Thanks for the quick response.
David Härdeman wrote:
On Mon, January 29, 2007 9:15, Goran Gmitrovic said:
Using one of the previous verions of
"/usr/share/initramfs-tools/scripts/local-top/cryptroot" together with the
option "keyscript" in "/etc/crypttab"
worked fine for me until you add "--key-file=-" to this line 198
"$cryptkeyscript $cryptkey < /dev/console | $cryptcreate --key-file=-".
My keyscript was
ROOTKEY="$1"
/bin/cat $ROOTKEY | /bin/sha1sum
The output was then hashed by cryptsetup. So I changed the last line to
/bin/cat $ROOTKEY | /bin/sha1sum | /sbin/hashalot -n 32 sha256
to produce now the raw keyfile information. However, it did not work.
Actually, I'm surprised either of the two work unless you've made sure
that the sha1sum and hashalot binaries are also copied into the initramfs
image for you.
Yes, I have some custom hook scripts to put the initramfs together.
Anyways, your problem is probably what is documented in the NEWS file:
"The --key-file=- argument has changed. If a --hash parameter is passed,
it will now be honored...To emulate the old behaviour, make sure that you
pass "--hash=plain" to cryptsetup."
Ups, I've completely overlooked the news....even having apt-listchanges
installed on my machine. Shame on me :(
So, could you please try to add "hash=plain" to the relevant line(s) in
/etc/crypttab, regenerate your initramfs image ("update-initramfs -u -k
<KERNEL-VERSION>") and reboot and see if that fixes your problem?
Yes, that's it.
Thanks.
GG
