-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, Apr 04, 2017 at 04:08:38PM -0600, Trammell Hudson wrote:
> On Tue, Apr 04, 2017 at 08:47:55AM +0200, Marek Marczykowski-Górecki wrote:
> > [...]
> > Answering your question -
> > /usr/lib/dracut/modules.d/90crypt/module-setup.sh
>
> That's super helpful, thanks, and gets me almost all of the way there
> without having to touch systemd.
>
> If I edit the dom0 /etc/crypttab file to change "none" to "/secret.key"
> for the three partitions (/, /home and swap) and run "sudo dracut --force",
> the initramfs /etc/crypttab will be generated with the keyfile specified
> for / and swap, but not for /home.
>
> It looks like the "filter for the devices we need" part of module-setup.sh
> is discarding /home, which prevents the system from booting without
> a passphrase. If I comment out the test "$_hdev -ef $_dev" it will
> include all three partitions in the initrd /etc/crypttab and the
> system boots fine.
Can you try just including /etc/crypttab as "install_items" config
option? I'm not sure about the priorities here, but if that works after
90crypt, it should be even better.
> --- module-setup.sh.orig 2017-04-04 18:06:12.246999989 -0400
> +++ module-setup.sh 2017-04-04 18:06:17.491999981 -0400
> @@ -75,7 +75,7 @@
>
> for _hdev in "${!host_fs_types[@]}"; do
> [[ ${host_fs_types[$_hdev]} == "crypto_LUKS" ]] || continue
> - if [[ $_hdev -ef $_dev ]] || [[ /dev/block/$_hdev -ef $_dev
> ]]; then
> + if true || [[ $_hdev -ef $_dev ]] || [[ /dev/block/$_hdev
> -ef $_dev ]]; then
> echo "$_mapper $_dev $_rest"
> break
> fi
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJY5B8ZAAoJENuP0xzK19csKGAH/1hTUtGpp++SLmwzmUaLavek
EmEG9kJQkyhw/wpiw5lCSMPKdJ43JzBS0PvrPk5rGfOayt7Hb3Zw5jNh0e8mk7LZ
ieuJ6e3BTLAtQZTVRYQ3ZDiL50b2iWUWwwMg9IUTkPfdaji8tjNr2tfZaG/1ueZx
O4C6Wv5a6J+kGRn5yi20703ZkDn32CvHzEj9NKVI+rfyJLQWJT22j/EG5/T+C5y9
jIvP1TmODk/hvxehqAhNq4XPDFEqjhn6FOTkVoSrN9Kit8xFG+5SirOA7cTHqHc1
CVkOHAFdR19sYjq/17UoodG1tsD6jrvhkoswt/00hDVUcJYLvJDTgnuIgPhK3hY=
=HfF2
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/20170404223257.GR1208%40mail-itl.
For more options, visit https://groups.google.com/d/optout.
