[opensuse-factory] 12.2RC2 with encrypted partition - systemctl keeps asking for the passphrase
Hi, I've recently updated an 12.1 install to 12.2RC2 . My root partition is encrypted /etc/fstab: /dev/system/root / ext4 acl,user_xattr 1 1 /dev/disk/by-id/ata-KINGSTON_SH100S3240G_50026B721A240420-part1 /boot ext4 acl,user_xattr 1 2 /dev/system/swap swap swap defaults 0 0 /etc/crypttab cr_sda2 /dev/disk/by-id/ata-KINGSTON_SH100S3240G_50026B721A240420-part2 none none Whenever I use systemctl to start or stop a service it asks for the passphrase Please enter passphrase for disk KINGSTON_SH100S3240G (cr_sda2)! **** Entering ( or not ) the correct passphrase has no effect, but it's quite annoying A quick search on bnc[1] has returned nothing of interest. Is this something I should change or a bug to report? Thanks, Robert [1]: https://bugzilla.novell.com/buglist.cgi?quicksearch=systemd-cryptsetup -- Sent from my (old) computer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-08-10 17:08, Robert Munteanu wrote:
A quick search on bnc[1] has returned nothing of interest. Is this something I should change or a bug to report?
Bug 775360 - SystemD does not enable encrypted partition. - -- Cheers / Saludos, Carlos E. R. (from 12.1 "Asparagus" GM (bombadillo)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAlJP0ACgkQU92UU+smfQURuACfdinLzaqJKM6hPKIdn5891jPw pyUAnjCo/Us4LWgrwRalqrxmvS4md07z =rtUc -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 08/10/2012 05:13 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-08-10 17:08, Robert Munteanu wrote:
A quick search on bnc[1] has returned nothing of interest. Is this something I should change or a bug to report?
Bug 775360 - SystemD does not enable encrypted partition.
it does enable them for me - bnc#774247 that contains a proposal for a fix. Let me look at 775360 now, Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, Aug 10, 2012 at 8:11 PM, Andreas Jaeger
On 08/10/2012 05:13 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-08-10 17:08, Robert Munteanu wrote:
A quick search on bnc[1] has returned nothing of interest. Is this something I should change or a bug to report?
Bug 775360 - SystemD does not enable encrypted partition.
it does enable them for me - bnc#774247 that contains a proposal for a fix.
This seems to be exactly my situation. Robert
Let me look at 775360 now, Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- Sent from my (old) computer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hej! I don't mean to hijack this thread (and I'm new to the mailing list), so please bear with me for a second: This seems to be LVM over cryptsetup. What's the purpose of /etc/crypttab to begin with in a setup with an encrypted root partition? I'm running encrypted / (encrypted everything, really) on Tumbleweed and do not have /etc/crypttab at all. My understanding is that by the time systemd, mount or systemctl become active during boot, the unlocking of the encrypted root partition has to have happened already, because we wouldn't even get to systemctl etc without. The unlocking of / happens during the initrd phase, so isn't /etc/crypttab superfluous? And does the actual name of the encrypted partition/device (in the case of LVM) really matter at all? It seems to me not having /etc/crypttab in the first place would avoid having this problem all together. Or is this unwise and just asking for some trouble I am not aware of? sh-4.2$ dir /etc/crypt* /etc/cryptconfig.conf sh-4.2$ ls -l /dev/mapper/ total 0 crw------- 1 root root 10, 236 Aug 12 18:44 control lrwxrwxrwx 1 root root 7 Aug 12 18:44 cr_sda7 -> ../dm-0 lrwxrwxrwx 1 root root 7 Aug 12 18:44 linux-data -> ../dm-1 lrwxrwxrwx 1 root root 7 Aug 12 18:44 linux-home -> ../dm-2 lrwxrwxrwx 1 root root 7 Aug 12 18:44 linux-root -> ../dm-3 lrwxrwxrwx 1 root root 7 Aug 12 18:44 linux-swap -> ../dm-4 lrwxrwxrwx 1 root root 7 Aug 12 18:44 linux-tmp -> ../dm-5 All the best, Peter On 10/08/12 23:05, Robert Munteanu wrote:
On Fri, Aug 10, 2012 at 8:11 PM, Andreas Jaeger
wrote: On 08/10/2012 05:13 PM, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-08-10 17:08, Robert Munteanu wrote:
A quick search on bnc[1] has returned nothing of interest. Is this something I should change or a bug to report?
Bug 775360 - SystemD does not enable encrypted partition.
it does enable them for me - bnc#774247 that contains a proposal for a fix.
This seems to be exactly my situation.
Robert
Let me look at 775360 now, Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn,Jennifer Guild,Felix Imendörffer,HRB16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iQIcBAEBAgAGBQJQKa76AAoJENcYdssjh8D42lwP/Au+1RkzjihqdBI8eDHQX5TP MAT8D/02zYMMBs2ECNwpxrTT9m0gzBZyzzM3G2frq3racZJsbFr6qT693kbHDR+y L+ZYgXl0DNh7A8KJToD4gnMCUzyAX6lJO/UXlZsR7xuywP316uFZmZT9m1316yz+ 9mNwRcPcsJRUvZcKbfsBoTTgc1MDvr+MQ9Bq/uLlo91yUDukMO+R+JPWPZFJo2xk JKt450etLWDdhL6yAM6Ikw+l0NCnW6KKInIWaLGeO126pNUZq0s9LB1MP5FZvJTD oMg+BPPyPWCJbMsJbXItjgjXbYavfptqBokjepmJJJ6eQ6kpg8Zm0bJkAqLl4xu9 /stSX1nw+A480z8oIFgD7FRwiKC+eucWJg8MwXjJLOzhuQy/j03Yv8MkTrRhf4ZZ jMH/Qv1pJUztcArJslXdT6FZMk4+YElMK4h+iqZpJEefOCcugyJjAV8hpmgXXmAt ZoIkfzS13X3EbMDlHAhJjbwux+8YkfOjFvsNLBHTRTlG8Z+bOqSTp8c/wgu+G109 A5iJZgjNHiZX+L7YyyX/+sQpvQjkCTaQJxZ5oZlmUmQPiHJ1SlYFl3h7TxD8QyzE WDZp64NALdtHR37CFpPqh8QZpPiUyFh08bz6iQoBHZW76Ws0i9iROWN0He1wF3dC WoqX34VsNwUrvVXw0+qZ =7ePD -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, 2012-08-14 at 03:50 +0200, Peter Hanisch wrote:
Hej!
I don't mean to hijack this thread (and I'm new to the mailing list), so please bear with me for a second:
The trick is to branch the thread, changing the subject line like this: Booting encrypted LVM [Was: 12.2RC2 with encrypted partition - systemctl keeps asking for the passphrase] :-) it has to be related to the original thread; if you start a completely new subject and don't relate to the previous one nor in the subject nor in the text, then it is a hijack and you will get spanked ;-) Have a look at this guide: http://en.opensuse.org/openSUSE:Mailing_list_netiquette
This seems to be LVM over cryptsetup.
What's the purpose of /etc/crypttab to begin with in a setup with an encrypted root partition? I'm running encrypted / (encrypted everything, really) on Tumbleweed and do not have /etc/crypttab at all. My understanding is that by the time systemd, mount or systemctl become active during boot, the unlocking of the encrypted root partition has to have happened already, because we wouldn't even get to systemctl etc without. The unlocking of / happens during the initrd phase, so isn't /etc/crypttab superfluous? And does the actual name of the encrypted partition/device (in the case of LVM) really matter at all?
Well, the initrd archive can contain a copy of /etc/crypttab to be read during boot. But encripted partitions are automatically detected, there is a standard (Linux standard?) for that called LUKS. - -- Cheers, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAlAtVcIACgkQtTMYHG2NR9XN/QCfQ1eCB+nu/Uik6HKfztVbe1qu gKUAn2cNeDD//H0kW4/vRUm0D+NsbigD =9Cgw -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ah, the forking makes sense... ;) Well, my question is/was somewhat related. I experienced something similar, as documented (in a nice monologue, no less!) here: https://bugzilla.novell.com/show_bug.cgi?id=755565 The fix in that case was to get rid of /etc/crypttab, which was apparently read and processed by services running in userspace after already having done all necessary unlocking. The original post seems to have a somewhat similar problem, and for me, having no /etc/crypttab solved the problem and didn't cause any adverse effects. So that is sort of my suggestion if nothing comes out of the bug report, unless someone comes in here to scream at me, telling me why deleting crypttab is a bad idea and/or asking for trouble! ;) So it's not *completely* unrelated! I think... ;) On 16/08/12 22:19, Carlos E. R. wrote:
On Tuesday, 2012-08-14 at 03:50 +0200, Peter Hanisch wrote:
Hej!
I don't mean to hijack this thread (and I'm new to the mailing list), so please bear with me for a second:
The trick is to branch the thread, changing the subject line like this:
Booting encrypted LVM [Was: 12.2RC2 with encrypted partition - systemctl keeps asking for the passphrase]
:-)
it has to be related to the original thread; if you start a completely new subject and don't relate to the previous one nor in the subject nor in the text, then it is a hijack and you will get spanked ;-)
Have a look at this guide:
http://en.opensuse.org/openSUSE:Mailing_list_netiquette
This seems to be LVM over cryptsetup.
What's the purpose of /etc/crypttab to begin with in a setup with an encrypted root partition? I'm running encrypted / (encrypted everything, really) on Tumbleweed and do not have /etc/crypttab at all. My understanding is that by the time systemd, mount or systemctl become active during boot, the unlocking of the encrypted root partition has to have happened already, because we wouldn't even get to systemctl etc without. The unlocking of / happens during the initrd phase, so isn't /etc/crypttab superfluous? And does the actual name of the encrypted partition/device (in the case of LVM) really matter at all?
Well, the initrd archive can contain a copy of /etc/crypttab to be read during boot. But encripted partitions are automatically detected, there is a standard (Linux standard?) for that called LUKS.
-- Cheers, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar)
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iQIcBAEBAgAGBQJQL7iYAAoJENcYdssjh8D486oP/iUGt8/rWEQ0kdRuFhV52BMG GSylOaEDDtbyhOpEeHnn0EvqAX8NR9yd/QiF118iwcSUPurPoSpWG11JnYox6JlP vw1g1pZ785uvHcf0Zl6KU8cNYgRgZlS7bV852GtT4m6i4joSE3oHcUgu6pY2w8Tf sF1xti6nW2ItYw6rUirqK7w+Nw3bzdyZaIaGclN0dDDUf4xnJ8lofqC+IC+UI9/l d8vM3PD4pTKbbBKwoOYbTrkHN1aH+DGfnfaP4OtQY4nXR+fiKiyOdW7DMh5Yc3BU kIkawj2V719ucC19I78uCSmq0UCMk4bFOPlBkZ9cKe3Ww5euflyr7L7LSnTLmSMY KIcD45QAD8XKmOCKkNrGreHMhTwaJg9JJe9zhL7nWfFLS0WsfNkKF619lRIpEQu0 x/2jC2SphUzAfNOYbNVJJaLv17ntM8gob7EZUQat8NiVLXyUDGK41iVKVGezkiwP N85u0MWg/mk0xUMcvyz3YIwkgf/k1vEVz1jgNM657Pb23rviTR3d9/dFfjdebilK vfzqSZM81LR1FxkJJ4YtJNKvsD+n/bWAPWKhaA5cBFY4q7dcdVSIaWSw8eodB8aq RrqW3QIu+e+ixmNMT0CZ/baxpOaCxDpXDMC5q1UspOGbvwMP/TCce7wAZEd/Wmt5 /8+4d8dtDbKfEtWkxvht =uYxz -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-08-18 17:45, Peter Hanisch wrote:
So that is sort of my suggestion if nothing comes out of the bug report, unless someone comes in here to scream at me, telling me why deleting crypttab is a bad idea and/or asking for trouble! ;)
So it's not *completely* unrelated! I think... ;)
Maybe the file is not needed if systemd is used. Anyway, tumbleweed is special, but if yast created the file, and then the system does not work, it is a valid bug. - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlAv6yQACgkQIvFNjefEBxq+2QCfdL5ZVT6pP9l5KenLh0T1puTZ oB4AnA03L8MKcQ85d7DVxtewaU2CgBNy =XeVA -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Le samedi 18 août 2012 à 21:21 +0200, Carlos E. R. a écrit :
On 2012-08-18 17:45, Peter Hanisch wrote:
So that is sort of my suggestion if nothing comes out of the bug report, unless someone comes in here to scream at me, telling me why deleting crypttab is a bad idea and/or asking for trouble! ;)
So it's not *completely* unrelated! I think... ;)
Maybe the file is not needed if systemd is used.
This is exactly the contrary, systemd relies on /etc/crypttab
However, /etc/crypttab must contain the right data for crypto partitions
(see https://bugzilla.novell.com/show_bug.cgi?id=774247 for instance).
--
Frederic Crozat
participants (5)
-
Andreas Jaeger
-
Carlos E. R.
-
Frederic Crozat
-
Peter Hanisch
-
Robert Munteanu