[pkg-cryptsetup-devel] Bug#906664: initramfs-tools: Add partition table support to get_fstype

Guilhem Moulin guilhem at debian.org
Thu Aug 23 11:29:41 BST 2018


On Wed, 22 Aug 2018 at 21:22:19 +0100, Ben Hutchings wrote:
> Looking at the local-top script from cryptsetup-initramfs, it seems to
> depend rather too closely on details of both initramfs-tools and lvm2.
> 
> - Why does it try to activate a volume group directly?  lvm2's scripts
> should do that.

They ideally should but currently don't, cf. #565676.  Currently
(2.02.176-4.1) /scripts/local-top/lvm2 only activate volumes holding the
root system and/or resume device.

So for dm-crypt in LVM, the underlying LV needs to be activated when
/scripts/local-top/cryptroot waits for the source device [0].


For LVM in dm-crypt however, instead of activating the LV manually [1]
we could let /scripts/local-{top,block}/lvm2 do it; while the cryptroot
scripts have been running since 12 years or so, I think we could run it
before lvm2 instead.

> - I don't think it should probe the contents of the encrypted volume at
> all.  That would mean that a wrong password for a non-LUKS device won't
> be specifically detected and reported.  But LUKS is strongly
> recommended, and I don't think this makes the non-LUKS user experience
> significantly worse.

This was reported as #906283 a few days ago, and I proposed to remove
the check, for LUKS devices at least.

-- 
Guilhem.

[0] https://sources.debian.org/src/cryptsetup/2:2.0.4-2/debian/initramfs/scripts/local-top/cryptroot/#L61
[1] https://sources.debian.org/src/cryptsetup/2:2.0.4-2/debian/initramfs/scripts/local-top/cryptroot/#L158
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20180823/42a6bf7f/attachment.sig>


More information about the pkg-cryptsetup-devel mailing list