1

I am trying to run a command (cryptsetup) on an embedded system using squashfs. It requires /run but that directory does not exist, and I cannot create it since it is read-only.

I have an ASUS router with asuswrt-merlin installed (linux-2.6). I have installed Entware to download cryptsetup, and I am trying to use it to encrypt an attached hard disk:

$ cryptsetup --key-size 256 luksFormat /dev/sdb1

Which results in:

...
Enter passphrase for /dev/sdb1:
Verify passphrase:
Locking aborted. The locking path /run/cryptsetup is unusable (not a directory or missing).
Failed to acquire device lock.
Cannot format device /dev/sdb1 in use.

I don't see anything in cryptsetup's man pages to force or skip/change the lockfile directory and so am stuck.

The guide I am following to set this up does not mention this issue at all, but is somewhat outdated.

Is there a way to fake this directory, or some argument to cryptsetup that I can use to bypass it, or some other option?

Note that /var/run exists but since it's a read-only filesystem I cannot symlink it. And since /run doesn't exist I can't (as far as I know) mount a tmpfs to it.

Nick
  • 688

1 Answers1

2

You got this option with cryptsetup, but it sounds risky.

   --disable-locks
          Disable lock protection for metadata on disk.  This option is
          valid only for LUKS2 and ignored for other formats.

          WARNING: Do not use this option unless you run cryptsetup in a
          restricted environment where locking is impossible to perform
          (where /run directory cannot be used).

The other way out of this is a chroot - and if your router has a USB port, you can connect a 4GB flash drive and maybe have enough to space to copy over everything cryptsetup wants. Though at that point you may just setup a Debian chroot on it and then you'll have all the tools you need to do anything you want (as long as you keep the chroot environment updated).

LawrenceC
  • 75,182