With dbus-broker-28-3, a test VM configured to automatically unlock its LUKS-encrypted root volume over the network by way of clevis boots thusly: [ 2.493782] Console: switching to colour frame buffer device 128x48 [ 2.623650] cirrus 0000:00:01.0: [drm] fb0: cirrusdrmfb frame buffer device <info> [1624821873.8459] NetworkManager (version 1.30.4-1.fc34) is starting... (for the first time) <info> [1624821873.8494] Read config: /etc/NetworkManager/NetworkManager.conf (lib: initrd-no-auto-default.conf) <info> [1624821873.8650] bus-manager: acquired D-Bus service "org.freedesktop.NetworkManager" <info> [1624821873.8691] manager[0x55627f74c0c0]: monitoring kernel firmware directory '/lib/firmware'. <info> [1624821873.8772] hostname: hostname: couldn't get property from hostnamed <info> [1624821873.8780] hostname: hostname changed from (none) to "test" [...] And everything proceeds as expected. But with dbus-broker-29-1 instead of -28-3 in the initramfs, there is no output after "Read config: /etc/NetworkManager/NetworkManager.conf (lib: initrd-no-auto-default.conf)", and the root volume fails to automatically unlock. Some digging identifies this change as causing the change in behavior: diff -urN 1/usr/lib/systemd/system/dbus-broker.service 2/usr/lib/systemd/system/dbus-broker.service --- 1/usr/lib/systemd/system/dbus-broker.service 2021-06-27 22:00:09.989634783 +0300 +++ 2/usr/lib/systemd/system/dbus-broker.service 2021-06-27 22:00:12.057650724 +0300 @@ -2,6 +2,7 @@ Description=D-Bus System Message Bus Documentation=man:dbus-broker-launch(1) DefaultDependencies=false +After=dbus.socket sysinit.target Before=basic.target shutdown.target Requires=dbus.socket Conflicts=shutdown.target Specifically, the After dependency on sysinit.target is what seems to cause NetworkManager to not set up the network device anymore and clevis to not be able to do its thing, and reverting that part of the dependency makes remote unlocking work again. Relevant bug seems to be https://bugzilla.redhat.com/show_bug.cgi?id=1948042
(In reply to Lennert Buytenhek from comment #0) > And everything proceeds as expected. But with dbus-broker-29-1 instead of > -28-3 in the initramfs, there is no output after "Read config: > /etc/NetworkManager/NetworkManager.conf (lib: initrd-no-auto-default.conf)", > and the root volume fails to automatically unlock. > > Some digging identifies this change as causing the change in behavior: > > diff -urN 1/usr/lib/systemd/system/dbus-broker.service > 2/usr/lib/systemd/system/dbus-broker.service > --- 1/usr/lib/systemd/system/dbus-broker.service 2021-06-27 > 22:00:09.989634783 +0300 > +++ 2/usr/lib/systemd/system/dbus-broker.service 2021-06-27 > 22:00:12.057650724 +0300 > @@ -2,6 +2,7 @@ > Description=D-Bus System Message Bus > Documentation=man:dbus-broker-launch(1) > DefaultDependencies=false > +After=dbus.socket sysinit.target > Before=basic.target shutdown.target > Requires=dbus.socket > Conflicts=shutdown.target The service file we ship is not intended for the initrd. I wasn't even aware people put D-Bus in the initrd, I don't think this was ever really supported. Maybe I am wrong? Can you just switch out the service file in your initrd with the desired one?
> I wasn't even aware people put D-Bus in the initrd, I don't think this was ever really supported. Maybe I am wrong? This seems to have been added in February: https://github.com/dracutdevs/dracut/commit/38cd8125f63e7f8d6ca7287bee0b2497f5f753db > Can you just switch out the service file in your initrd with the desired one? Cc'ing johannbg@ and setting Component to dracut.
Created attachment 1798195 [details] Workaround patch to remove offending line - not safe (In reply to David Rheinsberg from comment #1) > *snip* > Can you just switch out the service file in your initrd with the desired one? Made a patch to remove the offending line from one of the files, dbus-broker.service (introduced in commit 28af5ac, dracut upstream). It's definitely workaround-material only - I wouldn't want it merged in (very easy to break if upstream changes the line, doesn't actually fix the real issue, etc.), but it's a start at least. This works in my environment (clevis with tang bind on root partition). I won't guarantee anything beyond that.
*** Bug 1979051 has been marked as a duplicate of this bug. ***
This seems to be a duplicate of bug#1976653.
This is fixed in Upstream: https://github.com/bus1/dbus-broker/pull/271 F34: dbus-broker-29-2.fc34.x86_64 https://src.fedoraproject.org/rpms/dbus-broker/c/ee7c2a1777a227c61ee7c2fa0ec7932a4a9b1360?branch=rawhide
Somewhat reluctantly (since I found it and debugged it first! :P) marking this as a duplicate of bug#1976653 as per Marius's comment #5. *** This bug has been marked as a duplicate of bug 1976653 ***