You are not logged in.
- Topics: Active | Unanswered
#1 2012-02-19 18:41:55
- albinoloverats
- Member
- From: London
- Registered: 2007-12-18
- Posts: 30
- Website
Boot-time luksOpen fails due to missing files
After a recent update and reboot, I am unable to boot my system.
I have separate partitions for / /boot /usr /var /opt and /home. They are all encrypted and accessible via /dev/mapper/root /dev/mapper/usr, and so on. Beneath the encryption are RAID 1 array's for each partition.
My system is up-to-date as of 2012-02-19 17:00 GMT as I am able to use the lastest ISO to assemble/decrypt/mount/chroot into what closely resemble my system (albeit from using the live CD).
[EDIT]
The problem seems to be a result of not having the necessary binaries to decrypt the partitions in /sbin or /lib to decrypt but rather they can be found is /usr/bin or /usr/lib; trying to decrypt the /usr partition using files which reside on said partition isn't going to work very well 
It appears that the issue is with mdadm not being able to assemble the array's
[/EDIT]
My mkinitcpio.conf file has the following:
MODULES="dm_mod md_mod raid1 intel_agp radeon"
HOOKS="base udev autodetect pata scsi sata usb usbinput mdadm mdadm_udev encrypt filesystems shutdown fsck"If anyone else has had this problem, or is able to help me solve this, that would be great---thanks.
Last edited by albinoloverats (2012-02-19 18:52:31)
Offline
#2 2012-02-19 18:55:26
- falconindy
- Developer
- From: New York, USA
- Registered: 2009-10-22
- Posts: 4,111
- Website
Re: Boot-time luksOpen fails due to missing files
Including both mdadm and mdadm_udev is horribly wrong. Pick only one (you probably want mdadm_udev).
udev should receive events for the newly discovered block devices after you unlock the luks volumes and assemble the raid devices.
Last edited by falconindy (2012-02-19 18:59:18)
Offline
#3 2012-02-19 19:21:31
- albinoloverats
- Member
- From: London
- Registered: 2007-12-18
- Posts: 30
- Website
Re: Boot-time luksOpen fails due to missing files
Okay, I've removed mdadm from the HOOKS variable but it hasn't had any effect.
Offline
#4 2012-02-19 19:42:02
Offline
#5 2012-02-21 07:52:55
- albinoloverats
- Member
- From: London
- Registered: 2007-12-18
- Posts: 30
- Website
Re: Boot-time luksOpen fails due to missing files
Right-o: For all those who find themselves in a similar situation, I've created a quick-n-dirty hook which unlocks the partition for /usr
/lib/initcpio/hooks/unlock_usr
# vim: set ft=sh:
run_hook()
{
# location of key file in initramfs
key="/usr_key"
# block device of partition
dev="/dev/md5"
if eval /sbin/cryptsetup --key-file $key luksOpen $dev usr;
then
rm -f $key
# fsck fileystem (incase it's not clean and won't mount otherwise - I've noticed this with JFS)
/sbin/fsck.jfs /dev/mapper/usr
else
echo "Unlock failed for /usr"
echo 1
fi
}/lib/initcpio/install/unlock_usr
# vim: set ft=sh
build()
{
SCRIPT="unlock_usr"
# add JFS fsck binary - change to suit your own needs
add_binary "/sbin/fsck.jfs"
# add /usr key file
add_file "/root/usr_key" "/usr_key"
}
help()
{
cat << HELPEOF
This hook unlocks/decrypts the /usr partition.
HELPEOF
}I've added the hook to the the HOOKS variable in /etc/mkinitcpio.conf as:
HOOKS="... mdadm encrypt unlock_usr fsck filesystems ..." and everything is just about back to normal; although I'm still not sure why/how this all worked a few weeks ago and now doesn't 
Offline
#6 2012-02-21 11:50:21
- falconindy
- Developer
- From: New York, USA
- Registered: 2009-10-22
- Posts: 4,111
- Website
Re: Boot-time luksOpen fails due to missing files
Nicely done. Let's just say the short version of the story is that I broke it. I have some ideas on how to fix it for a later release™ of mkinitcpio that involve adding a crytptab so you can unlock as many volumes as you want from early userspace.
Offline