Bug#923165: initramfs: reboot in panic function does not work

[Michael Niewöhner]

Package: initramfs-tools
Version: 0.133
Severity: normal
Tags: patch

The panic()-function in /scripts/function tries to reboot the system.
When this fails, a kernel panic is generated by exiting PID 1.

At least for me, the reboot always fails. AFAIK "reboot" would not work at all
because there is no reboot handler at this stage...

Patch:

--- a/scripts/functions
+++ b/scripts/functions
@@ -47,3 +47,3 @@ panic()
sleep "${panic}"
-   reboot
+   reboot -f
exit  # in case reboot fails, force kernel panic

Bug#618862: systemd: ignores keyscript in crypttab

[Michael Niewöhner]

Hi all,

I stumbled on this, too but I have a work-around for at least 'decrypt_keyctl'.

systemd uses systemd-cryptsetup -> systemd-ask-password -> linux keyring.
The keyring can be modified by keyctl just as 'decrypt_keyctl' does.
As I wanted to use 'decrypt_keyctl' for unlocking root and data with the same
password, I applied this patch:

--- /lib/cryptsetup/scripts/decrypt_keyctl.distrib  2017-05-09
13:50:59.0 +0200
+++ /lib/cryptsetup/scripts/decrypt_keyctl  2018-08-04 21:34:01.130979945
+0200
@@ -24 +24 @@ die()
-ID_="cryptkey-$1"
+ID_="cryptsetup"

My entries in crypttab are these:
crypt_sys /dev/zpool_sys/zvol_sys none luks,discard,keyscript=decrypt_keyctl
crypt_data /dev/zpool_data/zvol_data none luks,discard,keyscript=decrypt_keyctl

Now cryptsetup-initramfs unlocks my root device and decrypt_keyctl caches the
password to linux keyring with desc=cryptsetup.

Systemd then reads the key from keyring with desc=cryptsetup and unlocks my data
 device! :-)

That keyring caching could be easily added to all other keyscripts to make
systemd unlock work ;-)


Best regards
Michael