search

rfjakob / gocryptfs

Encrypted overlay filesystem written in Go
https://nuetzlich.net/gocryptfs/
MIT License
3.4k stars 244 forks source link

Empty stdin in mkinitcpio hook #852

Open Anuskuss opened 1 month ago

Anuskuss commented 1 month ago

I run gocryptfs inside of a mkinitcpio hook but it doesn't ask me for the password it just says:

Reading Password from stdin
Got empty Password from stdin

Using -extpass with e.g. zenity --password isn't a complete solution because that doesn't work in a terminal (e.g. SSH). It used to work in encfs btw.

rfjakob commented 3 weeks ago

This

Reading Password from stdin

means that gocryptfs is not connected to a terminal. Does not matter too much here, it will just not print the Password: prompt.

The message

Got empty Password from stdin

and looking at the code means that stdin is connected to /dev/null or it received a single newline.

It works with EncFS you say? Do you have a reproducer?

Anuskuss commented 3 weeks ago

I'm sure it's not related to mkinitcpio specifically but I don't know any other case where this happens. The only thing remotely close is runing

(gocryptfs /from /to &)

which gives you Got empty Password from stdin.

rfjakob commented 3 weeks ago

Got empty Password from stdin is correct in this case. Check this out, stdin is connected to /dev/null:

$ (sleep 1000 &)

$ pgrep sleep
47248

$  ls -l /proc/47248/fd/0
lr-x------. 1 jakob jakob 64 23. Jun 21:00 /proc/47248/fd/0 -> /dev/null
Anuskuss commented 2 weeks ago

I've been running gocryptfs in a loop because sometimes I mistype the password and I want the command to succeed eventually (basically I replaced encfs with gocryptfs but maybe I should open a feature request for a -retry flag which asks forever) which looks like this:

while true; do gocryptfs /from /to && break; done

which results in the log spam with the two lines above. However just running the command without being in a loop outputs:

Reading Password from stdin
Decrypting master key
failed to unlock master key: cipher: message authentication failed
Password incorrect.

I've tried to catch it in a another shell by running

while true; do readlink /proc/$(pidof -s gocryptfs)/fd/0; done

but that doesn't do anything.

Anuskuss commented 2 weeks ago

Well I guess this works:

gocryptfs /from /to </dev/pts/0 >&0 2>/dev/null

But it sucks.

rfjakob commented 2 weeks ago

And this "while true" loop runs inside the mkinitcpio hook for the problem to appear?

On Mon, 24 Jun 2024, 05:31 Anuskuss, @.***> wrote:

I've been running gocryptfs in a loop because sometimes I mistype the password and I want the command to succeed eventually (basically I replaced encfs with gocryptfs but maybe I should open a feature request for a -retry flag which asks forever) which looks like this:

while true; do gocryptfs /from /to && break; done

which results in the log spam with the two lines above. However just running the command without being in a loop outputs:

Reading Password from stdin Decrypting master key failed to unlock master key: cipher: message authentication failed Password incorrect.

I've tried to catch it in a another shell by running

while true; do readlink /proc/$(pidof -s gocryptfs)/fd/0; done

but that doesn't do anything.

— Reply to this email directly, view it on GitHub https://github.com/rfjakob/gocryptfs/issues/852#issuecomment-2185518543, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACGA77FRLXPQYB7W3KCLLLZI6HJJAVCNFSM6AAAAABI7I6EKSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBVGUYTQNJUGM . You are receiving this because you commented.Message ID: @.***>

Anuskuss commented 2 weeks ago

It doesn't work either way it just results in a slightly different error.