[Pkg-cryptsetup-devel] cryptsetup initramfs-tools/scripts/local-top/cryptroot patch + docs updates

David Härdeman david at hardeman.nu
Sun Jun 8 21:14:14 UTC 2008 

On Sat, Jun 07, 2008 at 04:27:44PM -0700, Marc MERLIN wrote:
>I just spent about 10h debugging multiple problems I had with booting
>from an encrypted root partition (it's hard to debug when you only
>have the init shell and environment to look around and sed to edit
>files).

You have vi as well. And the initramfs shell is at least a much more 
pleasurable experience than the old mkinitrd rescue options used to be.

>The sad part is that I had it working on an older version of the
>packages on debian, but with cryptsetup 1.0.5-2ubuntu12, some stuff
>broke

Um...cryptsetup 1.0.5-2ubuntu12 on a Debian system?

>Anyway, the problems I saw were
>
>1) my /sbin/cryptgetpw script used to output the password with a newline
>(echo $pwd)
>which was working with earlier version of cryptpart/initramfs but broke
>with this new version due to using --key-file=- instead of reading
>from stdin (which removes the newline).
>Sure, I fixed it with echo -n $pwd, but it took me a very long time to
>find that.
>
>Would you consider going back to ealier behaviour?

No, we can't. The minute we do we'd break any custom keyscript which 
generates binary keys (like smartcard solutions).

>(it's a really shitty and time consuming problem to debug)

My apologies. I can assure you that we strive not to create shitty 
solutions.

>2) /sbin/cryptgetpw doesn't get installed automatically anymore (it used to)
>   I had to write /etc/initramfs-tools/hooks/cryptgetpw
>   with a [ -x "/sbin/cryptgetpw" ] && copy_exec /sbin/cryptgetpw /sbin
>   to make it work again.

Umm...the static location was changed in SVN checkin 312 (Oct 30, 2006) 
which was later included in 2:1.0.4-4 which was uploaded Nov 3, 2006. 
Etch shipped with 2:1.0.4+svn26-1 from Jan 9, 2007.

What kind of update did you do?

>3) /usr/share/doc/cryptsetup/README.initramfs.gz
>   For some reason, my lilo ocnfig ended up with root=/dev/mapper/root
>   with root defined in /etc/crypttab.
>   Problem is that lilo then added a root=fd01 on the kernel command
>   line as /dev/mapper/root was 253, 1, and initramfs creates cryptroot
>   with 253,0 (that was another 2h down the drain :) ). The fix was to
>   boot with root=fd00 until I was able to fix lilo.
>   Not sure how that worked before, or how it worked, but it could help
>   to document that one must use this in /etc/lilo.conf:
>   root=/dev/mapper/cryptroot

Quoting README.initramfs (section 4):

"make sure that your boot loader is configured to feed the initramfs to 
the kernel when booting. The kernel root argument should also be changed 
to /dev/mapper/cryptroot."

-- 
David Härdeman

More information about the Pkg-cryptsetup-devel mailing list