LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices


Reply
  Search this Thread
Old 03-16-2019, 08:19 PM   #1
iacchi
LQ Newbie
 
Registered: Oct 2011
Location: Uppsala, SE
Distribution: Debian testing
Posts: 14

Rep: Reputation: Disabled
initrd.img is not containing all required directories


Hello,
I'm installing a new system with testing and I have root filesystem encrypted with luks (but not /boot). To unlock it automatically at boot with a usb key, I'm following this guide, which I have already successfully employed on another system of mine (this one with stable). While, as I said, this guide works like a charm on my other system, with the machine I'm configuring now it fails miserably. At boot I get errors when the time comes to unlock luks devices and the boot process is interrupted, leaving me with the initramfs prompt (busybox), from which I can unlock the two devices (root and swap) and resume boot (which in the end works).

After a lot of debugging, I have finally found the root of my problem: the initrd.img file in the new machine does not contain a lot of the directories that my other working machine has, and some of the missing directories contain the scripts that automate luks opening. To give you a better idea, I have extracted initrd.img files on both system using unmkinitramfs. This is the output of ls -l of the extracted initrd.img directory (actually, its "main" subdirectory) on the working machine:

Code:
drwxr-xr-x 2 root root 3660 mar 17 01:39 bin
drwxr-xr-x 3 root root  120 mar 17 01:39 conf
drwxr-xr-x 7 root root  260 mar 17 01:39 etc
-rwxr-xr-x 1 root root 5960 apr 24  2017 init
drwxr-xr-x 9 root root  200 mar 17 01:39 lib
drwxr-xr-x 2 root root   60 mar 17 01:39 lib64
drwxr-xr-x 2 root root   40 feb 24 21:39 run
drwxr-xr-x 2 root root 1200 mar 17 01:39 sbin
drwxr-xr-x 8 root root  220 mar 17 01:39 scripts
drwxr-xr-x 3 root root   60 mar 17 01:39 usr
and this is the output of the same command on the non-working machine:

Code:
lrwxrwxrwx 1 root root    7 mar 17 01:58 bin -> usr/bin
drwxr-xr-x 1 root root   72 mar 17 01:57 conf
drwxr-xr-x 1 root root   16 mar 17 01:57 cryptroot
drwxr-xr-x 1 root root  146 mar 17 01:57 etc
-rwxr-xr-x 1 root root 6338 feb  6 04:48 init
lrwxrwxrwx 1 root root    7 mar 17 01:58 lib -> usr/lib
lrwxrwxrwx 1 root root    9 mar 17 01:58 lib32 -> usr/lib32
lrwxrwxrwx 1 root root    9 mar 17 01:58 lib64 -> usr/lib64
lrwxrwxrwx 1 root root   10 mar 17 01:58 libx32 -> usr/libx32
drwxr-xr-x 1 root root    0 mar 17 01:57 run
lrwxrwxrwx 1 root root    8 mar 17 01:58 sbin -> usr/sbin
drwxr-xr-x 1 root root  164 mar 17 01:57 scripts
drwxr-xr-x 1 root root   62 mar 17 01:57 usr
As you can see, the bin, sbin and lib* directories are symlinks to the related directories in the root filesystem, rather than being actual directories integrated in the initrd.img file. Since the root filesystem is still locked at this stage, all these become unaccessible and boot fails.

Now for the question: how can I make all these directories be included in the actual initrd.img file, rather than just having symlinks? As the guide explains, the two files that I need for the automatic unlocking to work should be in the "lib/cryptsetup/scripts" and "lib/udev/rules.d/" directories inside the initrd.img files, which are not present.
 
Old 03-16-2019, 09:52 PM   #2
Brains
Member
 
Registered: Apr 2009
Distribution: Debian testing
Posts: 971

Rep: Reputation: 259Reputation: 259Reputation: 259
In the guide you posted there is this file you create: /etc/initramfs-tools/hooks/udevusbkey, couldn't you just change the directory to where the file is? I highlighted it in red.
Code:
#!/bin/sh
# udev-usbkey script

PREREQ="udev"
prereqs()
{
echo "$PREREQ"
}

case $1 in
prereqs)
prereqs
exit 0
;;
esac

. /usr/share/initramfs-tools/hook-functions

# Copy across relevant rules

cp /etc/udev/rules.d/99-unlock-luks.rules ${DESTDIR}/usr/lib/udev/rules.d/

exit 0
In the guide, it states " The keyscript should have been copied into the “lib/cryptsetup/scripts” directory", I'm a little confused as to how it get's copied here, maybe it is the file /etc/crypttab created/edited in step #3 that enables this to happen. But if the keyscript (unlockusbkey.sh) is actually in /usr/lib/cryptsetup/scripts/unlockusbkey.sh, change the kernel line in /etc/default/grub to reflect this path as such:
Code:
GRUB_CMDLINE_LINUX_DEFAULT="cryptopts=target=sda2_crypt,source=/dev/disk/by-uuid/uuid-goes-here,lvm=vg-your-root,keyscript=/usr/lib/cryptsetup/scripts/unlockusbkey.sh"
 
Old 03-17-2019, 03:48 AM   #3
iacchi
LQ Newbie
 
Registered: Oct 2011
Location: Uppsala, SE
Distribution: Debian testing
Posts: 14

Original Poster
Rep: Reputation: Disabled
Dear Brains, thank you for your answer. I don't know exactly how the keyscript gets copied into the "lib/cryptsetup/scripts" directory, but it does (in the system that works at least). Changing the script path as you say won't work because, as I mentioned in my first post, /usr (together with the rest of the root filesystem) at that point in the boot is still locked by luks and is therefore inaccessible. This stuff really needs to be inside the initramfs, because anything in the root filesystem cannot be read.
 
Old 03-17-2019, 04:23 PM   #4
iacchi
LQ Newbie
 
Registered: Oct 2011
Location: Uppsala, SE
Distribution: Debian testing
Posts: 14

Original Poster
Rep: Reputation: Disabled
I have solved the issue. I had a closer look at the initram filesystem and in turns out that the two files I need to unlock the drive are in the filesystem, but in different locations compared to what the guide says. I've modified the scripts to reflect this change and modified the grub boot menu and now everything is working fine.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
WHen I rebooted my laptop it is stuck at "initrd /boot/initrd.img Shadowmeph Linux - Newbie 2 03-07-2014 03:03 PM
How do I pack stage2.img into initrd.img for a PXE linux rescue? real1elmo Red Hat 12 10-14-2009 06:29 PM
How to create new initrd.gz (or initrd.img) file? kkpal Programming 2 12-10-2007 08:38 AM
Add new cciss driver module to initrd.img ,stage2.img kunalroy2002 Linux - Software 4 09-25-2007 12:09 AM
Failed to symbolic-link boot/initrd.img-2.6.18-4-486 to initrd.img Scotteh Linux - Software 8 06-01-2007 11:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian

All times are GMT -5. The time now is 05:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration