[pkg-cryptsetup-devel] Bug#917067: cryptsetup-bin: Opening a LUKS image which resides inside of the /home/ partition

Mikhail Morfikov mmorfikov at gmail.com
Sat Dec 22 03:09:02 GMT 2018 

Package: cryptsetup-bin
Version: 2:2.0.6-1
Severity: minor

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I have several LUKS containers, and all of them use the same password. Some of
the containers are regular disk partitions, but I also have some file images.
An example file image is stored under /home/me/luks/some.img . Here's the
/etc/crypttab file:

- -------
# <target name> <source device> <key file> <options>
sda2_crypt  UUID=some-uuid-1        c1
luks,header=/boot/headers/sda2,keyscript=decrypt_keyctl,initramfs
sdb1_crypt  UUID=some-uuid-2        c1
luks,header=/boot/headers/sdb1,keyscript=decrypt_keyctl,initramfs
some_img    /home/me/luks/some.img  c1 luks,keyscript=decrypt_keyctl
- -------

All of the containers should be opened at boot time, but only the first two
are.

When I add "initramfs" to the third container, I get the following error:

- -------
cryptsetup: ERROR: Couldn't resolve device /home/me/luks/some.img
- -------

And if that message is ignored, system is unable to boot because it waits for
the "device", but since the "device" is inside of the /home/ partition, and the
/home/ partition is inside of an encrypted LVM setup, it can't be read. So I
can't
use "initramfs" in the case of the LUKS file images, but without it, I can't
open the file image along with the rest of the drives at boot time.

For now, I use a systemd service which uses cryptdisks_start and
cryptdisks_stop scripts. In this way the file image can be opened using the
same
password in the kernel keyring, but is there a way to make it work using only
the /etc/crypttab file?



- -- Package-specific info:

- -- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (130, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cryptsetup-bin depends on:
ii  libblkid1        2.33-0.2
ii  libc6            2.28-3
ii  libcryptsetup12  2:2.0.6-1
ii  libpopt0         1.16-11
ii  libuuid1         2.33-0.2




-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5JPPWm5C7TFDUMqpzQRoEHcbZSAFAlwdqsQACgkQzQRoEHcb
ZSBKMg/+PTFKL0K8Fi+rm+5pUAAX4qOUExjiaj75NQu1hfP8fxoZf+g3PaMBX7kl
9byFi/eQQ/kAHP2NfukyOqrpwc6nZt/Gv90ozxNDaZ/THTby6er8g7fDPaM09u28
aZJJM0jC2OoBejilOWrkoQxEPeWwk6+OC5hL3p41RjBNNdgCqyym6NgmDO0ZhjRs
0lqHnXJKWsdkKAHc4ETf/rRIpjvY5KrB5ybpFDXsQgmY284Es7J1TPfdkZ5Ev4Sf
ouGI+C+8Lx3lNAqXD6t1a2UNVqggHHwFs9rZqM+OQkTJPtykGq3Nylh2tbKflKH4
lUfKmdKFDgMidy/LyD6QZJRLD7cqv7HOAyDX5JOKYXDVj8rzU2kYHsfBmno/fyUY
ipnlZiG1oLY1gX3fAekbnnI2YPOH1tMqKxLTsQDgNCfSMReQUj3dZC+18Hb9/Opq
GG0TuvZbj7c+S3pJLrtfoXY+0a9kXkirYsVX7Riiefva6uM4P5KW04jLEs2f4N8P
2sc+pBC4/+PhhiUPhVNuHEQBzSfz/jpnIcTkf2Twy22/cu+Y+Yheqhd+9V5B9rQQ
2fxD5fJRX/RHCDuYho/MX3AhRAZrIYvbXT8kpkecpHvyxhdJZepsLqeOyjWdD+gB
f1PWWTNu1t43dH8omwz/tlpD9az6SPsDr5L29SRk2J7dgAtpr+k=
=4RGF
-----END PGP SIGNATURE-----

More information about the pkg-cryptsetup-devel mailing list