Bug#389456: p-a-c: Fails to configure encrypted volumes
On Tue, September 26, 2006 3:44, Frans Pop said: Although the log does not show which udebs were actually installed, after the failure /var/lib/dpkg shows the following packages installed (probably newly installed as they are at the bottom of the file): - cdebconf-newt-entropy - crypto-modules-$kvers - cryptsetup-udeb - dmsetup-udeb - libpopt0-udeb - partman-crypto-dm So it looks to me like dependencies were correctly pulled in? (libdevmapper1.02-udeb was of course already installed) Hmmm...random idea of the day (which I can't test right now): Using a crypto means that device-mapper calls crypto_alloc_tfm -- crypto_alg_mod_lookup -- try_then_request_module -- request_module, which does a modprobe of a module with the same name as the crypto. Perhaps depmod -ae needs to be executed after the crypto-modules-$kvers module has been downloaded and unpacked? -- David Härdeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#389456: p-a-c: Fails to configure encrypted volumes
On Tuesday 26 September 2006 09:37, David Härdeman wrote: Perhaps depmod -ae needs to be executed after the crypto-modules-$kvers module has been downloaded and unpacked? Yes, depmod definitely needs to be called after new modules are loaded. (AFAIK depmod -a should be enough.) Grep on depmod in hw-detect for examples. Also, if loading modules can result in new devices, update-dev (from di-utils) needs to be called. Again, grep in hwdetect for examples. pgpV9fp0XcIFN.pgp Description: PGP signature
Bug#389456: p-a-c: Fails to configure encrypted volumes
On Tuesday 26 September 2006 09:51, Frans Pop wrote: On Tuesday 26 September 2006 09:37, David Härdeman wrote: Perhaps depmod -ae needs to be executed after the crypto-modules-$kvers module has been downloaded and unpacked? Yes, depmod definitely needs to be called after new modules are loaded. (AFAIK depmod -a should be enough.) Grep on depmod in hw-detect for examples. Also, if loading modules can result in new devices, update-dev (from di-utils) needs to be called. Again, grep in hwdetect for examples. Adding a 'depmod -a' does fix the problem. Note that there is this issue too. As I've said earlier in this BR, anna-install will likely not return an error if not all dependencies can be met (my logs attached earlier confirm this), so this needs to be checked in a different way. pgpBWBlNFZXw7.pgp Description: PGP signature
Bug#389456: p-a-c: Fails to configure encrypted volumes
On Tue, Sep 26, 2006 at 01:02:02PM +0200, Frans Pop wrote: On Tuesday 26 September 2006 09:51, Frans Pop wrote: Also, if loading modules can result in new devices, update-dev (from di-utils) needs to be called. Again, grep in hwdetect for examples. Adding a 'depmod -a' does fix the problem. Ok, I've fixed this in p-a-c. update-dev is not necessary since the crypto modules create no devices. Note that there is this issue too. As I've said earlier in this BR, anna-install will likely not return an error if not all dependencies can be met (my logs attached earlier confirm this), so this needs to be checked in a different way. The on-demand-loaded packages are (from your previous mail): - cdebconf-newt-entropy - crypto-modules-$kvers - cryptsetup-udeb - dmsetup-udeb - libpopt0-udeb - partman-crypto-dm cryptsetup and dmsetup are checked in crypto_check_required_tools partman-crypto-dm is the argument to anna-install and I'd assume that anna-install returns an error if the primary target is not downloaded correctly crypto-modules-$kvers is checked in crypto_load_modules crypto_load_modules and crypto_check_required_tools are called from crypto_prepare_method which is called from p-a-c and partman-crypto where appropriate This leaves libpopt0 and cdebconf-newt-entropy I've committed a preliminary test for the presence of those two libs to crypto_check_required_tools. (the above mentioned crypto_* methods are all in crypto_tools.sh from partman-crypto) -- David Härdeman
Bug#389456: p-a-c: Fails to configure encrypted volumes
Hey again, On Tue, Sep 26, 2006 at 06:37:59PM +0200, David Härdeman wrote: This leaves libpopt0 and cdebconf-newt-entropy I've committed a preliminary test for the presence of those two libs to crypto_check_required_tools. case $1 in dm-crypt) - tools=/bin/blockdev-keygen /sbin/dmsetup /sbin/cryptsetup + tools=$tools /sbin/dmsetup /sbin/cryptsetup /lib/libpopt.so.0 This won't work, I think? We test for [ -x $tool ] further down in crypto_check_required_tools(). I think we'd need to change the test to [ -e .. ] or test separately for libs. Somehow I feel we should find a better way to test for required libraries though. Perhaps changing the error reporting in anna-install so that we could tell if a dependency couldn't be loaded? cheers, Max
Bug#389456: p-a-c: Fails to configure encrypted volumes
Hey David, Thanks for adding the checks. On Tue, Sep 26, 2006 at 06:37:59PM +0200, David Härdeman wrote: This leaves libpopt0 and cdebconf-newt-entropy cdebconf-newt-entropy is already taken care of through db_capb; blockdev-keygen will return an error dialog if it needs but cannot find the plugin-entropy-text capability. cheers, Max
Bug#389456: p-a-c: Fails to configure encrypted volumes
On Tue, Sep 26, 2006 at 07:36:10PM +0200, Max Vozeler wrote: - tools=/bin/blockdev-keygen /sbin/dmsetup /sbin/cryptsetup + tools=$tools /sbin/dmsetup /sbin/cryptsetup /lib/libpopt.so.0 This won't work, I think? We test for [ -x $tool ] further down in crypto_check_required_tools(). I think we'd need to change the test to [ -e .. ] or test separately for libs. Somehow I feel we should find a better way to test for required libraries though. Perhaps changing the error reporting in anna-install so that we could tell if a dependency couldn't be loaded? Oh, right...I've changed the test to [ -e ] for now and we can always do this in a different way if/when anna-install allows for dependency download error checking. -- David Härdeman
Bug#389456: p-a-c: Fails to configure encrypted volumes
Package: partman-auto-crypto Version: 1 Severity: serious Doing a basic install in vmware (i386), I selected p-a-c, confirmed that I wanted to use block device encryption, selected separate /home scheme, and was then presented with a dialog Configuration of encrypted volumes failed. Re that dialog: I'd suggest to ad a text to check VT4/syslog for details (please use existing text as used in other dialogs so it does not need additional translation). /var/log/syslog shows: kernel: device-mapper: crypt: Error allocating crypto tfm kernel: device-mapper: error adding target to table kernel: device-mapper: device doesn't appear to be in the dev hash table. partman-crypto: Command failed: device-mapper: reload ioctl failed: Invalid argument P.S. I feel that offering p-a-c with the Really use block device encryption dialog still enabled is kind of contradictory... pgpu5UPcbZd7J.pgp Description: PGP signature
Bug#389456: p-a-c: Fails to configure encrypted volumes
On Mon, Sep 25, 2006 at 09:53:31PM +0200, Frans Pop wrote: /var/log/syslog shows: kernel: device-mapper: crypt: Error allocating crypto tfm kernel: device-mapper: error adding target to table kernel: device-mapper: device doesn't appear to be in the dev hash table. partman-crypto: Command failed: device-mapper: reload ioctl failed: Invalid argument I think I've seen this kind of error before, IIRC with a manual d-i build that what missing the required kernel modules. This could indicate that our new delayed package loading is not working as expected now that the priorities have really changed. P.S. I feel that offering p-a-c with the Really use block device encryption dialog still enabled is kind of contradictory... Agreed. This will need to be done in partman-crypto. Another thing for me to look into tomorrow. :-) cheers, Max -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#389456: p-a-c: Fails to configure encrypted volumes
On Mon, Sep 25, 2006 at 11:25:53PM +0200, Max Vozeler wrote: On Mon, Sep 25, 2006 at 09:53:31PM +0200, Frans Pop wrote: /var/log/syslog shows: kernel: device-mapper: crypt: Error allocating crypto tfm kernel: device-mapper: error adding target to table kernel: device-mapper: device doesn't appear to be in the dev hash table. partman-crypto: Command failed: device-mapper: reload ioctl failed: Invalid argument I think I've seen this kind of error before, IIRC with a manual d-i build that what missing the required kernel modules. This could indicate that our new delayed package loading is not working as expected now that the priorities have really changed. Agreed...the problem is probably with the on-demand loading of modules and not with p-a-c. It's weird though, partman-crypto-dm does rely on the virtual crypto-modules package... Did the syslog have any failure messages wrt. udeb download before the device-mapper errors? -- David Härdeman
Bug#389456: p-a-c: Fails to configure encrypted volumes
On Tuesday 26 September 2006 02:04, David Härdeman wrote: Agreed...the problem is probably with the on-demand loading of modules and not with p-a-c. It's weird though, partman-crypto-dm does rely on the virtual crypto-modules package... Did the syslog have any failure messages wrt. udeb download before the device-mapper errors? The problem may be that udpkg actually ignores missing dependencies. It only prints a warning in the syslog, but does not throw an error. So you need to check for the presence of components in a different way. Here's the full log from the start of partman. There are some strange anna lines in there, related to loading the components, but I've no idea exactly how. (The anna-install line was hacked in by me; I've committed a patch in SVN to make anna-install a bit more verbose by default.) The lines from anna look fairly safe to ignore though as they are all basic udebs that are present anyway. Although the log does not show which udebs were actually installed, after the failure /var/lib/dpkg shows the following packages installed (probably newly installed as they are at the bottom of the file): - cdebconf-newt-entropy - crypto-modules-$kvers - cryptsetup-udeb - dmsetup-udeb - libpopt0-udeb - partman-crypto-dm So it looks to me like dependencies were correctly pulled in? (libdevmapper1.02-udeb was of course already installed) Sep 26 03:07:50 main-menu[1965]: INFO: Menu item 'partman-base' selected Sep 26 03:07:53 kernel: JFS: nTxBlock = 2009, nTxLock = 16072 Sep 26 03:07:54 kernel: SGI XFS with ACLs, security attributes, realtime, large block numbers, no debug enabled Sep 26 03:07:54 kernel: SGI XFS Quota Management subsystem Sep 26 03:07:54 kernel: program parted_devices is using a deprecated SCSI ioctl, please convert it to SG_IO Sep 26 03:07:54 kernel: end_request: I/O error, dev fd0, sector 0 Sep 26 03:07:54 kernel: end_request: I/O error, dev fd0, sector 0 Sep 26 03:07:54 kernel: program parted_server is using a deprecated SCSI ioctl, please convert it to SG_IO Sep 26 03:07:54 partman: PV /dev/sda5 VG Debian lvm2 [4.75 GB / 0free] Sep 26 03:07:54 partman: Total: 1 [4.75 GB] / in use: 1 [4.75 GB] / in no VG: 0 [0 ] Sep 26 03:07:54 partman: Reading all physical volumes. This may take a while... Sep 26 03:07:54 partman: Found volume group Debian using metadata type lvm2 Sep 26 03:08:04 kernel: device-mapper: 4.6.0-ioctl (2006-02-17) initialised: [EMAIL PROTECTED] Sep 26 03:08:07 net/hw-detect.hotplug: Detected hotpluggable network interface eth0 Sep 26 03:08:07 udevd-event[14866]: run_program: exec of program '/lib/udev/net.agent' failed Sep 26 03:08:07 net/hw-detect.hotplug: Detected hotpluggable network interface lo Sep 26 03:08:07 udevd-event[14872]: run_program: exec of program '/lib/udev/net.agent' failed Sep 26 03:08:18 partman-lvm: Logical volume home successfully removed Sep 26 03:08:18 partman-lvm: Logical volume root successfully removed Sep 26 03:08:18 partman-lvm: Logical volume swap_1 successfully removed Sep 26 03:08:18 partman-lvm: 0 logical volume(s) in volume group Debian now active Sep 26 03:08:18 partman-lvm: Volume group Debian successfully removed Sep 26 03:08:18 partman-lvm: Labels on physical volume /dev/sda5 successfully wiped Sep 26 03:08:20 kernel: program parted_devices is using a deprecated SCSI ioctl, please convert it to SG_IO Sep 26 03:08:20 kernel: end_request: I/O error, dev fd0, sector 0 Sep 26 03:08:20 kernel: end_request: I/O error, dev fd0, sector 0 Sep 26 03:08:20 kernel: program parted_server is using a deprecated SCSI ioctl, please convert it to SG_IO Sep 26 03:08:20 partman: No matching physical volumes found Sep 26 03:08:20 partman: Reading all physical volumes. This may take a while... Sep 26 03:08:20 partman: No volume groups found Sep 26 03:08:23 kernel: program parted_server is using a deprecated SCSI ioctl, please convert it to SG_IO Sep 26 03:08:28 anna-install: Installing partman-crypto-dm Sep 26 03:08:28 anna[17168]: DEBUG: resolver (cdebconf-udeb): package doesn't exist (ignored) Sep 26 03:08:28 anna[17168]: DEBUG: resolver (ext2-modules): package doesn't exist (ignored) Sep 26 03:08:28 anna[17168]: DEBUG: resolver (kernel-image-2.6.17-2-486-di): package doesn't exist (ignored) Sep 26 03:08:28 anna[17168]: DEBUG: resolver (hw-detect): package doesn't exist (ignored) Sep 26 03:08:28 anna[17168]: DEBUG: resolver (cdebconf-newt-udeb): package doesn't exist (ignored) Sep 26 03:08:28 anna[17168]: DEBUG: resolver (libnewt0.52): package doesn't exist (ignored) Sep 26 03:08:35 net/hw-detect.hotplug: Detected hotpluggable network interface lo Sep 26 03:08:35 udevd-event[18125]: run_program: exec of program '/lib/udev/net.agent' failed Sep 26 03:08:36 net/hw-detect.hotplug: Detected hotpluggable network interface eth0 Sep 26 03:08:36 udevd-event[18138]: run_program: exec of program '/lib/udev/net.agent' failed Sep 26 03:08:41 kernel: device-mapper: crypt: Error