Describe the bug
the ask password scripts in 90crypt module currently read multiple values of 'rd.luks.timeout', if there are multiple entries by that name on the kernel command line formed by a concatenation of (1) the kernel command line provided to dracut config at build time, and (2) the kernel command line provided by grub loader.
Those multiple entries are separated by a newline, which is then injected into the command line for cryptsetup causing cryptsetup to fail with syntax error and help output instead of prompting for a volume decryption password.
Distribution used
All for past 6 years.
Dracut version
060
Init system
any. systemd, initv, openrc
To Reproduce
include in one command line, rd.luks.timeout=1 ... rd.luks.timeout=20
dmesg and debug output during init show failure to prompt for password and show the --help output of cryptsetup
Expected behavior
chose only the first or last value found, not a newline separated list.
Additional context
some command line arguments should have a plural list, but rd.luks.timeout is not one of those unless we parsed to match a list of timeouts to go with a list of encrypted volumes. Also, the timeout can be provided and sourced via the /etc/crypttab
acceptable remediation
get first value only, with no newline.
Describe the bug the ask password scripts in 90crypt module currently read multiple values of 'rd.luks.timeout', if there are multiple entries by that name on the kernel command line formed by a concatenation of (1) the kernel command line provided to dracut config at build time, and (2) the kernel command line provided by grub loader.
Those multiple entries are separated by a newline, which is then injected into the command line for
cryptsetup
causingcryptsetup
to fail with syntax error and help output instead of prompting for a volume decryption password.Distribution used All for past 6 years.
Dracut version 060
Init system any. systemd, initv, openrc
To Reproduce include in one command line,
rd.luks.timeout=1 ... rd.luks.timeout=20
dmesg and debug output during init show failure to prompt for password and show the--help
output of cryptsetupExpected behavior chose only the first or last value found, not a newline separated list.
Additional context some command line arguments should have a plural list, but
rd.luks.timeout
is not one of those unless we parsed to match a list of timeouts to go with a list of encrypted volumes. Also, the timeout can be provided and sourced via the/etc/crypttab
acceptable remediation get first value only, with no newline.