[SOLVED] initscripts 2012.07.5-1 crypttab fails unlock partition

siriusb · 2012-07-30 08:45:02

Hi,

I did a system upgrade:

[2012-07-30 08:45] Running 'pacman -Syyu'
[2012-07-30 08:45] synchronizing package lists
[2012-07-30 08:45] starting full system upgrade
[2012-07-30 08:48] upgraded btrfs-progs (0.19.20120328-3 -> 0.19.20120328-4)
[2012-07-30 08:48] upgraded libcups (1.5.3-6 -> 1.5.4-1)
[2012-07-30 08:48] upgraded libsystemd (186-2 -> 187-2)
[2012-07-30 08:48] upgraded cups (1.5.3-6 -> 1.5.4-1)
[2012-07-30 08:48] warning: /etc/protocols installed as /etc/protocols.pacnew
[2012-07-30 08:48] warning: /etc/services installed as /etc/services.pacnew
[2012-07-30 08:48] upgraded iana-etc (2.30-2 -> 2.30-3)
[2012-07-30 08:48] warning: /etc/crypttab installed as /etc/crypttab.pacnew
[2012-07-30 08:48] upgraded filesystem (2012.6-4 -> 2012.7-1)
[2012-07-30 08:48] upgraded systemd-tools (186-2 -> 187-2)
[2012-07-30 08:48] warning: /etc/rc.conf installed as /etc/rc.conf.pacnew
[2012-07-30 08:48] warning: /etc/rc.local installed as /etc/rc.local.pacnew
[2012-07-30 08:48] upgraded initscripts (2012.06.3-2 -> 2012.07.5-1)
[2012-07-30 08:48] upgraded iptables (1.4.14-2 -> 1.4.14-3)
[2012-07-30 08:48] upgraded leptonica (1.69-2 -> 1.69-3)
[2012-07-30 08:48] upgraded lib32-dbus-core (1.6.2-1 -> 1.6.4-1)
[2012-07-30 08:48] upgraded lib32-glib2 (2.32.3-1 -> 2.32.4-1)
[2012-07-30 08:48] upgraded lib32-mesa (8.0.4-1 -> 8.0.4-3)
[2012-07-30 08:48] upgraded mpg123 (1.14.3-1 -> 1.14.4-1)
[2012-07-30 08:48] upgraded lib32-mpg123 (1.14.3-2 -> 1.14.4-1)
[2012-07-30 08:48] upgraded lib32-readline (6.2.003-1 -> 6.2.004-1)
[2012-07-30 08:48] upgraded pkgstats (2.1-5 -> 2.3-1)
[2012-07-30 08:48] upgraded valgrind (3.7.0-3 -> 3.7.0-4)

I updated the config files as well (pacnew).

After reboot system halted because couldn't mount a LUKS encrypted data partition (2nd uncommented line in my crypttab). Home and root are encrypted as well.

A working crypttab after some tests:

cryptedhome /dev/disk/by-uuid/something /path/to/keyfile
kamra /dev/sda3  /path/to/keyfile2

Tab is used for inline field separation as whitespace.

With UUID=blabla in both lines it doesn't work.

With /dev/disk/by-uuid/ in the second line it doesn't work.

I'm not sure what the problem is whether I made a mistake or it is a bug.

Last edited by siriusb (2012-08-27 06:16:23)

indianahorst · 2012-07-30 09:14:45

Same problem here....

My old (but working) crypttab:

crypthome       /dev/sda2                              ASK
cryptswap       /dev/disk/by-id/......                SWAP                    "-c aes-xts-plain -s 256 -h sha256"

With the new syntax, boot process ended up in

Mon Jul 30 09:28:00 2012: Unlocking crypthome
Mon Jul 30 09:28:00 2012: Using legacy crypttab format. This will stop working in the future. See crypttab(5).
Mon Jul 30 09:28:00 2012: Unlocking of crypthome failed.
Mon Jul 30 09:28:00 2012: Unlocking cryptswap
Mon Jul 30 09:28:00 2012: :: Checking filesystems    [BUSY] fsck.ext3: No such file or directory while trying to open /dev/mapper/crypthome
Mon Jul 30 09:28:00 2012: Possibly non-existent device?
Mon Jul 30 09:28:00 2012:    [FAIL] 
Mon Jul 30 09:28:00 2012: 
Mon Jul 30 09:28:00 2012: *****************  FILESYSTEM CHECK FAILED  ****************
Mon Jul 30 09:28:00 2012: *                                                          *
Mon Jul 30 09:28:00 2012: *  Please repair manually and reboot. Note that the root   *
Mon Jul 30 09:28:00 2012: *  file system is currently mounted read-only. To remount  *
Mon Jul 30 09:28:00 2012: *  it read-write, type: mount -o remount,rw /              *
Mon Jul 30 09:28:00 2012: *  When you exit the maintenance shell, the system will    *
Mon Jul 30 09:28:00 2012: *  reboot automatically.                                   *
Mon Jul 30 09:28:00 2012: *                                                          *
Mon Jul 30 09:28:00 2012: ************************************************************
Mon Jul 30 09:28:00 2012: 
Mon Jul 30 09:28:00 2012: Give root password for maintenance
Mon Jul 30 09:28:00 2012: (or type Control-D to continue):

Used new syntax:

crypthome       /dev/sda2               
cryptswap     /dev/disk/by-id/.........                /dev/urandom                    cipher=aes-xts-plain,size=256,hash=sha256,swap

It seems not very clever to me to warn the user with a big red message but neither is the dmcrypt wiki article up to date, nor the manpage seems to be correct. Especially the paragraph in man crypttab

The third field specifies the encryption password. If the field is not
present or the password is set to none, the password has to be
manually entered during system boot.

is very unclear. I type my passphrase on boot but if I omit the third field, I can't boot. But, perhaps, it is another error in syntax which causes the boot failure....

Another unclear one is if the options in the fourth field are necessary or not.

Last edited by indianahorst (2012-07-30 09:25:31)

siriusb · 2012-07-30 10:16:17

Thanks for your reply. Then it must be a bug.

I had no problem interpreting man page.
Man page says: The first two fields are mandatory, the remaining two are optional.

Re third field: Otherwise the field is interpreted as a path to a file containing the encryption password.

It seems first line is read and interpreted correctly from crypttab, but at the second line it fails.

Update:
https://bugs.archlinux.org/task/30919

Last edited by siriusb (2012-07-30 10:28:30)

nullren · 2012-08-05 02:54:22

indianahorst wrote:

It seems not very clever to me to warn the user with a big red message but neither is the dmcrypt wiki article up to date, nor the manpage seems to be correct. Especially the paragraph in man crypttab
The third field specifies the encryption password. If the field is not
present or the password is set to none, the password has to be
manually entered during system boot.
is very unclear. I type my passphrase on boot but if I omit the third field, I can't boot. But, perhaps, it is another error in syntax which causes the boot failure....
Another unclear one is if the options in the fourth field are necessary or not.

i had received the warnings, too, about upgrading my crypttab. in the old syntax, i only changed "ASK" to "none" and kept everything else the same and have not received any warnings.

siriusb · 2012-08-12 11:38:09

[2012-08-12 11:26] upgraded initscripts (2012.07.5-1 -> 2012.08.2-1)

Error message:

crypt_init() failed: Block device required

What changed: /dev/disk/by-uuid/ syntax works on both lines, UUID= still fails.

If you experience the same issue, you may want to vote, as I requested to re-open this bug: https://bugs.archlinux.org/task/30919

tomegun · 2012-08-12 12:28:46

The problem with UUID= not working is in fact a bug in initscripts. It has been fixed in git, and should be out in the next release. A workaround is to use /dev/disk/by-uuid/ as you noted.

The problem with the third field being empty is also a bug. It has not been fixed yet, but I'll fix that before the next release if no one else submits a patch. A workaround is to use "none".

Sorry for the inconvenience, and thanks for reporting.

siriusb · 2012-08-12 13:30:22

Thanks for your work!

--------------------
Update:

upgraded initscripts (2012.08.2-1 -> 2012.08.3-1)

With this version problem solved.

Last edited by siriusb (2012-08-27 06:15:19)

Arch Linux

#1 2012-07-30 08:45:02

[SOLVED] initscripts 2012.07.5-1 crypttab fails unlock partition

#2 2012-07-30 09:14:45

Re: [SOLVED] initscripts 2012.07.5-1 crypttab fails unlock partition

#3 2012-07-30 10:16:17

Re: [SOLVED] initscripts 2012.07.5-1 crypttab fails unlock partition

#4 2012-08-05 02:54:22

Re: [SOLVED] initscripts 2012.07.5-1 crypttab fails unlock partition

#5 2012-08-12 11:38:09

Re: [SOLVED] initscripts 2012.07.5-1 crypttab fails unlock partition

#6 2012-08-12 12:28:46

Re: [SOLVED] initscripts 2012.07.5-1 crypttab fails unlock partition

#7 2012-08-12 13:30:22

Re: [SOLVED] initscripts 2012.07.5-1 crypttab fails unlock partition

Board footer