Bug 2234518

Summary: webUI: allows you to enter an encryption passphrase in non-ASCII characters with no warning
Product: [Fedora] Fedora Reporter: Adam Williamson <awilliam>
Component: anacondaAssignee: Vojtech Trefny <vtrefny>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 39CC: anaconda-maint, fzatlouk, gmarr, jkonecny, robatino, tbzatek, v.podzimek+fedora, vslavik, vtrefny, w
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard: AcceptedFreezeException RejectedBlocker
Fixed In Version: anaconda-39.32.2-1.fc39 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-09-08 20:25:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2231339, 2143445    
Attachments:
Description Flags
storage.log showing the error
none
the warning oldUI shows when you do this none

Description Adam Williamson 2023-08-24 17:31:09 UTC 
In the new anaconda webUI workflow, if you enter an encryption passphrase using non-ASCII characters, there is no error or warning. When you then try to actually complete the installation, anaconda crashes, with a blivet error that the characters are not in the acceptable range 0-255 (the extended ASCII character set range).

Reproducible: Always

Steps to Reproduce:
1. Boot a recent F39 or Rawhide Workstation live image.
2. At g-i-s, select Russian as the language and accept the default keyboard layout. Proceed to the installer.
3. In the installer, choose to encrypt data, and type some string or other - I press the keys "helloworld" on a US keyboard. Proceed through the installation process.
Actual Results:  
No warning or error is shown about the passphrase selected. When the install starts, it soon crashes, with an error "org.fedoraproject.Anaconda.Error: 1088 not in range 0 to 255". In the detailed logs we can see this error originates in blivet (attached).

Expected Results:  
The passphrase should trigger some kind of warning or error; it's not a good idea to let users enter non-Latin passphrases, even if we could somehow fix it so they *work* at creation time at least. They may well not be able to enter them again at unlock time anyway. I'm pretty sure the old UI refused to let you do this.
Comment 1 Adam Williamson 2023-08-24 17:32:33 UTC 
Proposing as a Beta blocker as a conditional violation of "Encrypt newly-created storage volumes" at https://fedoraproject.org/wiki/Fedora_39_Beta_Release_Criteria#Custom_partitioning , and the subsequent requirements that the install must succeed.  Conditional on entering an encryption passphrase with non-ASCII characters.
Comment 2 Adam Williamson 2023-08-24 17:39:12 UTC 
Created attachment 1985103 [details]
storage.log showing the error
Comment 3 Vojtech Trefny 2023-08-25 08:53:48 UTC 
Reproduced outside Anaconda with just libblockdev Python bindings so moving to libblockdev. This is caused by the LUKS support changes in the recently released libblockdev 3.0 and should also happen with the GTK based Anaconda UI so I am also removing the WebUI tracker bug.
Comment 4 Vojtech Trefny 2023-08-25 08:55:51 UTC 
Reproducer with just libblockdev:

In [1]: from gi.repository import BlockDev; BlockDev.init()
Out[1]: True

In [2]: BlockDev.CryptoKeyslotContext(passphrase="дддддддд")
---------------------------------------------------------------------------
OverflowError                             Traceback (most recent call last)
Cell In[2], line 1
----> 1 BlockDev.CryptoKeyslotContext(passphrase="дддддддд")

File /usr/lib64/python3.11/site-packages/gi/overrides/BlockDev.py:270, in CryptoKeyslotContext.__new__(cls, passphrase, keyfile, keyfile_offset, key_size, keyring, volume_key)
    268 if passphrase:
    269     if isinstance(passphrase, str):
--> 270         ret = BlockDev.CryptoKeyslotContext.new_passphrase([ord(c) for c in passphrase])
    271     else:
    272         ret = BlockDev.CryptoKeyslotContext.new_passphrase(passphrase)

OverflowError: Item 0: 1076 not in range 0 to 255
Comment 5 Adam Williamson 2023-08-25 18:25:38 UTC 
Um. I think you missed some of my notes in the description.

"The passphrase should trigger some kind of warning or error; it's not a good idea to let users enter non-Latin passphrases, even if we could somehow fix it so they *work* at creation time at least. They may well not be able to enter them again at unlock time anyway. I'm pretty sure the old UI refused to let you do this."
Comment 6 Adam Williamson 2023-08-25 18:31:03 UTC 
OK, I checked. The old UI doesn't *prevent* you from doing this, but it does *warn* you:

"The passphrase you have provided contains non-ASCII characters. You may not be able to switch between keyboard layouts when typing it."

I'm setting this back to anaconda and blocking the UI tracker again. I'll create a separate bug for the blockdev part.
Comment 7 Adam Williamson 2023-08-25 18:34:30 UTC 
Filed https://bugzilla.redhat.com/show_bug.cgi?id=2234928 for the blockdev part.
Comment 8 Adam Williamson 2023-08-27 16:15:29 UTC 
This has enough votes in https://pagure.io/fedora-qa/blocker-review/issue/1193 to be a blocker, but as the proposer I'm no longer convinced that it is, so I'm leaving that open to discuss at Monday's meeting. However, to let the anaconda team implement a fix on Monday if they want to, let's say it's definitely accepted as at least a freeze exception issue (to add the warning back).
Comment 9 Adam Williamson 2023-08-28 16:43:09 UTC 
Created attachment 1985679 [details]
the warning oldUI shows when you do this

For reference, this is the warning that the old UI shows when you put a non-ASCII character in the passphrase.
Comment 10 Geoffrey Marr 2023-08-28 19:39:23 UTC 
Discussed during the 2023-08-28 blocker review meeting: [0]

The decision to delay the classification of this as a blocker bug was made as currently, votes are +4 / -4, with the remaining +1s from earlier ticket votes. We will describe the situation more clearly in the ticket and ask if anyone who voted +1 wishes to change their vote

[0] https://meetbot.fedoraproject.org/fedora-blocker-review/2023-08-28/f39-blocker-review.2023-08-28-16.07.txt
Comment 11 Jiri Konecny 2023-09-01 11:38:20 UTC 
PR: https://github.com/rhinstaller/anaconda/pull/5114
Comment 12 František Zatloukal 2023-09-04 17:52:15 UTC 
Discussed during the 2023-09-04 blocker review meeting: [1]

The decision to classify this bug as a RejectedBlocker (Beta) AcceptedFreezeException (Beta) was made:

"We agreed that anaconda not displaying a warning here is not in itself serious enough to be a blocker bug, but fixing it would be useful. The libblockdev crash and gnome-initial-setup keyboard layout selection issues are being addressed separately."

[1] https://meetbot-raw.fedoraproject.org/fedora-blocker-review/2023-09-04/f39-blocker-review.2023-09-04-16.00.log.txt
Comment 13 Fedora Update System 2023-09-07 15:48:29 UTC 
FEDORA-2023-755dc0b0c0 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-755dc0b0c0
Comment 14 Adam Williamson 2023-09-07 23:39:33 UTC 
Confirmed fixed, the warning is now shown.
Comment 15 Fedora Update System 2023-09-08 01:36:54 UTC 
FEDORA-2023-755dc0b0c0 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-755dc0b0c0`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-755dc0b0c0

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 16 Fedora Update System 2023-09-08 20:25:12 UTC 
FEDORA-2023-755dc0b0c0 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.