[pkg-cryptsetup-devel] Bug#901795: cryptsetup: new version may break 3rd party keyscripts (and thus boot)
Christoph Anton Mitterer
calestyo at scientia.net
Mon Jun 18 14:06:59 BST 2018
Source: cryptsetup
Version: 2:2.0.3-2
Severity: important
Hi.
Fritst thanks for work you've done in the recent new versions. Sooo many
nice things have been implemented/fixed :-)
Unfortunately, it breaks booting with my personal openpgp keyscripts.
The problem seems that in earlier versions, the initramfs got this file:
main/conf/conf.d/cryptroot with:
target=system,source=/dev/disk/by-uuid/97d2d814-72f6-11e8-a274-742b62897688,rootdev,keyscript=/lib/cryptsetup/scripts/decrypt_openpgp,tries=0,key=device=/dev/disk/by-label/keyFilePart:pathname=/etc/dm-crypt/keys/keyfile_for_system
As you can see, I use the 3rd field of the crypttab, for giving addtional
options to the keyscript:
device=/dev/disk/by-label/keyFilePart => the device on which the keyfile is to be found at boot
pathname=/etc/dm-crypt/keys/keyfile_for_sysstem => the name of the keyfile on the rootfs of that device
This file is gone, but now there is
main/cryptroot/crypttab with:
system UUID=31a2a126-2947-47ad-a87e-f5b9cb0b6c8a device=/dev/disk/by-label/gss-boot-data_ec713fc2-901a-4f51-8ffe-b9f4df02537b:pathname=/etc/dm-crypt/keys/heisenberg.scientia.net_system loud,luks,keyscript=decrypt_openpgp,tries=0
1) Such a file/format change should go to the NEWS file ;-)
This is one of the main reasons I reported #826122 back then
to get that "interface" stable for 3rd party users
2) I assume main/cryptroot/crypttab can have multiple lines, right?
How can I find out in my keyscript, which one is the right line
for it right now (i.e. for the device the keyscript currently
tries to open)?
3) Is there any documentaion of the (stable) format of main/cryptroot/crypttab?
Cause it doesn't seem to be the same than the normal /etc/crypttab
Thanks,
Chris.
More information about the pkg-cryptsetup-devel
mailing list