On Wed, 27 Jul 2011, 10:18-0400, Jean-Marc Ranger <jmran...@hotmail.com> wrote: [...] > Not sure how versed you are in script programming, but my take at > debugging this would be to add more traces in cryptdisks.functions > file, especially in the handle_crypttab_line_start funtion, that is > called for each line in crypttab during startup. I'd be adding lines > to check > - whether /var is mounted > - whether /dev/urandom can be accesses > - function error codes
I threw some debugging code into /lib/cryptsetup/cryptdisks.functions as suggested and found out that none of my lvm volumes were mounted except for root. On Wed, 27 Jul 2011, 14:09-0600, Bob Proulx <b...@proulx.com> wrote: [...] > I don't know anything about setting up encrypted swap files. But I > will suggest that if you want to change the boot order that you edit > the /etc/init.d/cryptdisks script and perhaps add "$all" or some other > dependency to the Required-Start: line and then run insserv to update > the symlinks. Adding $all is a quick hack to push the start to the > end of the boot process. I would think adding swap could happen at > any time and be okay to happen very late. You can look at the > ordering of the boot scripts in /etc/rc2.d/ and observe the changes. > If that works then you know you have a boot time initialization > ordering problem. You can then work from there to refine the > solution. > Jimmy Wu wrote: So then I went to take a look at the boot order dependencies. After reading a bit of insserv(8), looking at the LSB headers and /etc/init.d/.depend.boot info for mountall.sh, cryptdisks, etc., I came up with the following dependency chain ('a -> b' := a depends on b, so b starts before a and a stops before b): mountall.sh -> checkfs.sh -> cryptdisks -> lvm2 -> cryptdisks-early Since /var is a LVM2 logical volume, it won't get mounted until after mountall.sh (I assume). Since cryptdisks comes before mountall.sh in the dependency chain I (also assume that I) can't move it after mountall.sh without creating some circular mess. I also checked for when swap is enabled (grep -Ri swapon /etc/init.d) and the latest place where swapon gets run is in mountall.sh, so even if I were able to move cryptdisks after mountall.sh somehow, the swap would have to be enabled manually after the /dev/mapper file is set up. My current kludge is to add the following line to /etc/rc.local: services cryptdisks start && swapon -a. It makes my shutdown process (even more) unclean - I see some message about being unable to stop the (sole) lvm volume group due to some logical volumes still being in use but since the machine is shutting down anyways, that is comparatively minor. I considered using cryptmount to do the swap encryption but couldn't find any good documentation on how to get it to use the same aes-cbc-essiv cipher that crypttab/cryptsetup uses. Thanks to Jean-Marc and Bob for pointing me in the right directions. Cheers, Jimmy -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110729162137.gi3...@yertle.dyndns.org