plugin-runner: too many arguments

Teddy Hogeborn teddy at recompile.se
Sun Mar 13 19:16:12 CET 2022 

DaRkBoDoM <bodom at discosucks.it> writes:

> I am trying to setup mandos for automatic reboot on Raspberry OS
> (formerly Raspian).
>
> I am following this (old?) totorial:
> https://blog.boyeau.com/booting-an-unattended-full-disk-encrypted-server-ubuntu-server-16-04-setup-with-mandos/

That is a really old tutorial.  The official instructions are in
/usr/share/doc/mandos-client/README.Debian.gz.  What version of Mandos
are you using?  We always suggest to use the latest version from our
official repository, as documented here:

https://www.recompile.se/mandos#Download

> I have tried adding
> # <target name> <source device>         <key file>      <options>
> crypt /dev/disk/by-uuid/my-uuid none
> luks,keyscript=/usr/lib/mandos/plugin-runner
>
> to /etc/crypttab

It is not intended for it to be necessary to alter /etc/crypttab; there
are scripts run at boot to insert plugin-runner as the keyscript.
Therefore, if you add your own keyscript setting, this will take
precedence, and prevent the automatic keyscript setting from working
correctly.

> but when i rebuild the initrd i get the error
> "cryptsetup: ERROR: crypt: invalid value for 'keyscript' option,
> skipping"

I am guessing that this is because the location of the plugin-runner
binary has changed since that old tutorial.  It is now *not* located
directly under /usr/lib/mandos, but instead in the architecture-specific
directory below /usr/lib.  But, again, you should not need to care about
this, since it should all be done automatically.

> May i get an hint on how to solve this? Looks like i am stuck at just
> one step from finish line.

Why are you adding things to /etc/crypttab?  What happens if you do not?
It should work fine without it.

> Bonus question: is there an option to disable the checker and
> automatic client disabling?

Yes.  Simply set the "checker" setting in /etc/mandos/clients.conf to
a command which does nothing, like this:

checker = :

/Teddy Hogeborn

-- 
The Mandos Project
https://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20220313/336977be/attachment.sig>

More information about the Mandos-Dev mailing list