On 2023-06-21 15:21, Roland Clobus wrote:
Hello Paul,
On 18/06/2023 23:12, [email protected] wrote:
Great job on Debian Bookworm. Just an FYI for people reading the
manual. You must add the “cryptsetup-initramfs” package along with
“cryptsetup” in your “package-list” or your live distro will not see
any encrypted drives. In Bullseye, “cryptsetup-initramfs” was
recommended and therefore automatically installed and in Bookworm it
isn’t.
Thanks for noticing.
At the moment the automated test (on openQA [1]) do not contain such
scenarios, therefore this use case was missed.
Can you provide some more details?
Which steps did you follow, when you noticed that
'cryptsetup-initramfs' is missing?
With kind regards,
Roland Clobus
[1] https://openqa.debian.net/group_overview/14
Hello Roland,
I setup my build for an encrypted persistence and just included
cryptsetup. When I did the first build I noticed I didn't get the
cryptsetup error message I normally get during the hooks/normal phase
where it indicates that it cannot find a drive. Didn't think anything
of it until after adding the encrypted partition and booting and it
didn't find my encrypted usb partition. I used the setting "persistence
persistence-encryption=luks persistence-media=removable-usb" in my
LB_BOOTAPPEND_LIVE configuration. I looked in my live distro for the
file "/etc/cryptsetup-initramfs/conf-hook" as described in the
hook/normal script 1010-enable-cryptsetup.hook.chroot and it wasn't
there. So I looked up the Debian package and saw that it was only
suggested not recommended. I included the "cryptsetup-initramfs" in my
package list and did another "lb build" and everything worked great!
By the way, for UEFI recognition I would add the following fdisk
workaround that's not mentioned in the manual. When you use fdisk to
create the extra partition on the live usb it states "'iso9660'
signature and it will be removed by a write command". As you know,
hybrid ISO's have multiple partition tables iso9660, dos, gpt, mac. So
I used the following command so that none of the signatures get wiped
and only use the dos partition. # fdisk --wipe=never -t dos /dev/sdX .
It finds my encrypted usb partition and has no trouble booting from UEFI
or Bios. If there is a better way let me know.
Cheers
Paul
Cheers
Paul
