You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
cryptsetup generator emits RequiresMountsFor for crypto keyfile. Therefore, when filesystem that holds this file is unmounted, it also stops cryptsetup service.
This behavior is incorrect because the filesystem and cryptokey is required only once, when the crypto container is initially setup.
Submission type
[X ] Bug report
Request for enhancement (RFE)
systemd version the issue has been seen with
systemd 230
Used distribution
Linux version 4.6.4-1-ARCH (builduser@tobias) (gcc version 6.1.1 20160707 (GCC) ) #1 SMP PREEMPT Mon Jul 11 19:12:32 CEST 2016
In case of bug report: Expected behaviour you didn't see
Expect to store keyfiles required by "cryptsetup open" on removable storage and to be able to remove that storage after the system boots up and the encrypted devices are decrypted / opened.
In case of bug report: Unexpected behaviour you saw
When I umount and then remove the USB disk, I see the following line in > journalctl:
A workaround is to leave the cryptokeys on the system, which is undesirable for security.
In case of bug report: Steps to reproduce the problem
add (non-root) btrfs dm-crypt storage to a system. Set up /etc/crypttab with a cryptokey stored on a removable storage device (e.g., a ESP). Boot the system and allow the encrypted storage to be opened and mounted using the keyfiles from /etc/crypttab (which are stored on the removable storage. Then umount and physically remove that removable storage. Check journalctl and note the unexpected stopping of cryptsetup service (and attempted unmounting of the storage).
The text was updated successfully, but these errors were encountered:
I cannot reproduce it with systemd 232 (test version for openSUSE TW). Assuming I have key in /key filesystem, after umount /key LUKS device remains (and corresponding unit remains active).
I suppose, umount /key falls under "surprise removal" that is handled by BindsTo=, not Requires=, because after systemctl stop key.mount LUKS device is gone indeed. What a mess :( ...
xolox
added a commit
to xolox/python-crypto-drive-manager
that referenced
this issue
Jan 17, 2018
cryptsetup generator emits RequiresMountsFor for crypto keyfile. Therefore, when filesystem that holds this file is unmounted, it also stops cryptsetup service.
This behavior is incorrect because the filesystem and cryptokey is required only once, when the crypto container is initially setup.
Submission type
systemd version the issue has been seen with
Used distribution
In case of bug report: Expected behaviour you didn't see
In case of bug report: Unexpected behaviour you saw
A workaround is to leave the cryptokeys on the system, which is undesirable for security.
In case of bug report: Steps to reproduce the problem
The text was updated successfully, but these errors were encountered: