View Issue Details

IDProjectCategoryView StatusLast Update
0015036CentOS-7plymouthpublic2018-07-17 06:57
Reporterolahaye74 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
PlatformPCOSCentOS-7OS Version7.5.1804
Product Version7.5.1804 
Target VersionFixed in Version 
Summary0015036: plymouth ask-for-password fails to retreive typed password
DescriptionSSHPASS=$(plymouth ask-for-password) returns empty result (Only on CentOS-7 latest version; works perfectly on fedora-28 and opensuse-42.3 (not yet tested on CentOS-6)

plymouthd.log gives the following:
[ply-boot-server.c:303] ply_boot_connection_on_password_answer:got password answer
[ply-boot-server.c:293] ply_boot_connection_send_answer:could not finish writing answer: Broken pipe

Steps To Reproducemkdir /tmp/bug; cd /tmp/bug
wget http://olivier.lahaye1.free.fr/SystemImager/plymouth_test/{VM_test_plymouth.sh,{kernel,initrd.img}-{CO6,CO7,fc28,OpenSuSE42.3}}
#edit the variables for VM_test_plymouth.sh to fit your needs ($INITRD and $KERNEL)
chmod +x ./VM_test_plymouth.sh
./VM_test_plymouth.sh

=> Wait for VM to fail (if nothing is displayed on splash screen just press any key to get a bash green prompt.
and from this prompt:
wget http://olivier.lahaye1.free.fr/SystemImager/plymouth_test/test_plymouth.sh
chmod +x test_plymouth.sh; ./test_plymouth.sh
# Type a dummy password
=> The password should be displayed in clear in a message log.

You can test with other OS initrd and see that it works (CentOS-6 need to be regenerated as it is broken, but fc28 and opensuse-42.3 can be tested to see it works fine)

Usefull commands: strace, vi, wget, ssh, scp, rsync are available withing the initramfs.
TagsNo tags attached.
abrt_hash
URL

Activities

olahaye74

olahaye74

2018-07-13 10:45

reporter   ~0032238

Also tested CentOS-6 and it works fine.

Works on: CentOS-6, Fedora-28, OpenSuSE-42.3
Fails on: CentOS-7

dracut theme used to create all the initrd.img used for testing:
https://github.com/finley/SystemImager/tree/initrd-from-imageserver-and-dont-package-initrd/lib/dracut/modules.d/51systemimager
TrevorH

TrevorH

2018-07-13 11:05

manager   ~0032239

There is a known bug that upstream have not fixed yet (and since it's been known since 7.0 I doubt if they will) that means you cannot use rhgb quiet and have a passphrase prompt. Remove rhgb quiet from the kernel command line and try again
olahaye74

olahaye74

2018-07-13 13:50

reporter   ~0032242

The problem is that SystemImager is based on plymouth, thus this means that secure node deployment will not be possible without an ssh-key (no password query).
Can you list the upstream bug number or link?

Can't CentOS apply a fix and remove it once upstream fix is available?

(see: https://github.com/finley/SystemImager/wiki/ScreenShots )
olahaye74

olahaye74

2018-07-13 14:20

reporter   ~0032244

Added upstream bug report: https://bugzilla.redhat.com/show_bug.cgi?id=1600990 (as it seems different from the one that do not query the password at all).
olahaye74

olahaye74

2018-07-17 06:57

reporter   ~0032284

Bug fixed upstream here: https://cgit.freedesktop.org/plymouth/commit/?id=b97c30a019e412d30337515e615433bf6f886972

Issue History

Date Modified Username Field Change
2018-07-12 10:18 olahaye74 New Issue
2018-07-13 10:45 olahaye74 Note Added: 0032238
2018-07-13 10:48 olahaye74 Tag Attached: plymouth splash password
2018-07-13 10:48 olahaye74 Tag Detached: plymouth splash password
2018-07-13 10:48 olahaye74 Tag Attached: plymouth;splash;password
2018-07-13 10:48 olahaye74 Tag Detached: plymouth;splash;password
2018-07-13 11:05 TrevorH Note Added: 0032239
2018-07-13 13:50 olahaye74 Note Added: 0032242
2018-07-13 14:20 olahaye74 Note Added: 0032244
2018-07-17 06:57 olahaye74 Note Added: 0032284