fix bug on buster

[automated-distro-installer] / fai / config / hooks / partition.DEFAULT

diff --git a/fai/config/hooks/partition.DEFAULT b/fai/config/hooks/partition.DEFAULT
index b10a3e0f4c67e80fe6061ad23f2628785295c1b3..9ab73b22cceb9a2f91f2932b1c2c864f948484b0 100755 (executable)
--- a/fai/config/hooks/partition.DEFAULT
+++ b/fai/config/hooks/partition.DEFAULT
@@ -396,8 +396,15 @@ if $partition; then
     # This is just a bit more robust, and it could work for booting
     # into ipxe which can't persist data, if we ever got that working.
     mkfs.ext2 `grub_extdev`
+    # when we move to newer than trisquel 8, we can remove
+    # --type luks1. We can also check on cryptsetup --help | less /compil
+    # to see about the other settings. Default in debian 9 is luks2.
+    # You can convert from luks2 to luks 1 by adding a temporary key:
+    # cryptsetup luksAddKey --pbkdf pbkdf2
+    # then remove the new format keys with cryptsetup luksRemoveKey
+    # then cryptsetup convert DEV --type luks1, then readd old keys and remove temp.
     yes YES | cryptsetup luksFormat `rootdev` $luks_dir/host-$HOSTNAME \
-                         -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
+                         --type luks1 -c aes-cbc-essiv:sha256 -s 256 || [[ $? == 141 ]]
     yes "$lukspw" | \
       cryptsetup luksAddKey --key-file $luks_dir/host-$HOSTNAME \
                  `rootdev` || [[ $? == 141 ]]