|
Bugzilla – Full Text Bug Listing |
| Summary: | Incomplete prompt for encrypted device password entry during boot | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Distribution | Reporter: | Ulrich Windl <Ulrich.Windl> |
| Component: | Basesystem | Assignee: | Fabian Vogt <fvogt> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | bruno, dimstar, fvogt, ismail, lidong.zhong, trenn, Ulrich.Windl |
| Version: | Leap 42.1 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | openSUSE 42.1 | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: |
RPMs for testing
output screen shot |
||
|
Description
Ulrich Windl
2015-12-22 07:49:37 UTC
Would you please provide the prompt information and output of `lsblk` and "/etc/fstab"? thanks! If there is no prompt information, what exactly should I show and how? Photos?
# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
fd0 2:0 1 4K 0 disk
sda 8:0 0 698.7G 0 disk
├─sda1 8:1 0 96G 0 part
├─sda2 8:2 0 1K 0 part
├─sda5 8:5 0 97.7G 0 part
├─sda6 8:6 0 150G 0 part
├─sda7 8:7 0 10G 0 part
└─sda8 8:8 0 300G 0 part
├─sys-root 254:0 0 32G 0 lvm /opt
├─sys-varpool_tmeta 254:2 0 16M 0 lvm
│ └─sys-varpool-tpool
254:4 0 16G 0 lvm
│ ├─sys-varpool 254:5 0 16G 0 lvm
│ └─sys-var 254:7 0 8G 0 lvm /var
├─sys-varpool_tdata 254:3 0 16G 0 lvm
│ └─sys-varpool-tpool
254:4 0 16G 0 lvm
│ ├─sys-varpool 254:5 0 16G 0 lvm
│ └─sys-var 254:7 0 8G 0 lvm /var
└─sys-home 254:6 0 250G 0 lvm
└─cr_home 254:8 0 250G 0 crypt /home
sdb 8:16 0 74.5G 0 disk
├─sdb1 8:17 0 1G 0 part /boot
└─sdb2 8:18 0 8G 0 part
└─cr_swap 254:1 0 8G 0 crypt [SWAP]
sde 8:64 1 3.8G 0 disk
└─sde1 8:65 1 3.8G 0 part /var/run/media/wiu09524/VOLUME
# cat /etc/fstab
/dev/mapper/cr_swap swap swap defaults 0 0
UUID=3f14e45d-12be-42ba-a05f-875f69e88290 / btrfs defaults 0 0
/dev/mapper/cr_home /home xfs nofail 0 2
UUID=3f14e45d-12be-42ba-a05f-875f69e88290 /opt btrfs subvol=@/opt 0 0
UUID=3f14e45d-12be-42ba-a05f-875f69e88290 /srv btrfs subvol=@/srv 0 0
UUID=3f14e45d-12be-42ba-a05f-875f69e88290 /tmp btrfs subvol=@/tmp 0 0
UUID=3f14e45d-12be-42ba-a05f-875f69e88290 /usr/local btrfs subvol=@/usr/local 0 0
UUID=3f14e45d-12be-42ba-a05f-875f69e88290 /.snapshots btrfs subvol=@/.snapshots 0 0
UUID=0268f4f3-1d71-4f98-818e-21d46454616c /boot ext3 acl,user_xattr 1 2
UUID=f93af6df-74b3-4846-afb1-da3a15030e22 /var btrfs defaults 0 0
I could reproduce the problem in my test environment.It's indeed a serious problem if we create more than one encrypted devices during booting up. However, I am afraid it's related to dracut more than lvm2/cryptsetup. The prompt is caused either by plymouth or systemd-ask-password*. I am not sure. So, Chenzi, could you assign this bug to the dracut maintainer? I think they are the right guys. The "text-mode" prompt by systemd-ask-password should give you the target of the encrypted partition. Are you using plymouth? I am not sure if it is plymouth, but the prompt does show in graphical mode. linux-g9wi:~ # rpm -qa |grep plymouth plymouth-dracut-0.9.0-6.1.x86_64 plymouth-plugin-script-0.9.0-6.1.x86_64 plymouth-scripts-0.9.0-6.1.x86_64 plymouth-0.9.0-6.1.x86_64 plymouth-branding-openSUSE-42.1-6.2.noarch I just checked, it's the openSUSE plymouth theme that does not have the ability to show messages. Using the "text" plymouth theme seems to work. To test, run plymouthd, plymouth show-splash and plymouth ask-for-password --prompt="Test". i have the same plymouth packages installed as Lidong Zhong in comment #6, and I think comment #7 makes the needinfo obsolete. Reassinging to maintainers of branding-openSUSE. The openSUSE plymouth theme needs some way to show a text message on screen, e.g. like https://quickgit.kde.org/?p=breeze.git&a=blob&h=b74140d8f5fd32eebc1ee3a6114a4ade5a172498&f=plymouth%2Fbreeze%2Fbreeze-logo.script Add Dominique as (recent committer for TW) First thank you to report this. But I thinks at least we won't be able to fix it without reintroducing bug already fixed before. Including Fonts in plymouth to make allow it to display text will again introduce monster initrd which has been reported during the 11.4 -> 13.2 period. That's why there's no more fonts included in plymouth and then in the initrd. Git commit related to https://github.com/openSUSE/branding/commit/e02d63e4ef11b7d9ec2e9a22326bfb83c1aba310 And ML thread about it http://lists.opensuse.org/opensuse-arm/2014-10/msg00028.html Moreover with the emergence of 4k display including a font like lat9 is heretic at best, those kind of display need a ter-v32b font to have text readable on screen. I'm not in favor of, nor against. Just want to make it clear that there's no easy quick and dirty fix. If a fix is found, also this need to have proper openQA tests so it will not be lost next time the branding is updated. ps : don't expect that / root passphrase is always the first, in case of wake up after suspend my guess is that the one for /swap will be asked. (In reply to Bruno Friedmann from comment #10) > Add Dominique as (recent committer for TW) > > First thank you to report this. But I thinks at least we won't be able to > fix it without reintroducing bug already fixed before. > > Including Fonts in plymouth to make allow it to display text will again > introduce monster initrd which has been reported during the 11.4 -> 13.2 > period. >> ldd /usr/lib64/plymouth/label.so | wc -l >57 That's a bit much indeed. The source of those is libcairo. I wonder why the label plugin doesn't use freetype directly, which does not have any additional dependencies. > I'm not in favor of, nor against. Just want to make it clear that there's no > easy quick and dirty fix. > If a fix is found, also this need to have proper openQA tests so it will not > be lost next time the branding is updated. There's already a test for encrypted LVM (I encountered that by breaking cryptsetup...) so the needle has to be updated with labels anyway. > ps : don't expect that / root passphrase is always the first, in case of > wake up after suspend my guess is that the one for /swap will be asked. I'd say that's enough reason to consider adding the label back in. Maybe I get around to writing a freetype plymouth label plugin next week. Thankfully plymouth supports running in a X11 window, so testing isn't an endless cycle of reboots... If the fonts are a big problem I wonder: 1) What's wrong with "good old" text mode? 2) What about using a simple 5x7 dot matrix font or CAD-like vector font? It can't be progress if usability is worse than before. Without prompts, one of the major problems is that you can't decide whether the password for the current device is retried, or the next password is asked for. That's independent from the order of devices. (In reply to Ulrich Windl from comment #12) > If the fonts are a big problem I wonder: > 1) What's wrong with "good old" text mode? Nothing in particular, but most users don't want to see a blinking cursor and text on their screen with a black background on bootup. You can "zypper rm plymouth; mkinitrd" to remove plymouth. > 2) What about using a simple 5x7 dot matrix font or CAD-like vector font? It looks really bad and doesn't fit to the background at all, especially on hi-res displays. > It can't be progress if usability is worse than before. > > Without prompts, one of the major problems is that you can't decide whether > the password for the current device is retried, or the next password is > asked for. That's independent from the order of devices. I agree, I use encryption as well for two partitions. I made a lightweight plugin (label-ft) for plymouth that I'm going to submit upstream soon, with some bugfixes. Before I do that, can I get some feedback on whether it works reliably? Just install plymouth-plugin-label-ft from http://download.opensuse.org/repositories/home:/favogt:/branches:/Base:/System/openSUSE_Tumbleweed/ and run "mkinitrd". Could you upload the packages here? There is no response when I tried to install with zypper. Seems like a network problem. Thanks Created attachment 662640 [details]
RPMs for testing
Sure, why not. Just extract the archive and you can add the directory as repo with "zypper ar".
The network is OK now. After doing the install and regenerating the initrd, I fell into grub shell now. My swap and home partition are created as encrypted devices. That's definitely not supposed to happen. The plymouth packages don't have much impact on the initrd creation, so I doubt that those packages are the cause. Did you receive any unusual error messages during installation? What's the error that grub displays before dropping you into the shell? No error messages at all. Maybe the the GRUB_TIMEOUT is set very small, the graphic screen that provides selecting booting option flashed immediately and then get the grub shell. If I can't rescue this system today, I will reinstall one tomorrow and do the test again. No luck. There is still not the partition name on the prompt. What should I provide? (In reply to Lidong Zhong from comment #20) > No luck. There is still not the partition name on the prompt. > What should I provide? The output of "lsinitrd /boot/initrd" and "plymouth-set-default-theme". Have you run "mkinitrd"? Created attachment 662793 [details]
output
Yes, I did run mkinitrd
(In reply to Lidong Zhong from comment #22) > Created attachment 662793 [details] > output > > Yes, I did run mkinitrd The output tells me that either plymouth-plugin-label-ft or plymouth-dracut are the wrong version or not installed as /usr/lib/plymouth/plymouth-populate-initrd installs the label-ft plugin unconditionally. > /usr/lib/plymouth> sha256sum plymouth-populate-initrd c38f72c3147206660f9979cb93251704ab6fd40e204113c14960994cae153c63 plymouth-populate-initrd I did the following steps: 1, install plymouth-dracut from your repo 2, install dracut from your repo 3, copy /usr/lib/plymouth/plymouth-populate-initrd to /usr/lib/dracut/modules.d/50plymouth/ to replace plymouth-populate-initrd.sh 4, run mkinitrd . Now the initrd contains label-ft.so 5, reboot. But still no luck. Is there anything I miss or did wrong? PS: I did the test based on the opensuse Leap 42.1 formal release version, without any update. (In reply to Lidong Zhong from comment #24) > I did the following steps: > > 1, install plymouth-dracut from your repo You need _all_ plymouth packages from my repo (except -devel, of course). "zypper -v dup" should work. > 2, install dracut from your repo Not required, that was just for testing. > 3, copy /usr/lib/plymouth/plymouth-populate-initrd to > /usr/lib/dracut/modules.d/50plymouth/ to replace plymouth-populate-initrd.sh This step is not needed, dracut runs /usr/lib/plymouth/plymouth-populate-initrd directly. The internal copy is just a fallback. > 4, run mkinitrd . Now the initrd contains label-ft.so > 5, reboot. But still no luck. > Is there anything I miss or did wrong? > > PS: I did the test based on the opensuse Leap 42.1 formal release version, > without any update. Haven't tested that. There might be an incompatibility with dracut-44 or systemd. I'll have a 42.1 here so I'll test that as well. (In reply to Fabian Vogt from comment #25) > (In reply to Lidong Zhong from comment #24) > > PS: I did the test based on the opensuse Leap 42.1 formal release version, > > without any update. > Haven't tested that. There might be an incompatibility with dracut-44 or > systemd. I'll have a 42.1 here so I'll test that as well. I installed Leap 42.1 with the usual encrypted LVM setup (with KDE) and added the update and by home:favogt:branches:Base:System repo during installation and it shows the prompt directly on the first boot. Created attachment 663010 [details]
screen shot
Yes, it worked.
A little tip: could you optimize the output of the message?Please take a look at my screenshot
(In reply to Lidong Zhong from comment #27) > Created attachment 663010 [details] > screen shot > > Yes, it worked. > A little tip: could you optimize the output of the message?Please take a > look at my screenshot I noticed that sometimes there was a slight cut at the end, but with the font you're using it seems to cut a lot more off... Should be fixed now. The theme doesn't center the prompt, so I opened https://github.com/openSUSE/branding/issues/58 . I posted my patches upstream a while ago, no reaction so far. (https://bugs.freedesktop.org/show_bug.cgi?id=93808) @namtrac: Would it be possible to include them in the TW package? Originally I planned to get some feedback from upstream first, but that didn't work out. It's fixed in openSUSE LEap 42.2. Fixed in 42.2 and TW. |