[Pkg-cryptsetup-devel] cryptsetup initramfs-tools/scripts/local-top/cryptroot patch + docs updates

Marc MERLIN marc at merlins.org
Sat Jun 7 23:27:44 UTC 2008 

Howdy,

I just spent about 10h debugging multiple problems I had with booting
from an encrypted root partition (it's hard to debug when you only
have the init shell and environment to look around and sed to edit
files).

The sad part is that I had it working on an older version of the
packages on debian, but with cryptsetup 1.0.5-2ubuntu12, some stuff
broke

Anyway, the problems I saw were

1) my /sbin/cryptgetpw script used to output the password with a newline
(echo $pwd)
which was working with earlier version of cryptpart/initramfs but broke
with this new version due to using --key-file=- instead of reading
from stdin (which removes the newline).
Sure, I fixed it with echo -n $pwd, but it took me a very long time to
find that.

Would you consider going back to ealier behaviour?
(it's a really shitty and time consuming problem to debug)

--- local-top/cryptroot 2008-04-11 10:17:00.000000000 -0700
+++ /usr/share/initramfs-tools/scripts/local-top/cryptroot      2008-06-06 01:01:38.000000000 -0700
@@ -189,7 +191,7 @@
                        fi
                        crypttarget="$crypttarget" cryptsource="$cryptsource" \
                        $cryptkeyscript $cryptkey < /dev/console 2> /dev/console | \
-                       $cryptcreate --key-file=- > /dev/console 2>&1
+                       $cryptcreate > /dev/console 2>&1
                elif [ -p /dev/.initramfs/usplash_outfifo ] && [ -x /sbin/usplash_write ]; then
                        usplash_write "INPUTQUIET Enter password to unlock the disk ($crypttarget): "
                        PASS="$(cat /dev/.initramfs/usplash_outfifo)"

2) /sbin/cryptgetpw doesn't get installed automatically anymore (it used to)
   I had to write /etc/initramfs-tools/hooks/cryptgetpw
   with a [ -x "/sbin/cryptgetpw" ] && copy_exec /sbin/cryptgetpw /sbin
   to make it work again.

3) /usr/share/doc/cryptsetup/README.initramfs.gz
   For some reason, my lilo ocnfig ended up with root=/dev/mapper/root
   with root defined in /etc/crypttab.
   Problem is that lilo then added a root=fd01 on the kernel command
   line as /dev/mapper/root was 253, 1, and initramfs creates cryptroot
   with 253,0 (that was another 2h down the drain :) ). The fix was to
   boot with root=fd00 until I was able to fix lilo.
   Not sure how that worked before, or how it worked, but it could help
   to document that one must use this in /etc/lilo.conf:
   root=/dev/mapper/cryptroot


I think that's about it, the rest was due to my stupidity.

Thanks,
Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/

More information about the Pkg-cryptsetup-devel mailing list