Package: systemd
Version: 215-17+deb8u3
Severity: normal
Dear Maintainer,
I've discovered that systemd-cryptsetup-generator doesn't work well in
Debian. It seems that the reason is the way Debina abuses/extends the
meaning of the third column of /etc/crypttab. By definition:
The third field, key file, describes the file to use as a key for
decrypting the data of the source device. Note that the entire
key file will be used as the passphrase; the passphrase must not
be followed by a newline character.
To enable storing of key file on portable/pluggable device Debian
provides passdev which accepts an extended format of the filed which
includes a device node and a file name separated by a colon.
systemd-cryptsetup-generator recognises such file name as a device name
altogether and makes the respective cryptsetup unit depend on a
nonexsitent device.
For example, in my crypttab I've got the following entry:
crypt-root UUID=9c9f0311-2647-4bfc-abcd-516edbd99363
/dev/disk/by-uuid/0396339f-904a-42d7-abcd-95d5549bff94:/key_root
luks,keyscript=passdev
the respective unit refers to an invalid device (see After and Requires
fields). As the device never appears I need to wait for 90 seconds for a
timeout.
--8<---cut here---start->8---
# Automatically generated by systemd-cryptsetup-generator
[Unit]
Description=Cryptography Setup for %I
Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8)
man:systemd-cryptsetup@.service(8)
SourcePath=/etc/crypttab
DefaultDependencies=no
Conflicts=umount.target
BindsTo=dev-mapper-%i.device
IgnoreOnIsolate=true
After=systemd-readahead-collect.service systemd-readahead-replay.service
cryptsetup-pre.target
Before=cryptsetup.target
After=dev-disk-by\x2duuid-0396339f\x2d904a\x2d42d7\x2dabcd\x2d95d5549bff94:-key_root.device
Requires=dev-disk-by\x2duuid-0396339f\x2d904a\x2d42d7\x2abcd5\x2d95d5549bff94:-key_root.device
BindsTo=dev-disk-by\x2duuid-9c9f0311\x2d2647\x2d4bfc\x2dabcd\x2d516edbd99363.device
After=dev-disk-by\x2duuid-9c9f0311\x2d2647\x2d4bfc\x2dabcd\x2d516edbd99363.device
Before=umount.target
[Service]
Type=oneshot
RemainAfterExit=yes
TimeoutSec=0
ExecStart=/lib/systemd/systemd-cryptsetup attach 'crypt-root'
'/dev/disk/by-uuid/9c9f0311-2647-4bfc-abcd-516edbd99363'
'/dev/disk/by-uuid/0396339f-904a-42d7-abcd-95d5549bff94:/key_root'
'luks,keyscript=passdev'
ExecStop=/lib/systemd/systemd-cryptsetup detach 'crypt-root'
--8<---cut here---end--->8---
systemd-cryptsetup does not know about passdev as a means of obtaining a
password so it won't understand the reference to the
/dev/disk/by-uuid/03[...]ff94:/key_root file either.
One way to work around this bug is to mask
systemd-cryptsetup@crypt\x2droot.service. It won't hurt because the root
filesystem has already been mounted by initramfs.
-- Package-specific info:
-- BEGIN ATTACHMENTS --
/tmp/tmp.P1MDMTgfSx/systemd-delta.txt
/tmp/tmp.P1MDMTgfSx/systemd-analyze-dump.txt
/tmp/tmp.P1MDMTgfSx/dsh-enabled.txt
/etc/fstab
-- END ATTACHMENTS --
-- System Information:
Debian Release: 8.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.16.0-4-586
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages systemd depends on:
ii acl 2.2.52-2
ii adduser 3.113+nmu3
ii initscripts 2.88dsf-59
ii libacl1 2.2.52-2
ii libaudit1 1:2.4-1+b1
ii libblkid1 2.25.2-6
ii libc6 2.19-18+deb8u2
ii libcap2 1:2.24-8
ii libcap2-bin 1:2.24-8
ii libcryptsetup4 2:1.6.6-5
ii libgcrypt20 1.6.3-2
ii libkmod218-3
ii liblzma55.1.1alpha+20120614-2+b3
ii libpam0g1.1.8-3.1+deb8u1
ii libselinux1 2.3-2
ii libsystemd0 215-17+deb8u3
ii mount 2.25.2-6
ii sysv-rc 2.88dsf-59
ii udev215-17+deb8u3
ii util-linux 2.25.2-6
Versions of packages systemd recommends:
ii dbus1.8.20-0+deb8u1
ii libpam-systemd 215-17+deb8u3
Versions of packages systemd suggests:
pn systemd-ui
-- no debconf information
--
Było mi bardzo miło. --- Rurku. --- ...
>Łukasz<--- To dobrze, że mnie słuchasz.
