Hi Martin, Am 16.11.2016 um 15:40 schrieb martin f krafft: > also sprach Jonas Meurer <jo...@freesources.org> [2016-11-14 19:01 +0100]: >>> I think the reason for the confusion is that the "crypt" device is >>> actually a PV for the fishbowl LVM VG, and the root filesystem is >>> just an LV there, so it's not encrypted per se, but it's part of an >>> encrypted volume group… >> >> Can you give a bit more context here? In particular the shell script >> trace before and after the part that you parsed would be helpful. Could >> you send me the full shell script trace with 'set -x' enabled (and >> KEYFILE_PATTERN temporarely removed again)? > > Here you go, hope this helps. more info below.
Indeed, it helped a lot. > [...] > + key=/boot/nvme0n1.luks > + printf %s fishbowl-root > + tr \n > + grep -Fxq crypt > + stat -c %m -- /boot/nvme0n1.luks > + [ / != / ] > + node_is_in_crypttab fishbowl-root > + [ -f /etc/crypttab ] > + [ 1 -gt 0 ] > + sed -rn s/^\s*([^#]\S*)\s.*/\1/p /etc/crypttab > + grep -Fxq fishbowl-root > + return 1 > + echo cryptsetup: WARNING: crypt's key file /boot/nvme0n1.luks is not on an > encrypted root FS, skipped > cryptsetup: WARNING: crypt's key file /boot/nvme0n1.luks is not on an > encrypted root FS, skipped > + return 1 > [...] > >> For some reason, 'node_is_in_crypttab fishbowl-root' expands to >> false. Is 'fishbowl-root' the name of your unlocked dm-crypt >> device or a the name of your LVM logical volume? > > The setup is as follows: > > /boot is on LV /dev/mapper/fishbowl-root > The fishbowl VG is on PV /dev/mapper/crypt > /dev/mapper/crypt is a dm-crypt mapping on top of /dev/nvme0n1p3 > > So to answer your question: 'root' is the LV in VG 'fishbowl', which > sits on PV 'crypt', which is the unlocked dm-crypt device > corresponding to the SSD. The problem was with the following test condition for the key file: if printf '%s' "$rootdevs" | tr ' ' '\n' | grep -Fxq "$target"; ... it didn't didn't detect root parent devices. This is fixed now: if printf '%s' "$OPTIONS" | tr ',' '\n' |grep -Fxq "rootdev"; ... Could you give updated packages a try? You can find them at https://people.debian.org/~mejo/debian/mejo-unstable/. Along with some other changes, they should have fixed the issue you revealed. In order to test whether the script works as expected now, you'll have to remove the KEYFILE_PATTERN stuff again. The script now should fail with the correct message: cryptsetup: WARNING: root target crypt uses a key file, skipped Cheers, jonas
signature.asc
Description: OpenPGP digital signature
