From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dominic@timedicer.co.uk>
Received: from stocktonflats.co.uk (stocktonflats.co.uk [62.31.71.15])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.server123.net (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed, 29 May 2019 11:56:48 +0200 (CEST)
Received: from mail-qt1-f169.google.com (mail-qt1-f169.google.com
 [209.85.160.169])
 by stocktonflats.co.uk (Postfix) with ESMTPSA id D7D316061E
 for <dm-crypt@saout.de>; Wed, 29 May 2019 10:56:36 +0100 (BST)
Received: by mail-qt1-f169.google.com with SMTP id w1so1778377qts.2
 for <dm-crypt@saout.de>; Wed, 29 May 2019 02:56:36 -0700 (PDT)
MIME-Version: 1.0
References: <CAF9Mo3JjqorX2q+-FneK9CKdYkaSHUSuiNwG=ywZnCXK8fX9SA@mail.gmail.com>
 <20190522124652.GA1205@tansi.org>
 <CAF9Mo3JhQ1AQ5-0a4o_EYou5mOGzW1VZEOC7mYqmVVUMGBiqcQ@mail.gmail.com>
 <20190522171614.GA23632@fripost.org>
In-Reply-To: <20190522171614.GA23632@fripost.org>
From: Dominic Raferd <dominic@timedicer.co.uk>
Date: Wed, 29 May 2019 10:56:05 +0100
Message-ID: <CAF9Mo3L81nw5dSiwyKHrkDOdC8ONmh6VsphEFJTXdZazsM0LvA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="00000000000001315a058a03cc51"
Subject: Re: [dm-crypt] LUKS + dm-crypt Debian/Ubuntu expanding encrypted
 root LV onto 2nd disk
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <https://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <https://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <https://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

--00000000000001315a058a03cc51
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Thanks Guilhem, those links are very helpful but I have not solved it yet.
Another change in the new cryptsetup is LUKS2 and use of the kernel
keyring, so when run from a booted system dmcrypt_derived just returns a
message that the source crypt device uses the keyring - I don't know how to
obtain the actual key to use it in the creation of the second crypt device
(or maybe it is impossible).

On Wed, 22 May 2019 at 18:16, Guilhem Moulin <guilhem@fripost.org> wrote:

> Hi Dominic,
>
> On Wed, 22 May 2019 at 13:53:07 +0100, Dominic Raferd wrote:
> > Thanks Arno, I think it is Debian really (rather than Ubuntu), but I
> > couldn't see where to ask except here. Will dig some more.
>
> For Debian you could file a bug against the =E2=80=98cryptsetup-initramfs=
=E2=80=99
> package, see https://tracker.debian.org/pkg/cryptsetup and
> https://www.debian.org/Bugs/ .
>
> (=E2=80=98Severity: wishlist=E2=80=99 I guess; at least your custom patch=
 not applying
> anymore isn't hinting at a regression.)
>
> Also FWIW we (Debian packaging team) have native support for unlocking
> multiple devices at early boot stage with a single passphrase prompt,
> see /usr/share/doc/cryptsetup-initramfs/README.initramfs.gz and
> /usr/share/doc/cryptsetup-run/README.* .  If that doesn't cover your
> workflow then please visit the above links and file a wishlist bug :-)
>
> Cheers,
> --
> Guilhem.
>

--00000000000001315a058a03cc51
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon=
t-size:small">Thanks Guilhem, those links are very helpful but I have not s=
olved it yet. Another change in the new cryptsetup is LUKS2 and use of the =
kernel keyring, so when run from a booted system dmcrypt_derived just retur=
ns a message that the source crypt device uses the keyring - I don&#39;t kn=
ow how to obtain the actual key to use it in the creation of the second cry=
pt device (or maybe it is impossible).<br></div></div><br><div class=3D"gma=
il_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Wed, 22 May 2019 at 18:1=
6, Guilhem Moulin &lt;<a href=3D"mailto:guilhem@fripost.org" target=3D"_bla=
nk">guilhem@fripost.org</a>&gt; wrote:<br></div><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,=
204);padding-left:1ex">Hi Dominic,<br>
<br>
On Wed, 22 May 2019 at 13:53:07 +0100, Dominic Raferd wrote:<br>
&gt; Thanks Arno, I think it is Debian really (rather than Ubuntu), but I<b=
r>
&gt; couldn&#39;t see where to ask except here. Will dig some more.<br>
<br>
For Debian you could file a bug against the =E2=80=98cryptsetup-initramfs=
=E2=80=99<br>
package, see <a href=3D"https://tracker.debian.org/pkg/cryptsetup" rel=3D"n=
oreferrer" target=3D"_blank">https://tracker.debian.org/pkg/cryptsetup</a> =
and<br>
<a href=3D"https://www.debian.org/Bugs/" rel=3D"noreferrer" target=3D"_blan=
k">https://www.debian.org/Bugs/</a> .<br>
<br>
(=E2=80=98Severity: wishlist=E2=80=99 I guess; at least your custom patch n=
ot applying<br>
anymore isn&#39;t hinting at a regression.)<br>
<br>
Also FWIW we (Debian packaging team) have native support for unlocking<br>
multiple devices at early boot stage with a single passphrase prompt,<br>
see /usr/share/doc/cryptsetup-initramfs/README.initramfs.gz and<br>
/usr/share/doc/cryptsetup-run/README.* .=C2=A0 If that doesn&#39;t cover yo=
ur<br>
workflow then please visit the above links and file a wishlist bug :-)<br>
<br>
Cheers,<br>
-- <br>
Guilhem.<br>
</blockquote></div></div>

--00000000000001315a058a03cc51--