[pkg-cryptsetup-devel] Bug#933836: cryptkeyctl: When using keyscript "decrypt_keyctl" in crypttab, update-initramfs fails

Sebastian Mohr sebi at debian.sebi.name
Sun Aug 4 09:45:33 BST 2019 

Package: cryptsetup-initramfs
Version: 2:2.1.0-5
Severity: normal
File: /usr/share/initramfs-tools/hooks/cryptkeyctl

Dear Maintainer,

when configuring this encrypted machine running debian stable with keyscript
"decryt_keyctl", the invocation of update-initramfs fails with the message:

| E: /usr/share/initramfs-tools/hooks/cryptkeyctl failed with return 1.
| update-initramfs: failed for /boot/initrd.img-4.19.0-5-amd64 with 1.

After some debugging, I found out, that this script copies the file
"/bin/keyctl" to the initramfs. But this file, belonging to the package
"keyutils", is not installed.

After installing "keyutils", update-initramfs runs successfully.

I would suggest at least suggesting or recommending "keyutils" (and other
packages being needed for the other keyscripts) or giving out a clearer
error message on failure, like 'File "/bin/keyctl" not found, please install
package "keyutils".' or something like that.


Regards

Sebastian

-- Package-specific info:
-- /etc/crypttab
# <target name> <source device> <key file>      <options>
disk1_crypt     UUID=XXX        disk            luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/decrypt_keyctl
disk2_crypt     UUID=XXX        disk            luks,discard,initramfs,keyscript=/lib/cryptsetup/scripts/decrypt_keyctl

-- /etc/fstab
# <file system>         <mount point>   <type>          <options>                               <dump>  <pass>
UUID=XXX                /boot           ext4            defaults                                0       1
UUID=XXX                /boot/efi       vfat            nofail,x-systemd.device-timeout=1       0       2

/dev/mapper/disk_crypt  /               zfs             defaults                                0       0
/dev/mapper/disk2_crypt none            zfs             defaults                                0       0

-- System Information:
Debian Release: 10.0
   APT prefers stable
   APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-1-grml-amd64 (SMP w/24 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_CRAP, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect
LSM: AppArmor: enabled

Versions of packages cryptsetup-initramfs depends on:
ii  busybox                                 1:1.30.1-4
ii  cryptsetup-run                          2:2.1.0-5
ih  initramfs-tools [linux-initramfs-tool]  0.133

Versions of packages cryptsetup-initramfs recommends:
ii  console-setup  1.191
ii  kbd            2.0.4-4

cryptsetup-initramfs suggests no packages.

-- no debconf information

More information about the pkg-cryptsetup-devel mailing list