Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED]Mapping home partition before mounting while booting
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
noqrax
n00b
n00b


Joined: 04 Oct 2016
Posts: 51

PostPosted: Sat Aug 05, 2017 4:33 pm    Post subject: [SOLVED]Mapping home partition before mounting while booting Reply with quote

I have two encrypted disks, one for system and one for home. I usually write two passwords during loading which is just fine. But right after mounting system partition (I bet it is done by grub and initramfs), it tries to mount not yet mapped home partition, after an error occurs, system asks me to write home partition password, and after that it shows common login screen.

It is not big problem but it leads that I can't just log into my user without a mounting home partition first (to simply load user settings):
Code:
# mount dev/mapper/home home //usually I write it before log into my common user;


Another problem is that I did installation 2 years ago, and actually it is my first Gentoo installation, and I forget everything about my system. I bet this can be solved by openrc or maybe grub configuration edit or initramfs.

Feel free to ask me any config outputs and logs. :D


Last edited by noqrax on Sat Aug 12, 2017 10:18 pm; edited 1 time in total
Back to top
View user's profile Send private message
LIsLinuxIsSogood
Veteran
Veteran


Joined: 13 Feb 2016
Posts: 1079

PostPosted: Mon Aug 07, 2017 7:14 am    Post subject: Reply with quote

This is by no means to be criticizing but what is the purpose of encrypting the two disks, since it seems like at most 1 of those should be enough in theory if it could provide adequate space for certain content (docs, emails, etc.)?

Also just to be clear, please some basic facts about your system like:

1. Do you use dbus? What version?
2. OpenRC or systemd?? Also which architecture, for the cpu?
3. Could we get a look at lsblk, and the contents to fstab (/etc/fstab). For lsblk, if possible to add some detail like the full output available, i forget the option but it exists for purpose of helping to figure something like this out with the problem being encountered by yourself.
4. And if possible which login is it (console or) graphical login (and if so which one?) Otherwise we could be diagnosing the wrong problem only to find out later it was a limitation of poorly designed login manager of some kind.

Ok, thanks. Hope this brings good ideas your way:

Here's one for thought, now, with polkit creating a rule that will allow the login script (ususlly bashrc or xinitrc) to run the rule authenticating then mounting the partition. Not sure how that effects the rest of your user files that are thise user settings mentioned, though. In principle this may allow you to wait until going to login as the user to "at the same time" unlock and mount the /home fs blk.
Back to top
View user's profile Send private message
noqrax
n00b
n00b


Joined: 04 Oct 2016
Posts: 51

PostPosted: Mon Aug 07, 2017 9:02 pm    Post subject: Reply with quote

1) I use xfce4, so I use dbus:
Code:
equery list sys-apps/dbus
 * Searching for dbus in sys-apps ...
[I--] [??] sys-apps/dbus-1.10.12:0


2) I use OpenRC:
Code:
eselect profile list
Available profile symlink targets:
  [1]   default/linux/amd64/13.0
  [2]   default/linux/amd64/13.0/selinux
  [3]   default/linux/amd64/13.0/desktop *
  [4]   default/linux/amd64/13.0/desktop/gnome
  [5]   default/linux/amd64/13.0/desktop/gnome/systemd
  [6]   default/linux/amd64/13.0/desktop/plasma
  [7]   default/linux/amd64/13.0/desktop/plasma/systemd
  [8]   default/linux/amd64/13.0/developer
  [9]   default/linux/amd64/13.0/no-multilib
  [10]  default/linux/amd64/13.0/systemd
  [11]  default/linux/amd64/13.0/x32
  [12]  hardened/linux/amd64
  [13]  hardened/linux/amd64/selinux
  [14]  hardened/linux/amd64/no-multilib
  [15]  hardened/linux/amd64/no-multilib/selinux
  [16]  hardened/linux/amd64/x32
  [17]  hardened/linux/musl/amd64
  [18]  hardened/linux/musl/amd64/x32
  [19]  default/linux/uclibc/amd64
  [20]  hardened/linux/uclibc/amd64


3) As you asked:
Code:
cat /etc/fstab
# <fs>                  <mountpoint>   <type>      <opts>         <dump/pass>
UUID=c7a9c819-aef9-4cb1-bf17-d31939103b29   /boot      ext4      noatime         1 2
/dev/mapper/swap            none      swap      defaults      0 0
/dev/mapper/home            /home      ext4      rw,suid,exec,auto,nouser,async0 2   
shm                  /dev/shm   tmpfs      nodev,nosuid,noexec   0 0

I dont think it's a good idea to post here
Code:
lsblk -aO

Because of its formatting. But if you insist...
Code:
lsblk
NAME     MAJ:MIN RM   SIZE RO TYPE  MOUNTPOINT
sda        8:0    0 232.9G  0 disk 
├─sda1     8:1    0   143M  0 part  /boot
├─sda2     8:2    0     8G  0 part 
│ └─swap 253:1    0     8G  0 crypt
└─sda3     8:3    0 224.8G  0 part 
  └─root 253:0    0 224.8G  0 crypt /
sdb        8:16   0 232.9G  0 disk 
├─sdb1     8:17   0   500M  0 part 
└─sdb2     8:18   0   146G  0 part 
sdc        8:32   0 298.1G  0 disk 
└─sdc1     8:33   0 298.1G  0 part 
  └─home 253:2    0 298.1G  0 crypt /home
sdd        8:48   1  14.9G  0 disk 

4) Console login screen. I run xfce by the command startx.

P.S.: Disks are encrypted by dm-crypt.
I encrypted two disks just because I wanted to encrypt the entire system and the home partition separately.
I bet my problem can be solved by editing OpenRC scripts in /etc/init.d. I think I need to set the right dependency to the right script.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14291

PostPosted: Tue Aug 08, 2017 2:35 am    Post subject: Reply with quote

You need to modify the section which decrypts the system partition to prompt and decrypt the user partition before it transfers control to the system partition. Otherwise, you get the situation you described, where the automatic mount from fstab runs before the volume is unlocked.
Back to top
View user's profile Send private message
noqrax
n00b
n00b


Joined: 04 Oct 2016
Posts: 51

PostPosted: Tue Aug 08, 2017 9:07 am    Post subject: Reply with quote

The pro is that I don't know which script do this.
Code:
$ rc-status
Runlevel: default
 dmcrypt                                                           [  started  ]
 localmount                                                        [  started  ]
 net.enp7s3                                                        [  started  ]
 cupsd                                                             [  started  ]
 local                                                             [  started  ]
Dynamic Runlevel: hotplugged
Dynamic Runlevel: needed/wanted
 dbus                                                              [  started  ]
 modules-load                                                      [  started  ]
Dynamic Runlevel: manual


EDIT: I wrote custom script, which is executed in the end. It just mounts home partition. But there still errors during booting, which are spoils my mood. So if you tell me which script I need to edit (and even better how), it will be great! Thank you for you help anyway.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14291

PostPosted: Wed Aug 09, 2017 2:24 am    Post subject: Reply with quote

If you unlock root using an initramfs, then that would be the best place to also unlock home. Otherwise, it's not clear to me from what you provided where your existing unlock is done.
Back to top
View user's profile Send private message
LIsLinuxIsSogood
Veteran
Veteran


Joined: 13 Feb 2016
Posts: 1079

PostPosted: Wed Aug 09, 2017 2:46 am    Post subject: Reply with quote

Some guides to encrypting show mandatory systemd in most instances

Could help to be turning it on and off or something, i dont know.

If you decide to change over to systemd for the ease of use of something like this feature, check it

http://www.hivestream.de/gentoo-installation-with-raid-lvm-luks-and-systemd.html

And if not and in case you hadnt looked on the forum here: https://forums.gentoo.org/viewtopic-t-1053544-view-previous.html?sid=a2fd06f857a1b99656a1884d1a3be76b.
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1770

PostPosted: Wed Aug 09, 2017 9:21 pm    Post subject: Reply with quote

How about going with home and root on lvm on crypt?
This way you only have to unlock one device, which is pretty common those days.

Running a custom initramfs is another option.
You could also insert another service before localmount and store the key on encrypted root. Security as good as option no. 1
Back to top
View user's profile Send private message
noqrax
n00b
n00b


Joined: 04 Oct 2016
Posts: 51

PostPosted: Wed Aug 09, 2017 10:09 pm    Post subject: Reply with quote

I finally remembered how I configured it. There is another configuration file /etc/conf.d/dmcript.
It is properly configured:
Code:
## swap
# Swap partitions. These should come first so that no keys make their
# way into unencrypted swap.
# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
# If no makefs is given then mkswap will be assumed
swap=swap
source='PARTUUID=638305fe-02'
options='-c aes-xts-plain64 -s 256 -h sha256 -d /dev/urandom'

## /home with passphrase
target=home
source='PARTUUID=bb36b2f2-01'

The only question is what script mounts system?
It looks strange to me, because /etc/init.d/localmount has:
Code:
depend()
{
   need fsck
   use lvm modules mtab
   after lvm modules dmcrypt
   keyword -docker -jail -lxc -prefix -systemd-nspawn -vserver
}

Dependencies of /etc/init.d/dmcrypt:
Code:
depend() {
   before checkfs fsck

   if grep -qs ^swap= "${conf_file}" ; then
      before swap
   fi
}

And even rc-status sorts scripts in right order:
Code:
rc-status
Runlevel: default
 dmcrypt                                                           [  started  ]
 localmount                                                        [  started  ]
 net.enp7s3                                                        [  started  ]
 cupsd                                                             [  started  ]
 local                                                             [  started  ]
Dynamic Runlevel: hotplugged
Dynamic Runlevel: needed/wanted
 dbus                                                              [  started  ]
 modules-load                                                      [  started  ]
Dynamic Runlevel: manual


So it looks like it should mount partitions according to fstab right after I unlock them. But it goes different. It just looks like localmount runs before dmcrypt, or something tries to mount it before dmcrypt, and then localmount do nothing.
Back to top
View user's profile Send private message
noqrax
n00b
n00b


Joined: 04 Oct 2016
Posts: 51

PostPosted: Wed Aug 09, 2017 10:57 pm    Post subject: Solved Reply with quote

Finally figured out what was wrong. Just added dmcrypt and localmount to the run level boot. Thank you all. :D
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum