mount.crypt demands -o cipher even for LUKS volumes
Brought to you by:
jengelh
Menu
▾
▴
#38 mount.crypt demands -o cipher even for LUKS volumes
If I want to mount a luks volume, mount.crypt demands a -o cipher=xxx option:
/sbin/mount.crypt_LUKS: No dmcrypt cipher specified (use -o cipher=xxx)
Iirc, it is not used for luks volumes, e.g. this works:
mount -o cipher=blah /dev/loop0 /mnt/lala/
I tested the 1.2 tarball.
Created commit f1ece6a: mount.crypt: only require -o cipher when used with a keyfile
Closing as FIXED.
This does not fix the issue, because "-o cipher" is only needed if it it not a LUKS device, it does not matter whether or not a keyfile is used. E.g. this volume definition works:
<volume user="testor" mountpoint="/home/testor/pam_mount-test/mnt" path="/home/testor/pam_mount-test/image" fstype="crypt" fskeycipher="aes-256-ecb" fskeypath="/home/testor/pam_mount-test/key" fskeyhash="md5" cipher="foo"/>
Which shows that cipher="foo" is not needed, but mount.crypt demands it.
If you do not give a keyfile, mount.crypt will not ask for a dmcipher either.
if (opt->fsk_file != NULL) { /* <- LOOK */
if (opt->fsk_cipher == NULL) {
fprintf(stderr, "%s: No openssl cipher specified "
"(use -o fsk_cipher=xxx)\n", **argv);
return false;
} else if (opt->fsk_hash == NULL) {
fprintf(stderr, "%s: No openssl hash specified "
"(use -o fsk_hash=xxx)\n", **argv);
return false;
} else if (opt->dmcrypt_cipher == NULL) {
fprintf(stderr, "%s: No dmcrypt cipher specified "
"(use -o cipher=xxx)\n", **argv);
return false;
}
}
If the volume is not a LUKS one, but a dm-crypt one, the "dmcrypt_cipher" would be needed, regardless of whether a "fsk_file" is used. Also "dmcrypt_cipher" is not needed, if a LUKS volume is openend, even if a "fsk_file" is specified.
Fixed.
I did not yet test it, but I noticed that the changelog message is misleading:
| - mount.crypt: only require -o cipher when used with non-LUKS and keyfile
There still the keyfile is mentioned.
Argh :p
but it's just the log this time.