Bug#530784: marked as done (Consider adding support to preseed a dm-crypt passphrase)

To: Cyril Brulebois <kibi@debian.org>
Subject: Bug#530784: marked as done (Consider adding support to preseed a dm-crypt passphrase)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Fri, 24 Oct 2014 10:42:14 +0000
Message-id: <[🔎] handler.530784.D656710.14141472445948.ackdone@bugs.debian.org>
References: <E1XhcIS-0001Kb-Er@franck.debian.org> <4A1D9CAF.9020508@gmx.net>

Your message dated Fri, 24 Oct 2014 10:40:40 +0000
with message-id <E1XhcIS-0001Kb-Er@franck.debian.org>
and subject line Bug#656710: fixed in partman-crypto 77
has caused the Debian Bug report #656710,
regarding Consider adding support to preseed a dm-crypt passphrase
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
656710: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656710
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Cc: Gabriel.Sailer@gmx.net
Subject: partman-crypto: preseeding of the dm-crypt passphrase failed
From: Gabriel Sailer <Gabriel.Sailer@gmx.net>
Date: Wed, 27 May 2009 22:03:59 +0200
Message-id: <4A1D9CAF.9020508@gmx.net>

Subject: partman-crypto: preseeding of the dm-crypt passphrase failed
Package: partman-crypto
Version: 36
Severity: normal



-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.26-1-686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)
(the test with english language also failed)

Hello,
i tried to install about 20 laptops full preseeded with crypted
root and swap (and a normal /boot). The installation work but
without accepting my preseeded partman-crypto/passphrase (and
partman-crypto/passphrase-again).
I use 'd-i preseeded partman-crypto/passphrase password <CLEAR
TEST PASSWORD>' and the same with 'partman-crypto/passphrase-again'.
I see the Values in the 'passwords.dat' when the system is
processing the preseed file but it seems that the 'blockdev-keygen'
script didn't get it.
Is it not possible to preseed this value?
Or how is it possible debug partman-crypto precessing?

The exact image i used for the installation:
http://ftp.de.debian.org/debian-cd/5.0.1/i386/iso-cd/debian-501-i386-netinst.iso
# (14-Apr-2009 00:28 - 154M)

The installation without preseeding partman works correct.

I start the installation with a test preseed file an priority=medium.
My test preseed file (all other values are set intercativ):

> ####################################################################
> # Disk Partitioning/Boot loader
> ####################################################################
> 
> # dm-crypt passphrase
> d-i partman-crypto/passphrase       password  A_very_log_and_secret_passphrase!
> d-i partman-crypto/passphrase-again password  A_very_log_and_secret_passphrase!

When starting the menu entry "Partition disks", until setting
the partition for encryption the .../passwords.dat contains:

> ...
> Name: partman-crypto/passphrase
> Template: partman-crypto/passphrase
> Value: A_very_log_and_secret_passphrase!
> Owners: d-i, partman-crypto
> Flags: seen
> Variables:
>  ID = partman-crypto/passphrase
> 
> Name: partman-crypto/passphrase-again
> Template: partman-crypto/passphrase-again
> Value: A_very_log_and_secret_passphrase!
> Owners: d-i, partman-crypto
> Flags: seen
> Variables:
>  ID = partman-crypto/passphrase-again
> ...

But before preparing the partition the installation asks for the
passphrase.
The .../passwords.dat contains after the partitioning:

> ...
> Name: partman-crypto/passphrase
> Template: partman-crypto/passphrase
> Value:
> Owners: d-i, partman-crypto
> Variables:
>  ID = partman-crypto/passphrase
>  DEVICE = SCSI1 (0,0,0), partition #2 (sda)
> 
> Name: partman-crypto/passphrase-again
> Template: partman-crypto/passphrase-again
> Value:
> Owners: d-i, partman-crypto
> Variables:
>  ID = partman-crypto/passphrase-again
> ...

I inserted a 'set -x' in '/bin/blockdev-keygen' and
'/lib/partman/lib/crypto-base.sh' and append the saved syslog (.gz)
and the lsb-release file to this report.

Many thanks for any help

Gabriel

Attachment: syslog.gz
Description: GNU Zip compressed data

DISTRIB_ID=Debian
DISTRIB_DESCRIPTION="Debian GNU/Linux installer"
DISTRIB_RELEASE="5.0 (lenny) - installer build 20090123lenny1"
X_INSTALLATION_MEDIUM=cdrom

--- End Message ---

--- Begin Message ---

To: 656710-close@bugs.debian.org
Subject: Bug#656710: fixed in partman-crypto 77
From: Cyril Brulebois <kibi@debian.org>
Date: Fri, 24 Oct 2014 10:40:40 +0000
Message-id: <E1XhcIS-0001Kb-Er@franck.debian.org>

Source: partman-crypto
Source-Version: 77

We believe that the bug you reported is fixed in the latest version of
partman-crypto, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 656710@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Cyril Brulebois <kibi@debian.org> (supplier of updated partman-crypto package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 24 Oct 2014 12:00:46 +0200
Source: partman-crypto
Binary: partman-crypto partman-crypto-dm
Architecture: source amd64 all
Version: 77
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Cyril Brulebois <kibi@debian.org>
Description:
 partman-crypto - Add to partman support for block device encryption (udeb)
 partman-crypto-dm - Add to partman support for dm-crypt encryption (udeb)
Closes: 656710
Changes:
 partman-crypto (77) unstable; urgency=medium
 .
   * Cherry-pick bzr r693 from Ubuntu (partman-crypto/40ubuntu2), thanks
     to Colin Watson:
     - Allow preseeding the first passphrase prompt (LP: #546405).
       (Preseeding passphrases for multiple different physical volumes is
       a whole different kettle of fish ...)
   * Cherry-pick bzr r695 from Ubuntu (partman-crypto/40ubuntu3), thanks
     to Colin Watson:
     - Allow preseeding partman-crypto/weak_passphrase too (LP: #546405).
   * Add a security note in debian/partman-crypto.templates, documenting
     the preseedability of the three extra items listed below, warning
     against possible eavesdropping, and suggesting a proper key escrow
     system (Closes: #656710):
     - partman-crypto/passphrase
     - partman-crypto/passphrase-again
     - partman-crypto/weak_passphrase
Checksums-Sha1:
 8e4021b5b258621795c51216c18e7795812c93c7 1804 partman-crypto_77.dsc
 af45584b44c5391deae268033fd96bb853261ab8 260932 partman-crypto_77.tar.xz
 9d07f8c2d06ae281a4fbe80dbf560f6dd812ab0d 360244 partman-crypto_77_amd64.udeb
 50e1012b4f5117184bc785ec92dfa6d04cb309cc 1372 partman-crypto-dm_77_all.udeb
Checksums-Sha256:
 8eef3ac7ccfc96937a9c1de9dc0954966b5658da56636c41a79b4986de241ae3 1804 partman-crypto_77.dsc
 3395d805fbd6e3bb1a2492a7eb74a6d95f1b1c81d16bbc7165976c0e718ee66d 260932 partman-crypto_77.tar.xz
 9c8fed61521904d370c269a926fd19e40437e43c3ab2bed69b500faee39621d0 360244 partman-crypto_77_amd64.udeb
 f1305ea8f961a5176598b673fabcac9e031b94910b84455c97682d4827df48e6 1372 partman-crypto-dm_77_all.udeb
Files:
 fa54b6e4bfed88f5391a8ed2e12c5528 1804 debian-installer optional partman-crypto_77.dsc
 e8fbe9c6a1a3e191cae50fe347eab631 260932 debian-installer optional partman-crypto_77.tar.xz
 8d8cbe0ba55441f70cb8d34db17de209 360244 debian-installer optional partman-crypto_77_amd64.udeb
 d8aea9550d561fbbecd5a4aefcf29390 1372 debian-installer optional partman-crypto-dm_77_all.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJUSiWqAAoJEP+RSvDCs1UgodIP/iKus7EafkPqalRHwQvQKSnD
6AdGv/5sz/sJYbSUSmNhpJ0cfTDlW73c4pBzCjnXPYzNACAMdmd2nyXp43V04glv
ca9PJAAwCBRUIEsVgQ6pB2e8uQhZDnqwy8Z4Mt9944gl0wCIfbUfciSFmP3+LHGY
rZ1FMSg3ELTSIU8X0PSuVDH4UoVax+QxRmHikr63U1d6DgVgNAcL6wmxOtvsRk62
9k+3BWjknlzJ0Mv808wrsc/U5SW2KCLjKYFo2YkWEASuD3Ksmh8mG9TL9e793i7P
r4XlMTKKDtV73UxmD+0ZAorxiZfHRnWXKk4nchS//vfgaD+FggyFWra/eq2Jtfbw
yzcdrJvOStalxLsbzIGSkw5QP+n7hOzYRvhQBU0V2vtp46YobhbylQoYKCbVToef
ZjmGeyjC2ucVjqOZswNkO+Fgyyq5aQWOQ/Tguv/5cSYDEknjaKVIyuQBgHHZroTU
EGePdphrg1333IwtCOXxJRvEleVf4f5Y7xvpLO7FCNTgp0Wiv4rNuIOHU2kZ9aSV
xpArG1NIzJHoeLM124fds1/++t7JRhHeZGP64zIeeQhfOCMfi5lx1EVKJC3M272+
LeH8uJm0Yg7eXCBVsCmpwll+98MnA5VGM1Oy02snLK7spmNwbtn9U+uzc0ivPGYJ
UOBTdhpSHXrrI5FlZNSN
=WPqt
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: partman-crypto_77_amd64.changes ACCEPTED into unstable
Next by Date: Bug#656710: marked as done (partman-crypto: Preseeding the passphrase)
Previous by thread: partman-crypto_77_amd64.changes ACCEPTED into unstable
Next by thread: Bug#656710: marked as done (partman-crypto: Preseeding the passphrase)
Index(es):
- Date
- Thread