Package: partman-crypto
Version: 103
Severity: wishlist
Hi there,
Since 2:2.0.3-1 the ‘cryptsetup’ package is a transitional dummy package
for ‘cryptsetup-run’ (various scripts and helpers/wrappers) and
‘cryptsetup-initramfs’ (initramfs integration, depending on the former).
https://tracker.debian.org/news/965549/accepted-cryptsetup-2203-1-source-amd64-all-into-unstable-unstable/
partman-crypto's ‘finish.d/crypto_aptinstall’ currently (v103) runs
`apt-install cryptsetup`. This works as far Buster is concerned, but
spews the following warning upon `update-initramfs -u`
WARNING: The initramfs image may not contain cryptsetup binaries nor crypto modules.
If that's on purpose, you may want to uninstall the 'cryptsetup-initramfs' package
in order to disable the cryptsetup initramfs integration and avoid this warning.
if no encrypted volume needs to be unlocked at initramfs stage (for
instance if they're holding /home or /var, but not /). Hence the
‘Severity: wishlist’.
Our (cryptsetup maintaining team) plan is to rename ‘cryptsetup-run’ to
‘cryptsetup’ once Buster is released, hence this bug should be RC at
this point: with `apt-install cryptsetup` the initramfs integration
won't be installed anymore. (While it's required for encrypted volumes
holding /, /usr, and/or the resume device(s).)
Post-Buster, replacing `apt-install cryptsetup` with `apt-install
cryptsetup-initramfs` should be enough to downgrade the severity back to
‘wishlist’.
The real fix would be to have a detection logic triggering `apt-install
cryptsetup` whenever there are crypt targets in the dm table, and
`apt-install cryptsetup-initramfs` if any volume needs to be unlocked at
initramfs stage, i.e., holding /, /usr, and/or the resume device(s).
Thanks for maintaining d-i in Debian!
--
Guilhem.
Attachment:
signature.asc
Description: PGP signature