Your message dated Sun, 08 May 2022 20:35:11 +0000
with message-id <[email protected]>
and subject line Bug#1000648: fixed in clevis 18-2
has caused the Debian Bug report #1000648,
regarding clevis: unlocking 2nd device doesn't happen
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1000648: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000648
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: clevis
Version: 16-2
Severity: normal
I have 2 MD raid devices which are encrypted.
/dev/md1 is a PV for LVM which contains basically the root filesystem
and separate /var and /tmp filesystems.
/dev/md2 is also a PV for LVM contains /home and other filesystems.
I have bound both to the tpm2 pin. /dev/md1 gets succesfully
unlocked by the initd.img scripts, but /dev/md2 is not touched there.
After the root has been mounted and the cryptdisks-early script runs,
that script sees that /dev/md1 has been unlocked, and then proceeds
to ask the passphrase for /dev/md2; clevis seems to do nothing for that
second device, while it's been bound in an identical manner.
I can't find any hints on how to proceed from here, to have the second
device also automatically unlocked. Do you have any idea?
I can't be the only person with more than one LUKS-encrypted device.
PS: dpkg -s clevis-luks
...
Description: LUKS integration for clevis
This package allows binding a LUKS encrytped volume to a clevis
"encrytped" is a typo.
Thanks,
Paul
-- System Information:
Debian Release: 11.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-9-amd64 (SMP w/16 CPU threads)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled
Versions of packages clevis depends on:
ii cracklib-runtime 2.9.6-3.4
ii curl 7.74.0-1.3+b1
ii jose 10-3
ii libc6 2.31-13+deb11u2
ii libjansson4 2.13.1-1.1
ii libjose0 10-3
ii libpwquality-tools 1.4.4-1
ii libssl1.1 1.1.1k-1+deb11u1
ii luksmeta 9-3
Versions of packages clevis recommends:
ii cryptsetup-bin 2:2.3.5-1
clevis suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: clevis
Source-Version: 18-2
Done: Christoph Biedl <[email protected]>
We believe that the bug you reported is fixed in the latest version of
clevis, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christoph Biedl <[email protected]> (supplier of updated clevis
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 08 May 2022 21:41:08 +0200
Source: clevis
Architecture: source
Version: 18-2
Distribution: unstable
Urgency: medium
Maintainer: Christoph Biedl <[email protected]>
Changed-By: Christoph Biedl <[email protected]>
Closes: 995657 1000648
Changes:
clevis (18-2) unstable; urgency=medium
.
* Cherry-pick from upstream:
- Sss: use BN_set_word(x, 0) instead of BN_zero() (Closes: #995657)
- Do not kill non clevis slots (#315)
- Avoid luksmeta corruption on clevis bind (#319)
- Use `command -v` instead of `which`
* Document a sometime-needed hint to crypttab. Closes: #1000648
Checksums-Sha1:
2fe30142f8dca1e8edd69425bc91e640a72382b0 2552 clevis_18-2.dsc
3e97fececb4ace95b3bae80ffbc9218f2fc0ca9e 9176 clevis_18-2.debian.tar.xz
80d4a18c2aae91df728ab2e5d36bd6bcad895830 11915 clevis_18-2_powerpc.buildinfo
Checksums-Sha256:
36cdccbfe35c87c5ecab26a63061d8b08d12e85dc253f0db11b66c086f832e00 2552
clevis_18-2.dsc
ef40b610310146d562938ddcf652623bc848a56eae7d13546a56a59337c55525 9176
clevis_18-2.debian.tar.xz
f93d5fabd691cffd4c9cbd8b0d4360b3a0e843c5827335bce610e615e91130d1 11915
clevis_18-2_powerpc.buildinfo
Files:
28fce6b139925c3d9de7c4e703091949 2552 net optional clevis_18-2.dsc
c0631ced1984c192f375f393bdefba8b 9176 net optional clevis_18-2.debian.tar.xz
610dc87e3700359c1807d50252669f31 11915 net optional
clevis_18-2_powerpc.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAmJ4IhUACgkQxCxY61kU
kv2JOBAAjOvnxE/M1q9GYQ8A2C9LPzIMCMTyLqVwgSSxweOR82H0RvJ0gX1WOyEw
x6FdxF1fB9uvaBpngu96boVNGfpmrGjxWyb2Pcm72gfgtnxCekkM58fwsuCu9dU3
w7AuJFJ5UPG4G3AmBnM0d0HJCOh4rTWmSug1V1YBlaBuR1Jzm9lUCdWq3B4nBQVE
Wii1e+meId2/2NGLvu9wtQAf4fUKN/LjLWVokE+ZyN7MNzOogJEXi5QbLYdMArd5
4Jq1b3GlkjUEnUjANuH86n0kNamqm1fKiYmUFHXftJcqRcuHHAcpHHZnuU4UeC/i
+rjJdLkAshDd//1oUkIme4l4mk+do4Ny0+oC2pjbsrMcIjyx7ODRuSyLOiEWk4U+
cdfaFiPqfotjluPy1AG1LGwFgnH6AWIpgCfqfY0HL82TZ+XGQfCdACHuumUNh3KJ
BQJAaTMcKWZS0Hr6zGOh5vdl0JXG/XiUTsr8M0nkLRMuauSbZgGxpkVeu5doSnWQ
2dkUGjKaDw3FwQp2eCbzDgAyVGN3zo1G/DdP8A3Hbb8Jxt85/Fd0vZb1Pnb6E/Iu
wDc+pvE7XMubztwBpQvVcMYzKrZJM9OoMGbkmYj139TtsMRdLdf7MmnJ50y2puww
34cDNuoKCzaLGknVBMvW0vtwdWC4g/hOuRFE6ahwf4sjYi/1lSM=
=+ebW
-----END PGP SIGNATURE-----
--- End Message ---
