New - systemd 234 - luks partition fails to ask for password

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

New - systemd 234 - luks partition fails to ask for password

arch general mailing list-2

This has been working for years - starting on recent reboots systemd is
failing to ask for password for luks encrypted /home partition and boot
halts.

Fully updated from testing repos - when I reboot now, systemd no longer
asks for password to unlock luks partition. There is no hesitation at all and no password prompt at all. The boot runs through and gives an error that crypt set up failed.

Root is not encrypted just /home. I'm then prompted to press Ctl D or
give root password and drop to single user mode - doing that then I can
manually do:

   cryptsetup open /dev/sdxx home

which prompts for password and succeeds

After I do above, then the error goes away evidenced by:
   systemctl status [hidden email]

shows all is normal - exiting from single user 'repair' mode - then
boot continues and completes normally. And /home gets mounted via
/dev/mapper as normal

The issue is with latest systemd that I no longer get prompted for a
password for the luks encrypted partition.

Thoughts:
systemd password agents:
running systemd-ask-password by hand does indeed ask for password
in the console.

/run/systemd/ask-password is empty directory.

the journal contains this:

systemd-cryptsetup[316]: Failed to query password: Timer expired
systemd[1]: Failed to start Cryptography Setup for home.
(Its possible that the bug is in systemd-cryptsetup in latest release?)

Versions:
# pacman -Q linux systemd

linux 4.12.1-2
systemd 234.0-2
cryptsetup 1.7.5-1

I googled but was no able to find any relevant bugs - checked systemd
github issues but found nothing similar.

thanks.





--
Gene
[hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New - systemd 234 - luks partition fails to ask for password - workaround

arch general mailing list-2
I have a work around which is to add timeout=90

It seems the  timeout=0, which is the default) and is supposed to mean
wait indefinitely) is now treated as dont prompt or wait at all.

I cannot say if this is a change in behavior which is intentional and
the man pages need to be updated (man crypttab) or a bug causing the
change - but changing to use a non-zero timeout does now prompt for
password.


--
Gene
[hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New - systemd 234 - luks partition fails to ask for password - workaround

arch general mailing list-2
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New - systemd 234 - luks partition fails to ask for password

arch general mailing list-2
In reply to this post by arch general mailing list-2
I'm also running cryptsetup 1.7.5-1, but with an out-of-date linux kernel
and systemd (4.11.9-1 and 233.75-3, respectively) and it's working fine;
it's plausibly a regression with one of those two.

Is this bug also present on the linux-lts kernel? I've found some issues
I've had go away with a different kernel.

On Jul 15, 2017 16:07, "Genes Lists via arch-general" <
[hidden email]> wrote:


This has been working for years - starting on recent reboots systemd is
failing to ask for password for luks encrypted /home partition and boot
halts.

Fully updated from testing repos - when I reboot now, systemd no longer
asks for password to unlock luks partition. There is no hesitation at all
and no password prompt at all. The boot runs through and gives an error
that crypt set up failed.

Root is not encrypted just /home. I'm then prompted to press Ctl D or
give root password and drop to single user mode - doing that then I can
manually do:

   cryptsetup open /dev/sdxx home

which prompts for password and succeeds

After I do above, then the error goes away evidenced by:
   systemctl status [hidden email]

shows all is normal - exiting from single user 'repair' mode - then
boot continues and completes normally. And /home gets mounted via
/dev/mapper as normal

The issue is with latest systemd that I no longer get prompted for a
password for the luks encrypted partition.

Thoughts:
systemd password agents:
running systemd-ask-password by hand does indeed ask for password
in the console.

/run/systemd/ask-password is empty directory.

the journal contains this:

systemd-cryptsetup[316]: Failed to query password: Timer expired
systemd[1]: Failed to start Cryptography Setup for home.
(Its possible that the bug is in systemd-cryptsetup in latest release?)

Versions:
# pacman -Q linux systemd

linux 4.12.1-2
systemd 234.0-2
cryptsetup 1.7.5-1

I googled but was no able to find any relevant bugs - checked systemd
github issues but found nothing similar.

thanks.





--
Gene
[hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New - systemd 234 - luks partition fails to ask for password - workaround

arch general mailing list-2
In reply to this post by arch general mailing list-2
On Sat, Jul 15, 2017 at 6:21 PM, Genes Lists via arch-general <
[hidden email]> wrote:

> I have a work around which is to add timeout=90
>

Where to add this?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New - systemd 234 - luks partition fails to ask for password - workaround

Bartłomiej Piotrowski-3
On 2017-07-17 06:38, SanskritFritz via arch-general wrote:
> On Sat, Jul 15, 2017 at 6:21 PM, Genes Lists via arch-general <
> [hidden email]> wrote:
>
>> I have a work around which is to add timeout=90
>>
>
> Where to add this?
>

To the kernel parameters, with luks.options= key.

B
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New - systemd 234 - luks partition fails to ask for password - workaround

arch general mailing list-2
On Mon, Jul 17, 2017 at 07:57:18AM +0200, Bartłomiej Piotrowski wrote:

> On 2017-07-17 06:38, SanskritFritz via arch-general wrote:
> > On Sat, Jul 15, 2017 at 6:21 PM, Genes Lists via arch-general <
> > [hidden email]> wrote:
> >
> >> I have a work around which is to add timeout=90
> >>
> >
> > Where to add this?
> >
>
> To the kernel parameters, with luks.options= key.

Yes, see "man systemd-cryptsetup-generator" and "man cryptsetup" for details.

Cheers,
--
Leonid Isaev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New - systemd 234 - luks partition fails to ask for password - workaround

arch general mailing list-2
On Mon, Jul 17, 2017 at 12:16 PM, Leonid Isaev via arch-general <
[hidden email]> wrote:

> On Mon, Jul 17, 2017 at 07:57:18AM +0200, Bartłomiej Piotrowski wrote:
> > On 2017-07-17 06:38, SanskritFritz via arch-general wrote:
> > > On Sat, Jul 15, 2017 at 6:21 PM, Genes Lists via arch-general <
> > > [hidden email]> wrote:
> > >
> > >> I have a work around which is to add timeout=90
> > >>
> > >
> > > Where to add this?
> > >
> >
> > To the kernel parameters, with luks.options= key.
>
> Yes, see "man systemd-cryptsetup-generator" and "man cryptsetup" for
> details.
>

Thanks guys.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New - systemd 234 - luks partition fails to ask for password - workaround

arch general mailing list-2
In reply to this post by arch general mailing list-2
On Mon, 2017-07-17 at 06:38 +0200, SanskritFritz wrote:
> On Sat, Jul 15, 2017 at 6:21 PM, Genes Lists via arch-general <arch-g
> [hidden email]> wrote:
> > I have a work around which is to add timeout=90
>
> Where to add this?
>
>

in /etc/crypttab at the end of the line


--
Gene
[hidden email]
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: New - systemd 234 - luks partition fails to ask for password - workaround

arch general mailing list-2
On Mon, Jul 17, 2017 at 1:59 PM, Genes Lists <[hidden email]> wrote:

> On Mon, 2017-07-17 at 06:38 +0200, SanskritFritz wrote:
> > On Sat, Jul 15, 2017 at 6:21 PM, Genes Lists via arch-general <arch-g
> > [hidden email]> wrote:
> > > I have a work around which is to add timeout=90
> >
> > Where to add this?
> >
> >
>
> in /etc/crypttab at the end of the line
>
>
Ah, thanks man.
Loading...