Snappy

/var/lib/opencryptoki needs to be in /etc/system-image/writable-paths

Bug #1500020 reported by Oliver Grawert
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Snappy
Fix Released
Undecided
Unassigned
ubuntu-core-config (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

during boot the opencryptoki service fails to start:

(RaspberryPi2)ubuntu@localhost:~$ sudo systemctl status opencryptoki.service
● opencryptoki.service - LSB: starts pkcsslotd
   Loaded: loaded (/etc/init.d/opencryptoki)
   Active: failed (Result: exit-code) since Fri 2015-09-25 20:52:02 UTC; 16h ago
     Docs: man:systemd-sysv-generator(8)
  Process: 646 ExecStart=/etc/init.d/opencryptoki start (code=exited, status=1/FAILURE)

Sep 25 20:52:02 localhost.localdomain opencryptoki[646]: chgrp: cannot access ‘/var/lib/opencryptoki/swtok/TOK_OBJ’: No such file or directory
Sep 25 20:52:02 localhost.localdomain opencryptoki[646]: /usr/sbin/pkcs_slot: line 496: /var/lib/opencryptoki/pk_config_data: Read-only file system
Sep 25 20:52:02 localhost.localdomain opencryptoki[646]: chmod: changing permissions of ‘.’: Read-only file system
Sep 25 20:52:02 localhost.localdomain opencryptoki[646]: Cannot open file /var/lib/opencryptoki/pk_config_data
Sep 25 20:52:02 localhost.localdomain opencryptoki[646]: Please run /usr/sbin/pkcs11_startup
Sep 25 20:52:02 localhost.localdomain opencryptoki[646]: ERROR pkcsslotd[689.1996083200]: Failed to read slot database.
Sep 25 20:52:02 localhost.localdomain systemd[1]: opencryptoki.service: control process exited, code=exited status=1
Sep 25 20:52:02 localhost.localdomain systemd[1]: Failed to start LSB: starts pkcsslotd.
Sep 25 20:52:02 localhost.localdomain systemd[1]: Unit opencryptoki.service entered failed state.
Sep 25 20:52:02 localhost.localdomain systemd[1]: opencryptoki.service failed.
(RaspberryPi2)ubuntu@localhost:~$

adding /var/lib/opencryptok to /etc/system-image/writable-paths like:

/var/lib/opencryptoki auto persistent transition none

makes /usr/sbin/pkcsslotd start properly ...

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-core-config - 0.6.29

---------------
ubuntu-core-config (0.6.29) wily; urgency=medium

  * fix /etc/NetworkManager/connections entry in
    /etc/system-image/writable-paths (unwanted line wrap)
  * add /var/lib/opencryptok to writable-paths to make sure pkcsslotd can
    start properly (LP: #1500020)
  * add /etc/ppp, /etc/watchdog.conf, /etc/default/watchdog and /var/lib/tpm
    to writable-paths for seeding tpm-tools and ppp (to get in sync with
    stable)

 -- Oliver Grawert <email address hidden> Wed, 30 Sep 2015 11:37:14 +0200

Changed in ubuntu-core-config (Ubuntu):
status: New → Fix Released
Revision history for this message
Leo Arias (elopio) wrote :

Hey ogra, on my rpi I don't have the service:

ubuntu@localhost:~$ sudo systemctl status opencryptoki.service
● opencryptoki.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

how can I reproduce this?
thanks!

Changed in snappy:
status: New → Incomplete
Michael Vogt (mvo)
Changed in snappy:
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.