[pkg-cryptsetup-devel] Bug#902449: cryptsetup-initramfs: auto-detection of zfs pool(s)
Fabian Grünbichler
fabian.gruenbichler at student.tuwien.ac.at
Tue Jun 26 22:34:20 BST 2018
Package: cryptsetup-initramfs
Version: 2:2.0.3-4
hello again!
still running the same setup with a fully encrypted single vdev used as
rpool. since the recent refactoring and split into
cryptsetup-{run,initramfs}, I now get the following messages on every
initramfs generation:
cryptsetup: ERROR: Couldn't normalise device rpool/ROOT/debian
cryptsetup: ERROR: Couldn't find sysfs directory corresponding to
rpool/ROOT/debian
the initramfs is still correctly generated because I specified the
underlying physical disk in my /etc/crypttab.
I wonder whether you'd accept a patch contributing detection of zpool
devices in the cryptroot hook? it is a bit cumbersome, as the only way to
get this information from ZFS is by parsing 'zpool status' output, which
contains a lot of extra information and is not very well-defined (thus,
potential for breakage in the future).
the output looks roughly like this for a single vdev pool:
$ zpool status -P rpool
pool: rpool
state: ONLINE
status: Some supported features are not enabled on the pool. The pool can
still be used, but some features are unavailable.
action: Enable all features using 'zpool upgrade'. Once this is done,
the pool may no longer be accessible by software that does not support
the features. See zpool-features(5) for details.
scan: scrub repaired 0B in 0h6m with 0 errors on Sun May 13 00:30:27 2018
config:
NAME STATE READ WRITE CKSUM
rpool ONLINE 0 0 0
/dev/mapper/root ONLINE 0 0 0
errors: No known data errors
for more complicated pool setups, there is an additional level of
nesting in the config section, e.g. like this:
NAME STATE READ WRITE CKSUM
rpool ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
/dev/mapper/disk0 ONLINE 0 0 0
/dev/mapper/disk1 ONLINE 0 0 0
mirror-1 ONLINE 0 0 0
/dev/mapper/disk2 ONLINE 0 0 0
/dev/mapper/disk3 ONLINE 0 0 0
mirror-\d can alse have other forms, like raidz[23]-\d, log, cache, spare, ..
and of course some of those are optional for booting (cache, spare,
redundant vdevs depending on level of redundancy) - not sure whether the
current infrastructure is able to handle that properly?
there already is C code for parsing this exact output to retrieve a list
of underlying devices in grub2[1], which could serve as a base for
re-implementing in sh for cryptsetup-initramfs.
I'd be willing and able to whip a patch in case you are interested ;)
at the very least, it would be nice to detect this unsupported situation
and print a proper warning instead of the generic one.
1: https://salsa.debian.org/grub-team/grub/blob/4600d592f6eac6141e8efa503d7ef8cd9e79a3b5/grub-core/osdep/unix/getroot.c#L225
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/ROOT/debian/@/vmlinuz root=ZFS=rpool/ROOT/debian boot=zfs ro
-- /etc/crypttab
root UUID=XXX none luks,initramfs
-- /etc/fstab
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.16.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages cryptsetup-initramfs depends on:
ii busybox-static [busybox] 1:1.27.2-2
ii cryptsetup-run 2:2.0.3-4
ii initramfs-tools [linux-initramfs-tool] 0.130
Versions of packages cryptsetup-initramfs recommends:
ii console-setup 1.184
ii kbd 2.0.4-3
cryptsetup-initramfs suggests no packages.
-- Configuration Files:
/etc/cryptsetup-initramfs/conf-hook changed [not included]
-- no debconf information
More information about the pkg-cryptsetup-devel
mailing list