Deprecations in new release

[459below]

So in Testing/Buster the initramfs generation starts to throw warnings about pending deprecation.

[root@manus ~]# update-initramfs -u -k all
update-initramfs: Generating /boot/initrd.img-4.17.0-1-amd64
cryptsetup: WARNING: Honoring CRYPTSETUP=[y|n] will deprecated in the future. 
    Please uninstall the 'cryptsetup-initramfs' package if you don't want the 
    cryptsetup initramfs integration.
dropbear: WARNING: Setting DROPBEAR in /etc/initramfs-tools/initramfs.conf is deprecated and will be ignored in a future release

I reckon, that it will not break in Debian 10 Buster, but in Debian 11 Bullseye. So probably something, which has time till 2021, 2022.

[fetzerms]

Ok. I think we are safe for some time. Thanks for looking it up. That message isn't part of our scrips but rather part of the cryptroot hook (see source ). I think if they remove it, they will probably find another way for a crypted root environment.

Then we need to adjust.

[459below]

I'm running Debian testing on my workstation and the unlock has been broken for quite some time. I haven't had the time to evaluate, whether it's caused by an updated version of the cryptsetup-initramfs. ~In any case this bug report could be of interest: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904162~

[459below]

OK, I'm finally making progress. So the issue basically is, that the connection is never made. No matter how long Buster is left alone. However, if one was to mash on the keyboard (actually 6 to 9 times seem to suffice) SSH finally attempts to connect. I reckon a package related to the whole process has changed their default behaviour to depend on /dev/random instead of /dev/urandom, thus the /dev/random device blocks the ssh connection as long as it doesn't has enough real entropy. Obviously this is quite managable on workstations, however would be a real problem on remote and headless servers. I'll look into it...

[459below]

Seems I forgot to report, that the https://github.com/459below/cryptboot-ssh/commit/fc352da6451315c34bce036c9fc5bff401845612 worked okay. Up until recently, when timeout in initrd has changed their syntax slightly, but this is fixed by https://github.com/459below/cryptboot-ssh/commit/3c75a0024d0bff15a78af4ddfe9e6dbdcf971516. Cheers!

[SamSirry]

Regarding the warning: Setting DROPBEAR in /etc/initramfs-tools/initramfs.conf is deprecated, has an alternative method been provided somewhere?

[fetzerms]

I think the proper way would be to use https://packages.debian.org/buster/dropbear-initramfs and skip putting dropbear=y to the config. But I did not test this yet. Maybe you can give it a shot?