11 Oct 2024 |
Arian | I wanna find a way for this to still do typechecking and doc generation though. | 21:34:23 |
Arian | As that's what I really miss | 21:34:27 |
Ramses 🇵🇸 | In reply to @arianvp:matrix.org now service-b can not change settings of service-a for example They could still reach into the config at a lower level and change things there though, couldn't they? Like set options in systemd.services.service-a from service-b | 21:51:25 |
Ramses 🇵🇸 | In reply to @elvishjerricco:matrix.org
in systemd.mount 's section on What= :
If this mount is a bind mount and the specified path does not exist yet it is created as directory.
Will this not do the wrong thing for files then? Things like /etc/machine-id for instance | 21:58:06 |
ElvishJerricco | In reply to @rvdp:infosec.exchange Will this not do the wrong thing for files then? Things like /etc/machine-id for instance If the source machine-id already exists it'll be fine. But yes if it doesn't it'll be a problem. But that will already be a problem because systemd will try to make the machine-id file in the root fs before it does anything else since we merged that change a little bit ago | 22:01:47 |
Ramses 🇵🇸 | Hmm, it used to work correctly before. I'll need to test this then | 22:03:09 |
Ramses 🇵🇸 | But also in general preservation supports bind mounting files | 22:03:30 |
mjm | hmm i wonder if this is why impermanence does its file bind mounts in a service instead of as fstab entries or mount units | 22:31:33 |
12 Oct 2024 |
ElvishJerricco | In reply to @rvdp:infosec.exchange Hmm, it used to work correctly before. I'll need to test this then How did it work before? What would be generating the file? | 00:35:57 |
| @simonoscr:matrix.org left the room. | 09:42:50 |
hexa | why is unlocking in initrd with systemd so scuffed? | 19:08:40 |
hexa | -bash-5.2# systemctl default
🔐 Please enter passphrase for disk root (cryptroot):
Job for initrd.target canceled.
| 19:08:45 |
ElvishJerricco | wait what? | 19:09:13 |
hexa | -bash-5.2# systemctl default
🔐 Please enter passphrase for disk Linux filesystem (meduna-root0):
🔐 Please enter passphrase for disk Linux filesystem (meduna-root1): (press TAB for no echo)
Invalid password file /run/systemd/ask-password/ask.vRwQNA
Invalid password file /run/systemd/ask-password/ask.A1Bhlr
Invalid password file /run/systemd/ask-password/ask.Fdey84
Failed to process password: Bad message
Shared connection to unlock.example.com closed.
| 19:09:30 |
ElvishJerricco | whoa | 19:09:40 |
hexa | both of these were working unlocks fwiw 😄 | 19:09:45 |
ElvishJerricco | never seen that before | 19:09:47 |
ElvishJerricco | what systemd version? | 19:09:55 |
hexa | a failed one might look like this | 19:09:57 |
hexa | -bash-5.2# systemctl default
🔐 Please enter passphrase for disk Linux filesystem (juno):
A dependency job for initrd.target failed. See 'journalctl -xe' for details.
-bash-5.2# systemd-tty-ask-password-agent
-bash-5.2# reboot
Failed to connect to bus: Connection refused
-bash-5.2#
Read from remote host unlock.juno.lossy.network: Connection reset by peer
Connection to unlock.juno.lossy.network closed.
| 19:10:23 |
hexa | 255.9 | 19:10:33 |
ElvishJerricco | Did you let the device timeout? Or was this immediate? | 19:12:40 |
hexa | In reply to @hexa:lossy.network
-bash-5.2# systemctl default
🔐 Please enter passphrase for disk Linux filesystem (meduna-root0):
🔐 Please enter passphrase for disk Linux filesystem (meduna-root1): (press TAB for no echo)
Invalid password file /run/systemd/ask-password/ask.vRwQNA
Invalid password file /run/systemd/ask-password/ask.A1Bhlr
Invalid password file /run/systemd/ask-password/ask.Fdey84
Failed to process password: Bad message
Shared connection to unlock.example.com closed.
in this case it asked me for the password of the 2nd disk, but I could never enter it, and it unlocked because it is the same password as the first disk | 19:12:53 |
hexa | no, immediate | 19:12:56 |
ElvishJerricco | well I'm very confused | 19:13:34 |
hexa | all of these use zfs | 19:13:46 |
hexa | and it might as well be my systemd unit that I use for impermanence | 19:14:15 |
ElvishJerricco | Hm. Well I don't think I have time to help much right this second; I'm probably about to be busy for the next hour or so. But I can come back to this. I have no idea where to start though | 19:14:54 |
ElvishJerricco | If you can find any way to reproduce in a virt-manager VM or anything like that, that would be helpful of course. | 19:15:39 |
hexa | sshd[287]: Accepted publickey for root from fd42:23:42:b864:7285:c2ff:fe67:b78f port 59914 ssh2: ED25519 SHA256:lalalala
systemd[1]: systemd-vconsole-setup.service: Deactivated successfully.
systemd[1]: Stopped Virtual Console Setup.
sshd[290]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
sshd[290]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
systemd-cryptsetup[258]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-id/nvme-Samsung_SSD_980_PRO_250GB_S5GZNG0NC02865L-part2.
systemd-cryptsetup[259]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-id/nvme-Samsung_SSD_980_PRO_250GB_S5GZNG0NC02873N-part2.
systemd-cryptsetup[282]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-id/ata-TOSHIBA_MG08ACA16TE_61S0A117F57H.
systemd-cryptsetup[283]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-id/ata-TOSHIBA_MG08ACA16TE_61S0A174F57H.
systemd-cryptsetup[281]: Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/disk/by-id/ata-TOSHIBA_MG08ACA16TE_61S0A14CF57H.
systemd-tty-ask-password-agent[269]: Invalid password file /run/systemd/ask-password/ask.y3lcd7
systemd-tty-ask-password-agent[269]: Failed to process password: Bad message
kernel: Key type encrypted registered
systemd[1]: Finished Cryptography Setup for meduna-tank2.
sshd[287]: Received disconnect from fd42:23:42:b864:7285:c2ff:fe67:b78f port 59914:11: disconnected by user
| 19:19:28 |