Control: reopen -1 Control: severity minor -1 Hi Martin,
Am 02.11.2016 um 15:31 schrieb martin f krafft: > I am trying to set up a key file (/etc/luks/nvme0n1.luks) in > crypttab for the root filesystem. I realise this is a bit cyclical, > but I've successfully set up grub2 to do the decryption for me, so > that by the time initramfs comes around, I want it to fetch the key > from the initramfs. To do this, I thought I could simply configure > it with crypttab like so: > > crypt UUID=40aa3e9a-dd83-4789-822f-da3ed51b18cc /etc/luks/nvme0n1.luks > luks,discard > > and have the initramfs hook copy the keyfile. However, instead, > I get the following warning: > > WARNING: crypt's key file /etc/luks/nvme0n1.luks is not on an > encrypted root FS, skipped thanks for the bugreport. While you seem to have found a proper way to add your key file to the initramfs in the meantime, your report still describes a real bug here: For some reason, the cryptroot hook script thinks that your key is not on an encrypted device, which seems to be wrong in your case. > This is what the shell script evaluates to just before: > > + [ / != / ] > + node_is_in_crypttab fishbowl-root > + [ -f /etc/crypttab ] > + [ 1 -gt 0 ] > > I think the reason for the confusion is that the "crypt" device is > actually a PV for the fishbowl LVM VG, and the root filesystem is > just an LV there, so it's not encrypted per se, but it's part of an > encrypted volume group… Can you give a bit more context here? In particular the shell script trace before and after the part that you parsed would be helpful. Could you send me the full shell script trace with 'set -x' enabled (and KEYFILE_PATTERN temporarely removed again)? For some reason, 'node_is_in_crypttab fishbowl-root' expands to false. Is 'fishbowl-root' the name of your unlocked dm-crypt device or a the name of your LVM logical volume? Cheers, jonas
signature.asc
Description: OpenPGP digital signature