[pkg-cryptsetup-devel] Bug#1076100: /usr/share/initramfs-tools/hooks/cryptroot: replaces stable LABEL=… lines in crypttab with unstable UUID=… entries

Thorsten Glaser tg at mirbsd.de
Wed Jul 10 19:35:36 BST 2024 

Package: cryptsetup-initramfs
Version: 2:2.3.7-1+deb11u1
Severity: normal
X-Debbugs-Cc: tg at mirbsd.de

The /cryptroot/crypttab file in the initramfs contains lines like:

cxxxxPV UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none discard,luks,initramfs

This is bad because these are less stable than the LABEL=… lines I put
into crypttab(5): the UUID changes then you do a restore from backup,
whereas the LABEL can be easily made to stay the same.

It should not do so for LABEL= lines. (I can understand wishing to do
so for others, but even GRUB has a GRUB_DISABLE_LINUX_UUID=true option
because they realise UUIDs can be troubling.)


-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-5.10.0-30-amd64 root=/dev/mapper/vg--xxxx-lv--root ro rootdelay=5 net.ifnames=0 ip=6,0,eth0,xxxx.mirbsd.org,2a02:xxxx:xxxx:xxxx::1/64,fe80::1 nomodeset TZ=:UTC

-- /etc/crypttab
# <target name>	<source device>		<key file>	<options>
cxxxxPV		LABEL=cxxxxPV		none		discard,luks,initramfs
cswp1		/dev/vg-xxxx/lv-swp1	/dev/random	discard,cipher=aes-xts-plain64,size=256,plain,swap
cswp2		/dev/vg-xxxx/lv-swp2	/dev/random	discard,cipher=aes-xts-plain64,size=256,plain,swap

-- /etc/fstab
/dev/vg-xxxx/lv-root  /             ext4   defaults,auto_da_alloc,relatime,lazytime              0  2
LABEL=xxxx-boot       /boot         ext4   defaults,auto_da_alloc,noatime,lazytime,nodev,noexec  0  1
swap                  /tmp          tmpfs  defaults,noatime,lazytime,nosuid,nodev                0  0
/dev/vg-xxxx/lv-mbsd  /var/anoncvs  ext4   defaults,auto_da_alloc,noatime,lazytime,nodev         0  3
/dev/mapper/cswp1     swap          swap   sw,discard=once                                       0  0
/dev/mapper/cswp2     swap          swap   sw,discard=once                                       0  0

swap  /var/log/apache2  tmpfs  size=37748736,async,noatime,lazytime,auto,nodev,noexec,nosuid,rw,nouser,uid=0,gid=4,mode=2750  0  0

-- lsmod
Module                  Size  Used by
nft_reject_inet        16384  7
nf_reject_ipv4         16384  1 nft_reject_inet
nf_reject_ipv6         20480  1 nft_reject_inet
nft_reject             16384  1 nft_reject_inet
nf_tables             274432  56 nft_reject_inet,nft_reject
libcrc32c              16384  1 nf_tables
nfnetlink              20480  1 nf_tables
joydev                 28672  0
drm_kms_helper        278528  0
evdev                  28672  2
cec                    61440  1 drm_kms_helper
sg                     36864  0
serio_raw              20480  0
pcspkr                 16384  0
drm                   634880  1 drm_kms_helper
virtio_balloon         24576  0
qemu_fw_cfg            20480  0
button                 24576  0
dm_crypt               57344  3
dm_mod                163840  19 dm_crypt
ext4                  942080  3
crc16                  16384  1 ext4
mbcache                16384  1 ext4
jbd2                  151552  1 ext4
crc32c_generic         16384  0
hid_generic            16384  0
usbhid                 65536  0
hid                   151552  2 usbhid,hid_generic
crc32_pclmul           16384  0
crc32c_intel           24576  7
sd_mod                 61440  3
t10_pi                 16384  1 sd_mod
crc_t10dif             20480  1 t10_pi
crct10dif_generic      16384  0
crct10dif_pclmul       16384  1
crct10dif_common       16384  3 crct10dif_generic,crc_t10dif,crct10dif_pclmul
virtio_scsi            24576  2
virtio_net             61440  0
net_failover           24576  1 virtio_net
failover               16384  1 net_failover
ghash_clmulni_intel    16384  0
ata_generic            16384  0
uhci_hcd               57344  0
ata_piix               36864  0
libata                299008  2 ata_piix,ata_generic
ehci_hcd               98304  0
aesni_intel           372736  6
scsi_mod              270336  4 virtio_scsi,sd_mod,libata,sg
libaes                 16384  1 aesni_intel
crypto_simd            16384  1 aesni_intel
cryptd                 24576  5 crypto_simd,ghash_clmulni_intel
glue_helper            16384  1 aesni_intel
psmouse               184320  0
virtio_pci             28672  0
virtio_ring            36864  4 virtio_balloon,virtio_scsi,virtio_pci,virtio_net
virtio                 16384  4 virtio_balloon,virtio_scsi,virtio_pci,virtio_net
i2c_piix4              28672  0
usbcore               331776  3 usbhid,ehci_hcd,uhci_hcd
usb_common             16384  3 usbcore,ehci_hcd,uhci_hcd
floppy                 90112  0


-- System Information:
Debian Release: 11.10
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldstable-proposed-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-30-amd64 (SMP w/1 CPU thread)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages cryptsetup-initramfs depends on:
ii  busybox                                 1:1.30.1-6+b3
ii  cryptsetup                              2:2.3.7-1+deb11u1
ii  debconf [debconf-2.0]                   1.5.77
ii  initramfs-tools [linux-initramfs-tool]  0.140

Versions of packages cryptsetup-initramfs recommends:
ii  console-setup  2:20200214
ii  kbd            2.3.0-3

cryptsetup-initramfs suggests no packages.

-- debconf information:
  cryptsetup-initramfs/prerm_active_mappings: true

More information about the pkg-cryptsetup-devel mailing list