probably of a topic for the dracut mailing list, but since I cannot
reach it, I figured I should ask here where I feel at home. :)
I am implementing a Dracut module to unlock a LUKS encrypted root partition.
This works all fine, but in case the module fails, I would like to have
the default systemd based crypt module as a fallback.
Unfortunately this ystemd based crypt module does not seem to respect
the hook priorities.
I install my script with
inst_hook initqueue 01 "$moddir/luksrku-script.sh"
but during boot, systemd-tty-ask-password-agent comes up right in the
middle of the initqueue scripts and asks for a passphrase. My script
continues to unlock the disk, but the passphrase prompt stays, until
someone hits the enter key.
I currently work around the issue by manually failing the prompt if my
if [ "$?" = "0" ]; then
echo "" | systemd-tty-ask-password-agent
but this is not ideal, as it causes systemd to print errors messages:
Failed to start Cryptography Setup for cr_root.
Dependency failed for Local Encrypted Volumes.
Granted, those errors are totally ignorable, as after Dracut continues
with its boot process systemd "realizes" the disks have already been
unlocked (as seen in the journal after boot-up):
systemd-cryptsetup: Volume cr_root already active.
systemd: Finished Cryptography Setup for cr_root.
But it is still not pretty to have these errors during boot and I feel
like there has to be some way to make the crypt hook wait for my
initqueue hook to finish (which I assume would make it "realize" the
volume is already unlocked before calling the password agent)?
Note that initqueue is the earliest I can call my script, as I need
network dependencies not yet available in the cmdline or udev runs.
I found that there is a basic check for $NEWROOT in
/usr/lib/dracut/modules.d/90crypt/cryptroot-ask.sh, but this script
seems to be only be called on non-systemd systems without
systemd-tty-ask-password-agent, making it not relevant for openSUSE.
Would appreciate any pointers!
Thanks for reading,