Bug 1226333
| Summary: | systemd ask-password generates inconsistent IDs | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Nathaniel McCallum <npmccallum> |
| Component: | systemd | Assignee: | systemd-maint |
| Status: | CLOSED ERRATA | QA Contact: | Alois Mahdal <amahdal> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.2 | CC: | amahdal, harald, jscotka, lnykryn, systemd-maint-list, systemd-maint |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | systemd-219-4.el7 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-11-19 15:06:32 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1205440 | ||
|
Description
Nathaniel McCallum
2015-05-29 13:12:14 UTC
Should be easy to backport after patch hits upstream- From what I understood from referenced thread, an ID= item in INI should now have different format (involving maj:min) than in the past.
But the changes seem to only be about cryptsetup. How does systemd-ask-password fit in?
What I tried:
* `systemd-ask-password --no-tty foo` and check the INI (in /run...)
but there was no ID= ... as expected, given that cryptsetup was not
involved.
* luksFormat a /dev/loop0 device and `cryptsetup open` it, but I can't get
cryptsetup use sytemd-ask-password. I'm not sure this is the right way
to reproduce this, though.
(In reply to Alois Mahdal from comment #5) > From what I understood from referenced thread, an ID= item in INI should now > have different format (involving maj:min) than in the past. > > But the changes seem to only be about cryptsetup. How does > systemd-ask-password fit in? > > What I tried: > > * `systemd-ask-password --no-tty foo` and check the INI (in /run...) > > but there was no ID= ... as expected, given that cryptsetup was not > involved. > > * luksFormat a /dev/loop0 device and `cryptsetup open` it, but I can't get > cryptsetup use sytemd-ask-password. I'm not sure this is the right way > to reproduce this, though. Untested, but should be testable like this: * luksFormat a /dev/loop0 device * create an entry for it in /etc/crypttab * systemctl daemon-reload to let the cryptsetup generator run * systemctl start cryptsetup.target or restart * check the *.ini files So far, trying simple setup with loop device, on x86_64 (1minutetip opeshift box).
During `systemctl start cryptsetup.target` (not entering password, but opening other connection):
# cat /run/systemd/ask-password/ask.yVdmPu
[Ask]
PID=6018
Socket=/run/systemd/ask-password/sck.1ca29e417eecff2
AcceptCached=1
Echo=0
NotAfter=0
Message=Please enter passphrase for disk foo on /foo!
Icon=drive-harddisk
Id=cryptsetup:/dev/block/7:0
#
Seems OK so far but I did not try the fallback scenario mentioned ih the reference thread:
> If possible "/dev/block/<maj>:<min>" is used, otherwise the original
> argv[3] is used.
Looking into it (plus other archs)...
So I have checked the above on rest of archs and so far all looks OK. One more thing: Do you know how to reproduce the alternative when "/dev/block/<maj>:<min>" cannot be used? Is it possible within RHEL kernel and its settings? (In reply to Alois Mahdal from comment #8) > So I have checked the above on rest of archs and so far all looks OK. > > One more thing: > > Do you know how to reproduce the alternative when "/dev/block/<maj>:<min>" > cannot be used? Is it possible within RHEL kernel and its settings? Remove "/dev/block/<maj>:<min>" before issuing `systemctl start cryptsetup.target`. With <maj>:<min> of the loop device. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-2092.html |