sys-fs/cryptsetup-1.0.6-r2: using multiple targets in /etc/conf.d/dmcrypt cryptsetup fails to invoke those properly. it fails with an error that no matching passphrase is found, without even asking for one. Reproducible: Always Steps to Reproduce: enter multiple targets in /etc/conf.d/dmcrypt eg: # /etc/conf.d/dmcrypt target='crypt-home' source='/dev/sda5' target='crypt-data' source='/dev/sdb1' target=crypt-backup source='/dev/hdb1' 2. start dmcrypt /etc/init.d/dmcrypt start, (i have manually opened the home-volume to be able to post this ;) ) Actual Results: maya / # /etc/init.d/dmcrypt start * Caching service dependencies ... [ ok ] * Setting up dm-crypt mappings ... * dm-crypt mapping crypt-home is already configured * dm-crypt map crypt-data ... * cryptsetup will be called with : luksOpen /dev/sdb1 crypt-data Command failed: No key available with this passphrase. * failure running cryptsetup [ !! ] * source "" for crypt-backup missing, skipping... * Failed to setup dm-crypt devices [ !! ] Expected Results: it should ask for each passwd and open the volumes then i'm running baselayout-2.0.0 with openrc-0.3.0-r1 /etc/init.d/dmcrypt is in runlevel boot
the error seems to originate in /lib/rcscripts/addons. cryptsetup is invoked before the source parameter is eval-ed.
No. The error occurs in /lib/rcscripts/addons/dm-crypt-start.sh, but not because of an empty source parameter. The main "while read targetline" loop has its stdin redirected from /etc/conf.d/dmcrypt (see the "done" line). This will read each config line and look for "swap=" or "target=" lines. If the current line is none of these, the variable it defines will be set. If it _is_ a "swap" or "target" line, the dm_crypt_execute_dmcrypt() function will be called with all of the variables that are set, _before_ the last line that has been read is evaluated. This is a kind of queueing mechanism: Before starting to read a new section, all data that has been read will be evaluated. Finally, after all lines have been read, a last evaluation run will be started. There's nothing wrong with this, except for one thing: If the current dmcrypt volume isn't the last one defined, dm_crypt_execute_dmcrypt() will be called from _within_ the while loop, and stdin will not be the keyboard, but /etc/conf.d/dmcrypt, and it's rather unlikely that the rest of the file will correspond to your passphrase. ;) This also explains the second error message where no source has been set: cryptsetup reads all of stdin, i.e. everything after the "target" line of the last section. Now stdin has been read completely, the while loop terminates, and dm_crypt_execute_dmcrypt() is called without any of the variables that would follow the "target" line are set. So. That's the _problem_. Let's talk about solving it. I'll try hacking around on the script in a moment.
Downgrading to sys-fs/cryptsetup-1.0.6-r1 works, because there cryptsetup will be fed /dev/console explicitly. However, as mentioned in the ChangeLog, this will probably cause trouble when e.g. running under X, so a more elaborate solution is needed. Since I currently don't have X installed on the machine I use cryptsetup on, I'm afraid I can't work on one, though.
ok. I see. I'll downgrade for now, as I don't need it working with X either. Thanks a lot.
well if we talk about X, that redirecting-stdin thingy becomes quite messy. I say there cannot be any stdin redirections when cryptsetup is called. Everything else is bogus&bloat. That means we'll have to fix the config parser. Maybe just use a different FD than stdin. I'll try that once I find the time (next week or so).
please also see #257556 If I add a commect line between the target and the source line all is fine.... so I do not know if this bug really is dup of #257556
*** This bug has been marked as a duplicate of bug 243216 ***
