Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 446018

Summary: sys-fs/cryptsetup - dmcrypt init script should use keymaps
Product: Gentoo Linux Reporter: lxg <mail2lx>
Component: Current packagesAssignee: Gentoo's Team for Core System packages <base-system>
Status: CONFIRMED ---    
Severity: normal CC: alpiturchi, eras, gentoo, gentoo_bugs.nu_q5v, joakim.tjernlund, laurent, openrc
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=338082
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: 0001-Create-save-keymaps-and-save-ktermencoding-services.patch

Description lxg 2012-12-05 00:23:18 UTC
I have a setup where I use dmcrypt/cryptsetup/LUKS for my /home partition. I've now rebooted for the first time since 12 days, and suddenly my LUKS password was not accepted.

It turned out that the keymaps service wasn't loaded yet, which would have loaded the key mappings for my German keyboard.

So I guess that dmcrypt should be loaded after keymaps.

This seems to be a regression, as I haven't had this type of problem before.

Here are my current runlevels:

lab ~ # rc-status boot
Runlevel: boot
 hwclock                      [  started  ]
 modules                      [  started  ]
 device-mapper                [  started  ]
 dmcrypt                      [  started  ]
 fsck                         [  started  ]
 root                         [  started  ]
 mtab                         [  started  ]
 localmount                   [  started  ]
 sysctl                       [  started  ]
 bootmisc                     [  started  ]
 alsasound                    [  started  ]
 termencoding                 [  started  ]
 consolefont                  [  started  ]
 hostname                     [  started  ]
 keymaps                      [  started  ]
 numlock                      [  started  ]
 procfs                       [  started  ]
 swapfiles                    [  started  ]
 tmpfiles.setup               [  started  ]
 urandom                      [  started  ]
 vixie-cron                   [  started  ]
lab ~ # rc-status default
Runlevel: default
 NetworkManager               [  started  ]
 mysql                        [  started  ]
 syslog-ng                    [  started  ]
 netmount                     [  started  ]
 sshd                         [  started  ]
 apache2                      [  started  ]
 consolekit                   [  started  ]
 cupsd                        [  started  ]
 memcached                    [  started  ]
 svnserve                     [  started  ]
 vsftpd.binhost               [  started  ]
 local                        [  started  ]


Here's my emerge --info, in case it matters.

lab ~ # emerge --info
Portage 2.1.11.33 (default/linux/amd64/10.0/desktop, gcc-4.6.3, glibc-2.16.0, 3.6.6-gentoo x86_64)
=================================================================
System uname: Linux-3.6.6-gentoo-x86_64-Intel-R-_Core-TM-_i7_CPU_960_@_3.20GHz-with-gentoo-2.2
Timestamp of tree: Tue, 04 Dec 2012 12:15:01 +0000
ld GNU ld (GNU Binutils) 2.23.1
ccache version 3.1.8 [disabled]
app-shells/bash:          4.2_p39
dev-java/java-config:     2.1.12
dev-lang/python:          2.7.3-r2, 3.2.3-r1
dev-util/ccache:          3.1.8
dev-util/cmake:           2.8.10.2
dev-util/pkgconfig:       0.27.1
sys-apps/baselayout:      2.2
sys-apps/openrc:          0.11.6
sys-apps/sandbox:         2.6
sys-devel/autoconf:       2.13, 2.69
sys-devel/automake:       1.9.6-r3, 1.11.6, 1.12.5
sys-devel/binutils:       2.23.1
sys-devel/gcc:            4.6.3
sys-devel/gcc-config:     1.8
sys-devel/libtool:        2.4.2
sys-devel/make:           3.82-r4
sys-kernel/linux-headers: 3.6 (virtual/os-headers)
sys-libs/glibc:           2.16.0
Repositories: gentoo x-portage
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=core2 -msse4.1 -mcx16 -msahf -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa /usr/share/polkit-1/actions /usr/share/themes/oxygen-gtk/gtk-2.0"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/apache2-php5.4/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cgi-php5.4/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/php/cli-php5.4/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=core2 -msse4.1 -mcx16 -msahf -O2 -pipe"
DISTDIR="/usr/portage/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs buildpkg config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news nodoc noinfo parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch"
FFLAGS="-O2 -pipe"
GENTOO_MIRRORS="ftp://mirror.netcologne.de/gentoo/ http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/"
LANG="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j7"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi alsa amd64 avi bash-completion berkdb bluetooth branding bzip2 cairo cdda cdr cli consolekit cracklib crypt cups cxx dbus dri dri2 dts dvb dvd dvdr dvdread emboss encode evo exif fam fame ffmpeg firefox flac foomaticdb fortran gdbm gif gpm gtk gtk3 iconv icu imlib ipv6 jingle jpeg lcms libnotify mad matroska mmx mng modules mp3 mp4 mpeg mudflap multilib ncurses networkmanager nls nptl nptlonly ogg opengl openmp pam pango pcre pdf png policykit ppds pppd qt3support qt4 readline sdl session spell sse sse2 ssl subversion svg tcpd telepathy theora tiff truetype udev udisks unicode upnp upower usb v4l vorbis wxwidgets x264 xcb xcomposite xinerama xml xv xvid zlib" ALSA_CARDS="hda-intel usb-audio" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="de en" PHP_TARGETS="php5-3 php5-4" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_2" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="intel radeon" XFCE_PLUGINS="menu brightness logout clock" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON
Comment 1 SpanKY gentoo-dev 2015-04-12 18:44:45 UTC
it's not really possible with the current init layout

dmcrypt: before fsck
keymaps: need localmount
localmount: need fsck

so if dmcrypt required keymaps, it couldn't also run before fsck, because keymaps needs fsck to run first

the keymaps init probably should drop localmount ... we've made the requirement that /usr be available at early boot, which means there's no need for keymaps to require localmount.
Comment 2 SpanKY gentoo-dev 2015-04-12 18:47:53 UTC
although that still wouldn't help

keymaps: need termencoding
termencoding: after bootmisc
bootmisc: need localmount

not sure why termencoding depends on bootmisc when the only thing it does is write to /dev nodes.  probably should delete that dependency too.  the 'use root' in termencoding also looks pointless.
Comment 3 Markus Walter 2017-01-15 14:22:15 UTC
I just stumbled upon this problem after years of use. Can this be resolved? Also is there a recent change, that may have caused it appearing for me?
Comment 4 Laurent V 2018-03-21 08:44:55 UTC
Hello,

I am affected as well with at least another user in the Gentoo forums (see https://forums.gentoo.org/viewtopic-p-8198852.html)

I can do any troubleshooting steps, I tried to play with rc_need and the like but no luck

Cheers,

Laurent
Comment 5 me 2018-06-13 13:28:05 UTC
Have been bit by this too now, after some major updating. It has been working fine on my system before, loading the keymap before asking for the key for /home.
It feels like a regression to me.
Comment 6 cazzantonio 2018-09-24 20:07:17 UTC
This bug is also related to this:
https://bugs.gentoo.org/651998
Comment 7 Brian Evans (RETIRED) gentoo-dev 2018-11-06 01:14:57 UTC
*** Bug 651998 has been marked as a duplicate of this bug. ***
Comment 8 William Hubbs gentoo-dev 2018-11-06 22:41:56 UTC
Created attachment 554326 [details, diff]
0001-Create-save-keymaps-and-save-ktermencoding-services.patch

If you are willing to test this, please apply this patch to OpenRC
0.39.2, then add save-keymaps and save-termencoding to your boot
runlevel, unmask and emerge the latest cryptsetup and reboot.

Let me know if things come up successfully.

Thanks,

William
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2018-11-07 01:09:36 UTC
(In reply to William Hubbs from comment #8)
> If you are willing to test this, please apply this patch to OpenRC
> 0.39.2, then add save-keymaps and save-termencoding to your boot
> runlevel, unmask and emerge the latest cryptsetup and reboot.
> 
> Let me know if things come up successfully.

System was able to start with the patch applied and cryptsetup-2.0.5-r1:

> rc sysinit logging started at Wed Nov  7 02:04:16 2018
> 
> 
>    OpenRC 0.39.2 is starting up Gentoo Linux (x86_64)
> 
>  * /proc is already mounted
>  * Mounting /run ...
>  * /run/openrc: creating directory
>  * /run/lock: creating directory
>  * /run/lock: correcting owner
>  * Caching service dependencies ...
>  [ ok ]
>  * Mounting debug filesystem ...
>  [ ok ]
>  * Mounting persistent storage (pstore) filesystem ...
>  [ ok ]
>  * Mounting cgroup filesystem ...
>  [ ok ]
>  * Remounting devtmpfs on /dev ...
>  [ ok ]
>  * Mounting /dev/mqueue ...
>  [ ok ]
>  * Mounting /dev/shm ...
>  [ ok ]
>  * Creating list of required static device nodes for the current kernel ...
>  [ ok ]
>  * Setting up tmpfiles.d entries for /dev ...
>  [ ok ]
>  * Starting udev ...
>  [ ok ]
>  * Generating a rule to create a /dev/root symlink ...
>  [ ok ]
>  * Populating /dev with existing devices through uevents ...
>  [ ok ]
> 
> rc sysinit logging stopped at Wed Nov  7 02:04:16 2018
> 
> 
> rc boot logging started at Wed Nov  7 02:04:16 2018
> 
>  * Setting system clock using the hardware clock [UTC] ...
>  [ ok ]
>  * Mounting misc binary format filesystem ...
>  [ ok ]
>  * Loading custom binary format handlers ...
>  [ ok ]
>  * Setting terminal encoding [UTF-8] ...
>  [ ok ]
>  * Setting keyboard mode [UTF-8] ...
>  [ ok ]
>  * Loading key mappings [us] ...
>  [ ok ]
>  * Setting up dm-crypt mappings ...
>  *   dataVault using:   open /dev/sdc1 dataVault ...
>  [ ok ]
>  [ ok ]
>  * Checking local filesystems  ...
> root: clean, 191427/801248 files, 1862276/3204096 blocks
> Boot: clean, 85/32768 files, 23355/131060 blocks
> portage: clean, 163552/524288 files, 385274/2097152 blocks
> distfiles: clean, 514/262144 files, 509827/1048576 blocks
> fsSecureData: clean, 4011/655360 files, 94056/2620667 blocks
>  [ ok ]
>  * Remounting root filesystem read/write ...
>  [ ok ]
>  * Remounting filesystems ...
>  [ ok ]
>  * Updating /etc/mtab ...
>  * Creating mtab symbolic link
>  [ ok ]
>  * Activating swap devices ...
>  [ ok ]
>  * Mounting local filesystems ...
>  [ ok ]
>  * Configuring kernel parameters ...
>  [ ok ]
>  * Creating user login records ...
>  [ ok ]
>  * Wiping /tmp directory ...
>  [ ok ]
>  * Setting hostname to vm-gentoo-42...
>  [ ok ]
>  * Bringing up network interface lo ...
>  [ ok ]
>  * Setting up tmpfiles.d entries ...
>  [ ok ]
>  * Saving key mapping ...
>  [ ok ]
>  * Saving terminal encoding ...
>  [ ok ]
>  * Initializing random number generator ...
>  [ ok ]
> 
> rc boot logging stopped at Wed Nov  7 02:04:30 2018


fyi: Please check indentation of save-termencoding. Missing tab in start()...
Comment 10 William Hubbs gentoo-dev 2018-11-07 19:21:58 UTC
https://github.com/openrc/openrc/commit/7eb3975543eafd44c6946ca5a76812aa0d7a7303

This will be added to OpenRC 0.40.
Comment 11 Arfrever Frehtes Taifersar Arahesis 2018-12-10 07:51:21 UTC
Since sys-apps/openrc-0.40 was released 7 days ago, probably the following entry should be dropped from profiles/package.mask:

# Brian Evans <grknight@gentoo.org> (05 Nov 2018)
# Causes a dependency loop in the OpenRC script. Bug #651998
=sys-fs/cryptsetup-2.0.5-r1


The changes made between sys-fs/cryptsetup-2.0.5 and sys-fs/cryptsetup-2.0.5-r1 ebuilds were not included in recently added sys-fs/cryptsetup-2.0.6 ebuild.
If these changes were correct, then sys-fs/cryptsetup-2.0.6-r1 with these changes restored should be added.
Comment 12 Joakim Tjernlund 2019-02-27 15:37:55 UTC
I had the same problem with keymaps loading after dmcrypt so I upgraded to
sys-apps/openrc-0.41.2 but that did not help:

rc boot logging started at Wed Feb 27 16:09:46 2019

 * Loading module vboxdrv ...
 [ ok ]
 * Loading module vboxnetflt ...
 [ ok ]
 * Loading module vboxnetadp ...
 [ ok ]
 * Loading module vboxpci ...
 [ ok ]
 * Setting system clock using the hardware clock [UTC] ...
 [ ok ]
 * Mounting misc binary format filesystem ...
 [ ok ]
 * Loading custom binary format handlers ...
 [ ok ]
 * Setting up dm-crypt mappings ...
 [ ok ]
 * Setting up the Logical Volume Manager ...
 [ ok ]
 * Checking local filesystems  ...
/sbin/fsck.xfs: XFS file system.
fsck.fat 4.1 (2017-01-24)
/dev/nvme0n1p1: 625 files, 57742/516190 clusters
 [ ok ]
 * Remounting root filesystem read/write ...
 [ ok ]
 * Remounting filesystems ...
 [ ok ]
 * Updating /etc/mtab ...
 * Creating mtab symbolic link
 [ ok ]
 * Activating swap devices ...
 [ ok ]
 * Mounting local filesystems ...
 [ ok ]
 * Configuring kernel parameters ...
 [ ok ]
 * Creating user login records ...
 [ ok ]
 * Wiping /tmp directory ...
 [ ok ]
 * Setting terminal encoding [UTF-8] ...
 [ ok ]
 * Setting console font [sun12x22] ...
 [ ok ]
 * Setting hostname to se-jocke-lx.infinera.com  ...
 [ ok ]
 * Setting keyboard mode [UTF-8] ...
 [ ok ]
 * Loading key mappings [fi] ...
 [ ok ]
 * Bringing up network interface lo ...
 [ ok ]
Comment 13 Joakim Tjernlund 2019-03-04 14:37:33 UTC
In /etc/conf.d/keymaps I added:
rc_before="dmcrypt"

Now it works, is this the correct way to add a dep. in openrc?
Comment 14 J.Borme 2021-04-25 22:41:16 UTC
(In reply to William Hubbs from comment #10)
Since a commit was planned for openRC 0.40, and we are now at 0.42, is there any news?

I added "after keymaps" to /etc/init.d/dmcrypt. It works for me, I was wondering if anything would block adding the keymap dependency into the /etc/init.d/dmcrypt initscript provided by sys-fs/cryptsetup?

Other users have been reporting the issue:
* Someone using gentoo on Raspberry Pi (2019-10-03) https://www.raspberrypi.org/forums/viewtopic.php?t=253479
* On the gentoo forums (2020-01-02): https://forums.gentoo.org/viewtopic-t-1106244-start-0.html
Comment 15 J.Borme 2021-05-02 02:03:19 UTC
While at it, apart from "after keymaps", dmcrypt should also be set "before localmount". If not, the parallel boot continues while the user types the password, messing with the display, and starting services before the crypted devices are available.