Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 645620 - sys-boot/plymouth with =sys-apps/systemd-236-r5 does not work with LUKS encrypted root
Summary: sys-boot/plymouth with =sys-apps/systemd-236-r5 does not work with LUKS encry...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Matthew Thode ( prometheanfire )
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-01-24 19:43 UTC by Richard Ostrow
Modified: 2018-03-27 06:34 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Richard Ostrow 2018-01-24 19:43:06 UTC
Upon upgrading to the above-mentioned version of systemd, system no longer prompts for a password to unlock LUKS-encrypted devices necessary for boot. Masking it and going back to the previous stable version (=sys-apps/systemd-233-r6) restores this functionality. I am using dracut to build an initrd in an EFI stub kernel (initrd built into the kernel). The root filesystem is a ZFS pool, but the kernel never sees ZFS because it cannot unlock the LUKS device.

Reproducible: Always

Steps to Reproduce:
1. Build an initrd with =sys-kernel/dracut-046-r1 with LUKS encryption support and =sys-apps/systemd-236-r5 under kernel =sys-kernel/gentoo-sources-4.9.76-r1 (all currently stable)
2. Boot using this initrd with an EFI stub kernel (probably not a factor)
3. Wait indefinitely for a password prompt or an emergency shell... neither of which will ever appear
Actual Results:  
System fails to progress to unlocking the boot volume, or dropping to an emergency shell after any timeout.

Remains responsive to keyboard commands (ctrl-alt-del performs graceful reboot)

Expected Results:  
Prompt for a password which can be used to unlock the LUKS volume

dracut is invoked with the following parameters:

dracut -M -v --early-microcode --force --ro-mnt --no-compress --kernel-cmdline "init=/usr/lib64/systemd/systemd" /tmp/initrd.cpio 4.9.76-gentoo-r1

The kernel has the following built-in command-line:

rd.luks.uuid=luks-ed2e40ef-3644-4205-aa90-60c3a8faddfc rd.luks.uuid=luks-901eb7f9-98b1-4ea0-aa12-75a3cba8c6dc modprobe.blacklist=nouveau

I have the following in /etc/crypttab:

luks-6ce533de-d023-4ddc-b960-1841a232c29f       UUID=6ce533de-d023-4ddc-b960-1841a232c29f       /root/home.key
luks-901eb7f9-98b1-4ea0-aa12-75a3cba8c6dc       UUID=901eb7f9-98b1-4ea0-aa12-75a3cba8c6dc
luks-ed2e40ef-3644-4205-aa90-60c3a8faddfc       UUID=ed2e40ef-3644-4205-aa90-60c3a8faddfc
swap                                            /dev/disk/by-id/wwn-0x5000c500a95372d2-part3    /dev/urandom    swap,cipher=aes-xts-plain64:sha256,size=256

In this case, the devices with UUIDs beginning with 901e and ed2e are critical for booting, and the others can (and must) wait until the root filesystem is mounted. This configuration has worked with all versions of systemd until this one.

emerge --info:

Portage 2.3.13 (python 3.5.4-final-0, default/linux/amd64/17.0/desktop/plasma/systemd, gcc-6.4.0, glibc-2.25-r9, 4.9.76-gentoo-r1 x86_64)
=================================================================
System uname: Linux-4.9.76-gentoo-r1-x86_64-Intel-R-_Core-TM-_i7-6700HQ_CPU_@_2.60GHz-with-gentoo-2.4.1
KiB Mem:    16365108 total,  12616116 free
KiB Swap:    8305660 total,   8305660 free
Timestamp of repository gentoo: Wed, 24 Jan 2018 06:30:01 +0000
Head commit of repository gentoo: 4b7957e12bca2dc621d3aadf0d717d3249dd302b
sh bash 4.3_p48-r1
ld GNU ld (Gentoo 2.28.1 p1.0) 2.28.1
app-shells/bash:          4.3_p48-r1::gentoo
dev-java/java-config:     2.2.0-r3::gentoo
dev-lang/perl:            5.24.3::gentoo
dev-lang/python:          2.7.14-r1::gentoo, 3.4.5::gentoo, 3.5.4-r1::gentoo
dev-util/cmake:           3.8.2::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.4.1-r2::gentoo
sys-apps/openrc:          0.34.11::gentoo
sys-apps/sandbox:         2.10-r4::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69::gentoo
sys-devel/automake:       1.11.6-r2::gentoo, 1.13.4-r1::gentoo, 1.15.1-r1::gentoo
sys-devel/binutils:       2.28.1::gentoo, 2.29.1-r1::gentoo
sys-devel/gcc:            6.4.0::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1::gentoo
sys-kernel/linux-headers: 4.4::gentoo (virtual/os-headers)
sys-libs/glibc:           2.25-r9::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    sync-rsync-extra-opts: 

x-portage
    location: /usr/local/portage
    masters: gentoo
    priority: 0

qt
    location: /var/lib/layman/qt
    sync-type: laymansync
    sync-uri: https://anongit.gentoo.org/git/proj/qt.git
    masters: gentoo
    priority: 50

steam-overlay
    location: /var/lib/layman/steam-overlay
    sync-type: laymansync
    sync-uri: https://github.com/anyc/steam-overlay.git
    masters: gentoo
    priority: 50

vifino-overlay
    location: /var/lib/layman/vifino-overlay
    sync-type: laymansync
    sync-uri: https://github.com/vifino/vifino-overlay.git
    masters: gentoo
    priority: 50

Installed sets: @esteam, @qt5-addons, @qt5-essentials, @qt5-tools
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=skylake -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/sddm/scripts/Xsetup"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=skylake -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="en en_US"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X a52 aac acl acpi activities alsa amd64 appstream berkdb bluetooth branding bzip2 cairo cdda cdr clang cli crypt cups cxx dbus declarative dri dts dvd dvdr emboss encode exif fam firefox flac fortran gdbm gif glamor gnome-keyring gpm gssapi gtk hidpi iconv ipv6 jpeg kde kerberos kipi kwallet lcms ldap libnotify mad mng modules mp3 mp4 mpeg multilib ncurses networkmanager nls nptl ogg openal opengl openmp pam pango pcre pdf phonon plasma plymouth png policykit postproc ppds pulseaudio qml qt3support qt5 readline sdl seccomp semantic-desktop spell ssl startup-notification svg systemd tcpd threads tiff truetype udev udisks unicode upower usb vdpau vim-syntax vorbis widgets wxwidgets x264 xattr xcb xcomposite xml xv xvid zlib" ABI_X86="64 32" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 fma3 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="evdev synaptics" KERNEL="linux" L10N="en en_US" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-0" POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python3_5" PYTHON_TARGETS="python2_7 python3_5" RUBY_TARGETS="ruby22 ruby23" USERLAND="GNU" VIDEO_CARDS="intel i965 nvidia nouveau" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Richard Ostrow 2018-01-24 19:47:42 UTC
Also, my local dracut config:

hostonly="yes"
add_drivers+="nvme"
Comment 2 Richard Ostrow 2018-01-24 19:48:39 UTC
... and I missed the following line :(

add_dracutmodules+="crypt plymouth systemd zfs"
Comment 3 Mike Gilbert gentoo-dev 2018-01-28 02:15:23 UTC
luks root is working fine for me with systemd-236-r5 and dracut-046-r1.
Comment 4 Richard Ostrow 2018-01-28 04:24:16 UTC
Hrmm... that's odd. What other factors could be involved here if it doesn't work for me with systemd-236-r5, but it does for systemd-233-r6?

Are you using a passphrase or a keyfile? In my case, I don't get the password prompt for a passphrase.
Comment 5 Mike Gilbert gentoo-dev 2018-01-29 21:10:38 UTC
I'm using a passphrase, and I am prompted for it by systemd in the initramfs.

Here's my disk layout:

> # lsblk -f
> NAME                                          FSTYPE      LABEL     UUID                                 MOUNTPOINT
> sda
> ├─sda1                                        vfat                  7E87-62CB
> ├─sda2                                        swap                  0c821e3b-e78a-41a8-a2d6-8f37e5a3e5f8 [SWAP]
> └─sda3                                        crypto_LUKS           65111873-7fba-46af-808e-6258952663a7
>   └─luks-65111873-7fba-46af-808e-6258952663a7 btrfs       cryptroot 0bec7aa8-4e35-4380-a548-f92a7863b712 /
> sr0

And my kernel command line:

> # cat /proc/cmdline
> initrd=\6b57096849e44b6a9de9317478b5fcae\4.9.78-gentoo\initrd luks.uuid=65111873-7fba-46af-808e-6258952663a7 root=UUID=0bec7aa8-4e35-4380-a548-f92a7863b712 loglevel=4

# emerge --info systemd dracut cryptsetup
Portage 2.3.19 (python 3.5.4-final-0, default/linux/amd64/17.0/desktop/plasma/systemd, gcc-6.4.0, glibc-2.25-r9, 4.9.78-gentoo x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-4.9.78-gentoo-x86_64-Intel-R-_Core-TM-_i5-4210U_CPU_@_1.70GHz-with-gentoo-2.4.1
KiB Mem:     8078664 total,   6877960 free
KiB Swap:   16777212 total,  16777212 free
Timestamp of repository gentoo: Sat, 27 Jan 2018 18:00:01 +0000
Head commit of repository gentoo: d41db1596e3f6f0f9640dd34513359cade3086b5
sh bash 4.4_p12
ld GNU ld (Gentoo 2.29.1 p3) 2.29.1
app-shells/bash:          4.4_p12::gentoo
dev-lang/perl:            5.24.3::gentoo
dev-lang/python:          2.7.14-r1::gentoo, 3.5.4-r1::gentoo
dev-util/cmake:           3.9.6::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.4.1-r2::gentoo
sys-apps/sandbox:         2.12::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r4::gentoo
sys-devel/automake:       1.15.1-r1::gentoo
sys-devel/binutils:       2.29.1-r1::gentoo
sys-devel/gcc:            6.4.0-r1::gentoo
sys-devel/gcc-config:     1.8-r1::gentoo
sys-devel/libtool:        2.4.6-r3::gentoo
sys-devel/make:           4.2.1::gentoo
sys-kernel/linux-headers: 4.13::gentoo (virtual/os-headers)
sys-libs/glibc:           2.25-r9::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    sync-rsync-extra-opts: 

ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=haswell"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -pipe -march=haswell"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--jobs=2 --with-bdeps=y --dynamic-deps=n"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs clean-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/x"
USE="X a52 aac acl acpi activities alsa amd64 berkdb bluetooth branding bzip2 cairo cdda cdr cli crypt cups cxx dbus declarative dri dts dvd dvdr emboss encode exif fam firefox flac fortran gdbm gif glamor gpm gtk iconv ipv6 jpeg kde kipi kwallet lcms ldap libnotify mad mng modules mp3 mp4 mpeg multilib ncurses nls nptl ogg opengl openmp pam pango pcre pdf phonon plasma png policykit ppds qml qt3support qt5 readline sdl seccomp semantic-desktop spell ssl startup-notification svg systemd tcpd tiff truetype udev udisks unicode upower usb vorbis widgets wxwidgets x264 xattr xcb xcomposite xml xv xvid zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 aes avx avx2 f16c fma3 pclmul popcnt sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-0" POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python3_5" PYTHON_TARGETS="python2_7 python3_5" RUBY_TARGETS="ruby22 ruby23" USERLAND="GNU" VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

=================================================================
                        Package Settings
=================================================================

sys-apps/systemd-236-r5::gentoo was built with the following:
USE="acl cryptsetup gcrypt gnuefi kmod lz4 pam (policykit) seccomp ssl sysv-utils (-apparmor) -audit -build -curl -elfutils -http -idn -importd -libidn2 -lzma -nat -qrcode (-selinux) -test -usrmerge -vanilla -xkb" ABI_X86="(64) -32 (-x32)"


sys-kernel/dracut-046-r1::gentoo was built with the following:
USE="-debug (-selinux)" ABI_X86="(64)"


sys-fs/cryptsetup-1.7.5::gentoo was built with the following:
USE="gcrypt nls udev -kernel -libressl -nettle -openssl -pwquality -python -reencrypt (-static) (-static-libs) -urandom" ABI_X86="(64)" PYTHON_TARGETS="python2_7 python3_5 -python3_4 -python3_6"
Comment 6 Richard Ostrow 2018-01-29 21:56:19 UTC
Hrm... here's an apples-to-apples comparison of the same:

Disk layout:
```
graendal ~ # lsblk -f
NAME        FSTYPE    LABEL      UUID                                 MOUNTPOINT
sda                                                                   
├─sda1                                                                
├─sda2      ntfs-3g   DATA       500EC80E0EC7EB54                     
├─sda3                                                                
│ └─swap    swap                 08ce00df-6326-44aa-b3ca-6178df34e6c1 [SWAP]
└─sda4      crypto_LU            6ce533de-d023-4ddc-b960-1841a232c29f 
  └─luks-6ce533de-d023-4ddc-b960-1841a232c29f
            zfs_membe hpool      17424443539815919477                 
sdb                                                                   
├─sdb1                                                                
├─sdb2      crypto_LU            901eb7f9-98b1-4ea0-aa12-75a3cba8c6dc 
│ └─luks-901eb7f9-98b1-4ea0-aa12-75a3cba8c6dc
│           zfs_membe rpool      11935181357237292819                 
└─sdb3      ntfs-3g   HP GAMES   008ABB4B8ABB3C4A                     
zd0                                                                   
├─zd0p1                                                               
├─zd0p2                                                               
├─zd0p3                                                               
└─zd0p4                                                               
nvme0n1                                                               
├─nvme0n1p1 vfat      ESP        C24F-DC5D                            
├─nvme0n1p2                                                           
├─nvme0n1p3 ntfs-3g   OS         72E0BA5CE0BA25EF                     /mnt/winbo
├─nvme0n1p4 ntfs-3g   WINRETOOLS C6F46173F4616721                     
├─nvme0n1p5 ntfs-3g   Image      563E61CC3E61A5A9                     
└─nvme0n1p6 crypto_LU            ed2e40ef-3644-4205-aa90-60c3a8faddfc 
  └─luks-ed2e40ef-3644-4205-aa90-60c3a8faddfc
            zfs_membe rpool      11935181357237292819
```

Kernel command line:

```
graendal ~ # cat /proc/cmdline 
rd.luks.uuid=luks-ed2e40ef-3644-4205-aa90-60c3a8faddfc rd.luks.uuid=luks-901eb7f9-98b1-4ea0-aa12-75a3cba8c6dc modprobe.blacklist=nouveau
```

=================================================================
                        Package Settings
=================================================================

sys-apps/systemd-233-r6:0/2::gentoo was built with the following:
USE="acl cryptsetup gcrypt kmod lz4 pam (policykit) seccomp ssl (-apparmor) -audit -build -curl -doc -elfutils -gnuefi -http -idn -importd -lzma -nat -qrcode (-selinux) -sysv-utils {-test} -vanilla -xkb" ABI_X86="32 (64) (-x32)"

sys-kernel/dracut-046-r1::gentoo was built with the following:
USE="-debug (-selinux)"

sys-fs/cryptsetup-1.7.5::gentoo was built with the following:
USE="gcrypt nls udev urandom -kernel -libressl -nettle -openssl -pwquality -python -reencrypt (-static) (-static-libs)" PYTHON_TARGETS="python2_7 python3_5 -python3_4 -python3_6"

Beyond that, the only thing that strikes me is possibly the kernel command line. I have no root=... statement because ZFS finds that automatically via the "bootfs" parameter. Maybe the new systemd didn't take that into account? All I have is speculation :( As far as I can tell, it never gets to the point where the root= statement would matter, as it never attempts to unlock the device node.

Maybe that I manually specified the rd.luks parameters for dracut while you simply specified luks.uuid= parameters...? The fact that my initrd is built into the kernel and yours is a separate file...? I seem to be grasping at straws for the differences here. Is anyone else encountering this??
Comment 7 Gilles Dartiguelongue (RETIRED) gentoo-dev 2018-02-08 14:41:13 UTC
I am hitting this as well since systemd 236 was added to the tree. I thought I was CCed to such bug already but it seems not.

Anyway, here is my configuration :

# lsblk -f
NAME                                          FSTYPE      LABEL           UUID                                 MOUNTPOINT
sda                                                                                                            
├─sda1                                        ntfs-3g     Récupération    2E6C04A76C046C41                     
├─sda2                                        vfat                        2206-6A8C                            
├─sda3                                                                                                         
├─sda4                                        ntfs-3g                     BC3A09F73A09AF86                     
├─sda5                                        ntfs-3g                     C23CC7D63CC7C39F                     
├─sda6                                        xfs                         325c3837-721f-41cf-a2d4-6fb49e41d95a 
├─sda7                                        crypto_LUKS                 6a5f89ac-62e8-4371-a494-c701f70a6a37 
│ └─luks-6a5f89ac-62e8-4371-a494-c701f70a6a37 swap                        a4e81d6a-4765-467f-aa77-b18d46bb034c [SWAP]
├─sda8                                        crypto_LUKS                 b6452990-48e2-4fae-9468-a97e2feff3bb 
│ └─luks-b6452990-48e2-4fae-9468-a97e2feff3bb btrfs                       a8910b46-e0d9-4243-83af-f915952d0ae9 /mnt/hdd
└─sda9                                        ntfs-3g     Lenovo_Recovery 5A40E1E214126640                     
zram0                                                                                                          [SWAP]

# cat /proc/cmdline 
BOOT_IMAGE=/root/boot/vmlinuz-4.14.18-gentoo root=UUID=a8910b46-e0d9-4243-83af-f915952d0ae9 ro rootflags=subvol=root init=/usr/lib/systemd/systemd resume=UUID=a4e81d6a-4765-467f-aa77-b18d46bb034c rd.luks=1 rd.luks.uuid=b6452990-48e2-4fae-9468-a97e2feff3bb rd.luks.uuid=6a5f89ac-62e8-4371-a494-c701f70a6a37 systemd.legacy_systemd_cgroup_controller=yes rd.shell libata.allow_tpm=1 quiet splash

# emerge --info systemd dracut cryptsetup
Portage 2.3.24 (python 3.5.4-final-0, default/linux/amd64/17.0/hardened, gcc-7.2.0, glibc-2.26-r5, 4.14.18-gentoo x86_64)
=================================================================
                         System Settings
=================================================================
System uname: Linux-4.14.18-gentoo-x86_64-Intel-R-_Core-TM-_i7-3687U_CPU_@_2.10GHz-with-gentoo-2.4.1
KiB Mem:    12173904 total,   8200976 free
KiB Swap:   20969464 total,  20969464 free
Timestamp of repository gentoo: Thu, 08 Feb 2018 10:00:01 +0000
Head commit of repository gentoo: 0107fabb2640584bbde34957f1d28ba4e753b0b1
sh bash 4.3_p48-r1
ld GNU ld (Gentoo 2.29.1 p3) 2.29.1
distcc 3.2rc1 x86_64-pc-linux-gnu [disabled]
ccache version 3.3.4 [disabled]
app-shells/bash:          4.3_p48-r1::gentoo
dev-java/java-config:     2.2.0-r3::gentoo
dev-lang/perl:            5.26.1-r1::gentoo
dev-lang/python:          2.7.14-r1::gentoo, 3.4.6-r1::gentoo, 3.5.4-r1::gentoo, 3.6.4::gentoo
dev-util/ccache:          3.3.4-r1::gentoo
dev-util/cmake:           3.10.1::gentoo
dev-util/pkgconfig:       0.29.2::gentoo
sys-apps/baselayout:      2.4.1-r2::gentoo
sys-apps/openrc:          0.34.11::gentoo
sys-apps/sandbox:         2.12::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69-r4::gentoo
sys-devel/automake:       1.11.6-r2::gentoo, 1.13.4-r1::gentoo, 1.15.1-r1::gentoo
sys-devel/binutils:       2.28.1::gentoo, 2.29::gentoo, 2.29.1-r1::gentoo
sys-devel/gcc:            6.4.0-r1::gentoo, 7.2.0-r1::gentoo
sys-devel/gcc-config:     1.9.1::gentoo
sys-devel/libtool:        2.4.6-r4::gentoo
sys-devel/make:           4.2.1-r1::gentoo
sys-kernel/linux-headers: 4.14::gentoo (virtual/os-headers)
sys-libs/glibc:           2.26-r5::gentoo
Repositories:

gentoo
    location: /usr/portage
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    sync-rsync-verify-metamanifest: yes
    sync-rsync-extra-opts: 

eva
    location: /var/lib/layman/eva
    masters: gentoo
    priority: 50

steam-overlay
    location: /var/lib/layman/steam-overlay
    masters: gentoo
    priority: 50

Installed sets: @gnome-desktop, @local, @network, @portage-extras, @system-extras, @system-extras-phys
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -march=ivybridge --param l1-cache-line-size=64 --param l1-cache-size=32 --param l2-cache-size=4096 -pipe -g"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/chromium/policies/managed/chrome-gnome-shell.json /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/opt/chrome/policies/managed/chrome-gnome-shell.json /etc/php/apache2-php5.6/ext-active/ /etc/php/apache2-php7.1/ext-active/ /etc/php/apache2-php7.2/ext-active/ /etc/php/cgi-php5.6/ext-active/ /etc/php/cgi-php7.1/ext-active/ /etc/php/cgi-php7.2/ext-active/ /etc/php/cli-php5.6/ext-active/ /etc/php/cli-php7.1/ext-active/ /etc/php/cli-php7.2/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -march=ivybridge --param l1-cache-line-size=64 --param l1-cache-size=32 --param l2-cache-size=4096 -pipe -g"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--load=6.0 --jobs=4 --keep-going --buildpkg-exclude 'virtual/* sys-kernel/*-sources'"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs buildsyspkg config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LANG="fr_FR.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu"
LINGUAS="en fr"
MAKEOPTS="-j5 -l5.0"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
USE="X a52 aac acl acpi alsa amd64 attr audit avahi avi bash-completion bluetooth bzip2 cairo caps cdr cgmanager cjk colord consolekit crypt cryptsetup cups cxx dbus dconf dvd eds evo exif ffmpeg filecaps flac fortran glamor gmp gnome-keyring gnome-online-accounts gnome-shell grilo gstreamer gudev hardened hwdb iconv icu introspection iptc ipv6 jit jpeg keymap laptop lcms ldap libnotify libsamplerate lirc lz4 lzma lzo mad matroska mp3 mpeg mtp multilib nautilus ncurses netlink networkmanager nfs nls nntp nptl nsplugin ntp ogg opengl openmp opus orc pam pcre pcsc-lite pdf pie pkcs11 playlist png policykit pulseaudio readline realtime seccomp sendto smartcard spell ssl ssp startup-notification svg systemd taglib telepathy theora threads tracker udev unicode upnp upnp-av urandom usb v4l v4l2 vim vim-syntax vorbis webkit x264 xattr xattrs xcb xinerama xml xmp xtpax xv xvid xvmc zeroconf zlib" ABI_X86="64" ALSA_CARDS="hda-intel" APACHE2_MODULES="auth_digest authn_file authz_groupfile dav dav_fs" APACHE2_MPMS="prefork" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CAMERAS="ptp2 directory" COLLECTD_PLUGINS="apache cpu cgroups df disk interface load logfile memory network swap syslog tail write_graphite" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3 f16c" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="pc efi-64" INPUT_DEVICES="evdev libinput synaptics" KERNEL="linux" L10N="en fr" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" NGINX_MODULES_HTTP="access auth_basic autoindex browser charset empty_gif fastcgi geo gzip limit_conn limit_req map memcached mirror proxy referer rewrite scgi split_clients ssi upstream_hash upstream_ip_hash upstream_keepalive upstream_least_conn upstream_zone userid uwsgi gzip_static realip" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-0" POSTGRES_TARGETS="postgres9_5" PYTHON_SINGLE_TARGET="python3_5" PYTHON_TARGETS="python2_7 python3_4 python3_5 python3_6" QEMU_SOFTMMU_TARGETS="x86_64 arm" QEMU_USER_TARGETS="x86_64 arm" RUBY_TARGETS="ruby22 ruby23" USERLAND="GNU" VIDEO_CARDS="intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

=================================================================
                        Package Settings
=================================================================

sys-apps/systemd-236-r5::gentoo was built with the following:
USE="acl audit cryptsetup gcrypt kmod lz4 lzma pam policykit seccomp ssl -apparmor -build -curl -elfutils -gnuefi -http -idn -importd -libidn2 -nat -qrcode (-selinux) -sysv-utils -test -usrmerge -vanilla -xkb" ABI_X86="(64) -32 (-x32)"


sys-kernel/dracut-046-r1::gentoo was built with the following:
USE="-debug (-selinux)" ABI_X86="(64)"


sys-fs/cryptsetup-2.0.1::gentoo was built with the following:
USE="argon2 gcrypt nls udev urandom -kernel -libressl -nettle -openssl -pwquality -python -reencrypt -static -static-libs" ABI_X86="(64)" PYTHON_SINGLE_TARGET="python3_5 -python2_7 -python3_4 -python3_6" PYTHON_TARGETS="python2_7 python3_4 python3_5 python3_6"
Comment 8 Richard Ostrow 2018-02-12 22:27:19 UTC
I got =sys-apps/systemd-236-r5 working after disabling the plymouth module in dracut. Therefore, it appears the integration between dracut, systemd, and plymouth is the culprit here. It now prompts for a password and boots properly.
Comment 9 Gilles Dartiguelongue (RETIRED) gentoo-dev 2018-03-27 06:34:06 UTC
Confirming omitting plymouth fixed my issues on my full encrypted disk laptop.
I'll give it another shot with newer dracut+systemd releases.