794817 – sys-kernel/genkernel: “cryptsetup: Only one --key-file argument is allowed.” when failing GPG passphrase (patch provided)

Bug 794817 - sys-kernel/genkernel: “cryptsetup: Only one --key-file argument is allowed.” when failing GPG passphrase (patch provided)

Summary: sys-kernel/genkernel: “cryptsetup: Only one --key-file argument is allowed.” ...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Hosted Projects
Classification:	Unclassified
Component:	genkernel (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Genkernel Maintainers

URL:
Whiteboard:
Keywords:	InVCS

Depends on:
Blocks:

Reported:	2021-06-07 18:42 UTC by Thibaud CANALE
Modified:	2021-07-06 23:11 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thibaud CANALE 2021-06-07 18:42:39 UTC

With initramfs created thanks to genkernel, current version "4.2.1-r1", system fails to open LUKS container when user fails to provide correct passphrase with following error:
cryptsetup: Only one --key-file argument is allowed.

And then, initramfs is stuck in loop asking again for LUKS device, key device and key, leading to the same error again.

It happens because in file `etc/initrd.scripts` the variable `cryptsetup_options` is not reset and then the option "--key-file, -d name" is append too much time in the variable.

Here a patch which _could_ possibly fix this issue (it might not satisfy your QA, and I didn’t test it however I noticed this script is identical to the last revision in the main branch “master”):
================================================================
diff -ru a/defaults/initrd.scripts b/defaults/initrd.scripts
--- a/defaults/initrd.scripts
+++ b/defaults/initrd.scripts
@@ -1831,8 +1831,6 @@
 	eval local LUKS_KEY='"${CRYPT_'${TYPE}'_KEY}"'
 	eval local LUKS_KEYDEV='"${CRYPT_'${TYPE}'_KEYDEV}"'
 	eval local LUKS_KEYDEV_FSTYPE='"${CRYPT_'${TYPE}'_KEYDEV_FSTYPE}"'
-	eval local cryptsetup_options='"${CRYPT_'${TYPE}'_OPTIONS}"'
-	cryptsetup_options="$(trim "${cryptsetup_options}")"
 	eval local OPENED_LOCKFILE='"${CRYPT_'${TYPE}'_OPENED_LOCKFILE}"'
 	local DEV_ERROR=0 KEY_ERROR=0 KEYDEV_ERROR=0
 	local mntkey="/mnt/key/" crypt_filter_ret=
@@ -1845,6 +1843,8 @@
 
 	while true
 	do
+		eval local cryptsetup_options='"${CRYPT_'${TYPE}'_OPTIONS}"'
+		cryptsetup_options="$(trim "${cryptsetup_options}")"
 		local gpg_cmd=""
 		if [ -e "${OPENED_LOCKFILE}" ]
 		then
================================================================

Comment 1 Larry the Git Cow gentoo-dev

2021-07-06 00:25:11 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/genkernel.git/commit/?id=203500a030b608538b15a4a8094de680e1937266

commit 203500a030b608538b15a4a8094de680e1937266
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-07-05 23:19:34 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-07-05 23:40:52 +0000

    initrd.scripts: openLUKS(): Reset cryptsetup_options on each iteration
    
    Fixes: a0a6d631 ("linuxrc: add kernel command-line argument to allow user to pass additional options to cryptsetup")
    Bug: https://bugs.gentoo.org/794817
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 defaults/initrd.scripts | 6 ++++--
 defaults/unlock-luks.sh | 4 ++++
 2 files changed, 8 insertions(+), 2 deletions(-)

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2021-07-06 23:11:28 UTC

Fixed in >=sys-kernel/genkernel-4.2.2!