From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OETEm-0000Ao-7F for garchives@archives.gentoo.org; Tue, 18 May 2010 20:18:00 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 56833E07B5; Tue, 18 May 2010 20:17:36 +0000 (UTC) Received: from zion.lichtfels.com (zion.lichtfels.com [88.198.33.170]) by pigeon.gentoo.org (Postfix) with ESMTP id 0ADC6E07B5 for ; Tue, 18 May 2010 20:17:36 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by zion.lichtfels.com (Postfix) with ESMTP id C4D2E184008; Tue, 18 May 2010 22:17:34 +0200 (CEST) Received: from zion.lichtfels.com ([127.0.0.1]) by localhost (zion [127.0.0.1]) (amavisd-maia, port 10024) with LMTP id 24527-07; Tue, 18 May 2010 22:17:33 +0200 (CEST) Received: from [172.32.99.7] (mail.oops.co.at [213.129.238.225]) by zion.lichtfels.com (Postfix) with ESMTPA id 8B5C2184003; Tue, 18 May 2010 22:17:32 +0200 (CEST) Message-ID: <4BF2F5DA.7090808@xunil.at> Date: Tue, 18 May 2010 22:17:30 +0200 From: "Stefan G. Weichinger" Organization: oops! User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100504 Lightning/1.0b2pre Thunderbird/3.0.4 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: Jan Engelhardt CC: gentoo-user@lists.gentoo.org, Daniel Troeder , walt , Florian Philipp , Jason Dusek , Till Maas , hanno@gentoo.org Subject: Re: [gentoo-user] Re: Kernel upgrade and now LUKS failure References: <4BF108F3.1080304@xunil.at> <4BF299B4.2040306@xunil.at> <4BF2C6A7.6040607@xunil.at> <4BF2E336.8030106@xunil.at> <4BF2EB88.8010403@xunil.at> In-Reply-To: X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-maia at lichtfels.com X-Archives-Salt: 8620f567-8dca-4071-8110-1bf5ec18323c X-Archives-Hash: 066c80467211d38dd507a7a322289242 Am 18.05.2010 22:06, schrieb Jan Engelhardt: > > On Tuesday 2010-05-18 21:33, Stefan G. Weichinger wrote: >> Am 18.05.2010 20:57, schrieb Stefan G. Weichinger: >> >>> On the other hand I would like to get that done right, sure. >>> >>> Any howto without pmt-ehd that would keep me safe from newlines >>> etc (btw. there were NO newlines in that hexdump-output)? >> >> Created a new encrypted LV and used "--key-file=-" as mentioned >> in: >> >> http://pam-mount.git.sourceforge.net/git/gitweb.cgi?p=pam-mount/pam-mount;a=blob;hb=master;f=doc/bugs.txt >> >> >> Still no success with 2.x ... > > Debugging preexisting containers is hard (because people usually > don't share that.) > > Since you are starting with a blank one, I would love to see your > failing testcase -- i.e. sequence of shell commands to trigger the > unanticipated behavior, such as the existing testcases in > src/t-crypt: > > echo that | openssl whatever cryptsetup luksFoo,Format,Open that. > mkfs cryptsetup luksClose mount.crypt -o [...] > > It does not need to follow t-crypt's style, just the sequence alone > is good. I saved my history, unfortunately only the last steps were kept, but I am able to reconstruct: The block-device is /dev/VG01/sgwcrypt ... #I tried a more complicated KEY KEY=`head -c 79 /dev/urandom` # avoid newline here echo -n $KEY | openssl aes-256-cbc > /etc/security/super.key # format it, using "--keyfile=-" as mentioned in bugs ... openssl aes-256-cbc -d -in /etc/security/super.key | cryptsetup -v --key-file=- --cipher aes-cbc-plain --key-size 256 luksFormat /dev/VG01/sgwcrypt # open it openssl aes-256-cbc -d -in /etc/security/super.key | cryptsetup -v --key-file=- luksOpen /dev/VG01/sgwcrypt newhome # create fs on the open luks-volume mkfs.ext3 /dev/mapper/newhome # mount the new fs mount /dev/mapper/newhome /mnt/gschwind all this worked OK so far, but not with pam_mount. OK? Stefan