Bug 197554

Summary: RELNOTES - Encrypted swap and non-root filesystem support
Product: [Fedora] Fedora Documentation Reporter: Miloslav Trmač <mitr>
Component: release-notesAssignee: Release Notes Tracker <relnotes>
Status: CLOSED RAWHIDE QA Contact: Karsten Wade <kwade>
Severity: medium Docs Contact:
Priority: medium    
Version: develCC: ddomingo, kwade, mhideo, pcfe, rmonk
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 5.92 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-09-23 18:46:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 197471    

Description Miloslav Trmač 2006-07-04 01:02:41 UTC
FC6 provides basic support for encrypted swap partitions and non-root
filesystems.  To use it, add entries to /etc/crypttab and reference the
created devices in /etc/fstab.

An example /etc/crypttab entry for a swap partition:
    my_swap /dev/hdb1 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
This creates an encrypted block device /dev/mapper/my_swap, which can be
referenced in /etc/fstab.

For a filesystem volume:
    my_volume /dev/hda5 /etc/volume_key cipher=aes-cbc-essiv:sha256
The /etc/volume_key file contains a plaintext encryption key.  You can
also specify "none" as the key file name, and the system will ask for
the encryption key during boot.

It is recommended to use LUKS for filesystem volumes:
- Create the encrypted volume using (cryptsetup luksFormat)
- Add the necessary entry to /etc/crypttab
- Set up the volume manually using (cryptsetup luksOpen) or reboot
- Create a filesystem on the encrypted volume
- Set up an /etc/fstab entry

Comment 1 Karsten Wade 2006-07-17 22:54:21 UTC
Pasted nearly verbatim on:

http://fedoraproject.org/wiki/Docs/Beats/FileSystems

This content is going to be included in the Web-only snapshot of the Wiki done
for test 2 at:

http://fedora.redhat.com/docs/release-notes/

These are prominently linked from the top of the in-ISO release notes.  Content
here should appear in FC6 test3 ISO.

Please make any further change to this content directly on the Wiki.  For
questions about editing and access:

http://fedoraproject.org/wiki/WikiEditing

Thanks for your contribution.

Comment 2 Paul W. Frields 2006-09-10 22:14:14 UTC
In there as of fedora-release-notes-5.92-2, closing.

Comment 3 Patrick C. F. Ernzer 2006-09-11 10:20:53 UTC
looks good.
The obvious question I see coming up is "How does the user tie this in with the
installer".
Can we have a note on that (I guess we're still at "not quote there yet", or do
we plan to have anaconda able to do encrypted non-root FS in FC6?

Comment 4 Miloslav Trmač 2006-09-13 21:04:44 UTC
AFAIK anaconda doesn't support creating encrypted block devices and I'm not
aware of any plans for FC6.

Comment 5 Patrick C. F. Ernzer 2006-09-14 08:18:02 UTC
Ah OK, so then the release notes should say that clearly.

Comment 6 Karsten Wade 2006-09-14 13:07:17 UTC
Could one of you with knowledge on this subject please update the (community
maintained) release notes?

http://fedoraproject.org/wiki/Docs/Beats/FileSystems

Is that the right place?  You can also add a not to Docs/Beats/Installer if we
need to answer an expectation of usage by Anaconda.

Comment 7 Patrick C. F. Ernzer 2006-09-18 10:41:25 UTC
docs people,

see BZ entries 124789 and 127378, this should give you some help on writing the
docs (and an assigned devel to prod with questions when you're lost ;-)

Comment 12 Karsten Wade 2006-09-20 01:17:05 UTC
Reopening bug, as it was originally and still is a blocker for FC6 release
notes; the content has not been confirmed to be in the draft
(http://fedoraproject.org/wiki/Docs/Drafts/FileSystems).

Also, when closing a bug that actually _was_ a bug, NOTABUG is not appropriate.
 NOTABUG means "this was not a bug, it was something else", rather than meaning
"no longer a bug".

The proper closure is CURRENTRELEASE with the version.  Unfortunately, now that
this bug is both blocking RHEL 5 relnotes and FC6 relnotes, I'm not sure which
version to close it to.

Comment 13 Don Domingo 2006-09-20 03:14:36 UTC
*** Bug 207233 has been marked as a duplicate of this bug. ***

Comment 16 Karsten Wade 2006-09-23 18:46:26 UTC
Fixed in the Wiki, the admonition that Anaconda does not support block devices
will be in the section on file systems that was proposed originally in this bug
report.