Bug#618862: systemd: ignores keyscript in crypttab

Avi Deitcher avi at deitcher.net
Tue Apr 12 12:27:09 BST 2016

 > Workaround: add "luks=no" to the kernel command line to disable
systemd's generator

This worked great... until you try to add another partition to crypttab.
Since the cryptroot in initrd only does root, but luks=no disables all

E.g. if crypttab looks like

root /dev/sda1 /dev/sda5:/keyfile rootdev,keyscript=/path/to/some/keyscript
swap /dev/sda2 /dev/urandom swap

then you are stuck:

1. luks=no: systemd doesn't try to reopen /dev/sda1 (GOOD), but it also
doesn't try to enable swap (BAD)
2. comment out root from crypttab: systemd doesn't try to reopen /dev/sda1
(GOOD), but it then needs a mess of kernel command-line options in grub.cfg
(BAD), and it doesn't install the necessary binaries to initramfs (BAD).

Is there any clean solution that recognizes the granularity? Maybe one way
is to put all encrypted filesystems loaded via initramfs?

Avi Deitcher
avi at deitcher.net
Follow me http://twitter.com/avideitcher
Read me http://blog.atomicinc.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20160412/471f9f08/attachment.html>

More information about the Pkg-systemd-maintainers mailing list