tag 1074609 +patch, +upstream
thanks
On Wed, Nov 27, 2024 at 4:29 PM Harlan Lieberman-Berg <hlieber...@debian.org>
wrote:
> I don't actually get a password prompt at all, and setting hostonly to
> either parameter doesn't work, so I think the problem has to do with the
> way disks are being detected. I'm curious, dkg, how do you have your disks
> specified in the kernel_cmdline config -- and do you have hostonly set to
> yes or no?
>
Hello all,
Quick update on this; I tracked the problem down to an upstream decision to
stop decrypting encrypted devices by default (
https://github.com/dracut-ng/dracut-ng/commit/39eacd9223f2e8c14c76cbe885789a84df36a29b).
It looks like they introduced decrypting by default in v102, then removed
it in v104. We skipped straight from an old version (v60) all the way up
to 102, so the behavior didn't change even though technically it was new to
dracut-ng.
Patch attached which simply reverts the reversion. I've tested this and it
appears to work for me. I mentioned to upstream that this was the problem
in their Matrix channel, but it should probably be sent up as an official
bug. Thomas, would you like me to take care of that, or do you want to do
the coordination with them? (Happy to help, but don't want to step on your
toes!)
Sincerely,
--
Harlan Lieberman-Berg
~hlieberman
From fe92c9f78d764abe7566631c4d89d345cfa045fd Mon Sep 17 00:00:00 2001
From: Harlan Lieberman-Berg <hlieber...@setec.io>
Date: Thu, 28 Nov 2024 18:06:41 -0500
Subject: [PATCH] Add patch to decrypt by default (Closes: #1074609)
---
.../patches/debian-decrypt-by-default.patch | 20 +++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 21 insertions(+)
create mode 100644 debian/patches/debian-decrypt-by-default.patch
diff --git a/debian/patches/debian-decrypt-by-default.patch b/debian/patches/debian-decrypt-by-default.patch
new file mode 100644
index 00000000..c3157afe
--- /dev/null
+++ b/debian/patches/debian-decrypt-by-default.patch
@@ -0,0 +1,20 @@
+Description: Revert reversion of default encryption
+Author: Harlan Lieberman-Berg <hlieber...@debian.org>
+Forwarded: not-needed
+---
+ modules.d/90crypt/parse-crypt.sh | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules.d/90crypt/parse-crypt.sh b/modules.d/90crypt/parse-crypt.sh
+index 9567a4a97..e46e347ac 100755
+--- a/modules.d/90crypt/parse-crypt.sh
++++ b/modules.d/90crypt/parse-crypt.sh
+@@ -174,7 +174,7 @@ else
+ } >> "$hookdir/emergency/90-crypt.sh"
+ fi
+ done
++ elif getargbool 1 rd.auto && [ -z "$(getargs rd.luks.name)" ]; then
+- elif getargbool 0 rd.auto; then
+ if [ -z "$DRACUT_SYSTEMD" ]; then
+ {
+ printf -- 'ENV{ID_FS_TYPE}=="crypto_LUKS", RUN+="%s ' "$(command -v initqueue)"
diff --git a/debian/patches/series b/debian/patches/series
index 7b16e8c5..3e3efda7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ fix-01fips-crypto-policies-use-bin-in-shebang.patch
test-decrease-default-VM-memory-size-to-1-GiB.patch
fix-iscsi-include-usr-lib-open-iscsi-startup-checks.sh-if.patch
fix-dracut-init-add-compatibility-with-Debian-Ubuntu-for-.patch
+debian-decrypt-by-default.patch
--
2.45.2
