-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Guilhem,
Am Fr den 7. Okt 2016 um 10:43 schrieb Guilhem Moulin: > On Fri, 07 Oct 2016 at 10:20:08 +0100, Klaus Ethgen wrote: > > However, it was not that easy to create the initramfs as the "most" > > setting for MODULES do not include cryptsetup stuff and "dep" setting > > does not work in a chroot. > > Do you have CRYPTSETUP set in your /etc/initramfs-tools/initramfs.conf? Ehem, no. The file has the following settings: MODULES=most BUSYBOX=y KEYMAP=n COMPRESS=gzip DEVICE= NFSROOT=auto There is no mentioning about a "CRYPTSETUP" setting. However, the "MODULES=most" setting gets overwritten in /etc/initramfs-tools/conf.d/driver-policy to value "dep". > This is an undocumented way of forcing cryptsetup initramfs integration. > As of 2:1.7.2-1, the hook script configuration variable are to be set in > /etc/crytsetup-initramfs/conf-hook, cf. the following changelog entry > > * Use /etc/crytsetup-initramfs/conf-hook for initramfs hook script > configuration. For backward compatibility setting CRYPTSETUP and > KEYFILE_PATTERN in /etc/initramfs-tools/initramfs.conf is still supported > for now, but causes the hook to print a warning. > This is done following the initramfs-tools maintainers' request (see > #807527) that hook and boot script configuration files be stored outside > the /etc/initramfs-tools directory. (Closes: #783393) Ah, in that file (/etc/cryptsetup-initramfs/conf-hook, not /etc/crytsetup-initramfs/conf-hook) is a (empty) setting "CRYPTSETUP=". This file is from yesterday, and was installed by today with the upgrade. However, that particulare problem was only about including cryptsetup out of the chroot from a recovery grml stick. The current implementation following some documenations I had in the past. The main key is a file "initramfs-tools/conf.d/diskkey" with the following content: KEYFILE_PATTERN="/etc/security/disk.key" export KEYFILE_PATTERN UMASK=0077 And the crypttab entry: _sda1 UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /etc/security/disk.key luks,discard Gruß Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.ch> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Comment: Charset: ISO-8859-1 iQGcBAEBCgAGBQJX93RzAAoJEKZ8CrGAGfas1OAL/1bIF/GXGVttJJTP+qW13guw 77cvr53oSFtMAMXQOJf7aPwEAf6iJI9emobPiq9r/pTZYuJkoYiNrDFnpE/LEtpq /yEAxYzt2y3HWdsWe+2MmHhisy1AKKNFAtBOmKtiL1FSDVzZo26RD4CwRPVTp4RU iQmeOzgImh3/DzDJKxfd/l8IWoazEMlRMQwLdZzvfC1/E845F3bYJIXQVtRvyIra xC7+eBrLjoExTJ/2HJs8/rorKDuy9rO/KpAZF3bGvq3A00xiKyDqBdb4SViOGbLB GZGmkO6ymph5Pae/qH2Tq/hgIQoNTOq69cNf6IlQQ6V7toy0FLu65nFSyoRuSUBT SDl7DDXVyfoJ+gNCHWAFyZrNpsg2eGDvTh84wr7xrPcg7/4jajx8SlmgCVZTALOR HLC8mqkdwGWlAMA7In63j5+dezRYMPAyTc1BR1QmsMlH2SlCyVIPXIkKLQO1A9LP X1w0L/fCKjs67RXPju9fosTOjS8+n7wANnMaJKxNsA== =x+ek -----END PGP SIGNATURE-----