Bug#1053678: marked as done (partman-crypto: Requires separate /boot partition, even if not required)

[Debian Bug Tracking System]

Your message dated Tue, 07 May 2024 00:58:55 +
with message-id 
and subject line Bug#1053678: fixed in partman-crypto 124
has caused the Debian Bug report #1053678,
regarding partman-crypto: Requires separate /boot partition, even if not 
required
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1053678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053678
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: partman-crypto
Version: 121
Severity: normal
Tags: d-i
X-Debbugs-Cc: j24...@gmail.com

Dear Maintainer,

The `crypto_check_mountpoints` script prevents you from setting up an
encrypted root filesystem without an additional unencrypted /boot
filesystem.
While this may be a requirement for e.g. grub2, it is not
necessarily required when not using grub2 but using UKIs to build EFI
executables that can directly mount the encrypted root filesystem.
While UKIs aren't currently supported, I would still expect partman-crypto
to let me partition an encrypted root filesystem without separate /boot
filesystem, at least after having ignored the warnings or in combination
with the `nobootloader` udeb.

I would suggest letting users ignore the warning and continue if they
really want to, similar to the warning by LVM2.

-- System Information:
Debian Release: trixie/sid
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Enforcing - Policy name: bauen1-policy
--- End Message ---
--- Begin Message ---
Source: partman-crypto
Source-Version: 124
Done: Luca Boccassi 

We believe that the bug you reported is fixed in the latest version of
partman-crypto, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1053...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luca Boccassi  (supplier of updated partman-crypto package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 07 May 2024 01:21:11 +0100
Source: partman-crypto
Architecture: source
Version: 124
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team 
Changed-By: Luca Boccassi 
Closes: 1053678
Changes:
 partman-crypto (124) unstable; urgency=medium
 .
   * Team upload.
   * Make /boot optional with an override (Closes: #1053678)
Checksums-Sha1:
 8228110fd2a8d425136be792b30d5b66050146a2 1795 partman-crypto_124.dsc
 60c6c97f88d76f680071c68123e803642ed9c212 291384 partman-crypto_124.tar.xz
 6f656c74826b89978b2fc569f7908a63cb95c4ba 6595 
partman-crypto_124_source.buildinfo
Checksums-Sha256:
 3588565104272771acd4428cf80dc1edf9cc0eef2826eac7c447cac00b795820 1795 
partman-crypto_124.dsc
 4196900f23be8c41d1bccca305174027bc31784a0a6fa25d1707ac87cf2a7988 291384 
partman-crypto_124.tar.xz
 22747494b101fedcc0f0f8e627af21260a75d17d9f20a40075e162a954326810 6595 
partman-crypto_124_source.buildinfo
Files:
 20765a4a67dcab870b2bb19822b006a5 1795 debian-installer optional 
partman-crypto_124.dsc
 ac10829eb7ee043b60d6c6d89f4af8f8 291384 debian-installer optional 
partman-crypto_124.tar.xz
 9616eeb16aacb21427939baa201a6210 6595 debian-installer optional 
partman-crypto_124_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEErCSqx93EIPGOymuRKGv37813JB4FAmY5dJcRHGJsdWNhQGRl
Ymlhbi5vcmcACgkQKGv37813JB7zZA/+Ku2UHUEHxLJfBBag45WcDA60VWgV2Xz+
Ti4F4T4gU7gLqfNVhKlHl4F/fhQ8bLPQLlrRRYET5r0FQRnuOx1Vz6kYC0LEB126
jpXZyURHbEsFkpu1D2K8yV8+owygy9z69PrgUdOfdcvA24GQU+XGw94YfAOYSVUv
1fHloCBuwLuTpbHN4WDPlZsQ8Fjypc1lQwG+McSem7I7oShvlD8YEnHc+5gwOsjq
2VUu3/KK+4LouTZ1KMGCaQpY6ZRxgX0OGA2TvxRLK1Wg3AtAudWLvzp0Hvvg2AEX
VKwGwqoncjyCFdvRpE25xkdErwIfi4BtZJZxPe6Oe2umbPyvuQe9vNt699xVJ39Z
0uRveKbGOy9PioQg9gd12b8gvYnqrWWAPjrnge9C8+aUBcLlE6OPKRzrnDhSJYAK
TIsa/OjuayM7tTHC3ytkcKI8NvhxVwRGO1ASFHk9Y+Dpdf0eeRrgxL5M2iEL3RwQ
MFh+zdK3NF9YzzKi2mpQGHweB44HG155ayF7rgKhrUCTQFXZry8CHazzOOY5IhbR
Q783nipJIAtZz50VIPciXBYdpq+xaclyzNbggPfcja+vMW4rW1RrFieMKg2BRh+7
Dx/u7YrnXh7BCkXEC3fLTEUt0H/EVSiSpAo8vZN2Vro6zfgnBzQ5bHtN7gsoS0wp
+adDZOZs7L0=
=2fat
-END PGP 

partman-crypto_124_source.changes ACCEPTED into unstable

[Debian FTP Masters]

Thank you for your contribution to Debian.



Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Tue, 07 May 2024 01:21:11 +0100
Source: partman-crypto
Architecture: source
Version: 124
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team 
Changed-By: Luca Boccassi 
Closes: 1053678
Changes:
 partman-crypto (124) unstable; urgency=medium
 .
   * Team upload.
   * Make /boot optional with an override (Closes: #1053678)
Checksums-Sha1:
 8228110fd2a8d425136be792b30d5b66050146a2 1795 partman-crypto_124.dsc
 60c6c97f88d76f680071c68123e803642ed9c212 291384 partman-crypto_124.tar.xz
 6f656c74826b89978b2fc569f7908a63cb95c4ba 6595 
partman-crypto_124_source.buildinfo
Checksums-Sha256:
 3588565104272771acd4428cf80dc1edf9cc0eef2826eac7c447cac00b795820 1795 
partman-crypto_124.dsc
 4196900f23be8c41d1bccca305174027bc31784a0a6fa25d1707ac87cf2a7988 291384 
partman-crypto_124.tar.xz
 22747494b101fedcc0f0f8e627af21260a75d17d9f20a40075e162a954326810 6595 
partman-crypto_124_source.buildinfo
Files:
 20765a4a67dcab870b2bb19822b006a5 1795 debian-installer optional 
partman-crypto_124.dsc
 ac10829eb7ee043b60d6c6d89f4af8f8 291384 debian-installer optional 
partman-crypto_124.tar.xz
 9616eeb16aacb21427939baa201a6210 6595 debian-installer optional 
partman-crypto_124_source.buildinfo

-BEGIN PGP SIGNATURE-

iQJFBAEBCgAvFiEErCSqx93EIPGOymuRKGv37813JB4FAmY5dJcRHGJsdWNhQGRl
Ymlhbi5vcmcACgkQKGv37813JB7zZA/+Ku2UHUEHxLJfBBag45WcDA60VWgV2Xz+
Ti4F4T4gU7gLqfNVhKlHl4F/fhQ8bLPQLlrRRYET5r0FQRnuOx1Vz6kYC0LEB126
jpXZyURHbEsFkpu1D2K8yV8+owygy9z69PrgUdOfdcvA24GQU+XGw94YfAOYSVUv
1fHloCBuwLuTpbHN4WDPlZsQ8Fjypc1lQwG+McSem7I7oShvlD8YEnHc+5gwOsjq
2VUu3/KK+4LouTZ1KMGCaQpY6ZRxgX0OGA2TvxRLK1Wg3AtAudWLvzp0Hvvg2AEX
VKwGwqoncjyCFdvRpE25xkdErwIfi4BtZJZxPe6Oe2umbPyvuQe9vNt699xVJ39Z
0uRveKbGOy9PioQg9gd12b8gvYnqrWWAPjrnge9C8+aUBcLlE6OPKRzrnDhSJYAK
TIsa/OjuayM7tTHC3ytkcKI8NvhxVwRGO1ASFHk9Y+Dpdf0eeRrgxL5M2iEL3RwQ
MFh+zdK3NF9YzzKi2mpQGHweB44HG155ayF7rgKhrUCTQFXZry8CHazzOOY5IhbR
Q783nipJIAtZz50VIPciXBYdpq+xaclyzNbggPfcja+vMW4rW1RrFieMKg2BRh+7
Dx/u7YrnXh7BCkXEC3fLTEUt0H/EVSiSpAo8vZN2Vro6zfgnBzQ5bHtN7gsoS0wp
+adDZOZs7L0=
=2fat
-END PGP SIGNATURE-



pgprArZkdsYLR.pgp
Description: PGP signature

Processing of partman-crypto_124_source.changes

[Debian FTP Masters]

partman-crypto_124_source.changes uploaded successfully to localhost
along with the files:
  partman-crypto_124.dsc
  partman-crypto_124.tar.xz
  partman-crypto_124_source.buildinfo

Greetings,

Your Debian queue daemon (running on host usper.debian.org)

Processed: Bug#1053678 marked as pending in partman-crypto

[Debian Bug Tracking System]

Processing control commands:

> tag -1 pending
Bug #1053678 [partman-crypto] partman-crypto: Requires separate /boot 
partition, even if not required
Added tag(s) pending.

-- 
1053678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053678
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1053678: partman-crypto: Requires separate /boot partition, even if not required

[Luca Boccassi]

On Tue, 7 May 2024 at 00:18, Cyril Brulebois  wrote:
>
> Luca Boccassi  (2024-05-06):
> > Pending at:
> > https://salsa.debian.org/installer-team/partman-crypto/-/merge_requests/8
>
> I'm not sure how often we change template types, but I suppose this
> particular instance (error → boolean) makes sense and isn't problematic.
>
> Please mention “GRUB” (instead of “grub”) for consistency with upstream
> and the rest of d-i though. (I know this is very minor but better catch
> that early to avoid another l10n round later on.)

Sure, fixed, thanks

Bug#1053678: partman-crypto: Requires separate /boot partition, even if not required

[Cyril Brulebois]

Luca Boccassi  (2024-05-06):
> Pending at:
> https://salsa.debian.org/installer-team/partman-crypto/-/merge_requests/8

I'm not sure how often we change template types, but I suppose this
particular instance (error → boolean) makes sense and isn't problematic.

Please mention “GRUB” (instead of “grub”) for consistency with upstream
and the rest of d-i though. (I know this is very minor but better catch
that early to avoid another l10n round later on.)


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Processed: Re: Bug#1053678: partman-crypto: Requires separate /boot partition, even if not required

[Debian Bug Tracking System]

Processing control commands:

> tags -1 patch
Bug #1053678 [partman-crypto] partman-crypto: Requires separate /boot 
partition, even if not required
Added tag(s) patch.

-- 
1053678: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053678
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1053678: partman-crypto: Requires separate /boot partition, even if not required

[Luca Boccassi]

Control: tags -1 patch

On Sun, 08 Oct 2023 17:57:01 -0400 Nicholas D Steeves 
wrote:
> Jonathan Hettwer  writes:
> 
> > Package: partman-crypto
> > Version: 121
> > Severity: normal
> > Tags: d-i
> > X-Debbugs-Cc: j24...@gmail.com
> >
> > Dear Maintainer,
> >
> > The `crypto_check_mountpoints` script prevents you from setting up
an
> > encrypted root filesystem without an additional unencrypted /boot
> > filesystem.
> > While this may be a requirement for e.g. grub2, it is not
> > necessarily required when not using grub2 but using UKIs to build
EFI
> > executables that can directly mount the encrypted root filesystem.
> > While UKIs aren't currently supported, I would still expect
partman-crypto
> > to let me partition an encrypted root filesystem without separate
/boot
> > filesystem, at least after having ignored the warnings or in
combination
> > with the `nobootloader` udeb.
> 
> Quick note: systemd-boot works with kernel images + initramfs,
without
> UKI.  After the systemd-boot menu, the user is prompted for the
master
> LUKS password, as usual, and I use the derived key script to then
> unlocks a couple LUKS volumes.  No LVM, no /boot.  It seems to work
> well, but yeah, it's not possible to do this with fresh install (I
> manually migrated an old installation to new hardware).

Pending at:

https://salsa.debian.org/installer-team/partman-crypto/-/merge_requests/8

Test iso built by CI can be found here:

https://salsa.debian.org/bluca/partman-crypto/-/jobs/5694502/artifacts/browse/debian/output/

Any help testing would be welcome

-- 
Kind regards,
Luca Boccassi


signature.asc
Description: This is a digitally signed message part

Bug#1070483: btrfs root volume being mounted as ro upon boot

[Richard Rosner]

Package: installation-reports

Severity: important


Boot method: USB stick
Image version:
https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-12.5.0-amd64-gnome.iso
Date: 19.04.2024

Machine: Framework 16
Processor: AMD Ryzen 7 7840HS w/ Radeon 780M Graphics
Memory: 2 x 16 GB Crucial DDR5 5600MHz
Partitions: from lsblk:

NAME  MAJ:MIN RM  SIZE RO TYPE 
MOUNTPOINTS
zram0 252:0    0  8,2G  0 disk 
[SWAP]
nvme0n1   259:0    0  3,6T  0 disk
├─nvme0n1p1   259:1    0    2G  0 part 
/boot/efi
├─nvme0n1p2   259:2    0   35G  0 part
│ └─luks-  253:1    0 35G  0 crypt [SWAP]
└─nvme0n1p3  259:3    0  3,6T  0 part
  └─luks-   253:0    0 3,6T  0 crypt
/home
/

Output of lspci -knn (or lspci -nn):

00:00.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14e8]
    Subsystem: Framework Computer Inc. Device [f111:0005]
00:00.2 IOMMU [0806]: Advanced Micro Devices, Inc. [AMD] Device [1022:14e9]
    Subsystem: Framework Computer Inc. Device [f111:0005]
00:01.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14ea]
00:02.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14ea]
00:02.2 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14ee]
    Subsystem: Advanced Micro Devices, Inc. [AMD] Device [1022:1453]
    Kernel driver in use: pcieport
00:02.4 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14ee]
    Subsystem: Advanced Micro Devices, Inc. [AMD] Device [1022:1453]
    Kernel driver in use: pcieport
00:03.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14ea]
00:03.1 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Family 19h
USB4/Thunderbolt PCIe tunnel [1022:14ef]
    Subsystem: Advanced Micro Devices, Inc. [AMD] Device [1022:1453]
    Kernel driver in use: pcieport
00:04.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14ea]
00:04.1 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Family 19h
USB4/Thunderbolt PCIe tunnel [1022:14ef]
    Subsystem: Advanced Micro Devices, Inc. [AMD] Device [1022:1453]
    Kernel driver in use: pcieport
00:08.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14ea]
00:08.1 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14eb]
    Subsystem: Device [0005:f111]
    Kernel driver in use: pcieport
00:08.2 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14eb]
    Subsystem: Device [0005:f111]
    Kernel driver in use: pcieport
00:08.3 PCI bridge [0604]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14eb]
pcilib: Error reading /sys/bus/pci/devices/:00:08.3/label: Operation
not permitted
    Subsystem: Device [0005:f111]
    Kernel driver in use: pcieport
00:14.0 SMBus [0c05]: Advanced Micro Devices, Inc. [AMD] FCH SMBus
Controller [1022:790b] (rev 71)
    Subsystem: Framework Computer Inc. Device [f111:0005]
    Kernel driver in use: piix4_smbus
    Kernel modules: i2c_piix4, sp5100_tco
00:14.3 ISA bridge [0601]: Advanced Micro Devices, Inc. [AMD] FCH LPC
Bridge [1022:790e] (rev 51)
    Subsystem: Framework Computer Inc. Device [f111:0005]
00:18.0 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14f0]
00:18.1 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14f1]
00:18.2 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14f2]
00:18.3 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14f3]
    Kernel driver in use: k10temp
    Kernel modules: k10temp
00:18.4 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14f4]
00:18.5 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14f5]
00:18.6 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14f6]
00:18.7 Host bridge [0600]: Advanced Micro Devices, Inc. [AMD] Device
[1022:14f7]
01:00.0 Network controller [0280]: MEDIATEK Corp. MT7922 802.11ax PCI
Express Wireless Network Adapter [14c3:0616]
    Subsystem: MEDIATEK Corp. Device [14c3:e616]
    Kernel driver in use: mt7921e
    Kernel modules: mt7921e
02:00.0 Non-Volatile memory controller [0108]: Sandisk Corp WD Black
SN850X NVMe SSD [15b7:5030] (rev 01)
    Subsystem: Sandisk Corp WD Black SN850X NVMe SSD [15b7:5030]
    Kernel driver in use: nvme
    Kernel modules: nvme
c1:00.0 VGA compatible controller [0300]: Advanced Micro Devices, Inc.
[AMD/ATI] Phoenix1 [1002:15bf] (rev c2)
    Subsystem: Framework Computer Inc. Device [f111:0005]
    Kernel driver in use: amdgpu
    Kernel modules: amdgpu
c1:00.1 Audio device [0403]: Advanced Micro Devices, Inc. [AMD/ATI]
Rembrandt Radeon High Definition Audio Controller [1002:1640]
    Subsystem: Framework Computer Inc. Device [f111:0005]