You are not logged in.

Pages: 1

#1 2022-12-01 15:55:22

Werzi2001
Member
Registered: 2012-07-07
Posts: 41

[SOLVED] Custom initcpio hooks not executed anymore

Hello everybody,

I encrypted my system so that the key to unlock is a file on an encrypted usb stick. In order to do that I added 2 (very simple) custom hooks to initcpio that get executed before/after the encrypt hook to unlock/lock the usb stick. Using that approach the standard encrypt hook can then retrieve the key. This worked for years but stopped working a few days ago after an update. The initcpio image seems to be built just fine (rootkey_start and rootkey_end are the custom hooks):

# mkinitcpio -p linux
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
  -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
==> Starting build: 6.0.10-arch2-1
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [autodetect]
  -> Running build hook: [modconf]
  -> Running build hook: [block]
==> WARNING: Possibly missing firmware for module: xhci_pci
  -> Running build hook: [keymap]
  -> Running build hook: [lvm2]
  -> Running build hook: [keyboard]
  -> Running build hook: [rootkey_start]
  -> Running build hook: [encrypt]
==> WARNING: Possibly missing firmware for module: qat_4xxx
  -> Running build hook: [rootkey_stop]
  -> Running build hook: [fsck]

Anyhow during boot the hooks are not run but instead encrypt is run directly (which of course fails). As a workaround I added my custom code to the encrypt hook which works just fine (so the code itself works but just doesn't get called). Was there a change (couldn't find one) so the install/hook construct has to look differently now?

Thanks & Best Regards
Werzi2001

Some important files/infos:

# /etc/mkinitcpio.conf

...
HOOKS=(base udev autodetect modconf block keymap lvm2 keyboard rootkey_start encrypt rootkey_stop fsck)
...
# /usr/lib/initcpio/install/rootkey_start

build ()
{
        add_runscript
}

help ()
{
cat<<HELPEOF
        Opens the rootkey Device
HELPEOF
}
# /usr/lib/initcpio/hooks/rootkey_start

run_hook ()
{
        echo "Waiting for rootkey-Device ${rootkeydev}"
        while [ ! -b $rootkeydev ]; do
                sleep 1
        done

        echo "Opening rootkey-Device ${rootkeydev}"
        cryptsetup luksOpen ${rootkeydev} rootkey
}

Last edited by Werzi2001 (2022-12-03 12:28:54)

Offline

#2 2022-12-02 11:38:51

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 596

Re: [SOLVED] Custom initcpio hooks not executed anymore

Werzi2001 wrote:

This worked for years but stopped working a few days ago after an update.

After an update of what? mkinitcpio, cryptsetup or something else? Check /var/log/pacman.log.

Check if the hook is listed in lsinitcpio output:

# lsinitcpio -a /boot/initramfs-linux.img

Try booting with kernel parameters:

rd.debug rd.log=console|file

The log will be in /run/initramfs/init.log. See if the commands from the hook get executed.

Also, while this is not related to your issue, custom non-packaged hooks should be placed in /etc/initcpio/{hooks,install}/.
/usr/lib/ is the package manager's territory.

Last edited by nl6720 (2022-12-02 11:43:51)

Offline

#3 2022-12-03 10:58:59

Werzi2001
Member
Registered: 2012-07-07
Posts: 41

Re: [SOLVED] Custom initcpio hooks not executed anymore

nl6720 wrote:

After an update of what? mkinitcpio, cryptsetup or something else? Check /var/log/pacman.log.

I'm not 100% sure but I think it was this update:

[2022-11-24T19:26:47+0100] [ALPM] upgraded mkinitcpio (32-2 -> 33-1)
nl6720 wrote:

Check if the hook is listed in lsinitcpio output:

Yes it is:

# lsinitcpio -a /boot/initramfs-linux.img
==> Hook run order:
  udev
  keymap
  rootkey_start
  encrypt
  rootkey_stop
nl6720 wrote:

Try booting with kernel parameters:

rd.debug rd.log=console|file

It seems to be checked but not executed (not sure how to interpret the output):

+ '[' -x /hooks/rootkey_start ]
+ continue
+ '[' -x /hooks/encrypt ]
+ unset run_hook
+ ./hooks/encrypt

I thought about that the script has to be executable (that's what the check looks for me) but all other hook scripts in the hooks directory are also not executable.

nl6720 wrote:

Also, while this is not related to your issue, custom non-packaged hooks should be placed in /etc/initcpio/{hooks,install}/.
/usr/lib/ is the package manager's territory.

Thanks for the info. I'll move the files as soon as it's working again.

Offline

#4 2022-12-03 11:17:23

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 596

Re: [SOLVED] Custom initcpio hooks not executed anymore

add_runscript installs the hooks with 755 permissions, so they should be executable in the initramfs.

If you downgrade to mkinitcpio 32-2, does the issue go away?

Offline

#5 2022-12-03 11:50:31

Werzi2001
Member
Registered: 2012-07-07
Posts: 41

Re: [SOLVED] Custom initcpio hooks not executed anymore

nl6720 wrote:

If you downgrade to mkinitcpio 32-2, does the issue go away?

I just tried by downgrading and yes it does. Version 32-2 and everything works fine, version 33 and my hooks are not run. So is it a bug there or am I doing something wrong?

PS:
I checked the changelog https://gitlab.archlinux.org/archlinux/ … -/tags/v33 but nothing seems to be related to my problem.

PPS:
No I have to correct myself:

* Try to properly resolve symlinks when adding files into the initramfs.

That might be related because the files are actually symlinks. I'll give it a try without symlinks and version 33. Although I guess the "try to resolve" part was not successful then as it worked in older versions.

Last edited by Werzi2001 (2022-12-03 11:53:54)

Offline

#6 2022-12-03 11:57:41

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 596

Re: [SOLVED] Custom initcpio hooks not executed anymore

Werzi2001 wrote:

So is it a bug there

Maybe. It's hard to tell where it goes wrong since I cannot reproduce the issue.

Upgrade the mkinitcpio package (the whole system, really) and boot by adding break to the kernel parameters.
When you land in the initramfs shell, run:

[rootfs ]# stac -c %a /hooks/rootkey_start /hooks/rootkey_stop

Also check the /hooks/ directory with ls to see if the files are there at all.

Offline

#7 2022-12-03 12:00:32

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 596

Re: [SOLVED] Custom initcpio hooks not executed anymore

Werzi2001 wrote:
* Try to properly resolve symlinks when adding files into the initramfs.

That might be related because the files are actually symlinks. I'll give it a try without symlinks and version 33. Although I guess the "try to resolve" part was not successful then as it worked in older versions.

Oh! I broke a few things when adding support for relative symlinks.
Are they nested symlinks? If so https://gitlab.archlinux.org/archlinux/ … quests/159 should fix it. If they are not nested, please try mkinitcpio-git to see if it's fixed already.

Edit:
I can confirm that adding a hook via a symlink is broken in mkinitcpio v33.

Last edited by nl6720 (2022-12-03 12:14:41)

Offline

#8 2022-12-03 12:16:49

Werzi2001
Member
Registered: 2012-07-07
Posts: 41

Re: [SOLVED] Custom initcpio hooks not executed anymore

I tried to try mkinitcpio-git but now my linux.preset is gone and I can't generate anymore. Do you know how to get it back?

# mkinitcpio -p linux
/usr/bin/mkinitcpio: line 392: /etc/mkinitcpio.d/linux.preset: No such file or directory
==> ERROR: Failed to load preset: `/etc/mkinitcpio.d/linux.preset'

About the symlinks: They are not relative symlinks but absolute ones and they are not nested (I moved it to /etc now):

# ls -l /etc/initcpio/hooks/
insgesamt 0
lrwxrwxrwx 1 root root 51 28. Apr 2020  rootkey_start -> /home/thomas/scripts/mkinitcpio/hooks/rootkey_start
lrwxrwxrwx 1 root root 50 28. Apr 2020  rootkey_stop -> /home/thomas/scripts/mkinitcpio/hooks/rootkey_stop

Offline

#9 2022-12-03 12:19:58

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 596

Re: [SOLVED] Custom initcpio hooks not executed anymore

Werzi2001 wrote:

I tried to try mkinitcpio-git but now my linux.preset is gone and I can't generate anymore. Do you know how to get it back?

I forgot about that oddity. To get it back, reinstall the kernel.

Last edited by nl6720 (2022-12-03 12:25:42)

Offline

#10 2022-12-03 12:28:35

Werzi2001
Member
Registered: 2012-07-07
Posts: 41

Re: [SOLVED] Custom initcpio hooks not executed anymore

I can confirm that it works with mkinitcpio-git (33.14.gfb8206a). For now I'll stick to v32 (prefering non-git versions). Thanks a lot for your help.

Offline

#11 2022-12-03 12:29:25

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 596

Re: [SOLVED] Custom initcpio hooks not executed anymore

Just for reference, the issue was fixed in https://gitlab.archlinux.org/archlinux/ … quests/153.

Offline

#12 2022-12-04 23:50:26

afader
Member
Registered: 2013-09-12
Posts: 162

Re: [SOLVED] Custom initcpio hooks not executed anymore

I have maybe a similar problem and the solution is to downgrade mkinitcpio to 32. I use nvidia-dkms and lkrg-dkms if that makes a difference. It also does seem to make my presets disappear for linux-hardened

(4/5) Updating linux initcpios...
call to execv failed (No such file or directory)
error: command failed to execute correctly
(5/5) Removing obsolete cached package files (keeping the latest two)...
==> no candidate packages found for pruning
> sudo mkinitcpio -P linux-hardened
==> ERROR: No presets found in /etc/mkinitcpio.d

Offline

Pages: 1

Board footer

Powered by FluxBB