Control: retitle -1 off-by-one error in CRYPTTAB_TRIED breaks decrypt_keyctl keyscript (doesn't cache anymore) Control: tag -1 pending
Hi Andras,
On Fri, 22 Jun 2018 at 15:36:26 +0200, Andras Korn wrote:
> This had the result that I was prompted for the passphrase for sda3 during
> the initramfs phase, but sda4 was not unlocked and I wasn't prompted for the
> passphrase either; booting failed, because sda4 contains zfs root pool.
I'm surprised this worked before (without 'initramfs' crypttab option),
cf. #820888 and #838001. The initramfs hook now uses /proc/mounts
rather than /etc/fstab to determine which device holds the root FS (and
also /usr and the swap area). How does the relevant /proc/mounts
entries look like in your case?
> Now booting works but I'm prompted for the passphrase twice (both times with
> "Caching passphrase for", meaning the decrypt_keyctl script gets run, but
> the caching is broken).
This was caused by an an off-by-one error in CRYPTTAB_TRIED (number of
previous tries). Fixed in
https://salsa.debian.org/cryptsetup-team/cryptsetup/commit/2a9946771a3fb9eef522eb933d58a22ab8d86603
Cheers,
--
Guilhem.
signature.asc
Description: PGP signature
