Your message dated Wed, 2 Nov 2016 15:36:44 +0100
with message-id <[email protected]>
and subject line README has the answer
has caused the Debian Bug report #842951,
regarding Falsely identifies origin of a key file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
842951: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842951
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cryptsetup
Version: 2:1.7.2-4
Severity: normal
File: /usr/share/initramfs-tools/hooks/cryptroot
I am trying to set up a key file (/etc/luks/nvme0n1.luks) in
crypttab for the root filesystem. I realise this is a bit cyclical,
but I've successfully set up grub2 to do the decryption for me, so
that by the time initramfs comes around, I want it to fetch the key
from the initramfs. To do this, I thought I could simply configure
it with crypttab like so:
crypt UUID=40aa3e9a-dd83-4789-822f-da3ed51b18cc /etc/luks/nvme0n1.luks
luks,discard
and have the initramfs hook copy the keyfile. However, instead,
I get the following warning:
WARNING: crypt's key file /etc/luks/nvme0n1.luks is not on an
encrypted root FS, skipped
This is what the shell script evaluates to just before:
+ [ / != / ]
+ node_is_in_crypttab fishbowl-root
+ [ -f /etc/crypttab ]
+ [ 1 -gt 0 ]
I think the reason for the confusion is that the "crypt" device is
actually a PV for the fishbowl LVM VG, and the root filesystem is
just an LV there, so it's not encrypted per se, but it's part of an
encrypted volume group…
-- Package-specific info:
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.7.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages cryptsetup depends on:
ii cryptsetup-bin 2:1.7.2-4
ii debconf [debconf-2.0] 1.5.59
ii dmsetup 2:1.02.133-1
ii libc6 2.24-5
Versions of packages cryptsetup recommends:
ii busybox 1:1.22.0-19
ii console-setup 1.152
ii initramfs-tools [linux-initramfs-tool] 0.125
ii kbd 2.0.3-2
Versions of packages cryptsetup suggests:
ii dosfstools 4.0-2
pn keyutils <none>
ii liblocale-gettext-perl 1.07-3+b1
-- debconf information excluded
--
.''`. martin f. krafft <[email protected]> @martinkrafft
: :' : proud Debian developer
`. `'` http://people.debian.org/~madduck
`- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
--- End Message ---
--- Begin Message ---
Sorry, KEYFILE_PATTERN is the answer to my problem. The warning is
a bit misleading, and I failed to parse the connection on first
read, but now I did.
--
.''`. martin f. krafft <[email protected]> @martinkrafft
: :' : proud Debian developer
`. `'` http://people.debian.org/~madduck
`- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
--- End Message ---
