-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello Guilhem,
Am Fr den 7. Okt 2016 um 13:04 schrieb Guilhem Moulin: > I see. Indeed, we've unfortunately been too fast at releasing a fix for > #786578. That is, we documented setting KEYFILE_PATTERN > /etc/initramfs-tools/initramfs.conf (or alternatively, under > /etc/initramfs-tools/conf.d) while the initramfs-tools maintainers later > (#807527) objected to using /etc/initramfs-tools for hook configuration: > > ???If a hook script requires configuration beyond the exported > variables listed below, it should read a private configuration file > that is separate from the /etc/initramfs-tools directory. It must > not read initramfs-tools configuration files directly.??? ??? > initramfs-tools(8) > > Can you confirm your system boots as expected once you delete > /etc/initramfs-tools/conf.d/diskkey and use > /etc/cryptsetup-initramfs/conf-hook instead? Partly. It will boot but the rights of the resulting initrd are 0644, so world-readable with credentials in it. > I'll push a proper fix > later today, to make the latter config file take precedence over > mkinitramfs(8) settings; but *not override them* as it's incorrectly > done now. Well, just keep 'em commented out I would says that will fix it? > (Just to be clear, we *will* drop backward compatibility at > some point, but after at least one stable release cycle, and with a > loud warning printed at each update-initramfs run meanwhile.) Sure... But that should be done via debconf probably. Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <kl...@ethgen.ch> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Comment: Charset: ISO-8859-1 iQGcBAEBCgAGBQJX95txAAoJEKZ8CrGAGfasRYEL/2+BH8sh2I6OIQy8Nyd9IwIp yRnltgRepla3lFdC+Kj9AgT18azVZjbOQ9w6RtJ2BkcvHzq6RzDfkmvM0Vzeoz5y xOuMtfyI4au3TIK0o4Bn1OdJXuKvVzq8HjmFGjrEvsJIN2TA610wNhKwi4fDjdCd 0Ey7moK6u85n4acR18Of+MaX4M7iMbC/WA6cTxZOgHlQEgaxe1FC9Yn+230V1iNL SAn0Z+uqmHkQZpHBPOunH0hQwfC4XMx8SyOMgeTjy8X8/sL/MBlkVUUiYU158V9E ESR3QdbCq0mugmBIf1VGpqJ6m/JruvYK3MIQ2rZWO+kxAfSzbT6A7WotjTjKV0jJ U+SlyzjkVzecKCSxVQ3MSl/TCsqGoBL4t4FPFAtqqTJo3IzMwcwrOD+wDTUIZ6Ew YZbeOIbRySKTWZJI+GQNfzqsOY/I8eZAov/Yrmk/B9Tx4CbwcJ2Q/Fqji6+zN8+1 uCy3Ix5LDqCgE1PEqAbUDxQZFaXqUmfnWINwMWTHdw== =fvPC -----END PGP SIGNATURE-----