On 2023-06-21 15:21, Roland Clobus wrote:
Hello Paul, On 18/06/2023 23:12, paul@gilbertson.biz wrote:Great job on Debian Bookworm. Just an FYI for people reading the manual. You must add the “cryptsetup-initramfs” package along with “cryptsetup” in your “package-list” or your live distro will not see any encrypted drives. In Bullseye, “cryptsetup-initramfs” was recommended and therefore automatically installed and in Bookworm it isn’t.Thanks for noticing. At the moment the automated test (on openQA [1]) do not contain such scenarios, therefore this use case was missed. Can you provide some more details? Which steps did you follow, when you noticed that 'cryptsetup-initramfs' is missing? With kind regards, Roland Clobus [1] https://openqa.debian.net/group_overview/14
Hello Roland,I setup my build for an encrypted persistence and just included cryptsetup. When I did the first build I noticed I didn't get the cryptsetup error message I normally get during the hooks/normal phase where it indicates that it cannot find a drive. Didn't think anything of it until after adding the encrypted partition and booting and it didn't find my encrypted usb partition. I used the setting "persistence persistence-encryption=luks persistence-media=removable-usb" in my LB_BOOTAPPEND_LIVE configuration. I looked in my live distro for the file "/etc/cryptsetup-initramfs/conf-hook" as described in the hook/normal script 1010-enable-cryptsetup.hook.chroot and it wasn't there. So I looked up the Debian package and saw that it was only suggested not recommended. I included the "cryptsetup-initramfs" in my package list and did another "lb build" and everything worked great! By the way, for UEFI recognition I would add the following fdisk workaround that's not mentioned in the manual. When you use fdisk to create the extra partition on the live usb it states "'iso9660' signature and it will be removed by a write command". As you know, hybrid ISO's have multiple partition tables iso9660, dos, gpt, mac. So I used the following command so that none of the signatures get wiped and only use the dos partition. # fdisk --wipe=never -t dos /dev/sdX . It finds my encrypted usb partition and has no trouble booting from UEFI or Bios. If there is a better way let me know.
Cheers Paul Cheers Paul