Your message dated Sun, 4 Aug 2024 20:23:48 +0200
with message-id <[email protected]>
and subject line Re: Bug#1076100: /usr/share/initramfs-tools/hooks/cryptroot: 
replaces stable LABEL=… lines in crypttab with unstable UUID=… entries
has caused the Debian Bug report #1076100,
regarding /usr/share/initramfs-tools/hooks/cryptroot: replaces stable LABEL=… 
lines in crypttab with unstable UUID=… entries
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1076100: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076100
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cryptsetup-initramfs
Version: 2:2.3.7-1+deb11u1
Severity: normal
X-Debbugs-Cc: [email protected]

The /cryptroot/crypttab file in the initramfs contains lines like:

cxxxxPV UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none discard,luks,initramfs

This is bad because these are less stable than the LABEL=… lines I put
into crypttab(5): the UUID changes then you do a restore from backup,
whereas the LABEL can be easily made to stay the same.

It should not do so for LABEL= lines. (I can understand wishing to do
so for others, but even GRUB has a GRUB_DISABLE_LINUX_UUID=true option
because they realise UUIDs can be troubling.)


-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-5.10.0-30-amd64 root=/dev/mapper/vg--xxxx-lv--root ro 
rootdelay=5 net.ifnames=0 
ip=6,0,eth0,xxxx.mirbsd.org,2a02:xxxx:xxxx:xxxx::1/64,fe80::1 nomodeset TZ=:UTC

-- /etc/crypttab
# <target name> <source device>         <key file>      <options>
cxxxxPV         LABEL=cxxxxPV           none            discard,luks,initramfs
cswp1           /dev/vg-xxxx/lv-swp1    /dev/random     
discard,cipher=aes-xts-plain64,size=256,plain,swap
cswp2           /dev/vg-xxxx/lv-swp2    /dev/random     
discard,cipher=aes-xts-plain64,size=256,plain,swap

-- /etc/fstab
/dev/vg-xxxx/lv-root  /             ext4   
defaults,auto_da_alloc,relatime,lazytime              0  2
LABEL=xxxx-boot       /boot         ext4   
defaults,auto_da_alloc,noatime,lazytime,nodev,noexec  0  1
swap                  /tmp          tmpfs  
defaults,noatime,lazytime,nosuid,nodev                0  0
/dev/vg-xxxx/lv-mbsd  /var/anoncvs  ext4   
defaults,auto_da_alloc,noatime,lazytime,nodev         0  3
/dev/mapper/cswp1     swap          swap   sw,discard=once                      
                 0  0
/dev/mapper/cswp2     swap          swap   sw,discard=once                      
                 0  0

swap  /var/log/apache2  tmpfs  
size=37748736,async,noatime,lazytime,auto,nodev,noexec,nosuid,rw,nouser,uid=0,gid=4,mode=2750
  0  0

-- lsmod
Module                  Size  Used by
nft_reject_inet        16384  7
nf_reject_ipv4         16384  1 nft_reject_inet
nf_reject_ipv6         20480  1 nft_reject_inet
nft_reject             16384  1 nft_reject_inet
nf_tables             274432  56 nft_reject_inet,nft_reject
libcrc32c              16384  1 nf_tables
nfnetlink              20480  1 nf_tables
joydev                 28672  0
drm_kms_helper        278528  0
evdev                  28672  2
cec                    61440  1 drm_kms_helper
sg                     36864  0
serio_raw              20480  0
pcspkr                 16384  0
drm                   634880  1 drm_kms_helper
virtio_balloon         24576  0
qemu_fw_cfg            20480  0
button                 24576  0
dm_crypt               57344  3
dm_mod                163840  19 dm_crypt
ext4                  942080  3
crc16                  16384  1 ext4
mbcache                16384  1 ext4
jbd2                  151552  1 ext4
crc32c_generic         16384  0
hid_generic            16384  0
usbhid                 65536  0
hid                   151552  2 usbhid,hid_generic
crc32_pclmul           16384  0
crc32c_intel           24576  7
sd_mod                 61440  3
t10_pi                 16384  1 sd_mod
crc_t10dif             20480  1 t10_pi
crct10dif_generic      16384  0
crct10dif_pclmul       16384  1
crct10dif_common       16384  3 crct10dif_generic,crc_t10dif,crct10dif_pclmul
virtio_scsi            24576  2
virtio_net             61440  0
net_failover           24576  1 virtio_net
failover               16384  1 net_failover
ghash_clmulni_intel    16384  0
ata_generic            16384  0
uhci_hcd               57344  0
ata_piix               36864  0
libata                299008  2 ata_piix,ata_generic
ehci_hcd               98304  0
aesni_intel           372736  6
scsi_mod              270336  4 virtio_scsi,sd_mod,libata,sg
libaes                 16384  1 aesni_intel
crypto_simd            16384  1 aesni_intel
cryptd                 24576  5 crypto_simd,ghash_clmulni_intel
glue_helper            16384  1 aesni_intel
psmouse               184320  0
virtio_pci             28672  0
virtio_ring            36864  4 virtio_balloon,virtio_scsi,virtio_pci,virtio_net
virtio                 16384  4 virtio_balloon,virtio_scsi,virtio_pci,virtio_net
i2c_piix4              28672  0
usbcore               331776  3 usbhid,ehci_hcd,uhci_hcd
usb_common             16384  3 usbcore,ehci_hcd,uhci_hcd
floppy                 90112  0


-- System Information:
Debian Release: 11.10
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 
'oldstable-proposed-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-30-amd64 (SMP w/1 CPU thread)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages cryptsetup-initramfs depends on:
ii  busybox                                 1:1.30.1-6+b3
ii  cryptsetup                              2:2.3.7-1+deb11u1
ii  debconf [debconf-2.0]                   1.5.77
ii  initramfs-tools [linux-initramfs-tool]  0.140

Versions of packages cryptsetup-initramfs recommends:
ii  console-setup  2:20200214
ii  kbd            2.3.0-3

cryptsetup-initramfs suggests no packages.

-- debconf information:
  cryptsetup-initramfs/prerm_active_mappings: true

--- End Message ---
--- Begin Message ---
Version: 2:2.5.0-2

On Wed, 10 Jul 2024 at 18:35:36 +0000, Thorsten Glaser wrote:
> The /cryptroot/crypttab file in the initramfs contains lines like:
> […]
> This is bad because these are less stable than the LABEL=… lines I put
> into crypttab(5): the UUID changes then you do a restore from backup,
> whereas the LABEL can be easily made to stay the same.
> 
> It should not do so for LABEL= lines.

Since the fix for #1016455 the logic is as follows:

  * if the source is a spec (such as LABEL= or PARTUUID=), preserve its
    value;
  * if the source starts with /dev/disk/by-, perserve its value;
  * if the source is a mapped device (it starts with /dev/mapper/),
    perserve its value;
  * if the source has a UUID (e.g., for LUKS), replace it with that
    UUID;
  * otherwise, preserve its value.

-- 
Guilhem.

Attachment: signature.asc
Description: PGP signature


--- End Message ---

Reply via email to