Re: [PATCH v2] crypt: Prevent asking for password multiple times if non-default crypt name is used.

All of lore.kernel.org
 help / color / mirror / Atom feed

From: James Lee <jlee-RWYTM8lfiZY4k1Tz1RznXQC/G2K4zDHf@public.gmane.org>
To: initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH v2] crypt: Prevent asking for password multiple times if non-default crypt name is used.
Date: Fri, 10 Jan 2014 11:55:17 -0500	[thread overview]
Message-ID: <52D025F5.1050703@thestaticvoid.com> (raw)
In-Reply-To: <1388149248-23146-1-git-send-email-colin-odJJhXpcy38dnm+yROfE0A@public.gmane.org>

On 12/27/2013 08:00 AM, Colin Guthrie wrote:
> If a non-default device mapper name is used for an encrypted partion is
> used, (i.e. not luks-$UUID) due to parsing of /etc/crypttab, then the
> short-circuits put in place to prevent asking the password twice do not
> work.
> 
> This would not normally be an issue as the settled job itself should be
> removed after it has run and thus cannot be run again. Sadly, due to
> the corresponding udev rule using ACTION="add|changed", and the fact
> that trying to unlock the device (whether successful or not) seems to
> trigger a changed event, it means the settled job is recreated with
> each itteration thus causing the whole loop to run again.
> 
> It is this situation that the short-circuit exits would normally come
> into play but sadly do not work when non-standard names are used.
> 
> By the time the /tmp/cryptroot-asked-$2 file is written near the end of
> the script, the value of $2 has already been lost due to the argument
> parsing code's use of 'shift'. So while on systems where the default
> name is used are protected by checking /dev/mapper/xxxx, the
> /tmp/cryptroot-asked-$2 file didn't help on systems where this was not
> used due to this bug.
> 
> So this commit shuffles things around somewhat such that:
> 
>  1. The /dev/mapper/xxxx device is checked *after* resolving $2 (which
>     contains the default name) to whatever /etc/crypttab specifies.
>  2. The cryptroot-asked-xxxx file also uses the translated name both
>     for the initial check and to flag when it's written.
> 
> As a separate fix, it might make sense to change the udev rule to only
> act on add events rather than add|change events, but I'm not sure of the
> ramifications of such a change and there may be cases where the add
> event is missed and thus the change event needs to be included.
> ---
> 
>  v2: Fix issue where getargbool was not defined due to deferred loading
>      of dracut-crypt-lib.sh

I believe I've seen the situation this patch is trying to fix.  I will
test these patches with my fairly complex crypt setup [1] this weekend.

James

[1]
https://thestaticvoid.com/post/2013/10/26/how-i-do-encrypted-mirrored-zfs-root-on-linux/

next prev parent reply	other threads:[~2014-01-10 16:55 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-12-26 21:26 [PATCH 1/2] crypt: Prevent asking for password multiple times if non-default crypt name is used Colin Guthrie
     [not found] ` <1388093183-19045-1-git-send-email-colin-odJJhXpcy38dnm+yROfE0A@public.gmane.org>
2013-12-26 21:26   ` [PATCH 2/2] crypt: Only write udev rules to unlock when the device is added Colin Guthrie
     [not found]     ` <1388093183-19045-2-git-send-email-colin-odJJhXpcy38dnm+yROfE0A@public.gmane.org>
2014-01-14  7:16       ` James Lee
2014-01-28 14:39       ` Harald Hoyer
     [not found]         ` <52E7C138.4060909-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-01-28 15:41           ` Colin Guthrie
2013-12-27 13:00   ` [PATCH v2] crypt: Prevent asking for password multiple times if non-default crypt name is used Colin Guthrie
     [not found]     ` <1388149248-23146-1-git-send-email-colin-odJJhXpcy38dnm+yROfE0A@public.gmane.org>
2014-01-10 16:55       ` James Lee [this message]
     [not found]         ` <52D025F5.1050703-RWYTM8lfiZY4k1Tz1RznXQC/G2K4zDHf@public.gmane.org>
2014-01-13 15:30           ` James Lee
     [not found]             ` <52D40696.4080204-RWYTM8lfiZY4k1Tz1RznXQC/G2K4zDHf@public.gmane.org>
2014-01-17 10:32               ` Colin Guthrie
2014-01-28 14:38       ` Harald Hoyer
     [not found]         ` <52E7C0FD.1030209-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2014-01-28 15:40           ` Colin Guthrie

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52D025F5.1050703@thestaticvoid.com \
    --to=jlee-rwytm8lfizy4k1tz1rznxqc/g2k4zdhf@public.gmane.org \
    --cc=initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.