[pkg-cryptsetup-devel] Bug#906664: initramfs-tools: Add partition table support to get_fstype
Guilhem Moulin
guilhem at debian.org
Thu Aug 23 11:29:41 BST 2018
On Wed, 22 Aug 2018 at 21:22:19 +0100, Ben Hutchings wrote:
> Looking at the local-top script from cryptsetup-initramfs, it seems to
> depend rather too closely on details of both initramfs-tools and lvm2.
>
> - Why does it try to activate a volume group directly? lvm2's scripts
> should do that.
They ideally should but currently don't, cf. #565676. Currently
(2.02.176-4.1) /scripts/local-top/lvm2 only activate volumes holding the
root system and/or resume device.
So for dm-crypt in LVM, the underlying LV needs to be activated when
/scripts/local-top/cryptroot waits for the source device [0].
For LVM in dm-crypt however, instead of activating the LV manually [1]
we could let /scripts/local-{top,block}/lvm2 do it; while the cryptroot
scripts have been running since 12 years or so, I think we could run it
before lvm2 instead.
> - I don't think it should probe the contents of the encrypted volume at
> all. That would mean that a wrong password for a non-LUKS device won't
> be specifically detected and reported. But LUKS is strongly
> recommended, and I don't think this makes the non-LUKS user experience
> significantly worse.
This was reported as #906283 a few days ago, and I proposed to remove
the check, for LUKS devices at least.
--
Guilhem.
[0] https://sources.debian.org/src/cryptsetup/2:2.0.4-2/debian/initramfs/scripts/local-top/cryptroot/#L61
[1] https://sources.debian.org/src/cryptsetup/2:2.0.4-2/debian/initramfs/scripts/local-top/cryptroot/#L158
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20180823/42a6bf7f/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list