Snappy

/var/lib/opencryptoki needs to be in /etc/system-image/writable-paths

Bug #1500020 reported by Oliver Grawert on 2015-09-26
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Snappy
Fix Released
Undecided
Unassigned
ubuntu-core-config (Ubuntu)
Fix Released
Undecided
Unassigned
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

during boot the opencryptoki service fails to start:

(RaspberryPi2)ubuntu@localhost:~$ sudo systemctl status opencryptoki.service
● opencryptoki.service - LSB: starts pkcsslotd
   Loaded: loaded (/etc/init.d/opencryptoki)
   Active: failed (Result: exit-code) since Fri 2015-09-25 20:52:02 UTC; 16h ago
     Docs: man:systemd-sysv-generator(8)
  Process: 646 ExecStart=/etc/init.d/opencryptoki start (code=exited, status=1/FAILURE)

Sep 25 20:52:02 localhost.localdomain opencryptoki[646]: chgrp: cannot access ‘/var/lib/opencryptoki/swtok/TOK_OBJ’: No such file or directory
Sep 25 20:52:02 localhost.localdomain opencryptoki[646]: /usr/sbin/pkcs_slot: line 496: /var/lib/opencryptoki/pk_config_data: Read-only file system
Sep 25 20:52:02 localhost.localdomain opencryptoki[646]: chmod: changing permissions of ‘.’: Read-only file system
Sep 25 20:52:02 localhost.localdomain opencryptoki[646]: Cannot open file /var/lib/opencryptoki/pk_config_data
Sep 25 20:52:02 localhost.localdomain opencryptoki[646]: Please run /usr/sbin/pkcs11_startup
Sep 25 20:52:02 localhost.localdomain opencryptoki[646]: ERROR pkcsslotd[689.1996083200]: Failed to read slot database.
Sep 25 20:52:02 localhost.localdomain systemd[1]: opencryptoki.service: control process exited, code=exited status=1
Sep 25 20:52:02 localhost.localdomain systemd[1]: Failed to start LSB: starts pkcsslotd.
Sep 25 20:52:02 localhost.localdomain systemd[1]: Unit opencryptoki.service entered failed state.
Sep 25 20:52:02 localhost.localdomain systemd[1]: opencryptoki.service failed.
(RaspberryPi2)ubuntu@localhost:~$

adding /var/lib/opencryptok to /etc/system-image/writable-paths like:

/var/lib/opencryptoki auto persistent transition none

makes /usr/sbin/pkcsslotd start properly ...

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-core-config - 0.6.29

---------------
ubuntu-core-config (0.6.29) wily; urgency=medium

  * fix /etc/NetworkManager/connections entry in
    /etc/system-image/writable-paths (unwanted line wrap)
  * add /var/lib/opencryptok to writable-paths to make sure pkcsslotd can
    start properly (LP: #1500020)
  * add /etc/ppp, /etc/watchdog.conf, /etc/default/watchdog and /var/lib/tpm
    to writable-paths for seeding tpm-tools and ppp (to get in sync with
    stable)

 -- Oliver Grawert <email address hidden> Wed, 30 Sep 2015 11:37:14 +0200

Changed in ubuntu-core-config (Ubuntu):
status: New → Fix Released
Leo Arias (elopio) wrote :

Hey ogra, on my rpi I don't have the service:

ubuntu@localhost:~$ sudo systemctl status opencryptoki.service
● opencryptoki.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)

how can I reproduce this?
thanks!

Changed in snappy:
status: New → Incomplete
Michael Vogt (mvo) on 2016-11-29
Changed in snappy:
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers