---8<--- 20 Mar 2012; Samuli Suominen <ssuominen@gentoo.org> +cryptsetup-1.4.1-r1.ebuild: Don't enable USE="static" by default anymore because initramfs is required with latest udev for separate /usr in anycase. This was a workaround for cross / and /usr linking. ---8<--- building an initramfs needs a static cryptsetup. (at least with genkernel, so this bug might need to be moved there. not sure) since it is easy to miss the errormessage about genkernel NOT including LUKS, there should _at least_ be a big warning either in cryptsetup build messages or genkernel. (preferably both) This bug can possibly break booting your system (if you need LUKS stuff in your initramfs) Reproducible: Always ebuild involved (partially due to new dependencys: sys-kernel/genkernel-3.4.25.1 USE="-bash-completion (-ibm) (-selinux)" sys-fs/cryptsetup-1.4.1-r1 USE="nls static (-selinux)" sys-fs/udev-182 USE="gudev hwdb openrc rule_generator static-libs -build -debug -doc -floppy -introspection -keymap (-selinux)" sys-fs/lvm2-2.02.93-r1 USE="lvm1 readline static-libs -clvm (-cman) (-selinux) -static"
There is something wrong with genkernel's initramfs generation if it doesn't know which dynamic libs to include. USE="static" in cryptsetup/lvm2 was to workaround this for systems without initramfs. And initramfs must be the solution to let that workaround go.
on the side of genkernel let me describe status quo: - cryptsetup is currently only included if the binary if a static binary is found. genkernel does not compile cryptsetup nor does it build DAGs of .so library dependencies for anything (unlike dracut). - no genkernel ebuild is depending on cryptsetup directly as of now as it is not a hard dependency for everyone. So what changes do you suggest?
This bug is critical; due to the change in cryptsetup's IUSE, and genkernel's inability to handle non-static cryptsetup, lots of peoplese' systems will be rendered unbootable.
(In reply to comment #2) > on the side of genkernel let me describe status quo: > > - cryptsetup is currently only included if the binary if a static > binary is found. genkernel does not compile cryptsetup nor > does it build DAGs of .so library dependencies for anything > (unlike dracut). In the long term, this should get addressed. > - no genkernel ebuild is depending on cryptsetup directly > as of now as it is not a hard dependency for everyone. > > So what changes do you suggest? In the short term, you can add !sys-fs/cryptsetup[-static] or sys-fs/cryptsetup[static] to genkernel's ebuild as a depend until the long term solution is done. Needlessly to say, this was broken all the time but the change just revealed it
I suggest that /usr/bin/genkernel treat the lack of a suitable cryptsetup executable as a fatal error if called with --luks or if LUKS="yes" in genkernel.conf
(In reply to comment #3) > This bug is critical; due to the change in cryptsetup's IUSE, and > genkernel's inability to handle non-static cryptsetup, lots of peoplese' > systems will be rendered unbootable. .. because genkernel previously failed at handling and communicating about it at runtime adequately, yes. http://git.overlays.gentoo.org/gitweb/?p=proj/genkernel.git;a=commitdiff;h=5a7bc18180612f5ada377be3df1ae20596ebfdac http://git.overlays.gentoo.org/gitweb/?p=proj/genkernel.git;a=commitdiff;h=7ee9306c7d68bd8b54219788b61558abc8732e9e > In the short term, you can add !sys-fs/cryptsetup[-static] or > sys-fs/cryptsetup[static] to genkernel's ebuild as a depend until the long > term solution is done. I went for crypt? ( sys-fs/cryptsetup[static] ) for now. (In reply to comment #5) > I suggest that /usr/bin/genkernel treat the lack of a suitable cryptsetup > executable as a fatal error if called with --luks or if LUKS="yes" in > genkernel.conf With 3.4.27 that's now the case, see second commit above. +*genkernel-3.4.27 (22 Mar 2012) + + 22 Mar 2012; Sebastian Pipping <sping@gentoo.org> +genkernel-3.4.27.ebuild, + genkernel-9999.ebuild: + Bump to 3.4.27, add use flag "crypt" (bug #409277) +
The committed sys-fs/cryptsetup[static] dependency is only a temporary and poor workaround. Dracut is able to handle this without USE=static in cryptsetup, then genkernel should too. I'm reopening this bug pending on a real fix.
Why genkernel doesn't build cryptsetup for itself as it is done with lvm and others?
I don't like the current situation either; primarily because it uses the "crypt" use flag which is on by default in the profiles, causing the following output when I try to emerge the new genkernel: These are the packages that would be merged, in order: Calculating dependencies ... done! [ebuild R ] dev-libs/libgpg-error-1.10 USE="nls static-libs* -common-lisp" 0 kB [ebuild R ] dev-libs/popt-1.16-r1 USE="nls static-libs*" 0 kB [ebuild R ] sys-apps/util-linux-2.20.1-r1 USE="cramfs crypt ncurses nls static-libs* unicode -ddate -loop-aes -old-linux -perl (-selinux) -slang (-uclibc)" 0 kB [ebuild R ~] sys-fs/udev-182-r2::local USE="openrc rule_generator static-libs* -build -debug -doc -floppy -gudev -hwdb -introspection -keymap (-selinux)" 0 kB [ebuild R ] dev-libs/libgcrypt-1.4.6 USE="static-libs*" 0 kB [ebuild N ] sys-fs/lvm2-2.02.88 USE="lvm1 readline static static-libs -clvm (-cman) (-selinux)" 0 kB [ebuild N ] sys-fs/cryptsetup-1.4.1 USE="nls static (-selinux)" 755 kB [ebuild N ~] sys-kernel/genkernel-3.4.27 USE="crypt -bash-completion (-ibm) (-selinux)" 212 kB Total: 8 packages (3 new, 5 reinstalls), Size of downloads: 967 kB The following USE changes are necessary to proceed: #required by sys-fs/cryptsetup-1.4.1[static], required by sys-kernel/genkernel-3.4.27[crypt], required by genkernel (argument) =dev-libs/libgcrypt-1.4.6 static-libs #required by sys-fs/cryptsetup-1.4.1[static], required by sys-kernel/genkernel-3.4.27[crypt], required by genkernel (argument) =sys-apps/util-linux-2.20.1-r1 static-libs #required by sys-fs/cryptsetup-1.4.1[static], required by sys-kernel/genkernel-3.4.27[crypt], required by genkernel (argument) =sys-fs/udev-182-r2 static-libs #required by sys-fs/cryptsetup-1.4.1[static], required by sys-kernel/genkernel-3.4.27[crypt], required by genkernel (argument) >=dev-libs/popt-1.16-r1 static-libs #required by sys-fs/cryptsetup-1.4.1[static], required by sys-kernel/genkernel-3.4.27[crypt], required by genkernel (argument) =dev-libs/libgpg-error-1.10 static-libs If you use a use flag to control this, I would rather see it be a local use flag instead of one that is turned on by default in the profiles.
(In reply to comment #7) > The committed sys-fs/cryptsetup[static] dependency is only a temporary and > poor workaround. > Dracut is able to handle this without USE=static in cryptsetup, then > genkernel should too. Dracut copies used libraries recursively. Of course it can handle non-static cryptsetup. Maybe avoid the word "poor" next time, if you want my support. (In reply to comment #8) > Why genkernel doesn't build cryptsetup for itself as it is done with lvm and > others? That would be an option. Moving towards the dracut approach would be an alternative. (In reply to comment #9) > If you use a use flag to control this, I would rather see it be a local > use flag instead of one that is turned on by default in the profiles. No objections. Any suggestions?
I haven't touched the LUKS/cryptsetup stuff because I don't have a way of testing changes to it. Go and use the new copy_binaries function in gen_initramfs.sh and it will copy all of the libraries for a dynamic ELF as well.
It looks like @robbat2 offered a good solution in comment #11 which would avoid the need for static binaries. Which binaries are needed for this to work?
(In reply to comment #11) > Go and use the new copy_binaries function in gen_initramfs.sh and it will > copy all of the libraries for a dynamic ELF as well. Done. +*genkernel-3.4.30 (16 Apr 2012) + + 16 Apr 2012; Sebastian Pipping <sping@gentoo.org> +genkernel-3.4.30.ebuild: + Bump to 3.4.30 which no longer requires USE=static from sys-fs/cryptsetup + (bug #409277) +