[pkg-cryptsetup-devel] Bug#800147: Bug#800147: cryptsetup: keyscript=/lib/cryptsetup/scripts/passdev and noearly do not work
Jonas Meurer
jonas at freesources.org
Wed Dec 9 18:58:51 UTC 2015
Hi,
Am 09.12.2015 um 18:34 schrieb Guilhem Moulin:
> On Sun, 27 Sep 2015 at 03:40:29 -0700, Rick Thomas wrote
>> aux /dev/disk/by-id/ata-VMware_Virtual_IDE_Hard_Drive_01000000000000000001-part1 /dev/disk/by-label/keys:/keys luks,noearly,keyscript=/lib/cryptsetup/scripts/passdev
>
> What is ‘/dev/mapper/aux’ used for? It's ignored by the cryptroot hook because
> it wasn't detected as being the root device, the /usr device, or a resume
> device, and its cryttab entry doesn't have the ‘initramfs’ option set.
Actually the problem here is related to the switch to systemd as default
init system.
In Wheezy, sysvinit was the default init system and thus the cryptsetup
init script (/etc/init.d/cryptdisks) as responsible for processing all
crypttab entries that where not unlocked during initramfs stage
beforehand. The init script supports the options keyscript and noearly.
Now in Jessie, systemd seems to have its own cryptsetup implementation,
ignoring the old init script at /etc/init.d/cryptdisks. Unfortunately,
only a subset of the formerly supported crypttab options are supported
in the systemd cryptsetup implementation. Thus, options like keyscript
and noearly are silently ignored.
What we need to do is take a look at the systemd cryptsetup
implementation and understand how it works. Probably it's possible to
leave the dm-crypt unlocking to systemd whenever the required features
are available and pass the task to the old initscript only when
additional features (e.g. like keyscript) are required. Otherwise we
would have to disable the systemd cryptsetup/dm-crypt processing
features and stick to the init script for now.
In the long term, implementing the missing features in the systemd code
should be the way to go.
Cheers
jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20151209/62704193/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list