Bug 730496

I have the same problem with the i586 version (full installation DVD)

I found a work-around, though I am not yet sure how to optimize it.

1) In /etc/sysconfig/kernel, add to INITRD_MODULES (... standing for the modules already in this list):
INITRD_MODULES="... dm_mod dm_crypt aes sha256 sha1"

2) If swap is encrypted, change the grub entry (/boot/grub/menu.lst):
kernel ... resume=/dev/disk/by-id/... ...
becomes
kernel ... luks="cr_swap" resume=/dev/mapper/cr_swap luks_cr_swap=/dev/disk/by-id/... ...

The option luks is a space separated list, so if you have more encrypted partitions, they can be added here, each necessitating the appropriate luks_<partition-name> option aswell.

3) re-create initrd:
mkinitrd_setup
mkinitrd -f "dm luks usb"

I am asked twice for the swap password this way, but at least I am asked at all!

Follow-up to my work-around. I forgot another part to change under 2)

In /etc/sysconfig/bootloader, change DEFAULT_APPEND (and if necessary FAILSAFE_APPEND aswell) to reflect the same changes you did to the kernel line in /boot/grub/menu.lst. This should make sure the next kernel update won't play havoc with your system.

I'm not completely sure if the options to mkinitrd, as mentioned above, are propagated to the next call. I think I once read they would be. I never was bold enough to rely on that, so I never tested.

Another follow-up...

The "usb" entry to the -f switch of mkinitrd is not necessary. It being necessary for me has nothing to do with this special problem.

The choices in the -f switch to mkinitrd do *not* propagate to subsequent calls to mkinitrd. I do not (yet?) know how to preserve those features for subsquent calls. This means that after each kernel update and before the required reboot another call to 'mkinitrd -f "dm luks"' is necessary.

And just another follow-up...

The change to /etc/sysconfig/bootloader might even affect XEN_KERNEL_APPEND aswell as DEFAULT_APPEND and FAILSAVE_APPEND.

could you test without any workaround, package from home:fcrozat:systemd / systemd ?

Gladly! Where can I find that package? I don't know where to look for it. *embarraced*

http://download.opensuse.org/repositories/home:/fcrozat:/systemd/openSUSE_12.1/

no need to feel embarraced ;)

Now I'm completely stymmied :-(

To test those packages, I made a fresh install. And to be completely sure there's no left-overs, I first overwrote the whole hard disks with zeros. (I had told the installer to format the disks for each install, so there *should* not have been left-overs, but well...)

Then I did installation, same settings as during all those previous times. First (pseudo) reboot came -- and I *was* queried for passwords!!! I did only minor changes (needed as what at installation is hd1 at boot time is hd0), then I made first true reboot. And -- wonders -- I was again queried for passwords!

No idea what could have been different to all the previous times I installed. Really, the *only* difference was overwriting the disk with zeros. I am very sure of that, because I protocolled everything and worked strictly with that protocol. (I re-installed just after first install without even having a look at the system as I had reallized I wanted to change installation software choice.)

As I was up to testing your packages, I then installed them (rpm -i). Did reboot -- and now I am no longer queried for password.

I will have to investigate more...

As I wrote, I am completely stymmied about what's going on now. I will investigate further, but not today.

(In reply to comment #6)
> could you test without any workaround, package from home:fcrozat:systemd /
> systemd ?

linux-x2yl:/home/sol # rpm -qi systemd                      
Name        : systemd                                           
Version     : 37
Release     : 303.1
Architecture: x86_64
Install Date: пн, 05-гру-2011 17:37:08 +0200
Group       : System/Base
Size        : 4188008
License     : GPLv2+
Signature   : DSA/SHA1, пн, 05-гру-2011 15:55:36 +0200, Key ID 5ace4ca4fd73faf5
Source RPM  : systemd-37-303.1.src.rpm
Build Date  : пн, 05-гру-2011 15:54:48 +0200
Build Host  : build24
Relocations : (not relocatable)
Vendor      : obs://build.opensuse.org/home:fcrozat
URL         : http://www.freedesktop.org/wiki/Software/systemd
Summary     : A System and Session Manager
Description :
Systemd is a system and service manager, compatible with SysV and LSB
init scripts for Linux. systemd provides aggressive parallelization
capabilities, uses socket and D-Bus activation for starting services,
offers on-demand starting of daemons, keeps track of processes using
Linux cgroups, supports snapshotting and restoring of the system state,
maintains mount and automount points and implements an elaborate
transactional dependency-based service control logic. It can work as a
drop-in replacement for sysvinit.
Distribution: home:fcrozat:systemd / openSUSE_12.1


Still unsuccessful. But something new appeared:

[    5.244463] padlock_sha: VIA PadLock Hash Engine not detected.
[    5.248524] modprobe[823]: FATAL: Error inserting padlock_sha (/lib/modules/3.1.0-1.2-desktop/kernel/drivers/crypto/padlock-sha.ko): No such device
[    5.465001] mount[627]: Password: crypt_activate_by_passphrase: Operation not permitted
[    5.466443] systemd[1]: home-sol-config.mount mount process exited, code=exited status=1
[    5.479141] systemd[1]: Unit home-sol-config.mount entered failed state.
[   93.333646] systemd[1]: Job home-sol-crfile.device/start timed out.
[   93.333748] systemd[1]: Job cryptsetup.target/start failed with result 'dependency'.
[   93.333757] systemd[1]: Job dev-mapper-cr_crfile.device/start failed with result 'dependency'.
[   93.333760] systemd[1]: Job cryptsetup@cr_crfile.service/start failed with result 'dependency'.
[   93.333766] systemd[1]: Job home-sol-crfile.device/start failed with result 'timeout'.
[   93.657475] logger[862]: Requesting microcode for AMD fam10h or newer CPU(s)

I do not remember there was this line:
"mount[627]: Password: crypt_activate_by_passphrase: Operation not permitted"

And still everything works fine if booted with: init=/sbin/sysvinit

oh, this is an encrypted file, not a partition, I didn't test that..

please test latest version of package in home:fcrozat:systemd / systemd

I've fixed support for encrypted file, it works on my test system.

It works. Thank you.

Log is as follows:

[    5.221495] mount[646]: Password: crypt_activate_by_passphrase: Operation not permitted
[    5.223163] systemd[1]: home-sol-config.mount mount process exited, code=exited status=1
[    5.237155] systemd[1]: Unit home-sol-config.mount entered failed state.
[   11.943357] systemd-cryptsetup[444]: Set cipher aes, mode cbc-essiv:sha256, key size 256 bits for device /home/sol/crfile.
[   13.476567] logger[882]: Requesting microcode for AMD fam10h or newer CPU(s)

sr 96122 pushed to openSUSE:12.1:Update:Test
requesting maintenance update for 12.1

This is an autogenerated message for OBS integration:
This bug (730496) was mentioned in
https://build.opensuse.org/request/show/96122 12.1 / systemd
https://build.opensuse.org/request/show/96125 Factory / systemd

This is an autogenerated message for OBS integration:
This bug (730496) was mentioned in
https://build.opensuse.org/request/show/96193 Factory / systemd

This is an autogenerated message for OBS integration:
This bug (730496) was mentioned in
https://build.opensuse.org/request/show/96377 12.1 / systemd

Created attachment 469373 [details]
Screen shot (poor quality digicam) showing passprase prompt (red box)

maintenance update has been released for 12.1, closing as fixed