Bug#814013: systemd: systemd-cryptsetup-generator doesn't work well with passdev in crypttab

Ɓukasz Stelmach steelman at post.pl
Sun Feb 7 15:16:46 GMT 2016 

Package: systemd
Version: 215-17+deb8u3
Severity: normal

Dear Maintainer,

I've discovered that systemd-cryptsetup-generator doesn't work well in
Debian. It seems that the reason is the way Debina abuses/extends the
meaning of the third column of /etc/crypttab. By definition:

       The third field, key file, describes the file to use as a key for
       decrypting the data of the source device. Note that the entire
       key file will be used as the passphrase; the passphrase must not
       be followed by a newline character.

To enable storing of key file on portable/pluggable device Debian
provides passdev which accepts an extended format of the filed which
includes a device node and a file name separated by a colon.
systemd-cryptsetup-generator recognises such file name as a device name
altogether and makes the respective cryptsetup unit depend on a
nonexsitent device.

For example, in my crypttab I've got the following entry:

    crypt-root UUID=9c9f0311-2647-4bfc-abcd-516edbd99363 /dev/disk/by-uuid/0396339f-904a-42d7-abcd-95d5549bff94:/key_root luks,keyscript=passdev

the respective unit refers to an invalid device (see After and Requires
fields). As the device never appears I need to wait for 90 seconds for a
timeout.

--8<---------------cut here---------------start------------->8---
# Automatically generated by systemd-cryptsetup-generator

[Unit]
Description=Cryptography Setup for %I
Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup at .service(8)
SourcePath=/etc/crypttab
DefaultDependencies=no
Conflicts=umount.target
BindsTo=dev-mapper-%i.device
IgnoreOnIsolate=true
After=systemd-readahead-collect.service systemd-readahead-replay.service cryptsetup-pre.target
Before=cryptsetup.target
After=dev-disk-by\x2duuid-0396339f\x2d904a\x2d42d7\x2dabcd\x2d95d5549bff94:-key_root.device
Requires=dev-disk-by\x2duuid-0396339f\x2d904a\x2d42d7\x2abcd5\x2d95d5549bff94:-key_root.device
BindsTo=dev-disk-by\x2duuid-9c9f0311\x2d2647\x2d4bfc\x2dabcd\x2d516edbd99363.device
After=dev-disk-by\x2duuid-9c9f0311\x2d2647\x2d4bfc\x2dabcd\x2d516edbd99363.device
Before=umount.target

[Service]
Type=oneshot
RemainAfterExit=yes
TimeoutSec=0
ExecStart=/lib/systemd/systemd-cryptsetup attach 'crypt-root' '/dev/disk/by-uuid/9c9f0311-2647-4bfc-abcd-516edbd99363' '/dev/disk/by-uuid/0396339f-904a-42d7-abcd-95d5549bff94:/key_root' 'luks,keyscript=passdev'
ExecStop=/lib/systemd/systemd-cryptsetup detach 'crypt-root'
--8<---------------cut here---------------end--------------->8---

systemd-cryptsetup does not know about passdev as a means of obtaining a
password so it won't understand the reference to the
/dev/disk/by-uuid/03[...]ff94:/key_root file either.

One way to work around this bug is to mask
systemd-cryptsetup at crypt\x2droot.service. It won't hurt because the root
filesystem has already been mounted by initramfs.

-- Package-specific info:
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20160207/1f3188d9/attachment.ksh>
-------------- next part --------------

-- System Information:
Debian Release: 8.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-586
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd depends on:
ii  acl             2.2.52-2
ii  adduser         3.113+nmu3
ii  initscripts     2.88dsf-59
ii  libacl1         2.2.52-2
ii  libaudit1       1:2.4-1+b1
ii  libblkid1       2.25.2-6
ii  libc6           2.19-18+deb8u2
ii  libcap2         1:2.24-8
ii  libcap2-bin     1:2.24-8
ii  libcryptsetup4  2:1.6.6-5
ii  libgcrypt20     1.6.3-2
ii  libkmod2        18-3
ii  liblzma5        5.1.1alpha+20120614-2+b3
ii  libpam0g        1.1.8-3.1+deb8u1
ii  libselinux1     2.3-2
ii  libsystemd0     215-17+deb8u3
ii  mount           2.25.2-6
ii  sysv-rc         2.88dsf-59
ii  udev            215-17+deb8u3
ii  util-linux      2.25.2-6

Versions of packages systemd recommends:
ii  dbus            1.8.20-0+deb8u1
ii  libpam-systemd  215-17+deb8u3

Versions of packages systemd suggests:
pn  systemd-ui  <none>

-- no debconf information

-- 
By?o mi bardzo mi?o.                                  --- Rurku. --- ...
>?ukasz<                                --- To dobrze, ?e mnie s?uchasz.

More information about the Pkg-systemd-maintainers mailing list