Hi, Am 09.12.2015 um 18:34 schrieb Guilhem Moulin: > On Sun, 27 Sep 2015 at 03:40:29 -0700, Rick Thomas wrote >> aux >> /dev/disk/by-id/ata-VMware_Virtual_IDE_Hard_Drive_01000000000000000001-part1 >> /dev/disk/by-label/keys:/keys >> luks,noearly,keyscript=/lib/cryptsetup/scripts/passdev > > What is ‘/dev/mapper/aux’ used for? It's ignored by the cryptroot hook > because > it wasn't detected as being the root device, the /usr device, or a resume > device, and its cryttab entry doesn't have the ‘initramfs’ option set.
Actually the problem here is related to the switch to systemd as default init system. In Wheezy, sysvinit was the default init system and thus the cryptsetup init script (/etc/init.d/cryptdisks) as responsible for processing all crypttab entries that where not unlocked during initramfs stage beforehand. The init script supports the options keyscript and noearly. Now in Jessie, systemd seems to have its own cryptsetup implementation, ignoring the old init script at /etc/init.d/cryptdisks. Unfortunately, only a subset of the formerly supported crypttab options are supported in the systemd cryptsetup implementation. Thus, options like keyscript and noearly are silently ignored. What we need to do is take a look at the systemd cryptsetup implementation and understand how it works. Probably it's possible to leave the dm-crypt unlocking to systemd whenever the required features are available and pass the task to the old initscript only when additional features (e.g. like keyscript) are required. Otherwise we would have to disable the systemd cryptsetup/dm-crypt processing features and stick to the init script for now. In the long term, implementing the missing features in the systemd code should be the way to go. Cheers jonas
signature.asc
Description: OpenPGP digital signature
