New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
luksroot: Wait for the header (device) to appear #24634
Conversation
|
||
# Wait for luksRoot (and optionally keyFile and/or header) to appear, e.g. | ||
# if on a USB drive. | ||
wait_target "device" ${device} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mhm, I hope this can be replaced with systemd-cryptsetup in future with proper udev auto-detection.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know about systemd-cryptsetup
but imho we should always have an alternative in case we want to replace systemd one day.
Edit: But I agree that this would most likely make sense when using systemd anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have a waitDevice()
in stage-1 using udev. Is this applicable here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Short answer: Yes (if we modify some stuff in stage-1-init.sh
)
Long answer: It's a bit more complicated... Currently the commands from luksroot.nix
are executed before waitDevice()
is declared, i.e. we should move the code to the top (which would probably make sense for all/most functions in there). Then I would suggest that we extend the function so that we can keep the current output and the amount of seconds to wait should probably be a parameter as well (better an optional parameter, if possible). And then we would need to think about the LVM stuff (we have preLVMCommands
and postDeviceCommands
(post LVM) - running lvm vgchange -ay
as pre LVM command would destroy that separation).
I thought about using waitDevice()
but decided against it for the above reasons. Imho this commit/PR already does what it's supposed to do (imho) and improves the current situation - I hope you don't mind if I merge it 😄.
I agree that there are a lot of possible improvements for stage-1-init.sh
but imho that should go into a separate commit/PR - actually I already thought about some (including using waitDevice()
) but unfortunately that might have to wait for a while since I don't have enough time for that atm.
The LUKS header can be on another device (e.g. a USB stick). In my case it can take up to two seconds until the partition on my USB stick is available (i.e. the decryption fails without this patch). This will also remove some redundancy by providing the shell function `wait_target` and slightly improve the output (one "." per second and a success/failure indication after 10 seconds instead of always printing "ok").
The LUKS header can be on another device (e.g. a USB stick). In my case
it can take up to two seconds until the partition on my USB stick is
available (i.e. the decryption fails without this patch). This will also
remove some redundancy by providing the shell function
wait_target
andslightly improve the output (one "." per second and a success/failure
indication after 10 seconds instead of always printing "ok").
cc @Calrama @edolstra