The initrd.scripts from genkernel package always use gpg for key file given by boot parameter root_key or swap_key. But normally it should use gpg just on key files with extension ".gpg" Example: root_key=key.bin Reproducible: Always Steps to Reproduce: 1. create key-file on usb.stick, e.g. dd if=/dev/urandom of=/mnt/usb/key.bin bs=512 count=4 2. setup root volume with LUKS, e.g. cryptsetup --cipher aes-cbc-essiv:sha256 --key-file /mnt/key/key.bin --key-size 256 luksFormat /dev/sdNN 3. add LUKS mount options crypt_root=/dev/sdNN root_key=key.bin Actual Results: The scripts will not work if gpg is not included in initrd or it will ask for passphrase which will not work too, because key file is not an encrypted gpg file. Expected Results: The scripts should recognize extensions other than ".gpg" and use the key file as-is.
Created attachment 284693 [details, diff] Patch for /usr/share/genkernel/defaults/initrd.scripts This patch corrects a bug in detection of the ".gpg" extension for boot parameter root_key and swap_key
bug summary changed (sorry for confusion). patch works for me.
Please explain how addition of quotes has an effect here. I don't see it myself, yet.
If LUKS_KEY doesn't contain '.gpg' (what is my case), an "[: =: unary operator expected" error occurs, because left side of '=' is nothing. With addition of the quotes you have at least an empty string "".
Alright. But the body of if-then is still entered?
(In reply to comment #5) > Alright. But the body of if-then is still entered? Yes, if LUKS_KEY contains '.gpg' and /sbin/gpg is availabe. Short example (without the gpg executable test): for LUKS_KEY in 'root.bin' 'root.gpg'; do if [ "$(echo ${LUKS_KEY} | grep -o '.gpg$')" = ".gpg" ]; then echo Yep, it is gpg; else echo No, it is raw; fi; done
If I add '' to the loop and remove the quotes like this ============================================================= for LUKS_KEY in '' 'root.bin' 'root.gpg'; do if [ $(echo ${LUKS_KEY} | grep -o '.gpg$') = ".gpg" ]; then echo Yep, it is gpg; else echo No, it is raw; fi; done ============================================================= I get ============================================================= bash: [: =: unary operator expected No, it is raw bash: [: =: unary operator expected No, it is raw Yep, it is gpg ============================================================= for the output. So the if-then part is _not_ entered. That's what I have trouble understanding. To apply decrpytion it would have to enter it, right? What am I missing?
Patch applied http://git.overlays.gentoo.org/gitweb/?p=proj/genkernel.git;a=commitdiff;h=3453a0621c20576f9b3249215187f34ed55014f0
> [...] So the if-then part is _not_ entered. That's what I have > trouble understanding. To apply decrpytion it would have to enter it, right? You are right. I reverted the patch on my test system and "suddenly" it works - with a little hiccup "sh: .gpg: unknown operand", but anyway it starts successfully, since it falls through the if-else part. And what ever forced me before into the gpg passphrase input ... I can't reproduce it :-( So my patch just solve the error "sh: .gpg: unknown operand". Sorry for the noise.
Don't worry - you did fix a bug.
