Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 218920 - dmcrypt should start before partitions get mounted and after keymaps are set
Summary: dmcrypt should start before partitions get mounted and after keymaps are set
Status: RESOLVED WORKSFORME
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on: 218141
Blocks:
  Show dependency tree
 
Reported: 2008-04-22 17:54 UTC by Markus Rothe (RETIRED)
Modified: 2014-03-23 11:41 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
picture showing that partitions get mounted before dmcrypt is run (boot_order_wrong.jpg,173.70 KB, image/jpeg)
2008-04-22 17:55 UTC, Markus Rothe (RETIRED)
Details
better picture (boot_order_wrong_2.jpg,183.82 KB, image/jpeg)
2008-04-22 19:07 UTC, Markus Rothe (RETIRED)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Markus Rothe (RETIRED) gentoo-dev 2008-04-22 17:54:32 UTC
Using dmcrypt with openrc 0.2.2 isn't working as expected.

The system:

- Baselayout 2.0.0
- OpenRC 0.2.2
- /etc/init.d/dmcrypt from sys-fs/cryptsetup-1.0.5-r1

What's wrong:

- partitions get mounted before dmcrypt could "luksOpen" them
- the keymap is not loaded before dmcrypt asks for the password -> if you are
not running "us" keyboard but for example "de" you have to guess where the
correct extra chars like ; or { are.

Current boot order:

1. mount partitions
2. run dmcrypt
3. set keymap

Expected boot order:

1. set keymap
2. run dmcrypt
3. mount partitions

The attached picture shows that the partitions get mounted before dmcrypt runs.
The picture is a few days old and does not use openrc 0.2.2 but an older
version. As you can see the keymaps were loaded before dmcrypt. This changed in
recent versions! (Yea, I wanted to open this bug for a few weeks now...)
Comment 1 Markus Rothe (RETIRED) gentoo-dev 2008-04-22 17:55:25 UTC
Created attachment 150628 [details]
 picture showing that partitions get mounted before dmcrypt is run
Comment 2 Markus Rothe (RETIRED) gentoo-dev 2008-04-22 19:07:02 UTC
Created attachment 150634 [details]
better picture

this picture comes from openrc 0.2.2 and shows that the keymap is not being set before dmcrypt is called.
Comment 3 Jürgen Geuter 2008-05-21 16:58:12 UTC
Could someone modify the title because the keymaps issue was not clear from that description and I think that that one is as serious. I don't wanna open a new bug for this similar issue.
Comment 4 Markus Rothe (RETIRED) gentoo-dev 2008-05-22 06:41:18 UTC
(In reply to comment #3)
> Could someone modify the title because the keymaps issue was not clear from
> that description.

good point. done
Comment 5 SpanKY gentoo-dev 2008-06-03 15:46:56 UTC
set your custom depend string in conf.d/dmcrypt ... the order of init scripts for you may not be appropriate for other people (in fact, i can guarantee it)
Comment 6 Jürgen Geuter 2008-06-03 17:11:13 UTC
I think it's not just that easy. I could of course put "/etc/init.d/keymaps start" into /etc/conf.d/dmcrypt, the problem is, that the keymaps script itself depends on localmount which cannot have run because the dmcrypt container is not unlocked.

So if that is the way it would either mean rewriting the keymaps script, probably hardwiring the "mount /" which would rip out a lot of what the init system is about.

Correct me if I'm wrong please.
Comment 7 SpanKY gentoo-dev 2008-06-03 19:59:20 UTC
i didnt mean put '/etc/init.d/keymaps start' into the conf.d ... that is of course wrong.  openrc has extended syntax so you can declare dependencies in conf.d files.

keymaps needs localmount because all of the keymaps live on /usr and localmount is what makes sure that gets mounted.

i'm not sure if openrc's syntax allows you to delete things from the init.d ... that would be useful.  that way you could delete the localmount depend in the conf.d file.  Roy: ?
Comment 8 Roy Marples 2008-06-03 20:04:22 UTC
Depends on the syntax

need localmount
in /etc/init.d/foo can be cancelled with

rc_need="!localmount"
in /etc/conf.d/foo

or

rc_foo_need="!localmount"
in /etc/rc.conf
where this is all documented, along with the runscript man page.
Comment 9 SpanKY gentoo-dev 2008-06-03 20:25:12 UTC
then i dont see there needing to be anything else here for openrc/dmcrypt

may be good to have a dmcrypt doc somewhere the documents the common scenarios and the cookie cutter recipes for how to address them
Comment 10 Jürgen Geuter 2008-06-04 09:53:23 UTC
So just to sort it out:
My /home is encrypted. I want the keymaps to be loaded in order to enter the key. For this I need / (or /usr) mounted. Localmount mounts it, but fails at mounting /home because dmcrypt has not yet created /dev/mapper/crypt-home (cause it has not been unlocked). I run dmcrypt after the failed localmount (which just mounted /) and enter my key. Now I run localmount again to finish up?
Comment 11 SpanKY gentoo-dev 2008-06-04 10:22:23 UTC
having /usr on a sep partition as well as random encrypted partitions are exactly the sort of thing that can not be magically solved.

i dont think localmount allows customization, so you would need to create an init.d script that only mounts /usr in start() and then have dmcrypt depend on that and before localmount (which can be done via conf.d/dmcrypt).
Comment 12 Jürgen Geuter 2008-06-04 10:35:38 UTC
I don't have /usr/ on a separate partition, but still thanks for clearing the issue up. If something like this would end up in the docs for dmcrypt I think it would be really useful.