[pkg-cryptsetup-devel] Bug#842951: Falsely identifies origin of a key file

martin f krafft madduck at debian.org
Wed Nov 2 14:31:27 UTC 2016 

Package: cryptsetup
Version: 2:1.7.2-4
Severity: normal
File: /usr/share/initramfs-tools/hooks/cryptroot

I am trying to set up a key file (/etc/luks/nvme0n1.luks) in
crypttab for the root filesystem. I realise this is a bit cyclical,
but I've successfully set up grub2 to do the decryption for me, so
that by the time initramfs comes around, I want it to fetch the key
from the initramfs. To do this, I thought I could simply configure
it with crypttab like so:

  crypt UUID=40aa3e9a-dd83-4789-822f-da3ed51b18cc /etc/luks/nvme0n1.luks luks,discard

and have the initramfs hook copy the keyfile. However, instead,
I get the following warning:

  WARNING: crypt's key file /etc/luks/nvme0n1.luks is not on an
  encrypted root FS, skipped

This is what the shell script evaluates to just before:

  + [ / != / ]
  + node_is_in_crypttab fishbowl-root
  + [ -f /etc/crypttab ]
  + [ 1 -gt 0 ]

I think the reason for the confusion is that the "crypt" device is
actually a PV for the fishbowl LVM VG, and the root filesystem is
just an LV there, so it's not encrypted per se, but it's part of an
encrypted volume group…

-- Package-specific info:

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.7.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cryptsetup depends on:
ii  cryptsetup-bin         2:1.7.2-4
ii  debconf [debconf-2.0]  1.5.59
ii  dmsetup                2:1.02.133-1
ii  libc6                  2.24-5

Versions of packages cryptsetup recommends:
ii  busybox                                 1:1.22.0-19
ii  console-setup                           1.152
ii  initramfs-tools [linux-initramfs-tool]  0.125
ii  kbd                                     2.0.3-2

Versions of packages cryptsetup suggests:
ii  dosfstools              4.0-2
pn  keyutils                <none>
ii  liblocale-gettext-perl  1.07-3+b1

-- debconf information excluded


-- 
 .''`.   martin f. krafft <madduck at d.o> @martinkrafft
: :'  :  proud Debian developer
`. `'`   http://people.debian.org/~madduck
  `-  Debian - when you have better things to do than fixing systems
-------------- next part --------------
A non-text attachment was scrubbed...
Name: digital_signature_gpg.asc
Type: application/pgp-signature
Size: 1089 bytes
Desc: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20161102/2f75b1fc/attachment.sig>

More information about the pkg-cryptsetup-devel mailing list