sysroot on btrfs/zfs/lvm

[lachesis]

Does this package replace the sd-encrypt hook, or does it still need it?

The suggested hooks list on the Arch Wiki suggests it replaces it, but without it, I was just getting stuck at some error like: "Start Job running for /dev/disk/by-uuid/$ROOT_UUID" where the UUID given was the UUID of the decrypted root partition (/dev/mapper/root when the system is running).

[Andrei-Pozolotin]

should not be needed

1. `sd-encrypt` should not be needed 2. resources from `sd-encrypt` should be replaced by these entries * [initrd-cryptsetup.service#L47](https://github.com/random-archer/mkinitcpio-systemd-tool/blob/master/src/initrd-cryptsetup.service#L47) 3. please try to track down what is missing `initrd-cryptsetup.service` vs https://git.archlinux.org/svntogit/packages.git/tree/trunk/install-sd-encrypt?h=packages/cryptsetup

[peter-held]

Hi, same problem here (ZFS).

Looking at my initramfs it seems that two files are missing, compared to https://git.archlinux.org/svntogit/packages.git/tree/trunk/install-sd-encrypt?h=packages/cryptsetup: add_systemd_unit "systemd-ask-password-console.service" and add_binary "mkswap" My config hooks are: HOOKS=(base keyboard modconf block filesystems fsck systemd sd-vconsole sd-zfs systemd-tool) I'm not using fstab, only crypttab. Thanks.

[Andrei-Pozolotin]

please confirm if v33 resolves this

* https://github.com/random-archer/mkinitcpio-systemd-tool/releases/tag/v33 * https://www.archlinux.org/packages/community/any/mkinitcpio-systemd-tool/

[lachesis]

v33 does not resolve this for me: (BTRFS)

```$ md5sum /usr/lib/mkinitcpio-systemd-tool/initrd-build.sh 796a39672f2ad4a562f27023e9f65fef /usr/lib/mkinitcpio-systemd-tool/initrd-build.sh ``` ``` ● initrd-cryptsetup.path - Initrd Cryptsetup Path Loaded: loaded (/usr/lib/systemd/system/initrd-cryptsetup.path; enabled; vendor preset: disabled) ``` Same problem as before - see attached image. 

[Andrei-Pozolotin]

@lachesis

A. it seems you have some fstab config error:

B. meanwhile, more details please:

1. output of ``` systemctl list-unit-files --state=enabled | grep initrd ``` 2. actual content, via `lsinitcpio -x /boot/initramfs-linux.img` ``` [initramfs]/etc/crypttab [initramfs]/etc/fstab ``` 3. actual kernel command line ``` cat /proc/cmdline ``` 4. `initrd-shell` boot log ``` journalctl -b -t shell ``` 5. block device layout, via ``` lsblk ``` ``` blkid ```

[lachesis]

Here's my system (BTRFS)

Yeah I'm not sure what's up with (A). Here's my system fstab if it's relevant: ``` $ cat /etc/fstab # # /etc/fstab: static file system information # # tmpfs /tmp tmpfs nodev,nosuid 0 0 /dev/mapper/root / btrfs ssd,discard,noatime,user_xattr,defaults 0 1 UUID=ad54f0cd-de73-4a9b-915a-1241deb9d541 /boot ext4 discard,noatime,user_xattr,defaults 0 1 #/dev/mapper/backup /backup btrfs noatime,defaults,noauto,ro 0 1 LABEL=linslow /slow btrfs noatime,noauto,x-systemd.automount 0 1 UUID=F6D8-B4FB /boot/efi vfat defaults 0 1 LABEL=ssd2-lin /ssd2 ext4 noatime,noauto,x-systemd.automount 0 1 #LABEL=ssd3 /ssd3 ext4 noatime,noauto,x-systemd.automount 0 1 /swap none swap defaults 0 0 ``` ``` $ systemctl list-unit-files --state=enabled | grep initrd initrd-cryptsetup.path enabled disabled initrd-shell.service enabled disabled initrd-sysroot-mount.service enabled disabled initrd-tinysshd.service enabled disabled ``` ``` $ cat /proc/cmdline BOOT_IMAGE=/vmlinuz-linux root=UUID=c58bcea8-0338-41d6-b10b-cd186747b07d rw intel_iommu=on iommu=pt resume=UUID=c58bcea8-0338-41d6-b10b-cd186747b07d resume_offset=69399059 ``` ``` $ journalctl -b -t shell -- Logs begin at Sat 2020-04-18 23:38:08 PDT, end at Mon 2020-04-20 15:56:09 PDT. -- Apr 19 17:54:57 wintermute shell[372]: service/loc info : init Apr 19 17:54:57 wintermute shell[379]: service/loc info : cryptsetup service Apr 19 17:54:57 wintermute shell[384]: service/loc info : crypt jobs Apr 19 17:54:57 wintermute shell[387]: service/loc info : custom agent try #1 Apr 19 17:54:58 wintermute shell[401]: service/loc info : query start Apr 19 17:55:03 wintermute shell[417]: service/loc info : query finish Apr 19 17:55:03 wintermute shell[426]: service/loc info : request list size=1 Apr 19 17:55:03 wintermute shell[437]: service/loc info : reply pid=337 id=cryptsetup:/dev/disk/by-uuid/45330ed0-2ced-4c72-b192-5548b1344029 message=Please-enter-passphrase-for-disk-WDS100T3XHC-00SJG0--root--on-/sysroot: Apr 19 17:55:09 wintermute shell[846]: service/loc warn : invalid secret Apr 19 17:55:09 wintermute shell[848]: service/loc info : custom agent try #2 Apr 19 17:55:09 wintermute shell[857]: service/loc info : query start Apr 19 17:55:16 wintermute shell[862]: service/loc info : query finish Apr 19 17:55:16 wintermute shell[871]: service/loc info : request list size=1 Apr 19 17:55:16 wintermute shell[882]: service/loc info : reply pid=337 id=cryptsetup:/dev/disk/by-uuid/45330ed0-2ced-4c72-b192-5548b1344029 message=Please-enter-passphrase-for-disk-WDS100T3XHC-00SJG0--root--on-/sysroot: Apr 19 17:55:22 wintermute shell[1356]: service/loc info : program termination (TERM) Apr 19 17:55:22 wintermute shell[1358]: service/loc info : exit code=0 ``` (note: This is from a boot with the sd-encrypt hook present. I can't get my system to boot without it right now. I can maybe get the logs from the failure boot without sd-encrypt if I can get into the shell via tinyssh later tonight.) ``` $ cat etc/fstab # This file is part of https://github.com/random-archer/mkinitcpio-systemd-tool # fstab: mappings for direct partitions in initramfs: # * file location in initramfs: /etc/fstab # * file location in real-root: /etc/mkinitcpio-systemd-tool/config/fstab # fstab format: # https://wiki.archlinux.org/index.php/Fstab # how fstab is used by systemd: # https://www.freedesktop.org/software/systemd/man/systemd-fstab-generator.html # https://github.com/systemd/systemd/blob/master/src/fstab-generator/fstab-generator.c # note: # * ensure /sysroot mount folder inside initramfs disk image # * remove "root=/dev/mapper/root" stanza from kernel command line # * provide here root partition mapping (instead of kernel command line) # * ensure that mapper-path in fstab corresponds to mapper-name in crypttab # * for x-mount options see: https://www.freedesktop.org/software/systemd/man/systemd.mount.html # /dev/mapper/root /sysroot auto x-systemd.device-timeout=9999h 0 1 # /dev/mapper/swap none swap x-systemd.device-timeout=9999h 0 0 ``` ``` $ cat etc/crypttab # This file is part of https://github.com/random-archer/mkinitcpio-systemd-tool # crypttab: mappings for encrypted partitions in initramfs # * file location in initramfs: /etc/crypttab # * file location in real-root: /etc/mkinitcpio-systemd-tool/config/crypttab # crypttab format: # https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#crypttab # how crypttab is used by systemd: # https://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html # https://github.com/systemd/systemd/blob/master/src/cryptsetup/cryptsetup-generator.c # note: # * provide here mapper partition UUID (instead of kernel command line) # * use password/keyfile=none to force cryptsetup password agent prompt # * ensure that mapper-path in fstab corresponds to mapper-name in crypttab # * for x-mount options see: https://www.freedesktop.org/software/systemd/man/systemd.mount.html # # root UUID={{UUID_ROOT}} none luks # swap UUID={{UUID_SWAP}} none luks root UUID=45330ed0-2ced-4c72-b192-5548b1344029 none luks,allow-discards ``` ``` $ lsblk -f NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINT loop0 squashfs 4.0 0 100% /var/lib/snapd/snap/snapd/6953 loop1 squashfs 4.0 0 100% /var/lib/snapd/snap/gtk-common-themes/1474 loop2 squashfs 4.0 0 100% /var/lib/snapd/snap/gnome-3-28-1804/116 loop3 squashfs 4.0 0 100% /var/lib/snapd/snap/core18/1705 loop4 squashfs 4.0 0 100% /var/lib/snapd/snap/tandem/2 sda ├─sda1 ntfs winslow 0647E0B76CA79638 └─sda2 crypto_LUKS 1 c4b9038a-743e-452f-b3e4-8a8291b2c4f0 └─linslownew btrfs linslow a4359fb7-17b1-418f-afae-ebc2cb42cf9d 1.1T 46% /slow sdb ├─sdb1 ext4 1.0 ssd2-lin 137946f5-6d62-4b09-b618-a85042e16c94 3.1G 98% /ssd2 └─sdb2 ntfs ssd2-win 7E3617143176A7C7 nvme1n1 ├─nvme1n1p1 crypto_LUKS 2 45330ed0-2ced-4c72-b192-5548b1344029 │ └─root btrfs root c58bcea8-0338-41d6-b10b-cd186747b07d 524.2G 44% / ├─nvme1n1p2 vfat FAT32 BOOTEFI F6D8-B4FB 124.9M 0% /boot/efi └─nvme1n1p3 ext4 1.0 boot ad54f0cd-de73-4a9b-915a-1241deb9d541 50.1M 72% /boot nvme0n1 ├─nvme0n1p2 ntfs A6745FC0745F9243 └─nvme0n1p1 ``` ``` $ blkid /dev/nvme1n1p1: UUID="45330ed0-2ced-4c72-b192-5548b1344029" TYPE="crypto_LUKS" PARTUUID="2dbdfbcb-5de6-4c84-ad45-f6dfd25a7047" /dev/nvme1n1p2: LABEL_FATBOOT="BOOTEFI" LABEL="BOOTEFI" UUID="F6D8-B4FB" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="a4daa5c2-28ca-4532-828f-8b6d297dea2e" /dev/nvme1n1p3: LABEL="boot" UUID="ad54f0cd-de73-4a9b-915a-1241deb9d541" BLOCK_SIZE="1024" TYPE="ext4" PARTUUID="368c1e6e-6170-4c2e-b545-ef1aac6291f2" /dev/sda1: LABEL="winslow" BLOCK_SIZE="512" UUID="0647E0B76CA79638" TYPE="ntfs" PARTUUID="9c503e54-81f4-644b-988d-9a3dbdd6db94" /dev/sda2: UUID="c4b9038a-743e-452f-b3e4-8a8291b2c4f0" TYPE="crypto_LUKS" PARTUUID="05f2c850-e3d8-9c4d-9871-e8adcf5379e1" /dev/sdb1: LABEL="ssd2-lin" UUID="137946f5-6d62-4b09-b618-a85042e16c94" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="15f01ea8-0bb1-3b42-9e09-d55de492179e" /dev/sdb2: LABEL="ssd2-win" BLOCK_SIZE="512" UUID="7E3617143176A7C7" TYPE="ntfs" PARTUUID="9348c930-f4d8-bd4e-9eea-aa385bb0411d" /dev/mapper/root: LABEL="root" UUID="c58bcea8-0338-41d6-b10b-cd186747b07d" UUID_SUB="7cdc25b0-dcb0-4787-a2e2-061421f37b97" BLOCK_SIZE="4096" TYPE="btrfs" /dev/loop0: TYPE="squashfs" /dev/loop1: TYPE="squashfs" /dev/loop2: TYPE="squashfs" /dev/loop3: TYPE="squashfs" /dev/loop4: TYPE="squashfs" /dev/mapper/linslownew: LABEL="linslow" UUID="a4359fb7-17b1-418f-afae-ebc2cb42cf9d" UUID_SUB="58567124-5f5a-49bb-b9df-19d90b211265" BLOCK_SIZE="4096" TYPE="btrfs" /dev/nvme0n1p2: BLOCK_SIZE="512" UUID="A6745FC0745F9243" TYPE="ntfs" /dev/nvme0n1p1: PARTLABEL="Microsoft reserved partition" PARTUUID="8241e6dd-f7ba-4acd-9b3f-b3345ecd0437" ``` ``` $ uname -a Linux wintermute 5.6.4-arch1-1 #1 SMP PREEMPT Mon, 13 Apr 2020 12:21:19 +0000 x86_64 GNU/Linux ```

[Andrei-Pozolotin]

@lachesis

you have conflicting /sysroot specs [kernel] vs [fstab] :

you have conflicting `/sysroot` specs [kernel] vs [fstab] : 1. kernel command line ``` $ cat /proc/cmdline BOOT_IMAGE=/vmlinuz-linux root=UUID=c58bcea8-0338-41d6-b10b-cd186747b07d rw intel_iommu=on iommu=pt resume=UUID=c58bcea8-0338-41d6-b10b-cd186747b07d resume_offset=69399059 ``` 2. `[initramfs]/fstab` ``` /dev/mapper/root /sysroot auto x-systemd.device-timeout=9999h 0 1 ``` 3. try to remove from kernel command line any `root` references ``` root=UUID... resume=UUID... ``` 4. read for more insight on `btrfs`: https://github.com/random-archer/mkinitcpio-systemd-tool/wiki/Case:-Sysroot-on-Btrfs 5. second attempt to re-map `root` is ignored, check actual mount options to verify `[real-root]/fstab` ``` /dev/mapper/root / btrfs ssd,discard,noatime,user_xattr,defaults 0 1 ``` 6. `initrd-shell.service` should not be enabled 7. if you wait more then 1 min 30 sec you should drop into emergency shell produce full `journalctl -b`. enable `initrd-debug-progs.service` for more debug tools

[lachesis]

Good advice thanks.

3. Sadly that root is being inserted by `grub-mkconfig` and I can't be bothered to fix it right now. Can I change my $initramfs/etc/fstab to use `UUID=c58bcea8-0338-41d6-b10b-cd186747b07d` instead of /dev/mapper/root? Also, don't I need to specify the resume device independently for hibernate to work? 4. Not sure what in particular I can take from that. It looks like quite a different situation with the keyfiles partition and all. 5. Actual mount options: ``` $ mount -l -t btrfs /dev/mapper/root on / type btrfs (rw,relatime,ssd,space_cache,subvolid=5,subvol=/) [root] ``` 6. I enabled that to solve issue #61. 7. Will investigate further and report back.

[Andrei-Pozolotin]

@lachesis Eric:

Good advice thanks.

1. I do not use "sysroot on btrfs", sorry and have no immediate "how to make it work" advice 2. since it took @fredleb Frederic 3 weeks with his "sysroot on lvm+btrfs" #36, chances are, you are looking at 2 weeks with "simple" case, "sysroot on btrfs" :-) 3. here is a wiki page waiting for you to share your unavoidable total success story :-) https://github.com/random-archer/mkinitcpio-systemd-tool/wiki/Case:-Sysroot-on-Btrfs-(simple) 4. ideally we want to incorporate some `initrd-root-on-btrfs.{mount,service}` units such that other people can re-use your experience

[peter-held]

Also for me is not working (ZFS):

- without sd-encrypt  - with sd-encrypt 

[peter-held]

System information (ZFS):

- `systemctl list-unit-files --state=enabled | grep initrd` ``` initrd-cryptsetup.path enabled disabled initrd-debug-progs.service enabled disabled initrd-network.service enabled disabled initrd-sysroot-mount.service enabled disabled initrd-tinysshd.service enabled disabled ``` - `cat etc/crypttab` ``` # This file is part of https://github.com/random-archer/mkinitcpio-systemd-tool # crypttab: mappings for encrypted partitions in initramfs # * file location in initramfs: /etc/crypttab # * file location in real-root: /etc/mkinitcpio-systemd-tool/config/crypttab # crypttab format: # https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#crypttab # how crypttab is used by systemd: # https://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html # https://github.com/systemd/systemd/blob/master/src/cryptsetup/cryptsetup-generator.c # note: # * provide here mapper partition UUID (instead of kernel command line) # * use password/keyfile=none to force cryptsetup password agent prompt # * ensure that mapper-path in fstab corresponds to mapper-name in crypttab # * for x-mount options see: https://www.freedesktop.org/software/systemd/man/systemd.mount.html # # root UUID={{UUID_ROOT}} none luks # swap UUID={{UUID_SWAP}} none luks crypt-ata-Samsung_SSD_850_EVO_250GB_244N-part3 /dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_244N-part3 none luks,discard,x-systemd.device-timeout=9999h crypt-ata-Samsung_SSD_850_EVO_250GB_311M-part3 /dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_311M-part3 none luks,discard,x-systemd.device-timeout=9999h ``` - `cat etc/fstab` ``` # This file is part of https://github.com/random-archer/mkinitcpio-systemd-tool # fstab: mappings for direct partitions in initramfs: # * file location in initramfs: /etc/fstab # * file location in real-root: /etc/mkinitcpio-systemd-tool/config/fstab # fstab format: # https://wiki.archlinux.org/index.php/Fstab # how fstab is used by systemd: # https://www.freedesktop.org/software/systemd/man/systemd-fstab-generator.html # https://github.com/systemd/systemd/blob/master/src/fstab-generator/fstab-generator.c # note: # * ensure /sysroot mount folder inside initramfs disk image # * remove "root=/dev/mapper/root" stanza from kernel command line # * provide here root partition mapping (instead of kernel command line) # * ensure that mapper-path in fstab corresponds to mapper-name in crypttab # * for x-mount options see: https://www.freedesktop.org/software/systemd/man/systemd.mount.html # # /dev/mapper/root /sysroot auto x-systemd.device-timeout=9999h 0 1 # /dev/mapper/swap none swap x-systemd.device-timeout=9999h 0 0 ``` - `cat /proc/cmdline` ``` BOOT_IMAGE=/BOOT/default@/vmlinuz-linux-vfio root=zfs:rpool/ROOT/default rw intel_iommu=on,igfx_off pcie_acs_override=downstream ipv6.disable=1 zfs_ignorecache=1 ``` - `journalctl -b -t shell` ``` -- Logs begin at Wed 2020-02-26 09:43:07 EET, end at Tue 2020-04-21 10:17:01 EEST. -- Apr 21 09:38:45 kvm1.cr.home.lan shell[393]: service/loc info : init Apr 21 09:38:45 kvm1.cr.home.lan shell[395]: service/loc info : service: cryptsetup/crypto_terminal Apr 21 09:38:45 kvm1.cr.home.lan shell[400]: service/loc info : crypt jobs Apr 21 09:38:45 kvm1.cr.home.lan shell[403]: service/loc info : custom agent try count=1 Apr 21 09:38:45 kvm1.cr.home.lan shell[416]: service/loc info : query start Apr 21 09:39:37 kvm1.cr.home.lan shell[475]: service/loc info : query finish Apr 21 09:39:37 kvm1.cr.home.lan shell[484]: service/loc info : request list size=2 Apr 21 09:39:37 kvm1.cr.home.lan shell[495]: service/loc info : reply pid=366 id=cryptsetup:/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_244N-part3 message=Please-enter-passphrase-for-disk-Samsung_S> Apr 21 09:39:37 kvm1.cr.home.lan shell[500]: service/loc warn : request removed [/run/systemd/ask-password/ask.PCAKyN] Apr 21 09:39:43 kvm1.cr.home.lan shell[1433]: service/loc info : program termination (TERM) Apr 21 09:39:43 kvm1.cr.home.lan shell[1436]: service/loc info : exit code=0 ``` - `lsblk /dev/sda` ``` NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 232.9G 0 disk ├─sda1 8:1 0 512M 0 part /boot/efi2 ├─sda2 8:2 0 1G 0 part └─sda3 8:3 0 231.4G 0 part └─crypt-ata-Samsung_SSD_850_EVO_250GB_311M-part3 254:1 0 231.4G 0 crypt` - lsblk /dev/sdb `NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sdb 8:16 0 232.9G 0 disk ├─sdb1 8:17 0 512M 0 part /boot/efi1 ├─sdb2 8:18 0 1G 0 part └─sdb3 8:19 0 231.4G 0 part └─crypt-ata-Samsung_SSD_850_EVO_250GB_244N-part3 254:0 0 231.4G 0 crypt ``` - `zpool status -v bpool rpool` ``` pool: bpool state: ONLINE status: Some supported features are not enabled on the pool. The pool can still be used, but some features are unavailable. action: Enable all features using 'zpool upgrade'. Once this is done, the pool may no longer be accessible by software that does not support the features. See zpool-features(5) for details. scan: none requested config: NAME STATE READ WRITE CKSUM bpool ONLINE 0 0 0 mirror-0 ONLINE 0 0 0 ata-Samsung_SSD_850_EVO_250GB_244N-part2 ONLINE 0 0 0 ata-Samsung_SSD_850_EVO_250GB_311M-part2 ONLINE 0 0 0 errors: No known data errors pool: rpool state: ONLINE scan: scrub repaired 0B in 0 days 00:05:29 with 0 errors on Sun Sep 22 09:13:11 2019 config: NAME STATE READ WRITE CKSUM rpool ONLINE 0 0 0 mirror-0 ONLINE 0 0 0 crypt-ata-Samsung_SSD_850_EVO_250GB_244N-part3 ONLINE 0 0 0 crypt-ata-Samsung_SSD_850_EVO_250GB_311M-part3 ONLINE 0 0 0 errors: No known data errors ```

[Andrei-Pozolotin]

@lachesis @peter-held @shelaf

please: try again with v34

1. try again with v34, see if that makes any difference https://github.com/random-archer/mkinitcpio-systemd-tool/releases/tag/v34 https://www.archlinux.org/packages/community/any/mkinitcpio-systemd-tool/ 2. report content of actual `/etc/mkinitcpio.conf`

[shelaf]

v34 also did not work well without sd-encrypt hook.

/etc/mkinitcpio.conf (BTRFS)

``` MODULES=() BINARIES=("/usr/bin/btrfs") FILES=() HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block filesystems sd-encrypt fsck btrfs systemd-tool) ```

[peter-held]

/etc/mkinitcpio.conf (ZFS)

``` MODULES=(pci-stub i915) BINARIES=() FILES=() HOOKS=(base keyboard modconf block filesystems fsck systemd sd-vconsole sd-encrypt sd-zfs systemd-tool) ```

[Andrei-Pozolotin]

v34 also did not work

v34 release is still pending. verify version by re-install: pacman -Sy mkinitcpio-systemd-tool

[shelaf]

I installed from git master branch, extracted initramfs, and verified that initrd-cryptsetup.service has a dm-integrity line.

[Andrei-Pozolotin]

I installed from git master branch

ah, good

[Andrei-Pozolotin]

@lachesis @peter-held @shelaf

regading /etc/crypttab.initramfs:

* do you guys at all use `[real-root]/etc/crypttab.initramfs` from [sd-encrypt](https://git.archlinux.org/svntogit/packages.git/tree/trunk/install-sd-encrypt?h=packages/cryptsetup#n35) * if yes, what is the content? * if yes, what happens when you remove it?

[Andrei-Pozolotin]

BINARIES=("/usr/bin/btrfs")

this is redundant, this dependency should be brought by HOOKS=(btrfs), no?

[shelaf]

this is redundant, this dependency should be brought by HOOKS=(btrfs), no?

Btrfs hook contents are as follows. No binary. ``` #!/usr/bin/ash run_hook() { btrfs device scan } ``` See https://wiki.archlinux.org/index.php/Btrfs#Corruption_recovery for the meaning of the BINARIES.

[shelaf]

do you guys at all use [real-root]/etc/crypttab.initramfs from sd-encrypt

No, does not exist.

[peter-held]

My /etc/crypttab.initramfs has the same content as /etc/crypttab. I removed it and the computer booted without problems (with sd-encrypt).

[lachesis]

do you guys at all use [real-root]/etc/crypttab.initramfs from sd-encrypt

Doesn't exist for me either.

[Andrei-Pozolotin]

@lachesis you can try to follow @peter-held pattern from https://github.com/random-archer/mkinitcpio-systemd-tool/issues/62#issuecomment-617003478 that is:

• leave [initramfs]/etc/fstab empty and
• drive sysrooot.mount generation only form kernel command line

[Andrei-Pozolotin]

@lachesis @peter-held @shelaf just to confirm:

• after v34 you still need to keep HOOKS=(sd-encrypt) in order to boot, is that correct?

[shelaf]

after v34 you still need to keep HOOKS=(sd-encrypt) in order to boot, is that correct?

Yes

[Anty0]

Hi, Even though I don't have btrfs or zfs (only ext4 on lvm), I think this might be related:

Looking through changelog while updating my system today, I have noticed I in fact use `sd-encrypt` hook. Without it system won't ask for password... (Frozen on waiting for partition.) This issue persists in `v34`. I have decided to findout why. :sunglasses: Comparing both initcpios (with and without sd-encrypt) I can see `cryptsetup.target` is missing from `sysinit.target.wants` in initcpio without `sd-encrypt`. I'm not sure why... :confused: Diff output: ``` $ diff --brief --recursive --no-dereference initcpio-working initcpio-broken Files initcpio-working/buildconfig and initcpio-broken/buildconfig differ Only in initcpio-working/usr/lib/systemd/system/sysinit.target.wants: cryptsetup.target Only in initcpio-working/usr/lib/systemd/system/sysinit.target.wants: systemd-ask-password-console.path ``` I was able to workaround this in `initrd-cryptsetup.service` with: ``` InitrdLink=/usr/lib/systemd/system/sysinit.target.wants/cryptsetup.target target=/usr/lib/systemd/system/cryptsetup.target ``` With this change everything is working the same as with `sd-encrypt` hook.

Hope this info can help resolve this issue. :slightly_smiling_face:

[Andrei-Pozolotin]

@Anty0 hey, thank you!

* that will be an easy fix * we are still waiting for you to tell your story, and also teach your magic `diff` skill :slightly_smiling_face: https://github.com/random-archer/mkinitcpio-systemd-tool/wiki/Case:-Sysroot-on-LVM

[shelaf]

InitrdLink=/usr/lib/systemd/system/sysinit.target.wants/cryptsetup.target target=/usr/lib/systemd/system/cryptsetup.target

It worked fine with plymouth by adding this line to initrd-plymouth.service file! Thank you!

[Andrei-Pozolotin]

@lachesis @peter-held @shelaf @Anty0 please confirm if v35 works

* ok, another attempt: https://www.youtube.com/watch?v=19XbKvfCNrQ * mkinitcpio-systemd-tool 35-1 https://www.archlinux.org/packages/community/any/mkinitcpio-systemd-tool/ * please confirm if `v35` works for you in general and without `sd-encrypt`

[lachesis]

@Anty0 @Andrei-Pozolotin

thank you! it is now working for me without the sd-encrypt hook. My actual hooks: HOOKS="base systemd autodetect modconf block filesystems keyboard fsck systemd-tool" I hope it is okay to put systemd earlier in the process than suggested in your docs. It was necessary in order for my keyboard to become ready by the time the prompt appears.

[lachesis]

Also, perhaps related. I hand-edited my grub.cfg file to remove the root=UUID=xyz rw component of the cmdline and I no longer see the fstab error that I received earlier. Sadly this is not something that I can make grub-mkconfig do for me (as far as I can tell). I'll have to add some kind of post-upgrade hook using sed to remove that component from the cmdline, or get a patch submitted to grub. (unlikely imo)

Here is my actual cmdline for this boot:

BOOT_IMAGE=/vmlinuz-linux intel_iommu=on iommu=pt resume=UUID=c58bcea8-0338-41d6-b10b-cd186747b07d resume_offset=69399059

[Anty0]

@Andrei-Pozolotin

• we are still waiting for you to tell your story

I'm sorry. I'm really looking forward to write it, but I didn't have time to do so yet. :slightly_frowning_face: I hope there might be some time at the beginning of the next month, once I finish most of the school projects.

@lachesis

I hand-edited my grub.cfg file to remove the root=UUID=xyz rw component of the cmdline

Same here. My solution to keep this change in place is to modify /etc/grub.d/* files, so the generated config does not contain root kernel argument at all. I agree it might be possible to create pacman hook which would patch these files after grub update (since pacman update would override them). (I take advantage of my own script for system configuration synchronization to keep them modified, instead.)

[shelaf]

I also worked fine v35 with/without plymouth.

@Anty0 @lachesis Grub automatically creates the root parameter, so I think it's a good idea to empty /etc/mkinitcpio-systemd-tool/config/fstab .

[peter-held]

Thanks, now it works.

My hooks are: HOOKS=(base keyboard modconf block filesystems fsck systemd sd-vconsole sd-zfs systemd-tool)

Even if systemd is not at the beginning, the keyboard works.

[Anty0]

@shelaf At the time when I was creating my system there was an issue. You had to input your password and unlock the root partition withing short time frame, otherwise the boot would fail and fall back into emergency shell. I don't know if the issue is still here, but to fix it I have added an option x-systemd.device-timeout=9999h to my root mount in initcpio fstab. I don't think it is possible to do so in kernel arguments.

[Anty0]

• please confirm if v35 works for you in general and without sd-encrypt

Yep, it's working like a charm. No workarounds needed without sd-encrypt anymore. :slightly_smiling_face:

[Andrei-Pozolotin]

https://github.com/random-archer/mkinitcpio-systemd-tool/wiki/Root-vs-Fstab

To All: to clarify the "root= vs fstab" issue:

1. systemd bootup sequence requires that sysroot.mount mount unit is defined by someone, somewhere

2. there are 3 ways to define sysroot.mount:

A. auto-magically, with root= + fstab-generator

kernel-cmdline: root=... ---> fstab-gen ---> /run/systemd/generator/sysroot.mount

B. auto-magically, with /etc/fstab + fstab-generator

[initramfs]/etc/fstab ---> fstab-gen ---> /run/systemd/generator/sysroot.mount

C. manually, with user-provided mount unit file with a name sysroot.mount

[initramfs]/etc/systemd/system/sysroot.mount

3. A-vs-B-vs-C have different set of available features, (which also keeps changing over time); A is more limited, B is more complete, and only C is the "real form", which allows complete control over mount unit file

4. in order to understand "how much magic" is done by fstab-generator, you have to study fstab-generator.c

5. usage examples:

A. that is what yourselves describe above about your various setups

B. that is what this project recommends in src/fstab

C. that is what is used by Case: Sysroot on Btrfs

[Andrei-Pozolotin]

@lachesis @peter-held @shelaf @Anty0

1. thank you guys, we are now complete

2. please drop a note here when your user-case wiki page is ready for review