From: Kaelyn via Bug reports for GNU Guix <bug-guix@gnu.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 70897@debbugs.gnu.org
Subject: bug#70897: Guix system hangs on boot with LUKS root partition
Date: Mon, 13 May 2024 19:44:41 +0000 [thread overview]
Message-ID: <P90NVLBUK8yApP-AEiB1dj52M8UMxGMt7bFIXL8XiH_V8imzv0VNs-GggJFAft6Q3f1uc9xWQECN2hN1FpeU2e3v5B_QJFX0drkorm2_Gyk=@protonmail.com> (raw)
In-Reply-To: <87ikzic92t.fsf@gnu.org>
Hi Ludo',
On Monday, May 13th, 2024 at 3:14 AM, Ludovic Courtès <ludo@gnu.org> wrote:
>
>
> Hi Kaelyn,
>
> Kaelyn kaelyn.alexi@protonmail.com skribis:
>
> > I recently updated my systems after finally finding https://issues.guix.gnu.org/70051 and seeing the issue I was having with booting with a non-root LUKS partition configured had been fixed. After updating to a commit past these two:
> >
> > 49f82fca41 mapped-devices: luks: Specify modules needed at the top-level.
> > 6062339156 mapped-devices: <mapped-device-type> can specify modules to import.
> >
> > I am now seeing a different error, which I am pretty sure is related
> > to the module import changes in 49f82fca41. The error I get is about
> > an unknown symbol "system*/tty" when the initramfs tries to prompt for
> > a password to unlock the LUKS partition containing the root
> > filesystem.
>
>
> To be clear, you have both a LUKS-encrypted root and a non-root
> LUKS-encrypted partition?
>
> (FWIW I tested (1) with a LUKS-encrypted root, and (2) with a cleartext
> root and LUKS-encrypted /home. The bug you mention affected #2.)
More accurately, I have one system that has a mirrored btrfs root with two LUKS-encrypted partitions (and a few quirks in the setup that make rebooting a bit tedious, such as grub slowly unlocking two drives, and a ZFS pool that has to be unlocked manually after boot), and one with a single LUKS-encrypted btrfs partition. I hit (2) on the first system about a month ago when I updated both, with the second system booting fine. I hit (1) on the second system when updating much more recently after seeing (2) was fixed, and hadn't tried rebooting the first system with the new generation.
> Could you share your OS config or a relevant subset thereof?
My full OS config is decidedly non-trivial, with parts (e.g. common services and user accounts) shared between host configurations. The mapped-devices and file-systems fragments for the two systems are below.
For the first system, with the mirrored btrfs root:
(mapped-devices
(list (mapped-device
(source
(uuid "7bcca55e-8a41-44a8-beab-2047eed0af41"))
(target "cryptroot1")
(type luks-device-mapping))
(mapped-device
(source
(uuid "9472b8ae-c90c-4712-b90d-ca07602514d7"))
(target "cryptroot2")
(type luks-device-mapping))
))
(file-systems
(let ((rootfs (file-system
(mount-point "/")
(device "/dev/mapper/cryptroot1")
(type "btrfs")
(check? #f)
(options "compress=zstd,subvol=@guix")
(dependencies mapped-devices))))
(cons* rootfs
(file-system
(mount-point "/boot/efi")
(device (file-system-label "EFI"))
(type "vfat")
(mount-may-fail? #t)
(dependencies mapped-devices))
(file-system
(mount-point "/gnu")
(device "/dev/mapper/cryptroot1")
(type "btrfs")
(check? #f)
(options "compress=zstd,subvol=@gnu_store")
(dependencies (cons rootfs mapped-devices)))
%base-file-systems))))
The second system, with the single-drive encrypted btrfs root:
(mapped-devices
(list (mapped-device
(source
(uuid "e6aaafc5-49cb-477b-a665-daf065611195"))
(target "cryptroot1")
(type luks-device-mapping))
))
(file-systems
(let ((rootfs (file-system
(mount-point "/")
(device "/dev/mapper/cryptroot1")
(type "btrfs")
(check? #f)
(options "compress=zstd,subvol=@guix")
(dependencies mapped-devices))))
(cons* rootfs
(file-system
(mount-point "/boot/efi")
(device (file-system-label "EFI"))
(type "vfat")
(mount-may-fail? #t)
(dependencies mapped-devices))
(file-system
(mount-point "/gnu")
(device "/dev/mapper/cryptroot1")
(type "btrfs")
(check? #f)
(options "compress=zstd,subvol=@gnu_store")
(dependencies (cons rootfs mapped-devices)))
%common-file-systems))))
(Note the %common-file-systems is simply %base-file-systems plus a couple of NFS mounts from the first system, which are shared with several computers.)
For both computers, I make use of the 6.1 or 6.6 LTS kernels since I also use ZFS. When I hit (1), I eventually figured out where the hang during boot was happening by removing "quiet" from the kernel command line, which also caused shepherd to be more verbose (something I hadn't realized). When I hit (2), the boot process was still in the initrd due to failing to unlock and mount the root filesystem.
If there is any further information I can provide, please let me know.
Cheers,
Kaelyn
>
> > I don't know how the module plumbing of Shepherd and the generated
> > initramfs work, but I suspect the fix for Shepherd opening LUKS
> > partition broke the import of system*/tty in the initramfs (for
> > example, at the early REPL that booting my latest system generation
> > ends up at, system*/tty is undefined initially, but after evaluating
> > "(use-modules (gnu build file-systems))" system*/tty resolves to a
> > procedure as exected--so the module is at least present in the
> > initramfs). I have encountered this error with two different systems,
> > and I believe the reproduction is simply trying to open a LUKS device
> > without a keyfile so that a password prompt is necessary.
>
>
> Hmm. Thanks for investigating!
>
> Ludo’.
next prev parent reply other threads:[~2024-05-13 19:45 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-12 15:26 bug#70897: Guix system hangs on boot with LUKS root partition Kaelyn via Bug reports for GNU Guix
2024-05-13 10:14 ` Ludovic Courtès
2024-05-13 19:44 ` Kaelyn via Bug reports for GNU Guix [this message]
2024-05-18 17:04 ` Kaelyn via Bug reports for GNU Guix
2024-05-19 14:05 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='P90NVLBUK8yApP-AEiB1dj52M8UMxGMt7bFIXL8XiH_V8imzv0VNs-GggJFAft6Q3f1uc9xWQECN2hN1FpeU2e3v5B_QJFX0drkorm2_Gyk=@protonmail.com' \
--to=bug-guix@gnu.org \
--cc=70897@debbugs.gnu.org \
--cc=kaelyn.alexi@protonmail.com \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).