[pkg-cryptsetup-devel] Bug#818158: cryptsetup: multiple devices with decrypt_keyctl still ask for multiple passwords

Marc Lehmann debian-reportbug at plan9.de
Mon Mar 14 10:17:01 UTC 2016 

Package: cryptsetup
Version: 2:1.7.0-2
Severity: normal

Dear Maintainer,

I have a fairly simple setup (w.r.t cryptsetup) with two encrypted lvm
partitions, one of them / and the other to be mounted at /localvol.

I use the keyscript=decrypt_keyctl method to avoid being asked tow
passwords, but I still get asked twice during boot.

First I get asked "Caching passphrase..." (or something to that effect)
in the initrd, which then unlocks /. Later, after systemd kicks in, I get
asked the passphrase for /localvol, with a different, bright white prompt.

I expect the passphrase to be reused at this point.

I know the caching does work - if I press return three times at the
second prompt, systemd goes into emergency mode because it can't mount
the disk (as expected). If I then log in and use "cryptdisks_start
cryptlvol" manually, it sets up the disk using the password cached during
initramfs booting, that is, cryptdisks_start is using the previously
cached passphrase.

This leads me to believe this is a bug in systemd integration, or even in
systemd, and that my setup is, in fact, sound.

-- Package-specific info:
-- /etc/crypttab
# <target name>	<source device>			<key file>	<options>
cryptroot	/dev/vg_x01/root		boot		luks,keyscript=decrypt_keyctl,discard
cryptlvol	/dev/vg_x01/localvol		boot		luks,keyscript=decrypt_keyctl

-- /etc/fstab
/dev/mapper/cryptroot	/		btrfs		defaults,noatime,autodefrag		0	0
/dev/mapper/cryptlvol	/localvol	btrfs		defaults,nossd,autodefrag,compress=lzo	0	0

-- System Information:
Debian Release: 8.3
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable'), (500, 'testing'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.5-040405-generic (SMP w/12 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages cryptsetup depends on:
ii  cryptsetup-bin         2:1.6.6-5
ii  debconf [debconf-2.0]  1.5.56
ii  dmsetup                2:1.02.115-2
ii  libc6                  2.21-9

Versions of packages cryptsetup recommends:
ii  busybox                                 1:1.22.0-9+deb8u1
ii  console-setup                           1.123
ih  initramfs-tools [linux-initramfs-tool]  0.120
ii  kbd                                     1.15.5-2

Versions of packages cryptsetup suggests:
ii  dosfstools              3.0.27-1
ii  keyutils                1.5.9-5+b1
ii  liblocale-gettext-perl  1.05-8+b1

-- Configuration Files:
/etc/bash_completion.d/cryptdisks 758d5cfcd9df55c82a7bb094728114b5 [Errno 2] No such file or directory: u'/etc/bash_completion.d/cryptdisks 758d5cfcd9df55c82a7bb094728114b5'
/etc/bash_completion.d/cryptsetup 59fe057d77242937e88f7bc26f346e5e [Errno 2] No such file or directory: u'/etc/bash_completion.d/cryptsetup 59fe057d77242937e88f7bc26f346e5e'

-- debconf information excluded

More information about the pkg-cryptsetup-devel mailing list