[pkg-cryptsetup-devel] Bug#928943: cryptsetup-initramfs: Error message during boot: Couldn't find device with uuid

Christof Baumann christof at boumann.ch
Mon May 13 19:48:41 BST 2019 

Package: cryptsetup-initramfs
Version: 2:2.1.0-3
Severity: minor
Tags: patch

Hi,

my root partition resides on an lvm logical volume which is part
of a volume group consisting of two physical volumes.
Both physical volumes are encrypted with luks.
In order to activate the lvm volume group both physical volumes
need to be unlocked so I added them both to /etc/crypttab.
This works fine except that the following error messages
are output on every boot by the initramfs script local-top/cryptroot:

Couldn't find device with uuid xxxxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxxxx.
Refusing activation of partial LV vgroup0/lv0. Use '--activationmode partial'
to override.

In order to get rid of this I changed the script to only attempt
activation of lvm volume groups after all the disks in /etc/crypttab
have been unlocked.

The check for dm-crypt devices needs to stay in the first pass as this
is part of the unlocking procedure but the lvm volume group activation
can be moved to a second step.
Like this the above error messages are gone and I couldn't think
of anything that would now go wrong because of that.

Cheers,
Christof



-- Package-specific info:

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cryptsetup-initramfs depends on:
ii  busybox                                 1:1.30.1-4
ii  cryptsetup-run                          2:2.1.0-3
ii  initramfs-tools [linux-initramfs-tool]  0.133

Versions of packages cryptsetup-initramfs recommends:
ii  console-setup  1.191
ii  kbd            2.0.4-4

cryptsetup-initramfs suggests no packages.

-- no debconf information
-------------- next part --------------
>From 422096ea74e4adbcbb28ad1e61ffa16971c05cf8 Mon Sep 17 00:00:00 2001
From: Christof Baumann <christof at boumann.ch>
Date: Wed, 8 May 2019 20:30:55 +0200
Subject: [PATCH] Activate LVM vgroups after unlocking all mappings

Because an lvm volume group may be composed by several mappings.
In this case this lead to an error message like this:

Couldn't find device with uuid xxxxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxxxx.
Refusing activation of partial LV <vgroupname>. Use '--activationmode partial'

The boot was still successful in this case as we try activating the volume
group after every successful mapping setup.
However as this was output on stderr it changed the boot screen behavior
in my case: the systemd messages which are normally suppressed with the
quiet grub option are then output.

So I propose to only activate lvm volume groups after having unlocked
all crypttab entries.
---
 debian/initramfs/scripts/local-top/cryptroot | 50 ++++++++++++++------
 1 file changed, 35 insertions(+), 15 deletions(-)

diff --git a/debian/initramfs/scripts/local-top/cryptroot b/debian/initramfs/scripts/local-top/cryptroot
index 6a831cd3..304b1317 100644
--- a/debian/initramfs/scripts/local-top/cryptroot
+++ b/debian/initramfs/scripts/local-top/cryptroot
@@ -71,10 +71,10 @@ wait_for_source() {
     return 1
 }
 
-# setup_mapping()
-#   Set up a crypttab(5) mapping defined by $CRYPTTAB_NAME,
+# open_mapping()
+#   Open (unlock) a crypttab(5) mapping defined by $CRYPTTAB_NAME,
 #   $CRYPTTAB_SOURCE, $CRYPTTAB_KEY, $CRYPTTAB_OPTIONS.
-setup_mapping() {
+open_mapping() {
     local dev
 
     # The same target can be specified multiple times
@@ -124,7 +124,7 @@ setup_mapping() {
     fi
 
     get_crypt_type # set CRYPTTAB_TYPE to the type of crypt device
-    local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" fstype vg rv
+    local count=0 maxtries="${CRYPTTAB_OPTION_tries:-3}" fstype rv
     while [ $maxtries -le 0 ] || [ $count -lt $maxtries ]; do
         if [ -z "${CRYPTTAB_OPTION_keyscript+x}" ] && [ "$CRYPTTAB_KEY" != "none" ]; then
             # unlock via keyfile
@@ -145,8 +145,8 @@ setup_mapping() {
             return 1
         fi
 
-        if ! fstype="$(get_fstype "$dev")" || [ "$fstype" = "unknown" ]; then
-            if [ "$CRYPTTAB_TYPE" != "luks" ]; then
+        if [ "$CRYPTTAB_TYPE" != "luks" ]; then
+            if ! fstype="$(get_fstype "$dev")" || [ "$fstype" = "unknown" ]; then
                 # bad password for plain dm-crypt device?  or mkfs not run yet?
                 cryptsetup_message "ERROR: $CRYPTTAB_NAME: unknown fstype, bad password or options?"
                 wait_for_udev 10
@@ -154,17 +154,9 @@ setup_mapping() {
                 sleep 1
                 continue
             fi
-        elif [ "$fstype" = lvm2 ]; then
-            if [ ! -x /sbin/lvm ]; then
-                cryptsetup_message "WARNING: $CRYPTTAB_NAME: lvm is not available"
-                return 1
-            elif vg="$(lvm pvs --noheadings -o vg_name --config 'log{prefix=""}' -- "$dev")"; then
-                # activate the VG held by the PV we just unlocked
-                lvm lvchange -a y --sysinit --ignoreskippedcluster -- "$vg"
-            fi
         fi
 
-        cryptsetup_message "$CRYPTTAB_NAME: set up successfully"
+        cryptsetup_message "$CRYPTTAB_NAME: successfully unlocked"
         wait_for_udev 10
         return 0
     done
@@ -173,6 +165,33 @@ setup_mapping() {
     exit 1
 }
 
+# setup_mapping()
+#   post unlock action(s) to fully setup the mapping defined by $CRYPTTAB_NAME,
+#   $CRYPTTAB_SOURCE, $CRYPTTAB_KEY, $CRYPTTAB_OPTIONS.
+setup_mapping() {
+    local dev fstype vg
+
+    if ! dev="$(dm_blkdevname "$CRYPTTAB_NAME")"; then
+        # we failed to open the mapping in open_mapping
+        # -> silently return
+        return 1
+    fi
+
+    if fstype="$(get_fstype "$dev")" && [ "$fstype" = "lvm2" ]; then
+        if [ ! -x /sbin/lvm ]; then
+            cryptsetup_message "WARNING: $CRYPTTAB_NAME: lvm is not available"
+            return 1
+        elif vg="$(lvm pvs --noheadings -o vg_name --config 'log{prefix=""}' -- "$dev")"; then
+            # activate the VG that this PV contributes to
+            lvm lvchange -a y --sysinit --ignoreskippedcluster -- "$vg"
+        fi
+    fi
+
+    cryptsetup_message "$CRYPTTAB_NAME: set up successfully"
+    wait_for_udev 10
+    return 0
+}
+
 
 #######################################################################
 # Begin real processing
@@ -217,6 +236,7 @@ if [ -s "$TABFILE" ]; then
     mkdir -pm0700 /run/cryptsetup
     modprobe -q dm_crypt
 
+    crypttab_foreach_entry open_mapping
     crypttab_foreach_entry setup_mapping
 fi
 
-- 
2.20.1

More information about the pkg-cryptsetup-devel mailing list