Control: tag -1 moreinfo Hi Matthew,
On Fri, 22 Sep 2017 at 16:54:03 +0100, Matthew Wakeling wrote:
> I have set up my system with an unencrypted /root partition, but with
> /home, /var, /tmp, and swap all in an LVM inside a luks crypt
> partition.
> When booting, the system prompts for the crypto password, and then
> prints the error message:
I can't reproduce this in a fresh Stretch (9.3) VM.
> The problem exists in
> /usr/share/initramfs-tools/scripts/local-top/cryptroot. THe script
> assumes that it is having to unlock the /root partition, and gets the
> check for whether unlocking worked correctly wrong. On line 341, the
> script sets $NEWROOT to the name of the LVM VG, instead of the swap
> volume inside the LVM. I guess normally it would set it to the /root
> volume inside the LVM, but the root filesystem in this case is on a
> separate partition. On line 348 it then sets $FSTYPE to the empty
> string, because the LVM VG name doesn't play well with blkid. On line
> 352 the script then decides that something has gone wrong, and the
> error message is produced.
Could you paste the output of lsblk(1)? With
vda 254:0 0 4G 0 disk
├─vda1 254:1 0 1.9G 0 part /
└─vda2 254:2 0 2.1G 0 part
└─vda2_crypt 253:0 0 2.1G 0 crypt
├─vg-swap 253:1 0 488M 0 lvm [SWAP]
├─vg-home 253:2 0 488M 0 lvm /home
├─vg-tmp 253:3 0 32M 0 lvm /tmp
└─vg-var 253:4 0 512M 0 lvm /var
The initrd's /conf/conf.d/cryptroot contains a single line for
/dev/vg/swap AKA /dev/mapper/vg-swap (/home and /tmp aren't required at
initramfs stage)
target=vda2_crypt,source=UUID=fdffd6a8-8da1-4479-9196-39a4c7a2fc24,resumedev,lvm=vg-swap,key=none
and I have a single prompt “Please unlock disk vda2_crypt:” (log
attached). After unlocking and `activate_vg` NEWROOT is set to
/dev/mapper/vg-swap, which is indeed the (mapped) device holding swap.
You might want to activate debug mode in the the cryptroot initramfs
script, see https://wiki.debian.org/CryptsetupDebug for details.
--
Guilhem.
+ /sbin/cryptsetup isLuks /dev/disk/by-uuid/fdffd6a8-8da1-4479-9196-39a4c7a2fc24 + cryptopen=/sbin/cryptsetup -T 1 open --type luks /dev/disk/by-uuid/fdffd6a8-8da1-4479-9196-39a4c7a2fc24 vda2_crypt --key-file=- + cryptremove=/sbin/cryptsetup remove vda2_crypt + NEWROOT=/dev/mapper/vda2_crypt + count=0 + [ 3 -le 0 ] + [ 0 -lt 3 ] + export CRYPTTAB_TRIED=0 + count=1 + [ ! -e /dev/mapper/vda2_crypt ] + /sbin/cryptsetup -T 1 open --type luks /dev/disk/by-uuid/fdffd6a8-8da1-4479-9196-39a4c7a2fc24 vda2_crypt --key-file=- + crypttarget=vda2_crypt cryptsource=/dev/disk/by-uuid/fdffd6a8-8da1-4479-9196-39a4c7a2fc24 /lib/cryptsetup/askpass Please unlock disk vda2_crypt: Please unlock disk vda2_crypt: + [ ! -e /dev/mapper/vda2_crypt ] + /sbin/blkid -s TYPE -o value /dev/mapper/vda2_crypt + FSTYPE=LVM2_member + [ LVM2_member = LVM_member ] + [ LVM2_member = LVM2_member ] + [ -z vg-swap ] + activate_vg + [ ! -x /sbin/lvm ] + /sbin/lvm vgscan WARNING: Failed to connect to lvmetad. Falling back to device scanning. Reading all physical volumes. This may take a while... Found volume group "vg" using metadata type lvm2 + /sbin/lvm vgchange -a y --sysinit WARNING: Failed to connect to lvmetad. Falling back to device scanning. 4 logical volume(s) in volume group "vg" now active + return 0 + [ -f /conf/param.conf ] + NEWROOT=/dev/mapper/vg-swap + [ = yes ] + /sbin/blkid -s TYPE -o value /dev/mapper/vg-swap + FSTYPE=swap + [ -z swap ] + count=0 + message cryptsetup (vda2_crypt): set up successfully + [ -x /bin/plymouth ] + echo cryptsetup (vda2_crypt): set up successfully cryptsetup (vda2_crypt): set up successfully + return 0 + break + failsleep=60 + [ = yes ] + udev_settle + command -v udevadm + udevadm settle --timeout=30 + return 0 + return 0 + read mapping + exit 0
signature.asc
Description: PGP signature

