SOLVED: Re: persistence encryption: initramfs is missing cryptsetup

To: Debian-live mailing list <debian-live@lists.debian.org>
Cc: chals <chals@chalsattack.com>, areyouloco@paranoici.org
Subject: SOLVED: Re: persistence encryption: initramfs is missing cryptsetup
From: Jan Kowalsky <jankow@datenkollektiv.net>
Date: Tue, 16 Jun 2015 18:30:56 +0200
Message-id: <[🔎] 55804F40.90105@datenkollektiv.net>
In-reply-to: <[🔎] 557B4ED9.7020503@datenkollektiv.net>
References: <[🔎] 55795BD3.5020103@datenkollektiv.net> <[🔎] CAJRhvA+GrXZWaxoukotmN9UrTYUMZmYPhjWxz0OBF_dHgbXXyg@mail.gmail.com> <[🔎] 557B4ED9.7020503@datenkollektiv.net>

Am 12.06.2015 um 23:27 schrieb Jan Kowalsky:
> Am 11.06.2015 um 16:12 schrieb chals:
>> On Thu, Jun 11, 2015 at 11:58 AM, Jan Kowalsky
>> <jankow@datenkollektiv.net> wrote:
>>> Hi all,
>>>
>>> I try to build a live system with luks encrypted persistence. It fails,
>>> because inside the initramfs the cryptsetup binaries don't exist. In the
>>> past - from wheezy I was able to build an encrypted system as long as I
>>> took the live-boot-initramfs-tools from jessie.
>>>
>>> Is it possible to include some packages inside the initramfs? Where
>>> would be the place to configure?
>>>
>> This section of live-manual might be of some help -->
>> http://live.debian.net/manual/current/html/live-manual.en.html#590
>>
> Thanks for the hint. I was looking at the stable manual which still
> seems to refer to wheezy and doesn't face crypted persistence. But
> anyway, that's exactly, what I've done. And in this way I did it in the
> past with success.
>
> The problem is: the cryptsetup binary exists in the chroot - but not in
> the initramdisk.
>
> Any further idea? Anybody of you was able to build an image with crypted
> persistence with the live helpers in wheezy?
>
> Is there anyway to specify which additional packages should reach the
> initramfs?

The reason cryptsetup doesn't find it's way into initramfs anymore is
the probably following:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714104

Since jessie the cryptsetup-package changed the cryptoroot hook:
  (/usr/share/initramfs-tools/hooks/cryptroot)

Now it includes cryptsetup in the initramfs only if it detects an
configuration of an crypted _root_ filesystem in /etc/fstab or
/etc/crypttab.

Since this is not the case inside the live chroot the binaries aren't
included.

This Bug-Report gave me an idea, how to fix this:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1256730

So I try to include an
usr/share/initramfs-tools/conf-hooks.d/forcecryptsetup with

export CRYPTSETUP=y

in the includes.chroot and build the image again and it works.

The live-initramfs packages should maybe export this variable somewhere.
I don't know what's the best place for that. But maybe this should be
mentioned in the documentation until it is fixed in the next version.

Best regards
Jan

Reply to:

Follow-Ups:
- Re: SOLVED: Re: persistence encryption: initramfs is missing cryptsetup
  - From: chals <chals@chalsattack.com>

References:
- persistence encryption: initramfs is missing cryptsetup
  - From: Jan Kowalsky <jankow@datenkollektiv.net>
- Re: persistence encryption: initramfs is missing cryptsetup
  - From: chals <chals@chalsattack.com>
- Re: persistence encryption: initramfs is missing cryptsetup
  - From: Jan Kowalsky <jankow@datenkollektiv.net>

Prev by Date: Re: Confused about the deb 8.0 lb build commands
Next by Date: Re: SOLVED: Re: persistence encryption: initramfs is missing cryptsetup
Previous by thread: Re: persistence encryption: initramfs is missing cryptsetup
Next by thread: Re: SOLVED: Re: persistence encryption: initramfs is missing cryptsetup
Index(es):
- Date
- Thread