Package: dracut-core Version: 050+65-1 Severity: important X-Debbugs-Cc: die...@gnome.org
It seems like dracut is forgetting to include /usr/lib/tmpfiles.d/cryptsetup.conf in the initrd image, which in turn means that cryptsetup has to create its locking directory on the fly: ``` systemd[1]: Starting Cryptography Setup for sda5_crypt... systemd[403]: systemd-cryptsetup@sda5_crypt.service: Executing: /lib/systemd/systemd-cryptsetup attach sda5_crypt /dev/dis systemd-cryptsetup[403]: Allocating context for crypt device /dev/disk/by-uuid/abce6225-09ba-4b57-93b8-dda42635eafd. systemd-cryptsetup[403]: Trying to open and read device /dev/disk/by-uuid/abce6225-09ba-4b57-93b8-dda42635eafd with direct systemd-cryptsetup[403]: Initialising device-mapper backend library. systemd-cryptsetup[403]: dm version [ opencount flush ] [16384] (*1) systemd-cryptsetup[403]: dm versions [ opencount flush ] [16384] (*1) systemd-cryptsetup[403]: Detected dm-ioctl version 4.42.0. systemd-cryptsetup[403]: Device-mapper backend running with UDEV support enabled. systemd-cryptsetup[403]: dm status sda5_crypt [ opencount noflush ] [16384] (*1) systemd-cryptsetup[403]: Trying to load any crypt type from device /dev/disk/by-uuid/abce6225-09ba-4b57-93b8-dda42635eafd. systemd-cryptsetup[403]: Crypto backend (OpenSSL 1.1.1g 21 Apr 2020) initialized in cryptsetup library version 2.3.3. systemd-cryptsetup[403]: Detected kernel Linux 5.7.0-2-amd64 x86_64. systemd-cryptsetup[403]: Loading LUKS2 header (repair disabled). systemd-cryptsetup[403]: Acquiring read lock for device /dev/disk/by-uuid/abce6225-09ba-4b57-93b8-dda42635eafd. systemd-cryptsetup[403]: WARNING: Locking directory /run/cryptsetup is missing! systemd-cryptsetup[403]: Opening lock resource file /run/cryptsetup/L_8:5 systemd-cryptsetup[403]: Verifying lock handle for /dev/disk/by-uuid/abce6225-09ba-4b57-93b8-dda42635eafd. systemd-cryptsetup[403]: Device /dev/disk/by-uuid/abce6225-09ba-4b57-93b8-dda42635eafd READ lock taken. systemd-cryptsetup[403]: Trying to read primary LUKS2 header at offset 0x0. systemd-cryptsetup[403]: Opening locked device /dev/disk/by-uuid/abce6225-09ba-4b57-93b8-dda42635eafd systemd-cryptsetup[403]: Veryfing locked device handle (bdev) systemd-cryptsetup[403]: LUKS2 header version 2 of size 16384 bytes, checksum sha256. ``` According to upstream, this should in fact be fatal, but as a work-around they create the directory with default permissions anyway: https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/99#note_390506222 This does not happen with `initramfs-tools`, but apparently because they just bite the bullet and manually create it (perhaps that should be a bug too): ``` /usr/share/initramfs-tools /scripts/local-top/cryptroot: # Create locking directory before invoking cryptsetup(8) to avoid warnings mkdir -pm0700 /run/cryptsetup ``` `dracut` does something similar in its scripts, but apparently in my system systemd takes over and said script is never run, or ran too late? ``` /usr/lib/dracut/modules.d/90crypt/cryptroot-ask.sh: mkdir -p -m 0700 /run/cryptsetup ``` So, I believe perhaps the above directory might follow upstream recommendation and be created in a tmpfiles.d configuration file. Note that /usr/lib/tmpfiles.d/cryptsetup.conf is installed by `cryptsetup-bin`. I'll report a similar bug in initramfs-tools. -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages dracut-core depends on: ii bash 5.0-6 ii cpio 2.13+dfsg-2 ii e2fsprogs 1.45.6-1 ii kmod 27+20200310-2 ii kpartx 0.8.4-3 ii libc6 2.31-2 ii libkmod2 27+20200310-2 ii pkg-config 0.29.2-1 ii udev 246-2 ii util-linux 2.36-2 Versions of packages dracut-core recommends: ii binutils 2.35-1 ii console-setup 1.196 ii cryptsetup 2:2.3.3-1+b1 pn dmraid <none> ii dmsetup 2:1.02.171-2 ii lvm2 2.03.09-2 pn mdadm <none> ii pigz 2.4-1+b1 ii systemd 246-2 dracut-core suggests no packages. -- no debconf information
