Bug 437604
Summary: | cannot upgrade encrypted system | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jon Stanley <jonstanley> | ||||
Component: | anaconda | Assignee: | David Lehman <dlehman> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 9 | CC: | cra, dcantrell, djuran, matt, redhat-bugzilla | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-10-24 23:10:11 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 438943, 461696 | ||||||
Attachments: |
|
Description
Jon Stanley
2008-03-15 04:34:56 UTC
Upgrade support may not land for F9 given that this is the first release with encrypted root support. But Dave was looking at it and we'll decide based on how the patch ends up looking. Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping (In reply to comment #1) > Upgrade support may not land for F9 given that this is the first release with > encrypted root support. I guess this didn't happen? Running the install/upgrade DVD, it unlocks my encrypted partition ok, but doesn't offer the option of upgrading rather than install. I have an encrypted PV with an F8 install on LVs within, created as per bug #124789 comment #95. It looks like this is the same layout as F9 creates for an encrypted install? I can upgrade by migrating the LVs to an unencrypted PV, running upgrade, then moving them back to the encrypted PV. Once I've done this, will mkinitrd (on F9 LiveCD or the installation if need be) correctly build to boot from the encrypted PV? Or do I need any explicit addition config that anaconda might generate to flag stuff up to mkinitrd? Nope, this was intended as more of a long-term TODO item rather than something that had to be fixed prior to release. So no upgrade support in anaconda. Adding to F10Blocker just so we don't lose sight of it. (In reply to comment #3) > Once I've done this, will mkinitrd (on F9 LiveCD or the installation if need be) > correctly build to boot from the encrypted PV? In case anyone else ends up in this situation, yes, by and large this works. I've listed the steps I took in bug #124789 comment #122. The only thing that might be of more general interest is that mkinitrd seens to tie the encrypted PV to a specific disk device (e.g. /dev/sda) rather than something invariant. So in step 5) when I removed the temporary external USB drive the PV "moved" from sdb2 to sda2 as the drive ordering changed, and the initrd I'd previously built failed to work (chrooting from the rescue disk and running mkinitrd fixed this). The F9 live installer does prompt to open all available LUKS partitions between the root password step and the disk partitioning step. Would it work to simply move the LUKS-opening step to the very beginning so the upgrade check sees encrypted partitions? Fix will be in anaconda-11.4.1.29-1. This is in rawhide, and is intended to lead to support for upgrade of encrypted F9 systems to F10 using anaconda. Upgrade still fails on 11.4.1.34. Not entirely sure why - it goes through the whole thing as though it's successful, but the resultant system won't boot (never prompts for the passphrase, therefore can't find the vg and switchroot out of the initrd). I'll try and grab the initrd out of it and see if I can see something obviously wrong there. Due to bug 462148, I can't get the initrd off this system :( Ahh, I give up too easily sometimes :) The rescue mode from F9 was able to mount this installation fine, and I ripped apart the initrd and to my untrained eye, it looks fine. init indeed calls plymouth ask-for-password with a seemingly good looking cryptsetup. I'll attach the initrd in case you can see something that I can't. Created attachment 316639 [details]
initrd from failed system
There's no plymouth in the initrd! My money says plymouth is indeed installed on your system and if you re-run mkinitrd it will create a (closer to) working initrd. There's something about the order in which things actually land on the filesystem, and mkinitrd seems content to build broken initrds if plymouth isn't around when it's being run. Or at least this was my experience around the f10-alpha timeframe. Can we get an updated test on this, given that Beta just went out? I just tested upgrading, everything seemed to go fine, including the graphical plymouth to unlock. I'm going to close this bug, it can be re-opened if we find something else. |