[pkg-cryptsetup-devel] Bug#546610: Bug#546610: cryptsetup: root= cmdline call is not honoured by initrd in crypto+lvm (Was initramfs-tools: ...)

Jonas Meurer jonas at freesources.org
Thu Feb 16 13:26:57 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey August,

thanks for commenting again on this bugreport. See my comments below.

Am 16.02.2012 13:14, schrieb Agustin Martin:
> Re-reading the above I was not fully correct, I then tested with
> lilo in a system with a separate unencrypted boot partition and a
> big cryptroot volume with lvm on top of it.
> 
> At that time I tested my patched cryptsetup with a single
> lvm-partition to boot inside that cryptroot and another lvm
> partition to hold common data.
> 
> I have later extended the test in the lilo booted box to be able to
> boot to two different partitions on lvm, one with testing (where
> all kernels are installed and images created, although modules are
> put in the shared partition) and one running stable. With my
> patched cryptsetup I can boot from both.
> 
> Note that my box is rather unusual, and I need to make all stuff
> that needs to be made visible from both partitions (modules ...)
> available from the shared partition, which is made available in
> early boot stage. However this should also work for a system where
> /usr/lib/modules is a symlink pointing to somewhere under /boot.
> 
> By the way, patch still appplies cleanly to 1.4 and seems to work
> properly, both in my lilo and grub booted boxes.

That reads like your patch is well tested. Still I do have some
questions, and need to do further testing with other unusual setups
before applying it. Maybe you can help here.

This is your patch:

> diff --git a/debian/initramfs/cryptroot-script
b/debian/initramfs/cryptroot-script
> index f83e52e..9de28a4 100644 ---
> a/debian/initramfs/cryptroot-script +++
> b/debian/initramfs/cryptroot-script @@ -326,7 +326,7 @@
> setup_mapping() return 1 fi
> 
> -			NEWROOT="/dev/mapper/$cryptlvm" +
> NEWROOT=${cmdline_root=/dev/mapper/$cryptlvm}

In my tests, this didn't work as expected. For some reason, $cryptlvm
is ignored within the specified default value for NEWROOT.

> if [ "$cryptrootdev" = "yes" ]; then # required for lilo to find
> the root echo "ROOT=$NEWROOT" >> /conf/param.conf


> @@ -354,18 +354,35 @@ setup_mapping() #
> 
> # Do we have any kernel boot arguments? -found='' 
> +cmdline_cryptopts='' +unset cmdline_root for opt in $(cat
> /proc/cmdline); do case $opt in cryptopts=*) -		found=yes -
> setup_mapping "${opt#cryptopts=}" +
> opt="${opt#cryptopts=}" +		if [ -n "$opt" ]; then +		    if [ -n
> "$cmdline_cryptopts" ]; then +
> cmdline_cryptopts="$cmdline_cryptopts,$opt" +		    else +
> cmdline_cryptopts="$opt" +		    fi +		fi ;; +        root=*) +
> opt="${opt#root=}" +		case $opt in +		    /*) # Absolute path
> given. Not lilo major/minor number. +			cmdline_root=$opt +			;; +
> *) # lilo major/minor number (See #398957). Ignore +		esac +
> ;; esac done
> 
> -if [ -n "$found" ]; then -	exit 0 +if [ -n "$cmdline_cryptopts" ];
> then +    setup_mapping "$cmdline_cryptopts" +    exit 0 fi
> 
> # Do we have any settings from the /conf/conf.d/cryptroot file?

This will break systems with more than one cryptopts-parameter.
Currently, it should work to give several cryptopts-parameters as boot
parameters and that way unlock more than one cryptdisk within the
initramfs. your patch will give all cryptopts parameters as one
argument seperated by commas to setup_mapping at once, instead of
invoking setup_mapping for every single cryptopts-parameter. Do you
get my point? I guess it would be enough to change the seperator from
comma to space and do something like 'for cryptopt in
$cmdline_cryptopts; do setup_mapping "$cryptopt"; done' later.

Regards,
 jonas

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPPQQbAAoJEFJi5/9JEEn+OGsP/RIB6JAcjz6gSwE6Z9rgUv0x
VVTKBXb9fQuecH4/Lwyh2zgXdiw/ok2MaRWp+vQ1y/vfXo6QH9koskyGL+Jv4FnN
/S59/QbKsJ+KCgFg6qgTQh+DBjvxp4tsyJJVcweQN5jMNrgoKZ1Mdbxd7XDvfDOW
nTiFghOwCg7+kXwH89K3adEDzyqhQbl5+XuyHFtD1p+J0H48RvBq2i9vzjTBYEUC
yVhTDMfS55JCF7t1KMzqZiqSD5g4nNdYAijtE8pgm7LXvphvhvi5G38WEbVQ8r9k
htHXKCHICqsH/BRJiIDdS7Pi3CLgf4AaPhWv0BJ08IxehcF0v+umJJJo+O8jyJ18
ZvSJEBb3BNhfyUsx9/W9jo27qq8YHKWwF9zywPIbcXOd1oeMhd/2cmPUv0RMt4zI
WoBOXx0245QGL/BDeofx3Q7fHteV/IrGnChoCZNkT8p92i3b7e3cYW3/EtViJgO+
BWqDAmSxfSsuYe8F+DhV+Uxv+vVVisunCniSSOnGEatHNtDzfMtrls+GIQXNEJZP
uYwd53sNnIP/UgzfG4D3tf6bVRbQVG0uIzbLGTMc2zfHjC36HBADH/mbKr+TDml/
CdcDwBi0tftVkU2i5tNbQ3WqUfTYgGAVc1VuiH1ilhPzUmfCaStNPc9I7zjp0Kw2
jUtFpT09lvkm0bYg3clZ
=OJZE
-----END PGP SIGNATURE-----

More information about the pkg-cryptsetup-devel mailing list