[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#940710: Fails to load pkcs8_key_parser module



Control: reassign -1 linux-image-5.2.0-2-amd64 
Control: retitle -1 Please enable CONFIG_PKCS8_PRIVATE_KEY_PARSER

Hi Andreas,

On Tue, Sep 24, 2019 at 1:32 PM Andreas Henriksson <andreas@fatal.se> wrote:
Hello Felipe Sateler,

On Tue, Sep 24, 2019 at 10:03:19AM -0300, Felipe Sateler wrote:
> Control: reopen -1
[...]
> This causes failed boots on debian by default [...]

Really? Please share more info! It certainly doesn't for me.

Sorry, I was a bit sloppy in my wording. What I mean is that systemd considers the boot degraded because `systemd-modules-load` fails:

% systemctl is-system-running
degraded
% systemctl --no-legend --failed
systemd-modules-load.service loaded failed failed Load Kernel Modules
% systemctl --no-legend status systemd-modules-load.service
● systemd-modules-load.service - Load Kernel Modules
   Loaded: loaded (/lib/systemd/system/systemd-modules-load.service; static; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2019-04-11 12:28:36 -04; 5 months 13 days ago
     Docs: man:systemd-modules-load.service(8)
           man:modules-load.d(5)
  Process: 530 ExecStart=/lib/systemd/systemd-modules-load (code=exited, status=1/FAILURE)
 Main PID: 530 (code=exited, status=1/FAILURE)

Apr 11 12:28:36 felipeasus systemd[1]: Starting Load Kernel Modules...
Apr 11 12:28:36 felipeasus systemd-modules-load[530]: Failed to find module 'pkcs8_key_parser'
Apr 11 12:28:36 felipeasus systemd[1]: systemd-modules-load.service: Main process exited, code=exited, status=1/FAILURE
Apr 11 12:28:36 felipeasus systemd[1]: systemd-modules-load.service: Failed with result 'exit-code'.
Apr 11 12:28:36 felipeasus systemd[1]: Failed to start Load Kernel Modules.
 
(Would also be nice if you reported a dedicated bug report about that
instead of repurposing this.)

Well, the root cause is the same, so I thought I'd just reopen.
 

> [...] since the debian kernels don't enable that module:
>
> % grep CONFIG_PKCS8_PRIVATE_KEY_PARSER /boot/config-*
> /boot/config-5.2.0-2-amd64:# CONFIG_PKCS8_PRIVATE_KEY_PARSER is not set
> /boot/config-5.3.0-rc5-amd64:# CONFIG_PKCS8_PRIVATE_KEY_PARSER is not set

I'm aware that it doesn't (at the moment). AFAIK the usual debian kernel
team policy is to enable things on request, so someone just needs to
request it. Since you're not the first to ask *me* (even though I'm not
on the kernel team) I've already asked on #debian-kernel if they can
enable it while at the same time asking people to please not use me as a
proxy.

I'm sorry you feel like I'm using you as middleman. As I said in the part quoted below, I didn't know if requesting the kernel maintainers to add this option makes sense. I'm happy to request it myself: #941098.
 

>
> Since I have no idea what does pkcs8_key_parser do, I don't know if it
> would be best to have linux enable that option or to have iwd not ship this
> file.

It is needed if you want to use iwd to connect to wpa enterprise
networks.

Thanks for the explanation. This means the best solution (from the iwd POV) is to have the kernel enable the option. I have requested that feature now on #941098.

--

Saludos,
Felipe Sateler

Reply to: