Discussion:
New - systemd 234 - luks partition fails to ask for password
(too old to reply)
Genes Lists via arch-general
2017-07-15 15:07:48 UTC
Permalink
Raw Message
This has been working for years - starting on recent reboots systemd is
failing to ask for password for luks encrypted /home partition and boot
halts.

Fully updated from testing repos - when I reboot now, systemd no longer
asks for password to unlock luks partition. There is no hesitation at all and no password prompt at all. The boot runs through and gives an error that crypt set up failed.

Root is not encrypted just /home. I'm then prompted to press Ctl D or
give root password and drop to single user mode - doing that then I can
manually do:

cryptsetup open /dev/sdxx home

which prompts for password and succeeds

After I do above, then the error goes away evidenced by:
systemctl status systemd-***@home.service

shows all is normal - exiting from single user 'repair' mode - then
boot continues and completes normally. And /home gets mounted via
/dev/mapper as normal

The issue is with latest systemd that I no longer get prompted for a
password for the luks encrypted partition.

Thoughts:
systemd password agents:
running systemd-ask-password by hand does indeed ask for password
in the console.

/run/systemd/ask-password is empty directory.

the journal contains this:

systemd-cryptsetup[316]: Failed to query password: Timer expired
systemd[1]: Failed to start Cryptography Setup for home.
(Its possible that the bug is in systemd-cryptsetup in latest release?)

Versions:
# pacman -Q linux systemd

linux 4.12.1-2
systemd 234.0-2
cryptsetup 1.7.5-1

I googled but was no able to find any relevant bugs - checked systemd
github issues but found nothing similar.

thanks.
--
Gene
***@sapience.com
Genes Lists via arch-general
2017-07-15 16:21:18 UTC
Permalink
Raw Message
I have a work around which is to add timeout=90

It seems the timeout=0, which is the default) and is supposed to mean
wait indefinitely) is now treated as dont prompt or wait at all.

I cannot say if this is a change in behavior which is intentional and
the man pages need to be updated (man crypttab) or a bug causing the
change - but changing to use a non-zero timeout does now prompt for
password.
--
Gene
***@sapience.com
Genes Lists via arch-general
2017-07-15 16:44:00 UTC
Permalink
Raw Message
Could wel be related:
https://github.com/systemd/systemd/pull/6264
--
Gene
***@sapience.com
SanskritFritz via arch-general
2017-07-17 04:38:01 UTC
Permalink
Raw Message
On Sat, Jul 15, 2017 at 6:21 PM, Genes Lists via arch-general <
Post by Genes Lists via arch-general
I have a work around which is to add timeout=90
Where to add this?
Bartłomiej Piotrowski
2017-07-17 05:57:18 UTC
Permalink
Raw Message
Post by SanskritFritz via arch-general
On Sat, Jul 15, 2017 at 6:21 PM, Genes Lists via arch-general <
Post by Genes Lists via arch-general
I have a work around which is to add timeout=90
Where to add this?
To the kernel parameters, with luks.options= key.

B
Leonid Isaev via arch-general
2017-07-17 10:16:56 UTC
Permalink
Raw Message
Post by Bartłomiej Piotrowski
Post by SanskritFritz via arch-general
On Sat, Jul 15, 2017 at 6:21 PM, Genes Lists via arch-general <
Post by Genes Lists via arch-general
I have a work around which is to add timeout=90
Where to add this?
To the kernel parameters, with luks.options= key.
Yes, see "man systemd-cryptsetup-generator" and "man cryptsetup" for details.

Cheers,
--
Leonid Isaev
SanskritFritz via arch-general
2017-07-17 11:41:56 UTC
Permalink
Raw Message
On Mon, Jul 17, 2017 at 12:16 PM, Leonid Isaev via arch-general <
Post by Leonid Isaev via arch-general
Post by Bartłomiej Piotrowski
Post by SanskritFritz via arch-general
On Sat, Jul 15, 2017 at 6:21 PM, Genes Lists via arch-general <
Post by Genes Lists via arch-general
I have a work around which is to add timeout=90
Where to add this?
To the kernel parameters, with luks.options= key.
Yes, see "man systemd-cryptsetup-generator" and "man cryptsetup" for details.
Thanks guys.
Genes Lists via arch-general
2017-07-17 11:59:26 UTC
Permalink
Raw Message
On Sat, Jul 15, 2017 at 6:21 PM, Genes Lists via arch-general <arch-g
Post by Genes Lists via arch-general
I have a work around which is to add timeout=90
Where to add this?
in /etc/crypttab at the end of the line
--
Gene
***@sapience.com
SanskritFritz via arch-general
2017-07-17 12:43:59 UTC
Permalink
Raw Message
Post by Genes Lists via arch-general
On Sat, Jul 15, 2017 at 6:21 PM, Genes Lists via arch-general <arch-g
Post by Genes Lists via arch-general
I have a work around which is to add timeout=90
Where to add this?
in /etc/crypttab at the end of the line
Ah, thanks man.

Noah Schoem via arch-general
2017-07-15 21:20:41 UTC
Permalink
Raw Message
I'm also running cryptsetup 1.7.5-1, but with an out-of-date linux kernel
and systemd (4.11.9-1 and 233.75-3, respectively) and it's working fine;
it's plausibly a regression with one of those two.

Is this bug also present on the linux-lts kernel? I've found some issues
I've had go away with a different kernel.

On Jul 15, 2017 16:07, "Genes Lists via arch-general" <
arch-***@archlinux.org> wrote:


This has been working for years - starting on recent reboots systemd is
failing to ask for password for luks encrypted /home partition and boot
halts.

Fully updated from testing repos - when I reboot now, systemd no longer
asks for password to unlock luks partition. There is no hesitation at all
and no password prompt at all. The boot runs through and gives an error
that crypt set up failed.

Root is not encrypted just /home. I'm then prompted to press Ctl D or
give root password and drop to single user mode - doing that then I can
manually do:

cryptsetup open /dev/sdxx home

which prompts for password and succeeds

After I do above, then the error goes away evidenced by:
systemctl status systemd-***@home.service

shows all is normal - exiting from single user 'repair' mode - then
boot continues and completes normally. And /home gets mounted via
/dev/mapper as normal

The issue is with latest systemd that I no longer get prompted for a
password for the luks encrypted partition.

Thoughts:
systemd password agents:
running systemd-ask-password by hand does indeed ask for password
in the console.

/run/systemd/ask-password is empty directory.

the journal contains this:

systemd-cryptsetup[316]: Failed to query password: Timer expired
systemd[1]: Failed to start Cryptography Setup for home.
(Its possible that the bug is in systemd-cryptsetup in latest release?)

Versions:
# pacman -Q linux systemd

linux 4.12.1-2
systemd 234.0-2
cryptsetup 1.7.5-1

I googled but was no able to find any relevant bugs - checked systemd
github issues but found nothing similar.

thanks.





--
Gene
***@sapience.com
Loading...