Bug#786559: cryptsetup: broken boot delay when using keyfile

Fri, 22 May 2015 13:39:35 -0700 

Package: cryptsetup
Version: 2:1.6.6-5
Severity: normal

Dear Maintainer,
When using a keyfile with a luks volume on bootup there's a delay with the message showing a dependency failure but the given volume actually opens 

"A start job is running for dev-disk-by\x2duuid-<> s / 1 min 30s"
which displays the uuid of the filesystem containing the keyfile

journalctl -b shows
"May 22 14:41:36 debian systemd[1]: Job dev-disk-by\x2d<uuid of /dev/sda2>:-mykeyfile.device/start May 22 14:41:36 debian systemd[1]: Timed out waiting for device dev-disk-by\x2duuid-<uuid> May 22 14:41:36 debian systemd[1]: Dependency failed for Cryptography Setup for sdb1_crypt. 
May 22 14:41:36 debian systemd[1]: Dependency failed for Encrypted Volumes."
The encrypted volume does not fail and the system continues to boot as normal 

The delay is very long of 30 seconds so this is problematic

The system setup here is,
/dev/sda1 (300 MB ext2) for /boot
/dev/sda2 (1 MB ext2) for one keyfile -- this partition contains the keyfile which was created as
(I know this is not the ideal location for the keyfile -- using a test machine) 

dd if=/dev/urandom of=mykeyfile bs=512 count=8 iflag=fullblock
/dev/sdb1 which contains the luks volume - there is just 1 ext2 filesystem on it (/dev/mapper/sdb1_crypt which maps to /)
The steps done after post-install was the creation of a secret partition (/dev/sda2) containing the keyfile, added this key to the luks key slot (crypsetup luksAddKey) for /dev/sdb1, 

/etc/crypttab was edited to contain the following,
sdb1_crypt UUID=<crypt uuid> /dev/disk/by-uuid/<sda2's uuid>:/mykeyfile luks,keyscript=passdev 

the previous line in this file was commented out
sdb1_crypt UUID=<uuid> none luk
so there's just one line in /etc/crypttab..and as usual, update-initramfs -u -k all
according to /usr/share/doc/cryptsetup/README.initramfs.gz the startup should immediately forget the partition containing the keyfile 

"0. The "passdev" keyscript
 ----------------------------
If you have a keyfile on a removable device (e.g. a USB-key), you can use the *passdev keyscript. It will wait for the device to appear, mount it read-only, read the key and then unmount the device." 

but here same boot delay occurs with removable devices

please have a look
thanks

Scott


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to