View previous topic :: View next topic |
Author |
Message |
nagmat84 Apprentice
Joined: 27 Mar 2007 Posts: 290
|
Posted: Sun Nov 10, 2024 10:33 am Post subject: How to include non-empty /etc/crypttab into initramfs? |
|
|
I have LUKS with an encrypted rootfs and want Dracut to include my /etc/crypttab into the initramfs. How do I do that?
No matter what I do, I always end up with an empty /etc/crypttab in the initramfs. After googling I tried different things, but non of them worked- I created /etc/cryttab.initramfs with the same content, because somewhere was written that Dracut uses that file to be copied as /etc/crypttab
- I added an explicit "install" directive to the Dracut config to copy /etc/crypttab to the initramgs indepedent of what any Dracut module does
- Somewhere I read that Dractut does not simply copy the file, but tries to parse it itself and is very picky about unbalanced quotes in /etc/crypttab which may result in an empty file, if Dracut isn't able to parser it
From my own quick inspection of the Dracut module 90crypt, point 3 seems plausible. There are various spots where the scripts of that Dracut module read /etc/crypttab. This might also explain why point 2 does not work: even if the cypttab was included unchanged, it might eventually become overwritten by some other Dracut mechanism.
/etc/crypttab{.initramfs} Code: | # Volume Name Encrypted Device Key File Options
root UUID=a1e92a68-a977-4c99-8e94-5ae023b52ff1 - discard,fido2-device=auto,token-timeout=0 |
/etc/dracut.conf.d/modules-luks.conf Code: | add_dracutmodules+=" crypt fido2 systemd-cryptsetup "
# The Breeze theme for Plymouth only shows an input box for the
# LUKS-encrypted root partition, if the libraries
#
# - breeze-text.so
# - label.so
# - text.so
#
# are included.
# The Dracut module for Plymouth does not automatically pull in
# the necessary dependencies.
#
# See:
#
# - https://github.com/adi1090x/plymouth-themes/issues/10#issuecomment-643362208
# - https://github.com/adi1090x/plymouth-themes/issues/10#issuecomment-643600359
#
install_items+=" /etc/fonts/fonts.conf /usr/lib64/plymouth/breeze-text.so /usr/lib64/plymouth/label.so /usr/lib64/plymouth/text.so /usr/share/fonts/noto/NotoSans-Regular.ttf /usr/share/fonts/noto/NotoSerif-Regular.ttf "
install_optional_items+=" /etc/crypttab " |
|
|
Back to top |
|
|
sMueggli Guru
Joined: 03 Sep 2022 Posts: 514
|
Posted: Sun Nov 10, 2024 1:06 pm Post subject: Re: How to include non-empty /etc/crypttab into initramfs? |
|
|
nagmat84 wrote: | I have LUKS with an encrypted rootfs and want Dracut to include my /etc/crypttab into the initramfs. |
Why? |
|
Back to top |
|
|
nagmat84 Apprentice
Joined: 27 Mar 2007 Posts: 290
|
Posted: Sun Nov 10, 2024 1:36 pm Post subject: |
|
|
Why what? Why I want to include /etc/crypttab? Because I only want to have a single place where I configure all LUKS settings, like timeouts etc. |
|
Back to top |
|
|
zen_desu n00b
Joined: 25 Oct 2024 Posts: 64
|
Posted: Sun Nov 10, 2024 3:33 pm Post subject: |
|
|
Are you running dracut in hostonly mode?
The only LUKS info which makes sense to have in the initramfs is the root info, the rest isn't really relevant. The initramfs can mount the root, switch to it, and then systemd can use the crypttab to mount the rest. _________________ µgRD dev
Wiki writer |
|
Back to top |
|
|
sMueggli Guru
Joined: 03 Sep 2022 Posts: 514
|
Posted: Mon Nov 11, 2024 5:49 pm Post subject: |
|
|
nagmat84 wrote: | Why what? Why I want to include /etc/crypttab? Because I only want to have a single place where I configure all LUKS settings, like timeouts etc. |
And which tool will read the crypttab from the initramfs (and not the original /etc/crypttab)? |
|
Back to top |
|
|
zen_desu n00b
Joined: 25 Oct 2024 Posts: 64
|
Posted: Mon Nov 11, 2024 5:54 pm Post subject: |
|
|
sMueggli wrote: | nagmat84 wrote: | Why what? Why I want to include /etc/crypttab? Because I only want to have a single place where I configure all LUKS settings, like timeouts etc. |
And which tool will read the crypttab from the initramfs (and not the original /etc/crypttab)? |
I think modern versions of dracut will pull systemd into the initramfs, so if you have a crypttab in there, a systemd service can read and use it. _________________ µgRD dev
Wiki writer |
|
Back to top |
|
|
|