package cryptsetup retitle 507722 "passphrase prompt not displayed in boot process with insserv, CONCURRENCY=shell and bootlogd enabled" thanks ----------
hello Jochen, On 21/02/2009 Jochen Schulz wrote: > Jochen Schulz: > > > > As you can see, there's (unfortunately) no luks. I don't know whether > > that makes any difference. > > I just changed my /home to luks, but that didn't solve the issue. So, to > summarize > > insserv with CONCURRENCY=shell and bootlodg with BOOTLOGD_ENABLE=Yes > make it hard to enter the cryptdisks-early passphrase at boot because > the prompt is invisible. Ok, that one finally made it possible for me to reproduce the bug. After installing insserv and setting CONCURRENCY=shell in the kvm test installation, the cryptsetup passphrase prompt is not displayed in boot process any longer. > And I think I understand why I observed that my keypresses have been > echoed to the screen sometimes. /var/log/boot reveals a pause of almost > thirty seconds when setting up encrypted swap (I used 'set -x' in > /etc/init.d/cryptdisks-early): > > Sat Feb 21 19:32:03 2009: + cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h > sha256 --key-file=/dev/random create cswap0 /dev/sda6 > Sat Feb 21 19:32:29 2009: + '[' -z '' ']' > Sat Feb 21 19:32:29 2009: + break > Sat Feb 21 19:32:29 2009: + return 0 > Sat Feb 21 19:32:29 2009: + '[' ok '!=' ok ']' > > Probably my machine lacks entropy during that time. Any keys pressed > while cryptsetup is waiting for the entropy pool to fill up end up on > the screen. Ironically, pressing keys appears to speed up this process. Yes, lack of entropy is exactly the problem here. You could use /dev/urandom instead of /dev/random. Otherwise you'll have to cope with the situation and input random characters over your keyboard until enough entropy was available from /dev/random. > But there are no messages at all from cryptdisks-early on screen. Not > even a success message about cswap0. I can only recognize that > cryptsetup is done setting up cswap0 and waiting for /home's passphrase > by pressing keys und wait for them to *not* appear on the screen. > > One idea I had when investigating this issue: bootlogd appears to > prevent stderr from being printed to the screen. I can only see the 'set > -x' output from cryptdisks-early when shutting down (and, of course, in > the boot log file). Are all of cryptdisks-early's messages printed to > stderr instead of stdout? At least /lib/cryptsetup/askpass only prints > to stderr, as fas as I can see. askpass writes to stderr, but the cryptdisks script itself uses lsb logging functions, and as far as I can see from /lib/lsb/init-functions, that one doesn't write to stderr. And with CONCURRENCY=No set, cryptsetup passphrase prompt is displayed, so bootlogd itself cannot be the problem. Additionally, the combination of CONCURRENCY=Yes and bootlogd seems to suppress a lot of boot messages, not only cryptdisks. greetings, jonas
signature.asc
Description: Digital signature