From 5d8c13e99c6112f445659bda803f0d86c1e642bb Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Fri, 28 Jan 2022 15:37:34 -0300
Subject: Fix: provision: cryptsetup fixes

---
 share/hydractl/provision | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/share/hydractl/provision b/share/hydractl/provision
index bd9303b..54c92e9 100755
--- a/share/hydractl/provision
+++ b/share/hydractl/provision
@@ -55,7 +55,12 @@ function hydra_cryptsetup {
     #hydra_sudo_run cryptsetup --cipher aes-xts-plain64:sha256 --key-size 512 --hash sha512 --iter-time 5000 --use-random -y -q luksFormat $1
 
     # Run cryptsetup mostly with defaults
-    hydra_sudo_run cryptsetup --use-random -y -q luksFormat $1
+    #hydra_sudo_run cryptsetup --use-random -y -q luksFormat $1
+
+    # GRUB2 from bullseye (or even older) does not support LUKS2, which seems
+    # the default type for luksFormat since bullseye at least
+    # See https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
+    hydra_sudo_run cryptsetup --use-random -y -q luksFormat --type luks1 $1
   fi
 }
 
@@ -638,8 +643,12 @@ aes
 sha256
 EOF
 
-  if [ -e "$WORK/etc/cryptsetup-initramfs/conf-hook" ]; then
-    hydra_sudo_run sed -i -e 's/#CRYPTSETUP=/CRYPTSETUP=y/' $WORK/etc/cryptsetup-initramfs/conf-hook
+  #if [ -e "$WORK/etc/cryptsetup-initramfs/conf-hook" ]; then
+  #  hydra_sudo_run sed -i -e 's/#CRYPTSETUP=/CRYPTSETUP=y/' $WORK/etc/cryptsetup-initramfs/conf-hook
+  #fi
+
+  if [ -d "$WORK/etc/initramfs-tools/hooks.d" ]; then
+    echo "CRYPTSETUP=y" > $WORK/etc/initramfs-tools/hooks.d/cryptsetup.conf
   fi
 
   hydra_sudo_run chroot $WORK update-initramfs -u
-- 
cgit v1.2.3