eworm-de / mkinitcpio-ykfde

Full disk encryption with Yubikey (Yubico key)
GNU General Public License v3.0
109 stars 26 forks source link

ykfde-worker failed to start #31

Closed guidugli closed 3 years ago

guidugli commented 3 years ago

Hi,

Running fedora 33 with latest patches: Linux hostname 5.10.17-200.fc33.x86_64 #1 SMP Wed Feb 17 21:21:20 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Followed the guide, but when I reboot the machine, I enter the 2nd factor then an error message appears saying that ykfde-worker failed to start.

Looking at the service status, I get: worker[564]: /usr/lib/ykfde/worker: error while loading shared libraries: libiniparser.so.1: cannot open shared object file: No such file or directory

If I try to start it manually, the error changes to: worker[6599]: yk_open_first_key() failed: Permission denied

Tried to add the following line on the service section of the service definition: Environment="LD_LIBRARY_PATH=/usr/lib64"

But it still do not work.

[root@matrix ~]# ldconfig -v | grep libiniparser libiniparser.so.1 -> libiniparser.so.1

find /usr/ -name libiniparser.so.1

/usr/lib64/libiniparser.so.1

Tested the second factor key by issuing ykfde -s <2f> and it worked fine.

Any ideas?

eworm-de commented 3 years ago

Looks like for any reason the library is not added to the initramfs... I do not use dracut, so I can not tell what's wrong. @bpereto?

guidugli commented 3 years ago

Hi,

was able to fix the problem by adding these 3 lines into module-setup.sh

    inst_libdir_file libiniparser.so.1
    inst_libdir_file libykpers-1.so.1
    inst_libdir_file libyubikey.so.0

After adding these lines and running dracut -f again, I worked fine. Never played with dracut, but the other libraries where already there. I could not find why libkeyutils.so.1 was loaded but these other 3 were not. If want to be explicit I believe you could also add this one so you do not rely on other package loading it for you.

guidugli commented 3 years ago

BTW, did a simple solution to create RPM file for this project. It uses containers so it can be executed on any linux running podman or docker. Did for my own use (to avoid adding lots of build dependencies on my host system) but anyone interested can use it, or you can add the files here, for other people interested. https://github.com/guidugli/ykfde-rpmbuild

bpereto commented 3 years ago

Looks like for any reason the library is not added to the initramfs... I do not use dracut, so I can not tell what's wrong. @bpereto?

i don't use fedora anymore, but I can imagine, the dracut initramfs process has changed. pull request https://github.com/eworm-de/mkinitcpio-ykfde/pull/32 seems legit. problem there can be changing library versions, which need to be in sync with the fedora release...

eworm-de commented 3 years ago

Should be fixed with 9d6d51c507802d388beaa7b7082b8f3671ad58b2.