[pkg-cryptsetup-devel] Bug#507721: cryptsetup: Sometimes initrd ends up missing conf/conf.d/cryptroot file in it

Christian Jaeger christian at jaeger.mine.nu
Wed Dec 3 21:34:17 UTC 2008 

Package: cryptsetup
Version: 2:1.0.6-6
Severity: critical
Justification: breaks the whole system


Sometimes update-initramfs -v -k $kernelversion works and creates a
file 'conf/conf.d/cryptroot' in it, as can be seen by unpacking it
using gunzip and cpio; and in those cases, I can boot my laptop, which
has its root fs on /dev/mapper/main-root which is a logical volume on
a volume group consisting of a luks encrypted partition. In cases
where I cannot boot, which manifests it in the system just doing
nothing where otherwise it would ask for the passphrase, this file is
missing. (Note: during bootup a message 'volume group "main" not
found' is shown in both cases, this appears normal, I guess the
scripts reattempt to find that one after the passphrase entering and
associated crypto setup. It's just that in the bogus case, it never
asks.)

I did install the system using the capabilities of the Debian
installer to create encrypted root partitions and LVM setups, and it
worked for some time; probably the first occurrence of the problem was
when I already started compiling and installing kernels manually (from
kernel.org's Git, using make install and make modules_install),
although this too worked upon the first (few?) kernel version(s). And,
again, sometimes it still works, like when I installed 2.6.27.5 I
could not reproduce the problem. This is also documented on a bug I
reported against initramfs-tools, here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=

503062 I've tried to reopen this bug but that does not seem to be
possible? (Really?, how can we make people coming to that link know
that the problem is *not* solved now? In an spell of amicability I'm
creating such a link right now. "Google shall help them find out who
linked to that report". Ok, I've now added two linebreaks to not make
this happen.)

Here are the relevant sections from vgdisplay -v:

  --- Volume group ---
  VG Name               main
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  35
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                2
  Open LV               1
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               18.62 GB
  PE Size               4.00 MB
  Total PE              4767
  Alloc PE / Size       4718 / 18.43 GB
  Free  PE / Size       49 / 196.00 MB
  VG UUID               W5Hqed-zQba-aRdc-sAsc-XF2K-G0AM-xjJd8k

  --- Logical volume ---
  LV Name                /dev/main/root
  VG Name                main
  LV UUID                M51c6n-rw9j-vKBU-UnIJ-GvXD-nVw0-7yisre
  LV Write Access        read/write
  LV snapshot status     source of
                         /dev/main/root_snap_23nov [INACTIVE]
  LV Status              available
  # open                 2
  LV Size                17.43 GB
  Current LE             4462
  Segments               2
  Allocation             inherit
  Read ahead sectors     auto
  - currently set to     256
  Block device           253:2


  --- Physical volumes ---
  PV Name               /dev/dm-0     
  PV UUID               16lgMw-dDfK-BlUw-lWLE-ZIxl-Kcxh-2YRFhP
  PV Status             allocatable
  Total PE / Free PE    4767 / 49


novo:~# dmsetup ls
plain-rootextend-real	(253, 8)
main-root	(253, 2)
sda8_crypt	(253, 0)
plain-gpgbackups	(253, 5)
plain-rootextend_snap_23nov-cow	(253, 10)
plain-rootextend_snap_23nov	(253, 11)
plain-plainswap2	(253, 12)
plain-media	(253, 6)
main-root_snap_23nov	(253, 4)
plain-rootextend	(253, 9)
plain-plainswap	(253, 7)
main-root-real	(253, 1)
plain-spdvd	(253, 13)
main-root_snap_23nov-cow	(253, 3)

novo:~# l /dev/dm-0
brw-rw---- 1 root disk 253, 0 2008-12-03 21:00 /dev/dm-0

thus dm-0 is sda8_crypt

novo:~# cat /etc/crypttab 
sda8_crypt /dev/sda8 none luks
novo:~# 

novo:~# cat /etc/fstab |perl -wne 'print if m|\s/\s|'
/dev/mapper/main-root /               reiserfs defaults,noatime        0       1
novo:~# 

novo:/usr/src/linux# trash nohup.out; nohup update-initramfs -u -v -k 2.6.27.7
nohup: ignoring input and appending output to `nohup.out'
novo:/usr/src/linux# head nohup.out
Keeping /boot/initrd.img-2.6.27.7.dpkg-bak
update-initramfs: Generating /boot/initrd.img-2.6.27.7
Adding module /lib/modules/2.6.27.7/kernel/drivers/usb/host/ehci-hcd.ko
Adding module /lib/modules/2.6.27.7/kernel/drivers/usb/host/ohci-hcd.ko
...
novo:/usr/src/linux# tail nohup.out
Adding binary /lib/udev/usb_id
Adding binary /lib/udev/vol_id
Adding library /lib/libvolume_id.so.0
Calling hook udevhelper
Calling hook uswsusp
Calling hook cryptopenct
Calling hook cryptopensc
Calling hook cryptpassdev
Building cpio /boot/initrd.img-2.6.27.7.new initramfs
Removing current backup /boot/initrd.img-2.6.27.7.dpkg-bak
novo:/usr/src/linux# 

novo:/usr/src/linux# ls -lrt /boot/
...
lrwxrwxrwx 1 root root      19 2008-12-03 22:01 initrd.img -> initrd.img-2.6.27.7
-rw-r--r-- 1 root root 6743504 2008-12-03 22:03 initrd.img-2.6.27.7
novo:/usr/src/linux# 

novo:/tmp/root/A# gunzip < /boot/initrd.img-2.6.27.7|cpio --extract
35860 blocks
novo:/tmp/root/A# find -name cryptroot
./scripts/local-top/cryptroot
novo:/tmp/root/A# 

novo:/tmp/root# mkdir B
novo:/tmp/root# cd B
novo:/tmp/root/B# gunzip < /boot/initrd.img-2.6.27.5|cpio --extract
35858 blocks
novo:/tmp/root/B# find -name cryptroot
./conf/conf.d/cryptroot
./scripts/local-top/cryptroot
novo:/tmp/root/B# l ./conf/conf.d/cryptroot
-rw-r--r-- 1 root root 58 2008-12-03 22:27 ./conf/conf.d/cryptroot
novo:/tmp/root/B# cat ./conf/conf.d/cryptroot
target=sda8_crypt,source=/dev/sda8,key=none,lvm=main-root
novo:/tmp/root/B# cp ./conf/conf.d/cryptroot ../A/./conf/conf.d/cryptroot
novo:/tmp/root/B# cd ../A
novo:/tmp/root/A# find|cut -c3-|perl -wne 'print unless /^$/'|cpio --create -H newc > ../A2
35860 blocks
novo:/tmp/root/A# cd ..
novo:/tmp/root# mv /boot/initrd.img-2.6.27.7 /boot/initrd.img-2.6.27.7_broken

With the above initrd I can verifiably not boot.

novo:/tmp/root# gzip < A2 > /boot/initrd.img-2.6.27.7

[verification:

lrwxrwxrwx 1 root root 19 2008-12-03 22:01 /boot/initrd.img -> initrd.img-2.6.27.7

novo:/tmp/root# mkdir C
novo:/tmp/root# cd C
novo:/tmp/root/C# gunzip < /boot/initrd.img|cpio --extract
35860 blocks
novo:/tmp/root/C# find -name cryptroot
./scripts/local-top/cryptroot
./conf/conf.d/cryptroot
]

With that initrd I can now boot.


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (900, 'testing'), (800, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.27.5 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages cryptsetup depends on:
ii  dmsetup                      2:1.02.27-4 The Linux Kernel Device Mapper use
ii  libc6                        2.7-16      GNU C Library: Shared libraries
ii  libdevmapper1.02.1           2:1.02.27-4 The Linux Kernel Device Mapper use
ii  libpopt0                     1.14-4      lib for parsing cmdline parameters
ii  libuuid1                     1.41.3-1    universally unique id library

cryptsetup recommends no packages.

Versions of packages cryptsetup suggests:
ii  dosfstools                    2.11-6     utilities for making and checking 
ii  initramfs-tools [linux-initra 0.92j      tools for generating an initramfs
ii  udev                          0.125-7    /dev/ and hotplug management daemo

-- no debconf information

More information about the pkg-cryptsetup-devel mailing list