Bug 182658

Summary: Latest cryptsetup-1.0.3-0.rc1 appears to be broken
Product: [Fedora] Fedora Reporter: David Zeuthen <davidz>
Component: cryptsetup-luksAssignee: Peter Jones <pjones>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: clemens, mclasen, notting
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.0.3-0.rc2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-27 19:18:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 150222    

Description David Zeuthen 2006-02-23 21:33:26 UTC
# echo <secret> |/sbin/cryptsetup luksOpen /dev/sda1 foo
Failed to setup dm-crypt key mapping.
Check kernel for support for the aes-cbc-plain cipher spec and verify that
/dev/sda1 contains at least 133 sectors.
Failed to read from key storage
Command failed: No key available with this passphrase.

Reverting back to 1.0.1-4.2.1 fixed the problem. Adding Bill as he touched the
package last... Marking this as FC5 blocker...

Comment 1 Clemens Fruhwirth 2006-02-24 17:00:20 UTC
Check http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/1416

As said, I'm unable to reproduce your problem. Device mapper version?

Comment 2 Clemens Fruhwirth 2006-02-25 19:15:43 UTC
http://luks.endorphin.org/source/cryptsetup-luks-1.0.3-rc2.tar.bz2 should do it.


Comment 3 bkyoung 2006-02-27 02:00:11 UTC
The following worked for me:
cryptsetup-luks-1.0.3-0.rc2.bky
kernel-smp-2.6.15-1.1975_FC5

However, should selinux-policy-targeted allow all actions by default (avoiding
restorecon problems)? If not, and the file contexts must be adjusted manually to
some specific context, could you place a note in the man page about it (similar
to httpd_selinux)?

BEGIN LISTING
[root@flood bkyoung]# cd /var/tmp
[root@flood tmp]# dd if=/dev/zero of=/var/tmp/secret bs=1M count=11
11+0 records in
11+0 records out
11534336 bytes (12 MB) copied, 0.200437 seconds, 57.5 MB/s
[root@flood tmp]# losetup -f
/dev/loop0
[root@flood tmp]# losetup /dev/loop0 /var/tmp/secret
/var/tmp/secret: Permission denied
[root@flood tmp]# setenforce permissive
[root@flood tmp]# losetup /dev/loop0 /var/tmp/secret
[root@flood tmp]# modprobe dm-crypt aes des
[root@flood tmp]# cryptsetup -c aes -y create secret /dev/loop0
Enter passphrase: a

Verify passphrase: a

[root@flood tmp]# mke2fs /dev/mapper/secret
mke2fs 1.38 (30-Jun-2005)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
2816 inodes, 11264 blocks
563 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=11534336
2 block groups
8192 blocks per group, 8192 fragments per group
1408 inodes per group
Superblock backups stored on blocks: 
	8193

Writing inode tables: done                            
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 21 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
[root@flood tmp]# mkdir -p /mnt/secret
[root@flood tmp]# mount /dev/mapper/secret /mnt/secret
[root@flood tmp]# ls /mnt/secret
lost+found
[root@flood tmp]# touch /mnt/secret/test.txt
[root@flood tmp]# ls /mnt/secret
lost+found  test.txt
[root@flood tmp]# umount /mnt/secret
[root@flood tmp]# cryptsetup remove secret
[root@flood tmp]# losetup -d /dev/loop0
[root@flood tmp]# rm secret
rm: remove regular file `secret'? y
[root@flood tmp]# losetup -f
/dev/loop0
[root@flood tmp]# setenforce enforcing
[root@flood tmp]# exit
END LISTING

Comment 4 David Zeuthen 2006-02-27 13:29:22 UTC
Yay, 1.0.3-rc2 works for me again. Thanks!

Bill, I guess we should put this in FC5? 

Comment 5 Bill Nottingham 2006-02-27 19:18:53 UTC
Building.