upstart hangs while starting cryptdisks

Hi,
since the startup scripts for mountall and cryptsetup are under heavy development, the proposed solution does not work anymore. A better solution for the first part is to create an additional init script (eg. cryptdisks-early.conf). The second part (timing problem) seems more related to mountall.
Thanks,
Christoph

Please set the importance of this bug to wishlist.

Hi,
with my account I can't select 'wishlist', so I changed the status to 'fix released'.

The good news, now I know what happens and there is some fix for the timing problem. If I get it correct, this occurs because there is a dirty trick in libdevmapper. It seems, that in the first step /dev/dm-1 is created ant then moved to /dev/mapper/yourcryptdevicename. If you use UUID=xyz in your /etc/fstab, mountall sees UUID=XYZ connected to /dev/dm-1 and tries to fsck /dev/dm-1. Now fsck returns an error because /dev/dm-1 doesen't exist anymore.

The (dirty) fix is to use /dev/mapper/yourcryptdevicename instead of UUID=xyz in your /etc/fstab.

For the part with the two steps ('early' and 'init') I prefer actually my own script in /usr/share/initramfs-tools/scripts/local-bottom/<_usbkey>. Since this is part of the initrd.img it has some advantages (dont forget to recreate your initrd.img, after creating or changing this file). My script looks like:

#!/bin/sh

set -e

# Hook for mounting encrypted usb stic, change usbdev in ... and USBKEY to reflect your environment

for ask_passphrase in first second third last ; do

 for in usb-0000_Removable_Drive_20112824060840760045-0:0-part5 \
                usb-0000_Removable_Drive_20031424060835920030-0:0-part5 ; do

 if [ -L /dev/disk/by-id/$usbdev ]; then
  if [ -r /dev/mapper/USBKEY ]; then
   /sbin/blkid /dev/mapper/USBKEY && exit 0
   cryptsetup remove USBKEY
   echo "wrong passphrase $ask_passphrase try"
  fi
  cryptsetup create USBKEY /dev/disk/by-id/$usbdev --readonly --tries 1
  sleep 0.2
 fi

 done
done

This bug was fixed in the package cryptsetup - 2:1.1.0~rc2-1ubuntu5

---------------
cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low

  * Rename the upstart job introduced in the previous upload to
    cryptdisks-udev and restore the previous version of the job as
    cryptdisks-enable, to run at the end of udev coldplugging as before;
    this isn't entirely race-free, but should nevertheless give us the
    two passes needed to cover devices that are decrypted using keys stored
    on other encrypted disks. LP: #443980.
 -- Steve Langasek <email address hidden> Wed, 16 Dec 2009 06:41:30 +0000

Accepted cryptsetup into karmic-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

I have changed to lucid, so I have tested there (Version 2:1.1.0~rc2-1ubuntu8).
For me this Fix did not work. I see the request 'Enter Passphrase' but the console is not overtaken by cryptsetup, so I can't type my passphrase. This might be, because my external device (the device where I store all Keys for the remaining devices) has no special ID, but I don't get the meaning of 'start on block-device-added ID_FS_USAGE=crypto' in your script /etc/init/cryptdisks-udev.conf. Is it necessary to set /dev/disk/by-id/here_is_my_partition_with_the_remaining_keys to /dev/disk/by-id/crypto via e2label?
Thanks, Christoph

Christoph,

If the passphrase prompt is not responsive to your keypresses, you're seeing a separate bug - bug #434232, which will be fully fixed once plymouth is installed by default in lucid.

ID_FS_USAGE has nothing to do with disk labels.

This bug was fixed in the package cryptsetup - 2:1.0.6+20090405.svn49-1ubuntu7.2

---------------
cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7.2) karmic-proposed; urgency=low

  * Depend on watershed.
  * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for
    changing the permissions of the filesystem root, not directly on /tmp,
    since mounting on /tmp a) is racy, b) confuses mountall something fierce.
    LP: #475936.

cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7.1) karmic-proposed; urgency=low

  * debian/cryptdisks.functions:
    - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
      we only ever have one of these running at a time; otherwise multiple
      invocations could steal each other's input and/or write over each
      other's output
    - new function, crypttab_start_one_disk, to look for the named source
      device in /etc/crypttab (by device name, UUID, or label) and start it
      if configured to do so
  * debian/cryptdisks-udev.upstart: new, additional upstart job run once for
    each block device, using the new crypttab_start_one_disk function,
    triggered by udev; this doesn't eliminate the possibility of a race with
    gdm when the decrypted volume isn't a 'bootwait' mount point (since gdm
    kills usplash), but it does eliminate the race between udev and
    cryptsetup. LP: #454898.
    The other cryptdisks-enable job is still needed as well, to give us the
    second pass needed to cover devices that are decrypted using keys stored
    on other encrypted disks. LP: #443980.
  * debian/cryptdisk.functions: initially create the device under a temporary
    name and rename it only at the end using 'dmsetup rename', to ensure that
    upstart/mountall doesn't see our device before it's ready to go.
    LP: #475936.
  * Make the 'start' action of the init script a no-op, this should be
    handled entirely by the upstart job now; ad remove any symlinks from
    /etc/rcS.d on upgrade. LP: #473615.
 -- Steve Langasek <email address hidden> Tue, 22 Dec 2009 23:29:32 +0000