Control: tag -1 moreinfo Hi Matthew,
On Fri, 22 Sep 2017 at 16:54:03 +0100, Matthew Wakeling wrote: > I have set up my system with an unencrypted /root partition, but with > /home, /var, /tmp, and swap all in an LVM inside a luks crypt > partition. > When booting, the system prompts for the crypto password, and then > prints the error message: I can't reproduce this in a fresh Stretch (9.3) VM. > The problem exists in > /usr/share/initramfs-tools/scripts/local-top/cryptroot. THe script > assumes that it is having to unlock the /root partition, and gets the > check for whether unlocking worked correctly wrong. On line 341, the > script sets $NEWROOT to the name of the LVM VG, instead of the swap > volume inside the LVM. I guess normally it would set it to the /root > volume inside the LVM, but the root filesystem in this case is on a > separate partition. On line 348 it then sets $FSTYPE to the empty > string, because the LVM VG name doesn't play well with blkid. On line > 352 the script then decides that something has gone wrong, and the > error message is produced. Could you paste the output of lsblk(1)? With vda 254:0 0 4G 0 disk ├─vda1 254:1 0 1.9G 0 part / └─vda2 254:2 0 2.1G 0 part └─vda2_crypt 253:0 0 2.1G 0 crypt ├─vg-swap 253:1 0 488M 0 lvm [SWAP] ├─vg-home 253:2 0 488M 0 lvm /home ├─vg-tmp 253:3 0 32M 0 lvm /tmp └─vg-var 253:4 0 512M 0 lvm /var The initrd's /conf/conf.d/cryptroot contains a single line for /dev/vg/swap AKA /dev/mapper/vg-swap (/home and /tmp aren't required at initramfs stage) target=vda2_crypt,source=UUID=fdffd6a8-8da1-4479-9196-39a4c7a2fc24,resumedev,lvm=vg-swap,key=none and I have a single prompt “Please unlock disk vda2_crypt:” (log attached). After unlocking and `activate_vg` NEWROOT is set to /dev/mapper/vg-swap, which is indeed the (mapped) device holding swap. You might want to activate debug mode in the the cryptroot initramfs script, see https://wiki.debian.org/CryptsetupDebug for details. -- Guilhem.
+ /sbin/cryptsetup isLuks /dev/disk/by-uuid/fdffd6a8-8da1-4479-9196-39a4c7a2fc24 + cryptopen=/sbin/cryptsetup -T 1 open --type luks /dev/disk/by-uuid/fdffd6a8-8da1-4479-9196-39a4c7a2fc24 vda2_crypt --key-file=- + cryptremove=/sbin/cryptsetup remove vda2_crypt + NEWROOT=/dev/mapper/vda2_crypt + count=0 + [ 3 -le 0 ] + [ 0 -lt 3 ] + export CRYPTTAB_TRIED=0 + count=1 + [ ! -e /dev/mapper/vda2_crypt ] + /sbin/cryptsetup -T 1 open --type luks /dev/disk/by-uuid/fdffd6a8-8da1-4479-9196-39a4c7a2fc24 vda2_crypt --key-file=- + crypttarget=vda2_crypt cryptsource=/dev/disk/by-uuid/fdffd6a8-8da1-4479-9196-39a4c7a2fc24 /lib/cryptsetup/askpass Please unlock disk vda2_crypt: Please unlock disk vda2_crypt: + [ ! -e /dev/mapper/vda2_crypt ] + /sbin/blkid -s TYPE -o value /dev/mapper/vda2_crypt + FSTYPE=LVM2_member + [ LVM2_member = LVM_member ] + [ LVM2_member = LVM2_member ] + [ -z vg-swap ] + activate_vg + [ ! -x /sbin/lvm ] + /sbin/lvm vgscan WARNING: Failed to connect to lvmetad. Falling back to device scanning. Reading all physical volumes. This may take a while... Found volume group "vg" using metadata type lvm2 + /sbin/lvm vgchange -a y --sysinit WARNING: Failed to connect to lvmetad. Falling back to device scanning. 4 logical volume(s) in volume group "vg" now active + return 0 + [ -f /conf/param.conf ] + NEWROOT=/dev/mapper/vg-swap + [ = yes ] + /sbin/blkid -s TYPE -o value /dev/mapper/vg-swap + FSTYPE=swap + [ -z swap ] + count=0 + message cryptsetup (vda2_crypt): set up successfully + [ -x /bin/plymouth ] + echo cryptsetup (vda2_crypt): set up successfully cryptsetup (vda2_crypt): set up successfully + return 0 + break + failsleep=60 + [ = yes ] + udev_settle + command -v udevadm + udevadm settle --timeout=30 + return 0 + return 0 + read mapping + exit 0
signature.asc
Description: PGP signature