[pkg-cryptsetup-devel] Bug#876477: cryptsetup: Password requested three times on boot, when /root is plaintext, but swap is on LVM on crypt.

Matthew Wakeling matthew at wakeling.homeip.net
Fri Sep 22 15:54:03 UTC 2017

Package: cryptsetup
Version: 2:1.7.3-4
Severity: normal

Dear Maintainer,

I have set up my system with an unencrypted /root partition, but with /home, /var, /tmp, and swap all in an LVM inside a luks crypt partition.
When booting, the system prompts for the crypto password, and then prints the error message:

 cryptsetup (volume): unknown fstype, bad password or options?

before printing lots more error messages, and then prompting for the password again.
This prompt can be ignored (just press enter), and the prompt appears again. Just press enter again, and the system boots, because the crypt device was correctly unlocked the first time.

The problem exists in /usr/share/initramfs-tools/scripts/local-top/cryptroot. THe script assumes that
it is having to unlock the /root partition, and gets the check for whether unlocking worked correctly wrong.
On line 341, the script sets $NEWROOT to the name of the LVM VG, instead of
the swap volume inside the LVM. I guess normally it would set it to the /root volume inside the LVM, but
the root filesystem in this case is on a separate partition. On line 348 it then sets $FSTYPE to the empty
string, because the LVM VG name doesn't play well with blkid. On line 352 the script then decides that
something has gone wrong, and the error message is produced.

In reality, the LVM volume has been correctly opened by activate_vg on line 330.
Lines 336 to 348 are completely unnecessary, as they try to check that the subvolume in the LVM has
a valid type. I have commented these lines out, and now my system correctly boots after asking for
the password only once.


-- Package-specific info:

-- System Information:
Debian Release: 9.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cryptsetup depends on:
ii  cryptsetup-bin         2:1.7.3-4
ii  debconf [debconf-2.0]  1.5.61
ii  dmsetup                2:1.02.137-2
ii  libc6                  2.24-11+deb9u1

Versions of packages cryptsetup recommends:
ii  busybox                                 1:1.22.0-19+b3
ii  console-setup                           1.164
ii  initramfs-tools [linux-initramfs-tool]  0.130
ii  kbd                                     2.0.3-2+b1

Versions of packages cryptsetup suggests:
ii  dosfstools              4.1-1
pn  keyutils                <none>
ii  liblocale-gettext-perl  1.07-3+b1

-- Configuration Files:
/etc/cryptsetup-initramfs/conf-hook changed:

-- debconf information:
  cryptsetup/prerm_active_mappings: true

More information about the pkg-cryptsetup-devel mailing list