Package: cryptsetup Version: 2:2.1.0-2 Severity: grave Justification: renders package unusable
Hello, I've rebooted my computer this morning and the password prompt to unlock the crypto device would not appear before grub would search for the lvm device inside. This means that the system was not booting and I was getting dropped in the grub rescue prompt. The only way that I could bring the system back was by using the "Rescue mode" with the debian stretch installer. I have all files, including /boot, in one partition, and I use grub to unlock the crypto in order for it to find kernel and boot options. If this seems like a case that wouldn't affect most users, please don't hesitate to demote the severity. I found out that some configuration lines are missing in all options that get generated inside grub.cfg. Here's a diff between the grub configuration that was generated while in rescue mode (in a chroot inside the device that gets used for / ) vs. generated while the system is running: -------------8<------------8<----------------8<----------- $ diff -burN ~/grub.cfg /boot/grub/grub.cfg --- /home/gabster/grub.cfg 2019-04-08 19:20:24.000726392 -0400 +++ /boot/grub/grub.cfg 2019-04-08 19:37:00.360714287 -0400 @@ -58,15 +58,8 @@ if [ x$feature_default_font_path = xy ] ; then font=unicode else -insmod part_msdos -insmod cryptodisk -insmod luks -insmod gcry_rijndael -insmod gcry_rijndael -insmod gcry_sha256 insmod lvm insmod ext2 -cryptomount -u f100e85eb832489a9e97f1a9661a0c45 set root='lvmid/RfBQnU-gtRN-m55o-zwRA-L433-esRb-UpOa0w/lEtX5E-aBNo-0ngD-TwvX-3qrY-OxNF-DaG8T4' if [ x$feature_platform_search_hint = xy ]; then search --no-floppy --fs-uuid --set=root --hint='lvmid/RfBQnU-gtRN-m55o-zwRA-L433-esRb-UpOa0w/lEtX5E-aBNo-0ngD-TwvX-3qrY-OxNF-DaG8T4' f8c6cb03-667e-46fc-b531-eb30a2558d74 @@ -81,7 +74,7 @@ load_video insmod gfxterm set locale_dir=$prefix/locale - set lang=C + set lang=en_CA insmod gettext fi terminal_output gfxterm ------------->8------------>8---------------->8----------- (I've abbreviated the diff since all the rest is just repetition of missing "insmod" and "cryptomount" lines for all options. for some reason those lines are not added when running the system after decrypting the disk properly, but they are present when the grub.conf file is generated in the chroot in rescue mode. since the same versions of software are used in both cases, I can only presume that something is different in the mounts currently available, or some other kernel setting that might differ.. Heres a listing of mounts (which are mostly things that come from the kernel -- you can also see the debian stretch usb key that saved me :P ) -------------8<------------8<----------------8<----------- $ mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) udev on /dev type devtmpfs (rw,nosuid,relatime,size=8053524k,nr_inodes=2013381,mode=755) devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=1614472k,mode=755) /dev/mapper/host-root on / type ext4 (rw,relatime,errors=remount-ro,stripe=8191) securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev) tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k) tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755) cgroup2 on /sys/fs/cgroup/unified type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate) cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,name=systemd) pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime) bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700) cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct) cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory) cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer) cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset) cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio) cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma) cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices) cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event) cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio) cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids) systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=25,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=12208) debugfs on /sys/kernel/debug type debugfs (rw,relatime) hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M) mqueue on /dev/mqueue type mqueue (rw,relatime) sunrpc on /run/rpc_pipefs type rpc_pipefs (rw,relatime) nfsd on /proc/fs/nfsd type nfsd (rw,relatime) /var/lib/snapd/snaps/riseup-vpn_126.snap on /snap/riseup-vpn/126 type squashfs (ro,nodev,relatime,x-gdu.hide) /var/lib/snapd/snaps/core_6673.snap on /snap/core/6673 type squashfs (ro,nodev,relatime,x-gdu.hide) /var/lib/snapd/snaps/core_6405.snap on /snap/core/6405 type squashfs (ro,nodev,relatime,x-gdu.hide) /var/lib/snapd/snaps/core_6531.snap on /snap/core/6531 type squashfs (ro,nodev,relatime,x-gdu.hide) /var/lib/snapd/snaps/riseup-vpn_116.snap on /snap/riseup-vpn/116 type squashfs (ro,nodev,relatime,x-gdu.hide) /var/lib/snapd/snaps/riseup-vpn_98.snap on /snap/riseup-vpn/98 type squashfs (ro,nodev,relatime,x-gdu.hide) tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noexec,relatime,size=4843408k) binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime) tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=1614468k,mode=700,uid=1000,gid=1000) /dev/sdb1 on /media/gabster/Debian 9.7.0 amd64 n type iso9660 (ro,nosuid,nodev,relatime,nojoliet,check=s,map=n,blocksize=2048,uid=1000,gid=1000,dmode=500,fmode=400,uhelper=udisks2) fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime) ------------->8------------>8---------------->8----------- I can provide more information if needed. -- Package-specific info: -- /proc/cmdline BOOT_IMAGE=/boot/vmlinuz-4.19.0-4-amd64 root=/dev/mapper/host-root ro quiet apparmor=1 security=apparmor apparmor=1 security=apparmor apparmor=1 security=apparmor apparmor=1 security=apparmor apparmor=1 security=apparmor apparmor=1 security=apparmor apparmor=1 security=apparmor apparmor=1 security=apparmor -- /etc/crypttab sda1_crypt UUID=f100e85e-b832-489a-9e97-f1a9661a0c45 none luks,discard -- /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # <file system> <mount point> <type> <options> <dump> <pass> /dev/mapper/host-root / ext4 errors=remount-ro 0 1 /dev/mapper/host-swap none swap sw 0 0 #/dev/sdb1 /media/usb0 auto rw,user,noauto 0 0 #/dev/sdb2 /media/usb1 auto rw,user,noauto 0 0 tmpfs /tmp tmpfs nodev,nosuid,noexec,size=30% 0 0 -- lsmod Module Size Used by fuse 122880 1 ufs 86016 0 qnx4 16384 0 hfsplus 114688 0 hfs 69632 0 minix 40960 0 ntfs 110592 0 vfat 24576 0 msdos 20480 0 fat 86016 2 msdos,vfat jfs 208896 0 xfs 1458176 0 ctr 16384 4 ccm 20480 6 nls_utf8 16384 1 isofs 45056 1 nft_chain_route_ipv4 16384 1 xt_CHECKSUM 16384 1 nft_chain_nat_ipv4 16384 4 ipt_MASQUERADE 16384 1 nf_nat_ipv4 16384 2 ipt_MASQUERADE,nft_chain_nat_ipv4 tun 49152 2 bridge 188416 0 stp 16384 1 bridge llc 16384 2 bridge,stp devlink 77824 0 snd_hda_codec_hdmi 57344 1 snd_hda_codec_realtek 118784 1 snd_hda_codec_generic 86016 1 snd_hda_codec_realtek bnep 24576 2 binfmt_misc 20480 1 arc4 16384 2 intel_rapl 24576 0 x86_pkg_temp_thermal 16384 0 intel_powerclamp 16384 0 uvcvideo 118784 0 kvm_intel 241664 0 videobuf2_vmalloc 16384 1 uvcvideo iwldvm 159744 0 videobuf2_memops 16384 1 videobuf2_vmalloc wmi_bmof 16384 0 mei_wdt 16384 0 nf_log_ipv6 16384 5 videobuf2_v4l2 28672 1 uvcvideo ip6t_REJECT 16384 1 btusb 53248 0 nf_reject_ipv6 16384 1 ip6t_REJECT kvm 729088 1 kvm_intel videobuf2_common 53248 2 videobuf2_v4l2,uvcvideo btrtl 16384 1 btusb mac80211 823296 1 iwldvm btbcm 16384 1 btusb btintel 24576 1 btusb videodev 212992 3 videobuf2_v4l2,uvcvideo,videobuf2_common bluetooth 643072 11 btrtl,btintel,btbcm,bnep,btusb xt_hl 16384 1 iwlwifi 241664 1 iwldvm irqbypass 16384 1 kvm drbg 28672 1 ip6_tables 32768 1 snd_hda_intel 45056 3 intel_cstate 16384 0 intel_uncore 135168 0 ansi_cprng 16384 0 ip6t_rt 16384 1 evdev 28672 14 joydev 24576 0 intel_rapl_perf 16384 0 pcspkr 16384 0 iTCO_wdt 16384 0 i915 1728512 4 ecdh_generic 24576 1 bluetooth media 45056 2 videodev,uvcvideo snd_hda_codec 151552 4 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec_realtek sg 36864 0 serio_raw 16384 0 snd_hda_core 94208 5 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec,snd_hda_codec_realtek iTCO_vendor_support 16384 1 iTCO_wdt cfg80211 765952 3 iwldvm,iwlwifi,mac80211 snd_hwdep 16384 1 snd_hda_codec snd_pcm_oss 61440 0 snd_mixer_oss 28672 1 snd_pcm_oss thinkpad_acpi 106496 1 snd_pcm 114688 5 snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec,snd_pcm_oss,snd_hda_core drm_kms_helper 204800 1 i915 snd_timer 36864 1 snd_pcm nf_log_ipv4 16384 5 nvram 16384 1 thinkpad_acpi nf_log_common 16384 2 nf_log_ipv4,nf_log_ipv6 ipt_REJECT 16384 1 nf_reject_ipv4 16384 1 ipt_REJECT drm 483328 5 drm_kms_helper,i915 snd 94208 17 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hwdep,snd_hda_intel,snd_hda_codec,snd_hda_codec_realtek,snd_timer,snd_pcm_oss,thinkpad_acpi,snd_pcm,snd_mixer_oss xt_LOG 16384 2 mei_me 45056 1 soundcore 16384 1 snd xt_multiport 16384 2 mei 118784 3 mei_wdt,mei_me i2c_algo_bit 16384 1 i915 tpm_tis 16384 0 rfkill 28672 8 bluetooth,thinkpad_acpi,cfg80211 tpm_tis_core 20480 1 tpm_tis tpm 65536 2 tpm_tis,tpm_tis_core battery 24576 1 thinkpad_acpi ac 16384 0 rng_core 16384 1 tpm nft_limit 16384 13 video 45056 2 thinkpad_acpi,i915 wmi 28672 1 wmi_bmof pcc_cpufreq 16384 0 button 16384 0 xt_limit 16384 0 xt_addrtype 16384 1 xt_tcpudp 16384 4 xt_conntrack 16384 1 nft_compat 20480 175 nft_counter 16384 224 squashfs 65536 6 jc42 16384 0 nf_conntrack_netbios_ns 16384 0 coretemp 16384 0 nf_conntrack_broadcast 16384 1 nf_conntrack_netbios_ns nf_nat_ftp 16384 0 nf_nat 36864 2 nf_nat_ftp,nf_nat_ipv4 loop 36864 12 nf_conntrack_ftp 20480 1 nf_nat_ftp parport_pc 32768 0 nf_conntrack 163840 8 xt_conntrack,nf_nat,nf_nat_ftp,ipt_MASQUERADE,nf_conntrack_netbios_ns,nf_nat_ipv4,nf_conntrack_broadcast,nf_conntrack_ftp nf_defrag_ipv6 20480 1 nf_conntrack nf_defrag_ipv4 16384 1 nf_conntrack ppdev 20480 0 nfsd 425984 13 nf_tables 143360 660 nft_chain_route_ipv4,nft_compat,nft_chain_nat_ipv4,nft_counter,nft_limit lp 20480 0 parport 57344 3 parport_pc,lp,ppdev nfnetlink 16384 2 nft_compat,nf_tables auth_rpcgss 73728 1 nfsd nfs_acl 16384 1 nfsd lockd 118784 1 nfsd grace 16384 2 nfsd,lockd sunrpc 425984 18 nfsd,auth_rpcgss,lockd,nfs_acl ip_tables 28672 1 x_tables 45056 15 xt_conntrack,nft_compat,xt_LOG,xt_multiport,xt_tcpudp,ipt_MASQUERADE,xt_addrtype,xt_CHECKSUM,ip6t_rt,ip6_tables,ipt_REJECT,ip_tables,xt_limit,xt_hl,ip6t_REJECT autofs4 49152 2 ext4 733184 1 crc16 16384 2 bluetooth,ext4 mbcache 16384 1 ext4 jbd2 122880 1 ext4 fscrypto 32768 1 ext4 ecb 16384 0 btrfs 1384448 0 zstd_decompress 81920 2 squashfs,btrfs zstd_compress 172032 1 btrfs xxhash 16384 2 zstd_compress,zstd_decompress algif_skcipher 16384 0 af_alg 28672 1 algif_skcipher dm_crypt 40960 1 dm_mod 155648 9 dm_crypt raid10 57344 0 raid456 176128 0 async_raid6_recov 20480 1 raid456 async_memcpy 16384 2 raid456,async_raid6_recov async_pq 16384 2 raid456,async_raid6_recov async_xor 16384 3 async_pq,raid456,async_raid6_recov async_tx 16384 5 async_pq,async_memcpy,async_xor,raid456,async_raid6_recov xor 24576 2 async_xor,btrfs raid6_pq 122880 4 async_pq,btrfs,raid456,async_raid6_recov libcrc32c 16384 5 nf_conntrack,nf_nat,btrfs,xfs,raid456 crc32c_generic 16384 0 raid1 45056 0 raid0 20480 0 multipath 16384 0 linear 16384 0 md_mod 167936 6 raid1,raid10,raid0,linear,raid456,multipath sd_mod 61440 4 uas 28672 0 usb_storage 73728 2 uas crct10dif_pclmul 16384 0 crc32_pclmul 16384 0 crc32c_intel 24576 3 ghash_clmulni_intel 16384 0 pcbc 16384 0 ahci 40960 1 libahci 40960 1 ahci aesni_intel 200704 6 libata 278528 2 libahci,ahci aes_x86_64 20480 1 aesni_intel crypto_simd 16384 1 aesni_intel cryptd 28672 4 crypto_simd,ghash_clmulni_intel,aesni_intel glue_helper 16384 1 aesni_intel psmouse 172032 0 scsi_mod 249856 5 sd_mod,usb_storage,uas,libata,sg sdhci_pci 45056 0 i2c_i801 28672 0 cqhci 28672 1 sdhci_pci xhci_pci 16384 0 lpc_ich 28672 0 sdhci 57344 1 sdhci_pci xhci_hcd 266240 1 xhci_pci ehci_pci 16384 0 ehci_hcd 94208 1 ehci_pci e1000e 282624 0 mmc_core 172032 3 sdhci,cqhci,sdhci_pci usbcore 290816 8 xhci_hcd,ehci_pci,usb_storage,uvcvideo,ehci_hcd,btusb,xhci_pci,uas usb_common 16384 1 usbcore thermal 20480 0 -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_CA.utf8, LC_CTYPE=en_CA.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_CA.utf8), LANGUAGE=en_CA.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_CA.utf8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages cryptsetup depends on: ii cryptsetup-initramfs 2:2.1.0-2 ii cryptsetup-run 2:2.1.0-2 cryptsetup recommends no packages. cryptsetup suggests no packages. -- debconf information: cryptsetup/prerm_active_mappings: true