Back to bug 1029032
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Miloslav Trmač | 2013-11-11 20:56:28 UTC | CC | mitr | |
| XiaoNi | 2013-11-12 02:22:10 UTC | CC | xni | |
| Ondrej Kozina | 2013-11-22 10:04:16 UTC | Group | redhat | |
| Ondrej Kozina | 2013-11-22 10:07:37 UTC | CC | gmazyland | |
| Ondrej Kozina | 2013-11-22 10:22:28 UTC | Doc Text | RHEL 7.0 Beta users should be warned about trying reencrypt LUKS devices mapped over multipath device. The command may fail with error described in comment #4. (i.e: Error during update of LUKS header on device LUKS-5fb88832-dd0e-43c2-8983-8bab3f396cea.new.) | |
| Doc Type | Bug Fix | Release Note | ||
| Ondrej Kozina | 2013-11-22 15:10:21 UTC | Status | NEW | ASSIGNED |
| Ludek Smid | 2013-11-25 10:03:57 UTC | Blocks | 1025505 | |
| Ondrej Kozina | 2013-11-26 13:02:53 UTC | Doc Text | RHEL 7.0 Beta users should be warned about trying reencrypt LUKS devices mapped over multipath device. The command may fail with error described in comment #4. (i.e: Error during update of LUKS header on device LUKS-5fb88832-dd0e-43c2-8983-8bab3f396cea.new.) | |
| Red Hat Bugzilla | 2013-11-26 13:02:53 UTC | Doc Type | Release Note | Bug Fix |
| Ondrej Kozina | 2013-11-26 17:15:12 UTC | Priority | medium | high |
| Doc Text | Notes RHEL7 Public Beta: Cause: cryptsetup library interchanges loop device with its underlying regular file during writing luks header to regular file. Consequence: Such write fail in case the filesystem is on top of 4KiB sector sized block device. 1) cryptsetup luksFormat --header /path/to/hdr_file /dev/device - or - cryptsetup luksFormat /path/to/hdr_file The both examples will fail when /path/to/hdr_file is a regular file in fs residing on top of 4KiB sector sized block device. 2) cryptsetup-reencrypt fails when you run it from working directory on top of such filesystem. Workaround (if any): 1)cryptsetup-reencrypt needs to be started from filesystem on top of 512B sector sized block device. 2) cryptsetup luksFormat of detached header in such filesystem will not work. You can backup the header using luksHeaderBackup command after formatting the block device using luksFormat command without detached header. | |||
| Summary | cryptsetup-reencrypt issues with encrypted device mapped over multipath | cryptsetup fails to write LUKS header to fs on top of 4KiB sector sized bdev | ||
| Doc Type | Bug Fix | Known Issue | ||
| Severity | medium | high | ||
| Milan Navratil | 2013-11-27 15:22:41 UTC | CC | mnavrati | |
| Milan Navratil | 2013-11-28 19:30:19 UTC | Doc Text | Notes RHEL7 Public Beta: Cause: cryptsetup library interchanges loop device with its underlying regular file during writing luks header to regular file. Consequence: Such write fail in case the filesystem is on top of 4KiB sector sized block device. 1) cryptsetup luksFormat --header /path/to/hdr_file /dev/device - or - cryptsetup luksFormat /path/to/hdr_file The both examples will fail when /path/to/hdr_file is a regular file in fs residing on top of 4KiB sector sized block device. 2) cryptsetup-reencrypt fails when you run it from working directory on top of such filesystem. Workaround (if any): 1)cryptsetup-reencrypt needs to be started from filesystem on top of 512B sector sized block device. 2) cryptsetup luksFormat of detached header in such filesystem will not work. You can backup the header using luksHeaderBackup command after formatting the block device using luksFormat command without detached header. | The cryptsetup library interchanges the loop device with its underlying regular file during writing the LUKS header to the regular file. The process fails if the file system is on top of a block device with 4KiB sectors. In the following examples, the cryptsetup luksFormat command of a detached header fails if /path/to/hdr_file is a regular file in a file system residing on top of a block device with 4KiB sectors. cryptsetup luksFormat --header /path/to/hdr_file /dev/device cryptsetup luksFormat /path/to/hdr_file To work around this problem, the cryptsetup-reencrypt utility needs to be started from a file system on top of a block device with 512-byte sectors. The user can back up the header using the luksHeaderBackup command after formatting the block device using the luksFormat command without a detached header. Also, the cryptsetup-reencrypt utility fails if the user runs it from a working directory in a file system on top of a block device with 4KiB sectors. The user must restart cryptsetup-reencrypt from a file system on top of a block device with 512-byte sectors. |
| Milan Navratil | 2013-11-29 10:57:55 UTC | Doc Text | The cryptsetup library interchanges the loop device with its underlying regular file during writing the LUKS header to the regular file. The process fails if the file system is on top of a block device with 4KiB sectors. In the following examples, the cryptsetup luksFormat command of a detached header fails if /path/to/hdr_file is a regular file in a file system residing on top of a block device with 4KiB sectors. cryptsetup luksFormat --header /path/to/hdr_file /dev/device cryptsetup luksFormat /path/to/hdr_file To work around this problem, the cryptsetup-reencrypt utility needs to be started from a file system on top of a block device with 512-byte sectors. The user can back up the header using the luksHeaderBackup command after formatting the block device using the luksFormat command without a detached header. Also, the cryptsetup-reencrypt utility fails if the user runs it from a working directory in a file system on top of a block device with 4KiB sectors. The user must restart cryptsetup-reencrypt from a file system on top of a block device with 512-byte sectors. | The cryptsetup library interchanges the loop device with its underlying regular file during writing the LUKS header to the regular file. The process fails if the file system is on top of a block device with 4KiB sectors. In the following examples, the cryptsetup luksFormat command of a detached header fails if /path/to/hdr_file is a regular file in a file system residing on top of a block device with 4KiB sectors. cryptsetup luksFormat --header /path/to/hdr_file /dev/device cryptsetup luksFormat /path/to/hdr_file To work around this problem, the cryptsetup-reencrypt utility needs to be started from a file system on top of a block device with 512-byte sectors. The user can back up the header using the luksHeaderBackup command after formatting the block device using the luksFormat command without a detached header. Also, the cryptsetup-reencrypt utility fails if the user runs it from a working directory on a file system on top of a block device with 4KiB sectors. The user must start cryptsetup-reencrypt from a working directory on a file system on top of a block device with 512-byte sectors. |
| Ondrej Kozina | 2013-12-09 09:51:55 UTC | Status | ASSIGNED | POST |
| Pavel Holica | 2013-12-17 09:50:27 UTC | CC | pholica | |
| Ondrej Kozina | 2014-01-10 12:13:19 UTC | Status | POST | MODIFIED |
| Fixed In Version | cryptsetup-1.6.3-1.el7 | |||
| errata-xmlrpc | 2014-01-13 09:03:54 UTC | Status | MODIFIED | ON_QA |
| Petr Janda | 2014-02-05 15:26:08 UTC | CC | pjanda | |
| Milan Navratil | 2014-02-05 16:01:34 UTC | CC | mnavrati | |
| Petr Janda | 2014-02-05 16:09:29 UTC | Status | ON_QA | VERIFIED |
| Ludek Smid | 2014-06-13 11:26:51 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | CURRENTRELEASE | ||
| Last Closed | 2014-06-13 07:26:51 UTC | |||
| Pavel Najman | 2021-09-06 15:04:32 UTC | Pool ID | sst_platform_storage_rhel_7 | sst_logical_storage_rhel_7 |
Back to bug 1029032