hey selim,

first, which version of cryptsetup do you have installed?

On 20/02/2010 Selim Levy wrote:
> On 20 February 2010 03:55, Jonas Meurer <jonas@freesources.org> wrote:
> > On 17/02/2010 Selim Levy wrote:
> > > The cause:
> > > During the CD installation of debian, the debian installer associates the
> > > external hard drive to /dev/sdb.  However, following the installation,
> > > when I boot *from* the external hard drive, the system associates
> > > it with /dev/sda.  So essentially, I'm installing linux (and
> > > dm-crypt and everything else) to /dev/sdb, though it will then be
> > > called /dev/sda when I boot from it.
> > >
> > > The question:
> > > I've already made the necessary changes to GRUB and the /boot
> > > partition is booting properly -- I can get a busybox prompt -- but
> > > I'm unable to continue booting into the root partition.  Where are
> > > the files on /boot located that must be changed in order for the
> > > boot partition to properly deal with the dm-crypt encrypted LVM
> > > volume group?  I have already found the conf/conf.d/cryptroot file
> > > within my initrd image and have modified both lines in it.  (One
> > > line is for the root partition, the other for swap.) 
> > > I've modified the 'target=' and the 'source=' entries (on both llines) to
> > > show 'sda3' as opposed to the original 'sdb3'.  What else must be
> > > changed?
> >
> > you need to change both /etc/crypttab and /etc/fstab on the rescue
> > system, and maybe even /etc/initramfs-tools/conf.d/resume.
> > afterwards you'll have to regenerate the initramfs image. the best way
> > to do so is to:
> > - unlock and mount the rootfs of your rescue system to /mnt/rescue
> > - copy /proc/modules, /proc/cmdline and /proc/devices to
> >  /mnt/rescue/proc
> > - bind-mount /dev to /mnt/rescue/dev: 'mount -o bind /dev /mnt/rescue/dev'
> > - chroot into /mnt/rescue/dev
> > - modify /proc/cmdline, /etc/crypttab and /etc/fstab
> > - run 'update-initramfs -u'
> >
> 
> 
> Just in case I had screwed things up myself prior to your reply and my new
> attempts, I reinstalled Debian lenny onto the external USB drive (which I
> call "rescue" or "external").
> 
> I booted back into my internal drive and attempted all of your
> recommendations on the external drive:
> 
> <output for following omitted because no errors>
> # cryptsetup luksOpen /dev/sdc3 rescue
> # vgchange -a y rescue
> # mount /dev/rescue/rooto /mnt/RootRescue/
> # mount /dev/sdc2 /mnt/RootRescue/boot/
> # mount -o bind /dev /mnt/RootRescue/dev
> 
> 
> However, when I get to updating my initramfs, I get the following error:
> 
> # chroot /mnt/RootRescue/ /usr/sbin/update-initramfs -u
> update-initramfs: Generating /boot/initrd.img-2.6.26-2-amd64
> cryptsetup: WARNING: invalid line in /etc/crypttab -
> cryptsetup: WARNING: invalid line in /etc/crypttab -

i guess that means that the cryptroot initramfs hook doesn't find the
root device in /etc/crypttab. this is why you need to modify some files
in the chroot before actually creating the initramfs. the cryptroot
initramfs hook tries to determine the root device from /etc/fstab. i
guess that you don't have set the root device in /etc/fstab to
/dev/mapper/sdb3_crypt.

additionally you need to copy /proc/modules, /proc/cmdline and
/proc/devices from your working system into /proc at the chroot. these
files are uses by mkinitramfs. now chroot into the rescue system, and
modify /proc/cmdline and /etc/fstab acordingly.

> The contents of the rescue's /etc/crypttab, for which I've tried various
> things is:
> # cat crypttab
> sdb3_crypt /dev/sdb3 none luks

this looks correct. but how does /etc/fstab and /proc/cmdline look in
the rescue system?

> I wonder whether my problem is related to which drive gets /dev/sdx
> designation based upon which one booted.  When booted on my usual/internal
> drive and with /dev still bind-mounted (above), I have
> /mnt/RootRescue/dev/sda and ..../sdc well populated.  Nothing about sdb.
> When I try to boot from the external drive, I get lots of sdb output
> (particularly if I boot into "rescue" mode).  Don't know if that helps
> any...

yes, that is part of the problem. if you're sure that booting the rescue
system populates the external drive as sdb, then do the following
changes in the rescue chroot before running 'update-initramfs -u':
- set /dev/mapper/sdb3_crypt as rootfs in /etc/fstab
- set /proc/cmdline to "BOOT_IMAGE=/vmlinuz-2.6.26-2-amd64 root=/dev/mapper/sdb3_crypt ro"

greetings,
 jonas