[pkg-cryptsetup-devel] Bug#917067: Bug#917067: cryptsetup-bin: Opening a LUKS image which resides inside of the /home/ partition
Guilhem Moulin
guilhem at debian.org
Sat Dec 22 15:11:02 GMT 2018
Control: reassign -1 cryptsetup-initramfs
Control: retitle -1 Open a disk image file not residing on the root filesystem
Control: severity -1 wishlist
On Sat, 22 Dec 2018 at 15:47:58 +0100, Mikhail Morfikov wrote:
>> If you remove ‘keyscript=decrypt_keyctl’ systemd should be able to
>> unlock the device later in the boot process, once /home has been
>> mounted. (systemd doesn't support ‘keyscript=’ currently, cf. #618862.)
>> To preserve unattended unlocking you could use a key file instead.
>
> In the past I was using systemd to unlock all the LUKS containers and that was
> working well. But I had to remove plymouth, and hence I have to type the same
> password multiple times at boot stage. That's why I added the "luks.crypttab=no"
> option to the kernel cmd line, and I want to use only the /etc/crypttab solution.
The “luks.crypttab=no” boot parameter shouldn't be needed if all mapped
devices are either unlocked at initramfs stage, or have option ‘noauto’.
If having a key file is acceptable to you, the following crypttab(5)
snippet should be enough for systemd to map the device once /home has
been mounted:
some_img /home/me/luks/some.img /path/to/key/file luks
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20181222/b55b15cf/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list