the PROXY_SELECTOR environment variable proposal
Instead of set an proxy server unconditionally via *_PROXY environment variables and exclude certain host names via NO_PROXY environment variable, let's reverse the semantic by defining a new environment variable PROXY_SELECTOR which points to an executable that is passed a URI as first argument and will return on stdout:
- "NO_PROXY" -> if no proxy should get used for the input URI
- a comma separated list of URLs in the *_PROXY environment variable format, e.g.: "http://proxy.example.com:8080" or if multiple proxies are eligible for the given input URI: "http://proxy.example.com:8080,http://proxy2.example.com:8080"
Above proposal will enable a more flexible proxy configuration in complex setups and by reversing the semantic, allow explicit proxy configuration of only know URIs.
the case of the failing boot after upgrade fedora 32
After upgrading one of my machines to Fedora 32 the initramfs image did fail with:
device-mapper: table: 253:0: crypt: Error allocating crypto tfm
Searching for the string "Error allocating crypto tfm" in the linux kernel source code reveals that the message is created at those places:
(using cscope):
Text string: Error allocating crypto tfm
File Line
0 dm-crypt.c 2747 ti->error = "Error allocating crypto tfm";
1 dm-crypt.c 2832 ti->error = "Error allocating crypto tfm";
both errors occurs after calling "crypt_alloc_tfms" which calls either "crypt_alloc_tfms_aead" or "crypt_alloc_tfms_skcipher".
Let's follow skcipher as this handles the block chiphers: This function calls "crypto_alloc_skcipher" which calls "crypto_alloc_tfm" which calls "crypto_alloc_tfm_node" which calls "crypto_find_alg" which calls "crypto_alg_mod_lookup" which calls "crypto_larval_lookup" which ends up calling "__request_module".
Here it's get interessting, because we have a trace point:
trace_module_request(module_name, wait, _RET_IP_);
the trace point is available under debugfs:
$ cat /sys/kernel/debug/tracing/available_events | grep module_request
module:module_request
So all we need to do to find out what kernel module for crypto is missing in the initramfs is:
- mount the debugs
- enable the module_request trace point
- retry to setup luks to trigger the error path
- check which module was request and did fail in the trace log
here is how to do it:
mount debugfs
$ mount -t debugs none /sys/kernel/debug
enable module_request trace point
$ echo 1 > /sys/kernel/debug/tracing/events/module/module_request/enable
retrigger error
$ lukssetup ??
check trace log
$ cat /sys/kernel/debug/tracing/trace
now add the missing module to your initramfs!