| View previous topic :: View next topic |
| Author |
Message |
dartleader
Tux's lil' helper
Joined: 21 Apr 2019
Posts: 128
|
 Posted: Sun Nov 24, 2024 7:26 pm Post subject: dracut ssh luks-encrypted root: module dependency problems |
 |
|
Hey everyone, I just discovered ssh can be added to initramfs to allow ssh access before root decryption, but I'm struggling with its implementation.
I'm trying to add ssh support to my laptop which has working luks-encrypted initramfs on a UEFI grub boot. My system uses openrc.
dracut and dracut-crypt-ssh have been installed; when I run dracut --force, I get the following:
| Code: | dracut[I]: Executing: /usr/bin/dracut --force
dracut[E]: Module 'dbus-daemon' depends on module 'systemd', which can't be installed
dracut[E]: Module 'dbus' depends on module 'dbus-daemon', which can't be installed
dracut[E]: Module 'connman' depends on module 'dbus', which can't be installed
dracut[E]: Module 'network' depends on module 'network-legacy', which can't be installed
dracut[E]: Module 'crypt-ssh' depends on module 'network', which can't be installed
dracut[I]: Module 'overlayfs' will not be installed, because kernel module 'overlay' is not available!
dracut[I]: 90systemd-cryptsetup: Could not find any command of '/usr/lib/systemd/systemd-cryptsetup'!
dracut[E]: Module 'nfs' depends on module 'network', which can't be installed
dracut[I]: *** Including module: modsign ***
dracut[I]: *** Including module: i18n ***
dracut[I]: *** Including module: net-lib ***
dracut[I]: *** Including module: btrfs ***
dracut[I]: *** Including module: crypt ***
dracut[I]: *** Including module: dm ***
dracut[I]: *** Including module: kernel-modules ***
dracut[I]: *** Including module: kernel-modules-extra ***
dracut[I]: *** Including module: kernel-network-modules ***
dracut[I]: *** Including module: nvdimm ***
dracut[I]: *** Including module: pcmcia ***
dracut[I]: *** Including module: qemu ***
dracut[I]: *** Including module: qemu-net ***
dracut[I]: *** Including module: hwdb ***
dracut[I]: *** Including module: lunmask ***
dracut[I]: *** Including module: resume ***
dracut[I]: *** Including module: rootfs-block ***
dracut[I]: *** Including module: terminfo ***
dracut[I]: *** Including module: udev-rules ***
dracut[I]: Skipping program dmi_memory_id using in udev rule 70-memory.rules as it cannot be found
dracut[I]: *** Including module: virtiofs ***
dracut[I]: *** Including module: usrmount ***
dracut[I]: *** Including module: base ***
dracut[I]: *** Including module: fs-lib ***
dracut[I]: *** Including module: shutdown ***
dracut[I]: *** Including modules done ***
dracut[I]: *** Installing kernel module dependencies ***
dracut[I]: *** Installing kernel module dependencies done ***
dracut[I]: *** Resolving executable dependencies ***
dracut[I]: *** Resolving executable dependencies done ***
dracut[I]: *** Hardlinking files ***
dracut[I]: *** Hardlinking files done ***
dracut[I]: *** Generating early-microcode cpio image ***
dracut[I]: *** Constructing AuthenticAMD.bin ***
dracut[I]: *** Store current command line parameters ***
dracut[I]: *** Stripping files ***
dracut[I]: *** Stripping files done ***
dracut[I]: *** Creating image file '/boot/initramfs-6.6.62-gentoo-x86_64.img' ***
dracut[I]: Using auto-determined compression method 'zstd'
dracut[I]: *** Creating initramfs image file '/boot/initramfs-6.6.62-gentoo-x86_64.img' done *** |
It looks to me like root issues are a lack of systemd and network-legacy modules. Since I'm running this on openrc, is there some kind of compatibility option I need to enable?
I have tried omitting systemd support as described in this thread, https://forums.gentoo.org/viewtopic-t-1122257-start-0.html but my dracut continues to complain dbus-daemon relies upon it.
On the https://wiki.gentoo.org/wiki/Dracut wiki page, it states that net-analyzer/arping is a requirement for the network-legacy module, but that is contradicted by the bug report cited https://bugs.gentoo.org/show_bug.cgi?id=590566, which states that this bug has been resolved/fixed since 2017.
emerge --info output is below:
| Code: | Portage 3.0.66.1 (python 3.12.7-final-0, default/linux/amd64/23.0/hardened, gcc-13, glibc-2.40-r5, 6.6.62-gentoo-x86_64 x86_64)
=================================================================
System uname: Linux-6.6.62-gentoo-x86_64-x86_64-AMD_Ryzen_7_4800H_with_Radeon_Graphics-with-glibc2.40
KiB Mem: 15733776 total, 14776276 free
KiB Swap: 33554424 total, 33554424 free
Head commit of repository gentoo: 7415f4b69cada4db83abe614f60facc1bf700529
Timestamp of repository haskell: Sun, 10 Nov 2024 21:48:25 +0000
Head commit of repository haskell: 93905262b83313bb37ee4dfd33f5d6cdb5b3a331
Head commit of repository librewolf: 8167cec3afd42d446a3bcf2a16aac1c5d8c41e6c
Timestamp of repository pentoo: Fri, 22 Nov 2024 20:33:59 +0000
Head commit of repository pentoo: 5c24b4cfda4ceee8420a139d50c8694184f10ebc
Timestamp of repository steam-overlay: Sun, 17 Nov 2024 05:33:32 +0000
Head commit of repository steam-overlay: 443e064b607a92dbad15243732698edc0b411b43
Timestamp of repository wayland-desktop: Fri, 22 Nov 2024 20:34:11 +0000
Head commit of repository wayland-desktop: 03f5a78756db00affd0ce54250d79b06e27fff8e
sh bash 5.2_p37
ld GNU ld (Gentoo 2.42 p6) 2.42.0
app-misc/pax-utils: 1.3.7::gentoo
app-shells/bash: 5.2_p37::gentoo
dev-build/autoconf: 2.13-r8::gentoo, 2.71-r7::gentoo, 2.72-r1::gentoo
dev-build/automake: 1.16.5-r2::gentoo
dev-build/cmake: 3.30.5::gentoo
dev-build/libtool: 2.4.7-r4::gentoo
dev-build/make: 4.4.1-r100::gentoo
dev-build/meson: 1.5.2::gentoo
dev-java/java-config: 2.3.4::gentoo
dev-lang/perl: 5.40.0::gentoo
dev-lang/python: 3.11.10_p1::gentoo, 3.12.7_p1::gentoo, 3.13.0::gentoo
dev-lang/rust: 1.79.0-r100::gentoo, 1.81.0::gentoo
dev-lang/rust-bin: 1.79.0-r100::gentoo, 1.81.0-r100::gentoo
sys-apps/baselayout: 2.17::gentoo
sys-apps/openrc: 0.54.2::gentoo
sys-apps/sandbox: 2.39::gentoo
sys-devel/binutils: 2.42-r2::gentoo
sys-devel/binutils-config: 5.5.2::gentoo
sys-devel/clang: 18.1.8::gentoo
sys-devel/gcc: 13.3.1_p20241025::gentoo
sys-devel/gcc-config: 2.11::gentoo
sys-devel/lld: 18.1.8::gentoo
sys-devel/llvm: 18.1.8-r1::gentoo
sys-kernel/linux-headers: 6.6-r1::gentoo (virtual/os-headers)
sys-libs/glibc: 2.40-r5::gentoo
Repositories:
gentoo
location: /var/db/repos/gentoo
sync-type: git
sync-uri: https://gitweb.gentoo.org/repo/gentoo.git
priority: -1000
volatile: False
haskell
location: /var/db/repos/haskell
sync-type: git
sync-uri: https://github.com/gentoo-mirror/haskell.git
masters: gentoo
volatile: False
librewolf
location: /var/db/repos/librewolf
sync-type: git
sync-uri: https://codeberg.org/librewolf/gentoo.git
masters: gentoo
volatile: False
pentoo
location: /var/db/repos/pentoo
sync-type: git
sync-uri: https://github.com/gentoo-mirror/pentoo.git
masters: gentoo
volatile: False
steam-overlay
location: /var/db/repos/steam-overlay
sync-type: git
sync-uri: https://github.com/gentoo-mirror/steam-overlay.git
masters: gentoo
volatile: False
test_repo
location: /var/db/repos/test_repo
masters: gentoo
volatile: False
wayland-desktop
location: /var/db/repos/wayland-desktop
sync-type: git
sync-uri: https://github.com/gentoo-mirror/wayland-desktop.git
masters: gentoo
volatile: False
Installed sets: @school
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="@FREE"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=znver2 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-march=znver2 -O2 -pipe"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS="--jobs 16 --load 14.4"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-march=znver2 -O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs buildpkg-live config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync merge-wait multilib-strict network-sandbox news parallel-fetch pid-sandbox pkgdir-index-trusted preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-march=znver2 -O2 -pipe"
GENTOO_MIRRORS="https://mirror.csclub.uwaterloo.ca/gentoo-distfiles/ http://gentoo.mirrors.tera-byte.com/"
LANG="en_CA.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,-z,pack-relative-relocs"
LEX="flex"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/zsh"
USE="PYTHON_TARGETS="python3_11 X acl alsa amd64 bluetooth bzip2 cet crypt elogind gdbm hardened iconv ipv6 libtirpc lm-sensors multilib ncurses nls opengl openmp pam pcre pic pie pipewire python3_12" qt6 readline seccomp ssl ssp test-rust unicode vulkan wayland xattr xtpax zlib zsh-completion" ABI_X86="64" ADA_TARGET="gcc_12" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_anon authn_dbm authn_file authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir env expires ext_filter file_cache filter headers include info log_config logio mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax navcom oceanserver oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 tsip tripmate tnt ublox" GUILE_SINGLE_TARGET="3-0" GUILE_TARGETS="3-0" INPUT_DEVICES="wacom libinput" KERNEL="linux" L10N="en-CA" LCD_DEVICES="bayrad cfontz glk hd44780 lb216 lcdm001 mtxorb text" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-2" POSTGRES_TARGETS="postgres16" PYTHON_SINGLE_TARGET="python3_12" PYTHON_TARGETS="python3_12" RUBY_TARGETS="ruby32" VIDEO_CARDS="amdgpu radeonsi nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipp2p iface geoip fuzzy condition tarpit sysrq proto logmark ipmark dhcpmac delude chaos account"
Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, MAKEOPTS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PYTHONPATH, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS |
Does anyone know how I could approach this? I've been running around in circles the last couple days. I'm aware dracut is pulling in all sorts of modules I don't need (qemu ... ), but I'd rather get it working as desired for ssh support and then start trimming it down. |
|
| Back to top |
|
 |
ggggg
n00b
Joined: 07 Sep 2024
Posts: 3
|
| Posted: Mon Nov 25, 2024 1:14 pm Post subject: |
|
|
Can you please try
dracut --add "network-legacy crypt-ssh" --force
Also which version of dracut ? If not 105 can you please try 105 ? |
|
| Back to top |
|
|
dartleader
Tux's lil' helper
Joined: 21 Apr 2019
Posts: 128
|
| Posted: Mon Nov 25, 2024 7:47 pm Post subject: |
|
|
| ggggg wrote: | Can you please try
dracut --add "network-legacy crypt-ssh" --force
Also which version of dracut ? If not 105 can you please try 105 ? |
Output of dracut --add "network-legacy crypt-ssh" --force with dracut-103-r4:
| Code: | dracut[I]: Executing: /usr/bin/dracut --add " network-legacy crypt-ssh " --force
dracut[E]: Module 'dbus-daemon' depends on module 'systemd', which can't be installed
dracut[E]: Module 'dbus' depends on module 'dbus-daemon', which can't be installed
dracut[E]: Module 'connman' depends on module 'dbus', which can't be installed
dracut[E]: Module 'network' depends on module 'network-legacy', which can't be installed
dracut[E]: Module 'crypt-ssh' depends on module 'network', which can't be installed
dracut[I]: Module 'overlayfs' will not be installed, because kernel module 'overlay' is not available!
dracut[I]: 90systemd-cryptsetup: Could not find any command of '/usr/lib/systemd/systemd-cryptsetup'!
dracut[E]: Module 'nfs' depends on module 'network', which can't be installed
dracut[E]: Module 'network-legacy' cannot be installed. |
This is with dracut-105-r3:
| Code: | dracut[I]: Executing: /usr/bin/dracut --add " network-legacy crypt-ssh " --force
dracut[I]: 01systemd-cryptsetup: Could not find any command of '/usr/lib/systemd/systemd-cryptsetup'!
dracut[E]: Module 'dbus-daemon' depends on module 'systemd', which can't be installed
dracut[E]: Module 'dbus' depends on module 'dbus-daemon', which can't be installed
dracut[E]: Module 'connman' depends on module 'dbus', which can't be installed
dracut[E]: Module 'network' depends on module 'network-legacy', which can't be installed
dracut[E]: Module 'crypt-ssh' depends on module 'network', which can't be installed
dracut[I]: Module 'overlayfs' will not be installed, because kernel module 'overlay' is not available!
dracut[E]: Module 'nfs' depends on module 'network', which can't be installed
dracut[I]: Module 'squash-lib' will not be installed, because kernel module 'overlay' is not available!
dracut[E]: Module 'network-legacy' cannot be installed. |
I did notice on updating dracut to 105 though, that it provided me a list of programs to install (networkmanager ... etc) for additional functionality. Working on that now.
EDIT: I also just noticed it's complaining about a missing kernel overlay module. I'll rebuild my kernel with that added. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
