On 2018-08-09 06:04, Andrei Borzenkov wrote:
09.08.2018 00:16, Carlos E. R. пишет:
On 2018-08-08 19:52, Andrei Borzenkov wrote:
08.08.2018 13:10, Carlos E. R. пишет:
On 2018-08-07 21:33, Andrei Borzenkov wrote:
07.08.2018 11:52, Carlos E. R. пишет:
Hi,
On one machine (Leap 42.3) with encrypted home, when it boots and I'm not there it waits forever at the password prompt (not using plymouth).
By default systemd service that decrypts container has no timeout. You can change it in /etc/crypttab using timeout= option.
In Leap 42.3 it is as you say. In Leap 15.0 it has a 90 seconds timeout and can not be changed by that setting.
Both behave identically if configured identically. You compare apples and oranges.
Maybe. I have not done exhaustive testing on 42.3.
No, I tried and the setting is ignored. Worse, it causes to be impossible to type the password, the keyboard doesn't work. I have been trying for hours.
All these lines make the system unbootable:
cr_sda8 UUID=1edf494d-d697-40b2-ba00-c7da0a1d5fbe - timeout=0 cr_sda8 /dev/disk/by-uuid/1edf494d-d697-40b2-ba00-c7da0a1d5fbe - timeout=0 cr_sda8 /dev/sda8 - timeout=0 cr_sda8 /dev/sda8 none timeout=0
Only these work, with a time out of 90 seconds, unchangeable:
cr_sda8 /dev/sda8 cr_sda8 UUID=1edf494d-d697-40b2-ba00-c7da0a1d5fbe cr_sda8 UUID=1edf494d-d697-40b2-ba00-c7da0a1d5fbe none none
This other line:
cr_sda8 UUID=1edf494d-d697-40b2-ba00-c7da0a1d5fbe none timeout=300
is accepted, but the prompt text changes (doesn't print the timeout) and
I have no idea what does it mean. What prompt you are talking about, when it appears etc.
The prompt to enter the crypto password when booting, without plymouth installed.
This prompt never "printed timeout" so I still do not understand what you mean.
Sometimes it does, sometimes there is another line that prints it. I can take photos.
...
Because I thought it would be controlled in some more obscure way. And anyway, the manual is wrong, timeout=0 crashes my system boot.
"Crashes" what? Kernel? Systemd? What you write makes no sense.
It was detailed on another post in this same thread.
When I use "timeout=0" combined with
timeout=0 is default anyway, so is redundant.
Well, it is not, not here. It is 90 seconds when fstab has: /etc/fstab: LABEL=Home /home xfs lazytime 0 1
/etc/fstab:
LABEL=Home /home xfs lazytime 0 1
then the prompt to ask the crypto password does not accept any text entry. After 90 seconds, thus ignoring the timeout, it goes into emergency mode,
That is not "crash".
Call it what you wish :-)
which asks for my root password but also refuses to accept any text. Ctrl-D is not accepted, only ctrl-alt-supr works; I then boot a different partition, and in that auxiliary system I edit the main system /etc/crypttab to try again. All the tests I did are detailed in the other post I mentioned.
Yes, I have seen this too. We are left with two processes competing for console - passphrase query (which waits indefinitely) and emergency shell. Feel free to open bug report.
It still is not "crash". "Crashed" means "program or kernel stopped execution unintentionally".
Well, boot process stopped execution unintentionally...
I now try:
fstab: /dev/mapper/cr_sda8 /home xfs lazytime 0 1
/etc/crypttab: cr_sda8 UUID=1edf494d-d697-40b2-ba00-c7da0a1d5fbe none timeout=300
It doesn't print the timeout. If I press "enter" on the prompt it then prints that the timeout is "no limit". Despite this, it times out at an indeterminate time (I did not use a chronometer and the screen does not say) but might be the 300 seconds I wrote.
It *does* timeout after number of seconds specified in timeout= option.
I'm testing this again. The clock says 23:04, it should time out at 23:09.
When it is waiting, if I press enter I get a message saying that a startup job is waiting and that there is no time limit - which is false: at almost 23:09 it went into emergency mode.
The setting "timeout= " doesn't work as documented.
It does, even if you misinterpret what you see.
No. timeout=0 locks me out of the system. The password can not be typed.
This is entirely different problem. Even in this case "timeout=0" works as documented by disabling timeout and waiting for passphrase input indefinitely. That it conflicts with emergency mode is unfortunate bug.
I don't know if it conflicts. What I see is that I can not type the partition password, and that later when it times out at 90 seconds I can not type the root password. That's the symptoms. What is the cause (a conflict) I have no idea.
Anyway, there was no "press ENTER" in your original question. You wanted passhrase request to timeout after some time to allow boot to continue. That is exactly what option timeout= does. If you need something different, you forgot to describe it.
I wanted the situation reversed on both machines, and I got that. Kind of. timeout=0 crashes or locks or whatever the system. I can not enter.
If you insist on using configuration that cannot work due to (arguably, limitations of) systemd design, it is up to you. To properly track dependencies systemd absolutely needs /dev/mapper/<crypto-container> in /etc/fstab.
I currently have, in one machine (laptop): fstab: /dev/mapper/cr_sda8 /home xfs lazytime 0 1 crypttab: cr_sda8 UUID=1edf494d-....... none timeout=300 which is working. I initially wanted "timeout=0" but that is impossible as it locks me out of the system. Or it did with the initial fstab entry. The initial setting: LABEL=Home /home xfs lazytime 0 1 was written by YaST, I believe, as I did not know it was possible. I think it happened because at install time I specified I wanted (for all partitions) that I wanted mount by label instead of the default which is mount by uuid (at the bottom of the yast display when looking at a disk), and then I wrote a label for the encrypted partition. On another machine, the home server, I have written: fstab: /dev/mapper/cr_home /home xfs lazytime,exec,nofail 1 2 /dev/mapper/cr_hoard2 /data xfs user,lazytime,exec,nofail 1 2 crypttab: #cr_home /dev/disk/by-id/ata-KINGSTON...part5 none none cr_home /dev/disk/by-id/ata-KINGSTON...part5 none timeout=300 cr_data /dev/disk/by-uuid/24f77e... /home/cer/Keys/the_data_key auto which I will test as soon as I can reboot it, after some updates. The doubt is what will happen with the other encrypted partitions that have the key on a file - do they need setting a timeout, or will they be ignored as the path to the keyfile was not mounted? Thank you, I have got what I needed with your help :-) -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)