Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 247767 - sys-fs/cryptsetup - parallel startup warnings interfere with dmcrypt password entry
Summary: sys-fs/cryptsetup - parallel startup warnings interfere with dmcrypt password...
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High minor with 1 vote (vote)
Assignee: Gentoo's Team for Core System packages
Depends on:
Reported: 2008-11-20 15:08 UTC by crusaderky
Modified: 2020-04-07 01:33 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description crusaderky 2008-11-20 15:08:53 UTC
I've got baselayout-2.0.0 and openrc-0.3.0-r1; my /home is encrypted with dmcrypt and dmcrypt is in the "boot" runlevel.

Without parallel startup, the boot sequence stops when I am asked to enter the dmcrypt password.

With parallel startup, after I'm asked for the password, I get dozens of "service XXX is waiting for dmcrypt", which while technically correct completely hide the password prompt. This isn't a serious problem, since I can type my password even without prompt, but it is a glitch nonetheless.

Expected behaviour: password prompt, and in general any service script requiring user interaction, should not be cluttered by the messages of other services.
Comment 1 Roy Marples 2008-11-23 16:50:36 UTC
If you give the dmcrypt init script the notimeout keyword and apply the OpenRC patch found on bug #247036 this should fix the issue. Yes?
Comment 2 crusaderky 2009-02-27 13:41:25 UTC
I upgraded to openrc-0.4.3-r1 and I modified /etc/conf.d/dmcrypt as following:




The problem DOES persist.
Comment 3 Michael Weber (RETIRED) gentoo-dev 2009-03-07 23:36:29 UTC
I Want to suggest to improve the gpg-encrypted key example in /etc/conf.d/dmcrypt
by adding  
gpg_options='--homedir /root/.gnupg --no-tty --decrypt --quiet'

By this way, you'll get the pinentry for the passphrase of the corresponding
gpg-key to decrypt the dmsetup secret.

my config looks like

options='--cipher aes-plain'
key='/root/.gnupg/home.key:gpg' # the encrypted secret for cryptsetup
gpg_options='--homedir /root/.gnupg --no-tty --decrypt --quiet'

ok, the encrypted secret and the decryption key on the hard disk, secured
by only a passphrase is only weak compromise, but compared to the gpg-less
key mode, you can switch the interactive supplied passphrase without 
reencrypt the whole partition.

my 2 cents
Comment 4 Michael Weber (RETIRED) gentoo-dev 2009-03-07 23:38:28 UTC
background addition to comment 3,

without the --homedir, gpg searches in /.gnupg vor the keyring and
without the --no-tty, you'll geht an "no such device" from the kernel.