Bug 1100987

Summary: LUKSError: luks device has no key/passphrase
Product: [Fedora] Fedora Reporter: Rick <fedora>
Component: anacondaAssignee: mulhern <amulhern>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: agk, g.kaviyarasu, jonathan, katzj, vanmeeuwen+fedora
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:0b6f64b3795313745a7fd9b2fc553b0337309a01cc58e8ae702fc804cbca5f76
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-05-27 12:16:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: anaconda-tb
none
File: anaconda.log
none
File: environ
none
File: ks.cfg
none
File: lsblk_output
none
File: nmcli_dev_list
none
File: os_info
none
File: program.log
none
File: storage.log
none
File: syslog
none
File: ifcfg.log
none
File: packaging.log
none
anaconda-tb log file, sanitized to remove sensitive things. none

Description Rick 2014-05-25 01:53:56 UTC 
Description of problem:
I've been trying to get Anaconda to prompt me for a LUKS passphrase during kickstart, so that I don't have to hardcode the passphrase I want to use inside the kickstart file itself in plain text.  (via the --passphrase='somestring' argument.)

The anaconda documentation states that if no value for --passphrase is provided in kickstart, that anaconda will prompt me for one before moving on.  however, this is not the case.

I have tried using part with --encrypt, and various combinations of --passphrase to get it to prompt me.  

`--encrypt --passphrase` and  `--encrypt --passphrase=''` and `--encrypt` without --passphrase all throw the same exception.

Version-Release number of selected component:
anaconda-20.25.15-1

The following was filed automatically by anaconda:
anaconda 20.25.15-1 exception report
Traceback (most recent call first):
  File "/usr/lib/python2.7/site-packages/blivet/formats/luks.py", line 188, in create
    raise LUKSError("luks device has no key/passphrase")
  File "/usr/lib/python2.7/site-packages/blivet/deviceaction.py", line 473, in execute
    options=self.device.formatArgs)
  File "/usr/lib/python2.7/site-packages/blivet/devicetree.py", line 239, in processActions
    action.execute()
  File "/usr/lib/python2.7/site-packages/blivet/__init__.py", line 308, in doIt
    self.devicetree.processActions()
  File "/usr/lib/python2.7/site-packages/blivet/__init__.py", line 167, in turnOnFilesystems
    storage.doIt()
  File "/usr/lib64/python2.7/site-packages/pyanaconda/install.py", line 142, in doInstall
    turnOnFilesystems(storage, mountOnly=flags.flags.dirInstall)
  File "/usr/lib64/python2.7/threading.py", line 764, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/usr/lib64/python2.7/site-packages/pyanaconda/threads.py", line 192, in run
    threading.Thread.run(self, *args, **kwargs)
LUKSError: luks device has no key/passphrase

Additional info:
cmdline:        /usr/bin/python  /sbin/anaconda
cmdline_file:   initrd=f20/x86_64/initrd.img repo=http://10.100.0.3/yum/fedora/20/iso/x86_64/ ks=http://10.100.0.3/~vector/ks/f20-kde-x64-ks.cfg BOOT_IMAGE=f20/x86_64/vmlinuz 
executable:     /sbin/anaconda
hashmarkername: anaconda
kernel:         3.11.10-301.fc20.x86_64
product:        Fedora
release:        Cannot get release name.
type:           anaconda
version:        20
Comment 1 Rick 2014-05-25 01:54:02 UTC 
Created attachment 898988 [details]
File: anaconda-tb
Comment 2 Rick 2014-05-25 01:54:03 UTC 
Created attachment 898989 [details]
File: anaconda.log
Comment 3 Rick 2014-05-25 01:54:05 UTC 
Created attachment 898990 [details]
File: environ
Comment 4 Rick 2014-05-25 01:54:06 UTC 
Created attachment 898991 [details]
File: ks.cfg
Comment 5 Rick 2014-05-25 01:54:08 UTC 
Created attachment 898992 [details]
File: lsblk_output
Comment 6 Rick 2014-05-25 01:54:09 UTC 
Created attachment 898993 [details]
File: nmcli_dev_list
Comment 7 Rick 2014-05-25 01:54:11 UTC 
Created attachment 898994 [details]
File: os_info
Comment 8 Rick 2014-05-25 01:54:13 UTC 
Created attachment 898995 [details]
File: program.log
Comment 9 Rick 2014-05-25 01:54:15 UTC 
Created attachment 898996 [details]
File: storage.log
Comment 10 Rick 2014-05-25 01:54:17 UTC 
Created attachment 898997 [details]
File: syslog
Comment 11 Rick 2014-05-25 01:54:18 UTC 
Created attachment 898998 [details]
File: ifcfg.log
Comment 12 Rick 2014-05-25 01:54:20 UTC 
Created attachment 898999 [details]
File: packaging.log
Comment 13 Rick 2014-05-25 01:59:00 UTC 
OK, wow. 

I should file another bug against ABRT inside anaconda.  It should strip out any password hashes it finds.  Or at least it would be nice if I could sanitize the attachment myself before it sends it, sheesh!
Comment 14 Rick 2014-05-25 01:59:30 UTC 
Also, the kickstart documentation I was working from that set the expectations:

https://fedoraproject.org/wiki/Anaconda/Kickstart#part_or_partition
Comment 15 Rick 2014-05-25 02:12:30 UTC 
Created attachment 899000 [details]
anaconda-tb log file, sanitized to remove sensitive things.

Sensitive data removed.
Comment 16 mulhern 2014-05-27 12:16:13 UTC 
Hi!

We believe that this was fixed in anaconda-21.21-1. Please be aware that text mode does not handle encryption at all, so in text mode you will not be prompted for a passphrase. The fix is that the actual install ought not to begin and you will be warned of the missing passphrase. The GUI will, however, prompt you for a passphrase.

If you wish to file separate bugs for the issues you raised in Comment 13 and Comment 14, please do so.

Thanks,

- mulhern

*** This bug has been marked as a duplicate of bug 1023442 ***