Jump to content

Building with cryptroot (with SSH-unlock) seems broken?


switch

Recommended Posts

I'm attempting to build an image for the ROC-RK3328-CC (Renegade) with cryptroot encryption (and SSH unlock) enabled, but I run into weird behavior.

 

The board will start and I can SSH in and reach the BusyBox prompt. So far so good but from what I've gathered I should enter the command "unlock" there to display the cryptroot password prompt. However it only results in the message -sh: unlock: not found. I read somewhere else the command might be "cryptroot-unlock" but that instead gives nothing, not even the error message.

 

Furthermore, regardless whether I enter any commands, around 10 seconds into the SSH session it will freeze and I eventually get kicked off with a broken pipe error. I suspect the board is restarting by itself but it is difficult to verify because it is running headless. After a few seconds I'm able to SSH in again for another ~10 sec session.

 

Building it without cryptroot works just fine and the board starts normally and I can SSH in. I have not tested building it with cryptroot only (without the SSH-unlock ability), because again it is difficult to verify due to the headless setup.

 

Has anyone run into these kind of behavior when building Armbian images with cryptroot setup or have any idea what's gone wrong? Is it a bug in the build cryptroot feature?

 

Below is my config-default.conf

 

KERNEL_ONLY="no"
KERNEL_CONFIGURE="no"
CLEAN_LEVEL="make,debs,oldcache"

DEST_LANG="en_US.UTF-8"

EXTERNAL_NEW="prebuilt"
INSTALL_HEADERS="yes"
LIB_TAG="master"
USE_TORRENT="yes"
CARD_DEVICE="/dev/sdb"

BOARD="renegade"
RELEASE="buster"
BUILD_MINIMAL="yes"

CRYPTROOT_ENABLE="yes"
CRYPTROOT_PASSPHRASE="password"
CRYPTROOT_SSH_UNLOCK="yes"
CRYPTROOT_SSH_UNLOCK_PORT="2222"

 

Link to comment
Share on other sites

6 hours ago, switch said:

Has anyone run into these kind of behavior when building Armbian images with cryptroot setup or have any idea what's gone wrong? Is it a bug in the build cryptroot feature?


This feature was a work from someone that was not a part of the core group. I said: do it and if it doesn't break anything we will accept it. We are unable to support it so functionality will be either removed or if someone takes a look what is wrong. I saw other people reporting, so its indeed broken.

Link to comment
Share on other sites

On 10/2/2019 at 3:57 AM, Igor said:


This feature was a work from someone that was not a part of the core group. I said: do it and if it doesn't break anything we will accept it. We are unable to support it so functionality will be either removed or if someone takes a look what is wrong. I saw other people reporting, so its indeed broken.

This is unfortunate because building an image with cryptroot pre-installed is a very useful feature to have, doing it manually later is hell.

 

I'll create a Github issue and ping the author of the pull to see if he or anyone else is able to fix it.

Link to comment
Share on other sites

3 hours ago, switch said:

This is unfortunate because building an image with cryptroot pre-installed is a very useful feature to have, doing it manually later is hell.

 

Development is nice and glorious. Most of people like to do that. Me included. Hell is maintaining this project with our private time.

 

3 hours ago, switch said:

I'll create a Github issue and ping the author of the pull to see if he or anyone else is able to fix it.


Good idea. Let's see.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines