| 27 Nov 2022 |
 @me:linj.tech | In reply to @me:linj.tech
oneshot does not change this well, oneshot does make sure my service is before cryptsetup-pre.target. I confirm it with sleep 10 | 23:20:40 |
| @me:linj.tech | thanks | 23:20:53 |
| @me:linj.tech | It's weird that my pre-device-command.service and cryptsetup-pre.target stops after finishing running nixos activation script.
from man systemd.special:
this target (cryptsetup-pre.target) is particularly useful to ensure that a service is shut down only after all encrypted block devices are fully stopped.
| 23:27:01 |
| @me:linj.tech | guess our initrd is not the same as what systemd's manual says | 23:28:06 |
 @elvishjerricco:matrix.org | How is that not in line with the manual? | 23:28:25 |
| @me:linj.tech | I think what the manual says is that cryptsetup-pre.target should be stopped when the system is shutdown | 23:29:44 |
| @me:linj.tech | but now, it is stopped after stage 2 | 23:29:54 |
| @elvishjerricco:matrix.org | That's not quite accurate | 23:30:22 |
| @elvishjerricco:matrix.org | Stage 1 has two big systemd transactions. First is initrd.target, and after that there's a service called initrd-cleanup.service that does systemctl isolate initrd-switch-root.target, which is the second transaction. This causes everything else to be stopped | 23:31:49 |
| @elvishjerricco:matrix.org | So that second transaction is in some ways very similar to system shutdown | 23:32:08 |
| @elvishjerricco:matrix.org | Any services in initrd that aren't supposed to be stopped by this (e.g. plymouth) need to either be wanted by initrd-switch-root.target, or have IgnoreOnIsolate=true | 23:33:37 |
 Arian | In reply to @me:linj.tech
my keyfile has a pre-defined key in it Then don't use /dev/urandom | 23:34:18 |
| Arian | But the keyfile :) | 23:35:03 |
| @me:linj.tech | interesting, will try that later | 23:35:07 |
| @elvishjerricco:matrix.org | In reply to @me:linj.tech
emm, what I want is somewhat weird: generate a keyfile on the fly for luks without storing that keyfile in initrd I am curious what exactly you mean by this. If it's not randomly generated, then where is this key file you're actually trying to use? | 23:36:07 |
| @me:linj.tech | In reply to @elvishjerricco:matrix.org
I am curious what exactly you mean by this. If it's not randomly generated, then where is this key file you're actually trying to use? mkdir -p ${luksKeyFileDir}
mount -t ramfs none ${luksKeyFileDir}
echo -n password > ${luksKeyFile}
chown 0:0 ${luksKeyFile}
chmod 0400 ${luksKeyFile}
| 23:37:14 |
| @elvishjerricco:matrix.org | so it is stored in the initrd? Just in the form of a script? | 23:37:54 |
| @me:linj.tech | I want to run that before unlocking luks | 23:37:58 |
| @me:linj.tech | yeah | 23:38:53 |
| 30 Nov 2022 |
|  @chillermiller3:matrix.org left the room. | 05:29:40 |
| 1 Dec 2022 |
|  @jkarlson:kapsi.fi changed their display name from Emil Karlson to Emil Thorsoe. | 08:20:44 |
| @jkarlson:kapsi.fi changed their display name from Emil Thorsoe to Emil Thorsøe. | 08:25:10 |
|  @hexa:lossy.network changed their display name from hexa to hexa (22.11 now). | 13:08:44 |
| @hexa:lossy.network changed their display name from hexa (22.11 now) to hexa. | 14:38:33 |
| 5 Dec 2022 |
 @janne.hess:helsinki-systems.de | ElvishJerricco: did we have stripping enabled by default on 22.05 already? | 18:29:44 |
| @elvishjerricco:matrix.org | Janne Heß: I don't remember how that panned out off the top of my head. I think we enabled stripping by default for initrd but not for shutdown ramfs? | 18:31:13 |
| @janne.hess:helsinki-systems.de | Yeah that wasn't too great for some reason | 18:31:28 |
| @janne.hess:helsinki-systems.de | My Pi didn't boot because it couldn't load dm_mod because of: https://linux-tips.com/t/how-to-strip-linux-kernel-modules/472 | 18:31:40 |
| @janne.hess:helsinki-systems.de | (only took me 2 days to debug this - the kernel even hinted what could be the issue) | 18:31:55 |
| @elvishjerricco:matrix.org | Yea we didn't want binutils in the runtime closure of a system. It's not needed at runtime for initrd but it would be for shutdown ramfs | 18:32:38 |
