Package: initrd-tools
Version: 0.1.82
Followup-For: Bug #296464
found 296464 0.1.82
tags 296464 + patch
thanks
This is still a problem for me with a /dev/random keyed swap partition
and linux-image-2.6-686 version 2.6.12-10.
I'm running with version 0.1.82 of initrd-tools and cryptsetup version
20050111-3.
i applied a minor variant of the patch offered by Leonardo Serra [0]
in order to fix this. Thanks, Leonardo!
The logic of Leonardo's patch is this:
When constructing an initrd that wants to get a passphrase for a
volume, ignore any volume with a keyfile specified in /etc/crypttab.
We implicitly expect /etc/init.d/cryptdisks to take card of creating
that device and mounting it appropriately.
my patch is only slightly different from Leonardo's in that it uses a
simple awk statement instead of the huge, scary sed construction,
and i've tuned the commentary message emitted by this case.
Does the logic for this patch work in all obscure cases? i'm not
certain. it definitely does the trick for me.
a downside of this, of course, is that the swap isn't loaded until
/etc/rcS.d/S28cryptdisks -- but i see no way around that. if you are
crypting swap from /dev/random (or any other file) you need that file
to be present in order to build the device so that you can swapon.
[0]
http://bugs.debian.org/cgi-bin/bugreport.cgi/mkinitrd.patch?bug=296464;msg=30;att=1
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (700, 'testing'), (700, 'stable'), (600, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages initrd-tools depends on:
ii coreutils [fileutils] 5.2.1-2.1 The GNU core utilities
ii cpio 2.6-6 GNU cpio -- a program to manage ar
ii cramfsprogs 1.1-6 Tools for CramFs (Compressed ROM F
ii dash 0.5.2-7 The Debian Almquist Shell
ii util-linux 2.12p-4sarge1 Miscellaneous system utilities
initrd-tools recommends no packages.
-- no debconf information
--- /usr/sbin/mkinitrd.0.1.82 2005-10-03 23:15:13.000000000 -0400
+++ /usr/sbin/mkinitrd 2005-10-03 23:24:28.000000000 -0400
@@ -325,8 +325,14 @@
}
dmcrypt() {
- local cipher_mode devname submajor subminor
+ local key cipher_mode devname submajor subminor
+ key=$(grep -m 1 "^$dmname[[:space:]]" /etc/crypttab | awk '{ print $3
}')
+ if [ "x$key" != "x" ] && [ "x$key" != "xnone" ]; then
+ echo \'$dmname\' has a key file in /etc/crypttab so we won\'t
try it during initrd >&2
+ return
+ fi
+
if ! command -v cryptsetup > /dev/null 2>&1; then
echo Root is on a DM crypt device, but cryptsetup not installed
>&2
fi
