You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am implementing a Dracut module to unlock a LUKS encrypted root partition.
This works all fine, but in case the module fails, I would like to have the default systemd based crypt module as a fallback.
Unfortunately this sytemd based crypt module does not seem to respect the hook priorities.
but during boot, systemd-tty-ask-password-agent comes up right in the middle of the initqueue scripts and asks for a passphrase. My script continues to unlock the disk, but the passphrase prompt stays, until someone hits the enter key.
I currently work around the issue by manually failing the prompt if my script succeeds:
if [ "$?" = "0" ]; then
echo "" | systemd-tty-ask-password-agent
fi
which works, but is not ideal, as it causes systemd to print errors messages:
Failed to start Cryptography Setup for cr_root.
Dependency failed for Local Encrypted Volumes.
Granted, those errors are totally ignorable, as after Dracut continues with its boot process systemd "realizes" the disks have already been unlocked (as seen in the journal after boot-up):
But it is still not pretty to have these errors during boot and I feel like there has to be some way to make the crypt hook wait for my initqueue hook to finish (which I assume would make it "realize" the volume is already unlocked before calling the password agent)?
Note that initqueue is the earliest I can call my script, as I need network dependencies not yet available in the cmdline or udev runs.
I found that there is a basic check for $NEWROOT in /usr/lib/dracut/modules.d/90crypt/cryptroot-ask.sh, but this script seems to be only be called on non-systemd systems without systemd-tty-ask-password-agent, making it not relevant for my use, which targets systemd based systems like openSUSE.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I am implementing a Dracut module to unlock a LUKS encrypted root partition.
This works all fine, but in case the module fails, I would like to have the default systemd based crypt module as a fallback.
Unfortunately this sytemd based crypt module does not seem to respect the hook priorities.
I install my script with
inst_hook initqueue 01 "$moddir/luksrku-script.sh"
but during boot, systemd-tty-ask-password-agent comes up right in the middle of the initqueue scripts and asks for a passphrase. My script continues to unlock the disk, but the passphrase prompt stays, until someone hits the enter key.
I currently work around the issue by manually failing the prompt if my script succeeds:
which works, but is not ideal, as it causes systemd to print errors messages:
Granted, those errors are totally ignorable, as after Dracut continues with its boot process systemd "realizes" the disks have already been unlocked (as seen in the journal after boot-up):
But it is still not pretty to have these errors during boot and I feel like there has to be some way to make the crypt hook wait for my initqueue hook to finish (which I assume would make it "realize" the volume is already unlocked before calling the password agent)?
Note that initqueue is the earliest I can call my script, as I need network dependencies not yet available in the cmdline or udev runs.
I found that there is a basic check for
$NEWROOT
in/usr/lib/dracut/modules.d/90crypt/cryptroot-ask.sh
, but this script seems to be only be called on non-systemd systems withoutsystemd-tty-ask-password-agent
, making it not relevant for my use, which targets systemd based systems like openSUSE.Would appreciate any pointers!
Thanks for reading,
Georg
Beta Was this translation helpful? Give feedback.
All reactions