Your message dated Sun, 11 Mar 2012 19:59:43 +0100
with message-id <[email protected]>
and subject line Feature not bug
has caused the Debian Bug report #653194,
regarding cryptsetup: cryptroot hook for update-initramfs silently ignores the
key file listed in crypttab
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
653194: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653194
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cryptsetup
Version: 2:1.1.3-4squeeze2
Severity: critical
Justification: breaks the whole system
When update-initramfs is run, an initrd is built including my keyscript, but
*not* my key file. This rendered the system unbootable without warning. I
was able to recover from a rescue cd by unpacking the initrd, adding my key
file, and repacking the initrd - everything then worked as expected.
This should be trivially reproduceable by using `cat` as a keyscript with a
key file.
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-2.6.32-5-amd64 root=/dev/mapper/sda5_crypt ro quiet
-- /etc/crypttab
sda5_crypt UUID=179b33c0-bb72-4ad3-ad32-ec7fe4521404 /boot/key.tcy
luks,keyscript=/usr/local/bin/threshcrypt_static
-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/mapper/sda5_crypt / ext3 errors=remount-ro 0 1
# /boot was on /dev/sda1 during installation
UUID=6d60dcfa-6afd-4d3f-a8e9-9fc8f31ce93b /boot ext3 defaults
0 2
/dev/scd0 /media/cdrom0 udf,iso9660 user,noauto 0 0
/dev/fd0 /media/floppy0 auto rw,user,noauto 0 0
-- lsmod
Module Size Used by
loop 11799 0
snd_ens1371 16938 0
gameport 7416 1 snd_ens1371
snd_rawmidi 15515 1 snd_ens1371
snd_seq_device 4493 1 snd_rawmidi
snd_ac97_codec 99186 1 snd_ens1371
ac97_bus 1086 1 snd_ac97_codec
snd_pcm 60487 2 snd_ens1371,snd_ac97_codec
snd_timer 15598 1 snd_pcm
snd 46526 6
snd_ens1371,snd_rawmidi,snd_seq_device,snd_ac97_codec,snd_pcm,snd_timer
parport_pc 18855 0
soundcore 4598 1 snd
joydev 8459 0
parport 27954 1 parport_pc
snd_page_alloc 6249 1 snd_pcm
i2c_piix4 8328 0
evdev 7352 2
pcspkr 1699 0
container 2389 0
psmouse 49937 0
processor 29935 0
ac 2192 0
shpchp 26264 0
serio_raw 3752 0
button 4650 0
i2c_core 15819 1 i2c_piix4
pci_hotplug 21587 1 shpchp
ext3 106710 2
jbd 37221 1 ext3
mbcache 5050 1 ext3
sha256_generic 8692 2
aes_x86_64 7340 2
aes_generic 25714 1 aes_x86_64
cbc 2539 1
usbhid 33292 0
hid 63257 1 usbhid
dm_crypt 10664 1
dm_mod 53898 3 dm_crypt
sg 24069 0
sd_mod 29921 3
crc_t10dif 1276 1 sd_mod
sr_mod 12602 0
cdrom 29415 1 sr_mod
uhci_hcd 18521 0
ata_generic 3239 0
mptspi 11185 2
mptscsih 16360 1 mptspi
mptbase 48382 2 mptspi,mptscsih
scsi_transport_spi 18774 1 mptspi
ata_piix 21124 0
ehci_hcd 32081 0
libata 133776 2 ata_generic,ata_piix
floppy 49087 0
e1000 85517 0
usbcore 122674 4 usbhid,uhci_hcd,ehci_hcd
nls_base 6377 1 usbcore
scsi_mod 126533 7
sg,sd_mod,sr_mod,mptspi,mptscsih,scsi_transport_spi,libata
thermal 11674 0
thermal_sys 11942 2 processor,thermal
-- System Information:
Debian Release: 6.0.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages cryptsetup depends on:
ii dmsetup 2:1.02.48-5 The Linux Kernel Device Mapper use
ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib
ii libdevmapper1.02.1 2:1.02.48-5 The Linux Kernel Device Mapper use
ii libpopt0 1.16-1 lib for parsing cmdline parameters
ii libuuid1 2.17.2-9 Universally Unique ID library
cryptsetup recommends no packages.
Versions of packages cryptsetup suggests:
ii busybox 1:1.17.1-8 Tiny utilities for small and embed
pn dosfstools <none> (no description available)
ii initramfs-tools [linux-initra 0.98.8 tools for generating an initramfs
ii udev 164-3 /dev/ and hotplug management daemo
-- no debconf information
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Ryan,
actually the described behaviour is considered as feature, not as bug.
We don't want keyfiles to be copied to initramfs by default. For
uncrypted keyfiles that would compromise security.
Please write your own initramfs hook script if you really want your
keyfile copied to initramfs. I will not make it the default for
cryptsetup in Debian.
In any case you are responsible yourself for prerequisitions of your
custom keyscripts.
Regards,
jonas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJPXPYVAAoJEFJi5/9JEEn+OXwP/1jNBOy/vhSdV+R3nSGXqsNa
GbCWt+QweUEiZjnw5wqCpqHfKzuqTN/VlpGkhz/oFbZa4pzqFFOB6ihv3rZLzC2P
LqavlKlycXRjpkS4FhtysYFdoP+P3wz9hO8Fk+KWM9jMn59wstzTgBb+BlhGfElz
0plfunA86vcLjnslQkrnXX+3Tyw92JjXiPbAy/ecx+flmZ++FrSTtrp5Bofr0bwK
VRxSw7pXJ0G0c59BkmM43CYSwCVGjfA6fW0Sbk16KjkDxMaQv2J6Hcw93shZ2pEB
C0x3RBcsNSBi/x/KKavF3d89NukvENB5JL0fpD6DW61W15/kPhBa15hMZ/I7tQg8
4liw4n+VjEBN7vzf1ajNb+GJwX2CwsSXmtcK9VE27fOVpqDFwPtBrx3QEmusFOS9
mzNjJIJvSyWUBK4ZowvwpLy/3gXhEE7y/FAdoC8LB0saDIaNPknQirRpBI0Jcc+w
hE60rx+5LRNjS9BnmqMXMsbx+kXrsd5ZhB7G9y6/NaIkzS1spjbTDDCMnwek9QBU
ywLc7Yn8ZpppKg8374Z00xUeHjQhejxrDEJwT8sjA95XVkAk9v/0lYEYf4n1c1xw
XzBRA5hR6E9pj27r2dZSaApa9DzZMC/ZSbCaVmDJco1mtnfsFtB25iWhW+frbNty
osVWYzqXVYvwd+Q7KHn8
=RzwE
-----END PGP SIGNATURE-----
--- End Message ---
