[pkg-cryptsetup-devel] Bug#1010708: cryptsetup: init script doesn't appear to do anything with force-start due to masked systemd services

Andres Salomon dilinger at queued.net
Sat May 7 22:40:34 BST 2022 

Package: cryptsetup
Version: 2:2.3.7-1+deb11u1


This is on a newly installed Debian 11 system, and an external USB
drive that had previously been used on a Debian 9 or 10 (I forget
which) system.


dilinger at hm90:~$ /sbin/blkid /dev/sda 
/dev/sda: UUID="2d95e6f9-bdfd-4045-8683-42cdef679b6a" TYPE="crypto_LUKS"

dilinger at hm90:~$ grep 2d95e6f9-bdfd-4045-8683-42cdef679b6a /etc/crypttab
8tb UUID=2d95e6f9-bdfd-4045-8683-42cdef679b6a none	luks,noauto
dilinger at hm90:~$ sudo /etc/init.d/cryptdisks force-start; echo $?
0


Calling the init script with 'force-start' was how I used to start the
volume and get prompted for a password, but on a newer system with
systemd, that doesn't _appear_ to work any more:


dilinger at hm90:~$ sudo bash -x /etc/init.d/cryptdisks force-start
+ set -e
+ '[' -r /lib/cryptsetup/cryptdisks-functions ']'
+ . /lib/cryptsetup/cryptdisks-functions
++ PATH=/usr/sbin:/usr/bin:/sbin:/bin
++ CRYPTDISKS_ENABLE=Yes
++ '[' -x /sbin/cryptsetup ']'
++ . /lib/lsb/init-functions
++++ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+++ for hook in $(run-parts --lsbsysinit --list /lib/lsb/init-functions.d 2>/dev/null)
+++ '[' -r /lib/lsb/init-functions.d/00-verbose ']'
+++ . /lib/lsb/init-functions.d/00-verbose
+++ for hook in $(run-parts --lsbsysinit --list /lib/lsb/init-functions.d 2>/dev/null)
+++ '[' -r /lib/lsb/init-functions.d/40-systemd ']'
+++ . /lib/lsb/init-functions.d/40-systemd
++++ _use_systemctl=0
++++ '[' -d /run/systemd/system ']'
++++ '[' -n '' ']'
++++ '[' cryptdisks = init-d-script ']'
++++ '[' cryptdisks = force-start ']'
++++ executable=/etc/init.d/cryptdisks
++++ argument=force-start
++++ prog=cryptdisks
++++ service=cryptdisks.service
+++++ systemctl -p LoadState --value show cryptdisks.service
++++ state=masked
++++ '[' masked = masked ']'
++++ exit 0


It turns out that the systemd (247.3-7) package provides the
following:

dilinger at hm90:~/systemd_247.3-7$ ls -l /lib/systemd /system/cryptdisks*
lrwxrwxrwx 1 root root 9 Mar 20 15:55 /lib/systemd/system/cryptdisks-early.service -> /dev/null
lrwxrwxrwx 1 root root 9 Mar 20 15:55 /lib/systemd/system/cryptdisks.service -> /dev/null


The init script doesn't say why it's refusing to run, and
running 'systemctl unmask cryptdisks.service' doesn't actually
delete the symlinks. Once those symlinks are manually deleted,
'/etc/init.d/cryptsetup force-start' works once again.

It would be good if /etc/init.d/cryptsetup either warned about the
masked systemd service, and/or the cryptsetup postinst scripts
deleted or prompted the user about the symlinks.

Unless /etc/init.d/cryptsetup force-start is deprecated, of course!
But README.Debian still describes using the init script.




dilinger at hm90:~$ dpkg -l cryptsetup*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name                 Version           Architecture Description
+++-====================-=================-============-====================================>
ii  cryptsetup           2:2.3.7-1+deb11u1 amd64        disk encryption support - startup sc>
ii  cryptsetup-bin       2:2.3.7-1+deb11u1 amd64        disk encryption support - command li>
un  cryptsetup-initramfs <none>            <none>       (no description available)
un  cryptsetup-run       <none>            <none>       (no description available)

More information about the pkg-cryptsetup-devel mailing list