On Wed, 22 Aug 2018 at 21:22:19 +0100, Ben Hutchings wrote: > Looking at the local-top script from cryptsetup-initramfs, it seems to > depend rather too closely on details of both initramfs-tools and lvm2. > > - Why does it try to activate a volume group directly? lvm2's scripts > should do that.
They ideally should but currently don't, cf. #565676. Currently
(2.02.176-4.1) /scripts/local-top/lvm2 only activate volumes holding the
root system and/or resume device.
So for dm-crypt in LVM, the underlying LV needs to be activated when
/scripts/local-top/cryptroot waits for the source device [0].
For LVM in dm-crypt however, instead of activating the LV manually [1]
we could let /scripts/local-{top,block}/lvm2 do it; while the cryptroot
scripts have been running since 12 years or so, I think we could run it
before lvm2 instead.
> - I don't think it should probe the contents of the encrypted volume at
> all. That would mean that a wrong password for a non-LUKS device won't
> be specifically detected and reported. But LUKS is strongly
> recommended, and I don't think this makes the non-LUKS user experience
> significantly worse.
This was reported as #906283 a few days ago, and I proposed to remove
the check, for LUKS devices at least.
--
Guilhem.
[0]
https://sources.debian.org/src/cryptsetup/2:2.0.4-2/debian/initramfs/scripts/local-top/cryptroot/#L61
[1]
https://sources.debian.org/src/cryptsetup/2:2.0.4-2/debian/initramfs/scripts/local-top/cryptroot/#L158
signature.asc
Description: PGP signature
