[pkg-cryptsetup-devel] Bug#1023716: cryptsetup: cryptroot-unlock in initramfs fails with lvm
Hauke Mehrtens
hauke at hauke-m.de
Sun Jan 15 20:49:33 GMT 2023
On 11/9/22 15:14, Guilhem Moulin wrote:
> Control: tag -1 moreinfo unreproducible
>
> Hi,
>
> On Tue, 08 Nov 2022 at 22:36:39 +0100, Hauke Mehrtens wrote:
>> Unlocking and mounting of the root partitions does not work any more
>> from the initramfs. When I call cryptroot-unlock and provide the disk
>> password I see some error messages about mdadm, but the bootup process
>> does not continue. If needed I can provide the detailed messages, they
>> are not in a log file, but only printed on screen. Normally I unlock the
>> system over the network from the initramfs, then I do not get any error
>> message, but the system continues to stay in initramfs.
>
> An LVM-specific regression in the `cryptroot-unlock` logic wouldn't have
> broken the dropbear-initramfs autopkgtests since we don't use LVM there
> anymore, but I tested it again after reverting the commit and the test
> still pass.
>
> https://salsa.debian.org/debian/dropbear/-/jobs/3489869
>
>> It looks like this when unlocking the system unsuccessfully from the
>> initramfs over ssh:
>> ----------
>> $ ssh root at 192.168.10.15
>> To unlock root partition, and maybe others like swap, run
>> `cryptroot-unlock`.
>>
>> BusyBox v1.35.0 (Debian 1:1.35.0-2) built-in shell (ash)
>> Enter 'help' for a list of built-in commands.
>>
>> ~ # vi /scripts/local-top/cryptroot
>> ~ # cryptroot-unlock
>> Please unlock disk sda3_crypt:
>> cryptsetup: sda3_crypt set up successfully
>> ~ #
>> ------------------
>
> I see nothing wrong in the above, `cryptroot-unlock` has only one job
> which is to unlock the disk, and that appears to have worked. Did the
> system terminate the remote session before 2:2.5.0-2 and continued with
> the boot process? If so, perhaps the boot process is now blocking on
> that shell session; does it help to type `exit` after `cryptroot-unlock`?
>
> Otherwise, please compare your system messages withe the aforementioned
> autopkgtest output, and/or provide debug output; See /usr/share/doc/cryptsetup/README.debug
> or https://cryptsetup-team.pages.debian.net/cryptsetup/README.debug.html
> for how to save it into a file.
>
Sorry for the long delay and thank you for the pointers.
I have the output I see on the terminal when a monitor is connected.
This is after I successfully entered the passphrase:
https://hauke-m.de/files/PXL_20230115_192349603.jpg
It looks like it can not find the root volume.
After issuing this command the root volume is available:
lvm lvchange -a ay --sysinit -- system
https://hauke-m.de/files/PXL_20230115_195232849.jpg
The comments look like a udev rule should create this. I can not find
any udev rule doing anything with lvm on my system.
Hauke
More information about the pkg-cryptsetup-devel
mailing list