When I boot 12.1, my encrypted data partitions are not activated(systemd)

user · August 7, 2012, 4:22am

Hi,

The system does not ask for the password while it boots. The correct entries are in fstab and
crypttab files.

If I try to activate the partitions manually I get an error:


bombadillo:~ # rccrypto status
redirecting to systemctl
crypto.service
Loaded: masked (/dev/null)
Active: inactive (dead)
bombadillo:~ # rccrypto start
redirecting to systemctl
Failed to issue method call: Unit crypto.service is masked.

That error message is greek to me. Masked?

–
Cheers / Saludos,

Carlos E. R.
(from 12.1 “Asparagus” GM (bombadillo))

VampirD · August 8, 2012, 4:30pm

It seems that systemd can “mask” a service to disable it to start, even
manually, you can mask a service linking it to /dev/null, for example:


$ ln -s /dev/null /etc/systemd/system/ldap.service
$ systemctl daemon-reload

to unmask them you should remove the link

Systemd mount the encrypted filesystem with cryptsetup, maybe you should
look that way

robin_listas · August 9, 2012, 2:59am

On 2012-08-08 16:30, VampirD wrote:
> It seems that systemd can “mask” a service to disable it to start, even
> manually, you can mask a service linking it to /dev/null, for example:
>


> $ ln -s /dev/null /etc/systemd/system/ldap.service
> $ systemctl daemon-reload

to unmask them you should remove the link

I don’t see anything related to crypto services in there:


> bombadillo:~ # l /etc/systemd/system/
> total 0
> drwxr-xr-x 7 root root 368 Aug  7 02:56 ./
> drwxr-xr-x 4 root root 200 Aug  7 02:43 ../
> lrwxrwxrwx 1 root root  40 Aug  7 00:58 dbus-org.freedesktop.Avahi.service -> /lib/systemd/system/avahi-daemon.service
> lrwxrwxrwx 1 root root  36 Aug  7 01:03 default.target -> /lib/systemd/system/runlevel5.target
> drwxr-xr-x 2 root root 240 Nov 10  2011 default.target.wants/
> drwxr-xr-x 2 root root  88 Nov 10  2011 getty.target.wants/
> lrwxrwxrwx 1 root root   9 Aug  7 02:56 klogd.service -> /dev/null
> drwxr-xr-x 2 root root 288 Aug  7 01:04 multi-user.target.wants/
> drwxr-xr-x 2 root root 104 Aug  7 01:00 network.target.wants/
> drwxr-xr-x 2 root root  88 Aug  7 00:58 sockets.target.wants/
> bombadillo:~ #

> Systemd mount the encrypted filesystem with cryptsetup, maybe you should
> look that way

How? It never asks for the password during boot. I may click on the icon of the device later, but I
want it mounted at boot. The partitions were recognized during installation, I see the appropriate
entries in fstab and crypttab, but then nothing activates it.

–
Cheers / Saludos,

Carlos E. R.
(from 12.1 “Asparagus” GM (bombadillo))

VampirD · August 9, 2012, 2:29pm

Carlos, I’m still trying to learn systemd (still is a pain configure
it T_T), but just to be sure, you updated you system? is an upgrade or a
fresh install? (I think yes and fresh install) and can you post the
entry for the encrypted filesystem in /etc/fstab

robin_listas · August 9, 2012, 7:43pm

On 2012-08-09 14:29, VampirD wrote:
> Carlos, I’m still trying to learn systemd (still is a pain configure
> it T_T), but just to be sure, you updated you system? is an upgrade or a
> fresh install? (I think yes and fresh install) and can you post the
> entry for the encrypted filesystem in /etc/fstab

It is a fresh install done for testing 12.1. The encrypted filesystems are preexistent and have data.



fstab

/dev/mapper/cr_sdc9  /other/main/data/cripta xfs    noauto,noauto,nofail  0 0
/dev/mapper/cr_sdc10 /other/main/data/other xfs     acl,user_xattr,noauto,noauto,nofail 0 0

/etc/crypttab


cr_sdc9         /dev/disk/by-id/ata-...-part9 none     noauto
cr_sdc10        /dev/disk/by-id/ata-...-part10 none    noauto

Locate finds me crypto.service:


bombadillo:~ # locate crypto.service
/lib/systemd/system/crypto.service
bombadillo:~ # l /lib/systemd/system/crypto.service
lrwxrwxrwx 1 root root 9 Aug  7 02:43 /lib/systemd/system/crypto.service -> /dev/null
bombadillo:~ #

I delete that link as a trial, and I get a different result - but not good:


bombadillo:~ # rm /lib/systemd/system/crypto.service
bombadillo:~ # rccrypto status
redirecting to systemctl
crypto.service - LSB: Enables crypto file systems that couldn't be enabled in first part
Loaded: loaded (/etc/init.d/boot.crypto)
Active: inactive (dead)
CGroup: name=systemd:/system/crypto.service
bombadillo:~ # rccrypto start
redirecting to systemctl
bombadillo:~ #

I think that that “/lib/systemd/system/crypto.service” must point somewhere not null.

–
Cheers / Saludos,

Carlos E. R.
(from 12.1 “Asparagus” GM (bombadillo))

VampirD · August 9, 2012, 9:34pm

I have the same on two of my PC, the only difference is that I have not
“noauto” on fstab file and I have “none” instead of “noauto” on crypttab
file


asparagus:/lib/systemd/system # grep cr_sda /etc/fstab
/dev/mapper/cr_sda2 swap     swap       defaults 0 0
/dev/mapper/cr_sda4 /home    ext4       acl,user_xattr,nofail 0 2
asparagus:/lib/systemd/system # cat /etc/crypttab
cr_sda2         /dev/disk/by-id/ata-SAMSUNG_HD502HJ_S20BJ9CSC36782-part2
none       none
cr_sda4         /dev/disk/by-id/ata-SAMSUNG_HD502HJ_S20BJ9CSC36782-part4
none       none
asparagus:/lib/systemd/system # l /lib/systemd/system/crypto.service
lrwxrwxrwx 1 root root 9 Jun  1 14:36 /lib/systemd/system/crypto.service
-> /dev/null
asparagus:/lib/systemd/system #

If I understand it, cryptsetup.target generates
cryptsetup@cr_sda2.service and cryptsetup@cr_sda4.service and use it to
mount the drive


asparagus:/lib/systemd/system # cat
/run/systemd/generator/cryptsetup.target.requires/cryptsetup@cr_sda2.service
[Unit]
Description=Cryptography Setup for %I
Conflicts=umount.target
DefaultDependencies=no
BindTo=dev-disk-by\x2did-ata\x2dSAMSUNG_HD502HJ_S20BJ9CSC36782\x2dpart2.device
dev-mapper-%i.device
After=systemd-readahead-collect.service systemd-readahead-replay.service
dev-disk-by\x2did-ata\x2dSAMSUNG_HD502HJ_S20BJ9CSC36782\x2dpart2.device
After=md.service dmraid.service lvm.service
Before=umount.target
Before=local-fs.target
Before=cryptsetup.target

[Service]
Type=oneshot
RemainAfterExit=yes
TimeoutSec=0
ExecStart=/lib/systemd/systemd-cryptsetup attach 'cr_sda2'
'/dev/disk/by-id/ata-SAMSUNG_HD502HJ_S20BJ9CSC36782-part2' 'none' 'none'
ExecStop=/lib/systemd/systemd-cryptsetup detach 'cr_sda2'
asparagus:/lib/systemd/system #

but still I don’t fully understand it T_T

Reading the release notes for 12.1 I have found that:

“Mounting Encrypted Partitions Using systemd
If encrypted partitions are not automatically mounted when using
systemd, the noauto flag in /etc/fstab for these partitions could be the
cause. Replacing this flag with nofail will fix it. For instance, change
the following line:
/dev/mapper/cr_sda3 /home ext4 acl,user_xattr,noauto 0 2
to
/dev/mapper/cr_sda3 /home ext4 acl,user_xattr,nofail 0 2”

try removing the noauto flag

robin_listas · August 9, 2012, 10:14pm

On 2012-08-09 21:34, VampirD wrote:
> I have the same on two of my PC, the only difference is that I have not
> “noauto” on fstab file and I have “none” instead of “noauto” on crypttab
> file

I tried that as well, no difference.

> If I understand it, cryptsetup.target generates
> cryptsetup@cr_sda2.service and cryptsetup@cr_sda4.service and use it to
> mount the drive

I have that now - see below.

> but still I don’t fully understand it T_T

More than me…

> Reading the release notes for 12.1 I have found that:
>
> “Mounting Encrypted Partitions Using systemd
> If encrypted partitions are not automatically mounted when using
> systemd, the noauto flag in /etc/fstab for these partitions could be the
> cause. Replacing this flag with nofail will fix it. For instance, change
> the following line:
> /dev/mapper/cr_sda3 /home ext4 acl,user_xattr,noauto 0 2
> to
> /dev/mapper/cr_sda3 /home ext4 acl,user_xattr,nofail 0 2”
>
> try removing the noauto flag

No difference.

I tried the yast partitioner. It asks for my password, does things, does not work.


bombadillo:/lib/systemd/system # rccrypto stop
redirecting to systemctl
bombadillo:/lib/systemd/system # rccrypto start
redirecting to systemctl
Job failed. See system logs and 'systemctl status' for details.
bombadillo:/lib/systemd/system #

It delays for half a minute, never asks for my password, and fails. :-/


> Aug  9 22:03:16 bombadillo boot.crypto[17746]: stty: standard input: Inappropriate ioctl for device
> Aug  9 22:03:16 bombadillo boot.crypto[17746]: Activating crypto devices using /etc/crypttab ...
> Aug  9 22:03:16 bombadillo boot.crypto[17746]: Unlocking cr_sdc9 (/dev/disk/by-id/ata-ST3500418AS_9VM7ZCQQ-part9)
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** ADDING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** ADDED /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** EMITTING ADDED for /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** CHANGING /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** EMITTING CHANGED for /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** CHANGED /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** CHANGING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** EMITTING CHANGED for /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** CHANGED /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** CHANGING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** EMITTING CHANGED for /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** CHANGED /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** CHANGING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** EMITTING CHANGED for /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** CHANGED /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** REMOVING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** EMITTING REMOVED for /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** IGNORING REMOVE /sys/devices/virtual/block/dm-0
> Aug  9 22:03:17 bombadillo dbus-daemon[1119]: **** EMITTING CHANGED for /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:17 bombadillo boot.crypto[17746]: Unlocking cr_sdc9 (/dev/disk/by-id/ata-ST3500418AS_9VM7ZCQQ-part9)


here it waits for a minute...


> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** ADDING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** ADDED /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** EMITTING ADDED for /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** EMITTING CHANGED for /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGED /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGING /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** EMITTING CHANGED for /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGED /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGED /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** EMITTING CHANGED for /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGED /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** REMOVING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** EMITTING REMOVED for /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** EMITTING CHANGED for /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** IGNORING REMOVE /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo boot.crypto[17746]: Unlocking cr_sdc9 (/dev/disk/by-id/ata-ST3500418AS_9VM7ZCQQ-part9)
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** ADDING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** ADDED /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** EMITTING ADDED for /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** EMITTING CHANGED for /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGED /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGING /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** EMITTING CHANGED for /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGED /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGED /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** EMITTING CHANGED for /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** CHANGED /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** REMOVING /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** EMITTING REMOVED for /sys/devices/virtual/block/dm-0
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** UPDATING /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** EMITTING CHANGED for /sys/devices/pci0000:00/0000:00:1f.2/host5/target5:0:0/5:0:0:0/block/sdc/sdc9
> Aug  9 22:03:27 bombadillo dbus-daemon[1119]: **** IGNORING REMOVE /sys/devices/virtual/block/dm-0
> Aug  9 22:03:28 bombadillo boot.crypto[17746]: cr_sdc9... ..failed
> Aug  9 22:03:28 bombadillo boot.crypto[17746]: cr_sdc10..skipped
> Aug  9 22:03:28 bombadillo systemd[1]: crypto.service: control process exited, code=exited status=1
> Aug  9 22:03:28 bombadillo systemd[1]: Unit crypto.service entered failed state.

:-//

–
Cheers / Saludos,

Carlos E. R.
(from 12.1 “Asparagus” GM (bombadillo))

robin_listas · August 9, 2012, 11:23pm

On 2012-08-09 22:14, Carlos E. R. wrote:
> On 2012-08-09 21:34, VampirD wrote:
>> I have the same on two of my PC, the only difference is that I have not
>> “noauto” on fstab file and I have “none” instead of “noauto” on crypttab
>> file
>
> I tried that as well, no difference.

I tried a reboot.

It asked for the password, maybe it failed, then it tried to mount the devices, and failed, dumping
me into emergency mode.

Fstab has to be noauto and nofail mandatory, or if you fail the password you can not boot ever.

I had to press the hard reset button to exit and boot again after the edit to fstab in emergency
mode, a ctrl-D asked for the encrypted device password again and failed.

On the second reboot it asked for the password, continued the boot, but the device was not mounted.
I’m going to boot again in systemv mode.

–
Cheers / Saludos,

Carlos E. R.
(from 12.1 “Asparagus” GM (bombadillo))

robin_listas · August 10, 2012, 12:10am

On 2012-08-09 23:23, Carlos E. R. wrote:

> On the second reboot it asked for the password, continued the boot, but the device was not mounted.
> I’m going to boot again in systemv mode.

In system V mode it works, of course. Everything! Both at boot and later.

Well, not everything… during boot, the encrypted device is enabled, but not mounted. It can be
mounted from the entry in fstab.

Or, if I run rccrypto start it works perfect. It found a problem in one of the partitions and it
reported correctly in the log (unknown mount option [acl]), which is promptly solved.

Some bugzillas to write…

–
Cheers / Saludos,

Carlos E. R.
(from 12.1 “Asparagus” GM (bombadillo))