Hi,
On Aug/04/2018, David Christensen wrote: > On 08/02/2018 12:07 AM, Carles Pina i Estany wrote: > > On Aug/01/2018, David Christensen wrote: > > > On 08/01/2018 03:47 PM, Carles Pina i Estany wrote: > > > > I have a Debian Stretch and recently I added a new cyphered partition. > > > > All works well but I don't understand why and it's bothering me. > > > > > > > > Setup: > > > > $ cat /etc/crypttab > > > > m2_root_crypt UUID=4e655198-a111-... none luks,discard > > > > m2_swap_crypt UUID=56485640-8a04-... none luks,discard > > > > ssd_dades_crypt UUID=8d1d855d-17a7-... none luks,discard > > > > > > > > All three partitions have the same passphrase. > > > > > > > > On restart I'm asked for two passwords: > > > > m2_root_crypt > > > > m2_swap_crypt > ... > > > > The question is: > > > > "Please unlock disk m2_root_crypt:" > > > > > > > > I expcted to write the password three times. > > > > > > My guess is that you made a mistake and stepped on your encrypted > > > container > > > (ssd_dades_crypt?) when you created the new file system. Did you keep a > > > copy of your console session? Posting it would help. > > > > Sadly I didn't keep a copy of my console session. > > I got into the habit of cutting and pasting administrative console sessions > into a log file (and putting the log file into a version control system). > This technique has proven to be invaluable -- I recommend it to everyone. I take note, thanks! > > Commands and something extra: > > root@pinux:~# grep crypt /etc/fstab > > /dev/mapper/m2_root_crypt / ext4 errors=remount-ro 0 > > 1 > > /dev/mapper/m2_swap_crypt none swap sw 0 > > 0 > > /dev/mapper/ssd_dades_crypt /home/carles/dades ext4 > > errors=remount-ro 0 1 > > Okay. > > > > root@pinux:~# ls -l /dev/mapper/ > > total 0 > > crw------- 1 root root 10, 236 ago 1 23:34 control > > lrwxrwxrwx 1 root root 7 ago 1 23:34 m2_root_crypt -> ../dm-0 > > lrwxrwxrwx 1 root root 7 ago 1 23:34 m2_swap_crypt -> ../dm-1 > > lrwxrwxrwx 1 root root 7 ago 1 23:34 ssd_dades_crypt -> ../dm-2 > > Okay. > > > > root@pinux:~# mount | grep dades > > /dev/mapper/ssd_dades_crypt on /home/carles/dades type ext4 > > (rw,relatime,errors=remount-ro,data=ordered) > > Okay. > > > Please run the following command to learn more about the device mapper > nodes: > > # dmsetup info /dev/dm-* root@pinux:~# dmsetup info /dev/dm-* Name: m2_root_crypt State: ACTIVE Read Ahead: 256 Tables present: LIVE Open count: 1 Event number: 0 Major, minor: 254, 0 Number of targets: 1 UUID: CRYPT-LUKS1-4e655198a11147b3985b4622af7a2b0f-m2_root_crypt Name: m2_swap_crypt State: ACTIVE Read Ahead: 256 Tables present: LIVE Open count: 2 Event number: 0 Major, minor: 254, 1 Number of targets: 1 UUID: CRYPT-LUKS1-564856408a04403191d46f1620cc2c9e-m2_swap_crypt Name: ssd_dades_crypt State: ACTIVE Read Ahead: 256 Tables present: LIVE Open count: 1 Event number: 0 Major, minor: 254, 2 Number of targets: 1 UUID: CRYPT-LUKS1-8d1d855d17a74cf2b29486172e407e35-ssd_dades_crypt I can't see anything obviously wrong. Since the last emails here I've kept investigating. Quick overview if someone is interested here (and let me know if it's something else!). After booting keyctl has this: root@pinux:~# keyctl show Session Keyring 479651357 --alswrv 0 65534 keyring: _uid_ses.0 712333474 --alswrv 0 65534 \_ keyring: _uid.0 711077095 --alswrv 0 0 \_ user: cryptsetup root@pinux:~# See the cryptsetup line. This is what would make systemd able to mount/umount without asking for the passphrase and I can just boot and do: systemctl stop systemd-cryptsetup@ssd_dades_crypt.service systemctl start systemd-cryptsetup@ssd_dades_crypt.service if the cryptsetup line is still there (it last I think 2.5 minutes) systemd second line is mounting the partition without me entering the password. But the initial passwords are entered to initrd /lib/cryptsetup/askpass and using plymouth for the password "asking" backend (not systemd related) and actually if I boot with init=/bin/bash or break=init I would have the two (root and swap) partitions mounted but no "dades" partition mounted either anything in keyctl show. So still a mystery how this is added there: by who, etc. Any clues (or "you missed this obvious thing" are very welcomed! Cheers, -- Carles Pina i Estany Web: http://pinux.info || Blog: http://pintant.cat GPG Key 0x8CD5C157