FS#54825 - [systemd] System 234 fails to start cryptography service
Attached to Project:
Arch Linux
Opened by Hugo Osvaldo Barrera (hobarrera) - Saturday, 15 July 2017, 14:04 GMT
Last edited by Christian Hesse (eworm) - Monday, 31 July 2017, 06:55 GMT
Opened by Hugo Osvaldo Barrera (hobarrera) - Saturday, 15 July 2017, 14:04 GMT
Last edited by Christian Hesse (eworm) - Monday, 31 July 2017, 06:55 GMT
|
Details
Description:
Booting into systemd-234 fails to start when using the sd-* hooks and FDE (LVM on top of LUKS). Failed to start Cryptography setup for luks-83745.. (no password prompt, it just times out and dies). Applicable versions: Downgrading to the last 233.* version works again. No log files, since this happens on the rd. |
This task depends upon
Closed by Christian Hesse (eworm)
Monday, 31 July 2017, 06:55 GMT
Reason for closing: Fixed
Additional comments about closing: systemd 234.11-2 in [testing]
Monday, 31 July 2017, 06:55 GMT
Reason for closing: Fixed
Additional comments about closing: systemd 234.11-2 in [testing]
mkinitpcio:
base systemd autodetect modconf block keyboard sd-vconsole sd-encrypt filesystems
minimal kernel options:
rw luks.name=b8c28c67-aeda-4255-b5e4-4c8265a1811a=root root=/dev/mapper/root
I receive a passphrase prompt on 233 but not on 234, in which systemd-cryptsetup@root.service fails instantly, dumping me to emergency mode (which strangely does not give me a shell).
Even after chrooting into the dead machine, I could not find any trace of what went wrong with systemd-cryptsetup. Hope someone else might have better luck debugging this.
TBH, I've absolute no idea how to debug this, since it's purely happening inside the rd environment.
Eg:
rw luks.options=timeout=30s luks.name=b8c28c67-aeda-4255-b5e4-4c8265a1811a=root root=/dev/mapper/root
It is not mentioned in the NEWS file for 234 and the documentation matches 233's behavior not 234.
https://github.com/systemd/systemd/issues/6381
If crypttab is used without specifying the timeout option the behavior is the same between 233 and 234.
man 5 crypttab
timeout=
Specifies the timeout for querying for a password. If no unit is
specified, seconds is used. Supported units are s, ms, us, min, h,
d. A timeout of 0 waits indefinitely (which is the default).
This documentation appears accurate apart from the case of 234 using kernel options again going from reports.
https://github.com/systemd/systemd/commit/e758bc9132305b4398471bf7002ccd8b45b2b5a4
HOOKS="base systemd autodetect modconf block keyboard sd-encrypt sd-lvm2 filesystems fsck"
Kernel Commandline looks like this:
rd.luks.uuid=c3078eb3-9f67-4ae0-ae2c-32bbcd9eedf7 rd.lvm.lv=xps13/arch.root rd.lvm.lv=xps13/arch.swap luks.options=timeout=30s resume=UUID=ce9a6eec-b6ef-48fc-a107-9ee030578c41 root=UUID=fcb4a880-b970-46e0-8e62-063e935eccc3 elevator=noop ipv6.disable=1 pcie_aspm=force rw quiet loglevel=3 systemd.show_status=false nvme_core.default_ps_max_latency_us=180000
[edit]To clarify: The luks.options=timeout=30s was added as a workaround to get a booting system again, it wasn't there in my original kernel commandline.[/edit]
And for the sake of completeness here are my initrd hooks:
HOOKS="systemd autodetect modconf block keyboard keymap sd-encrypt sd-lvm2 filesystems fsck"
Using /etc/crypttab.initramfs also works without any timeout specified
Edit:
In the upstream bug the screenshots in response to the request for information since the report was reopened are both from systems using dracut.
Could an affected arch user post similar screenshots if textual output is not available to the upstream report.
Edit:
Should be this commit https://github.com/andrewsoutar/systemd/commit/e9f4cfe8c4db23bd8048aa29909a53b9d33efb41
EDIT: Just got confirmation from another user on Github that this worked for him.
Otherwise wait for upstream to review the patch.