subject:"Bug#926689\: cryptsetup\-initramfs\: config lines in grub.cfg for cryptodisk\/luks and other modules missing"

Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing

2023-03-04 Thread Ben Hutchings

This appears to be the same as #1028301, for which I've attached
upstream patchs.

Ben.

-- 
Ben Hutchings
The two most common things in the universe are hydrogen and stupidity.


signature.asc
Description: This is a digitally signed message part

Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing

2022-04-03 Thread Kyle Rose

Package: grub-common
Version: 2.06-2
Followup-For: Bug #926689

Dear Maintainer,

I want to second OP's report, and add a related issue.

I have run into two problems with grub 2.06-2:

* LUKS2 metadata support is not compiled in. This is a simple fix,
  simply requiring that luks2 be added to GRUB_MODULES in
  debian/build-efi-images.

* grub-install installs the modular EFI image into the EFI system
  partition. This image lacks the modules required for
  GRUB_ENABLE_CRYPTODISK=y support to work, so the user is dumped into
  the rescue shell. Whatever logic that previously resulted in the
  monolithic image being installed is broken.

-- Package-specific info:

*** BEGIN /proc/mounts
/dev/mapper/nausicaamain-root / ext4 rw,relatime,errors=remount-ro 0 0
/dev/nvme0n1p2 /boot/efi vfat 
rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro
 0 0
/dev/mapper/nausicaamain-home /home ext4 rw,relatime 0 0
/dev/mapper/nausicaawork /work ext4 rw,relatime,stripe=256 0 0
/dev/mapper/nausicaawork /home/krose/work ext4 rw,relatime,stripe=256 0 0
*** END /proc/mounts

*** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  set have_grubenv=true
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
  fi
}
function load_video {
  if [ x$feature_all_video_module = xy ]; then
insmod all_video
  else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
  fi
}

terminal_input console
terminal_output console
if [ "${recordfail}" = 1 ] ; then
  set timeout=30
else
  if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
  # Fallback normal timeout code in case the timeout_style feature is
  # unavailable.
  else
set timeout=5
  fi
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/05_debian_theme ###
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
### END /etc/grub.d/05_debian_theme ###

### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu 
--class os $menuentry_id_option 
'gnulinux-simple-5ff05376-4105-4d5a-9d08-3c19a187bf5f' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod lvm
insmod ext2
set 
root='lvmid/CHS1Km-Ej3O-BzCE-jjRr-FTAW-z7Z1-fxfjQO/OLHIBB-fUee-zo0b-AJY9-fxrl-1qT1-H9TOZU'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root 
--hint='lvmid/CHS1Km-Ej3O-BzCE-jjRr-FTAW-z7Z1-fxfjQO/OLHIBB-fUee-zo0b-AJY9-fxrl-1qT1-H9TOZU'
  5ff05376-4105-4d5a-9d08-3c19a187bf5f
else
  search --no-floppy --fs-uuid --set=root 
5ff05376-4105-4d5a-9d08-3c19a187bf5f
fi
echo'Loading Linux 5.16.0-5-amd64 ...'
linux   /boot/vmlinuz-5.16.0-5-amd64 root=/dev/mapper/nausicaamain-root 
ro  cryptdevice=UUID=5bc07e8a-6a75-4d68-925b-8c107abf2ed0:lvm mitigations=off 
ip=192.168.32.7::192.168.32.1:255.255.255.0::enp6s0:off noirqdebug 
add_efi_memmap
echo'Loading initial ramdisk ...'
initrd  /boot/initrd.img-5.16.0-5-amd64
}
submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option 
'gnulinux-advanced-5ff05376-4105-4d5a-9d08-3c19a187bf5f' {
menuentry 'Debian GNU/Linux, with Linux 5.16.0-5-amd64' --class debian 
--class gnu-linux --class gnu --class os $menuentry_id_option 
'gnulinux-5.16.0-5-amd64-advanced-5ff05376-4105-4d5a-9d08-3c19a187bf5f' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; 
fi
insmod lvm
insmod ext2
set 
root='lvmid/CHS1Km-Ej3O-BzCE-jjRr-FTAW-z7Z1-fxfjQO/OLHIBB-fUee-zo0b-AJY9-fxrl-1qT1-H9TOZU'
if [ x$feature_platform_search_hint = xy ]; then
  search --no-floppy --fs-uuid --set=root 
--hint='lvmid/CHS1Km-Ej3O-BzCE-jjRr-FTAW-z7Z1-fxfjQO/OLHIBB-fUee-zo0b-AJY9-fxrl-1qT1-H9TOZU'
  5ff05376-4105-4d5a-9d08-3c19a187bf5f

Bug#926689: [pkg-cryptsetup-devel] Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing

2019-04-08 Thread Guilhem Moulin

Control: reassign -1 grub2-common
Control: merge-1 924151

Hi,

On Mon, 08 Apr 2019 at 20:19:47 -0400, Gabriel Filion wrote:
> Package: cryptsetup
> Version: 2:2.1.0-2
> […]
> I found out that some configuration lines are missing in all options that get
> generated inside grub.cfg.
> 
> Here's a diff between the grub configuration that was generated while in 
> rescue
> mode (in a chroot inside the device that gets used for / ) vs. generated while
> the system is running:
> 
> -8<8<8<---
> $ diff -burN ~/grub.cfg /boot/grub/grub.cfg
> --- /home/gabster/grub.cfg2019-04-08 19:20:24.000726392 -0400
> +++ /boot/grub/grub.cfg   2019-04-08 19:37:00.360714287 -0400

/boot/grub/grub.cfg is not generated by src:cryptsetup.  Reassigning
accordingly, and merging with #924151.

Cheers,
-- 
Guilhem.


signature.asc
Description: PGP signature

Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing

2019-04-08 Thread Gabriel Filion

Package: cryptsetup
Version: 2:2.1.0-2
Severity: grave
Justification: renders package unusable

Hello,

I've rebooted my computer this morning and the password prompt to unlock the
crypto device would not appear before grub would search for the lvm device
inside.
This means that the system was not booting and I was getting dropped in the grub
rescue prompt.

The only way that I could bring the system back was by using the "Rescue mode"
with the debian stretch installer.

I have all files, including /boot, in one partition, and I use grub to unlock
the crypto in order for it to find kernel and boot options.
If this seems like a case that wouldn't affect most users, please don't hesitate
to demote the severity.

I found out that some configuration lines are missing in all options that get
generated inside grub.cfg.

Here's a diff between the grub configuration that was generated while in rescue
mode (in a chroot inside the device that gets used for / ) vs. generated while
the system is running:

-8<8<8<---
$ diff -burN ~/grub.cfg /boot/grub/grub.cfg
--- /home/gabster/grub.cfg  2019-04-08 19:20:24.000726392 -0400
+++ /boot/grub/grub.cfg 2019-04-08 19:37:00.360714287 -0400
@@ -58,15 +58,8 @@
 if [ x$feature_default_font_path = xy ] ; then
font=unicode
 else
-insmod part_msdos
-insmod cryptodisk
-insmod luks
-insmod gcry_rijndael
-insmod gcry_rijndael
-insmod gcry_sha256
 insmod lvm
 insmod ext2
-cryptomount -u f100e85eb832489a9e97f1a9661a0c45
 set 
root='lvmid/RfBQnU-gtRN-m55o-zwRA-L433-esRb-UpOa0w/lEtX5E-aBNo-0ngD-TwvX-3qrY-OxNF-DaG8T4'
 if [ x$feature_platform_search_hint = xy ]; then
   search --no-floppy --fs-uuid --set=root 
--hint='lvmid/RfBQnU-gtRN-m55o-zwRA-L433-esRb-UpOa0w/lEtX5E-aBNo-0ngD-TwvX-3qrY-OxNF-DaG8T4'
  f8c6cb03-667e-46fc-b531-eb30a2558d74
@@ -81,7 +74,7 @@
   load_video
   insmod gfxterm
   set locale_dir=$prefix/locale
-  set lang=C
+  set lang=en_CA
   insmod gettext
 fi
 terminal_output gfxterm
->8>8>8---

(I've abbreviated the diff since all the rest is just repetition of missing
"insmod" and "cryptomount" lines for all options.

for some reason those lines are not added when running the system after
decrypting the disk properly, but they are present when the grub.conf file is
generated in the chroot in rescue mode. since the same versions of software are
used in both cases, I can only presume that something is different in the mounts
currently available, or some other kernel setting that might differ..


Heres a listing of mounts (which are mostly things that come from the kernel --
you can also see the debian stretch usb key that saved me :P )

-8<8<8<---
$ mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs 
(rw,nosuid,relatime,size=8053524k,nr_inodes=2013381,mode=755)
devpts on /dev/pts type devpts 
(rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=1614472k,mode=755)
/dev/mapper/host-root on / type ext4 (rw,relatime,errors=remount-ro,stripe=8191)
securityfs on /sys/kernel/security type securityfs 
(rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup2 on /sys/fs/cgroup/unified type cgroup2 
(rw,nosuid,nodev,noexec,relatime,nsdelegate)
cgroup on /sys/fs/cgroup/systemd type cgroup 
(rw,nosuid,nodev,noexec,relatime,xattr,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup 
(rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/memory type cgroup 
(rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/freezer type cgroup 
(rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/cpuset type cgroup 
(rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup 
(rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,rdma)
cgroup on /sys/fs/cgroup/devices type cgroup 
(rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/perf_event type cgroup 
(rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/blkio type cgroup 
(rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,pids)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs 
(rw,relatime,fd=25,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=12208)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)

Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing

Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing

Bug#926689: [pkg-cryptsetup-devel] Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing

Bug#926689: cryptsetup-initramfs: config lines in grub.cfg for cryptodisk/luks and other modules missing

4 matches

Site Navigation

Mail list logo

Footer information