[pkg-cryptsetup-devel] Bug#507721: cryptsetup: Sometimes initrd ends up missing conf/conf.d/cryptroot file in it

Ben Hutchings ben at decadent.org.uk
Wed Dec 10 04:42:14 UTC 2008 

On Tue, 2008-12-09 at 12:36 +0100, Christian Jaeger wrote:
[...]
> > - dmsetup ls returns an empty list of backing devices
> >   
> 
> novo:~# dmsetup ls
> plain-rootextend-real    (253, 3)
> main-root    (253, 11)
> sda8_crypt    (253, 9)
> plain-gpgbackups    (253, 0)
> plain-rootextend_snap_23nov-cow    (253, 5)
> plain-rootextend_snap_23nov    (253, 6)
> plain-plainswap2    (253, 7)
> plain-media    (253, 1)
> main-root_snap_23nov    (253, 13)
> plain-rootextend    (253, 4)
> plain-plainswap    (253, 2)
> main-root-real    (253, 10)
> main-root_snap_23nov-cow    (253, 12)
> plain-spdvd    (253, 8)
> 
> 
> > - dmsetup table says the backing devices are not encrypted
> >   
> 
> novo:~# dmsetup table
> plain-rootextend-real: 0 4194304 linear 8:10 17039744
> plain-rootextend-real: 4194304 8388608 linear 8:10 23331200
> plain-rootextend-real: 12582912 10485760 linear 8:10 42205568
> plain-rootextend-real: 23068672 2097152 linear 8:6 35209600
> plain-rootextend-real: 25165824 1024000 linear 8:6 39403904
> main-root: 0 36552704 snapshot-origin 253:10
> sda8_crypt: 0 39052841 crypt aes-cbc-essiv:sha256
> 0000000000000000000000000000000000000000000000000000000000000000 0 8:8 2056
> plain-gpgbackups: 0 58589184 linear 8:12 384
> plain-gpgbackups: 58589184 35782656 linear 8:13 384
> plain-rootextend_snap_23nov-cow: 0 8388608 linear 8:6 40427904
> plain-rootextend_snap_23nov: 0 26189824 snapshot 253:3 253:5 P 8
> plain-plainswap2: 0 8388608 linear 8:10 31719808
> plain-media: 0 8388608 linear 8:13 35783040
> plain-media: 8388608 10223616 linear 8:13 48365952
> plain-media: 18612224 8650752 linear 8:10 8388992
> plain-media: 27262976 2097152 linear 8:10 21234048
> plain-media: 29360128 2097152 linear 8:10 40108416
> plain-media: 31457280 5898240 linear 8:10 52691328
> plain-media: 37355520 2490368 linear 8:6 384
> plain-media: 39845888 23068672 linear 8:6 12140928
> plain-media: 62914560 2097152 linear 8:6 37306752
> plain-media: 65011712 2097152 linear 8:13 44171648
> main-root_snap_23nov: 0 36552704 snapshot 253:10 253:12 P 8
> plain-rootextend: 0 26189824 snapshot-origin 253:3
> plain-plainswap: 0 8388608 linear 8:10 384
> main-root-real: 0 34955264 linear 253:9 4096384
> main-root-real: 34955264 1597440 linear 253:9 384
> main-root_snap_23nov-cow: 0 2097152 linear 253:9 1597824
> plain-spdvd: 0 9650176 linear 8:6 2490752
> novo:~#
> 
> > Quite a few possibilities there!
> >
> > Could you try adding " -x" to the first line of
> > /usr/share/initramfs-tools/hooks/cryptroot ?  This will turn on tracing
> > in that script and would help to show where it's going wrong, the next
> > time it goes wrong.
> >   
> 
> See attached nohup.out file from a new run of
> 
> novo:/boot# mv initrd.img-2.6.27.7 initrd.img-2.6.27.7.3
> novo:/usr/src/linux# rm nohup.out; nohup update-initramfs -c -v -k 2.6.27.7

OK, so:

> + for dev in '$rootdev' '$resumedevs'
> ++ add_device /dev/mapper/main-root

The root device is /dev/mapper/main-root...

> ++ local node nodes opts lastopts i count
> ++ nodes=/dev/mapper/main-root
> ++ opts=
> ++ lastopts=
> ++ '[' -z /dev/mapper/main-root ']'
> +++ canonical_device /dev/mapper/main-root
> +++ local dev altdev
> +++ dev=/dev/mapper/main-root
> +++ altdev=/dev/mapper/main-root
> +++ '[' /dev/mapper/main-root '!=' /dev/mapper/main-root ']'
> +++ altdev=/dev/mapper/main-root
> +++ '[' /dev/mapper/main-root '!=' /dev/mapper/main-root ']'
> +++ '[' -h /dev/mapper/main-root ']'
> +++ altdev=main-root
> +++ '[' main-root '!=' /dev/mapper/main-root ']'
> +++ echo main-root
> +++ return 0
> ++ nodes=main-root
> ++ node_is_in_crypttab main-root
> ++ local node
> ++ node=main-root
> ++ grep -q '^main-root' /etc/crypttab
> ++ return 1

...which is not in crypttab

> +++ get_lvm_deps main-root
> +++ local node deps maj min depnode
> +++ node=main-root
> +++ '[' -z main-root ']'
> ++++ dmsetup deps main-root
> ++++ sed 's/[^:]*: *//;s/[ (]//g;s/)/ /g'
> +++ deps='253,10 '

...and depends on device number 253:10

> +++ for dep in '$deps'
> +++ maj=253
> +++ min=10
> ++++ dmsetup ls
> ++++ sed -n 's/\([^ ]*\) *(253, 10)/\1/p'
> +++ depnode='main-root-real	'

...which is called main-root-real

> +++ '[' -z 'main-root-real	' ']'
> ++++ dmsetup table main-root-real
> ++++ cut '-d ' -f3
> +++ '[' 'linear
> linear' '!=' crypt ']'
> +++ continue
> +++ return 0
[...]

...which is a linear mapping, not encrypted.

However, that in turn depends on 253:9, which is sda8_crypt.

So it looks like this script needs to keep following dependencies until
it finds a non-mapped device or encrypted mapping, rather than just
looking at the first level as it does now.

Ben.

-- 
Ben Hutchings
All extremists should be taken out and shot.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20081210/60c49fe5/attachment.pgp

More information about the pkg-cryptsetup-devel mailing list