Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] Can't use PARTUUID in initramfs init
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
etnull
Tux's lil' helper
Tux's lil' helper


Joined: 26 Mar 2019
Posts: 146

PostPosted: Fri Apr 26, 2019 12:20 am    Post subject: [SOLVED] Can't use PARTUUID in initramfs init Reply with quote

I'm creating initramfs manually with custom init script. I'm using an encrypted drives without the LUKS headers on them, which means I can't use UUID in initramfs to boot. I can use a regular naming and it works, but I would prefer something more robust, something like PARTUUID maybe? Here you can see sdc1 and sdd1 don't have UUIDs, sde2 (boot) has LUKS header on it and its UUID is showing.
Code:
sdc
└─sdc1
  └─crypthome 99770651-4acc-4951-a17f-a0863d1a152f
sdd
└─sdd1
  └─cryptroot d83ca9a2-fbd8-4a06-95c5-75f20b53d973
sde
├─sde1
└─sde2        786e613d-e134-4190-bd3e-0218b43fe747
  └─cryptboot 48932633-0332-4e66-b970-37d0ca932097

I saw here https://wiki.gentoo.org/wiki/Custom_Initramfs/Examples some one using findfs UUID= in their init script, but simply replacing UUID with PARTUUID didn't work for me. I think both kernel and grub should support partuuid, but maybe my initramfs doesn't have something for it to work? I only have busybox, cryptsetup (both static) and things like null,console,tty,random,urandom. I don't have mount or findfs in my initramfs because I couldn't compile them statically.
Here is my grub.cfg which works if I use regular naming in init script:
Code:
GRUB_ENABLE_CRYPTODISK=y
GRUB_PRELOAD_MODULES="luks cryptodisk"
GRUB_DEVICE=/dev/ram0
GRUB_CMDLINE_LINUX="crypt_root=PARTUUID=12492d2a-f189-4fbf-a72f-d34ae256bac8 rootfstype=ext4 real_root=UUID=d83ca9a2-fbd8-4a06-95c5-75f20b53d973"

Here is my current init script which doesn't work:
Code:
#!/bin/busybox sh
rescue_shell() {
    echo "Something went wrong. Dropping you to a shell."
    busybox --install -s
    exec /bin/sh
}
ENC_ROOT=$(findfs PARTUUID="12492d2a-f189-4fbf-a72f-d34ae256dbc8")
ENC_HOME=$(findfs PARTUUID="2c66334e-5228-41e0-b887-22bd246e47d8")
mount -t devtmpfs none /dev
mount -t proc none /proc
mount -t sysfs none /sys
echo 0 > /proc/sys/kernel/printk
clear
echo "Opening the keyfile"
cryptsetup --tries 3 luksOpen keyfile cryptkey
echo "Opening the root crypt volume"
cryptsetup --tries 3 --header header --key-file=/dev/mapper/cryptkey --keyfile-offset=2222 --keyfile-size=8192 luksOpen $ENC_ROOT cryptroot
echo "Opening the home crypt volume"
cryptsetup --tries 3 --header header --key-file=/dev/mapper/cryptkey --keyfile-offset=2222 --keyfile-size=8192 luksOpen $ENC_BOOT crypthome
echo "Mounting opened crypt volumes"
mount /dev/mapper/cryptroot /mnt/root
mount /dev/mapper/crypthome /mnt/root/home
echo "Closing the keyfile"
cryptsetup luksClose /dev/mapper/cryptkey &&
echo "Cleaning up"
echo 1 > /proc/sys/kernel/printk
umount /dev /proc /sys
# Booting the real thing
exec switch_root /mnt/root /sbin/init


Last edited by etnull on Sat Apr 27, 2019 9:16 pm; edited 2 times in total
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13867

PostPosted: Fri Apr 26, 2019 1:17 am    Post subject: Re: Can't use PARTUUID in initramfs init Reply with quote

etnull wrote:
I'm using an encrypted drives without the LUKS headers on them
Why are the headers missing?
etnull wrote:
I only have busybox, cryptsetup (both static) and things like null,console,tty,random,urandom. I don't have mount or findfs in my initramfs because I couldn't compile them statically.
Why are you compiling any of them statically? They work fine with dynamic linking, if you include in the initramfs the required shared libraries. Dynamic linking is generally a better supported path.
etnull wrote:
Here is my current init script which doesn't work:
When you use PARTUUID based naming, how does it fail?
etnull wrote:
Code:
echo 0 > /proc/sys/kernel/printk
clear
Why are you hiding output when you know the script does not yet work? Some of that output might be useful.
etnull wrote:
Code:
ENC_ROOT=$(findfs PARTUUID="12492d2a-f189-4fbf-a72f-d34ae256dbc8")
ENC_HOME=$(findfs PARTUUID="2c66334e-5228-41e0-b887-22bd246e47d8")
Are you sure these commands succeed? You don't check for whether they were successful or produced output.
etnull wrote:
Code:

cryptsetup --tries 3 luksOpen keyfile cryptkey
Why not store the header encrypted too?
etnull wrote:
Code:

cryptsetup --tries 3 --header header --key-file=/dev/mapper/cryptkey --keyfile-offset=2222 --keyfile-size=8192 luksOpen $ENC_ROOT cryptroot
cryptsetup --tries 3 --header header --key-file=/dev/mapper/cryptkey --keyfile-offset=2222 --keyfile-size=8192 luksOpen $ENC_BOOT crypthome
$ENC_BOOT is undefined, and $ENC_HOME is never used. These were probably meant to be the same variable. set -u would have caught this for you. Also, you should quote the expansions of the variables. It will produce a (probably) less confusing output if the variable is ever blank.

Why use --tries 3 here? Will the key file sometimes become ready late, such that retrying it helps?
etnull wrote:
Code:
cryptsetup luksClose /dev/mapper/cryptkey &&
echo "Cleaning up"
Why use && only here?
Back to top
View user's profile Send private message
etnull
Tux's lil' helper
Tux's lil' helper


Joined: 26 Mar 2019
Posts: 146

PostPosted: Fri Apr 26, 2019 11:06 am    Post subject: Reply with quote

Quote:
Why are the headers missing?

I'm using a detached headers on an external flash drive (which is also a boot drive)
Quote:
Why are you compiling any of them statically? They work fine with dynamic linking, if you include in the initramfs the required shared libraries. Dynamic linking is generally a better supported path.

That's how they recommend it here https://wiki.gentoo.org/wiki/Custom_Initramfs#Busybox
Quote:
When you use PARTUUID based naming, how does it fail?

Everything goes OK up until these two drives mounting, keyfile mounts properly, but then it shows:
Code:
Command requires device and mapped name as arguments.
And mounting fails because crypt volumes are not opened.
Quote:
$ENC_BOOT is undefined, and $ENC_HOME is never used. These were probably meant to be the same variable. set -u would have caught this for you. Also, you should quote the expansions of the variables. It will produce a (probably) less confusing output if the variable is ever blank.

Sorry my bad, I don't have $ENC_BOOT in there, it suppose to be $ENC_ROOT, I did this mistake when copying text from my older file.
Quote:
Why are you hiding output when you know the script does not yet work? Some of that output might be useful.

I commented out these lines and tested again with slight modifications to my script
ENC_ROOT and ENC_HOME transfered below mount /dev /proc /sys
Quote:
Are you sure these commands succeed? You don't check for whether they were successful or produced output.

I did echo $ENC_ROOT and echo $ENC_HOME to see what these variables contain, they don't return any output.
Quote:
Why not store the header encrypted too?

It is encrypted on a boot flash drive
Quote:
Why use --tries 3 here? Will the key file sometimes become ready late, such that retrying it helps?

The password is long sometimes I can make a mistake, well I guess it is only usefull for the keyfile inself, I can remove it for these two lines.
Quote:
Why use && only here?

To make sure that key is unmounted before proceeding to everything else. The next echo will be executed only after key is unmounted.

Busybox shows me this information during boot:
---
BusyBox v1.29.3 .....
Usage: findfs LABEL=label or UUID=uuid
Find a filesystem device based on a label or
---
Maybe it doesn't support PARTUUID?
Back to top
View user's profile Send private message
etnull
Tux's lil' helper
Tux's lil' helper


Joined: 26 Mar 2019
Posts: 146

PostPosted: Fri Apr 26, 2019 12:55 pm    Post subject: Reply with quote

I tried to boot with regular names like /dev/sda1, just to be sure that it's working, and it failed...
the encrypted root and home volumes did open, but on the mount stage it gives me
Code:
mount: mounting /dev/mapper/cryptroot on /mnt/root failed: Invalid argument
mount: mounting /dev/mapper/crypthome on /mnt/root/home failed: No such file or directory

I don't know whats keep failing, maybe header itself.. I use one header for both drives.
my current init
Code:
#!/bin/busybox sh
rescue_shell() {
    echo "Something went wrong. Dropping you to a shell."
    busybox --install -s
    exec /bin/sh
}
mount -t devtmpfs none /dev
mount -t proc none /proc
mount -t sysfs none /sys
clear
echo "Opening the keyfile"
cryptsetup luksOpen keyfile cryptkey
echo "Opening the root crypt volume"
cryptsetup --header header --key-file=/dev/mapper/cryptkey --keyfile-offset=376832 --keyfile-size=8192 luksOpen /dev/sdd1 cryptroot
echo "Opening the home crypt volume"
cryptsetup --header header --key-file=/dev/mapper/cryptkey --keyfile-offset=376832 --keyfile-size=8192 luksOpen /dev/sdc1 crypthome
echo "Mounting opened crypt volumes"
mount /dev/mapper/cryptroot /mnt/root
mount /dev/mapper/crypthome /mnt/root/home
echo "Closing the keyfile"
cryptsetup luksClose /dev/mapper/cryptkey &&
echo "Cleaning up"
umount /dev /proc /sys
# Booting the real thing
exec switch_root /mnt/root /sbin/init
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 43221
Location: 56N 3W

PostPosted: Fri Apr 26, 2019 6:08 pm    Post subject: Reply with quote

etnull,

Change your rescue_shell() function to

Code:
rescue_shell() {
    echo "$@"
    echo "Something went wrong. Dropping you to a shell."
# have time to read the message
    /bin/sleep 20
    /bin/busybox --install -s
    exec /bin/sh
}
Now you can pass in a message.

Change the steps to something like
Code:
cryptsetup luksOpen keyfile cryptkey  || rescue_shell "luksOpen failed"

If the command fails, rescue_shell is called with the message luksOpen failed.
The idea is to get into the rescue shell as soon as it breaks, so you can look round.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
etnull
Tux's lil' helper
Tux's lil' helper


Joined: 26 Mar 2019
Posts: 146

PostPosted: Fri Apr 26, 2019 6:09 pm    Post subject: Reply with quote

I can mount a LUKS volume chrooted from Arch with:
Code:
cryptsetup --header header --key-file=/dev/mapper/cryptkey --keyfile-offset=2222 --keyfile-size=8192 luksOpen /dev/disk/by-partuuid/12492d2a-f189-4fbf-a72f-d34ae256bac8 cryptroot

But when I boot it complains:
Code:
Device /dev/disk/by-partuuid/12492d2a-f189-4fbf-a72f-d34ae256bac8 doesn't exist or access denied.

My permissions, rwx------ for /boot -r------- for keyfile and header, it still works from within another system. I will try latest cryptsetup tomorrow.

What initializes /dev/disk/by-partuuid/*, is it available in initramfs?


Last edited by etnull on Fri Apr 26, 2019 6:15 pm; edited 1 time in total
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 43221
Location: 56N 3W

PostPosted: Fri Apr 26, 2019 6:14 pm    Post subject: Reply with quote

etnull,

Don't use /dev/disk/by*
That's a set of symlinks created by udev. Unless you have udev in your initrd and started and settled, those symlinks won't be there.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
etnull
Tux's lil' helper
Tux's lil' helper


Joined: 26 Mar 2019
Posts: 146

PostPosted: Sat Apr 27, 2019 5:41 pm    Post subject: Reply with quote

I did the suggested, my current init:
Code:
#!/bin/busybox sh
rescue_shell() {
    echo "$@"
    echo "Something went wrong. Dropping you to a shell."
# have time to read the message
    /bin/sleep 20
    /bin/busybox --install -s
    exec /bin/sh
}
mount -t devtmpfs none /dev
mount -t proc none /proc
mount -t sysfs none /sys
cryptsetup --tries 3 luksOpen keyfile cryptkey || rescue_shell "luksOpen failed"
cryptsetup --tries 3 --header header --key-file=/dev/mapper/cryptkey --keyfile-offset=2222 --keyfile-size=8192 luksOpen $(findfs PARTUUID="12492d2a-f189-4fbf-a72f-d34ae256dbc8") cryptroot || rescue_shell "luksOpen failed"
cryptsetup --tries 3 --header header --key-file=/dev/mapper/cryptkey --keyfile-offset=2222 --keyfile-size=8192 luksOpen $(findfs PARTUUID="2c66334e-5228-41e0-b887-22bd246e47d8") crypthome || rescue_shell "luksOpen failed"
mount /dev/mapper/cryptroot /mnt/root
mount /dev/mapper/crypthome /mnt/root/home
cryptsetup luksClose /dev/mapper/cryptkey &&
umount /dev /proc /sys
exec switch_root /mnt/root /sbin/init

It drops me to a shell, with the information message about how to use findfs:
Code:
Usage: findfs LABEL=label or UUID=uuid

Find a filesystem device based on a label or UUID

I tried different commands with PARTUUID or UUID but it either showed me same message, or didn't output anything.
Does it even support PARTUUID? I would prefer not to use label, because I can have two 'root' labels, and it's even less robust that partuuid or blkid.
--
blkid inside a rescue shell (I didn't include the whole line to not type it from the photo):
Code:
/dev/sdd2: UUID="....fe747" TYPE="crypto_LUKS"   ## mounted /boot
/dev/sdb1: UUID="....d457b" TYPE="ext4"          ## another drive which has nothing to do with the installation
/dev/sda1: UUID="....fba3d" TYPE="ext4"          ## another drive which has nothing to do with the installation
/dev/loop0: UUID="....ddf4b" TYPE="crypto_LUKS"  ## mounted key
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 43221
Location: 56N 3W

PostPosted: Sat Apr 27, 2019 6:10 pm    Post subject: Reply with quote

etnull,

The
Code:
man findfs
says
Code:
       PARTUUID=<uuid>
              Specifies partition UUID. This partition identifier is supported
              for example for GUID  Partition  Table (GPT) partition tables.
and here,
Code:
$ findfs PARTUUID="150e6ef1-7ba8-409c-9c3f-dbdecdc9f18b"
/dev/sde1


Do you have findfs in your initrd? Its at /sbin/findfs.
I don't see you setting PATH in the initrd, so you way need to use full path names for commands e.g. /sbin/findfs.
Once you are in the shell, run the command that failed by hand.
It should provide a more useful error message.

If the command runs when you do it by hand, or you can change the command to wake it work from the shell, you can fix the script later but its possible to execute the commands by hand in the shell to bring the system up.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
etnull
Tux's lil' helper
Tux's lil' helper


Joined: 26 Mar 2019
Posts: 146

PostPosted: Sat Apr 27, 2019 6:42 pm    Post subject: Reply with quote

NeddySeagoon
There are two different findfs it seems, one is in the system as part of the util-linux and another is in the busybox, I can use findfs in the working system and it recognizes the PARTUUID, but in the shell (busybox) It doesn't work, only accepts UUID, and no mention of PARTUUID anywhere.
Quote:
Do you have findfs in your initrd? Its at /sbin/findfs.

No, I only have it as part of the busybox. I thought about compiling it and integrate separately but I don't know how to do that, it's part of the util-linux, I can't copy it to initramfs because it's not compiled statically.
Code:
ldd /sbin/findfs
   linux-vdso.so.1 (0x00007ffd6eee7000)
   libblkid.so.1 => /lib64/libblkid.so.1 (0x00007f3bf2539000)
   libc.so.6 => /lib64/libc.so.6 (0x00007f3bf236a000)
   libuuid.so.1 => /lib64/libuuid.so.1 (0x00007f3bf2361000)
   /lib64/ld-linux-x86-64.so.2 (0x00007f3bf259e000)

Quote:
I don't see you setting PATH in the initrd, so you way need to use full path names for commands e.g. /sbin/findfs.

that's not going to work because I don't have it there, only as part of busybox, my initramfs /sbin only has cryptsetup.

Another guy who had similar problem with findfs
https://forums.gentoo.org/viewtopic-p-7949440.html#7949440
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 43221
Location: 56N 3W

PostPosted: Sat Apr 27, 2019 6:51 pm    Post subject: Reply with quote

etnull,

There are two ways forward.
Don't use busybox findfs or don't use PARTUUID

If you put all the bits of findfs into the initrd, that works. Buildng statically is not required.
Code:
$ lddtree /sbin/findfs
/sbin/findfs (interpreter => /lib64/ld-linux-x86-64.so.2)
    libblkid.so.1 => /lib64/libblkid.so.1
        libuuid.so.1 => /lib64/libuuid.so.1
    libc.so.6 => /lib64/libc.so.6

_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
etnull
Tux's lil' helper
Tux's lil' helper


Joined: 26 Mar 2019
Posts: 146

PostPosted: Sat Apr 27, 2019 8:00 pm    Post subject: Reply with quote

I copied it like this
Code:
cd /lib64
cp -a libblkid.so.1 libuuid.so.1 ld-linux-x86-64.so.2 libc.so.6 /usr/src/initramfs/lib64/
cp -a /sbin/findfs /usr/src/initramfs/sbin/

made new initramfs
Code:
find . -print0 | cpio --null --create --verbose --format=newc | gzip --best > /boot/custom-initramfs.cpio.gz

I didn't delete the busybox because I need other tools from there.
Now I invoke it directly like /sbin/findfs but it shows
Code:
/bin/sh: /sbin/findfs: not found

I also tried to navigate to /sbin and run it with ./findfs same not found error
I do see it in the /sbin of initramfs. It is also green color, like cryptsetup, other tools in this directory are blue.

---
Also when I was in the /usr/src/initramfs/ prior of making new cpio archive, I checked it with ls, and I think it was just links to other libs or other versions of the same libs, I may just copied the links instead of libs themselves?
Code:
desktop /usr/src/initramfs/lib64 # ls -al
total 8
drwxr-xr-x  2 root root 4096 Apr 27 22:31 .
drwxr-xr-x 12 root root 4096 Apr 26 15:37 ..
lrwxrwxrwx  1 root root   10 Apr 25 03:52 ld-linux-x86-64.so.2 -> ld-2.28.so
lrwxrwxrwx  1 root root   17 Apr 25 20:31 libblkid.so.1 -> libblkid.so.1.1.0
lrwxrwxrwx  1 root root   12 Apr 25 03:52 libc.so.6 -> libc-2.28.so
lrwxrwxrwx  1 root root   16 Apr 25 20:31 libuuid.so.1 -> libuuid.so.1.3.0

---
Copied other libs, and findfs finally worked, it mounted root, but then dropped me to a shell because it has no /sbin/sleep, which I added to init, I will edit it and try again now.
---
Finally, everything worked mounted and running. Took me like 2 week just for encrypted base install, my 'how to' text guide is 485 lines already..
Coming up next.. X, alsa, wm, theming, fonts, kb-layout, vpn, ssh, cron, vim ide etc..
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum