Package: cryptsetup Version: 2:1.7.2-4 Severity: normal File: /usr/share/initramfs-tools/hooks/cryptroot
I am trying to set up a key file (/etc/luks/nvme0n1.luks) in crypttab for the root filesystem. I realise this is a bit cyclical, but I've successfully set up grub2 to do the decryption for me, so that by the time initramfs comes around, I want it to fetch the key from the initramfs. To do this, I thought I could simply configure it with crypttab like so: crypt UUID=40aa3e9a-dd83-4789-822f-da3ed51b18cc /etc/luks/nvme0n1.luks luks,discard and have the initramfs hook copy the keyfile. However, instead, I get the following warning: WARNING: crypt's key file /etc/luks/nvme0n1.luks is not on an encrypted root FS, skipped This is what the shell script evaluates to just before: + [ / != / ] + node_is_in_crypttab fishbowl-root + [ -f /etc/crypttab ] + [ 1 -gt 0 ] I think the reason for the confusion is that the "crypt" device is actually a PV for the fishbowl LVM VG, and the root filesystem is just an LV there, so it's not encrypted per se, but it's part of an encrypted volume group… -- Package-specific info: -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.7.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages cryptsetup depends on: ii cryptsetup-bin 2:1.7.2-4 ii debconf [debconf-2.0] 1.5.59 ii dmsetup 2:1.02.133-1 ii libc6 2.24-5 Versions of packages cryptsetup recommends: ii busybox 1:1.22.0-19 ii console-setup 1.152 ii initramfs-tools [linux-initramfs-tool] 0.125 ii kbd 2.0.3-2 Versions of packages cryptsetup suggests: ii dosfstools 4.0-2 pn keyutils <none> ii liblocale-gettext-perl 1.07-3+b1 -- debconf information excluded -- .''`. martin f. krafft <madduck@d.o> @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital GPG signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)