[pkg-cryptsetup-devel] Bug#930696: Keyfiles specified by KEYFILE_PATTERN are not added to the initramfs
Jernej Jakob
jernej.jakob at gmail.com
Tue Jun 18 19:35:47 BST 2019
Package: cryptsetup
Version: 2:2.1.0-5
Any keyfiles configured in /etc/cryptsetup-initramfs/conf-hook
KEYFILE_PATTERN are not added to the initramfs if the target in
/etc/crypttab also has keyscript set.
This may prevent the system from booting if the target has a
keyscript=/bin/cat set (as is in PureOS which is based on buster).
The check is done in debian/initramfs/hooks/cryptroot:169.
Perhaps cryptroot should print out a warning that the keyfile set in
crypttab wasn't added due to a set keyscript. That way the users would
know something may be misconfigured.
The documentation should also be updated to reflect this behavior, in
particular /etc/cryptsetup-initramfs/conf-hook, debian/README.initramfs
and wherever else it's applicable.
More information about the pkg-cryptsetup-devel
mailing list