Bug 2152509

Summary:

autopart --encrypted fails in FIPS

Product:

Red Hat Enterprise Linux 9

Reporter:

Ondrej Moriš <omoris>

Component:

libblockdev

Assignee:

Vojtech Trefny <vtrefny>

Status:

CLOSED DUPLICATE

QA Contact:

Storage QE <storage-qe>

Severity:

unspecified

Docs Contact:

Priority:

unspecified

Version:

9.2

CC:

jstodola

Target Milestone:

Keywords:

Regression

Target Release:

---

Flags:

pm-rhel: mirror+

Hardware:

All

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

If docs needed, set a value

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2022-12-13 14:06:47 UTC

Type:

Bug

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
Kickstart	none

Description Ondrej Moriš 2022-12-12 08:11:13 UTC

Created attachment 1931973 [details]
Kickstart

Description of problem:

Installation with fips=1 fails on "autopart --encrypted --passphrase=fo0m4nchU" because of insufficient --cipher option default.

Version-Release number of selected component (if applicable):

Anaconda in RHEL-9.2.0-20221209.2

How reproducible:

100%

Steps to Reproduce:

1. Clone Beaker job https://beaker.engineering.redhat.com/jobs/7330519 or use attached kickstart.

Actual results:

19:56:07,899 WARNING org.fedoraproject.Anaconda.Modules.Storage:DEBUG:blivet:                PartitionDevice.setup: vda2 ; orig: False ; status: True ; controllable: True ;
19:56:07,902 WARNING org.fedoraproject.Anaconda.Modules.Storage:DEBUG:blivet:                LUKS.create: device: /dev/vda2 ; type: luks ; status: False ;
19:56:07,905 WARNING org.fedoraproject.Anaconda.Modules.Storage:DEBUG:blivet:                  LUKS._create: device: /dev/vda2 ; type: luks ; status: False ;
19:56:08,024 WARNING org.fedoraproject.Anaconda.Modules.Storage:INFO:program:[cryptsetup] Not compatible PBKDF2 options (using hash algorithm sha256).
19:56:08,024 WARNING org.fedoraproject.Anaconda.Modules.Storage:INFO:anaconda.threading:Thread Failed: AnaTaskThread-CreateStorageLayoutTask-1 (139647186265664)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:ERROR:anaconda.modules.common.task.task:Thread AnaTaskThread-CreateStorageLayoutTask-1 has failed: Traceback (most recent call last):
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/gi/overrides/BlockDev.py", line 1093, in wrapped
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    ret = orig_obj(*args, **kwargs)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/gi/overrides/BlockDev.py", line 224, in crypto_luks_format
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return _crypto_luks_format(device, cipher, key_size, passphrase, key_file, min_entropy, luks_version, extra)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to format device: Invalid argument (3)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:During handling of the above exception, another exception occurred:
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:Traceback (most recent call last):
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/threading.py", line 275, in run
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    threading.Thread.run(self)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/threading.py", line 917, in run
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._target(*self._args, **self._kwargs)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/common/task/task.py", line 96, in _thread_run_callback
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._task_run_callback()
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/common/task/task.py", line 109, in _task_run_callback
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._set_result(self.run())
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/storage/installation.py", line 86, in run
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._turn_on_filesystems(
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/storage/installation.py", line 166, in _turn_on_filesystems
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    storage.do_it(callbacks)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/blivet.py", line 115, in do_it
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self.devicetree.actions.process(callbacks=callbacks, devices=self.devices)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/actionlist.py", line 47, in wrapped_func
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return func(obj, *args, **kwargs)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/actionlist.py", line 284, in process
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    action.execute(callbacks)
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/deviceaction.py", line 662, in execute
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self.device.format.create(device=self.device.path,
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/formats/__init__.py", line 517, in create
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._create(**kwargs)
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/formats/luks.py", line 322, in _create
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:    blockdev.crypto.luks_format(self.device,
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/gi/overrides/BlockDev.py", line 1115, in wrapped
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:    raise transform[1](msg)
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:gi.overrides.BlockDev.CryptoError: Failed to format device: Invalid argument
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:INFO:anaconda.threading:Thread Done: AnaTaskThread-CreateStorageLayoutTask-1 (139647186265664)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:WARNING:dasbus.server.handler:The call org.fedoraproject.Anaconda.Task.Finish has failed with an exception:
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:Traceback (most recent call last):
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/gi/overrides/BlockDev.py", line 1093, in wrapped
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    ret = orig_obj(*args, **kwargs)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/gi/overrides/BlockDev.py", line 224, in crypto_luks_format
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return _crypto_luks_format(device, cipher, key_size, passphrase, key_file, min_entropy, luks_version, extra)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to format device: Invalid argument (3)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:During handling of the above exception, another exception occurred:
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:Traceback (most recent call last):
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/dasbus/server/handler.py", line 418, in _method_callback
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    result = self._handle_call(
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/dasbus/server/handler.py", line 234, in _handle_call
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return handler(*parameters)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/common/task/task_interface.py", line 114, in Finish
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self.implementation.finish()
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/common/task/task.py", line 175, in finish
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    threadMgr.raise_if_error(self._thread_name)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/threading.py", line 166, in raise_if_error
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    raise exc_info[1]
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/threading.py", line 275, in run
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    threading.Thread.run(self)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/threading.py", line 917, in run
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._target(*self._args, **self._kwargs)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/common/task/task.py", line 96, in _thread_run_callback
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._task_run_callback()
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/common/task/task.py", line 109, in _task_run_callback
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._set_result(self.run())
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/storage/installation.py", line 86, in run
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._turn_on_filesystems(
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/storage/installation.py", line 166, in _turn_on_filesystems
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    storage.do_it(callbacks)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/blivet.py", line 115, in do_it
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self.devicetree.actions.process(callbacks=callbacks, devices=self.devices)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/actionlist.py", line 47, in wrapped_func
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return func(obj, *args, **kwargs)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/actionlist.py", line 284, in process
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    action.execute(callbacks)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/deviceaction.py", line 662, in execute
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self.device.format.create(device=self.device.path,
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/formats/__init__.py", line 517, in create
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._create(**kwargs)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/formats/luks.py", line 322, in _create
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    blockdev.crypto.luks_format(self.device,
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/gi/overrides/BlockDev.py", line 1115, in wrapped
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    raise transform[1](msg)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:gi.overrides.BlockDev.CryptoError: Failed to format device: Invalid argument

Additional info:

When fips mode is disable during the installation, the same kickstart installs flawlessly. Also, the same kickstart worked fine on RHEL-9.1.0 RC. Most likely the ciphersuite passed by anaconda to cryptsetup is not compatible with FIPS 140-3 anymore.

Comment 2 Ondrej Moriš 2022-12-13 14:06:12 UTC

I just found out that this is a duplicate of BZ#2148841.

Comment 3 Ondrej Moriš 2022-12-13 14:06:47 UTC


*** This bug has been marked as a duplicate of bug 2148841 ***