Marc Schwartz wrote:
Hi all,
I know that this has been reported here for Debian (last month by Dick
Middleton), but wanted to give a heads up to those running on FC5, which
I now am.
The current RPM on FC5 is:
cryptsetup-luks-1.0.3-0.rc2
The return code for the function is fixed at 0, which will cause
problems when testing for a bad passphrase, such as for those using the
'luksopen' script from the wiki.
For example:
# /sbin/cryptsetup luksOpen /dev/sda1 sda1 ; echo "RETURNCODE: $?"
Enter LUKS passphrase:
Command failed: No key available with this passphrase.
RETURNCODE: 0
As a result, the test in the luksopen script:
j=3
while [ "$j" -gt 0 ] && ! cryptsetup luksOpen "$dev" "$map" ; do
let "--j"
done
will actually pass on the first failed passphrase attempt and not cycle
to re-try, proceeding to the next device in the main loop.
BTW, here is a possible workaround for those using the luksopen script
and who are having this problem.
Rather than testing the cryptsetup exit code for a failure as above,
test to see if the /dev/mapper device exists. If not, then re-try the
passphrase:
j=3
while [ "$j" -gt 0 ] && [ ! -e /dev/mapper/"$map" ] ; do
cryptsetup luksOpen "$dev" "$map"
let "--j"
done
I have posted this on the wiki for luksopen for others to use.
HTH,
Marc Schwartz
---------------------------------------------------------------------
- http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
