Bug#904162: yubikey-luks: keyscript not run during boot
This bug is fixed upstream with: https://github.com/cornelinux/yubikey-luks/commit/e6c20a349b0d7f3d02c69bf86ef2ab179691bb1e which don't rely on cryptsetup package internals anymore but needs manual system config adjustment. There are also couple more fixes in master, including debian downstream patches. You may consider syncing upstream master with debian if you want to make new release in debian. Jordan
Bug#904162: yubikey-luks: keyscript not run during boot
Hi, On Fri, 20 Jul 2018 at 23:16:09 +0100, Matt Patey wrote: > I got it working again by changing /usr/share/initramfs-tools/scripts/local- > top/yubikey-luks as follows: > > sed -i 's|$|,keyscript=/sbin/ykluks-keyscript|' /cryptroot/crypttab Please don't do that. We (cryptsetup package maintainers) replaced /conf/conf.d/cryptroot and changed its format without notice in the NEWS file because it's undocumented and thus internal to src:cryptsetup. Packages outside of src:cryptsetup must stick to the documented interface; and in use cases where it's not enough, ask us to extend it rather than using internal details. Currently there is no current interface to iterate through the initramfs crypttab(5) and add/change all keyscripts. I don't think that's the right way to proceed, either. Why not adding “keyscript=…” to /etc/crypttab instead? Cheers, -- Guilhem. signature.asc Description: PGP signature
Bug#904162: yubikey-luks: keyscript not run during boot
tags -1 + pending thanks On 21.07.2018 00:16, Matt Patey wrote: > I got it working again by changing /usr/share/initramfs-tools/scripts/local- > top/yubikey-luks as follows: I've adapted your path in a slightly different ways, see https://salsa.debian.org/auth-team/yubikey-luks/commit/af092665b9628956ba5318935b66584665fda978 Thanks for submitting, I'm preparing a release. Cheers Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de signature.asc Description: OpenPGP digital signature
Bug#904162: yubikey-luks: keyscript not run during boot
Package: yubikey-luks Version: 0.3.3+3.ge11e4c1-1 Severity: important Tags: patch Dear Maintainer, Recent versions of cryptsetup seem to have changed how the crypttab settings are stored in the initramfs. This results in the following error message on boot and the keyscript is not run: sed: /conf/conf.d/cryptroot: No such file or directory I got it working again by changing /usr/share/initramfs-tools/scripts/local- top/yubikey-luks as follows: sed -i 's|$|,keyscript=/sbin/ykluks-keyscript|' /cryptroot/crypttab -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing'), (10, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.16.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages yubikey-luks depends on: ii cryptsetup 2:2.0.3-4 ii initramfs-tools 0.130 ii yubikey-personalization 1.18.0-1 yubikey-luks recommends no packages. yubikey-luks suggests no packages. -- no debconf information --- /usr/share/initramfs-tools/scripts/local-top/yubikey-luks 2015-08-18 14:16:50.0 +0100 +++ /etc/initramfs-tools/scripts/local-top/yubikey-luks 2018-07-20 19:26:35.592787797 +0100 @@ -18,6 +18,6 @@ esac #if [ -e /etc/yubikey-challenge ]; then -sed -i 's|$|,keyscript=/sbin/ykluks-keyscript|' /conf/conf.d/cryptroot +sed -i 's|$|,keyscript=/sbin/ykluks-keyscript|' /cryptroot/crypttab #fi exit 0