AlexSSD7 / linsk

📂 Access Linux-native file systems (including LVM and LUKS) on Windows and macOS with help of a lightweight Alpine Linux VM. x86/ARM supported.
GNU General Public License v3.0
303 stars 13 forks source link

Unable to mount using run, but can mount running shell and manually entering commands #11

Open equipematou opened 11 months ago

equipematou commented 11 months ago

First, thanks for doing this; it seems a clever way to approach mounting ext4 under Mac and Windows. I am running on Mac Sonoma, M2 hardware. I had to manually build qemu, which was its own story. I ended up building my own linsk as well as trying the binary available on the site; there was no difference.

There may be something obvious I am missing, but I cannot make the given command line work to mount a luks ext4 partition.

The disk has a single encrypted partition, so in linsk parlance it is vdb1. Running with mapper/vdb1 did not work; it gave a different message about not finding the disk. I ran the following:

# sudo linsk run dev:/dev/disk4 vdb1

time=2023-12-20T01:07:53.242-06:00 level=INFO msg="Booting the VM" caller=vm time=2023-12-20T01:08:18.275-06:00 level=INFO msg="The VM is up, setting it up" caller=vm time=2023-12-20T01:08:23.125-06:00 level=INFO msg="The VM is ready" caller=vm time=2023-12-20T01:08:23.266-06:00 level=INFO msg="Mounting the device" dev=vdb1 fs= luks=true time=2023-12-20T01:08:23.308-06:00 level=INFO msg="Attempting to open a LUKS device" caller=file-manager vm-path=/dev/vdb1 Enter Password: <=== TYPED AND COPIED/PASTED THE SAME KEY USED BELOW time=2023-12-20T01:08:28.388-06:00 level=ERROR msg="Failed to mount the disk inside the VM" error="luks open: wait for cryptsetup luksopen cmd to finish (log: 'No key available with this passphrase.'): Process exited with status 2" time=2023-12-20T01:08:28.388-06:00 level=WARN msg="Canceling the VM context" caller=vm time=2023-12-20T01:08:28.423-06:00 level=WARN msg="Sending poweroff command to the VM" caller=vm time=2023-12-20T01:08:28.428-06:00 level=INFO msg="Shutting the VM down safely" caller=vm

====

# cryptsetup luksOpen -d key /dev/vdb1 arch # mkdir mnt # mount /dev/mapper/arch mnt

and to my amazement it was mounted and accessible. I am very certain the key used was the same one that did not work with the direct command. On the direct command I tried typing it in and pasting it in, and it never worked.

I thought to post all this in case it is useful. I hope I have not wasted your and my time by not seeing the obvious, but I could not make the one line operation work. I was at least able to see that it does mount if I open it manually.

Thanks...

equipematou commented 11 months ago

I continued to work with this by adding Println statements to reflect the devices I specified and the passphrase that I entered, and they are correct. I continue to see the error:

time=2023-12-20T01:08:28.388-06:00 level=ERROR msg="Failed to mount the disk inside the VM" error="luks open: wait for cryptsetup luksopen cmd to finish (log: 'No key available with this passphrase.'): Process exited with status 2"

I could not find a way to make cryptsetup echo the passphrase. In a shell in the VM I can manually open the drive with cryptsetup and the same passphrase, so I know the passphrase matches key slot 3 and properly opens the drive. I have expanded memory to 2G, lengthened the timeouts, and nothing changes the result.

I hope this is useful to you; I have tried to test carefully so as not to waste your time, but I cannot open the drive with the 'run' command and a passphrase that I know works. It appears that the stdin pipe to pass the passphrase to cryptsetup is not working; I hesitate to conclude that, but that is the only explanation I have been able to find for why a known good passphrase does not work; somehow it is not properly arriving to cryptsetup.

AlexSSD7 commented 11 months ago

Hello. Do you have any non-ASCII characters in the password?

On Thu, Dec 21, 2023 at 16:59, equipematou @.***(mailto:On Thu, Dec 21, 2023 at 16:59, equipematou < wrote:

I continued to work with this by adding Println statements to reflect the devices I specified and the passphrase that I entered, and they are correct. I continue to see the error:

time=2023-12-20T01:08:28.388-06:00 level=ERROR msg="Failed to mount the disk inside the VM" error="luks open: wait for cryptsetup luksopen cmd to finish (log: 'No key available with this passphrase.'): Process exited with status 2"

I could not find a way to make cryptsetup echo the passphrase. In a shell in the VM I can manually open the drive with cryptsetup and the same passphrase, so I know the passphrase matches key slot 3 and properly opens the drive. I have expanded memory to 2G, lengthened the timeouts, and nothing changes the result.

I hope this is useful to you; I have tried to test carefully so as not to waste your time, but I cannot open the drive with the 'run' command and a passphrase that I know works. It appears that the stdin pipe to pass the passphrase to cryptsetup is not working; I hesitate to conclude that, but that is the only explanation I have been able to find for why a known good passphrase does not work; somehow it is not properly arriving to cryptsetup.

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: @.***>

equipematou commented 11 months ago

Thanks for the response! The passphrase consists of upper and lower case letters, numbers, and '+'. The key used to mount the drive on a linux system was binary and unprintable in key slot 1, so I added a simpler passphrase in slot 3; I used the simpler phrase to try and mount it with linsk.

AlexSSD7 commented 5 months ago

@equipematou I am deeply sorry for the delayed response.

I tried reproducing this, but I had no success. If this issue is still relevant, I created a branch with a small debug print that displays the read password right after it was entered.

Here is the branch: https://github.com/AlexSSD7/linsk/tree/pwd-entry-debug

You can build Linsk off that branch and try running it. Upon entering the password, you will be provided with a debug print stating what password was read. If you could confirm whether the read password matches what was actually entered, it would greatly assist with investigating the issue.

Here is how you can build Linsk off the pwd-entry-debug branch and run it:

git clone https://github.com/AlexSSD7/linsk
cd linsk
git checkout pwd-entry-debug
go build
sudo ./linsk run # ... usual usage

Upon running and entering the password, you will see it logged in the terminal:

$ sudo ./linsk run -l dev:/dev/diskX
time=2024-06-17T22:44:45.962+01:00 level=WARN msg="Using raw block device passthrough. Please note that it's YOUR responsibility to ensure that no device is mounted in your OS and the VM at the same time. Otherwise, you run serious risks. No further warnings will be issued." caller=vm
time=2024-06-17T22:44:45.968+01:00 level=INFO msg="Booting the VM" caller=vm
time=2024-06-17T22:45:04.993+01:00 level=INFO msg="The VM is up, setting it up" caller=vm
time=2024-06-17T22:45:08.835+01:00 level=INFO msg="The VM is ready" caller=vm
time=2024-06-17T22:45:08.985+01:00 level=INFO msg="Mounting the device" dev=vdb fs=<auto> luks=true
time=2024-06-17T22:45:09.029+01:00 level=INFO msg="Attempting to open a LUKS device" caller=file-manager vm-path=/dev/vdb
Enter Password: 
PWD: 'APV8NUeWcpz+xCd6K'
time=2024-06-17T22:45:12.290+01:00 level=INFO msg="LUKS device opened successfully" caller=file-manager vm-path=/dev/vdb
...

As you see, APV8NUeWcpz+xCd6K is what I tried. It worked. Similar device specs here.