Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to generate using latest version and Gentoo #147

Open
julie-de-ville opened this issue Dec 26, 2024 · 7 comments
Open

Unable to generate using latest version and Gentoo #147

julie-de-ville opened this issue Dec 26, 2024 · 7 comments

Comments

@julie-de-ville
Copy link

I just got a new laptop, so I installed a distribution kernel for my gentoo, and when trying to generate a new initramfs, I get this error. I am also unable to decrypt the drive using the dist kernel and the initramfs I have now, but I can boot using my old kernel:

Traceback (most recent call last):
  File "/usr/lib/python3.12/site-packages/ugrd/main.py", line 167, in main
    generator.build()
  File "/usr/lib/python3.12/site-packages/ugrd/initramfs_generator.py", line 90, in build
    self.run_build()
  File "/usr/lib/python3.12/site-packages/ugrd/initramfs_generator.py", line 228, in run_build
    self.run_hook(task, force_exclude=True)
  File "/usr/lib/python3.12/site-packages/ugrd/initramfs_generator.py", line 144, in run_hook
    if function_output := self.run_func(function, *args, **kwargs):
                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/ugrd/initramfs_generator.py", line 106, in run_func
    if function_output := function(self):
                          ^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/ugrd/crypto/cryptsetup.py", line 337, in export_crypt_sources
    _validate_luks_config(self, name)
  File "/usr/lib/python3.12/site-packages/zenlib/util/dict_check.py", line 36, in _contains
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/ugrd/crypto/cryptsetup.py", line 326, in _validate_luks_config
    _validate_cryptsetup_device(self, mapped_name)
  File "/usr/lib/python3.12/site-packages/zenlib/util/dict_check.py", line 36, in _contains
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/ugrd/crypto/cryptsetup.py", line 284, in _validate_cryptsetup_device
    _validate_cryptsetup_header(self, mapped_name)  # Run header validation, mostly for crypto modules
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/zenlib/util/dict_check.py", line 36, in _contains
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/site-packages/ugrd/crypto/cryptsetup.py", line 245, in _validate_cryptsetup_header
    _detect_luks_header_aes(self, luks_info)
  File "/usr/lib/python3.12/site-packages/ugrd/crypto/cryptsetup.py", line 210, in _detect_luks_header_aes
    if keyslot.get("area", {}).get("encryption").startswith("aes"):
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'startswith'```
@desultory
Copy link
Owner

desultory commented Dec 26, 2024
edited
Loading

Are you on the latest 9999? Are you using AES?

That check is not functioning properly because it can't detect the encryption type. (possibly because you have a detached header and it can't read any info from it)

Are there any warnings before that?

You may be using a version before this check was added: https://github.com/desultory/ugrd/blob/main/src/ugrd/crypto/cryptsetup.py#L240-L241

@julie-de-ville
Copy link
Author

Thank you, I am using v1.28.2

For the algorithm I am using serpent I believe, but it worked before with this.

When booting even from the old initramfs, I get an error saying that it is unable to find gentoo-root, but then proceeds to decryption. It does not proceed when booting the distribution kernel.

@desultory
Copy link
Owner

Thank you, I am using v1.28.2

For the algorithm I am using serpent I believe, but it worked before with this.

When booting even from the old initramfs, I get an error saying that it is unable to find gentoo-root, but then proceeds to decryption. It does not proceed when booting the distribution kernel.

Ok this helps some, it currently doesn't check for serpent. Have you tried the 9999 ebuild (from the main branch)?

If you can share more of the log with --debug enabled, that would help.

There should be a log line that says something like "LUKS header information" with dict contents of the parsed header. It should have an "encryption" attribute.

The main thing I need to address is confirming the right kmod is pulled. It may just be the "serpent" kmod.

@desultory
Copy link
Owner

The check can be disabled by disabling header validation, and in this case, the check may be failing too easily. It's meant to be a build time check to ensure it's making an image that can handle your setup.

@desultory
Copy link
Owner

desultory commented Dec 27, 2024
edited
Loading

Ok, I think I fixed it by making it init empty strings if it can't get those values. I'm confused why your header doesn't have keyslots..area.encryption, I did a test with serpent and mine has that.

#148

In my test, it doesn't seem that /proc/crypto says the serpent kmod is being used, and for some reason cryptsetup doesn't report it has serpent ciphers in cryptsetup --help. I'm not sure how i can safely make it check for this, so it just ignores it for now.

@julie-de-ville
Copy link
Author

Hi. I tried with 9999 and I am still getting the error, but it at least generates the initramfs. The error it throws lists block devices, and there are only nvme devices, and I think it is because I am running the installation off of an external ssd chasis. I would like to get it to decrypt with the distribution kernel, because my touchpad isn't working and I can't figure out the kernel config for it.

The new initramfs still boots with the custom kernel, but I have to click through the errors to get it to prompt for decryption.

@desultory
Copy link
Owner

Hi. I tried with 9999 and I am still getting the error, but it at least generates the initramfs. The error it throws lists block devices, and there are only nvme devices, and I think it is because I am running the installation off of an external ssd chasis. I would like to get it to decrypt with the distribution kernel, because my touchpad isn't working and I can't figure out the kernel config for it.

The new initramfs still boots with the custom kernel, but I have to click through the errors to get it to prompt for decryption.

The exact same error? can you please send it?

If you mean there is an error at run time, that is likely because of missing kmods. If you're building ugrd for another system, you have to manually set the cryptsetup UUIDs and disable hostonly mode/validation. nvme is generally a kmod for dist-kernel, so if you're building it on a system that does not use that, you must be sure to include it in kmod_init in the config.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@desultory @julie-de-ville