Bug#793643: partman-crypto: Failure when doing a non-preseeded encrypted install

[Cyril Brulebois]

Control: severity -1 serious

Hi Adrian,

Adrian Kretz <adriankr...@gmail.com> (2015-07-25):
> Package: partman-crypto
> Version: 84
> Severity: important
> Tags: patch
> 
> Hi,
> 
> commit 3d537db63a0d9101211dbe381e391232d1933949 introduced a bug which
> causes a fully encrypted install to fail when no options are set using
> debconf. The following patch should fix this.

Many thanks! It's been added to errata (with a link to this report since
a few hours), and I've finally managed to allocate some time to check
this.

> diff --git a/lib/crypto-base.sh b/lib/crypto-base.sh
> index e4316d3..22f6b0f 100644
> --- a/lib/crypto-base.sh
> +++ b/lib/crypto-base.sh
> @@ -575,16 +575,16 @@ crypto_set_defaults () {
>  
>       case $type in
>           dm-crypt)
> -             db_get partman-crypto/cipher || RET=aes
> -             echo $RET > $part/cipher
> -             db_get partman-crypto/keysize || RET=256
> -             echo $RET > $part/keysize
> -             db_get partman-crypto/ivalgorithm || RET=xts-plain64
> -             echo $RET > $part/ivalgorithm
> -             db_get partman-crypto/keytype || RET=passphrase
> -             echo $RET > $part/keytype
> -             db_get partman-crypto/keyhash || RET=sha256
> -             echo $RET > $part/keyhash
> +             db_get partman-crypto/cipher
> +             echo ${RET:-aes} > $part/cipher
> +             db_get partman-crypto/keysize
> +             echo ${RET:-256} > $part/keysize
> +             db_get partman-crypto/ivalgorithm
> +             echo ${RET:-xts-plain64} > $part/ivalgorithm
> +             db_get partman-crypto/keytype
> +             echo ${RET:-passphrase} > $part/keytype
> +             db_get partman-crypto/keyhash
> +             echo ${RET:-sha256} > $part/keyhash
>               ;;
>       esac
>       return 0

Just to make sure I went to a commit without the offending patch,
extracted key/value, automatedly converted everything to your proposed
change, and double checked no typo was floating around.

I also rebuilt a netinst CD with the updated partman-crypto, and
encrypted LVM works fine again. Using “cryptsetup -v status $dev”, I saw
the default “keysize: 512 bits” which matches the default 256 value
above (which gets doubled).

I also checked that passing partman-crypto/keysize=128 at syslinux
prompt made it turn into “keysize: 256 bits”, so it looks like
preseeding still works. I'm adding Jérôme in copy just to make sure.

partman-crypto/86 is already ACCEPTED anyway. :)

Thanks again, Adrian.

Mraw,
KiBi.

signature.asc
Description: Digital signature