Summary: | sys-fs/cryptsetup does not work with PGP encrypted key files in boot runlevel: failed to create temporary file '/root/.gnupg/.#lk0x00.....': Read-only file system | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Markus Wernig <public> |
Component: | Current packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | hydrapolic, subscribe |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=588670 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Markus Wernig
2016-08-23 18:53:07 UTC
As a proof of concept, I've added a second passphrase to the LUKS container on /dev/sda1 and removed the key='/path/to/encrypted/keyfile:gpg' stanza from the target definition for crypt-home. Now the boot stops during running dmcrypt, and I can type in the new passphrase (no prompt is shown, so the splash functions seem not to work there). But the container is decrypted OK, and the mapper target crypt-home is created and mounted normally by localmount. dmcrypt is not started again in the default runlevel. krgds /markus Same issue here. Drove me crazy for a couple of days. The problem is that GPG2 doesn't work well with a read-only filesystem (I believe it's something about the pgp-agent, which you can't disable in GPG2). Downgrade your GPG to a v1.x and you'll be fine. I believe this bug report should read "bring support for GPG 2.x" in dmcrypt, because at some point GPG 1.x will vanish and we'll be doomed :) Cheers ! Stéphane K |