Created attachment 235263 [details] boot messages /etc/rc.d/zfskeys requires /usr/sbin/timeout to work. This makes it impossible use encrypted /usr
Hi, I'm the original author of this script. Timeout is used there in order to no lock up the boot if key loading is held up by a request for keyboard input or some other unexpected reason. Possible solutions I can think of include - check existence of /usr/sbin/timeout and use it only if found - assume zfs load-key will always return on its own (don't use timeout at all) Wihout knowing all possible use cases (as I obviously did not, sorry!) I'm not sure what the better way forward is. Would you have an opinion on this? /Eirik
Hello. Thank you for your reply. I think checking for /usr/sbin/timeout is a good solution. If one chooses to encrypt /usr, one should have a good understanding of what one is doing, how booting works, etc. If he gets stuck booting because of a password request, well, freebsd don't forbid you to shoot yourself in the foot.
Proposed patch: https://reviews.freebsd.org/D36906
Moving timeout to /bin seems like the easiest option. I'm going to commit this patch soon: https://reviews.freebsd.org/D38344
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=e7ab133648a168c4bf7c11da840663c5581771d8 commit e7ab133648a168c4bf7c11da840663c5581771d8 Author: Mateusz Piotrowski <0mp@FreeBSD.org> AuthorDate: 2023-02-01 15:24:59 +0000 Commit: Mateusz Piotrowski <0mp@FreeBSD.org> CommitDate: 2023-02-02 17:34:35 +0000 timeout: Move from /usr/bin to /bin timeout(1) is used by /etc/rc.d/zfskeys. Unfortunately, having timeout(1) installed in /usr/bin causes problems when /usr is an encrypted ZFS partition. Implementing timeout(1) in sh(1) is not trivial. A more elegant solution is to move timeout(1) to /bin so that it is available to early services in the boot process. PR: 265221 Reviewed by: allanjude, des, imp Approved by: allanjude, des, imp Reported by: Ivan <r4@sovserv.ru> Fixes: 33ff39796ffe Add zfskeys rc.d script for auto-loading encryption keys MFC after: 1 week Relnotes: yes Sponsored by: Modirum MDPay Sponsored by: Klara Inc. Differential Revision: https://reviews.freebsd.org/D38344 ObsoleteFiles.inc | 4 ++++ bin/Makefile | 1 + {usr.bin => bin}/timeout/Makefile | 2 ++ {usr.bin => bin}/timeout/Makefile.depend | 0 {usr.bin => bin}/timeout/tests/Makefile | 0 {usr.bin => bin}/timeout/tests/Makefile.depend | 0 {usr.bin => bin}/timeout/tests/timeout_test.sh | 0 {usr.bin => bin}/timeout/timeout.1 | 0 {usr.bin => bin}/timeout/timeout.c | 0 etc/mtree/BSD.tests.dist | 4 ++-- usr.bin/Makefile | 1 - 11 files changed, 9 insertions(+), 3 deletions(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=0a4f7dbd9e9450cea25af944d47dce578960a1b8 commit 0a4f7dbd9e9450cea25af944d47dce578960a1b8 Author: Mateusz Piotrowski <0mp@FreeBSD.org> AuthorDate: 2023-02-01 15:24:59 +0000 Commit: Mateusz Piotrowski <0mp@FreeBSD.org> CommitDate: 2023-02-07 17:37:53 +0000 timeout: Move from /usr/bin to /bin timeout(1) is used by /etc/rc.d/zfskeys. Unfortunately, having timeout(1) installed in /usr/bin causes problems when /usr is an encrypted ZFS partition. Implementing timeout(1) in sh(1) is not trivial. A more elegant solution is to move timeout(1) to /bin so that it is available to early services in the boot process. PR: 265221 Reviewed by: allanjude, des, imp Approved by: allanjude, des, imp Reported by: Ivan <r4@sovserv.ru> Fixes: 33ff39796ffe Add zfskeys rc.d script for auto-loading encryption keys Relnotes: yes Sponsored by: Modirum MDPay Sponsored by: Klara Inc. Differential Revision: https://reviews.freebsd.org/D38344 (cherry picked from commit e7ab133648a168c4bf7c11da840663c5581771d8) ObsoleteFiles.inc | 4 ++++ bin/Makefile | 1 + {usr.bin => bin}/timeout/Makefile | 2 ++ {usr.bin => bin}/timeout/Makefile.depend | 0 {usr.bin => bin}/timeout/tests/Makefile | 0 {usr.bin => bin}/timeout/tests/Makefile.depend | 0 {usr.bin => bin}/timeout/tests/timeout_test.sh | 0 {usr.bin => bin}/timeout/timeout.1 | 0 {usr.bin => bin}/timeout/timeout.c | 0 etc/mtree/BSD.tests.dist | 4 ++-- usr.bin/Makefile | 1 - 11 files changed, 9 insertions(+), 3 deletions(-)