B. Alexander wrote:
I started looking in this direction myself last night. I am, for the life of me, unable to figure why or how drives are designated as early versus non-early. With the exception of adding "noearly" to the options in /etc/cryptab. However, I am unable to find a single partition on a single encrypted machine that uses this option. So theoretically, all of the drives should be designated as early. I also haven't done this in a couple of years, so maybe the encryption system has matured in the meantime.
Supposedly all crypto devices are created as early as possible; the non-early script (which does exactly the same thing as the -early script) probably only creates the devices on LVs.
The fact that there are two distinct scripts suggest that the procedures are only called twice, which would not be really flexible for fancy setups (should be more event-based) -- but I might be wrong and the definition of "early" could be more specific. I can't seem to find anything in the /lib/cryptsetup/cryptdisks.functions, however. It just systematically ignores the devices explicitely marked as noearly in the /etc/crypttab when called by the -early script (checked with $INITSTATE). So, I suppose it silently ignores all the failures in the hope a subsequent call will handle the remaining devices.
In your case, you have to figure out why some devices are not handled by the first call. I see there are already many trace messages waiting for $VERBOSE to be set to "yes", it might just be a matter of looking at the log.
Have fun.
[snip] I'm really not comfortable with modifying something like that, not because I can't, but rather because I don't want to tweak something and have it break on the next upgrade. [snip]
Yep, I was referring to the cross-distro Dracut effort; but it's still new, and after thinking about it, I would trust Debian to either provide backward compat' or make a big fuss about it if the switch is ever considered.
-t