[pkg-cryptsetup-devel] Bug#601314: Bug#601314: please allow adding extra devices to conf.d/cryptsetup in your hook script

Marc Haber mh+debian-bugs at zugschlus.de
Thu Feb 24 15:53:11 UTC 2011 

Hi Jonas,

On Thu, Feb 24, 2011 at 12:13:22PM +0100, Jonas Meurer wrote:
> On 25/10/2010 Marc Haber wrote:
> > I have a system where the keyscript used to unlock the root fs needs
> > another crypto file system to be unlocked previously. To do that, I
> > would like to have that file system added to conf.d/cryptsetup, and to
> > do that, I'd have to go though pretty much the same motions that
> > /usr/share/initramfs-tools/hooks/cryptroot already does.
> > 
> > Please consider adding a method to have your hook script handle
> > additional devices other than the root and the resume devices. It
> > would be necessary to set some marker to tell the hook script to
> > handle that device as well. Searching /etc/fstab would probably not be
> > appropriate since my device will unmounted and locked again after the
> > root was mounted.
> > 
> > Having the device in crypttab, specially marked, would probably be ok.
> > 
> > Please indicate how you would like to tell the hook script about
> > additional devices to handle, and I'll provide a patch.
> 
> What kind of device are you talking about? Another dm-crypt encrypted
> device which contains the key?

Nearly. It's another dm-crypt encrypted device which contains part of
the key, which needs to be unlocked before the keyscript that is used
to unlock the root fs can build the key for the root fs.

> If this is just about additional dm-crypt devices, which should be
> unlocked in initramfs along with the root and suspend devices,

This additional dm-crypt device needs to be successfully unlocked
before the unlock process for the root and suspend devices can start.
Order is important because before the additional device isn't open,
there ain't a complete key to unlock root.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190

More information about the pkg-cryptsetup-devel mailing list