Validation for Bionic from James Page PPA.
I created a bionic VM, configured vault on another machine and installed vaultlocker from the repo.
Used vaultlocker to encrypt a partition:
lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
└─sda1 8:1 0 20G 0 part /
sdb 8:16 0 5G 0 disk
└─sdb1 8:17 0 5G 0 part
└─crypt-be9500f2-b3cd-4027-b7db-435a6bb8cd90 253:0 0 5G 0 crypt /mnt/test
As described in the original bug, there's an interface that is DOWN with NO-CARRIER:
ip l
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
link/ether 52:54:00:ad:4f:a6 brd ff:ff:ff:ff:ff:ff
3: ens8: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
link/ether 52:54:00:06:3e:6c brd ff:ff:ff:ff:ff:ff
When rebooting, we can see the following in the logs:
grep mnt /var/log/syslog
Jan 15 11:07:33 vm1 systemd[1]: Dependency failed for /mnt/test.
Jan 15 11:07:33 vm1 systemd[1]: mnt-test.mount: Job mnt-test.mount/start failed with result 'dependency'.
The version of vaultlocker is:
dpkg -l | grep vaultlocker
ii vaultlocker 1.0.3-0ubuntu1.18.10.1~ubuntu18.04.1 all Secure storage of dm-crypt keys in Hashicorp Vault
I upgraded the vaultlocker package from James Page's PPA:
sudo apt-add-repository ppa:james-page/bionic
sudo apt update
sudo apt upgrade
dpkg -l | grep vaultlocker
ii vaultlocker 1.0.4-0ubuntu0.19.04.1~ubuntu18.04.1~ppa1 all Secure storage of dm-crypt keys in Hashicorp Vault
Rebooting the machine does not show the same errors in the logs:
grep mnt /var/log/syslog
Jan 15 11:34:09 vm1 systemd[1]: Mounting /mnt/test...
Jan 15 11:34:09 vm1 systemd[1]: Mounted /mnt/test.
For the original bug point of view, this patch is fixing the issue in the version proposed by James Page in his PPA. This package is in the queue to be backported to bionic-backports.
Validation for Bionic from James Page PPA. be9500f2- b3cd-4027- b7db-435a6bb8cd 90 253:0 0 5G 0 crypt /mnt/test
I created a bionic VM, configured vault on another machine and installed vaultlocker from the repo.
Used vaultlocker to encrypt a partition:
lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 20G 0 disk
└─sda1 8:1 0 20G 0 part /
sdb 8:16 0 5G 0 disk
└─sdb1 8:17 0 5G 0 part
└─crypt-
As described in the original bug, there's an interface that is DOWN with NO-CARRIER: UP,LOWER_ UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 MULTICAST, UP,LOWER_ UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000 BROADCAST, MULTICAST, UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000
ip l
1: lo: <LOOPBACK,
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens3: <BROADCAST,
link/ether 52:54:00:ad:4f:a6 brd ff:ff:ff:ff:ff:ff
3: ens8: <NO-CARRIER,
link/ether 52:54:00:06:3e:6c brd ff:ff:ff:ff:ff:ff
When rebooting, we can see the following in the logs: mount/start failed with result 'dependency'.
grep mnt /var/log/syslog
Jan 15 11:07:33 vm1 systemd[1]: Dependency failed for /mnt/test.
Jan 15 11:07:33 vm1 systemd[1]: mnt-test.mount: Job mnt-test.
The version of vaultlocker is: 18.10.1~ ubuntu18. 04.1 all Secure storage of dm-crypt keys in Hashicorp Vault
dpkg -l | grep vaultlocker
ii vaultlocker 1.0.3-0ubuntu1.
I upgraded the vaultlocker package from James Page's PPA: page/bionic
sudo apt-add-repository ppa:james-
sudo apt update
sudo apt upgrade
dpkg -l | grep vaultlocker 19.04.1~ ubuntu18. 04.1~ppa1 all Secure storage of dm-crypt keys in Hashicorp Vault
ii vaultlocker 1.0.4-0ubuntu0.
Rebooting the machine does not show the same errors in the logs:
grep mnt /var/log/syslog
Jan 15 11:34:09 vm1 systemd[1]: Mounting /mnt/test...
Jan 15 11:34:09 vm1 systemd[1]: Mounted /mnt/test.
For the original bug point of view, this patch is fixing the issue in the version proposed by James Page in his PPA. This package is in the queue to be backported to bionic-backports.