[Expired for systemd (Ubuntu) because there has been no activity for 60
days.]
** Changed in: systemd (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1938692
Title:
systemd-cryptsetup-generator generated unit for root filesystem fails
with keyfile
Status in systemd package in Ubuntu:
Expired
Bug description:
I'm using Ubuntu 21.04 on a Raspberry Pi 4b.
/etc/crypttab:
# <target name> <source device> <key file> <options>
crypt_root UUID=12989868-19fe-4834-90a8-f1bf13977745
/dev/disk/by-label/wopr_keys:/crypt_root_key
luks,discard,keyscript=/lib/cryptsetup/scripts/passdev,initramfs,x-initrd.attach
crypt_swap /dev/disk/by-id/scsi-SSamsung_Portable_SSD_T5_4B1C18654321-part2
/dev/urandom swap,discard,cipher=aes-xts-plain64,size=256,plain
/etc/fstab
LABEL=system-boot /boot/firmware vfat defaults 0 1
/dev/mapper/crypt_root / btrfs
defaults,ssd,compress=zstd,discard=async,relatime,x-initrd.mount,subvol=@ 0 0
/dev/mapper/crypt_root /home btrfs
defaults,ssd,compress=zstd,discard=async,relatime,x-initrd.mount,subvol=@home 0 0
/dev/mapper/crypt_swap none swap defaults 0 0
/boot/firmware/cmdline.txt
dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1
cryptdevice=LABEL=crypt_root:crypt_root root=/dev/mapper/crypt_root
rootflags=subvol=@ rootfstype=btrfs rootwait fixrtc zswap.enabled=1
On the Raspberry Pi, it seems that cryptsetup-initramfs is responsible
for unlocking devices in the initramfs. Things worked perfectly before
I started using a keyfile on a USB Drive to unlock my root device.
The issue is that /lib/cryptsetup/scripts/passdev expects the keyfile
to be in a particular format, and systemd-cryptsetup-generator expects
a slightly different format. So cryptsetup-initramfs successfully
unlocks the root filesystem and mounts it, but systemd's auto-
generated unit attempts to mount the (in its view) incorrectly
formatted keyfile device and fails. As a result the entire boot fails.
In the rescue shell, I can see that all filesystems have mounted
correctly.
I can think of a couple of solutions:
1. I disabled systemd luks unit generation by passing luks=no in the kernel
command line. This also disables other crypttab entries from unlocking, so my
swap partition mount fails.
2. I tried disabling systemd unit generation just for my root device with
x-initrd.attach,noauto,nofail,initramfs options. This resulted in the exact
same error. I also tried adding noauto to the fstab entry for my root device
and this did not work.
3. Arch Linux has a separate crypttab.initramfs file that is only loaded into
the initramfs. Could this be implemented somehow?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1938692/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
