[Pkg-cryptsetup-devel] Bug#397887: resume support renders system unbootable

martin f krafft madduck at debian.org
Fri Nov 10 10:34:27 CET 2006


Package: cryptsetup
Version: 2:1.0.4-4
Severity: important

As of late, cryptsetup figures out what swap device I need to resume
from disk and tells initramfs to also initialise that device even
before root is brought up.

The problem is quite simply that some of us have previously
configured the swap device with a random passphrase, or a keyfile
stored somewhere in /etc. Now, all of a sudden, we're expected to
enter the key during initramfs? I am sorry, I cannot remember 2048
bytes of key material, nor would I remember what random string the
kernel used to set up the swap device before the latest cryptsetup
upgrade.

My crypttab says

  cr_hda2 /dev/hda2 /etc/keys/hda2.luks luks

cryptsetup should ensure that /etc/keys/hda2.luks is available as
such during initramfs. If the key is specified as /dev/urandom,
cryptsetup must react differently and prompt the user for a new,
static passphrase.

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (750, 'unstable'), (500, 'testing'), (250, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.17-2-686
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages cryptsetup depends on:
ii  dmsetup  2:1.02.08-1                     The Linux Kernel Device Mapper use
ii  libc6    2.3.6.ds1-8                     GNU C Library: Shared libraries
ii  libdevma 2:1.02.08-1                     The Linux Kernel Device Mapper use
ii  libgcryp 1.2.3-2                         LGPL Crypto library - runtime libr
ii  libgpg-e 1.4-1                           library for common error values an
ii  libpopt0 1.10-3                          lib for parsing cmdline parameters
ii  libuuid1 1.39+1.40-WIP-2006.10.02+dfsg-2 universally unique id library

cryptsetup recommends no packages.

-- no debconf information

-- 
 .''`.   martin f. krafft <madduck at debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url : http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20061110/12df4329/attachment.pgp


More information about the Pkg-cryptsetup-devel mailing list