[Pkg-cryptsetup-devel] cryptsetup initramfs-tools/scripts/local-top/cryptroot patch + docs updates

Marc MERLIN marc at merlins.org
Sun Jun 8 22:04:17 UTC 2008 

On Sun, Jun 08, 2008 at 11:14:14PM +0200, David Härdeman wrote:
> On Sat, Jun 07, 2008 at 04:27:44PM -0700, Marc MERLIN wrote:
> >I just spent about 10h debugging multiple problems I had with booting
> >from an encrypted root partition (it's hard to debug when you only
> >have the init shell and environment to look around and sed to edit
> >files).
> 
> You have vi as well. 

never showed up in any of the initramfs images I've made :-/

> And the initramfs shell is at least a much more 
> pleasurable experience than the old mkinitrd rescue options used to be.
 
I believe you.
 
> >The sad part is that I had it working on an older version of the
> >packages on debian, but with cryptsetup 1.0.5-2ubuntu12, some stuff
> >broke
> 
> Um...cryptsetup 1.0.5-2ubuntu12 on a Debian system?

I have one debian laptop and one ubuntu one, but the ubuntu package is
pretty much the debian one.

> >Would you consider going back to ealier behaviour?
> 
> No, we can't. The minute we do we'd break any custom keyscript which 
> generates binary keys (like smartcard solutions).
 
Argh, you're right. Ok, never mind then.
 
> >(it's a really shitty and time consuming problem to debug)
> 
> My apologies. I can assure you that we strive not to create shitty 
> solutions.

Not implying that you were :) it's obviously by design not a fun
environment to work with.

> >2) /sbin/cryptgetpw doesn't get installed automatically anymore (it used 
> >to)
> >  I had to write /etc/initramfs-tools/hooks/cryptgetpw
> >  with a [ -x "/sbin/cryptgetpw" ] && copy_exec /sbin/cryptgetpw /sbin
> >  to make it work again.
> 
> Umm...the static location was changed in SVN checkin 312 (Oct 30, 2006) 
> which was later included in 2:1.0.4-4 which was uploaded Nov 3, 2006. 
> Etch shipped with 2:1.0.4+svn26-1 from Jan 9, 2007.
> 
> What kind of update did you do?

I upgraded to an older debian (I've had initramfs working for a long time)
with cryptsetup 1.0.3-2 to a recent ubuntu (hardy). My old debian image is
still running too though.

cryptsetup 1.0.3-2 did copy /sbin/cryptgetpw in 
/usr/share/initramfs-tools/hooks/cryptroot

while /usr/share/initramfs-tools/hooks/cryptroot in 
cryptsetup 1.0.5-2ubuntu12 just doesn't copy anything anymore.

Now, I see that cryptsetup 1.0.6-1 on my debian unstable laptop does this
copy_exec /lib/cryptsetup/askpass /lib/cryptsetup

So I guess I got a version in between where this was dropped and re-added
later.

> Quoting README.initramfs (section 4):
> 
> "make sure that your boot loader is configured to feed the initramfs to 
> the kernel when booting. The kernel root argument should also be changed 
> to /dev/mapper/cryptroot."

Another problem due to a user who can't read :-/ (i.e. me in this case).
Sorry.

Thanks for the answers.

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/

More information about the Pkg-cryptsetup-devel mailing list