[PATCH] antievilmaid: dracut: fix /etc/{passwd,group,shadow} entries
45 views
Skip to first unread message
HW42
Jun 29, 2016, 10:30:34 PM6/29/16
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
on R3.2-rc1 antievilmaid is broken because tcsd doesn't start since
it's user entry in /etc/passwd in the initramfs is missing. With the
newer dracut version other modules also edit passwd and therefore the
old way of installing it doesn't work anymore. See attachment for a
patch.
HW42
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXdIQRAAoJEOSsySeKZGgWOoEP/0PTdugLfEnCK2a5vAgzp6Le
0MZawHI798sTNGHXhftPEv52nEeREvcLcQdH7yZh8Dl6HmM54xKr2tc27UAnds9L
vj6jTNLxbYZPXkoORkIw2kFblxpOKtL9/j8LQ1EddOKpud43tqUpqqnSy0QU4ZRX
Z+itHEabr9A3itd8SHM7zCW5sIy6uuk9nV9/S1gECNH8bvDSEb9WcyW23CdxQhqN
BguHTvt6Uoj55RqWMyrBRP3RcOb/7okoJ+ZcQ5ke/itd9eVnOC/iqgTzHlCQDQSm
6ALcX331as7gmFdwaWCK41YGa0Dy8yzHd7QRi+q2DYNtcfRr0anMzNdG3JjwXm+O
YYWtElxFuHd+PVyC7OJAy9QYQ4nTTvYAgOtl3COe1JdlyvsMLHGHMcPhD7zoZ8Yt
5Cz2prY4EhuMhqDikbzMK4oS+kPEordN5C5mAHGbSbE12XrJR4MFvaqnRKYRun1D
Aj2a8mgGYm1ZKhrQhrewc04K5hCCU9GEOgVN9ENvYwrSDd0aom7om4b6rxoU9Huz
5see69Gv++fFuNfJOgMty3lnY9o99MPfVbF3koCaCU6eauH3jyFGifAKkkNKrji4
oWmxgGTC1Q28lVB0kbwfKek+1eH8TSbov/mJNooViyEGIDpYEeRUyocthvnG1DlL
kuTmZUt8YHqrx2KVAUCc
=wnbw
-----END PGP SIGNATURE-----
Hash: SHA512
Hi,
on R3.2-rc1 antievilmaid is broken because tcsd doesn't start since
it's user entry in /etc/passwd in the initramfs is missing. With the
newer dracut version other modules also edit passwd and therefore the
old way of installing it doesn't work anymore. See attachment for a
patch.
HW42
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXdIQRAAoJEOSsySeKZGgWOoEP/0PTdugLfEnCK2a5vAgzp6Le
0MZawHI798sTNGHXhftPEv52nEeREvcLcQdH7yZh8Dl6HmM54xKr2tc27UAnds9L
vj6jTNLxbYZPXkoORkIw2kFblxpOKtL9/j8LQ1EddOKpud43tqUpqqnSy0QU4ZRX
Z+itHEabr9A3itd8SHM7zCW5sIy6uuk9nV9/S1gECNH8bvDSEb9WcyW23CdxQhqN
BguHTvt6Uoj55RqWMyrBRP3RcOb/7okoJ+ZcQ5ke/itd9eVnOC/iqgTzHlCQDQSm
6ALcX331as7gmFdwaWCK41YGa0Dy8yzHd7QRi+q2DYNtcfRr0anMzNdG3JjwXm+O
YYWtElxFuHd+PVyC7OJAy9QYQ4nTTvYAgOtl3COe1JdlyvsMLHGHMcPhD7zoZ8Yt
5Cz2prY4EhuMhqDikbzMK4oS+kPEordN5C5mAHGbSbE12XrJR4MFvaqnRKYRun1D
Aj2a8mgGYm1ZKhrQhrewc04K5hCCU9GEOgVN9ENvYwrSDd0aom7om4b6rxoU9Huz
5see69Gv++fFuNfJOgMty3lnY9o99MPfVbF3koCaCU6eauH3jyFGifAKkkNKrji4
oWmxgGTC1Q28lVB0kbwfKek+1eH8TSbov/mJNooViyEGIDpYEeRUyocthvnG1DlL
kuTmZUt8YHqrx2KVAUCc
=wnbw
-----END PGP SIGNATURE-----
Andrew David Wong
Jun 30, 2016, 12:53:20 AM6/30/16
to HW42, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2016-06-29 19:29, HW42 wrote:
> Hi,
>
> on R3.2-rc1 antievilmaid is broken because tcsd doesn't start
> since it's user entry in /etc/passwd in the initramfs is missing.
> With the newer dracut version other modules also edit passwd and
> therefore the old way of installing it doesn't work anymore. See
> attachment for a patch.
>
> HW42
>
Thank you!
> Hi,
>
> on R3.2-rc1 antievilmaid is broken because tcsd doesn't start
> since it's user entry in /etc/passwd in the initramfs is missing.
> With the newer dracut version other modules also edit passwd and
> therefore the old way of installing it doesn't work anymore. See
> attachment for a patch.
>
> HW42
>
Does this strictly apply only to R3.2-rc1, or is it possible that the
bug was also present in R3.1? Just wondering if it might have anything
to do with the problem I experienced here:
https://groups.google.com/d/topic/qubes-users/SHIhAlE-Ueg/discussion
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXdKWzAAoJENtN07w5UDAw7yAP/jOrMOtrf/EQOnG3lfy67HQp
RGdYJxn1XzDcI5ngO6mY9xmMlJIXVcI5OKys7FUD7tsFuckBBxTmxcCPYb0+CdzB
TeuDNtIOUOWJbvxjChlMR9bySkHZImparDqe9tBONIXtW+6wwjUGOXHE8OFGo01v
WW03aGA6Iruv2EsHkmpoHOv6bTe4iIDwtapTapqjhJHF+GYJOBTjmENMIese2/m7
m2d9ARFI1kHo5Gq8VJY7eD2mwrtMU/ab3YUuuVv30mFFC3QLGWge49oV0mIG1EH4
cE7S4PKr849yKO80/oDLWrkYjHO2N/Q8pBRfRiGu0KmDNhDTwaEDAA7wRJMXKVyf
PtCj0ydpPhTbU3ef2IOoI3JZ503u5oU+G9+WdaZQCPYaNRI2SZBPOtnfbZ2NR3b6
TSKbtaGXC381/1Zl0sz/3JObzCu3hroIu3Y9Avxm4jMHm8jepnin/Nnu6YBFlG0u
W+pazd3TbrWsXeOSaZCwa7Z5De1E1N7Fzne0GpNuyFf+p3qHO+pGArBAzVp+sV/e
V1rVMduSC0BHNzgO4ohsm8Pq0xWP9gBgdCjnyFoZUtDjGx0UK0CKFgEdQXXbSkDk
1K0XbflE7ya3nVs/M+owWoE8F/lOrkaLiR2+gE/m0lgD3u4Bpfw3VG79Iot97ifx
hNmT6yzZzmX4bZwhwXAM
=9YL0
-----END PGP SIGNATURE-----
HW42
Jun 30, 2016, 10:30:24 AM6/30/16
to Andrew David Wong, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Andrew David Wong:
Hash: SHA512
> On 2016-06-29 19:29, HW42 wrote:
>> Hi,
>
>> on R3.2-rc1 antievilmaid is broken because tcsd doesn't start
>> since it's user entry in /etc/passwd in the initramfs is missing.
>> With the newer dracut version other modules also edit passwd and
>> therefore the old way of installing it doesn't work anymore. See
>> attachment for a patch.
>
>> HW42
>
>
> Thank you!
>
> Does this strictly apply only to R3.2-rc1, or is it possible that the
> bug was also present in R3.1? Just wondering if it might have anything
> to do with the problem I experienced here:
>
> https://groups.google.com/d/topic/qubes-users/SHIhAlE-Ueg/discussion
While I never observed the problem on R3.1 it might be possible that it
>> Hi,
>
>> on R3.2-rc1 antievilmaid is broken because tcsd doesn't start
>> since it's user entry in /etc/passwd in the initramfs is missing.
>> With the newer dracut version other modules also edit passwd and
>> therefore the old way of installing it doesn't work anymore. See
>> attachment for a patch.
>
>> HW42
>
>
> Thank you!
>
> Does this strictly apply only to R3.2-rc1, or is it possible that the
> bug was also present in R3.1? Just wondering if it might have anything
> to do with the problem I experienced here:
>
> https://groups.google.com/d/topic/qubes-users/SHIhAlE-Ueg/discussion
is present under some circumstances. But I think this has nothing to do
with problem you describe in the linked thread, since the symptoms
doesn't match. I this case tboot starts correctly and linux starts the
initramfs. When you get to the point where normally the tpm prompt is
shown you see an error message (something like "user tss not found", might
be hidden by plymouth) and then it asks for your disk password without
unsealing the secret (since it failed to start tcsd).
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJXdSzDAAoJEOSsySeKZGgWs+IQAKbl73CvMZRtmdZijbYlVRs3
P+K7qahA6bxy0OwTK10DCUKXpLkoysJTmRl6o5I1bYDH2uIbLNVoi9k9QzeTPfoZ
xeQ6IvCFmiwQmrhBaDAdMPW6MPXUq/WmWTn6dphPIPVM0TsnK0rXZ0YGS1v46WCK
OGYt/+8BpmdKGL06OpxfKHkNMIqxgijofxphwgpRGR9yFwDnQcEE91F9kQGYn1ZV
ZCxAEdfFGOBPBc4D+htJ1Y7MElLBKx4/QMcyf6uk/KFHejpV7TqGJGCqmlMz6zyL
s/ZcN456xMHP4MMFkihTcGdTQXgqRiz8ATL769AuDEY5dJb/TfeYKxiQzOFw5Qm2
W+JnOjUX6kvnGbOdaQMe1CRRszWKp8uU6ALDCx1AxBeSY9EfvRUzeRmEtN/MckgW
c9RLjmfV98NXYpJSPMuKR00U6LVsHQ2MCDKB1KSL/0jxWCGNek9IAlMSmT/r9mDJ
pQbzn43zIbVyE6hG2rq7iAkal6E31Ev4EEnviH/+NTOPk/sDke2eoEsTQGZd4+Fz
Q8RFTxvlnb6EtMQ4DFtmLjCUFMeLZMjEf+/ChoQkjaM+QNLWrZP8pmJB+WGdPrv1
ifBrX12R5/l2x665tbU/ZWSVe279E3MvarfMPD14u5Ko+agY8HDIQHagFZp0eHoK
L4A9f9TGEPOyQvZAAkTK
=Wk1B
-----END PGP SIGNATURE-----
Andrew David Wong
Jul 1, 2016, 12:50:07 AM7/1/16
to HW42, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2016-06-30 07:29, HW42 wrote:
> Andrew David Wong:
>> On 2016-06-29 19:29, HW42 wrote:
>>> Hi,
>
>>> on R3.2-rc1 antievilmaid is broken because tcsd doesn't start
>>> since it's user entry in /etc/passwd in the initramfs is
>>> missing. With the newer dracut version other modules also edit
>>> passwd and therefore the old way of installing it doesn't work
>>> anymore. See attachment for a patch.
>
>>> HW42
>
>
>> Thank you!
>
>> Does this strictly apply only to R3.2-rc1, or is it possible that
>> the bug was also present in R3.1? Just wondering if it might have
>> anything to do with the problem I experienced here:
>
>> https://groups.google.com/d/topic/qubes-users/SHIhAlE-Ueg/discussion
>
>>
> While I never observed the problem on R3.1 it might be possible
> that it is present under some circumstances. But I think this has
> nothing to do with problem you describe in the linked thread, since
> the symptoms doesn't match. I this case tboot starts correctly and
> linux starts the initramfs. When you get to the point where
> normally the tpm prompt is shown you see an error message
> (something like "user tss not found", might be hidden by plymouth)
> and then it asks for your disk password without unsealing the
> secret (since it failed to start tcsd).
>
Understood. Thanks!
> Andrew David Wong:
>> On 2016-06-29 19:29, HW42 wrote:
>>> Hi,
>
>>> on R3.2-rc1 antievilmaid is broken because tcsd doesn't start
>>> since it's user entry in /etc/passwd in the initramfs is
>>> missing. With the newer dracut version other modules also edit
>>> passwd and therefore the old way of installing it doesn't work
>>> anymore. See attachment for a patch.
>
>>> HW42
>
>
>> Thank you!
>
>> Does this strictly apply only to R3.2-rc1, or is it possible that
>> the bug was also present in R3.1? Just wondering if it might have
>> anything to do with the problem I experienced here:
>
>> https://groups.google.com/d/topic/qubes-users/SHIhAlE-Ueg/discussion
>
>>
> While I never observed the problem on R3.1 it might be possible
> that it is present under some circumstances. But I think this has
> nothing to do with problem you describe in the linked thread, since
> the symptoms doesn't match. I this case tboot starts correctly and
> linux starts the initramfs. When you get to the point where
> normally the tpm prompt is shown you see an error message
> (something like "user tss not found", might be hidden by plymouth)
> and then it asks for your disk password without unsealing the
> secret (since it failed to start tcsd).
>
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
i0oQ4wz6PLl+9/tAqo6zr3lpJv6CuTzm69MmJEnMVHIeQGHJM49bVyq/zbLsw5p4
pncVhDoUM75ciWoHswGsF2+BGFek1zqgbT0yK3s3Oxtn3nGdVLE5tRsRfbbMYuAL
Clk7TJJNxn48qaQr+Xm94yKXxAAIxfKjKsFEuUj30RTeeEiBuAz0QVs5GfgtwxB1
GttgI/Sh3IlKiTSUNijJIPcyNDJQ/Jk7k0xNGU3l0tr5Guq3+x3WfEorgVRoihu8
WlYecdT/cf+3rIBrYNLiZ2kP8ICFVMxspHzs8IN4i5ybu0jWMtTVkYeF0V64qwXU
3ZTuXzXM1T6O/ys69vzS7OvpK8Ja+yxH0/U52+nP0LH93k+ZTPkORzCUBFwPsnDA
I3iIxMyBWhW6E2X9tJcLaB3CluCLvJ+dPLXIv5TD3TmgYloovjKkQdGdUHYbrjKi
vyPYdWOBra1rUpihTRHQpO5Sfs6nmOHFmJ+HwlDnH+2jw7RFoLssATLp5YxBkw6f
Z7H+gYgOIRbjmXHrM5E5EAwwGxKWT0CcEAxb3dcAXW6tofkAyT0UxFhnLDogjQUa
ht7Cyr47xMjp+N9U7Wq8Io2Ijoh9bnCIYhCQle/inQosCTsR1MybC24Ze/Hy0oDo
OznDOMv4nCtOEjXvXd2w
=fWX0
-----END PGP SIGNATURE-----
Marek Marczykowski-Górecki
Jul 1, 2016, 3:18:18 AM7/1/16
to HW42, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Thu, Jun 30, 2016 at 04:29:40AM +0200, HW42 wrote:
> Hi,
>
> on R3.2-rc1 antievilmaid is broken because tcsd doesn't start since
> it's user entry in /etc/passwd in the initramfs is missing. With the
> newer dracut version other modules also edit passwd and therefore the
> old way of installing it doesn't work anymore. See attachment for a
> patch.
Thanks, applied.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXdhk0AAoJENuP0xzK19csWt4H/2sHc5X7153AZN+JJaJCKiGW
j2LGp4T7M2bkWsVfv6qDcwf7y6ZR1PKDiJhH4bCKb2CYXWhPmmNvmLvzGLmDSvZp
ObTphc5qHqmXtzV+bM1PYudleml2yILewhm5U/jPYm8LH7TL/FQunruq27JJ9goi
iptqC1qlNKEEnGGwoVtll5JBngt70iADORxt/GQ03YWzzNZZGI1uJdvvX4EeIzbF
UEM41MI+Hc+Afuus3h4BUmo1S17wESPellN6fLlTZY1jxjRtqhjwVoLmHxCZJ3h6
87QmI5+qg1phNCivBuCK2FYHOzQYbq2at04xyPd9ZSClQV3YrF1nCQR8fqg4wyU=
=qXw3
-----END PGP SIGNATURE-----
Hash: SHA256
On Thu, Jun 30, 2016 at 04:29:40AM +0200, HW42 wrote:
> Hi,
>
> on R3.2-rc1 antievilmaid is broken because tcsd doesn't start since
> it's user entry in /etc/passwd in the initramfs is missing. With the
> newer dracut version other modules also edit passwd and therefore the
> old way of installing it doesn't work anymore. See attachment for a
> patch.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXdhk0AAoJENuP0xzK19csWt4H/2sHc5X7153AZN+JJaJCKiGW
j2LGp4T7M2bkWsVfv6qDcwf7y6ZR1PKDiJhH4bCKb2CYXWhPmmNvmLvzGLmDSvZp
ObTphc5qHqmXtzV+bM1PYudleml2yILewhm5U/jPYm8LH7TL/FQunruq27JJ9goi
iptqC1qlNKEEnGGwoVtll5JBngt70iADORxt/GQ03YWzzNZZGI1uJdvvX4EeIzbF
UEM41MI+Hc+Afuus3h4BUmo1S17wESPellN6fLlTZY1jxjRtqhjwVoLmHxCZJ3h6
87QmI5+qg1phNCivBuCK2FYHOzQYbq2at04xyPd9ZSClQV3YrF1nCQR8fqg4wyU=
=qXw3
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages