Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1010708: cryptsetup: init script doesn't appear to do anything with force-start due to masked systemd services
70 views
Skip to first unread message
Andres Salomon
May 7, 2022, 5:50:03 PM5/7/22
to
Package: cryptsetup
Version: 2:2.3.7-1+deb11u1
This is on a newly installed Debian 11 system, and an external USB
drive that had previously been used on a Debian 9 or 10 (I forget
which) system.
dilinger@hm90:~$ /sbin/blkid /dev/sda
/dev/sda: UUID="2d95e6f9-bdfd-4045-8683-42cdef679b6a" TYPE="crypto_LUKS"
dilinger@hm90:~$ grep 2d95e6f9-bdfd-4045-8683-42cdef679b6a /etc/crypttab
8tb UUID=2d95e6f9-bdfd-4045-8683-42cdef679b6a none luks,noauto
dilinger@hm90:~$ sudo /etc/init.d/cryptdisks force-start; echo $?
0
Calling the init script with 'force-start' was how I used to start the
volume and get prompted for a password, but on a newer system with
systemd, that doesn't _appear_ to work any more:
dilinger@hm90:~$ sudo bash -x /etc/init.d/cryptdisks force-start
+ set -e
+ '[' -r /lib/cryptsetup/cryptdisks-functions ']'
+ . /lib/cryptsetup/cryptdisks-functions
++ PATH=/usr/sbin:/usr/bin:/sbin:/bin
++ CRYPTDISKS_ENABLE=Yes
++ '[' -x /sbin/cryptsetup ']'
++ . /lib/lsb/init-functions
++++ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+++ for hook in $(run-parts --lsbsysinit --list /lib/lsb/init-functions.d 2>/dev/null)
+++ '[' -r /lib/lsb/init-functions.d/00-verbose ']'
+++ . /lib/lsb/init-functions.d/00-verbose
+++ for hook in $(run-parts --lsbsysinit --list /lib/lsb/init-functions.d 2>/dev/null)
+++ '[' -r /lib/lsb/init-functions.d/40-systemd ']'
+++ . /lib/lsb/init-functions.d/40-systemd
++++ _use_systemctl=0
++++ '[' -d /run/systemd/system ']'
++++ '[' -n '' ']'
++++ '[' cryptdisks = init-d-script ']'
++++ '[' cryptdisks = force-start ']'
++++ executable=/etc/init.d/cryptdisks
++++ argument=force-start
++++ prog=cryptdisks
++++ service=cryptdisks.service
+++++ systemctl -p LoadState --value show cryptdisks.service
++++ state=masked
++++ '[' masked = masked ']'
++++ exit 0
It turns out that the systemd (247.3-7) package provides the
following:
dilinger@hm90:~/systemd_247.3-7$ ls -l /lib/systemd /system/cryptdisks*
lrwxrwxrwx 1 root root 9 Mar 20 15:55 /lib/systemd/system/cryptdisks-early.service -> /dev/null
lrwxrwxrwx 1 root root 9 Mar 20 15:55 /lib/systemd/system/cryptdisks.service -> /dev/null
The init script doesn't say why it's refusing to run, and
running 'systemctl unmask cryptdisks.service' doesn't actually
delete the symlinks. Once those symlinks are manually deleted,
'/etc/init.d/cryptsetup force-start' works once again.
It would be good if /etc/init.d/cryptsetup either warned about the
masked systemd service, and/or the cryptsetup postinst scripts
deleted or prompted the user about the symlinks.
Unless /etc/init.d/cryptsetup force-start is deprecated, of course!
But README.Debian still describes using the init script.
dilinger@hm90:~$ dpkg -l cryptsetup*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-====================-=================-============-====================================>
ii cryptsetup 2:2.3.7-1+deb11u1 amd64 disk encryption support - startup sc>
ii cryptsetup-bin 2:2.3.7-1+deb11u1 amd64 disk encryption support - command li>
un cryptsetup-initramfs <none> <none> (no description available)
un cryptsetup-run <none> <none> (no description available)
Version: 2:2.3.7-1+deb11u1
This is on a newly installed Debian 11 system, and an external USB
drive that had previously been used on a Debian 9 or 10 (I forget
which) system.
dilinger@hm90:~$ /sbin/blkid /dev/sda
/dev/sda: UUID="2d95e6f9-bdfd-4045-8683-42cdef679b6a" TYPE="crypto_LUKS"
dilinger@hm90:~$ grep 2d95e6f9-bdfd-4045-8683-42cdef679b6a /etc/crypttab
8tb UUID=2d95e6f9-bdfd-4045-8683-42cdef679b6a none luks,noauto
dilinger@hm90:~$ sudo /etc/init.d/cryptdisks force-start; echo $?
0
Calling the init script with 'force-start' was how I used to start the
volume and get prompted for a password, but on a newer system with
systemd, that doesn't _appear_ to work any more:
dilinger@hm90:~$ sudo bash -x /etc/init.d/cryptdisks force-start
+ set -e
+ '[' -r /lib/cryptsetup/cryptdisks-functions ']'
+ . /lib/cryptsetup/cryptdisks-functions
++ PATH=/usr/sbin:/usr/bin:/sbin:/bin
++ CRYPTDISKS_ENABLE=Yes
++ '[' -x /sbin/cryptsetup ']'
++ . /lib/lsb/init-functions
++++ run-parts --lsbsysinit --list /lib/lsb/init-functions.d
+++ for hook in $(run-parts --lsbsysinit --list /lib/lsb/init-functions.d 2>/dev/null)
+++ '[' -r /lib/lsb/init-functions.d/00-verbose ']'
+++ . /lib/lsb/init-functions.d/00-verbose
+++ for hook in $(run-parts --lsbsysinit --list /lib/lsb/init-functions.d 2>/dev/null)
+++ '[' -r /lib/lsb/init-functions.d/40-systemd ']'
+++ . /lib/lsb/init-functions.d/40-systemd
++++ _use_systemctl=0
++++ '[' -d /run/systemd/system ']'
++++ '[' -n '' ']'
++++ '[' cryptdisks = init-d-script ']'
++++ '[' cryptdisks = force-start ']'
++++ executable=/etc/init.d/cryptdisks
++++ argument=force-start
++++ prog=cryptdisks
++++ service=cryptdisks.service
+++++ systemctl -p LoadState --value show cryptdisks.service
++++ state=masked
++++ '[' masked = masked ']'
++++ exit 0
It turns out that the systemd (247.3-7) package provides the
following:
dilinger@hm90:~/systemd_247.3-7$ ls -l /lib/systemd /system/cryptdisks*
lrwxrwxrwx 1 root root 9 Mar 20 15:55 /lib/systemd/system/cryptdisks-early.service -> /dev/null
lrwxrwxrwx 1 root root 9 Mar 20 15:55 /lib/systemd/system/cryptdisks.service -> /dev/null
The init script doesn't say why it's refusing to run, and
running 'systemctl unmask cryptdisks.service' doesn't actually
delete the symlinks. Once those symlinks are manually deleted,
'/etc/init.d/cryptsetup force-start' works once again.
It would be good if /etc/init.d/cryptsetup either warned about the
masked systemd service, and/or the cryptsetup postinst scripts
deleted or prompted the user about the symlinks.
Unless /etc/init.d/cryptsetup force-start is deprecated, of course!
But README.Debian still describes using the init script.
dilinger@hm90:~$ dpkg -l cryptsetup*
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name Version Architecture Description
+++-====================-=================-============-====================================>
ii cryptsetup 2:2.3.7-1+deb11u1 amd64 disk encryption support - startup sc>
ii cryptsetup-bin 2:2.3.7-1+deb11u1 amd64 disk encryption support - command li>
un cryptsetup-initramfs <none> <none> (no description available)
un cryptsetup-run <none> <none> (no description available)
Guilhem Moulin
Aug 5, 2022, 5:50:04 PM8/5/22
to
Control: severity -1 minor
On Sat, 07 May 2022 at 17:40:34 -0400, Andres Salomon wrote:
> Calling the init script with 'force-start' was how I used to start the
> volume and get prompted for a password, but on a newer system with
> systemd, that doesn't _appear_ to work any more:
The init scripts are masked by systemd but you should be able to run
`cryptdisks_start 8tb` or `systemd-c...@8tb.service` to map the
volume.
> It would be good if /etc/init.d/cryptsetup either warned about the
> masked systemd service, and/or the cryptsetup postinst scripts
> deleted or prompted the user about the symlinks.
That would boil to overriding the systemd maintainers and I'm not going
to do that :-]
> Unless /etc/init.d/cryptsetup force-start is deprecated, of course!
> But README.Debian still describes using the init script.
Fair enough, I'll add a mention to systemd there.
--
Guilhem.
On Sat, 07 May 2022 at 17:40:34 -0400, Andres Salomon wrote:
> Calling the init script with 'force-start' was how I used to start the
> volume and get prompted for a password, but on a newer system with
> systemd, that doesn't _appear_ to work any more:
`cryptdisks_start 8tb` or `systemd-c...@8tb.service` to map the
volume.
> It would be good if /etc/init.d/cryptsetup either warned about the
> masked systemd service, and/or the cryptsetup postinst scripts
> deleted or prompted the user about the symlinks.
to do that :-]
> Unless /etc/init.d/cryptsetup force-start is deprecated, of course!
> But README.Debian still describes using the init script.
--
Guilhem.
0 new messages