I have gotten this to work in Ubuntu 15.10, which has cryptsetup 1.6.6.
As mentioned previously, the scripts in 1.6.6 have included the patches
from here with some modifications, along with additions for truecrypt
volumes, btrfs, and some improvement (hopefully) of situations where
it's necessary to wait for disks to come up. Unfortunately, the
modifications to the detached header code introduced a number of errors
and was, in addition, crippled by the commenting out of the code that
inserted the header into the initramfs. I'm about to upload the patches
here. A couple of notes on usage/comments:
(1) A function in /lib/cryptsetup/cryptdisks.functions parses the
/etc/crypttab file, including any possible "header=<fn>" option. This
function only works if <fn> is a complete filename path. That path may
need to be in quotes if it's got spaces in it, though I haven't tested
that part. I <<believe>> this is only used for disks that come up after
root and (perhaps) are not listed as automount in /etc/fstab.
(2) The scripts in /usr/share/initramfs-tools/{hooks,scripts/local-
top}/cryptroot also parse the crypttab file (respectively a derivative
of that file) in order to bring up an encrypted root device. If that
root device has a detached header, then the "header=<fn>" option can
refer either to a complete filename path, or to a file in the directory
/etc/initramfs-tools/conf.d/cryptheader. Both ways of referring to the
file (now) work.
(3) It's the script /usr/share/initramfs-tools/hooks/cryptroot that had
the section commented out. This section was taken directly from the
original scripts posted by Glenn. That section is marked by a "TODO",
added by the maintainer, and which I have uncommented.
A final note. When the header is not detached, it's possible to use
UUID's to refer to a device in crypttab. Since the UUID is in the
header, when we have a detached header it is no longer possible to refer
to the device this way. There is another unique means of referring to a
(hardware) disk, the WWN device identifier
(https://en.wikipedia.org/wiki/World_Wide_Name). These can be found
listed in /dev/disk/by-id/wwn-*. This is probably what you want to use
for the first, target, field in the crypttab file.
Ok, patches coming. Hope it's useful!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1223622
Title:
add support for crypttab mounting of luks devices with detached
headers
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1223622/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
