[pkg-cryptsetup-devel] Bug#983708: passdev and systemd use conflicting syntax for keyfile
schaarsc at gmx.de
schaarsc at gmx.de
Sun Feb 28 18:11:56 GMT 2021
Package: cryptsetup-initramfs
Version: 2:2.3.4-2~bpo10+2
systemd 247.2-5~bpo10+1
I recently switched to buster-backports and noticed an issue that (I think) could potentially break
systems migrating to bullseye.
On a system having encrypted root, keyfile on usb-stick and multiple btrfs subvolumes, the system
fails to mount all subvolumes.
If there is no solution, then maybe a hint in the README could be added.
== Root cause ==
/etc/crypttab is used by passdev and systemd, but using different syntax
passdev expects[1] <device>:<file>
systemd expects[2] <file>:<device>
== Setup ==
/etc/crypttab
(this is in one line, split to avoid random line breaks)
root-luks
/dev/sda2
/dev/disk/by-label/usbkeys:/root.key
luks,keyscript=passdev,initramfs
/etc/fstab
/dev/sda1 /boot ext2
/dev/mapper/root-luks / btrfs subvol=@
/dev/mapper/root-luks /.snapshots btrfs subvol=@snapshots
/dev/mapper/root-luks /home btrfs subvol=@home
== Observed issues ==
1. grub starts initramfs
2. cryptsetup-initramfs opens root-luks
3. systemd-cryptsetup-generator starts
4. Error: failed to mount run-systemd-cryptsetup-keydev\\x2droot\\x2dluks.mount
5. .snapshots and home is not mounted because of missing "dependency" for root-luks
== Workaround ==
create a systemd-mount file for the usb-stick
/etc/systemd/system/run-systemd-cryptsetup-keydev\\x2droot\\x2dluks.mount
What=/dev/disk/by-label/usbkeys
Where=/run/systemd/cryptsetup/keydev-root-luks
Options=ro
== References ==
1. /usr/share/doc/cryptsetup-initramfs/README.initramfs.gz
2. https://www.freedesktop.org/software/systemd/man/crypttab.html
More information about the pkg-cryptsetup-devel
mailing list