Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#21198 - [cryptsetup] Keyfiles for nonroot partitions on usbstick

Attached to Project: Arch Linux
Opened by Alexander (klump) - Monday, 11 October 2010, 19:46 GMT
Last edited by Allan McRae (Allan) - Saturday, 02 June 2012, 11:45 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Thomas Bächler (brain0)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Hiho,

when i set up my system, i put the keyfiles for my nonroot partitions on a removable usbstick. i followed the wiki to create the entries into the /etc/fstab and /etc/crypttab.
so far so good, when i now boot my system it wont open the partitions because it does not mount the usbstick with the keyfiles, and as result the fsck fails and i get a error message.
on apt-o-sid (debian) and gentoo there was a file like /etc/defaults/cryptsetup where you could set something like 'CRYPTDISKS_MOUNT="/media/keys"' and cryptdisks mounts that mountpoint always before using a keyfile.
is there any such file on arch? am i just searching in the wrong directory?

my fix is at the moment that i wrote in the /etc/rc.sysinit that it mounts the usbstick and then open the device with the keyfile, and then unmount the usbstick. and it works but its not nice in my eyes. i would like it if i could just use that file.

Additional info:
* package version(s)
- cryptsetup 1.1.3-1 (x68_64)
* config and/or log files etc.
- /etc/fstab
UUID=uuid_for_usbstick /media/keys ext2 noauto,nouser,ro 0 0

- /etc/crypttab
home /dev/sda2 /media/keys/home




Steps to reproduce:
1. create a encrypted partition with a keyfile
2. put that keyfile on a removable media (usbstick)
3. create the /etc/fstab and /etc/crypttab entries
4. reboot
This task depends upon

Closed by  Allan McRae (Allan)
Saturday, 02 June 2012, 11:45 GMT
Reason for closing:  No response
Comment by quantax (quantax) - Saturday, 29 January 2011, 15:18 GMT
The initscripts provide hooks to run custom code at certain times. I the use the attached file to mount the cryptkey device already specified in the kernel command line before /etc/crypttab is processed and unmount it again afterwards. To try it just place the file in /etc/rc.d/functions.d and match its CRYPTKEY_DIR variable with the key locations in /etc/crypttab.
   hooks (1 KiB)
Comment by quantax (quantax) - Saturday, 29 January 2011, 15:32 GMT
And another method, which just occurred to me, would be using an Udev rule to mount and unmount the device when it is plugged and unplugged. To get the rule triggered when booting you have to include the Udev rule file with your initrd by including it in FILES in /etc/mkinitcipo.conf and regenerate your initrd image.

However I didn't test this yet.

See also:
https://wiki.archlinux.org/index.php/LUKS#Using_UDEV
https://wiki.archlinux.org/index.php/Udev#Auto_mounting_USB_devices
https://wiki.archlinux.org/index.php/Configuring_mkinitcpio#BINARIES_and_FILES
Comment by Thomas Bächler (brain0) - Saturday, 29 January 2011, 18:40 GMT
Oh ... there is new code in initscripts that will mount the USB volume and open the right key file. But I think the crypttab syntax is not documented, it should be the same as for the 'encrypt' hook.

This requires initscripts from testing, which has two minor bugs in the encryption handling, this will be sorted out shortly. I can give more details later.
Comment by Allan McRae (Allan) - Saturday, 28 April 2012, 11:40 GMT
Is this fixed now?

Loading...