Mailinglist Archive: opensuse (1108 mails)

< Previous Next >
Re: [opensuse] Booting with an encrypted home
08.08.2018 13:10, Carlos E. R. пишет:
On 2018-08-07 21:33, Andrei Borzenkov wrote:
07.08.2018 11:52, Carlos E. R. пишет:


Hi,

On one machine (Leap 42.3) with encrypted home, when it boots and I'm
not there it waits forever at the password prompt (not using plymouth).

By default systemd service that decrypts container has no timeout. You
can change it in /etc/crypttab using timeout= option.

In Leap 42.3 it is as you say. In Leap 15.0 it has a 90 seconds timeout
and can not be changed by that setting.


Both behave identically if configured identically. You compare apples
and oranges.

No, I tried and the setting is ignored. Worse, it causes to be
impossible to type the password, the keyboard doesn't work. I have been
trying for hours.

All these lines make the system unbootable:

cr_sda8 UUID=1edf494d-d697-40b2-ba00-c7da0a1d5fbe - timeout=0
cr_sda8 /dev/disk/by-uuid/1edf494d-d697-40b2-ba00-c7da0a1d5fbe -
timeout=0
cr_sda8 /dev/sda8 - timeout=0
cr_sda8 /dev/sda8 none timeout=0

Only these work, with a time out of 90 seconds, unchangeable:

cr_sda8 /dev/sda8
cr_sda8 UUID=1edf494d-d697-40b2-ba00-c7da0a1d5fbe
cr_sda8 UUID=1edf494d-d697-40b2-ba00-c7da0a1d5fbe none none

This other line:

cr_sda8 UUID=1edf494d-d697-40b2-ba00-c7da0a1d5fbe none timeout=300

is accepted, but the prompt text changes (doesn't print the timeout) and

I have no idea what does it mean. What prompt you are talking about,
when it appears etc.

...


Because I thought it would be controlled in some more obscure way. And
anyway, the manual is wrong, timeout=0 crashes my system boot.


"Crashes" what? Kernel? Systemd? What you write makes no sense.

I now try:

fstab:
/dev/mapper/cr_sda8 /home xfs lazytime 0 1

/etc/crypttab:
cr_sda8 UUID=1edf494d-d697-40b2-ba00-c7da0a1d5fbe none timeout=300

It doesn't print the timeout. If I press "enter" on the prompt it then
prints that the timeout is "no limit". Despite this, it times out at an
indeterminate time (I did not use a chronometer and the screen does not
say) but might be the 300 seconds I wrote.


It *does* timeout after number of seconds specified in timeout= option.


The setting "timeout= " doesn't work as documented.


It does, even if you misinterpret what you see.

Anyway, there was no "press ENTER" in your original question. You wanted
passhrase request to timeout after some time to allow boot to continue.
That is exactly what option timeout= does. If you need something
different, you forgot to describe it.


Thus, by using or not /dev/mapper/path I can set infinite timeout or 90
second timeout.


Those are two entirely different timeouts in two entirely different
places. You again mix apples and oranges.

[...]

Huh, no, one of my experiments timed out differently. See above.


Well, my experiments work exactly as you wanted. So either you do not
describe your situation with enough details or you actually want
something different than you described.

< Previous Next >
Follow Ups