| Summary: | sys-fs/cryptsetup-2.7.5: dmcrypt asks confirmation for recreating LUKS partition on isLuks error on startup | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Jaak Ristioja <jaak> |
| Component: | Current packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
| Status: | UNCONFIRMED --- | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=942823 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
On startup I got an error message and prompt (twice, although dm-crypt is only active on the boot runlevel): ----- BEGIN TRANSCRIPTION OF TEXT FROM PHOTOGRAPH ---- * Setting up dm-crypt mappings ... /etc/init.d/dmcrypt: line 121: 2917 Floating point exceptioncryptsetup ${header_opt} isLuks ${source} 2> /dev/null * <my target> using: create <my target> /dev/disk/by-uuid/<long uuid> ... WARNING: Using default options for cipher (aes-xts-plain64, key size 256 bits) that could be incompatible with older versions. For plain mode, always use options --cipher, --key-size and if no keyfile is used, then also --hash. WARNING: Devices /dev/disk/by-uuid/<long uuid> already contains a 'crypto_LUKS' superblock signature. WARNING! ======== Detected device signature(s) on /dev/disk/by-uuid/<long uuid>. Proceeding further may damage existing data. Are you sure? (Type 'yes' in capital letters): _ ----- END TRANSCRIPTION OF TEXT FROM PHOTOGRAPH ---- I think this potentially dangerous prompt is caused by /etc/init.d/dmcrypt not properly checking the exit status of cryptsetup, e.g. in the following excerpt: # cryptsetup: # open <device> <name> # <device> is $source # create <name> <device> # <name> is $target local arg1="create" arg2="${target}" arg3="${source}" if cryptsetup ${header_opt} isLuks ${source} 2>/dev/null ; then arg1="open" arg2="${source}" arg3="${target}" fi I assume that the exit status of `cryptsetup isLuks` should be 0 (true) or 1 (false) depending on the result, but if it exits due to a signal, the exit status is (128 + (number of signal)), e.g. 136 for SIGFPE: # cryptsetup isLuks /dev/nvme0n1; echo $? Floating point exception 136 I will file a separate bug report about the cryptsetup SIGFPE issue. The essence of this bug report is that it is dangerous for /etc/init.d/dmcrypt to simply use `if somecommand; then` in cases where `somecommand` failures might end up causing my partitions being overwritten. Being in a hurry to boot my system and not yet having fully understood the full message, I had already typed "yes" (in lowercase) in response to the prompt, so this feels dangerously close to data loss. The /etc/init.d/dmcrypt script should instead explicitly check for the exit statuses 0 and 1, and consider other exit statuses as errors.