Bug#618862: systemd: ignores keyscript in crypttab

Hi all, I stumbled on this, too but I have a work-around for at least 'decrypt_keyctl'. systemd uses systemd-cryptsetup -> systemd-ask-password -> linux keyring. The keyring can be modified by keyctl just as 'decrypt_keyctl' does. As I wanted to use 'decrypt_keyctl' for unlocking root and data

Bug#618862: systemd: ignores keyscript in crypttab

> > Workaround: add "luks=no" to the kernel command line to disable > systemd's generator > > This worked great... until you try to add another partition to crypttab. > Since the cryptroot in initrd only does root, but luks=no disables all > others. > > Is there any clean solution that

Bug#618862: systemd: ignores keyscript in crypttab

Package: systemd Version: 231-4 Followup-For: Bug #618862 Hello, I also run into this issue while trying to mount 2 disks (LUKS + VeraCrypt) encrypted with the same passphrase during boot. Is there any progress on this bug? Greetings, Bruno -- Package-specific info: ***

Bug#618862: systemd: ignores keyscript in crypttab

maybe i should have given more details about my suggested solution. create your partitions as usual, but create one partition big enough to store all your encrypted data: /dev/sda1 -> /boot /dev/sda2 -> all encrypted data ... encrypt the desired partition: cryptsetup ... create

Bug#618862: systemd: ignores keyscript in crypttab

the only clean solution that i have found so far. put the encryption on the blockdevice and use LVM for partitioning. if you have multiple disks, use software raid, encryption on the raid blockdevice and LVM for partitioning. that is only a workaround which prevents the requirement to define

Bug#618862: systemd: ignores keyscript in crypttab

> Workaround: add "luks=no" to the kernel command line to disable systemd's generator This worked great... until you try to add another partition to crypttab. Since the cryptroot in initrd only does root, but luks=no disables all others. E.g. if crypttab looks like root /dev/sda1

Bug#618862: systemd: ignores keyscript in crypttab

I tested Marcello’s workaround. It works! That’s wonderful! Thank you so much, Marcello! Now some further thoughts on the subject… It’s a workaround for this bug, but, unfortunately it’s just a workaround not a real fix. In particular, using a “luks=no” kernel command line option disables

Bug#618862: systemd: ignores keyscript in crypttab

>> Does this work for encrypted root as well? > FTR, systemd isn't involved in unlocking the root file system, that > already (has to) happen in the initramfs. So this can only affect > non-root file systems. With the setup I've detailed above (encrypted LUKS root unlocked via the passdev

Bug#618862: systemd: ignores keyscript in crypttab

Rick Thomas [2015-10-16 8:40 -0700]: > Does this work for encrypted root as well? FTR, systemd isn't involved in unlocking the root file system, that already (has to) happen in the initramfs. So this can only affect non-root file systems. -- Martin Pitt|

Bug#618862: systemd: ignores keyscript in crypttab

> On Sat, 19 Mar 2011 03:40:25 +0100 Mourad De Clerck wrote: > my root and swap partition are encrypted with cryptsetup; root uses a custom > keyscript and swap uses the cryptsetup-provided "decrypt_derived" keyscript. > systemd seems to be unable to work with keyscripts at all I confirm the same

Bug#618862: systemd: ignores keyscript in crypttab

On Oct 16, 2015, at 3:02 AM, Marcello Barnaba wrote: >> On Sat, 19 Mar 2011 03:40:25 +0100 Mourad De Clerck wrote: >> my root and swap partition are encrypted with cryptsetup; root uses a custom >> keyscript and swap uses the cryptsetup-provided "decrypt_derived" keyscript. >>

Bug#618862: systemd: ignores keyscript in crypttab

>> Workaround: add "luks=no" to the kernel command line to disable systemd's >> generator: >> http://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html > Does this work for encrypted root as well? Or is it only for things like > swap and /home that can wait until

Bug#618862: systemd: ignores keyscript in crypttab

On Oct 16, 2015, at 9:20 AM, Marcello Barnaba wrote: > >>> Workaround: add "luks=no" to the kernel command line to disable systemd's >>> generator: >>> http://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html > >> Does this work for encrypted root

Bug#618862: [systemd-devel] Debian Bug#618862: systemd: ignores keyscript in crypttab - a possible solution

On 2015-05-26 00:05, Alberto Bertogli wrote: I hit this issue after upgrading a system that used keyscript to Jessie, and it would no longer boot with systemd [1]. That led me to look into adding a password agent for my use case, and/or creating a generic one that would invoke keyscripts as

Bug#618862: [systemd-devel] Debian Bug#618862: systemd: ignores keyscript in crypttab - a possible solution

I hit this issue after upgrading a system that used keyscript to Jessie, and it would no longer boot with systemd [1]. That led me to look into adding a password agent for my use case, and/or creating a generic one that would invoke keyscripts as a workaround... On Wed, Feb 05, 2014 at

Bug#618862: systemd: ignores keyscript in crypttab

Hello, In case someone else needs it, a workaround for the common use case of using the `decrypt_derived` keyscript to unlock partitions is to save the derived key into a file on the encrypted partition that you would otherwise derive from (make sure only root can access it). This at least

Bug#618862: systemd: ignores keyscript in crypttab

Hi, I'm also affected by this problem. Very simple setup, encrypted root and swap via decrypt_derived so I can suspend to disk: /etc/crypttab: sda5_crypt UUID=2fa9feb8-b096-41f7-bf17-41399ccc8004 none luks sda4_crypt UUID=6d3382e4-58fc-4f10-9346-276bbc127e78 sda5_crypt

Bug#618862: systemd: ignores keyscript in crypttab

On Mon, Mar 30, 2015 at 11:28 AM, Marco d'Itri m...@linux.it wrote: I should add some code to preinst to abort the installation if the keyscript directive is used in crypttab. Would that still leave the system in a broken state though? Is preinst early enough to avoid breakage due to

Bug#618862: systemd: ignores keyscript in crypttab

On Mar 30, Brainslug brains...@freakmail.de wrote: Any progress on this? I would think this needs to be fixed before jessie can be released, otherwise a lot of systems out there will break? While both we and the upstream maintainers believe that continuing to support this feature is a good

Bug#618862: systemd: ignores keyscript in crypttab

Am 30.03.2015 um 19:39 schrieb Ivan Jager: On Mon, Mar 30, 2015 at 11:28 AM, Marco d'Itri m...@linux.it wrote: I should add some code to preinst to abort the installation if the keyscript directive is used in crypttab. Would that still leave the system in a broken state though? Is preinst

Bug#618862: systemd: ignores keyscript in crypttab

Source: systemd Followup-For: Bug #618862 Is there a solution to this issue? I'm currently using debian sid + sysvinit because I can't switch to systemd. This is my setup: root:~# lsblk -f NAME FSTYPE LABEL UUID MOUNTPOINT sda ├─sda1 ntfs

Bug#618862: systemd: ignores keyscript in crypttab

Hi, I have the same issue as Evgeni above in a similar set-up and can provide a bit more information. It seems some alignment is needed between packages cryptsetup, initramfs-tools and systemd. In the cryptsetup documentation, there is a README on how to configure an encrypted

Bug#618862: systemd: ignores keyscript in crypttab

Version: 208-6 On Sat, Mar 19, 2011 at 03:40:25AM +0100, Mourad De Clerck wrote: my root and swap partition are encrypted with cryptsetup; root uses a custom keyscript and swap uses the cryptsetup-provided decrypt_derived keyscript. systemd seems to be unable to work with keyscripts at all,

Bug#618862: systemd: ignores keyscript in crypttab

severity #618862 important thanks On Sat, Mar 19, 2011 at 03:40:25AM +0100, Mourad De Clerck wrote: my root and swap partition are encrypted with cryptsetup; root uses a custom keyscript and swap uses the cryptsetup-provided decrypt_derived keyscript. systemd seems to be unable to work with

Bug#618862: [systemd-devel] Debian Bug#618862: systemd: ignores keyscript in crypttab - a possible solution

On Sat, 08.02.14 21:07, David Härdeman (da...@hardeman.nu) wrote: On Wed, Feb 05, 2014 at 12:16:00AM +0100, Lennart Poettering wrote: On Thu, 30.01.14 10:40, David Härdeman (da...@hardeman.nu) wrote: This issue is fixable with minor upstream changes, e.g. by extending the PasswordAgent

Bug#618862: [systemd-devel] Debian Bug#618862: systemd: ignores keyscript in crypttab - a possible solution

On Wed, Feb 05, 2014 at 12:16:00AM +0100, Lennart Poettering wrote: On Thu, 30.01.14 10:40, David Härdeman (da...@hardeman.nu) wrote: This issue is fixable with minor upstream changes, e.g. by extending the PasswordAgent protocol to add Subsystem=cryptsetup and Target=diskname entries to the

Bug#618862: [systemd-devel] Debian Bug#618862: systemd: ignores keyscript in crypttab - a possible solution

]] Lennart Poettering a) the cryptsetup package b) as part of the Debian systemd package c) upstream systemd I'd prefer to keep this tool in a Debian-specific package. I am not convinced that the key script thing is something we should standardize on cross-distributions. I

Bug#618862: [systemd-devel] Debian Bug#618862: systemd: ignores keyscript in crypttab - a possible solution

On Thu, 30.01.14 10:40, David Härdeman (da...@hardeman.nu) wrote: a) getting the name of the cryptdev that the password request corresponds to currently involves parsing the prompt message (Please enter passphrase for disk %s!) which is obviously not a real solution... This issue is

Bug#618862: Debian Bug#618862: systemd: ignores keyscript in crypttab - a possible solution

On 2013-06-25 17:47, Michael Biebl wrote: Am 25.06.2013 13:13, schrieb Harald Jenny: Dear Michael Biebl, following the systemd survey and discussion I think these mails might be of interest to you concerning possible ways to solve the current issue (not only in Debian but also SuSE/upstream

Bug#618862: systemd: ignores keyscript in crypttab

Oh and I forget (but it seems this is already clear as well): keyscripts may make use of arbitrary other programs... OpenSSL, pcscd, gpg, etc. pp. I've just attached my own keyscript to give an example (just the script, not the initramfs-tools hook or documentation). The biggest problem is

Bug#618862: systemd: ignores keyscript in crypttab

Hi. Had a private conversation with Tollef and he pointed me to this bug... Even though it may be obvious to any developer, let me add the following: I had a short glance at http://cgit.freedesktop.org/systemd/systemd/tree/src/cryptsetup/cryptsetup.c#n54 I guess another crypt_activate_by_?

Bug#618862: [Pkg-systemd-maintainers] Bug#618862: systemd: ignores keyscript in crypttab - possibilities to solve this issue

On Tue, Jun 25, 2013 at 05:47:19PM +0200, Michael Biebl wrote: Am 25.06.2013 13:13, schrieb Harald Jenny: Dear Michael Biebl, following the systemd survey and discussion I think these mails might be of interest to you concerning possible ways to solve the current issue (not only in Debian

Bug#618862: systemd: ignores keyscript in crypttab - possibilities to solve this issue

Dear Michael Biebl, following the systemd survey and discussion I think these mails might be of interest to you concerning possible ways to solve the current issue (not only in Debian but also SuSE/upstream interest). http://lists.freedesktop.org/archives/systemd-devel/2012-June/thread.html#5693

Bug#618862: [Pkg-systemd-maintainers] Bug#618862: systemd: ignores keyscript in crypttab - possibilities to solve this issue

Am 25.06.2013 13:13, schrieb Harald Jenny: Dear Michael Biebl, following the systemd survey and discussion I think these mails might be of interest to you concerning possible ways to solve the current issue (not only in Debian but also SuSE/upstream interest).

Bug#618862: systemd: ignores keyscript in crypttab

http://cgit.freedesktop.org/systemd/systemd/tree/src/cryptsetup/cryptsetup.c#n45 /* Options Debian's crypttab knows we don't: offset= skip= precheck= check= checkargs= noearly= loud= keyscript= */ -- Why is it that all of the instruments seeking intelligent life

Bug#618862: systemd: ignores keyscript in crypttab

Package: systemd Version: 19-1 Severity: normal Hi, my root and swap partition are encrypted with cryptsetup; root uses a custom keyscript and swap uses the cryptsetup-provided decrypt_derived keyscript. systemd seems to be unable to work with keyscripts at all, and requires password input for