Problem with Busybox sh #2
Comments
|
I think that the 'bad number' message is a distraction here, actually - it's because the $CRYPTTAB_TRIED envvar isn't set at all and the script ends up trying to compare an empty string as a number. (I should probably guard against this!) Are you using an http address or an https address? The regex won't let you use the former, but it's easy enough to change if you really want to. |
|
Thank you very much for your fast response. |
|
I must correct myself: First I removed the 's' of https in the |
|
Apologies for this being such a pain! You'll have to leave Try adding the 'initramfs' option to the end of your crypttab entry: systemd doesn't understand how to use keyscripts (for sort of good reasons) - Debian and Ubuntu can use them, but only in the initramfs. I'm assuming this isn't your root partition - so you have to force it manually. (This is buried in the crypttab man page, but perhaps I should document this more clearly - it's not at all obvious.) |
|
I have added
The system boots from a SSD, which is not encrypted. Just the internal harddiscs are encrypted. |
|
I think that the systemd warnings can be ignored if you're now getting the "remote fetching didn't work" messages. It's very odd that the normal password isn't working. Does the following work (once you're booted)? /lib/cryptsetup/scripts/wget_or_ask "https://example.org/encrypted_keyfile" > temp
sudo cryptsetup luksOpen --test-passphrase /dev/md2 -d temp |
|
negative:
|
|
Apologies - missed out the passphrase. Should have been: /lib/cryptsetup/scripts/wget_or_ask "passphrase:https://example.org/encrypted_keyfile" > temp
sudo cryptsetup luksOpen --test-passphrase /dev/md2 -d temp |
|
Oh yes, the passphrase.... I still receive the complain about 'illegal number', but it works, also the 2nd instruction works, adding a test-passphrase. |
|
Some time ago Ubuntu changed the name of the network interface from
BTW: Is there any fast method to deactivate P.S.: I don't know why, but YouTube rotated the video by 90°...... |
|
Well, syslog still says: |
|
Useful point about the network interface name. I've wondered whether I should include the networking setup script at all, since people might have more complicated network configuration requirements anyway - you'd then have to configure networking using kernel parameters. Disabling it pretty much is a matter of uninstalling it, yes. You'll get systemd complaining whatever - you can ignore these messages in themselves (which I should document). I still think you need the initramfs option in crypttab so that the Debian/Ubuntu script tries to handle decryption (before systemd tries). |
|
Adding the |
|
I'm going to setup a virtual Ubuntu 16.04 machine and see if I can get this working (with an http, not https, URL and with a non-root encrypted drive as well) before I take up any more of your time with guesses. |
|
I got a 16.04 install to the the same point you are by:
At this point Booting resulted in the same error message you had - Running Have you created a filesystem on the decrypted block device? I emphasise 'for me' because I believe there might be other issues that can produce the same error. One is this Ubuntu bug and the other, perhaps, is that if you're using a MD RAID array then that introduces another complication of ensuring that device is available in time for cryptsetup. (If the second of these does crop up, it is solvable - because one of my machines has an encrypted root partition on top of an MD array, and unlocks using this keyscript.) |
|
No, in fact the raid array hasn't got a filesystem, because I just recently bought the two harddiscs and used them as a kind of 'trial balloon' before encrypting the whole system. |
|
Yes, with a filesystem it works like a charm!
|
Using Ubuntu Server 16.04 LTS I got stucked at point 4: Every time I enter the command line "busybox sh..." I get the error "sh: bad number", is there something wrong with the regex-expression inside the script ?
root@ubuntu:~# busybox sh /lib/cryptsetup/scripts/wget_or_ask "mypassword:http://www.my-domain.at/encrypted_keyfile" > unencrypted_keyfilesh: bad numberGetting passphrase remotely failed for . Enter passphrase: **Adding parameter -x to sh results in:
root@ubuntu:~# busybox sh -x /lib/cryptsetup/scripts/wget_or_ask "mypassword:http://www.my-domain.at/encrypted_keyfile" > unencrypted_keyfile+ use_keyring=1+ use_https=1+ [ -z ]+ CRYPTTAB_KEY=mypassword:http://www.my-domain.at/encrypted_keyfile+ sedRegex=^\(.\+\):\(https:\/\/.\+\)$+ echo mypassword:http://www.my-domain.at/encrypted_keyfile+ sed -n -e s/^\(.\+\):\(https:\/\/.\+\)$/\1/p+ openssl_passphrase=+ echo mypassword:http://www.my-domain.at/encrypted_keyfile+ sed -n -e s/^\(.\+\):\(https:\/\/.\+\)$/\2/p+ url=+ keyctl_id=crypttab:mypassword:http://www.my-domain.at/encrypted_keyfile+ [ -gt 0 ]sh: bad number+ [ ! -x /bin/keyctl ]+ [ -z ]+ use_https=0+ use_plymouth=0+ [ -x /bin/plymouth ]+ plymouth --ping+ keyctl_try_fetch+ [ 1 -eq 0 ]+ keyctl search @u user crypttab:mypassword:http://www.my-domain.at/encrypted_keyfile+ kSerial=keyctl_search: Required key not available+ exitCode=1+ [ 1 -eq 0 ]+ [ 1 -ne 1 ]+ https_try_fetch+ [ 0 -eq 0 ]+ return 0+ askpass Getting passphrase remotely failed for . Enter passphrase:+ [ ! -z ]+ [ 0 -eq 1 ]+ /lib/cryptsetup/askpass Getting passphrase remotely failed for . Enter passphrase: Getting passphrase remotely failed for . Enter passphrase: **root@ubuntu:~#The text was updated successfully, but these errors were encountered: