[Bug 2031179] [NEW] systemd-cryptsetup-generator does not understand :timeout parameter used with "passdev"
ChrisH
2031179 at bugs.launchpad.net
Fri Aug 11 17:47:59 UTC 2023
Public bug reported:
I have the following line in my /etc/crypttab file (UUID & volume names
obfuscated):
sdxx_crypt UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /dev/disk/by-
label/XXXXXXX16GB:/desktop_Linux.key:5
luks,discard,noauto,keyscript=/lib/cryptsetup/scripts/passdev
This decrypts the LUKS volume containing my /, /home & swap partitions,
and is correctly handled by initramfs since my PC boots fine.
But since upgrading from kernel 5.19.0-50-generic to 6.2.0-26-generic,
I've noticed a 90 second booting delay, with the following messages
(extracted from the journal) visible during the delay:
Aug 11 07:24:58 xxxx systemd[1]: dev-disk-by\x2dlabel-XXXXXXX16GB:-desktop_Linux.key:5.device: Job dev-disk-by\x2dlabel-XXXXXXX16GB:-desktop_Linux.key:5.device/start timed out.
Aug 11 07:24:58 xxxx systemd[1]: Timed out waiting for device /dev/disk/by-label/XXXXXXX16GB:/desktop_Linux.key:5.
Aug 11 07:24:58 xxxx systemd[1]: Dependency failed for Cryptography Setup for sdxx_crypt.
Aug 11 07:24:58 xxxx systemd[1]: systemd-cryptsetup at sdxx_crypt.service: Job systemd-cryptsetup at sdxx_crypt.service/start failed with result 'dependency'.
Aug 11 07:24:58 xxxx systemd[1]: dev-disk-by\x2dlabel-XXXXXXX16GB:-desktop_Linux.key:5.device: Job dev-disk-by\x2dlabel-XXXXXXX16GB:-desktop_Linux.key:5.device/start failed with result 'timeout'.
Aug 11 07:24:58 xxxx systemd[1]: Reached target Block Device Preparation for /dev/mapper/sdxx_crypt.
Aug 11 07:24:58 xxxx systemd[1]: Reached target Local Encrypted Volumes.
It turns out that I also had these messages before the upgrade, but until now they weren't causing SystemD to wait for 90 seconds before continuing.
My bug report is NOT about SystemD's sudden 90 second delay (which may be reasonable), but rather the underlying problem pointed to by these messages.
I have been able to get rid these messages (and the 90 second delay) by
removing the optional ":5" timeout parameter after my keyfile path:
sdxx_crypt UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /dev/disk/by-
label/XXXXXXX16GB:/desktop_Linux.key
luks,discard,noauto,keyscript=/lib/cryptsetup/scripts/passdev
I believe this indicates that "systemd-cryptsetup-generator" doesn't understand the optional timeout parameter, even though it is legal & documented:
https://cryptsetup-team.pages.debian.net/cryptsetup/README.initramfs.html#the-passdev-keyscript
When the timeout parameter is present, I think it misinterprets the device:volume:timeout as just a device name. (If it is treating the second colon as if it was the first/only one then the fix may be trivially easy.)
Here is what the problematic mount file (/run/systemd/generator/systemd-cryptsetup at sdxx_crypt.service) generated by it looks like:
# Automatically generated by systemd-cryptsetup-generator
[Unit]
Description=Cryptography Setup for %I
Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup at .service(8)
SourcePath=/etc/crypttab
DefaultDependencies=no
IgnoreOnIsolate=true
After=cryptsetup-pre.target systemd-udevd-kernel.socket
Before=blockdev at dev-mapper-%i.target
Wants=blockdev at dev-mapper-%i.target
Conflicts=umount.target
Before=cryptsetup.target
After=dev-disk-by\x2dlabel-XXXXXXX16GB:-desktop_Linux.key:5.device
Requires=dev-disk-by\x2dlabel-XXXXXXX16GB:-desktop_Linux.key:5.device
BindsTo=dev-disk-by\x2duuid-xxxxxxxx\x2dxxxx\x2dxxxx\x2dxxxx\x2dxxxxxxxxxxxx.device
After=dev-disk-by\x2duuid-xxxxxxxx\x2dxxxx\x2dxxxx\x2dxxxx\x2dxxxxxxxxxxxx.device
Before=umount.target
[Service]
Type=oneshot
RemainAfterExit=yes
TimeoutSec=0
KeyringMode=shared
OOMScoreAdjust=500
ExecStart=/lib/systemd/systemd-cryptsetup attach 'sdxx_crypt' '/dev/disk/by-uuid/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' '/dev/disk/by-label/XXXXXXX16GB:/desktop_Linux.key:5' 'luks,discard,noauto,keyscript=/lib/cryptsetup/scripts/passdev'
ExecStop=/lib/systemd/systemd-cryptsetup detach 'sdxx_crypt'
And here is what the same file looks like after the :5 timeout has been removed:
# Automatically generated by systemd-cryptsetup-generator
[Unit]
Description=Cryptography Setup for %I
Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup at .service(8)
SourcePath=/etc/crypttab
DefaultDependencies=no
IgnoreOnIsolate=true
After=cryptsetup-pre.target systemd-udevd-kernel.socket
Before=blockdev at dev-mapper-%i.target
Wants=blockdev at dev-mapper-%i.target
Conflicts=umount.target
After=run-systemd-cryptsetup-keydev\x2dsdxx_crypt.mount
Requires=run-systemd-cryptsetup-keydev\x2dsdxx_crypt.mount
Wants=keydev-sdxx_crypt-umount.service
Before=keydev-sdxx_crypt-umount.service
Before=cryptsetup.target
BindsTo=dev-disk-by\x2duuid-xxxxxxxx\x2dxxxx\x2dxxxx\x2dxxxx\x2dxxxxxxxxxxxx.device
After=dev-disk-by\x2duuid-xxxxxxxx\x2dxxxx\x2dxxxx\x2dxxxx\x2dxxxxxxxxxxxx.device
Before=umount.target
[Service]
Type=oneshot
RemainAfterExit=yes
TimeoutSec=0
KeyringMode=shared
OOMScoreAdjust=500
ExecStart=/lib/systemd/systemd-cryptsetup attach 'sdxx_crypt' '/dev/disk/by-uuid/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' '/run/systemd/cryptsetup/keydev-sdxx_crypt/dev/disk/by-label/XXXXXXX16GB' 'luks,discard,noauto,keyscript=/lib/cryptsetup/scripts/passdev'
ExecStop=/lib/systemd/systemd-cryptsetup detach 'sdxx_crypt'
I am using Ubuntu 22.04.3 LTS.
~$ apt-cache policy systemd
systemd:
Installed: 249.11-0ubuntu3.9
Candidate: 249.11-0ubuntu3.9
Version table:
*** 249.11-0ubuntu3.9 500
500 http://gb.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
100 /var/lib/dpkg/status
249.11-0ubuntu3.7 500
500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
249.11-0ubuntu3 500
500 http://gb.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
** Affects: systemd (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2031179
Title:
systemd-cryptsetup-generator does not understand :timeout parameter
used with "passdev"
Status in systemd package in Ubuntu:
New
Bug description:
I have the following line in my /etc/crypttab file (UUID & volume
names obfuscated):
sdxx_crypt UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /dev/disk/by-
label/XXXXXXX16GB:/desktop_Linux.key:5
luks,discard,noauto,keyscript=/lib/cryptsetup/scripts/passdev
This decrypts the LUKS volume containing my /, /home & swap
partitions, and is correctly handled by initramfs since my PC boots
fine.
But since upgrading from kernel 5.19.0-50-generic to 6.2.0-26-generic,
I've noticed a 90 second booting delay, with the following messages
(extracted from the journal) visible during the delay:
Aug 11 07:24:58 xxxx systemd[1]: dev-disk-by\x2dlabel-XXXXXXX16GB:-desktop_Linux.key:5.device: Job dev-disk-by\x2dlabel-XXXXXXX16GB:-desktop_Linux.key:5.device/start timed out.
Aug 11 07:24:58 xxxx systemd[1]: Timed out waiting for device /dev/disk/by-label/XXXXXXX16GB:/desktop_Linux.key:5.
Aug 11 07:24:58 xxxx systemd[1]: Dependency failed for Cryptography Setup for sdxx_crypt.
Aug 11 07:24:58 xxxx systemd[1]: systemd-cryptsetup at sdxx_crypt.service: Job systemd-cryptsetup at sdxx_crypt.service/start failed with result 'dependency'.
Aug 11 07:24:58 xxxx systemd[1]: dev-disk-by\x2dlabel-XXXXXXX16GB:-desktop_Linux.key:5.device: Job dev-disk-by\x2dlabel-XXXXXXX16GB:-desktop_Linux.key:5.device/start failed with result 'timeout'.
Aug 11 07:24:58 xxxx systemd[1]: Reached target Block Device Preparation for /dev/mapper/sdxx_crypt.
Aug 11 07:24:58 xxxx systemd[1]: Reached target Local Encrypted Volumes.
It turns out that I also had these messages before the upgrade, but until now they weren't causing SystemD to wait for 90 seconds before continuing.
My bug report is NOT about SystemD's sudden 90 second delay (which may be reasonable), but rather the underlying problem pointed to by these messages.
I have been able to get rid these messages (and the 90 second delay)
by removing the optional ":5" timeout parameter after my keyfile path:
sdxx_crypt UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /dev/disk/by-
label/XXXXXXX16GB:/desktop_Linux.key
luks,discard,noauto,keyscript=/lib/cryptsetup/scripts/passdev
I believe this indicates that "systemd-cryptsetup-generator" doesn't understand the optional timeout parameter, even though it is legal & documented:
https://cryptsetup-team.pages.debian.net/cryptsetup/README.initramfs.html#the-passdev-keyscript
When the timeout parameter is present, I think it misinterprets the device:volume:timeout as just a device name. (If it is treating the second colon as if it was the first/only one then the fix may be trivially easy.)
Here is what the problematic mount file (/run/systemd/generator/systemd-cryptsetup at sdxx_crypt.service) generated by it looks like:
# Automatically generated by systemd-cryptsetup-generator
[Unit]
Description=Cryptography Setup for %I
Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup at .service(8)
SourcePath=/etc/crypttab
DefaultDependencies=no
IgnoreOnIsolate=true
After=cryptsetup-pre.target systemd-udevd-kernel.socket
Before=blockdev at dev-mapper-%i.target
Wants=blockdev at dev-mapper-%i.target
Conflicts=umount.target
Before=cryptsetup.target
After=dev-disk-by\x2dlabel-XXXXXXX16GB:-desktop_Linux.key:5.device
Requires=dev-disk-by\x2dlabel-XXXXXXX16GB:-desktop_Linux.key:5.device
BindsTo=dev-disk-by\x2duuid-xxxxxxxx\x2dxxxx\x2dxxxx\x2dxxxx\x2dxxxxxxxxxxxx.device
After=dev-disk-by\x2duuid-xxxxxxxx\x2dxxxx\x2dxxxx\x2dxxxx\x2dxxxxxxxxxxxx.device
Before=umount.target
[Service]
Type=oneshot
RemainAfterExit=yes
TimeoutSec=0
KeyringMode=shared
OOMScoreAdjust=500
ExecStart=/lib/systemd/systemd-cryptsetup attach 'sdxx_crypt' '/dev/disk/by-uuid/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' '/dev/disk/by-label/XXXXXXX16GB:/desktop_Linux.key:5' 'luks,discard,noauto,keyscript=/lib/cryptsetup/scripts/passdev'
ExecStop=/lib/systemd/systemd-cryptsetup detach 'sdxx_crypt'
And here is what the same file looks like after the :5 timeout has been removed:
# Automatically generated by systemd-cryptsetup-generator
[Unit]
Description=Cryptography Setup for %I
Documentation=man:crypttab(5) man:systemd-cryptsetup-generator(8) man:systemd-cryptsetup at .service(8)
SourcePath=/etc/crypttab
DefaultDependencies=no
IgnoreOnIsolate=true
After=cryptsetup-pre.target systemd-udevd-kernel.socket
Before=blockdev at dev-mapper-%i.target
Wants=blockdev at dev-mapper-%i.target
Conflicts=umount.target
After=run-systemd-cryptsetup-keydev\x2dsdxx_crypt.mount
Requires=run-systemd-cryptsetup-keydev\x2dsdxx_crypt.mount
Wants=keydev-sdxx_crypt-umount.service
Before=keydev-sdxx_crypt-umount.service
Before=cryptsetup.target
BindsTo=dev-disk-by\x2duuid-xxxxxxxx\x2dxxxx\x2dxxxx\x2dxxxx\x2dxxxxxxxxxxxx.device
After=dev-disk-by\x2duuid-xxxxxxxx\x2dxxxx\x2dxxxx\x2dxxxx\x2dxxxxxxxxxxxx.device
Before=umount.target
[Service]
Type=oneshot
RemainAfterExit=yes
TimeoutSec=0
KeyringMode=shared
OOMScoreAdjust=500
ExecStart=/lib/systemd/systemd-cryptsetup attach 'sdxx_crypt' '/dev/disk/by-uuid/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' '/run/systemd/cryptsetup/keydev-sdxx_crypt/dev/disk/by-label/XXXXXXX16GB' 'luks,discard,noauto,keyscript=/lib/cryptsetup/scripts/passdev'
ExecStop=/lib/systemd/systemd-cryptsetup detach 'sdxx_crypt'
I am using Ubuntu 22.04.3 LTS.
~$ apt-cache policy systemd
systemd:
Installed: 249.11-0ubuntu3.9
Candidate: 249.11-0ubuntu3.9
Version table:
*** 249.11-0ubuntu3.9 500
500 http://gb.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
100 /var/lib/dpkg/status
249.11-0ubuntu3.7 500
500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
249.11-0ubuntu3 500
500 http://gb.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2031179/+subscriptions
More information about the foundations-bugs
mailing list