SOLVED: Re: persistence encryption: initramfs is missing cryptsetup

[Jan Kowalsky]

Am 12.06.2015 um 23:27 schrieb Jan Kowalsky:
> Am 11.06.2015 um 16:12 schrieb chals:
>> On Thu, Jun 11, 2015 at 11:58 AM, Jan Kowalsky
>>  wrote:
>>> Hi all,
>>>
>>> I try to build a live system with luks encrypted persistence. It fails,
>>> because inside the initramfs the cryptsetup binaries don't exist. In the
>>> past - from wheezy I was able to build an encrypted system as long as I
>>> took the live-boot-initramfs-tools from jessie.
>>>
>>> Is it possible to include some packages inside the initramfs? Where
>>> would be the place to configure?
>>>
>> This section of live-manual might be of some help -->
>> http://live.debian.net/manual/current/html/live-manual.en.html#590
>>
> Thanks for the hint. I was looking at the stable manual which still
> seems to refer to wheezy and doesn't face crypted persistence. But
> anyway, that's exactly, what I've done. And in this way I did it in the
> past with success.
>
> The problem is: the cryptsetup binary exists in the chroot - but not in
> the initramdisk.
>
> Any further idea? Anybody of you was able to build an image with crypted
> persistence with the live helpers in wheezy?
>
> Is there anyway to specify which additional packages should reach the
> initramfs?

The reason cryptsetup doesn't find it's way into initramfs anymore is
the probably following:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714104

Since jessie the cryptsetup-package changed the cryptoroot hook:
  (/usr/share/initramfs-tools/hooks/cryptroot)

Now it includes cryptsetup in the initramfs only if it detects an
configuration of an crypted _root_ filesystem in /etc/fstab or
/etc/crypttab.

Since this is not the case inside the live chroot the binaries aren't
included.

This Bug-Report gave me an idea, how to fix this:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1256730

So I try to include an
usr/share/initramfs-tools/conf-hooks.d/forcecryptsetup with

export CRYPTSETUP=y

in the includes.chroot and build the image again and it works.

The live-initramfs packages should maybe export this variable somewhere.
I don't know what's the best place for that. But maybe this should be
mentioned in the documentation until it is fixed in the next version.

Best regards
Jan


-- 
To UNSUBSCRIBE, email to debian-live-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/55804f40.90...@datenkollektiv.net

Re: SOLVED: Re: persistence encryption: initramfs is missing cryptsetup

[chals]

On Tue, Jun 16, 2015 at 6:30 PM, Jan Kowalsky  wrote:
>
> So I try to include an
> usr/share/initramfs-tools/conf-hooks.d/forcecryptsetup with
>
> export CRYPTSETUP=y
>
> in the includes.chroot and build the image again and it works.
>
> The live-initramfs packages should maybe export this variable somewhere.
> I don't know what's the best place for that. But maybe this should be
> mentioned in the documentation until it is fixed in the next version.
>

Daniel added a hook to enable crypsetup which works like a charm :)

http://live-systems.org/gitweb/?p=live-build.git;a=commitdiff;h=ef03f67f817a9485f61975480985588db9cd6ea0



-- 
chals
www.chalsattack.com
ch...@chalsattack.com


-- 
To UNSUBSCRIBE, email to debian-live-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAJRhvA+nFWHqxnngb0qjP5gthTUWwUnj5Z9VUWa11s6-y6=b...@mail.gmail.com