#3489 PR merged: Use temporary LUKS password file in 160_include_luks_code.sh¶
Labels: bug, fixed / solved / done
jsmeix opened issue at 2025-07-03 15:35:¶
-
Type: Bug Fix
-
Impact: Normal
-
Reference to related issue (URL):
see at the end of
https://github.com/rear/rear/issues/3483#issuecomment-3032444609 -
How was this pull request tested?
see below
https://github.com/rear/rear/pull/3489#issuecomment-3032748572 -
Description of the changes in this pull request:
Use a temporary file in the ReaR recovery system
which contains the LUKS password value to avoid
that a password variable needs to be evaluated.
jsmeix commented at 2025-07-03 15:42:¶
How this pull request was tested:
With the changes here I did the same as in
https://github.com/rear/rear/issues/3483#issuecomment-3023400410
but now:
RESCUE localhost:~ # rear -D recover
...
Using log file: /var/log/rear/rear-localhost.log
Using build area: /var/tmp/rear.Hz1R6YOwM3YkUDn
Setting TMPDIR to '/var/tmp' (was unset when ReaR was launched)
...
RESCUE localhost:~ # grep johannes /var/log/rear/rear-localhost.log
[no output]
RESCUE localhost:~ # grep johannes /var/lib/rear/layout/diskrestore.sh
[no output]
so the LUSK password 'johannes' is
neither in the ReaR log file
nor in the diskrestore.sh script
but it is still in disklayout.conf
RESCUE localhost:~ # grep johannes /var/lib/rear/layout/disklayout.conf
crypt /dev/mapper/cr_root /dev/vda2 ... password=johannes
crypt /dev/mapper/cr_swap /dev/vda3 ... password=johannes
which is unavoidable because I had manually added it there, see
https://github.com/rear/rear/issues/3483#issuecomment-3023400410
Where the LUKS password files are in the ReaR recovery system
(after "rear -D recover" had finished):
RESCUE localhost:~ # find / | grep LUKS_password
/var/tmp/LUKS_password.yc6OfHJR7auphuc
/var/tmp/LUKS_password.oEg95FARpHYRpty
RESCUE localhost:~ # cat /var/tmp/LUKS_password.yc6OfHJR7auphuc
johannes
RESCUE localhost:~ # cat /var/tmp/LUKS_password.oEg95FARpHYRpty
johannes
jsmeix commented at 2025-07-03 16:01:¶
In the rebooted recreated system
# find /var/log/rear/recover -type f | xargs grep johannes
shows that the LUKS password 'johannes' is only in
/var/log/rear/recover/layout/disklayout.conf
and in an automated 'orig' backup file
/var/log/rear/recover/layout/disklayout.conf.20250703172311.recover.791.orig
Also
# find / -xdev -type f | xargs grep -I -l johannes 2>/dev/null
did not find a ReaR related file which contains the LUKS password.
[Export of Github issue for rear/rear.]