Boot hangs with encrypted home and plasma

[peterhoeg]

Issue description

Regression introduced by #42910.

If plasma is in use and the user's home directory is on an encrypted LV, the activation script will try to access /home/$USER which is not available and will hang waiting for the user to hit esc:

Sep 28 15:31:26 mildred stage-2-init: running activation script...
Sep 28 15:31:26 mildred stage-2-init: setting up /etc...
Sep 28 15:31:26 mildred stage-2-init: reenter password for pam_mount:
Sep 28 15:31:26 mildred stage-2-init: (mount.c:68): Messages from underlying mount program:
Sep 28 15:31:26 mildred stage-2-init: (mount.c:72): mount: /home/peter: unknown filesystem type 'crypto_LUKS'.
Sep 28 15:31:26 mildred stage-2-init: (pam_mount.c:522): mount of /dev/mapper/vg0-lv_home_peter failed
Sep 28 15:31:26 mildred stage-2-init: Cannot execute /run/current-system/sw/bin/zsh
Sep 28 15:31:26 mildred stage-2-init: (mount.c:68): umount messages:
Sep 28 15:31:26 mildred stage-2-init: (mount.c:72): umount: /home/peter: not mounted.
Sep 28 15:31:26 mildred stage-2-init: (mount.c:888): unmount of /dev/mapper/vg0-lv_home_peter failed
Sep 28 15:31:26 mildred stage-2-init: Cannot execute /run/current-system/sw/bin/zsh
Sep 28 15:31:26 mildred stage-2-init: Activation script snippet 'plasmaSetup' failed (127)

Cc: @bkchr

I consider this a blocker for 18.09 as with plymouth enabled, there is no indication that the boot isn't progressing.

Steps to reproduce

1. Configure LUKS for user: users.users.peter.cryptHomeLuks = "/dev/mapper/vg0-lv_home_peter";
2. Use plasma: xserver.desktopManager.plasma5.enable = true;
3. Reboot

Technical details

• system: "x86_64-linux"
• host os: Linux 4.18.10, NixOS, 19.03.git.e3a7474c3beM (Koi)
• multi-user?: yes
• sandbox: yes
• version: nix-env (Nix) 2.1.2
• channels(root): "nixos-18.03pre121670.4cbbecc85db"

[peterhoeg]

A side-effect of this is that nixos-rebuild test|switch will also prompt for the password to unlock the volume which is admittedly not critical - just annoying.

[vcunat]

Have you tried #45290 ? It's even more hacky IMO, but if there's no better idea that works...

[peterhoeg]

Wasn't aware of that - I'll be dropping some comments over there.

[samueldr]

@peterhoeg what's the status of this? I think this is the only issue holding up calling the release. I see your comments on #45290, but don't really know if it's progress or not.

This is only an issue only if the user's home directory is encrypted in a way where it's not being unlocked in early boot, right? (I don't know your setup, I'm assuming some kind of unlock-with-PAM thing, right?)

[peterhoeg]

This is only an issue only if the user's home directory is encrypted in a way where it's not being unlocked in early boot, right? (I don't know your setup, I'm assuming some kind of unlock-with-PAM thing, right?)

Correct, basically a dm-crypt volume per user mounted on /home/$USER during login by users.users.USER.cryptHomeLuks = true; and pam.mount.enable = true;. It's a fairly standard setup for laptops.

But in any case, it should be OK now with the PR above.