sysroot on btrfs/zfs/lvm

[lachesis]

Does this package replace the sd-encrypt hook, or does it still need it?

The suggested hooks list on the Arch Wiki suggests it replaces it, but without it, I was just getting stuck at some error like:
"Start Job running for /dev/disk/by-uuid/$ROOT_UUID"
where the UUID given was the UUID of the decrypted root partition (/dev/mapper/root when the system is running).

[Andrei-Pozolotin]

should not be needed

1. sd-encrypt should not be needed

2. resources from sd-encrypt should be replaced by these entries

• initrd-cryptsetup.service#L47

3. please try to track down what is missing initrd-cryptsetup.service vs
   https://git.archlinux.org/svntogit/packages.git/tree/trunk/install-sd-encrypt?h=packages/cryptsetup

[peter-held]

Hi, same problem here (ZFS).

Looking at my initramfs it seems that two files are missing, compared to https://git.archlinux.org/svntogit/packages.git/tree/trunk/install-sd-encrypt?h=packages/cryptsetup:

add_systemd_unit "systemd-ask-password-console.service"
and
add_binary "mkswap"

My config hooks are:
HOOKS=(base keyboard modconf block filesystems fsck systemd sd-vconsole sd-zfs systemd-tool)
I'm not using fstab, only crypttab.

Thanks.

[Andrei-Pozolotin]

please confirm if v33 resolves this

• https://github.com/random-archer/mkinitcpio-systemd-tool/releases/tag/v33
• https://www.archlinux.org/packages/community/any/mkinitcpio-systemd-tool/

[lachesis]

v33 does not resolve this for me: (BTRFS)

796a39672f2ad4a562f27023e9f65fef  /usr/lib/mkinitcpio-systemd-tool/initrd-build.sh

● initrd-cryptsetup.path - Initrd Cryptsetup Path
     Loaded: loaded (/usr/lib/systemd/system/initrd-cryptsetup.path; enabled; vendor preset: disabled)

Same problem as before - see attached image.

[Andrei-Pozolotin]

@lachesis

A. it seems you have some fstab config error:

B. meanwhile, more details please:

1. output of

systemctl list-unit-files --state=enabled | grep initrd

2. actual content, via lsinitcpio -x /boot/initramfs-linux.img

[initramfs]/etc/crypttab
[initramfs]/etc/fstab

3. actual kernel command line

cat /proc/cmdline

4. initrd-shell boot log

journalctl -b -t shell

5. block device layout, via

lsblk

blkid

[lachesis]

Here's my system (BTRFS)

Yeah I'm not sure what's up with (A). Here's my system fstab if it's relevant:

$ cat /etc/fstab
#
# /etc/fstab: static file system information
#
# <file system>	<dir>	<type>	<options>	<dump>	<pass>
tmpfs		/tmp	tmpfs	nodev,nosuid	0	0
/dev/mapper/root / btrfs ssd,discard,noatime,user_xattr,defaults 0 1
UUID=ad54f0cd-de73-4a9b-915a-1241deb9d541 /boot ext4 discard,noatime,user_xattr,defaults 0 1
#/dev/mapper/backup /backup btrfs noatime,defaults,noauto,ro 0 1
LABEL=linslow  /slow   btrfs    noatime,noauto,x-systemd.automount 0 1
UUID=F6D8-B4FB /boot/efi vfat   defaults 0 1
LABEL=ssd2-lin /ssd2   ext4     noatime,noauto,x-systemd.automount 0 1
#LABEL=ssd3     /ssd3   ext4     noatime,noauto,x-systemd.automount 0 1
/swap none swap defaults 0 0

$ systemctl list-unit-files --state=enabled | grep initrd
initrd-cryptsetup.path                                enabled disabled
initrd-shell.service                                  enabled disabled
initrd-sysroot-mount.service                          enabled disabled
initrd-tinysshd.service                               enabled disabled

$ cat /proc/cmdline
BOOT_IMAGE=/vmlinuz-linux root=UUID=c58bcea8-0338-41d6-b10b-cd186747b07d rw intel_iommu=on iommu=pt resume=UUID=c58bcea8-0338-41d6-b10b-cd186747b07d resume_offset=69399059

$ journalctl -b -t shell

-- Logs begin at Sat 2020-04-18 23:38:08 PDT, end at Mon 2020-04-20 15:56:09 PDT. --
Apr 19 17:54:57 wintermute shell[372]: service/loc info : init
Apr 19 17:54:57 wintermute shell[379]: service/loc info : cryptsetup service
Apr 19 17:54:57 wintermute shell[384]: service/loc info : crypt jobs
Apr 19 17:54:57 wintermute shell[387]: service/loc info : custom agent try #1
Apr 19 17:54:58 wintermute shell[401]: service/loc info : query start
Apr 19 17:55:03 wintermute shell[417]: service/loc info : query finish
Apr 19 17:55:03 wintermute shell[426]: service/loc info : request list size=1
Apr 19 17:55:03 wintermute shell[437]: service/loc info : reply pid=337 id=cryptsetup:/dev/disk/by-uuid/45330ed0-2ced-4c72-b192-5548b1344029 message=Please-enter-passphrase-for-disk-WDS100T3XHC-00SJG0--root--on-/sysroot:
Apr 19 17:55:09 wintermute shell[846]: service/loc warn : invalid secret
Apr 19 17:55:09 wintermute shell[848]: service/loc info : custom agent try #2
Apr 19 17:55:09 wintermute shell[857]: service/loc info : query start
Apr 19 17:55:16 wintermute shell[862]: service/loc info : query finish
Apr 19 17:55:16 wintermute shell[871]: service/loc info : request list size=1
Apr 19 17:55:16 wintermute shell[882]: service/loc info : reply pid=337 id=cryptsetup:/dev/disk/by-uuid/45330ed0-2ced-4c72-b192-5548b1344029 message=Please-enter-passphrase-for-disk-WDS100T3XHC-00SJG0--root--on-/sysroot:
Apr 19 17:55:22 wintermute shell[1356]: service/loc info : program termination (TERM)
Apr 19 17:55:22 wintermute shell[1358]: service/loc info : exit code=0

(note: This is from a boot with the sd-encrypt hook present. I can't get my system to boot without it right now. I can maybe get the logs from the failure boot without sd-encrypt if I can get into the shell via tinyssh later tonight.)

$ cat etc/fstab
# This file is part of https://github.com/random-archer/mkinitcpio-systemd-tool

# fstab: mappings for direct partitions in initramfs:
# * file location in initramfs: /etc/fstab
# * file location in real-root: /etc/mkinitcpio-systemd-tool/config/fstab

# fstab format:
# https://wiki.archlinux.org/index.php/Fstab

# how fstab is used by systemd:
# https://www.freedesktop.org/software/systemd/man/systemd-fstab-generator.html
# https://github.com/systemd/systemd/blob/master/src/fstab-generator/fstab-generator.c

# note:
# * ensure /sysroot mount folder inside initramfs disk image
# * remove "root=/dev/mapper/root" stanza from kernel command line
# * provide here root partition mapping (instead of kernel command line)
# * ensure that mapper-path in fstab corresponds to mapper-name in crypttab
# * for x-mount options see: https://www.freedesktop.org/software/systemd/man/systemd.mount.html

#  <block-device>       <mount-point>    <fs-type>    <mount-options>                   <dump>  <fsck>
/dev/mapper/root      /sysroot         auto         x-systemd.device-timeout=9999h     0       1
#  /dev/mapper/swap      none             swap         x-systemd.device-timeout=9999h     0       0

$ cat etc/crypttab
# This file is part of https://github.com/random-archer/mkinitcpio-systemd-tool

# crypttab: mappings for encrypted partitions in initramfs
# * file location in initramfs: /etc/crypttab
# * file location in real-root: /etc/mkinitcpio-systemd-tool/config/crypttab

# crypttab format:
# https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#crypttab

# how crypttab is used by systemd:
# https://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html
# https://github.com/systemd/systemd/blob/master/src/cryptsetup/cryptsetup-generator.c

# note:
# * provide here mapper partition UUID (instead of kernel command line)
# * use password/keyfile=none to force cryptsetup password agent prompt
# * ensure that mapper-path in fstab corresponds to mapper-name in crypttab
# * for x-mount options see: https://www.freedesktop.org/software/systemd/man/systemd.mount.html

# <mapper-name>   <block-device>       <password/keyfile>   <crypto-options>
#  root           UUID={{UUID_ROOT}}       none                luks
#  swap           UUID={{UUID_SWAP}}       none                luks
root		  UUID=45330ed0-2ced-4c72-b192-5548b1344029	none	luks,allow-discards

$ lsblk -f
NAME           FSTYPE      FSVER LABEL    UUID                                 FSAVAIL FSUSE% MOUNTPOINT
loop0          squashfs    4.0                                                       0   100% /var/lib/snapd/snap/snapd/6953
loop1          squashfs    4.0                                                       0   100% /var/lib/snapd/snap/gtk-common-themes/1474
loop2          squashfs    4.0                                                       0   100% /var/lib/snapd/snap/gnome-3-28-1804/116
loop3          squashfs    4.0                                                       0   100% /var/lib/snapd/snap/core18/1705
loop4          squashfs    4.0                                                       0   100% /var/lib/snapd/snap/tandem/2
sda
├─sda1         ntfs              winslow  0647E0B76CA79638
└─sda2         crypto_LUKS 1              c4b9038a-743e-452f-b3e4-8a8291b2c4f0
  └─linslownew btrfs             linslow  a4359fb7-17b1-418f-afae-ebc2cb42cf9d    1.1T    46% /slow
sdb
├─sdb1         ext4        1.0   ssd2-lin 137946f5-6d62-4b09-b618-a85042e16c94    3.1G    98% /ssd2
└─sdb2         ntfs              ssd2-win 7E3617143176A7C7
nvme1n1
├─nvme1n1p1    crypto_LUKS 2              45330ed0-2ced-4c72-b192-5548b1344029
│ └─root       btrfs             root     c58bcea8-0338-41d6-b10b-cd186747b07d  524.2G    44% /
├─nvme1n1p2    vfat        FAT32 BOOTEFI  F6D8-B4FB                             124.9M     0% /boot/efi
└─nvme1n1p3    ext4        1.0   boot     ad54f0cd-de73-4a9b-915a-1241deb9d541   50.1M    72% /boot
nvme0n1
├─nvme0n1p2    ntfs                       A6745FC0745F9243
└─nvme0n1p1

$ blkid
/dev/nvme1n1p1: UUID="45330ed0-2ced-4c72-b192-5548b1344029" TYPE="crypto_LUKS" PARTUUID="2dbdfbcb-5de6-4c84-ad45-f6dfd25a7047"
/dev/nvme1n1p2: LABEL_FATBOOT="BOOTEFI" LABEL="BOOTEFI" UUID="F6D8-B4FB" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="a4daa5c2-28ca-4532-828f-8b6d297dea2e"
/dev/nvme1n1p3: LABEL="boot" UUID="ad54f0cd-de73-4a9b-915a-1241deb9d541" BLOCK_SIZE="1024" TYPE="ext4" PARTUUID="368c1e6e-6170-4c2e-b545-ef1aac6291f2"
/dev/sda1: LABEL="winslow" BLOCK_SIZE="512" UUID="0647E0B76CA79638" TYPE="ntfs" PARTUUID="9c503e54-81f4-644b-988d-9a3dbdd6db94"
/dev/sda2: UUID="c4b9038a-743e-452f-b3e4-8a8291b2c4f0" TYPE="crypto_LUKS" PARTUUID="05f2c850-e3d8-9c4d-9871-e8adcf5379e1"
/dev/sdb1: LABEL="ssd2-lin" UUID="137946f5-6d62-4b09-b618-a85042e16c94" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="15f01ea8-0bb1-3b42-9e09-d55de492179e"
/dev/sdb2: LABEL="ssd2-win" BLOCK_SIZE="512" UUID="7E3617143176A7C7" TYPE="ntfs" PARTUUID="9348c930-f4d8-bd4e-9eea-aa385bb0411d"
/dev/mapper/root: LABEL="root" UUID="c58bcea8-0338-41d6-b10b-cd186747b07d" UUID_SUB="7cdc25b0-dcb0-4787-a2e2-061421f37b97" BLOCK_SIZE="4096" TYPE="btrfs"
/dev/loop0: TYPE="squashfs"
/dev/loop1: TYPE="squashfs"
/dev/loop2: TYPE="squashfs"
/dev/loop3: TYPE="squashfs"
/dev/loop4: TYPE="squashfs"
/dev/mapper/linslownew: LABEL="linslow" UUID="a4359fb7-17b1-418f-afae-ebc2cb42cf9d" UUID_SUB="58567124-5f5a-49bb-b9df-19d90b211265" BLOCK_SIZE="4096" TYPE="btrfs"
/dev/nvme0n1p2: BLOCK_SIZE="512" UUID="A6745FC0745F9243" TYPE="ntfs"
/dev/nvme0n1p1: PARTLABEL="Microsoft reserved partition" PARTUUID="8241e6dd-f7ba-4acd-9b3f-b3345ecd0437"

$ uname -a
Linux wintermute 5.6.4-arch1-1 #1 SMP PREEMPT Mon, 13 Apr 2020 12:21:19 +0000 x86_64 GNU/Linux

[Andrei-Pozolotin]

@lachesis

you have conflicting /sysroot specs [kernel] vs [fstab] :

you have conflicting /sysroot specs [kernel] vs [fstab] :

1. kernel command line

$ cat /proc/cmdline
BOOT_IMAGE=/vmlinuz-linux root=UUID=c58bcea8-0338-41d6-b10b-cd186747b07d rw intel_iommu=on iommu=pt resume=UUID=c58bcea8-0338-41d6-b10b-cd186747b07d resume_offset=69399059

2. [initramfs]/fstab

/dev/mapper/root      /sysroot         auto         x-systemd.device-timeout=9999h     0       1

3. try to remove from kernel command line any root references

root=UUID... resume=UUID...

4. read for more insight on btrfs:
   https://github.com/random-archer/mkinitcpio-systemd-tool/wiki/Case:-Sysroot-on-Btrfs

5. second attempt to re-map root is ignored, check actual mount options to verify

[real-root]/fstab

/dev/mapper/root / btrfs ssd,discard,noatime,user_xattr,defaults 0 1

6. initrd-shell.service should not be enabled

7. if you wait more then 1 min 30 sec you should drop into emergency shell
   produce full journalctl -b. enable initrd-debug-progs.service for more debug tools

[lachesis]

Good advice thanks.

3. Sadly that root is being inserted by grub-mkconfig and I can't be bothered to fix it right now. Can I change my $initramfs/etc/fstab to use UUID=c58bcea8-0338-41d6-b10b-cd186747b07d instead of /dev/mapper/root? Also, don't I need to specify the resume device independently for hibernate to work?

4. Not sure what in particular I can take from that. It looks like quite a different situation with the keyfiles partition and all.

5. Actual mount options:

$ mount -l -t btrfs
/dev/mapper/root on / type btrfs (rw,relatime,ssd,space_cache,subvolid=5,subvol=/) [root]

6. I enabled that to solve issue initrd-tinysshd: what installs authorized_keys? #61.

7. Will investigate further and report back.

[Andrei-Pozolotin]

@lachesis Eric:

Good advice thanks.

1. I do not use "sysroot on btrfs", sorry
   and have no immediate "how to make it work" advice

2. since it took @fredleb Frederic 3 weeks with his "sysroot on lvm+btrfs" sysroot on lvm+btrfs #36,
   chances are, you are looking at 2 weeks with "simple" case, "sysroot on btrfs" :-)

3. here is a wiki page waiting for you to share your unavoidable total success story :-)
   https://github.com/random-archer/mkinitcpio-systemd-tool/wiki/Case:-Sysroot-on-Btrfs-(simple)

4. ideally we want to incorporate some initrd-root-on-btrfs.{mount,service} units
   such that other people can re-use your experience

[peter-held]

Also for me is not working (ZFS):

• without sd-encrypt
  

• with sd-encrypt
  

[peter-held]

System information (ZFS):

• systemctl list-unit-files --state=enabled | grep initrd

initrd-cryptsetup.path               enabled disabled     
initrd-debug-progs.service           enabled disabled     
initrd-network.service               enabled disabled     
initrd-sysroot-mount.service         enabled disabled     
initrd-tinysshd.service              enabled disabled

• cat etc/crypttab

# This file is part of https://github.com/random-archer/mkinitcpio-systemd-tool

# crypttab: mappings for encrypted partitions in initramfs
# * file location in initramfs: /etc/crypttab
# * file location in real-root: /etc/mkinitcpio-systemd-tool/config/crypttab

# crypttab format:
# https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#crypttab

# how crypttab is used by systemd:
# https://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html
# https://github.com/systemd/systemd/blob/master/src/cryptsetup/cryptsetup-generator.c

# note: 
# * provide here mapper partition UUID (instead of kernel command line)
# * use password/keyfile=none to force cryptsetup password agent prompt
# * ensure that mapper-path in fstab corresponds to mapper-name in crypttab
# * for x-mount options see: https://www.freedesktop.org/software/systemd/man/systemd.mount.html

# <mapper-name>   <block-device>       <password/keyfile>   <crypto-options>
#  root           UUID={{UUID_ROOT}}       none                luks
#  swap           UUID={{UUID_SWAP}}       none                luks 

crypt-ata-Samsung_SSD_850_EVO_250GB_244N-part3       /dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_244N-part3             none    luks,discard,x-systemd.device-timeout=9999h
crypt-ata-Samsung_SSD_850_EVO_250GB_311M-part3       /dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_311M-part3             none    luks,discard,x-systemd.device-timeout=9999h

• cat etc/fstab

# This file is part of https://github.com/random-archer/mkinitcpio-systemd-tool

# fstab: mappings for direct partitions in initramfs:
# * file location in initramfs: /etc/fstab
# * file location in real-root: /etc/mkinitcpio-systemd-tool/config/fstab

# fstab format:
# https://wiki.archlinux.org/index.php/Fstab

# how fstab is used by systemd:
# https://www.freedesktop.org/software/systemd/man/systemd-fstab-generator.html
# https://github.com/systemd/systemd/blob/master/src/fstab-generator/fstab-generator.c

# note: 
# * ensure /sysroot mount folder inside initramfs disk image
# * remove "root=/dev/mapper/root" stanza from kernel command line
# * provide here root partition mapping (instead of kernel command line)
# * ensure that mapper-path in fstab corresponds to mapper-name in crypttab
# * for x-mount options see: https://www.freedesktop.org/software/systemd/man/systemd.mount.html

#  <block-device>       <mount-point>    <fs-type>    <mount-options>                   <dump>  <fsck>
#  /dev/mapper/root      /sysroot         auto         x-systemd.device-timeout=9999h     0       1
#  /dev/mapper/swap      none             swap         x-systemd.device-timeout=9999h     0       0

• cat /proc/cmdline

BOOT_IMAGE=/BOOT/default@/vmlinuz-linux-vfio root=zfs:rpool/ROOT/default rw intel_iommu=on,igfx_off pcie_acs_override=downstream ipv6.disable=1 zfs_ignorecache=1

• journalctl -b -t shell

-- Logs begin at Wed 2020-02-26 09:43:07 EET, end at Tue 2020-04-21 10:17:01 EEST. --
Apr 21 09:38:45 kvm1.cr.home.lan shell[393]: service/loc info : init
Apr 21 09:38:45 kvm1.cr.home.lan shell[395]: service/loc info : service: cryptsetup/crypto_terminal
Apr 21 09:38:45 kvm1.cr.home.lan shell[400]: service/loc info : crypt jobs
Apr 21 09:38:45 kvm1.cr.home.lan shell[403]: service/loc info : custom agent try count=1
Apr 21 09:38:45 kvm1.cr.home.lan shell[416]: service/loc info : query start
Apr 21 09:39:37 kvm1.cr.home.lan shell[475]: service/loc info : query finish
Apr 21 09:39:37 kvm1.cr.home.lan shell[484]: service/loc info : request list size=2
Apr 21 09:39:37 kvm1.cr.home.lan shell[495]: service/loc info : reply pid=366 id=cryptsetup:/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_244N-part3 message=Please-enter-passphrase-for-disk-Samsung_S>
Apr 21 09:39:37 kvm1.cr.home.lan shell[500]: service/loc warn : request removed [/run/systemd/ask-password/ask.PCAKyN]
Apr 21 09:39:43 kvm1.cr.home.lan shell[1433]: service/loc info : program termination (TERM)
Apr 21 09:39:43 kvm1.cr.home.lan shell[1436]: service/loc info : exit code=0

• lsblk /dev/sda

NAME                                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda                                                             8:0    0 232.9G  0 disk  
├─sda1                                                          8:1    0   512M  0 part  /boot/efi2
├─sda2                                                          8:2    0     1G  0 part  
└─sda3                                                          8:3    0 231.4G  0 part  
  └─crypt-ata-Samsung_SSD_850_EVO_250GB_311M-part3            254:1    0 231.4G  0 crypt`

- lsblk /dev/sdb
`NAME                                                          MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sdb                                                             8:16   0 232.9G  0 disk  
├─sdb1                                                          8:17   0   512M  0 part  /boot/efi1
├─sdb2                                                          8:18   0     1G  0 part  
└─sdb3                                                          8:19   0 231.4G  0 part  
  └─crypt-ata-Samsung_SSD_850_EVO_250GB_244N-part3            254:0    0 231.4G  0 crypt

• zpool status -v bpool rpool

  pool: bpool
 state: ONLINE
status: Some supported features are not enabled on the pool. The pool can
        still be used, but some features are unavailable.
action: Enable all features using 'zpool upgrade'. Once this is done,
        the pool may no longer be accessible by software that does not support
        the features. See zpool-features(5) for details.
  scan: none requested
config:

        NAME                                                     STATE     READ WRITE CKSUM
        bpool                                                    ONLINE       0     0     0
          mirror-0                                               ONLINE       0     0     0
            ata-Samsung_SSD_850_EVO_250GB_244N-part2             ONLINE       0     0     0
            ata-Samsung_SSD_850_EVO_250GB_311M-part2             ONLINE       0     0     0

errors: No known data errors

  pool: rpool
 state: ONLINE
  scan: scrub repaired 0B in 0 days 00:05:29 with 0 errors on Sun Sep 22 09:13:11 2019
config:

        NAME                                                           STATE     READ WRITE CKSUM
        rpool                                                          ONLINE       0     0     0
          mirror-0                                                     ONLINE       0     0     0
            crypt-ata-Samsung_SSD_850_EVO_250GB_244N-part3             ONLINE       0     0     0
            crypt-ata-Samsung_SSD_850_EVO_250GB_311M-part3             ONLINE       0     0     0

errors: No known data errors

[Andrei-Pozolotin]

@lachesis @peter-held @shelaf

please: try again with v34

1. try again with v34, see if that makes any difference
   https://github.com/random-archer/mkinitcpio-systemd-tool/releases/tag/v34
   https://www.archlinux.org/packages/community/any/mkinitcpio-systemd-tool/

2. report content of actual /etc/mkinitcpio.conf

[shelaf]

v34 also did not work well without sd-encrypt hook.

/etc/mkinitcpio.conf (BTRFS)

MODULES=()
BINARIES=("/usr/bin/btrfs")
FILES=()
HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block filesystems sd-encrypt fsck btrfs systemd-tool)

[peter-held]

/etc/mkinitcpio.conf (ZFS)

MODULES=(pci-stub i915)
BINARIES=()
FILES=()
HOOKS=(base keyboard modconf block filesystems fsck systemd sd-vconsole sd-encrypt sd-zfs systemd-tool)

[Andrei-Pozolotin]

v34 also did not work

v34 release is still pending. verify version by re-install: pacman -Sy mkinitcpio-systemd-tool

[shelaf]

I installed from git master branch, extracted initramfs, and verified that initrd-cryptsetup.service has a dm-integrity line.

[Andrei-Pozolotin]

I installed from git master branch

ah, good

[Andrei-Pozolotin]

@lachesis @peter-held @shelaf

regading /etc/crypttab.initramfs:

• do you guys at all use [real-root]/etc/crypttab.initramfs from sd-encrypt
• if yes, what is the content?
• if yes, what happens when you remove it?

[Andrei-Pozolotin]

BINARIES=("/usr/bin/btrfs")

this is redundant, this dependency should be brought by HOOKS=(btrfs), no?

[shelaf]

this is redundant, this dependency should be brought by HOOKS=(btrfs), no?

Btrfs hook contents are as follows. No binary.

#!/usr/bin/ash

run_hook() {
    btrfs device scan
}

See https://wiki.archlinux.org/index.php/Btrfs#Corruption_recovery for the meaning of the BINARIES.

[shelaf]

do you guys at all use [real-root]/etc/crypttab.initramfs from sd-encrypt

No, does not exist.

[peter-held]

My /etc/crypttab.initramfs has the same content as /etc/crypttab.
I removed it and the computer booted without problems (with sd-encrypt).

[lachesis]

do you guys at all use [real-root]/etc/crypttab.initramfs from sd-encrypt

Doesn't exist for me either.

[Andrei-Pozolotin]

@lachesis you can try to follow @peter-held pattern from #62 (comment)
that is:

• leave [initramfs]/etc/fstab empty and
• drive sysrooot.mount generation only form kernel command line

[Andrei-Pozolotin]

@lachesis @peter-held @shelaf
just to confirm:

• after v34 you still need to keep HOOKS=(sd-encrypt) in order to boot, is that correct?

[shelaf]

after v34 you still need to keep HOOKS=(sd-encrypt) in order to boot, is that correct?

Yes

[Anty0]

Hi,
Even though I don't have btrfs or zfs (only ext4 on lvm), I think this might be related:

Looking through changelog while updating my system today, I have noticed I in fact use sd-encrypt hook. Without it system won't ask for password... (Frozen on waiting for partition.)
This issue persists in v34.

I have decided to findout why. 😎

Comparing both initcpios (with and without sd-encrypt) I can see cryptsetup.target is missing from sysinit.target.wants in initcpio without sd-encrypt. I'm not sure why... 😕

Diff output:

$ diff --brief --recursive --no-dereference initcpio-working initcpio-broken 
Files initcpio-working/buildconfig and initcpio-broken/buildconfig differ
Only in initcpio-working/usr/lib/systemd/system/sysinit.target.wants: cryptsetup.target
Only in initcpio-working/usr/lib/systemd/system/sysinit.target.wants: systemd-ask-password-console.path

I was able to workaround this in initrd-cryptsetup.service with:

InitrdLink=/usr/lib/systemd/system/sysinit.target.wants/cryptsetup.target target=/usr/lib/systemd/system/cryptsetup.target

With this change everything is working the same as with sd-encrypt hook.

Hope this info can help resolve this issue. 🙂

[Andrei-Pozolotin]

@Anty0 hey, thank you!

• that will be an easy fix
• we are still waiting for you to tell your story, and also teach your magic diff skill 🙂
  https://github.com/random-archer/mkinitcpio-systemd-tool/wiki/Case:-Sysroot-on-LVM

[shelaf]

InitrdLink=/usr/lib/systemd/system/sysinit.target.wants/cryptsetup.target target=/usr/lib/systemd/system/cryptsetup.target

It worked fine with plymouth by adding this line to initrd-plymouth.service file! Thank you!

[Andrei-Pozolotin]

@lachesis @peter-held @shelaf @Anty0
please confirm if v35 works

• ok, another attempt:
  https://www.youtube.com/watch?v=19XbKvfCNrQ
• mkinitcpio-systemd-tool 35-1
  https://www.archlinux.org/packages/community/any/mkinitcpio-systemd-tool/
• please confirm if v35 works for you in general and without sd-encrypt

[lachesis]

@Anty0 @Andrei-Pozolotin

thank you! it is now working for me without the sd-encrypt hook. My actual hooks:
HOOKS="base systemd autodetect modconf block filesystems keyboard fsck systemd-tool"
I hope it is okay to put systemd earlier in the process than suggested in your docs. It was necessary in order for my keyboard to become ready by the time the prompt appears.

[lachesis]

Also, perhaps related. I hand-edited my grub.cfg file to remove the root=UUID=xyz rw component of the cmdline and I no longer see the fstab error that I received earlier. Sadly this is not something that I can make grub-mkconfig do for me (as far as I can tell). I'll have to add some kind of post-upgrade hook using sed to remove that component from the cmdline, or get a patch submitted to grub. (unlikely imo)

Here is my actual cmdline for this boot:

BOOT_IMAGE=/vmlinuz-linux intel_iommu=on iommu=pt resume=UUID=c58bcea8-0338-41d6-b10b-cd186747b07d resume_offset=69399059

[Anty0]

@Andrei-Pozolotin

• we are still waiting for you to tell your story

I'm sorry. I'm really looking forward to write it, but I didn't have time to do so yet. 🙁
I hope there might be some time at the beginning of the next month, once I finish most of the school projects.

@lachesis

I hand-edited my grub.cfg file to remove the root=UUID=xyz rw component of the cmdline

Same here.
My solution to keep this change in place is to modify /etc/grub.d/* files, so the generated config does not contain root kernel argument at all.
I agree it might be possible to create pacman hook which would patch these files after grub update (since pacman update would override them). (I take advantage of my own script for system configuration synchronization to keep them modified, instead.)

[shelaf]

I also worked fine v35 with/without plymouth.

@Anty0 @lachesis
Grub automatically creates the root parameter, so I think it's a good idea to empty /etc/mkinitcpio-systemd-tool/config/fstab .

[peter-held]

Thanks, now it works.

My hooks are:
HOOKS=(base keyboard modconf block filesystems fsck systemd sd-vconsole sd-zfs systemd-tool)

Even if systemd is not at the beginning, the keyboard works.

[Anty0]

@shelaf At the time when I was creating my system there was an issue. You had to input your password and unlock the root partition withing short time frame, otherwise the boot would fail and fall back into emergency shell. I don't know if the issue is still here, but to fix it I have added an option x-systemd.device-timeout=9999h to my root mount in initcpio fstab. I don't think it is possible to do so in kernel arguments.

[Anty0]

• please confirm if v35 works for you in general and without sd-encrypt

Yep, it's working like a charm. No workarounds needed without sd-encrypt anymore. 🙂

[Andrei-Pozolotin]

https://github.com/random-archer/mkinitcpio-systemd-tool/wiki/Root-vs-Fstab

To All: to clarify the "root= vs fstab" issue:

1. systemd bootup sequence requires that sysroot.mount
   mount unit is defined by someone, somewhere

2. there are 3 ways to define sysroot.mount:

A. auto-magically, with root= + fstab-generator

kernel-cmdline: root=... ---> fstab-gen ---> /run/systemd/generator/sysroot.mount

B. auto-magically, with /etc/fstab + fstab-generator

[initramfs]/etc/fstab ---> fstab-gen ---> /run/systemd/generator/sysroot.mount

C. manually, with user-provided mount unit file with a name sysroot.mount

[initramfs]/etc/systemd/system/sysroot.mount

3. A-vs-B-vs-C have different set of available features, (which also keeps changing over time);
   A is more limited, B is more complete, and only C is the "real form",
   which allows complete control over mount unit file

4. in order to understand "how much magic" is done by fstab-generator,
   you have to study fstab-generator.c

5. usage examples:

A. that is what yourselves describe above about your various setups

B. that is what this project recommends in src/fstab

C. that is what is used by Case: Sysroot on Btrfs

[Andrei-Pozolotin]

@lachesis @peter-held @shelaf @Anty0

1. thank you guys, we are now complete

2. please drop a note here when your user-case wiki page is ready for review