From: Luca Boccassi <bluca@debian.org>
Date: Tue, 4 Jun 2024 22:06:27 +0000 (+0100)
Subject: cryptsetup: check keyring cache passphrase at least once
X-Git-Tag: v256-rc4~14^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d494d6688d69ae3adf2397450eb5ffc20c7fe235;p=thirdparty%2Fsystemd.git

cryptsetup: check keyring cache passphrase at least once

The first try will be on the TPM2, so in practice this was always skipped
as it happens only on the first try. Use a different bool to track this.
---

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 638e9d0c792..85897aecace 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -2416,6 +2416,7 @@ static int run(int argc, char *argv[]) {
                 }
 #endif
 
+                bool use_cached_passphrase = true;
                 _cleanup_strv_free_erase_ char **passwords = NULL;
                 for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {
                         log_debug("Beginning attempt %u to unlock.", tries);
@@ -2451,7 +2452,8 @@ static int run(int argc, char *argv[]) {
                                                         return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "No passphrase or recovery key registered.");
                                         }
 
-                                        r = get_password(volume, source, until, tries == 0 && !arg_verify, passphrase_type, &passwords);
+                                        r = get_password(volume, source, until, use_cached_passphrase && !arg_verify, passphrase_type, &passwords);
+                                        use_cached_passphrase = false;
                                         if (r == -EAGAIN)
                                                 continue;
                                         if (r < 0)