Bug 2224235

Summary: ReaR fails to reapply normal LUKS key upon recovery displaying a BUG error
Product: Red Hat Enterprise Linux 8 Reporter: Renaud Métrich <rmetrich>
Component: rearAssignee: Pavel Cahyna <pcahyna>
Status: CLOSED ERRATA QA Contact: Jakub Haruda <jharuda>
Severity: high Docs Contact:
Priority: high    
Version: 8.8CC: jharuda, ovasik, pcahyna
Target Milestone: rcKeywords: Triaged
Target Release: ---Flags: pm-rhel: mirror+
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: rear-2.6-10.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2228779 (view as bug list) Environment:
Last Closed: 2023-11-14 15:37:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2228779    
Bug Blocks:    

Description Renaud Métrich 2023-07-20 08:44:09 UTC 
Description of problem:

When restoring a LUKS encrypted system being unlocked using a keyfile, the reassignment of the keyfile to the newly recovered LUKS devices fails with following output:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
Error: Restored files do not match the recreated system in /mnt/local
ERROR: 
====================
BUG in /usr/share/rear/finalize/GNU/Linux/240_reassign_luks_keyfiles.sh line 29:
'temporary keyfile /tmp/LUKS-keyfile-luks-6f7e7b9a-4fae-4d56-af3a-54ceb11174a3 not found'
--------------------
Please report this issue at https://github.com/rear/rear/issues
and include the relevant parts from /var/log/rear/rear-vm-luks88.log
preferably with full debug information via 'rear -D recover'
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

The issue happens because of a bug in the code, which was fixed Upstream by commit 728c2b000efd79c9e6f8cd82e1bbcded79c1f57d.

Version-Release number of selected component (if applicable):

rear-2.6-9.el8.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Setup a system with LUKS encrypted /dev/rhel/root and /dev/rhel/swap

  # Disk partitioning information
  part pv.356 --fstype="lvmpv" --ondisk=vda --size=19455
  part /boot --fstype="xfs" --ondisk=vda --size=1024
  volgroup rhel --pesize=4096 pv.356
  logvol / --fstype="xfs" --size=10240 --encrypted --label="ROOT" --luks-version=luks2 --name=root --vgname=rhel
  logvol swap --fstype="swap" --size=2048 --encrypted --luks-version=luks2 --name=swap --vgname=rhel

2. Create/setup a LUKS key for automatic unlocking

  # dd if=/dev/urandom of=/lukskey bs=1K count=4
  # chmod 400 /lukskey
  # cryptsetup luksAddKey /dev/rhel/root /lukskey
  [...]
  # cryptsetup luksAddKey /dev/rhel/swap /lukskey
  [...]

  # cat /etc/crypttab
  luks-c29a6bb5-539e-42fe-9eeb-a6ba0863bb17 UUID=c29a6bb5-539e-42fe-9eeb-a6ba0863bb17 /lukskey discard
  luks-6f7e7b9a-4fae-4d56-af3a-54ceb11174a3 UUID=6f7e7b9a-4fae-4d56-af3a-54ceb11174a3 /lukskey discard

  # cat /etc/dracut.conf.d/luks.conf 
  install_items+=" /lukskey "

  
  # cat /etc/default/grub
  [...]
  #GRUB_CMDLINE_LINUX="resume=/dev/mapper/luks-6f7e7b9a-4fae-4d56-af3a-54ceb11174a3 rd.luks.uuid=luks-c29a6bb5-539e-42fe-9eeb-a6ba0863bb17 rd.lvm.lv=rhel/root rd.luks.uuid=luks-6f7e7b9a-4fae-4d56-af3a-54ceb11174a3 rd.lvm.lv=rhel/swap console=tty0 console=ttyS0,115200n8"
  GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"
  [...]
  # grub2-mkconfig /etc/grub2.cfg

  # cat /etc/fstab
  [...]
  /dev/mapper/luks-c29a6bb5-539e-42fe-9eeb-a6ba0863bb17 /                       xfs     defaults,x-initrd.mount,x-systemd.device-timeout=60 0 0
  /dev/mapper/luks-6f7e7b9a-4fae-4d56-af3a-54ceb11174a3 none                    swap    defaults,x-initrd.mount,x-systemd.device-timeout=60 0 0

  # dracut -f --regenerate-all
  # reboot

3. Create a backup and try restoring it

Actual results:

-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
Error: Restored files do not match the recreated system in /mnt/local
ERROR: 
====================
BUG in /usr/share/rear/finalize/GNU/Linux/240_reassign_luks_keyfiles.sh line 29:
'temporary keyfile /tmp/LUKS-keyfile-luks-6f7e7b9a-4fae-4d56-af3a-54ceb11174a3 not found'
--------------------
Please report this issue at https://github.com/rear/rear/issues
and include the relevant parts from /var/log/rear/rear-vm-luks88.log
preferably with full debug information via 'rear -D recover'
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Expected results:

No BUG
Comment 10 errata-xmlrpc 2023-11-14 15:37:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rear bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2023:7060