[pkg-cryptsetup-devel] Bug#930696: Keyfiles specified by KEYFILE_PATTERN are not added to the initramfs

Jernej Jakob jernej.jakob at gmail.com
Tue Jun 18 19:35:47 BST 2019

Package: cryptsetup
Version: 2:2.1.0-5

Any keyfiles configured in /etc/cryptsetup-initramfs/conf-hook
KEYFILE_PATTERN are not added to the initramfs if the target in
/etc/crypttab also has keyscript set.

This may prevent the system from booting if the target has a
keyscript=/bin/cat set (as is in PureOS which is based on buster).

The check is done in debian/initramfs/hooks/cryptroot:169.

Perhaps cryptroot should print out a warning that the keyfile set in
crypttab wasn't added due to a set keyscript. That way the users would
know something may be misconfigured.

The documentation should also be updated to reflect this behavior, in
particular /etc/cryptsetup-initramfs/conf-hook, debian/README.initramfs
and wherever else it's applicable.

More information about the pkg-cryptsetup-devel mailing list