Bug#793643: partman-crypto: Failure when doing a non-preseeded encrypted install

To: Adrian Kretz <adriankretz@gmail.com>, 793643@bugs.debian.org
Cc: jerome.vizcaino@gmail.com
Subject: Bug#793643: partman-crypto: Failure when doing a non-preseeded encrypted install
From: Cyril Brulebois <kibi@debian.org>
Date: Wed, 26 Aug 2015 01:46:15 +0200
Message-id: <[🔎] 20150825234615.GC15581@mraw.org>
Reply-to: Cyril Brulebois <kibi@debian.org>, 793643@bugs.debian.org
In-reply-to: <20150725204529.10717.36907.reportbug@x200s>
References: <20150725204529.10717.36907.reportbug@x200s>

Control: severity -1 serious

Hi Adrian,

Adrian Kretz <adriankretz@gmail.com> (2015-07-25):
> Package: partman-crypto
> Version: 84
> Severity: important
> Tags: patch
> 
> Hi,
> 
> commit 3d537db63a0d9101211dbe381e391232d1933949 introduced a bug which
> causes a fully encrypted install to fail when no options are set using
> debconf. The following patch should fix this.

Many thanks! It's been added to errata (with a link to this report since
a few hours), and I've finally managed to allocate some time to check
this.

> diff --git a/lib/crypto-base.sh b/lib/crypto-base.sh
> index e4316d3..22f6b0f 100644
> --- a/lib/crypto-base.sh
> +++ b/lib/crypto-base.sh
> @@ -575,16 +575,16 @@ crypto_set_defaults () {
>  
>  	case $type in
>  	    dm-crypt)
> -		db_get partman-crypto/cipher || RET=aes
> -		echo $RET > $part/cipher
> -		db_get partman-crypto/keysize || RET=256
> -		echo $RET > $part/keysize
> -		db_get partman-crypto/ivalgorithm || RET=xts-plain64
> -		echo $RET > $part/ivalgorithm
> -		db_get partman-crypto/keytype || RET=passphrase
> -		echo $RET > $part/keytype
> -		db_get partman-crypto/keyhash || RET=sha256
> -		echo $RET > $part/keyhash
> +		db_get partman-crypto/cipher
> +		echo ${RET:-aes} > $part/cipher
> +		db_get partman-crypto/keysize
> +		echo ${RET:-256} > $part/keysize
> +		db_get partman-crypto/ivalgorithm
> +		echo ${RET:-xts-plain64} > $part/ivalgorithm
> +		db_get partman-crypto/keytype
> +		echo ${RET:-passphrase} > $part/keytype
> +		db_get partman-crypto/keyhash
> +		echo ${RET:-sha256} > $part/keyhash
>  		;;
>  	esac
>  	return 0

Just to make sure I went to a commit without the offending patch,
extracted key/value, automatedly converted everything to your proposed
change, and double checked no typo was floating around.

I also rebuilt a netinst CD with the updated partman-crypto, and
encrypted LVM works fine again. Using “cryptsetup -v status $dev”, I saw
the default “keysize: 512 bits” which matches the default 256 value
above (which gets doubled).

I also checked that passing partman-crypto/keysize=128 at syslinux
prompt made it turn into “keysize: 256 bits”, so it looks like
preseeding still works. I'm adding Jérôme in copy just to make sure.

partman-crypto/86 is already ACCEPTED anyway. :)

Thanks again, Adrian.

Mraw,
KiBi.

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Processing of partman-crypto_86_source.changes
Next by Date: Processed: Re: Bug#793643: partman-crypto: Failure when doing a non-preseeded encrypted install
Previous by thread: Processing of partman-crypto_86_source.changes
Next by thread: Processed: Re: Bug#793643: partman-crypto: Failure when doing a non-preseeded encrypted install
Index(es):
- Date
- Thread