[Bug 1494851] Re: initramfs cryptroot hook script doesn't install cryptsetup if keyfile but no keyscript

[Ubuntu Foundations Team Bug Bot]

The attachment "Proposed fix" seems to be a patch.  If it isn't, please
remove the "patch" flag from the attachment, remove the "patch" tag, and
if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1494851

Title:
  initramfs cryptroot hook script doesn't install cryptsetup if keyfile
  but no keyscript

Status in cryptsetup package in Ubuntu:
  In Progress

Bug description:
  When crypttab specifies a key-file for the container of the root file-
  system but there is no keyscript= option no cryptsetup support is
  installed in the initrd.img.

  Currently the cryptroot initramfs hook script knows its a problem and
  will report:

  cryptsetup: WARNING: target LUKS_OS uses a key file, skipped

  This is BAD behaviour that renders the root file-system container
  inaccessible at boot time.

  Regardless of a key-script being available cryptsetup support should
  be installed into the initrd.img to enable the user to take manual
  steps to unlock the container. The hook script has no knowledge about
  pass phrases that might be set in other LUKS slots that are available
  to the user.

  This is the behaviour when a keyscript is specified but doesn't exist.

  The attached patch modifies the behaviour to include cryptsetup in the
  initrd.img and modify the warning to the user.

  cryptsetup: WARNING: target LUKS_OS uses a key file, but no keyscript
  is set. Please ensure there is also a typed pass-phrase set.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1494851/+subscriptions