Package: cryptsetup-initramfs Version: 2:2.0.5-1 Severity: normal -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Dear Maintainer, I have two HDDs and each of them have one encrypted partition (LUKSv2). The same password is set for both of the drives because I want to open them using only the one password when the system is booting. This setup works well when plymouth is installed -- I type just one password, and the sda drive is being unlocked and shortly after the sdb drive will be also unlocked (automatically). When I remove plymouth packages form my system and regenerate the initramfs image, I have to type the same password two times (one for each drive) when the system boots. This is the /etc/crypttab file: ============================================================= sda2_crypt UUID=e017ac1c-c46f-4b3f-a319-e1f5ed15144a none luks,header=/boot/headers/sda2_wd_black_256g sdb1_crypt UUID=66861f93-9fc7-46f9-b969-1ade25dcb898 none luks,header=/boot/headers/sdb1_wd_blue_1500g ============================================================= Systemd-cryptsetup-generator generates files in /run/systemd/generator/ for the two containers. The content of the two files is similar (only UUID and disk numbers are different). Here's one of the files ============================================================= # Automatically generated by systemd-cryptsetup-generator [Unit] Description=Cryptography Setup for %I Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd- [email protected](8) SourcePath=/etc/crypttab DefaultDependencies=no Conflicts=umount.target IgnoreOnIsolate=true After=cryptsetup-pre.target Before=cryptsetup.target BindsTo=dev-disk- by\x2duuid-e017ac1c\x2dc46f\x2d4b3f\x2da319\x2de1f5ed15144a.device After=dev-disk- by\x2duuid-e017ac1c\x2dc46f\x2d4b3f\x2da319\x2de1f5ed15144a.device Before=umount.target [Service] Type=oneshot RemainAfterExit=yes TimeoutSec=0 KeyringMode=shared ExecStart=/lib/systemd/systemd-cryptsetup attach 'sda2_crypt' '/dev/disk/by- uuid/e017ac1c-c46f-4b3f-a319-e1f5ed15144a' 'none' 'luks,header=/boot/headers/sda2_wd_black_256g' ExecStop=/lib/systemd/systemd-cryptsetup detach 'sda2_crypt' ============================================================= Since systemd v238, the option "KeyringMode=shared" was added, and hence the service file has access to the kernel keyring. But for some reason the kernel keyring is probably empty when plymouth is not used, and probably that's why I have to type the same password two times. When the above service is started manually via systemctl, I can see that it uses the kernel keyring when I type the following command once the service was started: # keyctl list @u 1 key in keyring: 237476127: --alswrv 0 0 user: cryptsetup Is plymouth needed to have this kind of functionality, or something is wrong with... something? - -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (990, 'unstable'), (130, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages cryptsetup-initramfs depends on: ii busybox 1:1.27.2-3 ii cryptsetup-run 2:2.0.5-1 ii initramfs-tools [linux-initramfs-tool] 0.132 Versions of packages cryptsetup-initramfs recommends: ii console-setup 1.187 ii kbd 2.0.4-4 cryptsetup-initramfs suggests no packages. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5JPPWm5C7TFDUMqpzQRoEHcbZSAFAlv4FsMACgkQzQRoEHcb ZSAVvBAAjMcxDzoYSrdqJ4a63JkXz+u2heAP6wmcA7mYG/MA3HcfaKcPcd7DWlJk W4yq2WsCaZC4A/yfVf/dCHBfQIBUFO/tf/je3HI7ietQWE7xXJ/zt/moXdjiZLin TlklhRA8zxm/d/bgwidQa7hon1nexlXK9quoiElW7Htkrla2ezyMJsAWX8/nlbjH w37qbFp7+5dRKfLEh9mh07ViqbSvuTcfjdHrVT7kZ5nFjBMDiu+3uVDY0FDehvVL hu8PVayp6ypRUKXrPD0HKPmDsKBzY6LvKgwC5OfBW1itHGNeHctjCOmSdwFg+iiS m2z5fRyvqmj1Z6y/9Kra+uy1usg8BacqRXNa25pKJi0+usqzWLdkMgGC7KhjXcFJ Zechs0MUYUY0hO1ZjWxwf7cpTcJiPhG2DGSwgdfDUg+DfQnvzLmJ1UyNVlET8WG3 SgT26UeEDMkpZyG5+rzCUUXC1aijhQ6YwcgXtw0WyqSZmpvklf2E9NRAHcwf3HNd UjuxzVeEfcwxZUBdYE/04CvSj9rk6pZoCZf/oUnUoGPGLIZt5xClqFkJwHTpeykE 6UvXcaaTsVZhDhKEBNq2Oia9JKKGUFwguaXS/qCatc5fE0vyAYIkWGiyUnpaT7hO ElvG4eTg/yLqpQ1dCF9Cq1U1taPAr7a4QDi5s7x+2ITCpkbOXDs= =lGpf -----END PGP SIGNATURE-----
