>>> Michael Cassaniti <michael@xxxxxxxxxxxxxxx> schrieb am 26.08.2022 um 06:46 in Nachricht <01000182d8797b39-375650cc-485b-43ec-84e0-9be3a66f22f4-000000@xxxxxxxxxxxxxxxxxx >: > On 25/8/22 22:22, Lennart Poettering wrote: >> On Do, 25.08.22 10:50, Michael Cassaniti (michael@xxxxxxxxxxxxxxx) wrote: >> >>> It seems to be somewhat more complicated than that, and perhaps it has more >>> to do with my setup. Here's my /etc/crypttab which just might explain a bit: >>> >>> # Mount root and swap >>> # These will initially have an empty password >>> root /dev/disk/by-partlabel/root - > fido2-device=/dev/yubico-fido2,token-timeout=0,try-empty-password=true,x-init > rd.attach >>> swap /dev/disk/by-partlabel/swap - > fido2-device=/dev/yubico-fido2,token-timeout=0,try-empty-password=true,x-init > rd.attach >>> >>> I think the fact that both of these get setup at boot and will concurrently >>> try to access the FIDO2 token is causing issues. That crypttab is included >>> in the initrd. >> There was an issue with concurrent access to FIDO2 devices conflicting >> with each other. This was addressed in libfido2 though, it will now >> take a BSD lock on the device while talking to it, thus synchronizing >> access properly. >> >> See this bug: >> >> https://github.com/systemd/systemd/issues/23889 >> >> Maybe it's sufficient to update libfido2 on your system? >> >> >> Lennart >> >> -- >> Lennart Poettering, Berlin > Hi Lennart, > Thanks for the fast response. I've got version 1.11 of libfido2 and it > seems I'd need 1.12 (to be released) to fix it [1]. It terrifies me to > think what I might break on my system by upgrading libfido2. On Gentoo Or "Use the source, Luke": Try to "patch in" just that missing lock into your current version. > there is revdep-rebuild but Ubuntu doesn't have anything like that. I'm > on Ubuntu 22.10 which is the latest development version so I can use > some shiny new systemd features. > > For now I've written a rather dodgy generator that will scan through the > generated units for both cryptsetup and resume, then add in some > ordering. Currently it will make the cryptsetup units run serially. I am > yet to test it though. > > [1]: https://github.com/Yubico/libfido2/pull/604#issuecomment-1178637796 > > Thanks, > Michael Cassaniti, Australia
Antw: [EXT] Re: [systemd‑devel] Ordering units and targets with devices
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Antw: [EXT] Re: [systemd‑devel] Ordering units and targets with devices
- From: "Ulrich Windl" <Ulrich.Windl@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 26 Aug 2022 09:17:32 +0200
- Cc: "systemd-devel@xxxxxxxxxxxxxxxxxxxxx" <systemd-devel@xxxxxxxxxxxxxxxxxxxxx>
- In-reply-to: <01000182d8797b39-375650cc-485b-43ec-84e0-9be3a66f22f4-000000@email.amazonses.com>
- References: <01000182abf8f157-0994149b-150a-45d3-8ad7-75eab0624f4c-000000@email.amazonses.com> <YwdSUu3tuDM8lu3s@gardel-login> <01000182d4a05f96-31e8d7ec-8529-4602-adc6-349113eeb5fe-000000@email.amazonses.com> <YwdpmEfCaBeNqEty@gardel-login> <01000182d8797b39-375650cc-485b-43ec-84e0-9be3a66f22f4-000000@email.amazonses.com>
- References:
- Ordering units and targets with devices
- From: Michael Cassaniti
- Re: Ordering units and targets with devices
- From: Lennart Poettering
- Re: Ordering units and targets with devices
- From: Michael Cassaniti
- Re: Ordering units and targets with devices
- From: Lennart Poettering
- Re: Ordering units and targets with devices
- From: Michael Cassaniti
- Ordering units and targets with devices
- Prev by Date: Re: Getting rid of the /run/credentials mount
- Next by Date: Re: The best way to execute kexec via dbus
- Previous by thread: Re: Ordering units and targets with devices
- Next by thread: Preventing home activation with user password
- Index(es):
 |