Package: initramfs-tools
Version: 0.92a
Severity: minor
File: /usr/sbin/update-initramfs

Look at that: (updating initrd, duplicates the content of the cryptroot config file...)

mordor:/etc/initramfs-tools/conf.d# cat cryptroot
target=lukspace,source=/dev/hda3,key=none,lvm=evg-root
mordor:/etc/initramfs-tools/conf.d#
mordor:/etc/initramfs-tools/conf.d#
mordor:/etc/initramfs-tools/conf.d# update-initramfs -u
update-initramfs: Generating /boot/initrd.img-2.6.24-1-686
mordor:/etc/initramfs-tools/conf.d# cat cryptroot
target=lukspace,source=/dev/hda3,key=none,lvm=evg-root
target=lukspace,source=/dev/hda3,key=none,lvm=evg-root
mordor:/etc/initramfs-tools/conf.d# reportbug update-initramfs



-- Package-specific info:
-- /proc/cmdline
root=/dev/mapper/evg-root vga=791 ro quiet SELINUX_INIT=NO

-- /proc/filesystems
ext3
fuseblk

-- lsmod
Module Size Used by
michael_mic 2528 6
arc4 2016 6
ecb 3552 6
ieee80211_crypt_tkip 10144 3
fglrx 1542188 20
vmnet 33524 9
parport_pc 33668 0
parport 34280 1 parport_pc
vmmon 1802156 0
ipv6 240836 10
fuse 45204 3
zc0301 47076 0
compat_ioctl32 1408 1 zc0301
pcmcia 37036 0
snd_hda_intel 275264 1
snd_pcm_oss 38272 0
snd_mixer_oss 15296 1 snd_pcm_oss
snd_pcm 71780 2 snd_hda_intel,snd_pcm_oss
snd_seq_dummy 3780 0
snd_seq_oss 29472 0
snd_seq_midi 8160 0
snd_rawmidi 22624 1 snd_seq_midi
snd_seq_midi_event 6976 2 snd_seq_oss,snd_seq_midi
snd_seq 46544 6 snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_seq_mid i_event
snd_timer 21092 2 snd_pcm,snd_seq
snd_seq_device 7820 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi,snd_rawmidi ,snd_seq
ipw2200 134568 0
snd 48612 11 snd_hda_intel,snd_pcm_oss,snd_mixer_oss,snd_pcm,sn d_seq_oss,snd_rawmidi,snd_seq,snd_timer,snd_seq_de vice
gspca 663216 0
ieee80211 31048 1 ipw2200
ieee80211_crypt 5888 2 ieee80211_crypt_tkip,ieee80211
container 4864 0
video 18672 0
output 3744 1 video
firmware_class 9312 2 pcmcia,ipw2200
yenta_socket 24844 2
rsrc_nonstatic 11872 1 yenta_socket
pcmcia_core 36884 3 pcmcia,yenta_socket,rsrc_nonstatic
irtty_sir 8096 0
soundcore 7552 1 snd
serio_raw 6660 0
videodev 26304 2 zc0301,gspca
battery 13572 0
ac 6116 0
button 8432 0
i2c_i801 9232 0
joydev 11360 0
sir_dev 15460 1 irtty_sir
snd_page_alloc 10056 2 snd_hda_intel,snd_pcm
v4l2_common 16608 2 zc0301,videodev
v4l1_compat 13220 1 videodev
psmouse 36464 0
iTCO_wdt 11268 0
pcspkr 3200 0
i2c_core 22432 1 i2c_i801
intel_agp 23412 0
agpgart 31688 2 fglrx,intel_agp
irda 174236 2 irtty_sir,sir_dev
evdev 11104 8
crc_ccitt 2176 1 irda
rtc 13052 0
ext3 122888 3
jbd 43732 1 ext3
mbcache 8288 1 ext3
sha256_generic 11040 0
aes_generic 27776 0
aes_i586 33376 2
cbc 4416 1
blkcipher 6724 2 ecb,cbc
dm_crypt 13220 1
dm_mirror 21600 0
dm_snapshot 16964 0
dm_mod 55812 10 dm_crypt,dm_mirror,dm_snapshot
ide_cd 36224 0
cdrom 32512 1 ide_cd
ide_disk 15648 4
generic 4388 0 [permanent]
ata_piix 17092 0
usbhid 28096 0
hid 34272 1 usbhid
piix 7492 0 [permanent]
ide_core 108292 4 ide_cd,ide_disk,generic,piix
ahci 26084 0
ata_generic 7428 0
firewire_ohci 17760 0
firewire_core 39232 1 firewire_ohci
crc_itu_t 2176 1 firewire_core
libata 144464 3 ata_piix,ahci,ata_generic
scsi_mod 141164 1 libata
ehci_hcd 32524 0
uhci_hcd 23376 0
usbcore 132940 6 zc0301,gspca,usbhid,ehci_hcd,uhci_hcd
sky2 43172 0
thermal 16028 0
processor 36520 2 thermal
fan 4772 0

-- /etc/kernel-img.conf
# Kernel image management overrides
# See kernel-img.conf(5) for details
do_symlinks = yes
relative_links = yes
do_bootloader = no
do_bootfloppy = no
do_initrd = yes
link_in_boot = no
postinst_hook = update-grub
postrm_hook = update-grub

-- /etc/initramfs-tools/initramfs.conf
MODULES=most
BUSYBOX=y
KEYMAP=n
BOOT=local
DEVICE=eth0
NFSROOT=auto

-- /etc/crypttab
# <target name> <source device> <key file> <options>
lukspace /dev/hda3 none luks


-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages initramfs-tools depends on:
ii cpio 2.9-13 GNU cpio -- a program to manage ar
ii findutils 4.4.0-2 utilities for finding files--find,
ii klibc-utils 1.5.9-1 small statically-linked utilities
ii module-init-tools 3.4-1 tools for managing Linux kernel mo
ii udev 0.114-2 /dev/ and hotplug management daemo

Versions of packages initramfs-tools recommends:
ii busybox 1:1.1.3-5 Tiny utilities for small and embed

-- no debconf information



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

> Look at that: (updating initrd, duplicates the content of the cryptroot
> config file...)


right cryptsetup should maybe not write into /etc/i-t/conf.d
but in /usr/share/i-t/conf.d but those could also be mounted ro?!?

anyway i'd like to hear from cryptsetup maintainers before reassgning.

the info there is needed for their boot scripts,
this more of an fhs cleanness question.


kind regards.

--
maks



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Sat, 05 Jul 2008, David Härdeman wrote:

> On Fri, Jul 04, 2008 at 11:56:59PM +0200, maximilian attems wrote:
>>> Look at that: (updating initrd, duplicates the content of the cryptroot
>>> config file...)
>>
>>
>> right cryptsetup should maybe not write into /etc/i-t/conf.d
>> but in /usr/share/i-t/conf.d but those could also be mounted ro?!?
>>
>> anyway i'd like to hear from cryptsetup maintainers before reassgning.
>
> I'm not sure I understand the question. The cryptsetup initramfs hook
> writes its config file by doing:
>
> echo "$OPTIONS" >> "$DESTDIR/conf/conf.d/cryptroot"
>
> If that is below /etc, that would be due to initramfs-tools, wouldn't
> it?

okay it was quite late yesterday, aboves should be in the initramfs
itself. not sure if that bug report is not completly bogus

it is saying that /etc/initramfs-tools/conf.d/cryptroot is modified
on an update-initramfs -u run. i don't see any hook on my box
that would do that.

--
maks



--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Sun, July 6, 2008 17:54, gpall@ccf.auth.gr? wrote:
> maximilian attems wrote:
>> right send output of
>> a) sh -x mkinitramfs -o /tmp/foo
>> b) sh -x update-initramfs -u
>
> Sending requested outputs a) -> out1, b) -> out2

Ok, I see the problem.

During the initramfs build, mkinitramfs will ln -s all config files into
the build dir. Later when the cryptsetup hook is executed it will write
config lines to the cryptroot config file in the build dir (which is
linked to the /etc... file outside the build dir).

I'm not 100% sure how we should solve this (why do you have a cryptroot
file by the way? It's supposed to be a cryptsetup internal config file).

Perhaps the best way to "handle" it would be to detect a symlink'ed config
file in the cryptsetup initramfs hook and to explode...on the other hand,
this is a problem in general since any other hook/script might also want
to write config files from their hook script and the same problem will
happen to them.

An alternative solution would be to move the step where external config
files are copied into the initramfs to a later stage in the mkinitramfs
run and allow mkinitramfs to check if it's about to overwrite already
written config files....maks?

--
David Härdeman




--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

David Härdeman wrote:

On Sun, July 6, 2008 17:54, gpall@ccf.auth.gr‚ wrote:


maximilian attems wrote:


right send output of
a) sh -x mkinitramfs -o /tmp/foo
b) sh -x update-initramfs -u


Sending requested outputs a) -> out1, b) -> out2



Ok, I see the problem.

During the initramfs build, mkinitramfs will ln -s all config files into
the build dir. Later when the cryptsetup hook is executed it will write
config lines to the cryptroot config file in the build dir (which is
linked to the /etc... file outside the build dir).

I'm not 100% sure how we should solve this (why do you have a cryptroot
file by the way? It's supposed to be a cryptsetup internal config file)


If I understood your question well, my answer is this: I have
/etc/initramfs-tools/conf.d/*cryptroot containing the line:

**target=lukspace,source=/dev/hda3,key=none,lvm=vg-root*
because I have my root partition sitting on LVM, which sits on LUKS. So,
somehow the initrd image must know that it has to find a LUKS partition
and ask me for its passphrase.


I hope I'm not talking nonsense. When I tried to set up encrypted root
partition, I used googling, a bit hacking and imagination. So, there is
the possibility that an easier method eludes me.


Cheers,
Giorgos

On Wed, July 9, 2008 10:51, Giorgos D. Pallas wrote:
> David Härdeman wrote:
>> ... (why do you have a cryptroot file by the way? It's supposed
>> to be a cryptsetup internal config file)
>
> If I understood your question well, my answer is this: I have
> /etc/initramfs-tools/conf.d/*cryptroot containing the line:
> **target=lukspace,source=/dev/hda3,key=none,lvm=vg-root*
> because I have my root partition sitting on LVM, which sits on LUKS. So,
> somehow the initrd image must know that it has to find a LUKS partition
> and ask me for its passphrase.
>
> I hope I'm not talking nonsense. When I tried to set up encrypted root
> partition, I used googling, a bit hacking and imagination. So, there is
> the possibility that an easier method eludes me.

Yes, the "correct" method would be to create a /etc/crypttab file with the
mapping for your root device. See the documentation in
/usr/share/doc/cryptsetup for details on how to do that.

Once a proper crypttab is setup, cryptsetup will automagically generate
initramfs config files for you.

--
David Härdeman




--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

On Wed, Jul 09, 2008 at 09:51:22PM +0300, ?????????????? ???????????? wrote:
>
> Not to my surprise, you were right :-)
>
> I just deleted the /etc/initramfs-tools/conf.d/cryptroot file, and run
> again update-initramfs -u. Laptop boots fine. Btw, I already had
> /etc/crypttab correctly configured, so it seems that the cryptroot file
> was redundant.
>
> So, probably the bug has to be closed since it was a consequence of a
> wrong practice, if I got it right.
>
> Thanks for all,
> Giorgos

no you found an interesting conrner case, wont invest too much time
now before release on it, but that needs to be rethought afterwards.

keeping open and thanks to David for the bug chase!!

thanks for the report!

--
maks







--
To UNSUBSCRIBE, email to debian-kernel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

reassign 481104 cryptsetup
thanks

* maximilian attems <max@stro.at> [Don Jul 10, 2008 at 11:57:52 +0200]:
> On Wed, Jul 09, 2008 at 09:51:22PM +0300, Giorgos D. Pallas wrote:

> > Not to my surprise, you were right :-)

> > I just deleted the /etc/initramfs-tools/conf.d/cryptroot file, and run
> > again update-initramfs -u. Laptop boots fine. Btw, I already had
> > /etc/crypttab correctly configured, so it seems that the cryptroot file
> > was redundant.

> > So, probably the bug has to be closed since it was a consequence of a
> > wrong practice, if I got it right.

> no you found an interesting conrner case, wont invest too much time
> now before release on it, but that needs to be rethought afterwards.

> keeping open and thanks to David for the bug chase!!

> thanks for the report!

I'm reassigning this bugreport to cryptsetup, as initramfs-tools
doesn't provide any crypt* stuff any longer. AFAICS this issue is
resolved, though it would be great if cryptsetup packagers could
take a closer look at it before closing it.

thanks && regards,
-mika-

* Jonas Meurer <jonas@freesources.org> [Sat Jun 12, 2010 at 06:36:38PM +0200]:
> On 08/06/2010 Michael Prokop wrote:

[cryptroot in initramfs]

> > I'm reassigning this bugreport to cryptsetup, as initramfs-tools
> > doesn't provide any crypt* stuff any longer. AFAICS this issue is
> > resolved, though it would be great if cryptsetup packagers could
> > take a closer look at it before closing it.

> mh, strange. it seems like mkinitramfs pastes the output of
> /conf/conf.d/cryptroot (in initramfs) to either of
> /usr/share/initramfs-tools/conf.d/cryptroot and
> $CONFDIR/conf.d/cryptroot if they exist. even touching them as empty
> files leads to the described issue.

> i didn't identify the relevant code yet, sh -x mkinitramfs didn't give
> any further information.

> i suggest to close the bugreport anyway, as shipping mkinitramfs
> cryptroot configuration in $CONFDIR/conf.d/cryptroot was not supported
> in the first place.

> to my knowledge the cryptroot-hook script is not the problem here. the
> problematic code should be in mkinitramfs itself.

Located the problem now - you're right, it's clearly not a
cryptsetup issue, sorry.

Thanks for spotting and responding, maks and me will investigate.

regards,
-mika-