[pkg-cryptsetup-devel] Bug#866786: unlock all crypto devices in cryptroot-unlock (remote SSH-based unlocking)

[Antoine Beaupre]

Package: cryptsetup
Version: 2:1.7.3-4
Severity: wishlist

I have multiple crypto partitions I need to unlock when the machine
starts up. I use the dropbear-initramfs hack to unlock those
remotely. Unfortunately, the current implementation in
"cryptroot-unlock" doesn't seem to handle multiple devices at once.

I used to have a custom initramfs script that would do that for me in
jessie, but since the stretch upgrade, it stopped working, and I'm not
exactly sure why: i just don't get the prompt on the SSH commandline
at all anymore when I run my script.

The normal "cryptroot-unlock" program doesn't work either for multiple
partitions.

Is this something that could be considered?

-- Package-specific info:

-- System Information:
Debian Release: 9.0
  APT prefers stable
  APT policy: (500, 'stable'), (1, 'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cryptsetup depends on:
ii  cryptsetup-bin         2:1.7.3-4
ii  debconf [debconf-2.0]  1.5.61
ii  dmsetup                2:1.02.137-2
ii  libc6                  2.24-11+deb9u1

Versions of packages cryptsetup recommends:
ii  busybox                                 1:1.22.0-19+b3
ii  console-setup                           1.164
ii  initramfs-tools [linux-initramfs-tool]  0.130
ii  kbd                                     2.0.3-2+b1

Versions of packages cryptsetup suggests:
ii  dosfstools              4.1-1
pn  keyutils                <none>
ii  liblocale-gettext-perl  1.07-3+b1

-- debconf information excluded