[pkg-cryptsetup-devel] Bug#1081552: cryptroot not run as the last in local-top

Paweł Bogusławski pawel.boguslawski at ib.pl
Fri Sep 13 10:17:21 BST 2024 

W dniu 12.09.2024 o 22:37, Guilhem Moulin pisze:
 > Works here, on bookworm as well as sid systems.  Which files do you 
have in
 > scripts/local-top/, and what is the content of scripts/local-top/ORDER?

(0)

Test environment:

    root at myhost:~# dpkg -s cryptsetup-initramfs | grep Version
    Version: 2:2.6.1-4~deb12u2

    root at myhost:~# dpkg -s initramfs-tools | grep Version
    Version: 0.142+deb12u1

    crypti must be executed after cryptopensc so crypti contains

         PREREQ="cryptopensc"

         prereqs()
         {
                 echo "$PREREQ"
         }

         case $1 in
             prereqs)
                 prereqs
                 exit 0
                 ;;
         esac

         . /scripts/functions



(1)

Wrong order when using /etc/initramfs-tools/scripts/local-top:

    root at myhost:/etc/initramfs-tools/scripts/local-top# ls -la
    total 4
    drwxr-xr-x  2 root root   20 Sep 13 10:37 ./
    drwxr-xr-x 12 root root  187 Sep  2 13:40 ../
    -rwxr-xr-x  1 root root 2291 Sep 12 20:26 crypti*

    root at myhost:/usr/share/initramfs-tools/scripts/local-top# ls -la
    total 12
    drwxr-xr-x 2 root root   42 Sep 13 10:37 ./
    drwxr-xr-x 8 root root  160 Sep  2 13:42 ../
    -rwxr-xr-x 1 root root  757 Dec 18  2023 cryptopensc*
    -rwxr-xr-x 1 root root 8011 Dec 18  2023 cryptroot*

    root at myhost:~# update-initramfs -u -k `uname -r`
    update-initramfs: Generating /boot/initrd.img-6.1.0-25-amd64

    scripts/local-top/ORDER from /boot/initrd.img-6.1.0-25-amd64:

    /scripts/local-top/cryptopensc "$@"
    [ -e /conf/param.conf ] && . /conf/param.conf
    /scripts/local-top/cryptroot "$@"
    [ -e /conf/param.conf ] && . /conf/param.conf
    /scripts/local-top/crypti "$@"
    [ -e /conf/param.conf ] && . /conf/param.conf



(2)

Correct order when using only /usr/share/initramfs-tools/scripts/local-top:

    root at myhost:/etc/initramfs-tools/scripts/local-top# ls -la
    total 0
    drwxr-xr-x  2 root root   6 Sep 13 10:44 ./
    drwxr-xr-x 12 root root 187 Sep  2 13:40 ../

    root at myhost:/usr/share/initramfs-tools/scripts/local-top# ls -la
    total 16
    drwxr-xr-x 2 root root   56 Sep 13 10:44 ./
    drwxr-xr-x 8 root root  160 Sep  2 13:42 ../
    -rwxr-xr-x 1 root root 2291 Sep 12 20:26 crypti*
    -rwxr-xr-x 1 root root  757 Dec 18  2023 cryptopensc*
    -rwxr-xr-x 1 root root 8011 Dec 18  2023 cryptroot*

    root at myhost:~# update-initramfs -u -k `uname -r`
    update-initramfs: Generating /boot/initrd.img-6.1.0-25-amd64

    scripts/local-top/ORDER from /boot/initrd.img-6.1.0-25-amd64:

    /scripts/local-top/cryptopensc "$@"
    [ -e /conf/param.conf ] && . /conf/param.conf
    /scripts/local-top/crypti "$@"
    [ -e /conf/param.conf ] && . /conf/param.conf
    /scripts/local-top/cryptroot "$@"
    [ -e /conf/param.conf ] && . /conf/param.conf



(3)

Correct order when using /etc/initramfs-tools/scripts/local-top with 
manually modified
prereqs() in /usr/share/initramfs-tools/scripts/local-top/cryptroot:

    root at myhost:~# diff -Nur /tmp/cryptroot.orig
    /usr/share/initramfs-tools/scripts/local-top/cryptroot
    --- /tmp/cryptroot.orig    2023-12-18 03:41:04.000000000 +0100
    +++ /usr/share/initramfs-tools/scripts/local-top/cryptroot
    2024-09-13 10:57:31.553563630 +0200
    @@ -1,27 +1,17 @@
      #!/bin/sh

    -PREREQ="cryptroot-prepare"
    +PREREQ="cryptroot-prepare cryptopensc cryptoi"

    -#
    -# Standard initramfs preamble
    -#
      prereqs()
      {
    -       # Make sure that cryptroot is run last in local-top
    -       local req
    -       for req in "${0%/*}"/*; do
    -               script="${req##*/}"
    -               if [ "$script" != "${0##*/}" ]; then
    -                       printf '%s\n' "$script"
    -               fi
    -       done
    +    echo "$PREREQ"
      }

      case $1 in
    -prereqs)
    -       prereqs
    -       exit 0
    -       ;;
    +    prereqs)
    +        prereqs
    +        exit 0
    +        ;;
      esac

      . /scripts/functions



    root at myhost:/etc/initramfs-tools/scripts/local-top# ls -la
    total 4
    drwxr-xr-x  2 root root   20 Sep 13 10:48 ./
    drwxr-xr-x 12 root root  187 Sep  2 13:40 ../
    -rwxr-xr-x  1 root root 2291 Sep 12 20:26 crypti*

    root at myhost:/usr/share/initramfs-tools/scripts/local-top# ls -la
    total 12
    drwxr-xr-x 2 root root   42 Sep 13 10:57 ./
    drwxr-xr-x 8 root root  160 Sep  2 13:42 ../
    -rwxr-xr-x 1 root root  757 Dec 18  2023 cryptopensc*
    -rwxr-xr-x 1 root root 7850 Sep 13 10:57 cryptroot*

    root at myhost:~# update-initramfs -u -k `uname -r`
    update-initramfs: Generating /boot/initrd.img-6.1.0-25-amd64

    scripts/local-top/ORDER from /boot/initrd.img-6.1.0-25-amd64:

    /scripts/local-top/cryptopensc "$@"
    [ -e /conf/param.conf ] && . /conf/param.conf
    /scripts/local-top/crypti "$@"
    [ -e /conf/param.conf ] && . /conf/param.conf
    /scripts/local-top/cryptroot "$@"
    [ -e /conf/param.conf ] && . /conf/param.conf



(4)

Assumption:

    prereqs() from original
    /usr/share/initramfs-tools/scripts/local-top/cryptroot does not produce
    expected output when crypti is in
    /usr/share/initramfs-tools/scripts/local-top dir.



-- 
Regards,

Paweł Bogusławski
E: pawel.boguslawski at ib.pl

More information about the pkg-cryptsetup-devel mailing list