Bug#348147: Bug#358452: [Pkg-cryptsetup-devel] Bug#358452: Latest version of script files

To: 358452@bugs.debian.org, 348147@bugs.debian.org, David Härdeman <david@2gen.com>
Subject: Bug#348147: Bug#358452: [Pkg-cryptsetup-devel] Bug#358452: Latest version of script files
From: Arjan Oosting <arjanoosting@home.nl>
Date: Thu, 13 Apr 2006 22:29:12 +0200
Message-id: <1144960152.27005.31.camel@stardust.arriesoft.nl>
Reply-to: Arjan Oosting <arjanoosting@home.nl>, 348147@bugs.debian.org
In-reply-to: <20060412205452.GC13976@hardeman.nu>
References: <20060411171954.GB9883@hardeman.nu> <20060412164417.GC17602@freesources.org> <20060412202747.GA13976@hardeman.nu> <20060412204321.GD15960@freesources.org> <20060412205452.GC13976@hardeman.nu>

Hi, 

I tried your scripts but they are not working for me. So I have adjusted
them a little. First I will explain my situation and then the changes I
made.

I have an encrypted partition /dev/hda3 with the unencrypted
counterpart /dev/mapper/pvcrypt. /dev/mapper/pvcrypt is a physical
volume for the volume group vgcrypt (LVM). And my root partition then is
the logical volume /dev/mapper/vgcrypt-root.

With yaird this just works with root=/dev/mapper/vgcrypt-root and a
suitable content for /etc/crypttab:

# <target device> <source device> <key file> <options>
pvcrypt         /dev/hda3       none    cipher=aes-cbc-essiv:sha256,luks,verify

With initramfs-tools and your patches it failes due to a couple of
reasons:
      * First of all lvm (and md) are started before cryptroot because
        their scripts are in local-top and the cryptroot is in
        local-premount. (This can be solved by moving the script to
        local-top) 
      * The second problem is that the scripts expect the ROOT variable
        to point to device the encrypted device instead of the actual
        root.  But even if I set this, it does not work because after
        the script the ROOT variable points to the unencrypted physical
        volume, which is NOT my actual root partition. This can NOT be
        solved in the lvm script because I have more logical volumes, so
        it can not determine which one will be the actual root. 

So what I have done is adjust the cryptroot-hook and cryptroot-script
files and move the script to /etc/mkinitramfs-tools/scripts/local-top.

The hook script now first the determines the actual root device and then
looks whether there is an encrypted device which has to be setup to
acces the root device. The encrypted device can be the actual root
device but it can also be the physical volume of a LVM volumegroup etc.

The hook script determines the encrypted source device
from /etc/crypttab so there is no need the adjust boot parameter root. 

The hook script also determines whether it should start before or after
LVM. 

The hook script then stores the crypto source device and the target, the
cryptsetup options and the PREREQ in the configuration file in the
initramfs image. 

The script then uses this information at startup, and now it works for
me at least ;).

I hope you found my email usefull and thanks for your work

Attachment: cryptroot-hook
Description: application/shellscript

Attachment: cryptroot-script
Description: application/shellscript

Attachment: signature.asc
Description: Dit berichtdeel is digitaal ondertekend

Reply to:

Prev by Date: Re: Bug#361024: note on "2.4 is deprecated"
Next by Date: Re: Bug#361024: note on "2.4 is deprecated"
Previous by thread: Processed: severity of 362064 is serious
Next by thread: Bug#354598: Bug seems to be fixed in 2.6.16
Index(es):
- Date
- Thread