On Tue, Apr 04, 2017 at 08:47:55AM +0200, Marek Marczykowski-Górecki wrote:
> [...]
> Answering your question -
> /usr/lib/dracut/modules.d/90crypt/module-setup.sh
That's super helpful, thanks, and gets me almost all of the way there
without having to touch systemd.
If I edit the dom0 /etc/crypttab file to change "none" to "/secret.key"
for the three partitions (/, /home and swap) and run "sudo dracut --force",
the initramfs /etc/crypttab will be generated with the keyfile specified
for / and swap, but not for /home.
It looks like the "filter for the devices we need" part of module-setup.sh
is discarding /home, which prevents the system from booting without
a passphrase. If I comment out the test "$_hdev -ef $_dev" it will
include all three partitions in the initrd /etc/crypttab and the
system boots fine.
--- module-setup.sh.orig 2017-04-04 18:06:12.246999989 -0400
+++ module-setup.sh 2017-04-04 18:06:17.491999981 -0400
@@ -75,7 +75,7 @@
for _hdev in "${!host_fs_types[@]}"; do
[[ ${host_fs_types[$_hdev]} == "crypto_LUKS" ]] || continue
- if [[ $_hdev -ef $_dev ]] || [[ /dev/block/$_hdev -ef $_dev
]]; then
+ if true || [[ $_hdev -ef $_dev ]] || [[ /dev/block/$_hdev -ef
$_dev ]]; then
echo "$_mapper $_dev $_rest"
break
fi
--
Trammell
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/20170404220838.GS27162%40chishio.swcp.com.
For more options, visit https://groups.google.com/d/optout.
