[Bug 1223622] Re: add support for crypttab mounting of luks devices with detached headers

DiagonalArg 1223622 at bugs.launchpad.net
Sat Jan 25 06:27:38 UTC 2014 

Precise (12.04) has cryptsetup v.1.4.1, and these patches basically work
for that version also.

(1) /lib/cryptsetup/cryptdisks.functions works with no changes
(2) /usr/share/initramfs-tools/hooks/cryptroot works with no changes
(3) /usr/share/initramfs-tools/scripts/local-top/cryptroot needs a single " " added.

I've broken @Glen's combined "cryptroot" patch into two, made the small mod, and am attaching 
it here.

Usage - The first script adds a valid option to crypttab:
   header=<filename>

When the initramfs is created, the other two scripts include <filename> in the initramfs and 
keep track of how to assemble the boot disk on startup.

When the scripts look for <filename> to include it, the search will be first in the conf.d directory,
which defaults to: /etc/initramfs-tools/conf.d.  If it is not found there, then it is searched as an 
absolute path.

As far as I can tell, <filename> has to be a normal file, though
cryptsetup allows a device.

I haven't tested this yet, but I am close to trying and will report back
when I do.

** Patch added: "cryptsetup-1.4.3.ubuntu.precise.initrd.cryptroot-script.patch"
   https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1223622/+attachment/3956417/+files/cryptsetup-1.4.3.ubuntu.precise.initrd.cryptroot-script.patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1223622

Title:
  add support for crypttab mounting of luks devices with detached
  headers

Status in “cryptsetup” package in Ubuntu:
  Confirmed

Bug description:
  A detached luks header for a luks device is a new feature in
  cryptsetup 1.4.  This is a feature request to allow the unlocking of
  luks devices with detached headers, both as a root device (ie in the
  initrd) as well as using the init system.

  The attached patch only solves part of the issue, support in the init
  system.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1223622/+subscriptions

More information about the foundations-bugs mailing list