plugin-runner: too many arguments
DaRkBoDoM
bodom at discosucks.it
Sun Feb 20 15:23:21 CET 2022
Hi there!
I am trying to setup mandos for automatic reboot on Raspberry OS
(formerly Raspian).
I am following this (old?) totorial:
https://blog.boyeau.com/booting-an-unattended-full-disk-encrypted-server-ubuntu-server-16-04-setup-with-mandos/
I have tried adding
# <target name> <source device> <key file> <options>
crypt /dev/disk/by-uuid/my-uuid none
luks,keyscript=/usr/lib/mandos/plugin-runner
to /etc/crypttab but when i rebuild the initrd i get the error
"cryptsetup: ERROR: crypt: invalid value for 'keyscript' option, skipping"
couldn't figure out what is wrong, so i fell back to adding the
keyscript in the kernel cmdline:
root=/dev/mapper/crypt cryptdevice=/dev/mmcblk0p3:crypt
cryptopts=source=/dev/mmcblk0p3,target=crypt,keyscript=/usr/lib/mandos/plugin-runner
rootfstype=ext4 fsck.repair=yes rootwait
this works: plugin-runner is correctly invoked but i get a
"plugin-runner: Too many arguments
Try `plugin-runner --help` or `plugin-runner --usage` for more information.
Going to fallback mode using getpass(3)
Password:" error.
I've tried many solutions, but i am stuck.
Looks like the plugin-runner is asking for the secret anyway in
background (and getting it from the server). In the server log i can find:
2022-02-20 15:14:24,307 root [34623]: INFO: Sending secret to osgiliath
While the client is still waiting for the password prompt.
May i get an hint on how to solve this? Looks like i am stuck at just
one step from finish line.
Bonus question: is there an option to disable the checker and automatic
client disabling? It is a very nice feature, but i do not need it since
i have strong physical security measures in place: if my raspberry gets
stolen, i will certainly notice and disable it manually long before any
attacker could realize hot to ask the server for the key.
Thank you for writing and sharing this very nice software!
More information about the Mandos-Dev
mailing list