-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, Apr 03, 2017 at 06:13:38PM -0600, Trammell Hudson wrote: > On Mon, Apr 03, 2017 at 11:21:14PM +0000, Rusty Bird wrote: > > Did you try the "rd.luks.key=LUKSUUID=KEYFILE" workaround? IIRC, this > > shouldn't trigger the buggy if branch. > > I haven't tried that one, although I did build a patched version of > systemd v227 with the fix applied and found another problem -- > it seem to only apply the keyfile to the root device and prompts for a > password for the other partitions.
I've just checked that dom0 in Qubes 4.0 (based on fc25) have systemd 231. Not sure if the above still apply... > So as a workaround I'm generating a /etc/cryptab that specifies > /secret.key for every paritition and inserting those two files into > the initrd at boot time. This works, although the rebuilding the cpio > is slow. > > What controls the generate of /etc/crypttab in the initrd during a > system upgrade? Would it be possible to have it create the correct > entries for all the partitions instead? As Ivan already mentioned, I'd go with "install_items" option (/etc/dracut.conf.d/something.conf). See dracut.conf(5). Or maybe a trivial dracut module - you could use source location different than destination then. I don't a config equivalent for dracut --include option. Answering your question - /usr/lib/dracut/modules.d/90crypt/module-setup.sh - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJY40GcAAoJENuP0xzK19csIaEIAIlx13XU0qFEfOWONMLIkY34 HFNlAXTVOo/EXtuL5PYBeaHAS5TxqQzG/wjDm0EceNnQ74Z28YBsrY7wWbUlJbxK EDxd//5UZw4dSU5SLZIWRNqTOHgT41NlXu5SzdaqZS0FVT9VbH6+SPQxsNlriubb lZTxfmK2PYze/GDJvAOlGUT4mxgZh6fms6kNfLWco63K+ZKq1XhaCAZsb1tcv6Fu MPhq4NOXNTPvQSAjykQi2xhdvCkwhQWsIPX5UfNocGvSCbnzA0foF2Yxk3iw0nMt H6o56snOAltqvH7mdvbq2G6qbeGlCcS4bKT/GAqGoGcVC+SDHRe62/j5sw6cbCw= =AyiG -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170404064755.GE1208%40mail-itl. For more options, visit https://groups.google.com/d/optout.
