https://bugzilla.novell.com/show_bug.cgi?id=862975 https://bugzilla.novell.com/show_bug.cgi?id=862975#c2 Dr. Werner Fink changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium CC| |systemd-maintainers@suse.de | |, werner@suse.com AssignedTo|systemd-maintainers@suse.de |lnussel@suse.com --- Comment #2 from Dr. Werner Fink 2014-02-10 07:59:52 UTC --- AFAIK /etc/crypttab is created by cryptsetup and also /etc/fstab is touched AFAICS.

From systemd side we could try to add a ExecStartPost= line with the appropiate chmod in the cryptsetup-generator ... I'm only surprised that this is not already done(?)

-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=862975 https://bugzilla.novell.com/show_bug.cgi?id=862975#c4 Dr. Werner Fink changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |werner@suse.com InfoProvider| |lnussel@suse.com --- Comment #4 from Dr. Werner Fink 2014-02-10 09:53:49 UTC --- (In reply to comment #3) What is converting the old configuration to the new configuration? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=862975 https://bugzilla.novell.com/show_bug.cgi?id=862975#c6 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|lnussel@suse.com | --- Comment #6 from Ludwig Nussel 2014-02-10 11:15:07 CET --- There is no conversion as it's the same file. I don't know if systemd supports all options boot.crypto did though as I wasn't involved in the development of crypto support in systemd. You could compare the old and new manpages for a start. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=862975 https://bugzilla.novell.com/show_bug.cgi?id=862975#c8 Dr. Werner Fink changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |arvidjaar@gmail.com --- Comment #8 from Dr. Werner Fink 2014-02-10 10:54:06 UTC --- (In reply to comment #7) How does the line in /etc/fstab look? Also I'd like to see the generated units below /run/systemd for setting up the crypted devices. As well as the used links for this. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=862975 https://bugzilla.novell.com/show_bug.cgi?id=862975#c10 Andrey Borzenkov changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|arvidjaar@gmail.com | --- Comment #10 from Andrey Borzenkov 2014-02-10 16:33:33 UTC --- (In reply to comment #7)

How does the line in /etc/fstab look? Also I'd like to see the generated units below /run/systemd for setting up the crypted devices. As well as the used links for this.

/etc/crypttab ==== cr_tmp /dev/disk/by-id/ata-QEMU_HARDDISK_QM00002-part1 /dev/urandom tmp ==== /etc/fstab ==== /dev/mapper/cr_tmp /tmp ext4 acl,user_xattr,nofail 0 2 ==== /run/systemd/generator/systemd-cryptsetup@cr_tmp.service ==== # Automatically generated by systemd-cryptsetup-generator [Unit] Description=Cryptography Setup for %I Documentation=man:systemd-cryptsetup@.service(8) man:crypttab(5) SourcePath=/etc/crypttab Conflicts=umount.target DefaultDependencies=no BindsTo=dev-mapper-%i.device IgnoreOnIsolate=true After=md.service dmraid.service After=systemd-readahead-collect.service systemd-readahead-replay.service Before=cryptsetup.target After=systemd-random-seed.service BindsTo=dev-disk-by\x2did-ata\x2dQEMU_HARDDISK_QM00002\x2dpart1.device After=dev-disk-by\x2did-ata\x2dQEMU_HARDDISK_QM00002\x2dpart1.device Before=umount.target [Service] Type=oneshot RemainAfterExit=yes TimeoutSec=0 ExecStart=/usr/lib/systemd/systemd-cryptsetup attach 'cr_tmp' '/dev/disk/by-id/ata-QEMU_HARDDISK_QM00002-part1' '/dev/urandom' 'tmp' ExecStop=/usr/lib/systemd/systemd-cryptsetup detach 'cr_tmp' ExecStartPost=/sbin/mke2fs '/dev/mapper/cr_tmp' ==== /run/systemd/generator/tmp.mount ==== # Automatically generated by systemd-fstab-generator [Unit] SourcePath=/etc/fstab [Mount] What=/dev/mapper/cr_tmp Where=/tmp Type=ext4 FsckPassNo=2 Options=acl,user_xattr,nofail ==== (In reply to comment #9)

Next question is why does /usr/lib/tmpfiles.d/tmp.conf with the line

d /tmp 1777 root root -

therein not work. Shouldn't that be done after the encrypted file is mounted?

Oh, that's interesting. Once upon a time encrypted filesystems were mounted by boot.crypto and so contained "noauto". On update it remains (more precisely, "noauto" is replace by "nofail" but it does not really matter). If /etc/fstab contains "noauto" or "nofail", dependency on local-fs.target is not generated. Which means that filesystem is mounted *after* systemd-tmpfiles-setup run (it needs to call mke2fs which takes time and local-fs.target does not wait for it). Recently there was discussion on systemd-devel, and common opinion was that by "nofail" user declares that filesystem is optional, so it makes no sense to delay startup by waiting on it. But note, that "tmp" option in /etc/crypttab does not necessary apply to /tmp; this case still is not covered by existing tmp.conf. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.