Package: cryptsetup Version: cryptsetup 2.6.1 Severity: normal X-Debbugs-Cc: [email protected]
Dear Maintainer, The crypttab which is part of the cryptsetup package in its man page does not include the option _netdev. _netdev is required for unlocking Luks volumes via Clevis/Tang. Confirmed that the block device is not unlocked without this option in the crypttab even though it is not documented. The manpages in freedesktop.org has this option (_netdev) documented (https://www.freedesktop.org/software/systemd/man/latest/crypttab.html) My current crypttab which works is like this bdrive LABEL="bdisk" none _netdev,luks Also crypttab with _netdev alone does not seem to unlock the luks volume and the volume is only unlocked when a corresponding entry with _netdev exists in /etc/fstab like the one below /dev/mapper/bdrive /mnt/disk1 xfs defaults,_netdev 0 2 Earlier behavior was that if crypttab has the _netdev option the luks device is unlocked but not mounted. In the latest version it will work only when it is decrypted and mounted. Also if the /etc/fstab option is not present the disk is not unlocked even if the noauto is not configured in crypttab and everythign silently fails without any logs in Journald or anywhere as if crypttab itself is not processed. The desired option would be (1) Crypttab manual states clearly the _netdev option (2) Crypttab should be able to unlock the luks volume without mounting it using fstab as suggested by the freeesktop manual. (3) If crypttab mount fails there should be an error in the journal log rather than silently failing. -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-18-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages cryptsetup depends on: ii cryptsetup-bin 2:2.6.1-4~deb12u2 ii debconf [debconf-2.0] 1.5.82 ii dmsetup 2:1.02.185-2 ii libc6 2.36-9+deb12u4 cryptsetup recommends no packages. Versions of packages cryptsetup suggests: pn cryptsetup-initramfs <none> ii dosfstools 4.2-1 pn keyutils <none> ii liblocale-gettext-perl 1.07-5
