| 1 |
On 25/09/2021 21:30, Canek Peláez Valdés wrote: |
| 2 |
> On Sat, Sep 25, 2021 at 1:48 PM antlists <antlists@××××××××××××.uk |
| 3 |
> <mailto:antlists@××××××××××××.uk>> wrote: |
| 4 |
> [...] |
| 5 |
> |
| 6 |
> Bear in mind, integritysetup is not in my initrd, so ... |
| 7 |
> |
| 8 |
> |
| 9 |
> I think you would need to put it in your initrd. |
| 10 |
> |
| 11 |
If I've got my root on it (which is the plan, but that means learning |
| 12 |
how to cut my own stuff into the initrd ...) |
| 13 |
|
| 14 |
> It looks to me like grub switches to the real root partition read-only |
| 15 |
> before firing stuff off, so if I tell my integritysetup.service to run |
| 16 |
> before local-fs.target, does that mean everything should be working |
| 17 |
> before systemd runs fstab? |
| 18 |
> |
| 19 |
> Bear in mind dm-integrity is on my raw partitions, and I'm running lvm |
| 20 |
> and md-raid, I'm guessing they're part of local-fs-pre.target? So I |
| 21 |
> really need to run dm-integrity before that? Or preferably add |
| 22 |
> dm-integrity TO that - how do I do that? |
| 23 |
> |
| 24 |
> The problem is this isn't all that discoverable - even digging around |
| 25 |
> /etc/systemd, it's hard to find clues ... |
| 26 |
> |
| 27 |
> |
| 28 |
> As Rich already mentioned it, noauto != remove mount point from fstab. |
| 29 |
> That's the first thing. |
| 30 |
|
| 31 |
Well, it's working, which is the important thing. I just want to |
| 32 |
understand WHY it's working - especially since when it was working the |
| 33 |
other way it broke Wayland ... which was why it was weird ... |
| 34 |
> |
| 35 |
> Then you need to specify that home.mount should run *after* md/LVM, |
| 36 |
> which in turn runs after your integrity setup service. The problem is: |
| 37 |
> you have root (/) on md/LVM too; I know they are different |
| 38 |
> RAIDs/volumes, but there is one *service* for RAID and LVM, at least |
| 39 |
> out-of-the-box, in systemd. You could try to split different instances |
| 40 |
> using templates (the units with @ in their names), but the simplest |
| 41 |
> solution is to put your integrity logic in the initrd (with the added |
| 42 |
> benefit that you can mount it in emergencies if something goes wrong |
| 43 |
> with root). |
| 44 |
|
| 45 |
At the moment, with root on lvm but not anything else, gentoo takes care |
| 46 |
of all that for me. I'm not ready for the next learning curve of doing |
| 47 |
all that myself in the initrd ... |
| 48 |
> |
| 49 |
> If you have the integrity logic in early boot, then your integrity setup |
| 50 |
> service should have: |
| 51 |
> |
| 52 |
> Before=mdmonitor.service lvm2-lvmetad.service |
| 53 |
> |
| 54 |
> And I think that should be enough? The home.mount unit depends on the |
| 55 |
> underlying device being available, and that will happen only after md |
| 56 |
> and LVM have done it's thing. |
| 57 |
> |
| 58 |
I'll try that. lvm should act on the root (sda3) device directly, but |
| 59 |
integrity needs to run before md will join sda4 and sdc4, and then lvm |
| 60 |
will run on the raid to make home available for fstab. |
| 61 |
|
| 62 |
I'll play with that and get rid of the home.mount, and hope that all |
| 63 |
that doesn't break Wayland. What I don't understand was that when |
| 64 |
home.mount was enabled, it worked but broke Wayland, now I've disabled |
| 65 |
it it still appears to be working, but Wayland is working too! That's |
| 66 |
what I'd like to understand. |
| 67 |
|
| 68 |
Although if fixing it how you suggest fixes everything, then I'll have |
| 69 |
an understandable, working system, and I'll be happy. |
| 70 |
|
| 71 |
Cheers, |
| 72 |
Wol |
Archives