Ubuntu
clevis package

console noise when / is not bound

Bug #1875984 reported by dann frazier
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
clevis (Ubuntu)
Fix Released
Undecided
dann frazier
Focal
Fix Released
Undecided
dann frazier

Bug Description

[Impact]
There's a race condition in the clevis initramfs-hook that can cause noisy errors on the console. This is 100% reproducible when / is a dm_crypt device that is *not* bound to clevis, but seems like timing could cause it to happen when bound as well.

[Test Case]
Install & boot using a dm-crypt device that is not bound to clevis as /.

You'll see:
 Volume group "ubuntu-vg" not found
  Cannot process volume group ubuntu-vg
Please unlock disk dm_crypt-0:
/scripts/local-top/clevis: line 135: /proc/398/environ: No such file or directory
/scripts/local-top/clevis: line 135: local: `': not a valid identifier
cryptsetup: dm_crypt-0: set up successfully

Regression test is to bind a device and reboot and make sure it still unlocks automatically. To bind:

sudo clevis luks bind -d /dev/vda3 tang '{"url": "http://$tangserver"}'

[Fix]
https://github.com/latchset/clevis/commit/e2fd826ceeabbb7af665c9401d6c3120b4847bab

[Regression Risk]
A bug could cause a system to not automatically boot. Regression tested as described above to mitigate.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clevis - 12-1ubuntu5

---------------
clevis (12-1ubuntu5) groovy; urgency=medium

  * d/p/increase-pin-tang-timeout.patch -> d/p/increase-test-timeouts.patch:
    Also increase pin-sss timeout for riscv64 builders.

 -- dann frazier <email address hidden> Fri, 01 May 2020 06:33:27 -0600

Changed in clevis (Ubuntu):
status: New → Fix Released
dann frazier (dannf)
Changed in clevis (Ubuntu Focal):
status: New → In Progress
assignee: nobody → dann frazier (dannf)
Changed in clevis (Ubuntu):
assignee: nobody → dann frazier (dannf)
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello dann, or anyone else affected,

Accepted clevis into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/clevis/12-1ubuntu2.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in clevis (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-focal
Revision history for this message
dann frazier (dannf) wrote :

Note that the riscv64 build in focal-proposed currently FTBFS. That's due to a regression related to the LP riscv64 builders that is causing our tests to run ~50% slower, which exceeds the default timeouts. wgrant has been looking into that. In groovy, I worked around those by increasing the timeouts, which I can apply to focal as well if the builder issue isn't addressed soon.

Revision history for this message
dann frazier (dannf) wrote :

= Verification =
Note that the ip: errors are not a regression and I believe are due to my specific network config. But the /proc/$pid/environ errors are now gone:

---
Begin: Running /scripts/init-premount ... ln: /tmp/mountroot-fail-hooks.d//scripts/init-premount/lvm2: No such file or directory
done.
Begin: Mounting root file system ... Begin: Running /scripts/local-top ... Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

DHCPDISCOVER on enp7s0 to 255.255.255.255 port 67 interval 3 (xid=0xf8574748)
DHCPDISCOVER on enp1s0 to 255.255.255.255 port 67 interval 3 (xid=0xa7283338)
DHCPOFFER of 192.168.122.11 from 192.168.122.1
DHCPREQUEST for 192.168.122.11 on enp1s0 to 255.255.255.255 port 67 (xid=0x383328a7)
DHCPACK of 192.168.122.11 from 192.168.122.1 (xid=0xa7283338)
bound to 192.168.122.11 -- renewal in 1579 seconds.
  Volume group "ubuntu-vg" not found
  Cannot process volume group ubuntu-vg
Please unlock disk dm_crypt-0:
cryptsetup: dm_crypt-0: set up successfully
done.
Begin: Running /scripts/local-premount ... [ 9.311667] Btrfs loaded, crc32c=crc32c-intel
Scanning for Btrfs filesystems
done.
Warning: fsck not present, so skipping root file system
[ 9.516302] EXT4-fs (dm-1): mounted filesystem with ordered data mode. Opts: (null)
done.
Begin: Running /scripts/local-bottom ... Terminated
ip: SIOCGIFFLAGS: No such device
ip: can't find device '/sys/class/net/enp1s0'
ip: can't find device '/sys/class/net/enp1s0'
ip: SIOCGIFFLAGS: No such device
ip: can't find device '/sys/class/net/enp7s0'
ip: can't find device '/sys/class/net/enp7s0'
ip: SIOCGIFFLAGS: No such device
ip: can't find device '/sys/class/net/lo'
ip: can't find device '/sys/class/net/lo'
done.
Begin: Running /scripts/init-bottom ... done.
[ 9.798346] systemd[1]: Inserted module 'autofs4'
[ 9.817588] systemd[1]: systemd 245.4-4ubuntu3 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=hybrid)
[ 9.822629] systemd[1]: Detected virtualization kvm.
[ 9.823689] systemd[1]: Detected architecture x86-64.

Welcome to Ubuntu 20.04 LTS!

tags: added: verification-done verification-done-focal
removed: verification-needed verification-needed-focal
Revision history for this message
dann frazier (dannf) wrote :

Also regression tested by unbinding and manually entering a passphrase to unlock.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clevis - 12-1ubuntu2.1

---------------
clevis (12-1ubuntu2.1) focal; urgency=medium

  * d/p/initramfs-Avoid-noise-due-to-proc-race.patch: Get rid of
    console noise in initramfs due to race condition (LP: #1875984).

 -- dann frazier <email address hidden> Fri, 01 May 2020 15:38:20 -0600

Changed in clevis (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Update Released

The verification of the Stable Release Update for clevis has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.