Package: calamares
Version: 3.3.14-5.1
Severity: normal
Hello,
I just spent a couple of hours helping someone in my family on
debugging a "weird" issue. He was switching his rootfs to a different
filesystem and for unknown reason the crypto broke.
We figured out later that the way how the OS was installed before is NOT
compliant to the current convention in Debian Stable. Basically, what
you use is a file called encrypt_hook. Problems here are:
a) that file is copied SILENTLY into the hook folder. The origin is not
tracked by dpkg. BAD IDEA!
b) the used crypto key is stored in the / and the way how it is handled
is not transparent.
c) the script does not even have -e or -x option set, therefore if the
key file is renamed, it apparently dies somewhere and the user is NEVER
TOLD about the problem.
And the actual problem is that you are hardcoding some assumptions here.
For details, check the following file and ALL comments inside:
cryptsetup-initramfs: /etc/cryptsetup-initramfs/conf-hook
Basically you should store the file in /etc/keys, enable the pattern
option conf-hook config, and also NOT set the keyscript flag anymore
(because obsolete).
Thanks for your understading,
Merry Xmas.
-- System Information:
Debian Release: forky/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'oldoldstable'), (500,
'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.18.2 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages calamares depends on:
ii libc6 2.42-6
ii libcrypt1 1:4.5.1-1
ii libgcc-s1 15.2.0-11
ii libkf6coreaddons6 6.20.0-1
ii libkf6crash6 6.20.0-1
ii libkf6parts6 6.20.0-1
pn libkpmcore12 <none>
ii libparted2t64 3.6-6
ii libpwquality1 1.4.5-5
ii libpython3.13 3.13.11-1+b1
ii libqt6core6t64 6.9.2+dfsg-3
ii libqt6dbus6 6.9.2+dfsg-3
ii libqt6gui6 6.9.2+dfsg-3
ii libqt6network6 6.9.2+dfsg-3
ii libqt6qml6 6.9.2+dfsg-5
ii libqt6quick6 6.9.2+dfsg-5
ii libqt6quickwidgets6 6.9.2+dfsg-5
ii libqt6svg6 6.9.2-5
ii libqt6widgets6 6.9.2+dfsg-3
ii libqt6xml6 6.9.2+dfsg-3
ii libstdc++6 15.2.0-11
ii libyaml-cpp0.8 0.8.0+dfsg-9
ii os-prober 1.84
Versions of packages calamares recommends:
ii btrfs-progs 6.17.1-1
ii squashfs-tools 1:4.7.4-1
calamares suggests no packages.
--
People who think that real programmers write code without bugs need to upgrade
to a human brain.
http://yosefk.com/c++fqa/class.html#fqa-7.2
