cryptsetup problem in bash script
 

Hello,

Here is an excerpt of my bash script

I have set this script to be invoked automatically through the udev rules, which is as follows:

When I inserted the USB stick, the above script gets triggered. But, on the cryptsetup line, it fails to unlock the partition. But at the same time, when I open a terminal and execute the script manually, it works without a problem.

I can see a huge difference in the environment in which the script runs when triggered automatically and manually. But I can't figure out how to solve this.

Can somebody please throw some light on this? A solution with an explanation will be very much appreciated.

Thanks

Brainstorming..:

Is cryptsetup installed on the usb stick? Perhaps change your script to have the full path to cryptsetup?

My guess is that the script is being run before the automount of /mnt/usb has occurred. You could confirm that by inserting a mount command at the start of your script with output redirected to some file. If that turns out to be the problem, you would just need to add a wait loop to your script.

cryptsetup is not installed in the USB (I don't get the point here. cryptsetup is installed in centos by default).

"My guess is that the script is being run before the automount of /mnt/usb has occurred." - As I have said in my question, it is not during the boot. This script is supposed to get triggered whenever a usb stick is inserted - even very long after the OS boot is complete. I am not at all relying on the usb auto mount. In fact it is a headless non-gui server and no one is directly logged on to it (auto mount will only work when somebody is logged on to a desktop environment).

Again, what I am trying to do is getting a script triggered immediately when a USB storage is inserted, which will look for a particular key in it and will unlock encrypted container(s)/partition(s) using that key.

Thanks for your time guys.

My confusion is due to this:If the inserted usb stick is mounted to /mnt/usb and the key file is on /mnt/usb/mykey, then the key file is on the stick you just inserted. Now you're saying that is not the case??

Hi rknicholos,

Sorry for the confusion. I just thought it is needless to show the steps to discover and mount the usb. But if it confused you then mistake is mine. The script gets triggered(when the usb stick is plugged in) and I could manage to sort out which device that the usb is associated to (/dev/sd[cdef][0-9] etc.) and mount it to /mnt/usb. The problem is the cyptsetup itself. It just fails to perform the luksOpen. I don't get an error message. I get only a non-zero exit value.

But after inserting the usb stick (and after the script failed to perform the cryptsetup luksOpen) if run the script for the command line, it works without any problem.

Hope this clarifies my issue. Please let me know otherwise.

Thanks

OK. I guess I'm just filling in the missing pieces wrong.

If you have SELinux enabled, have you checked for complaints, or tried running in permissive mode? It wouldn't surprise me to learn that trigger scripts got invoked as a fairly restricted type.

Sorry for the delayed reply guys. I have got caught up with other things.

But I quickly tried a test (tiny) partition ie. created a partition of 1G, encrypted it and tried to unlock it automatically through the udev. That seems to be working. There may be something in my script that might have broken things. As the partition I am having problems with is live, I will have to find a right time to take it offline and debug it. I will keep you posted.

Thanks for you help guys.