[pkg-cryptsetup-devel] Bug#575652: cryptsetup: init script "cryptdisks-early" fails during system halt

Alfredo Finelli 0x4146 at gmail.com
Sat Mar 27 22:50:00 UTC 2010 

Package: cryptsetup
Version: 2:1.0.6-7
Severity: normal


My setup has "/" on a normal primary partition, "/var" and "/usr" on
logical volumes, "/home" and "swap" on encrypted logical volumes.
"insserv" is also used to populate the runlevel directories
"/etc/rc*.d/", for parallel "startpar" execution of init scripts.

Following the "INIT INFO" section of the sysV init script
"/etc/init.d/cryptdisks-early" provided by this package, the "insserv"
program is creating links with the following execution order in
"/etc/rc0.d" and "/etc/rc6.d" (shutdown and reboot):

      [...]
      K01cryptdisks
      [...]
      K02cryptdisks-early
      [...]
      K10umountfs
      K11lvm2
      K12umountroot
      K13halt

This leads to the following error when halting or rebooting:

      Stopping early crypto disks...vg1-lv1_enc (busy)...\
      vg1-lv4_enc (busy)...done.
      [...]
      Shutting down LVM Volume Groups  Can't deactivate volume\
      group "vg1" with 2 open logical volume(s)
       failed!
      [...]
      Will now halt.

This happens because it is not possible to execute the "luksClose"
command on a volume containing a mounted filesystem or active swap.
When "cryptdisks-early" is started many filesystems are still mounted.
Subsequently also the "lvm2" script has problems to shut down the VG
because the mappings from cryptsetup are still existing.

I manually changed the links to have the following order:

      [...]
      K10umountfs
      K11cryptdisks-early
      K12lvm2
      K13umountroot
      K14halt

and then, after the change, it seems no error is affecting the "halt"
procedure any longer:

      Will now deactivate swap:[...]
      .
      Will now umount local filesystems:[...]
      .
      Stopping early crypto disks...vg1-lv1_enc (stopping)\
      ...vg1-lv4_enc (stopping)... done.
      Shutting down LVM Volume Groups  0 logical volume(s) in\
      volume group "vg1" now active
      Mounting root filesystem readonly...done.
      Will now halt.



Proposed solution:

If no other implications prevent it, then changing the ordering of those
init scripts solves this bug: the only necessary step is to modify the
"INIT INFO" section in the "cryptdisks-early" script so that, in
runlevels 0 and 6, it runs after "umountfs".





-- System Information:
Debian Release: 5.0.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.27.44.al (PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages cryptsetup depends on:
ii  dmsetup                      2:1.02.27-4 The Linux Kernel Device Mapper use
ii  libc6                        2.7-18      GNU C Library: Shared libraries
ii  libdevmapper1.02.1           2:1.02.27-4 The Linux Kernel Device Mapper use
ii  libpopt0                     1.14-4      lib for parsing cmdline parameters
ii  libuuid1                     1.41.3-1    universally unique id library

cryptsetup recommends no packages.

Versions of packages cryptsetup suggests:
ii  dosfstools                    3.0.1-1    utilities for making and checking 
ii  initramfs-tools [linux-initra 0.92o      tools for generating an initramfs
ii  udev                          0.125-7    /dev/ and hotplug management daemo

-- no debconf information

More information about the pkg-cryptsetup-devel mailing list