
        ewarn "then you *MUST* read the new /etc/conf.d/cryptfs for instructions"
        ewarn "on how to convert your previous cryptfs to the new syntax or your"
        ewarn "encrypted partitions will *NOT* work."
</snip>

So, how about that you actually *read* what we told you, and run etc-update, as told to after upgrade by portage?
Comment 2 Andreas Dehmel 2007-10-21 19:44:12 UTC 
I know it says that in the log. But I also said that "not work" means "doesn't mount" and _not_ "destroys partitions". Even if it did mention that possibility in the elog, it'd still be a critical error because both the log message and the change of keyword are far too easy to overlook and you have just one chance to get it right, afterwards the partition is corrupted. Do you really think anybody would accept a change like this in fstab, regardless of whether you log out a warning or not? Fat chance.
Comment 3 Jakub Moc (RETIRED) gentoo-dev 2007-10-21 19:50:21 UTC 
Ignoring all the warnings and provided instructions is not an ebuild bug, sorry.

If you dislike how cryptsetup-luks behaves on broken config file, take it upstream, not to Gentoo bugzilla.