View previous topic :: View next topic |
Author |
Message |
Gilgwath n00b
Joined: 09 Dec 2010 Posts: 22
|
Posted: Wed Feb 04, 2015 4:32 pm Post subject: Encrypting swap on boot fails (systemd) [solved] |
|
|
Hello guys
A while ago I switched to systemd after I moved my system to an ssd and thus doing a reinstall. Since the build was going to be somewhat experimental anyway I decided to test the btrfs in replacement for the usual LVM-setup I do. The btrfs resides inside a LUKS container therefore I need to encrypt my swap but it has to be outside the btrfs because it can't handle swapfiles/partitions. Simplest solution to me seemed to just use /etc/crypttab but I am kind of stuck. I set up the file like it is described on the manpage
Code: |
swap UUID=2c2cc0c8-8db6-4411-8676-8b0ace3559d8 /dev/urandom swap
|
(Not specifying cypher, key-size and hash is deliberate to keep it simple until it works)
I also hafe a coressponding linge in /ets/fstab which reads
Code: |
/dev/mapper/swap none swap sw 0 0
|
At boot systemd waits for the device to appear but it is not created and after the 90sec time-out is reached continues to boot successfully.
Code: |
Feb 04 13:52:18 fingolfin systemd[1]: Timed out waiting for device dev-mapper-swap.device.
Feb 04 13:52:18 fingolfin systemd[1]: Dependency failed for /dev/mapper/swap.
Feb 04 13:52:18 fingolfin systemd[1]: Dependency failed for Swap.
|
I am quite certain that I am missing a very simple detail, because what I want to do is not that exotic. Anyone any ideas how to fix this? If additional information is required I am glad to provide it.
Last edited by Gilgwath on Thu Feb 05, 2015 8:56 pm; edited 1 time in total |
|
Back to top |
|
|
Roman_Gruber Advocate
Joined: 03 Oct 2006 Posts: 3846 Location: Austro Bavaria
|
Posted: Thu Feb 05, 2015 12:46 pm Post subject: |
|
|
have you tried
swapon
Well it creates teh cryptswap here but does not automount it here on eudev for ages. Also on udev before. I did not bother much about it. Probably an issue about the init here.
just add it there /etc/conf.d/dmcrypt
when you can get it to automount please post it here, ty
i ahve to use swapon in a shell to activate cryptswap |
|
Back to top |
|
|
Gilgwath n00b
Joined: 09 Dec 2010 Posts: 22
|
Posted: Thu Feb 05, 2015 1:23 pm Post subject: |
|
|
No, that seems not to be the case. The swap partition is not created and does not appear in /dev/mapper/.
Also the gentoo wiki page on systemd states:
Quote: | systemd doesn't seem to respect /etc/conf.d/dmcrypt and, then, you will need to configure it in /etc/crypttab file:
|
But I'll try to reactivate the config in /et/conf.d/dmcrypt and see what happens.
EDIT 05.06.15 14:54
Did not help. Could it be that I am missing the proper systemd unit to set up the partition in the first place? What unit would be required to do that?
Thx for your suggestions =) |
|
Back to top |
|
|
Roman_Gruber Advocate
Joined: 03 Oct 2006 Posts: 3846 Location: Austro Bavaria
|
Posted: Thu Feb 05, 2015 2:58 pm Post subject: |
|
|
works on udev/eudev but thats just for information for you
/etc/conf.d/dmcrypt => it creates swap but does not automounts it here, because i do not have /etc/fstab entry ... not willing to use swap always.
please share your /etc/conf.d/dmcrypt file so i can see if its right.
thanks |
|
Back to top |
|
|
Gilgwath n00b
Joined: 09 Dec 2010 Posts: 22
|
Posted: Thu Feb 05, 2015 5:30 pm Post subject: |
|
|
This is the active part of my /etc/conf.d/dmcrypt
Code: | swap=swap
source='/dev/sdb2'
options='-ctwofish-xts-plain64 -s512 -hwhirlpool -d /dev/urandom' |
My root partition uses the same cryptographic settings, so faulty kernel configuration is ruled out. This worked booting on openrc, but booting with systemd did not produce a device in /dev/mapper. As was to be expected from this Gentoo-Wiki articel and this bug BUG 429966
Thx for your answer
EDIT 05.02.15 18:34
Just removed the swap line from my fstab. What's causing systemd to wait is the mounting via fstab. So the problem lies with the creation of the device. Poking round the net yielded this freedesktop specification. My system provides no service unit related to cryptsetup, also said generator script is not available. Let's see what I find flowing that lead.
Thx for pushing me in the right direction =)
Last edited by Gilgwath on Thu Feb 05, 2015 5:51 pm; edited 1 time in total |
|
Back to top |
|
|
Roman_Gruber Advocate
Joined: 03 Oct 2006 Posts: 3846 Location: Austro Bavaria
|
Posted: Thu Feb 05, 2015 5:35 pm Post subject: |
|
|
Quote: | swap=crypt-swap
source='/dev/disk/by-id/ata-SAMSUNG_HN-ABCDEFGH_1234567899-partX'
|
I think you need to do it as i did. maybe you just need crypt-swap
using this source='/dev/sdb2' is very bad as you rely that the drive is always named the same. much more error proof is my solution.
these are the comment lines in my file, there is also crypt-swap instead of your swap only
Quote: | ## swap
# Swap partitions. These should come first so that no keys make their
# way into unencrypted swap.
# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
# If no makefs is given then mkswap will be assumed
#swap=crypt-swap
#source='/dev/hda2' |
|
|
Back to top |
|
|
Gilgwath n00b
Joined: 09 Dec 2010 Posts: 22
|
Posted: Thu Feb 05, 2015 6:20 pm Post subject: |
|
|
Oh and there we go found this gossamer thread I did not read the article in full, but I discovered a hint to a missing "cryptsetup" USE-Flag, what is the cause for the missing cryptsetup-generator script. I am currently recompiling the affected packages and I'll give it a go after I had something to eat. I'll let you know.
EDIT 05.02.15 21:25
Jep, systemd now actually tries to setup the device but it fails with the following lines in in the journal:
Code: | Feb 05 20:56:54 fingolfin systemd[1]: Timed out waiting for device dev-disk-by\x2duuid-2c2cc0c8\x2d8db6\x2d4411\x2d8676\x2d8b0ace3559d8.device.
Feb 05 20:56:54 fingolfin systemd[1]: Dependency failed for Cryptography Setup for swap.
Feb 05 20:56:54 fingolfin systemd[1]: Dependency failed for Encrypted Volumes.
Feb 05 20:56:54 fingolfin systemd[1]: Dependency failed for dev-mapper-swap.device. |
Can I tell systemd to be more verbose about what went wrong?
EDIT 05.02.15 21:42
FIXED! =) Rebuilding systemd with cryptsetup use-flag was the first step. Then I recreated the partition with gdisk, to make sure it is empty. I also gave it a Linux-Filesystem-Label instead of Linux-Swap-Label. Now the system generates a encrypted swap in /dev/mapper/ according to my specifications in /etc/crypttab. Maybe systemd seized the swap partition because of either the disk label or a existing swap formatting on the drive before cryptsetup kicks in, thus blocking the encryption process. Now swap can be mounted via fstab, like in my first post.
Thx for all the suggestions =) This thread can be closed. |
|
Back to top |
|
|
Roman_Gruber Advocate
Joined: 03 Oct 2006 Posts: 3846 Location: Austro Bavaria
|
Posted: Fri Feb 06, 2015 8:53 am Post subject: |
|
|
May i ask for your /etc/fstab
Call it lazyness or I just need it because automounting of cryptswap did not work and i did not dig deeper.
Maybe I can get it working with your working example. thanks. |
|
Back to top |
|
|
Gilgwath n00b
Joined: 09 Dec 2010 Posts: 22
|
Posted: Fri Feb 06, 2015 1:22 pm Post subject: |
|
|
You can see the relevant line in my first post. What init system are you using? Systemd or openRC? |
|
Back to top |
|
|
Roman_Gruber Advocate
Joined: 03 Oct 2006 Posts: 3846 Location: Austro Bavaria
|
Posted: Fri Feb 06, 2015 1:23 pm Post subject: |
|
|
openrc / with eudev => i will change to mdev soon |
|
Back to top |
|
|
Gilgwath n00b
Joined: 09 Dec 2010 Posts: 22
|
Posted: Fri Feb 06, 2015 2:02 pm Post subject: |
|
|
Can you show me your /etc/dmcrypt and your fstab? Does the encrypted swap device exist in /dev/mapper/? |
|
Back to top |
|
|
Roman_Gruber Advocate
Joined: 03 Oct 2006 Posts: 3846 Location: Austro Bavaria
|
Posted: Fri Feb 06, 2015 4:13 pm Post subject: |
|
|
i think the lack of fstab entry causes that it is not automounted but thats okay as of now
http://pastebin.com/4jqTS08h dmcrypt, with anonymised disk id
crypt-swap exists and is useable when i use swapon /dev/map... crypt-swap
Code: | ls /dev/mapper/crypt-swap
/dev/mapper/crypt-swap |
fstab. I dislike automounted swap. most things are in ram
Code: | cat /etc/fstab
# /etc/fstab: static file system information.
# <fs> <mountpoint> <type> <opts> <dump/pass>
/dev/sda1 /boot ext2 auto,noatime 1 2
#luks Volume
/dev/mapper/root / ext4 discard,noatime,commit=600,defaults 0 1
#/dev/mapper/vg_raid0-lvm_root / ext4 noatime 0 1
# 1TB HDD, for /usr/portage/distfiles and other
/dev/sdb2 /mnt/sdb2 ext4 rw,noatime 0 1
/dev/hda /mnt/cdrom auto noauto,user 0 0
# glibc 2.2 and above expects tmpfs to be mounted at /dev/shm for
# POSIX shared memory (shm_open, shm_unlink).
# (tmpfs is a dynamically expandable/shrinkable ramdisk, and will
# use almost no memory if not populated with files)
shm /dev/shm tmpfs nodev,nosuid,noexec 0 0
none /tmp tmpfs nodev,defaults 0 0
#portage tmpfs according to https://wiki.gentoo.org/index.php?title=Portage_TMPDIR_on_tmpfs&redirect=no
none /var/tmp/portage tmpfs size=2048M,noatime 0 0
|
|
|
Back to top |
|
|
Gilgwath n00b
Joined: 09 Dec 2010 Posts: 22
|
Posted: Sat Feb 07, 2015 1:46 pm Post subject: |
|
|
So yes normaly a line like
Code: | /dev/mapper/crypt-swap none swap sw 0 0 |
Should suffice to make swap auto mount |
|
Back to top |
|
|
|