Testing initramfs-tools integration

Max Vozeler max at nusquama.org
Sat Dec 16 16:03:42 CET 2006 

Hi Lionel,

On Sat, Dec 16, 2006 at 07:25:42AM +0100, Lionel Elie Mamane wrote:
> On Sat, Dec 02, 2006 at 04:30:44PM +0100, Max Vozeler wrote:
> 
> > 1. Following README, I added "INITRAMFS_LOOPAES=auto" to /etc/
> > initramfs-tools/initramfs.conf and went to do update-initramfs to
> > get the scripts, tools and everything included. (...) revealed that
> > the variable INITRAMFS_LOOPAES was not initialized. It seems like
> > vars from the initramfs.conf are not exported to hook scripts. If
> > this is correct, should we perhaps try to source the config in the
> > hook script?
> 
> I rather suggest we change the instructions to have an explicit export
> of that setting. I did that in the subversion repository.

Seems fine; Just a question for my understanding: Does this mean
one has to include the export in initramfs.conf? This could be a
confusing difference compared to other settings in there. I'm still
a bit sleepy so please excuse if I misunderstand :-) 

> > 2. During initramfs generation and boot there was a warning about
> > the cipher 'AES128' being unknown [...]

> The harmlessness was only because AES128 is a cipher that doesn't need
> any additional modules (included in loop.ko), so this warning
> announced breakage in some configurations. I have fixed the problem
> the right way, re-enabling ciphers with whitespace in their name
> again (however improbable their existence is).

Thanks.

> > I think we could do something to help prevent getting systems into
> > such a state: README could mention that one should backup the key
> > files (and keys, if the keyfile is encrypted asymmetrically)
> > somewhere outside the encrypted root partition so that the system
> > can still be repaired in case the initramfs gets lost, overwritten
> > or some other thing happens to it.
> 
> I have added the suggestion that the canonical storage location for
> the keys is out of the encrypted partition.

Great, thanks!

> > 4. During boot there was another warning: "/scripts/local-top/loopaes:
> > <linenum>: modprobe -q: not found". This appears to be due to the call
> > to iterate_cipher_module "modprobe -q" "$rootencryption". The shell
> > tries to execute $1 ("modprobe -q"), cannot find it and returns.
> 
> That was because IFS is set to ":" in iterate_cipher_module... The way
> you fixed it is fine, another way would have been to change the call
> to iterate_cipher_module to:
> 
>  iterate_cipher_module "modprobe:-q" "$rootencryption"

Ahh. I didn't think of IFS there. So another way could have been to
change IFS to ": ", right?

> So much for trying to emulate functional programming ;-)

:-)

> > And I feel a bit bad about having so little time currently that
> > inclusion was delayed so much.
> 
> Oh, well, my available time wasn't very much either.
> 
> > Lionel, once you feel it is ready and we've fixed at least problem
> > 1) above, I think we should finally upload to unstable.
> 
> Too late now for etch now.

How about we upload this branch to experimental, what do you think?

I'm not sure how we'd best go about versioning the branch - something
like 2.12r-15~exp perhaps, so we can do parallel development in sid?
There is something about the versioning scheme I don't like, but I'm
unsure what it is and lack a better idea right now. 

cheers,
Max

More information about the Pkg-loop-aes-maint mailing list