From unknown Thu Jun 19 14:29:43 2025 X-Loop: help-debbugs@gnu.org Subject: bug#54770: Non-root LUKS devices unusable after Shepherd upgrade Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 07 Apr 2022 16:34:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 54770 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 54770@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16493491998895 (code B ref -1); Thu, 07 Apr 2022 16:34:01 +0000 Received: (at submit) by debbugs.gnu.org; 7 Apr 2022 16:33:19 +0000 Received: from localhost ([127.0.0.1]:33223 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ncV4Q-0002JP-UP for submit@debbugs.gnu.org; Thu, 07 Apr 2022 12:33:19 -0400 Received: from lists.gnu.org ([209.51.188.17]:42164) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ncV4P-0002JI-J4 for submit@debbugs.gnu.org; Thu, 07 Apr 2022 12:33:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37690) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncV4P-0001DE-DL for bug-guix@gnu.org; Thu, 07 Apr 2022 12:33:17 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:51670) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncV4P-0006aW-3D for bug-guix@gnu.org; Thu, 07 Apr 2022 12:33:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=kK82B2yGE9bueS3xrav8rJVQffiHIg6phmAI6mgTmwM=; b=pjqoDR00gDpkNg SUkT3MASCnapq/II8qjkBVHggh+3WPpuMBguTcjOiqHsIHQ75L8yaDhzvgo7oqfQDd6jC4WyNUBzt JS/fr0YAltYFvchAqbkNsbIA604gDXIfg6QZYdpMSl1H+55GM9Mubmme5JHPwYnnWuFehfVbzfD0v cKbVCS3MWT7x3/z9oioG0r56yDi+nAX+va05HTrHKAbUFeegDvc8yp++CkxSXbQ8czwc2oF4GF1u3 9kz1Rf90tFvLJAV0VlNNkf09bqni7b9DrPXiT4sZ4Zs/wAfmqMymYOr0UHPq/D8HQIMSKNDaprkIb NQX0EWZFVZanyy/ecq3g==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=52546 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncV4K-00030P-9Y for bug-guix@gnu.org; Thu, 07 Apr 2022 12:33:12 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 18 Germinal an 230 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 07 Apr 2022 18:33:10 +0200 Message-ID: <87r168etvd.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! Following the Shepherd upgrade in commit 400c9ed3d779308e56038305d40cd93acb496180, attempts to open non-root LUKS devices from a Shepherd service fail with this cryptsetup message: Nothing to read on input. This is because standard input is now /dev/null so it cannot read the passphrase. This is because =E2=80=9Cshepherd.conf=E2=80=9D now does: (start-in-the-background =E2=80=A6) (redirect-port (open-input-file "/dev/null") (current-input-port)) =E2=80=A6 meaning that =E2=80=98redirect-port=E2=80=99 is now called before= services are started. =E2=80=98fsck=E2=80=99 invocations for non-root file systems (started from = Shepherd services) would have the same problem. I=E2=80=99ll try and come up with a solution=E2=80=A6 Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 07 12:40:53 2022 Received: (at control) by debbugs.gnu.org; 7 Apr 2022 16:40:53 +0000 Received: from localhost ([127.0.0.1]:33238 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ncVBl-0002Vm-Ey for submit@debbugs.gnu.org; Thu, 07 Apr 2022 12:40:53 -0400 Received: from eggs.gnu.org ([209.51.188.92]:46348) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ncVBk-0002Va-5j for control@debbugs.gnu.org; Thu, 07 Apr 2022 12:40:52 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:51724) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncVBe-0007xU-TE for control@debbugs.gnu.org; Thu, 07 Apr 2022 12:40:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-version:Subject:From:To:Date:in-reply-to: references; bh=X9lWtxVcXUUs57v89aETHDrrF+ombJ3m2tJ2kpV0TQc=; b=YbcVT7Z6RETqe2 cJoctZJzEAYhCGsIWXSqqKqolWMFj3O1Zy2ne7SsOJFTkpdL7Z/9KsGb8lCuPLYmsn3UDt/VcHtYj A/a4gRkxW8D6CBF5Vc+m7DwR8U0EoVLh5qG++qbxEzJUMUOzglCzOo20nZrwvJ9bR82SzfR8fchyh fGWkAEmkuzXam2l+REeogcKylRNff4LStRiVpeHZ7+xK2YEKRcU974nDgg6zIgRAahNMxtRH6dvrg 47dXuTTtOqo8gYNNBJmudPmgCDA7wxQLceR4xXEG04KOIViMoaxOW8/lVBIBXwJanlgMK1q7lAQIp lgZDXJNpdaBQqNMpe6mA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:53773 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncVBe-0003rs-Ey for control@debbugs.gnu.org; Thu, 07 Apr 2022 12:40:46 -0400 Date: Thu, 07 Apr 2022 18:40:45 +0200 Message-Id: <87lewgetiq.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #54770 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) severity 54770 important quit From unknown Thu Jun 19 14:29:43 2025 X-Loop: help-debbugs@gnu.org Subject: bug#54770: Non-root LUKS devices unusable after Shepherd upgrade Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 08 Apr 2022 09:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54770 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 54770@debbugs.gnu.org Received: via spool by 54770-submit@debbugs.gnu.org id=B54770.164941035413997 (code B ref 54770); Fri, 08 Apr 2022 09:33:02 +0000 Received: (at 54770) by debbugs.gnu.org; 8 Apr 2022 09:32:34 +0000 Received: from localhost ([127.0.0.1]:33964 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nckyk-0003dc-Kn for submit@debbugs.gnu.org; Fri, 08 Apr 2022 05:32:34 -0400 Received: from eggs.gnu.org ([209.51.188.92]:45750) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nckyi-0003dO-Qh for 54770@debbugs.gnu.org; Fri, 08 Apr 2022 05:32:29 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:37572) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nckyd-0001od-FH for 54770@debbugs.gnu.org; Fri, 08 Apr 2022 05:32:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=gMcXDZnXd+Ym2Vds85fzW/b0OX2Qv53iBDW1GEN12wk=; b=jeW2/BatYdwKSHjQ1DBR 9cOcvW9NMZY1Q3/89t0E5XWN3ixiuhGEvAC356cEsCyzEQU+ycdu+S1mxcrKX5PBcxeoxm2mrQBcy SR+ZK3WzF+WwPaK+vm4nCgDUb/ChRdiaAwdtwwKypH+I7dj1mb5j9jbMrcCqKUFoUXuQsNxKpFBJu USr5hVrxuXQM4K0VEjpH4YKk8dHfmBzKCgLBjz35qv2GxZWDc23WnkN+D/2JPozzzirDv7SVJoxuO PFkq8aNktMuhcOyP2rIgvwPzFikcYnuYJeSj7kqNDBV3yT3tln5axIGfu4lCgkr7JvOJqfmBgi3hS w/4anyOagxbIsQ==; Received: from [193.50.110.136] (port=50052 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nckya-0007qS-0L for 54770@debbugs.gnu.org; Fri, 08 Apr 2022 05:32:23 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87r168etvd.fsf@inria.fr> Date: Fri, 08 Apr 2022 11:32:17 +0200 In-Reply-To: <87r168etvd.fsf@inria.fr> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Thu, 07 Apr 2022 18:33:10 +0200") Message-ID: <87mtgvdiou.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Ludovic Court=C3=A8s skribis: > Following the Shepherd upgrade in commit > 400c9ed3d779308e56038305d40cd93acb496180, attempts to open non-root LUKS > devices from a Shepherd service fail with this cryptsetup message: > > Nothing to read on input. > > This is because standard input is now /dev/null so it cannot read the > passphrase. In Cryptsetup, the =E2=80=98tools_get_key=E2=80=99 function reads this: --8<---------------cut here---------------start------------->8--- if (tools_is_stdin(key_file)) { if (isatty(STDIN_FILENO)) { if (keyfile_offset) { log_err(_("Cannot use offset with terminal input.")= ); } else { if (!prompt && !crypt_get_device_name(cd)) snprintf(tmp, sizeof(tmp), _("Enter passphr= ase: ")); else if (!prompt) { backing_file =3D crypt_loop_backing_file(cr= ypt_get_device_name(cd)); snprintf(tmp, sizeof(tmp), _("Enter passphr= ase for %s: "), backing_file ?: crypt_get_device_name(cd)); free(backing_file); } r =3D crypt_get_key_tty(prompt ?: tmp, key, key_siz= e, timeout, verify, cd); } } else { log_dbg("STDIN descriptor passphrase entry requested."); /* No keyfile means STDIN with EOL handling (\n will end in= put)). */ r =3D crypt_keyfile_device_read(cd, NULL, key, key_size, keyfile_offset, keyfile_size_max, key_file ? 0 : CRYPT_KEYFILE_STOP_EOL); } } --8<---------------cut here---------------end--------------->8--- isatty(3) would return 0 when stdin is /dev/null; simply binding stdin to /dev/console: (with-input-from-file "/dev/console" (lambda () (system* "cryptsetup" =E2=80=A6))) wouldn=E2=80=99t help, for reasons that are less clear to me=C2=B9. The attached patch solves the =E2=80=98cryptsetup open=E2=80=99 problem for= the case when =E2=80=98cryptsetup=E2=80=99 is invoked from shepherd=E2=80=94e.g., fo= r an encrypted /home. I=E2=80=99m now running the =E2=80=9Cencrypted-root-os=E2=80=9D test. I=E2=80=99m not sure how to test fsck interactivity though; ideas welcome. = If you=E2=80=99re reading this and would like to test it on the bare metal (wo= rst case is it fails to boot and you have to reboot into the older generation), that=E2=80=99s also much appreciated. Feedback welcome! Thanks, Ludo=E2=80=99. =C2=B9 This returns true: sudo strace -f -o ,,s guile -c '(with-input-from-file "/dev/console" (lam= bda () (system* "guile" "-c" "(pk (isatty? (current-input-port)))")))' --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm index d95340df83..b06a4cc25c 100644 --- a/gnu/build/file-systems.scm +++ b/gnu/build/file-systems.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright =C2=A9 2014, 2015, 2016, 2017, 2018, 2020, 2021 Ludovic Cour= t=C3=A8s +;;; Copyright =C2=A9 2014-2018, 2020-2022 Ludovic Court=C3=A8s ;;; Copyright =C2=A9 2016, 2017 David Craven ;;; Copyright =C2=A9 2017 Mathieu Othacehe ;;; Copyright =C2=A9 2019 Guillaume Le Vaillant @@ -54,6 +54,7 @@ (define-module (gnu build file-systems) =20 bind-mount =20 + system*/tty mount-flags->bit-mask check-file-system mount-file-system @@ -67,6 +68,33 @@ (define-module (gnu build file-systems) ;;; ;;; Code: =20 +(define (system*/console program . args) + "Run PROGRAM with ARGS in a tty on top of /dev/console. The return valu= e is +as for 'system*'." + (match (primitive-fork) + (0 + (dynamic-wind + (const #t) + (lambda () + (login-tty (open-fdes "/dev/console" O_RDWR)) + (apply execlp program program args)) + (lambda () + (primitive-_exit 127)))) + (pid + (cdr (waitpid pid))))) + +(define (system*/tty program . args) + "Run PROGRAM with ARGS, creating a tty if its standard input isn't one. +The return value is as for 'system*'. + +This is necessary for commands such as 'cryptsetup open' or 'fsck' that may +need to interact with the user but might be invoked from shepherd, where +standard input is /dev/null." + (apply (if (isatty? (current-input-port)) + system* + system*/console) + program args)) + (define (bind-mount source target) "Bind-mount SOURCE at TARGET." (mount source target "" MS_BIND)) @@ -180,13 +208,13 @@ (define (check-ext2-file-system device force? repair) do not write to the file system to fix errors. If it's #t, fix all errors. Otherwise, fix only those considered safe to repair automatically= ." (match (status:exit-val - (apply system* `("e2fsck" "-v" "-C" "0" - ,@(if force? '("-f") '()) - ,@(match repair - (#f '("-n")) - (#t '("-y")) - (_ '("-p"))) - ,device))) + (apply system*/tty "e2fsck" "-v" "-C" "0" + `(,@(if force? '("-f") '()) + ,@(match repair + (#f '("-n")) + (#t '("-y")) + (_ '("-p"))) + ,device))) (0 'pass) (1 'errors-corrected) (2 'reboot-required) @@ -312,14 +340,14 @@ (define (check-bcachefs-file-system device force? rep= air) (status ;; A number, or #f on abnormal termination (e.g., assertion failu= re). (status:exit-val - (apply system* `("bcachefs" "fsck" "-v" - ,@(if force? '("-f") '()) - ,@(match repair - (#f '("-n")) - (#t '("-y")) - (_ '("-p"))) - ;; Make each multi-device member a separate arg= ument. - ,@(string-split device #\:)))))) + (apply system*/tty "bcachefs" "fsck" "-v" + `(,@(if force? '("-f") '()) + ,@(match repair + (#f '("-n")) + (#t '("-y")) + (_ '("-p"))) + ;; Make each multi-device member a separate argument. + ,@(string-split device #\:)))))) (match (and=3D> status (cut logand <> (lognot ignored-bits))) (0 'pass) (1 'errors-corrected) @@ -364,17 +392,17 @@ (define (check-btrfs-file-system device force? repair) fix only those considered safe to repair automatically." (if force? (match (status:exit-val - (apply system* `("btrfs" "check" "--progress" - ;; Btrfs's =E2=80=98--force=E2=80=99 is not= relevant to us here. - ,@(match repair - ;; Upstream considers ALL repairs dange= rous - ;; and will warn the user at run time. - (#t '("--repair")) - (_ '("--readonly" ; a no-op for clarity - ;; A 466G file system with 180G u= sed is - ;; enough to kill btrfs with 6G o= f RAM. - "--mode" "lowmem"))) - ,device))) + (apply system*/tty "btrfs" "check" "--progress" + ;; Btrfs's =E2=80=98--force=E2=80=99 is not relevant = to us here. + `(,@(match repair + ;; Upstream considers ALL repairs dangerous + ;; and will warn the user at run time. + (#t '("--repair")) + (_ '("--readonly" ; a no-op for clarity + ;; A 466G file system with 180G used is + ;; enough to kill btrfs with 6G of RAM. + "--mode" "lowmem"))) + ,device))) (0 'pass) (_ 'fatal-error)) 'pass)) @@ -412,11 +440,11 @@ (define (check-fat-file-system device force? repair) not write to the file system to fix errors. Otherwise, automatically fix t= hem using the least destructive approach." (match (status:exit-val - (apply system* `("fsck.vfat" "-v" - ,@(match repair - (#f '("-n")) - (_ '("-a"))) ; no 'safe/#t distinction - ,device))) + (system*/tty "fsck.vfat" "-v" + (match repair + (#f "-n") + (_ "-a")) ;no 'safe/#t distinction + device)) (0 'pass) (1 'errors-corrected) (_ 'fatal-error))) @@ -545,7 +573,7 @@ (define (check-jfs-file-system device force? repair) only if FORCE? is true. Otherwise, replay the transaction log before chec= king and automatically fix found errors." (match (status:exit-val - (apply system* + (apply system*/tty `("jfs_fsck" "-v" ;; The =E2=80=98LEVEL=E2=80=99 logic is convoluted. To= quote fsck/xchkdsk.c ;; (=E2=80=98-p=E2=80=99, =E2=80=98-a=E2=80=99, and =E2= =80=98-r=E2=80=99 are aliases in every way): @@ -621,10 +649,10 @@ (define (check-f2fs-file-system device force? repair) "warning: forced check of F2FS ~a implies repairing any errors= ~%" device)) (match (status:exit-val - (apply system* `("fsck.f2fs" - ,@(if force? '("-f") '()) - ,@(if repair '("-p") '("--dry-run")) - ,device))) + (apply system*/tty "fsck.f2fs" + `(,@(if force? '("-f") '()) + ,@(if repair '("-p") '("--dry-run")) + ,device))) ;; 0 and -1 are the only two possibilities according to the man page. (0 'pass) (_ 'fatal-error))) @@ -709,9 +737,9 @@ (define (check-ntfs-file-system device force? repair) true and the volume has been repaired by an external tool, clear the volume dirty flag to indicate that it's now safe to mount." (match (status:exit-val - (apply system* `("ntfsfix" - ,@(if repair '("--clear-dirty") '("--no-action"= )) - ,device))) + (system*/tty "ntfsfix" + (if repair "--clear-dirty" "--no-action") + device)) (0 'pass) (_ 'fatal-error))) =20 @@ -754,11 +782,11 @@ (define (check-xfs-file-system device force? repair) Otherwise, only replay the log, and check without attempting further repai= rs." (define (xfs_repair) (status:exit-val - (apply system* `("xfs_repair" "-Pv" - ,@(match repair - (#t '("-e")) - (_ '("-n"))) ; will miss some errors - ,device)))) + (system*/tty "xfs_repair" "-Pv" + (match repair + (#t "-e") + (_ "-n")) ;will miss some errors + device))) (if force? ;; xfs_repair fails with exit status 2 if the log is dirty, which is ;; likely in situations where you're running xfs_repair. Only the k= ernel diff --git a/gnu/system/mapped-devices.scm b/gnu/system/mapped-devices.scm index 96a381d5fe..e6b8970c12 100644 --- a/gnu/system/mapped-devices.scm +++ b/gnu/system/mapped-devices.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright =C2=A9 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovi= c Court=C3=A8s +;;; Copyright =C2=A9 2014-2022 Ludovic Court=C3=A8s ;;; Copyright =C2=A9 2016 Andreas Enge ;;; Copyright =C2=A9 2017, 2018 Mark H Weaver ;;; @@ -202,7 +202,8 @@ (define (open-luks-device source targets) ;; XXX: 'use-modules' should be at the top level. (use-modules (rnrs bytevectors) ;bytevector? ((gnu build file-systems) - #:select (find-partition-by-luks-uuid)) + #:select (find-partition-by-luks-uuid + system*/tty)) ((guix build utils) #:select (mkdir-p))) =20 ;; Create '/run/cryptsetup/' if it does not exist, as device lo= cking @@ -211,28 +212,32 @@ (define (open-luks-device source targets) =20 ;; Use 'cryptsetup-static', not 'cryptsetup', to avoid pulling = the ;; whole world inside the initrd (for when we're in an initrd). - (zero? (system* #$(file-append cryptsetup-static "/sbin/cryptse= tup") - "open" "--type" "luks" + ;; 'cryptsetup open' requires standard input to be a tty to all= ow + ;; for interaction but shepherd sets standard input to /dev/nul= l; + ;; thus, explicitly request a tty. + (zero? (system*/tty + #$(file-append cryptsetup-static "/sbin/cryptsetup") + "open" "--type" "luks" =20 - ;; Note: We cannot use the "UUID=3Dsource" synt= ax here - ;; because 'cryptsetup' implements it by search= ing the - ;; udev-populated /dev/disk/by-id directory but= udev may - ;; be unavailable at the time we run this. - (if (bytevector? source) - (or (let loop ((tries-left 10)) - (and (positive? tries-left) - (or (find-partition-by-luks-uuid= source) - ;; If the underlying partiti= on is - ;; not found, try again after - ;; waiting a second, up to t= en - ;; times. FIXME: This shoul= d be - ;; dealt with in a more robu= st way. - (begin (sleep 1) - (loop (- tries-left 1= )))))) - (error "LUKS partition not found" sourc= e)) - source) + ;; Note: We cannot use the "UUID=3Dsource" syntax here + ;; because 'cryptsetup' implements it by searching the + ;; udev-populated /dev/disk/by-id directory but udev may + ;; be unavailable at the time we run this. + (if (bytevector? source) + (or (let loop ((tries-left 10)) + (and (positive? tries-left) + (or (find-partition-by-luks-uuid source) + ;; If the underlying partition is + ;; not found, try again after + ;; waiting a second, up to ten + ;; times. FIXME: This should be + ;; dealt with in a more robust way. + (begin (sleep 1) + (loop (- tries-left 1)))))) + (error "LUKS partition not found" source)) + source) =20 - #$target))))))) + #$target))))))) =20 (define (close-luks-device source targets) "Return a gexp that closes TARGET, a LUKS device." --=-=-=-- From unknown Thu Jun 19 14:29:43 2025 X-Loop: help-debbugs@gnu.org Subject: bug#54770: Non-root LUKS devices unusable after Shepherd upgrade Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 08 Apr 2022 13:35:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54770 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 54770@debbugs.gnu.org Received: via spool by 54770-submit@debbugs.gnu.org id=B54770.16494248647221 (code B ref 54770); Fri, 08 Apr 2022 13:35:01 +0000 Received: (at 54770) by debbugs.gnu.org; 8 Apr 2022 13:34:24 +0000 Received: from localhost ([127.0.0.1]:34324 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ncokq-0001sP-Ch for submit@debbugs.gnu.org; Fri, 08 Apr 2022 09:34:24 -0400 Received: from eggs.gnu.org ([209.51.188.92]:38422) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ncoko-0001sC-Hp for 54770@debbugs.gnu.org; Fri, 08 Apr 2022 09:34:22 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:35960) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncokj-0003Zo-3Q for 54770@debbugs.gnu.org; Fri, 08 Apr 2022 09:34:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=F4X6jefhz5O31jMsNHxqITQsUc9kIkq8ynFtFzPzq9Y=; b=bFST1gFwjwRwUIbVsA9V XuqruYC0LzjPzuyfFOVCPpOJVs8RpeV8NITiLsHx8RzzSmj++8K8dcf9nwJcXkty/m8SCFAuB+dqq qY1XHVwnFMZgBDkusx7pNc1bzNDBFBUIaSY/ofb4fYORWtGpUgvLJmNsDpa0eMieo3QJa6HNVFSJH RdWg1AjfWXRa96Kl/y/uHLTFuy+ZEXlss6lh8MNeKpUrQ/bFH/vvV+q9HGbaMl73WOK5gCfG3JX0b NMFcbOSnz9KjTBozXlCMacMlXx7YwseA30ID8NZksU21HmO5HkrHqJXhfRMzo/1yyYmYLYEERhEXa icEWYHSn9/7uhw==; Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=45268 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncokg-0005nB-GI for 54770@debbugs.gnu.org; Fri, 08 Apr 2022 09:34:16 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87r168etvd.fsf@inria.fr> <87mtgvdiou.fsf@gnu.org> Date: Fri, 08 Apr 2022 15:34:12 +0200 In-Reply-To: <87mtgvdiou.fsf@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Fri, 08 Apr 2022 11:32:17 +0200") Message-ID: <878rsfd7hn.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable A note on my debugging tricks, for posterity=E2=80=A6 Initially, I tried to reproduce the issue (in a VM) with a Guile or Bash process that would be invoked from shepherd before =E2=80=98user-processes= =E2=80=99 and that would try to read from stdin: --8<---------------cut here---------------start------------->8--- (simple-service 'input shepherd-root-service-type (list (shepherd-service (provision '(input)) (start #~(lambda () (pk 'tty-before? (current-input-port) (isatty? (current-input-port))) (with-output-to-file "/dev/tty1" (lambda () (system* #$(file-append coreutils "/bin/ls") "-l" "/proc/s= elf/fd") (with-input-from-file "/dev/tty1" (lambda () (pk 'tty? (isatty? (current-input-port))) (system* #$(file-append coreutils "/bin/ls") "-l" "/proc/self/fd") (system* "/bin/sh" "-c" "echo read; read x; echo = got $x; read y")))))))))) (simple-service 'wait-for-input user-processes-service-type '(input)) --8<---------------cut here---------------end--------------->8--- For some reason, that did not reproduce the issue; =E2=80=98isatty?=E2=80= =99 would return true. So I though I=E2=80=99d arrange to run =E2=80=98cryptsetup open --type luks= =E2=80=99. To do that, I copied the header of a real LUKS partition: sudo dd if=3D/dev/sda2 of=3D/tmp/luks.img bs=3D1024 count=3D1025 and then came up with an OS config that would try to open than fake LUKS device: --=-=-= Content-Type: text/x-scheme Content-Disposition: inline (use-modules (gnu)) (use-service-modules networking ssh shepherd) (use-package-modules base linux screen ssh) (operating-system (host-name "komputilo") (timezone "Europe/Berlin") (locale "en_US.utf8") ;; Boot in "legacy" BIOS mode, assuming /dev/sdX is the ;; target hard disk, and "my-root" is the label of the target ;; root file system. (bootloader (bootloader-configuration (bootloader grub-bootloader) (targets '("/dev/sdX")))) (mapped-devices (list (mapped-device (source "/dev/loop0") (target "root") (type luks-device-mapping)))) (file-systems (cons (file-system (device (file-system-label "my-root")) (mount-point "/") (type "ext4")) %base-file-systems)) ;; This is where user accounts are specified. The "root" ;; account is implicit, and is initially created with the ;; empty password. (users (cons (user-account (name "alice") (comment "Bob's sister") (group "users") ;; Adding the account to the "wheel" group ;; makes it a sudoer. Adding it to "audio" ;; and "video" allows the user to play sound ;; and access the webcam. (supplementary-groups '("wheel" "audio" "video"))) %base-user-accounts)) ;; Globally-installed packages. (packages (cons screen %base-packages)) ;; Add services to the baseline: a DHCP client and ;; an SSH server. (services (append (list (service dhcp-client-service-type) (simple-service 'losetup activation-service-type #~(system* #$(file-append util-linux "/sbin/losetup") "/dev/loop0" #$(local-file "/tmp/luks.img"))) (service openssh-service-type (openssh-configuration (openssh openssh-sans-x) (port-number 2222)))) %base-services))) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable That=E2=80=99s enough to see whether =E2=80=98cryptsetup open=E2=80=99 mana= ges to read the passphrase and all. Eventually I confirmed by testing it on the bare metal, on a victim=E2=80= =99s laptop. Currently we don=E2=80=99t have an installation test with cleartext root + encrypted home; we should prolly do that. Ludo=E2=80=99. --=-=-=-- From unknown Thu Jun 19 14:29:43 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#54770: closed (Re: bug#54770: Non-root LUKS devices unusable after Shepherd upgrade) Message-ID: References: <87zgkvblc0.fsf@gnu.org> <87r168etvd.fsf@inria.fr> X-Gnu-PR-Message: they-closed 54770 X-Gnu-PR-Package: guix Reply-To: 54770@debbugs.gnu.org Date: Fri, 08 Apr 2022 16:19:01 +0000 Content-Type: multipart/mixed; boundary="----------=_1649434741-1046-1" This is a multi-part message in MIME format... ------------=_1649434741-1046-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #54770: Non-root LUKS devices unusable after Shepherd upgrade which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 54770@debbugs.gnu.org. --=20 54770: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D54770 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1649434741-1046-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 54770-done) by debbugs.gnu.org; 8 Apr 2022 16:18:19 +0000 Received: from localhost ([127.0.0.1]:35701 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ncrJT-0000Ft-9t for submit@debbugs.gnu.org; Fri, 08 Apr 2022 12:18:19 -0400 Received: from eggs.gnu.org ([209.51.188.92]:51388) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ncrJR-0000Fd-MP for 54770-done@debbugs.gnu.org; Fri, 08 Apr 2022 12:18:18 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:38246) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncrJK-00072N-Hf for 54770-done@debbugs.gnu.org; Fri, 08 Apr 2022 12:18:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=8q6HCFjMy1RdETbodBPXNhALuWhSQUWUfLAyTarxOGQ=; b=QK/b0fyu4w0Kk31nzknO MUVCeAFNMIwKMij409wjE3EI8863XrUya0TgmYW8Ww7uF6exBsLvZPKMCDuTBJHwClbgVbk/yZGVT T+9pB9oubui/LiqRVmryaU6CVYlQudt59cKlm5YKPPjwzEZHKitIEk4F1m+bYptZ5uGH6UQLMbwmU syNGFgTXCQM/jwme2a2tD839K5vsW5RBkAnXYtSxhruagqJMwsaW/9X7mQzF2+JXhUlttawnDskUx ilecMpv5VYW3OZgsqGCLEmIma3efdcuiXoouNW9PT9Qb+Fk9PFtSe6f+FN64hmhFPFNYGDkayeMfa YBi+d2NrJk5uiA==; Received: from [193.50.110.136] (port=50056 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncrJI-0004za-WC for 54770-done@debbugs.gnu.org; Fri, 08 Apr 2022 12:18:10 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: 54770-done@debbugs.gnu.org Subject: Re: bug#54770: Non-root LUKS devices unusable after Shepherd upgrade References: <87r168etvd.fsf@inria.fr> Date: Fri, 08 Apr 2022 18:18:07 +0200 In-Reply-To: <87r168etvd.fsf@inria.fr> ("Ludovic =?utf-8?Q?Court=C3=A8s=22?= =?utf-8?Q?'s?= message of "Thu, 07 Apr 2022 18:33:10 +0200") Message-ID: <87zgkvblc0.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 54770-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s skribis: > Following the Shepherd upgrade in commit > 400c9ed3d779308e56038305d40cd93acb496180, attempts to open non-root LUKS > devices from a Shepherd service fail with this cryptsetup message: > > Nothing to read on input. > > This is because standard input is now /dev/null so it cannot read the > passphrase. Fixed with these commits: f239b9d788 tests: Add "encrypted-home-os" installation test. dcb0e54a4f file-systems: Invoke fsck tools with 'system*/tty'. 931f13840b mapped-devices: Ensure 'cryptsetup open' gets a tty. Ludo=E2=80=99. ------------=_1649434741-1046-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 7 Apr 2022 16:33:19 +0000 Received: from localhost ([127.0.0.1]:33223 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ncV4Q-0002JP-UP for submit@debbugs.gnu.org; Thu, 07 Apr 2022 12:33:19 -0400 Received: from lists.gnu.org ([209.51.188.17]:42164) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ncV4P-0002JI-J4 for submit@debbugs.gnu.org; Thu, 07 Apr 2022 12:33:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37690) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncV4P-0001DE-DL for bug-guix@gnu.org; Thu, 07 Apr 2022 12:33:17 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:51670) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncV4P-0006aW-3D for bug-guix@gnu.org; Thu, 07 Apr 2022 12:33:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=kK82B2yGE9bueS3xrav8rJVQffiHIg6phmAI6mgTmwM=; b=pjqoDR00gDpkNg SUkT3MASCnapq/II8qjkBVHggh+3WPpuMBguTcjOiqHsIHQ75L8yaDhzvgo7oqfQDd6jC4WyNUBzt JS/fr0YAltYFvchAqbkNsbIA604gDXIfg6QZYdpMSl1H+55GM9Mubmme5JHPwYnnWuFehfVbzfD0v cKbVCS3MWT7x3/z9oioG0r56yDi+nAX+va05HTrHKAbUFeegDvc8yp++CkxSXbQ8czwc2oF4GF1u3 9kz1Rf90tFvLJAV0VlNNkf09bqni7b9DrPXiT4sZ4Zs/wAfmqMymYOr0UHPq/D8HQIMSKNDaprkIb NQX0EWZFVZanyy/ecq3g==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=52546 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ncV4K-00030P-9Y for bug-guix@gnu.org; Thu, 07 Apr 2022 12:33:12 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: bug-guix@gnu.org Subject: Non-root LUKS devices unusable after Shepherd upgrade X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 18 Germinal an 230 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 07 Apr 2022 18:33:10 +0200 Message-ID: <87r168etvd.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi! Following the Shepherd upgrade in commit 400c9ed3d779308e56038305d40cd93acb496180, attempts to open non-root LUKS devices from a Shepherd service fail with this cryptsetup message: Nothing to read on input. This is because standard input is now /dev/null so it cannot read the passphrase. This is because =E2=80=9Cshepherd.conf=E2=80=9D now does: (start-in-the-background =E2=80=A6) (redirect-port (open-input-file "/dev/null") (current-input-port)) =E2=80=A6 meaning that =E2=80=98redirect-port=E2=80=99 is now called before= services are started. =E2=80=98fsck=E2=80=99 invocations for non-root file systems (started from = Shepherd services) would have the same problem. I=E2=80=99ll try and come up with a solution=E2=80=A6 Ludo=E2=80=99. ------------=_1649434741-1046-1-- From unknown Thu Jun 19 14:29:43 2025 X-Loop: help-debbugs@gnu.org Subject: bug#54770: Non-root LUKS devices unusable after Shepherd upgrade References: <87r168etvd.fsf@inria.fr> In-Reply-To: <87r168etvd.fsf@inria.fr> Resent-From: Christoph Weiss Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sat, 09 Apr 2022 15:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54770 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 54770@debbugs.gnu.org Received: via spool by 54770-submit@debbugs.gnu.org id=B54770.164951649912156 (code B ref 54770); Sat, 09 Apr 2022 15:02:02 +0000 Received: (at 54770) by debbugs.gnu.org; 9 Apr 2022 15:01:39 +0000 Received: from localhost ([127.0.0.1]:38455 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndCap-00039z-A9 for submit@debbugs.gnu.org; Sat, 09 Apr 2022 11:01:39 -0400 Received: from mail.hq.wsoptics.de ([91.25.225.20]:35280) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndCRE-0002uG-VF for 54770@debbugs.gnu.org; Sat, 09 Apr 2022 10:51:48 -0400 Received: from [192.168.4.189] (p5b2bdbac.dip0.t-ipconnect.de [91.43.219.172]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: weiss@wsoptics.de) by mail.hq.wsoptics.de (Postfix) with ESMTPSA id 65D284C531B for <54770@debbugs.gnu.org>; Sat, 9 Apr 2022 16:51:36 +0200 (CEST) Message-ID: <7bc7e9a1-6bd4-2350-4389-d08ec072b3e3@wsoptics.de> Date: Sat, 9 Apr 2022 16:51:35 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Content-Language: en-US From: Christoph Weiss Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-120.00 / 15.00]; WHITELIST_SENDER_DOMAIN(-128.00)[wsoptics.de]; HFILTER_HELO_BADIP(4.50)[192.168.4.189,1]; VIOLATED_DIRECT_SPF(3.50)[]; BAYES_HAM(-3.00)[99.99%]; RBL_SPAMHAUS_PBL(2.00)[91.43.219.172:from]; R_SPF_FAIL(1.00)[-all]; DMARC_POLICY_SOFTFAIL(0.10)[wsoptics.de : No valid SPF, No valid DKIM,none]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; RCPT_COUNT_ONE(0.00)[1]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:3320, ipnet:91.0.0.0/10, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; TO_DN_NONE(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM(-0.00)[-1.000]; ARC_NA(0.00)[] X-Rspamd-Server: mail X-Rspamd-Queue-Id: 65D284C531B X-Spam-Score: -0.0 (/) X-Mailman-Approved-At: Sat, 09 Apr 2022 11:01:38 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) I ran into the same issue (no prompt but instead about 32 times the message "Nothing to read on input.") I bisected this issue myself (starting before the fix was pushed) and arrived at 400c9ed3d779308e56038305d40cd93acb496180 as the culprit. However, even with the current master (aa5716703fd4603dd89ce9b55f555b7aa85f4c9b), the issue has not been fixed for me. Please let me know if I should provide any specific info. Thank you. From unknown Thu Jun 19 14:29:43 2025 X-Loop: help-debbugs@gnu.org Subject: bug#54770: Non-root LUKS devices unusable after Shepherd upgrade Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 11 Apr 2022 12:40:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54770 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Christoph Weiss Cc: 54770@debbugs.gnu.org Received: via spool by 54770-submit@debbugs.gnu.org id=B54770.164968075912380 (code B ref 54770); Mon, 11 Apr 2022 12:40:01 +0000 Received: (at 54770) by debbugs.gnu.org; 11 Apr 2022 12:39:19 +0000 Received: from localhost ([127.0.0.1]:43010 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndtKA-0003Dc-Nw for submit@debbugs.gnu.org; Mon, 11 Apr 2022 08:39:18 -0400 Received: from eggs.gnu.org ([209.51.188.92]:36762) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndtK8-0003DM-Nx for 54770@debbugs.gnu.org; Mon, 11 Apr 2022 08:39:17 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:36592) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndtK0-0006nJ-Rj; Mon, 11 Apr 2022 08:39:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=Gv1uenJVRFDkOzU5ciRM5yL1Bz3792xUfAu1KuZ9B0Y=; b=EZ5fBFwhHjrr+O9BktfX h+8A7b+seJCH4QMXicAG2PHv/EYCDxXBf+iuQC12xauNNn3kQMA6GMyBa5ck3T2WUi/oIabYhFukK RzLNdga9G2CM9Cay/E00Z3/zz07NoSdNmJDUjAbVnpWlcVpiDhP6QCA9Ke+9fagtmyZAuEs96KPCN /gOpbkhjZzI0HfI1uYgIgxKWxf+wpRV2/9lic/TUb8c/IL9AyOdar62dji5d7V0CIhzo/GOE7/Asu icX+3Jvkxsid851qqM7ia4fKZlXVYMgg507aYCCBRQgcjS8wszgXYy1qkhyzwfohuZ+Pf0SBe0L0j l3OcGP8vlccMnA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:58947 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndtK0-0008S5-FJ; Mon, 11 Apr 2022 08:39:08 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87r168etvd.fsf@inria.fr> <7bc7e9a1-6bd4-2350-4389-d08ec072b3e3@wsoptics.de> Date: Mon, 11 Apr 2022 14:39:06 +0200 In-Reply-To: <7bc7e9a1-6bd4-2350-4389-d08ec072b3e3@wsoptics.de> (Christoph Weiss's message of "Sat, 9 Apr 2022 16:51:35 +0200") Message-ID: <874k2zkd5h.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Christoph, Christoph Weiss skribis: > I ran into the same issue (no prompt but instead about 32 times the > message "Nothing to read on input.") > > I bisected this issue myself (starting before the fix was pushed) and > arrived at 400c9ed3d779308e56038305d40cd93acb496180 as the culprit. > > However, even with the current master > (aa5716703fd4603dd89ce9b55f555b7aa85f4c9b), the issue has not been > fixed for me. It=E2=80=99s definitely fixed for me and the new =E2=80=98separate-home-os= =E2=80=99 system test agrees=C2=B9. Did you reconfigure after pulling? What does =E2=80=98guix system describe= =E2=80=99 report? Thanks, Ludo=E2=80=99. =C2=B9 https://ci.guix.gnu.org/search?query=3Dspec%3Atests+separate-home From unknown Thu Jun 19 14:29:43 2025 X-Loop: help-debbugs@gnu.org Subject: bug#54770: (no subject) References: <87r168etvd.fsf@inria.fr> In-Reply-To: <87r168etvd.fsf@inria.fr> Resent-From: Christoph Weiss Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 11 Apr 2022 17:09:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54770 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 54770@debbugs.gnu.org Received: via spool by 54770-submit@debbugs.gnu.org id=B54770.164969688319587 (code B ref 54770); Mon, 11 Apr 2022 17:09:02 +0000 Received: (at 54770) by debbugs.gnu.org; 11 Apr 2022 17:08:03 +0000 Received: from localhost ([127.0.0.1]:45617 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndxWF-00055q-J5 for submit@debbugs.gnu.org; Mon, 11 Apr 2022 13:08:03 -0400 Received: from mail.hq.wsoptics.de ([91.25.225.20]:55336) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndxWE-00055L-1u for 54770@debbugs.gnu.org; Mon, 11 Apr 2022 13:08:02 -0400 Received: from [192.168.4.179] (p5b2bdbac.dip0.t-ipconnect.de [91.43.219.172]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: weiss@wsoptics.de) by mail.hq.wsoptics.de (Postfix) with ESMTPSA id 54C0C4C8302 for <54770@debbugs.gnu.org>; Mon, 11 Apr 2022 19:07:54 +0200 (CEST) Message-ID: Date: Mon, 11 Apr 2022 19:07:53 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Content-Language: en-US From: Christoph Weiss Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-118.00 / 15.00]; WHITELIST_SENDER_DOMAIN(-128.00)[wsoptics.de]; HFILTER_HELO_BADIP(4.50)[192.168.4.179,1]; VIOLATED_DIRECT_SPF(3.50)[]; BAYES_HAM(-3.00)[99.99%]; RBL_SPAMHAUS_PBL(2.00)[91.43.219.172:from]; MISSING_SUBJECT(2.00)[]; R_SPF_FAIL(1.00)[-all:c]; DMARC_POLICY_SOFTFAIL(0.10)[wsoptics.de : No valid SPF, No valid DKIM,none]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; TO_DN_NONE(0.00)[]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:3320, ipnet:91.0.0.0/10, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM(-0.00)[-1.000]; ARC_NA(0.00)[] X-Rspamd-Server: mail X-Rspamd-Queue-Id: 54C0C4C8302 X-Spam-Score: 2.0 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hi Ludo, Thanks for your reply. Just to double check, I ran another `sudo guix pull` and `sudo guix system reconfigure /etc/config.scm`. I still cannot boot that installation. This is `guix system describe`'s output for my working revision: Content analysis details: (2.0 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 1.8 MISSING_SUBJECT Missing Subject: header 0.2 NO_SUBJECT Extra score for no subject -0.0 T_SCC_BODY_TEXT_LINE No description available. X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 1.0 (+) Hi Ludo, Thanks for your reply. Just to double check, I ran another `sudo guix pull` and `sudo guix system reconfigure /etc/config.scm`. I still cannot boot that installation. This is `guix system describe`'s output for my working revision: Generation 40 Apr 08 2022 19:52:13 file name: /var/guix/profiles/system-40-link canonical file name: /gnu/store/sp41bjidi9qrl0k1gqpxivrdign7f7d6-system label: GNU with Linux-Libre 5.16.14 bootloader: grub root device: UUID: b63f8b65-48f2-41a7-9652-9a0cb1759048 kernel: /gnu/store/1shy73077i3im91i4lv9bamifm4w29q1-linux-libre-5.16.14/bzImage channels: guix: repository URL: https://git.savannah.gnu.org/git/guix.git commit: f077fa0fd0519f0e04f458192a87854094aa36eb configuration file: /gnu/store/18hd645wcz8l5bvhp4lsy49cadq0d655-configuration.scm I'm not quite sure how to print the describe for the failing revision... Christoph From unknown Thu Jun 19 14:29:43 2025 X-Loop: help-debbugs@gnu.org Subject: bug#54770: Non-root LUKS devices unusable after Shepherd upgrade Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 12 Apr 2022 08:42:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54770 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Christoph Weiss Cc: 54770@debbugs.gnu.org Received: via spool by 54770-submit@debbugs.gnu.org id=B54770.164975289618265 (code B ref 54770); Tue, 12 Apr 2022 08:42:02 +0000 Received: (at 54770) by debbugs.gnu.org; 12 Apr 2022 08:41:36 +0000 Received: from localhost ([127.0.0.1]:47450 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1neC5g-0004kX-0p for submit@debbugs.gnu.org; Tue, 12 Apr 2022 04:41:36 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48950) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1neC5e-0004kG-EX for 54770@debbugs.gnu.org; Tue, 12 Apr 2022 04:41:34 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60700) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1neC5Y-0003r9-EX; Tue, 12 Apr 2022 04:41:28 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To: From; bh=Ckgtepjo0VX9a7oEYKI4BrtVv9tyrH5BvMDHAF1y/7Y=; b=fY0GdlcqhGzyBIENDqG8 +GqlDhbx4JtRVyzEqC/Kq9hGVf4AyQvsp3H6t9gbQstjPLmkxs/6eI5eWKgGwrw3P28TK9HWHn6fq yOZwCi2LfRUi5LydsLabyUBD56Vt8+Vz5b1LWwUf536DQHFFbGm+FX/+JX3FYMmA2h5Tl3A0SnOBU 6g4ttADB3F7iVif9kLoy2TirocN5VUxdsA2p8ld0rEF/wmNznoxWwzsWdNeaHdaJLhyR+/7YV0RJP TQr2kM3/ecGeinCmfTfXefEoT4CClPMol1QW51Txz5wYX/iQ7FuFy/e0vEeg/aX+7rTW8lOOmxxqy OerRxsTRWY9RjQ==; Received: from [193.50.110.136] (port=57364 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1neC5X-0006RQ-Qx; Tue, 12 Apr 2022 04:41:28 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Message-ID: <87sfqiem6v.fsf_-_@gnu.org> References: <87r168etvd.fsf@inria.fr> Date: Tue, 12 Apr 2022 10:41:26 +0200 In-Reply-To: (Christoph Weiss's message of "Mon, 11 Apr 2022 19:07:53 +0200") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Christoph Weiss skribis: > Thanks for your reply. Just to double check, I ran another `sudo guix > pull` and `sudo guix system reconfigure /etc/config.scm`. I still=20 > cannot boot that installation. > > This is `guix system describe`'s output for my working revision: > > Generation 40 Apr 08 2022 19:52:13 > file name: /var/guix/profiles/system-40-link > canonical file name: /gnu/store/sp41bjidi9qrl0k1gqpxivrdign7f7d6-system > label: GNU with Linux-Libre 5.16.14 > bootloader: grub > root device: UUID: b63f8b65-48f2-41a7-9652-9a0cb1759048 > kernel: > /gnu/store/1shy73077i3im91i4lv9bamifm4w29q1-linux-libre-5.16.14/bzImage > channels: > guix: > repository URL: https://git.savannah.gnu.org/git/guix.git > commit: f077fa0fd0519f0e04f458192a87854094aa36eb > configuration file: > /gnu/store/18hd645wcz8l5bvhp4lsy49cadq0d655-configuration.scm This commit is older than the fix: https://git.savannah.gnu.org/cgit/guix.git/commit/?id=3D931f13840bad7bd3c= b98b7806f09ca2b3cf7cd10 Probably this comes from a confusion: =E2=80=98sudo guix pull=E2=80=99 upda= tes ~root/.config/guix/bin, but =E2=80=98sudo guix system reconfigure=E2=80=99 = runs your user=E2=80=99s ~/.config/guix/bin. If you use sudo, what you need to do is: guix pull # without sudo! sudo guix system reconfigure =E2=80=A6 Let me know if that helps! Ludo=E2=80=99. From unknown Thu Jun 19 14:29:43 2025 X-Loop: help-debbugs@gnu.org Subject: bug#54770: Non-root LUKS devices unusable after Shepherd upgrade Resent-From: Christoph Weiss Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 12 Apr 2022 17:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54770 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 54770@debbugs.gnu.org Received: via spool by 54770-submit@debbugs.gnu.org id=B54770.164978287114973 (code B ref 54770); Tue, 12 Apr 2022 17:02:02 +0000 Received: (at 54770) by debbugs.gnu.org; 12 Apr 2022 17:01:11 +0000 Received: from localhost ([127.0.0.1]:49685 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1neJt8-0003tR-Rt for submit@debbugs.gnu.org; Tue, 12 Apr 2022 13:01:10 -0400 Received: from mail.hq.wsoptics.de ([91.25.225.20]:50966) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1neJt3-0003sf-Vv for 54770@debbugs.gnu.org; Tue, 12 Apr 2022 13:01:09 -0400 Received: from [192.168.4.179] (p5b2bdbac.dip0.t-ipconnect.de [91.43.219.172]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: weiss@wsoptics.de) by mail.hq.wsoptics.de (Postfix) with ESMTPSA id 84FDC4CA60F; Tue, 12 Apr 2022 19:00:58 +0200 (CEST) Message-ID: <0f3528a4-41dc-5cb6-3b4c-1434d9cf8126@wsoptics.de> Date: Tue, 12 Apr 2022 19:00:57 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Content-Language: en-US References: <87r168etvd.fsf@inria.fr> <87sfqiem6v.fsf_-_@gnu.org> From: Christoph Weiss In-Reply-To: <87sfqiem6v.fsf_-_@gnu.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-120.00 / 15.00]; WHITELIST_SENDER_DOMAIN(-128.00)[wsoptics.de]; HFILTER_HELO_BADIP(4.50)[192.168.4.179,1]; VIOLATED_DIRECT_SPF(3.50)[]; BAYES_HAM(-3.00)[99.99%]; RBL_SPAMHAUS_PBL(2.00)[91.43.219.172:from]; R_SPF_FAIL(1.00)[-all]; DMARC_POLICY_SOFTFAIL(0.10)[wsoptics.de : No valid SPF, No valid DKIM,none]; MIME_GOOD(-0.10)[text/plain]; ASN(0.00)[asn:3320, ipnet:91.0.0.0/10, country:DE]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM(-0.00)[-1.000]; FROM_HAS_DN(0.00)[]; RCVD_COUNT_ZERO(0.00)[0]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ARC_NA(0.00)[] X-Rspamd-Server: mail X-Rspamd-Queue-Id: 84FDC4CA60F X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Ludo, Oh, I had no idea that's how it worked... sorry about that. Indeed this has fixed the issue. Thank you for your time! Christoph