tags 819982 + unreproducible quit Felix Koop <f...@fkoop.de> writes:
> > Teddy Hogeborn <te...@recompile.se> hat am 5. April 2016 um 10:12 > > geschrieben: > > > > So the client works in the normal system but fails in the initrd? > > That is odd. I have a few suggestions to gather more data to help > > with debugging: > > > > 1. Uncomment the line in /etc/mandos/plugin-runner.conf which says > > "--options-for=mandos-client:--debug", and rebuild the initramfs > > image with "update-initramfs -k all -u". When booting, the > > Mandos client should now output debug information, including more > > details about the error you reported. > > > I don't see any more specific error, but I have attached a photo of > the boot process when the error happens (hope that helps). The photo actually does contain *some* more information about the error, but it is not very helpful: Trying to decrypt OpenPGP data bad gpgme_op_decrypt: GPGME: Decryption failed Unsupported algorithm: (null) Wrong key usage: 0 Public key algorithm: RSA Key ID: F8118489CABEB18B Secret key available: Yes So I'm guessing that the key ID for the client is F8118489CABEB18B? This should be what the fingerprint should end with in the client.conf file on the server, at least. > > 2. Unpack the initramfs image and list the files it contains - > > perhaps it is missing something important for some odd reason. > > This is most easily done by running the "initramfs-unpack" script > > from the Mandos source tree, which will unpack all initramfs > > images to /tmp. The script file is available here: > > > > > > <http://bzr.recompile.se/loggerhead/mandos/trunk/view/head:/initramfs-unpack>. > > Listing is attached. You do have some *extra* stuff in your initramfs image compared to what I have on Debian stable, but nothing seems to be *missing*. > > 3. Boot your system with the additional kernel command line argument > > "break". This will start an emergency shell. First, run the > > command > > > > chmod a=rwxt /tmp > > > > Then you should be able to run the /lib/mandos/plugin-runner > > program, and by running the command multiple times you should be > > able to debug the problem. Also, the output of the "gpgconf" > > command in this mode should be informative, especially compared > > to its output when run in the normal system. > > I don't get the emergency shell, but a kernel panic instead. Then the > system reboots. This continues. Right. I suggest you take that up with the initramfs-tools maintainer. Can you reproduce the problem by unpacking the initramfs (as above), chrooting into it, and running the mandos-client from inside it? /Teddy Hogeborn -- The Mandos Project https://www.recompile.se/mandos
