search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.01k stars 13.36k forks source link

Boot hangs with encrypted home and plasma #47577

Closed peterhoeg closed 5 years ago

peterhoeg commented 5 years ago

Issue description

Regression introduced by #42910.

If plasma is in use and the user's home directory is on an encrypted LV, the activation script will try to access /home/$USER which is not available and will hang waiting for the user to hit esc:

Sep 28 15:31:26 mildred stage-2-init: running activation script...
Sep 28 15:31:26 mildred stage-2-init: setting up /etc...
Sep 28 15:31:26 mildred stage-2-init: reenter password for pam_mount:
Sep 28 15:31:26 mildred stage-2-init: (mount.c:68): Messages from underlying mount program:
Sep 28 15:31:26 mildred stage-2-init: (mount.c:72): mount: /home/peter: unknown filesystem type 'crypto_LUKS'.
Sep 28 15:31:26 mildred stage-2-init: (pam_mount.c:522): mount of /dev/mapper/vg0-lv_home_peter failed
Sep 28 15:31:26 mildred stage-2-init: Cannot execute /run/current-system/sw/bin/zsh
Sep 28 15:31:26 mildred stage-2-init: (mount.c:68): umount messages:
Sep 28 15:31:26 mildred stage-2-init: (mount.c:72): umount: /home/peter: not mounted.
Sep 28 15:31:26 mildred stage-2-init: (mount.c:888): unmount of /dev/mapper/vg0-lv_home_peter failed
Sep 28 15:31:26 mildred stage-2-init: Cannot execute /run/current-system/sw/bin/zsh
Sep 28 15:31:26 mildred stage-2-init: Activation script snippet 'plasmaSetup' failed (127)

Cc: @bkchr

I consider this a blocker for 18.09 as with plymouth enabled, there is no indication that the boot isn't progressing.

Steps to reproduce

  1. Configure LUKS for user: users.users.peter.cryptHomeLuks = "/dev/mapper/vg0-lv_home_peter";
  2. Use plasma: xserver.desktopManager.plasma5.enable = true;
  3. Reboot

Technical details

peterhoeg commented 5 years ago

A side-effect of this is that nixos-rebuild test|switch will also prompt for the password to unlock the volume which is admittedly not critical - just annoying.

vcunat commented 5 years ago

Have you tried https://github.com/NixOS/nixpkgs/pull/45290 ? It's even more hacky IMO, but if there's no better idea that works...

peterhoeg commented 5 years ago

Wasn't aware of that - I'll be dropping some comments over there.

samueldr commented 5 years ago

@peterhoeg what's the status of this? I think this is the only issue holding up calling the release. I see your comments on #45290, but don't really know if it's progress or not.

This is only an issue only if the user's home directory is encrypted in a way where it's not being unlocked in early boot, right? (I don't know your setup, I'm assuming some kind of unlock-with-PAM thing, right?)

peterhoeg commented 5 years ago

This is only an issue only if the user's home directory is encrypted in a way where it's not being unlocked in early boot, right? (I don't know your setup, I'm assuming some kind of unlock-with-PAM thing, right?)

Correct, basically a dm-crypt volume per user mounted on /home/$USER during login by users.users.USER.cryptHomeLuks = true; and pam.mount.enable = true;. It's a fairly standard setup for laptops.

But in any case, it should be OK now with the PR above.