mandos-client on Debian Buster
Teddy Hogeborn
teddy at recompile.se
Fri Aug 30 22:08:23 CEST 2019
Birger Brunswiek <birger at brunswiek.org> writes:
> I was wondering if anyone has successfully used mandos-client on Debian
> Buster with cryptroot.
Well, yes; we do. It works fine with the new initramfs-tools.
> It seems that Buster's cryptsetup-initramfs is
> very different from Stretch's cryptsetup. For example in the generated
> initrd there is no conf/conf.d/cryptroot. Instead there is a
> etc/crypttab which has a different format (the same as /etc/crypttab on
> the host). Thus the change introduced in
> https://bzr.recompile.se/loggerhead/mandos/trunk/revision/961 seems
> wrong.
Fixing Mandos to work with the new initramfs was Debian bug #904899
<https://bugs.debian.org/904899> and was done in bzr revision 953:
<https://bzr.recompile.se/loggerhead/mandos/trunk/revision/953>.
> Reboot worked again once I downgraded to Stretch's cryptsetup
> (2:1.7.3-4). It still did not open any other devices but the root
> device. I am still looking into this.
The fix was introduced in Mandos 1.7.20; the latest version in both
unstable and testing is now 1.8.8. What version did have trouble with?
Mandos 1.8.5 also introduced support for initramfs images produced by
"dracut" instead of initramfs-tools; you could try that, if you're
having problems.
/Teddy Hogeborn
--
The Mandos Project
https://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20190830/41245667/attachment.sig>
More information about the Mandos-Dev
mailing list