Bug#720515: cryptsetup: Please complain loudly about invalid source devices in /etc/crypttab

Wed, 09 Dec 2015 12:39:39 -0800 

Control: forcemerge -1 781955 784435
Control: title -1 cryptsetup: Please complain loudly about invalid source 
devices in /etc/crypttab
Control: tag -1 + patch

Hi,

On Thu, 22 Aug 2013 at 23:22:27 +0200, Eduard Bloch wrote:
> The ugly side is that there is simply no warning mentioning this
> problem, and that's the first time I see something failing in such a
> way. mount accepts double quotes just fine.

The format for source devices is documented in crypttab(5):

  “The second field, source device, describes either the block special
   device or file that contains the encrypted data. Instead of giving
   the source device explicitly, the UUID is supported as well, using
   UUID=<luks_uuid>”

That being said, it's true that the hook file should warn the user that
something is fishy.  Patch enclosed.

Cheers,
-- 
Guilhem.

From 6aeeece58c88ebcb9cae24b3c74a2ec3b5b6036d Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guil...@guilhem.org>
Date: Wed, 9 Dec 2015 21:33:16 +0100
Subject: [PATCH] d/initramfs/cryptroot-hook: Display a warning for invalid
 source devices.

---
 debian/changelog                | 2 ++
 debian/initramfs/cryptroot-hook | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index ac35aed..b0eb6ce 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -41,6 +41,8 @@ cryptsetup (2:1.7.0-1~mejo2) mejo-unstable; urgency=medium
     to cryptroot initramfs script. (closes: #801479)
   * debian/README.initramfs, debian/initramfs/cryptroot-hook: add support for
     storing keyfiles directly in the initrd. (closes: #786578)
+  * debian/initramfs/cryptroot-hook: display a warning for invalid source
+    devices (closes: #720515)
 
  -- Jonas Meurer <m...@debian.org>  Wed, 09 Dec 2015 16:07:18 +0100
 
diff --git a/debian/initramfs/cryptroot-hook b/debian/initramfs/cryptroot-hook
index 4b1eadd..34b411a 100644
--- a/debian/initramfs/cryptroot-hook
+++ b/debian/initramfs/cryptroot-hook
@@ -268,6 +268,10 @@ get_device_opts() {
 			source="$link"
 		fi
 	fi
+	if [ "UUID=${source#UUID=}" = "$source" -a ! -b "/dev/disk/by-uuid/${source#UUID=}" ] ||
+		[ "/${source#/}" = "$source" -a ! -b "$source" ]; then
+			echo "cryptsetup: WARNING: Invalid source device $source" >&2
+	fi
 
 	# Sanity checks for $key
 	if [ "$key" = "/dev/random" ] || [ "$key" = "/dev/urandom" ]; then
-- 
2.6.3

Attachment: signature.asc
Description: PGP signature

Reply via email to