Bug 441728

Summary: rc.sysinit is trying to "cryptsetup create" on a LUKS partition
Product: [Fedora] Fedora Reporter: Charles R. Anderson <cra>
Component: initscriptsAssignee: Bill Nottingham <notting>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: rawhideCC: rvokal, symbiont
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-15 13:27:37 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 235706    
Attachments:
Description Flags
screenshot of rc.sysinit running w/set -x
none
anaconda install.log
none
anaconda install.log.syslog
none
anaconda-ks.cfg
none
fstab after commenting out /home
none
/etc/crypttab
none
anaconda.log
none
[PATCH] fix for rc.sysinit to call init_crypto again after LVM init none

Description Charles R. Anderson 2008-04-09 14:00:39 EDT
Description of problem:

On a newly installed rawhide system I created an encrypted LV /home.  On bootup,
rc.sysinit tries to initialize this based on the contents of /etc/crypttab, but
it is improperly trying to use "cryptsetup create" for a non-LUKS style of
encrypted filesystem, rather than "cryptsetup luksOpen".

Version-Release number of selected component (if applicable):
8.69-1

How reproducible:
always

Steps to Reproduce:
1. install and create an encrypted filesystem other than / from anaconda
2. boot system
3. system drops to repair shell since it can't fsck the unopened encrypted volume
Comment 1 Charles R. Anderson 2008-04-09 14:15:08 EDT
Created attachment 301868 [details]
screenshot of rc.sysinit running w/set -x

I booted with set -x in /etc/rc.sysinit.  Here is a screenshot showing the
bootup sequence.  cryptsetup isLuks is run on /dev/mapper/fedora.data-home,
which when I run it manually returns 0 (true) so I'm not sure why it is
choosing the "else" clause which runs cryptsetup create.

       if [ -z "$makeswap" ] && cryptsetup isLuks "$src" 2>/dev/null ; then
	    if key_is_random "$key"; then
		echo $"$dst: LUKS requires non-random key, skipping"
		ret=1
		continue
	    fi
	    if [ -n "$params" ]; then
		echo "$dst: options are invalid for LUKS partitions," \
		    "ignoring them"
	    fi
	    /sbin/cryptsetup ${key:+-d $key} luksOpen "$src" "$dst" <&1
	else
	    /sbin/cryptsetup $params ${key:+-d $key} create "$dst" "$src" <&1
2>/dev/null
	fi
Comment 2 Jesse Keating 2008-04-09 14:18:52 EDT
I don't think we're considering non-anaconda applyed crypto setups as release
blockers for F9.  Moving to target (unless bill disagrees and moves it back).
Comment 3 Charles R. Anderson 2008-04-09 14:21:54 EDT
This isn't non-anaconda applied.  Anaconda created all of this, and the system
fails to boot properly.
Comment 4 Charles R. Anderson 2008-04-09 14:31:24 EDT
Created attachment 301871 [details]
anaconda install.log
Comment 5 Charles R. Anderson 2008-04-09 14:32:37 EDT
Created attachment 301874 [details]
anaconda install.log.syslog
Comment 6 Charles R. Anderson 2008-04-09 14:32:55 EDT
Created attachment 301875 [details]
anaconda-ks.cfg
Comment 7 Charles R. Anderson 2008-04-09 14:35:03 EDT
Created attachment 301876 [details]
fstab after commenting out /home
Comment 8 Charles R. Anderson 2008-04-09 14:35:25 EDT
Created attachment 301877 [details]
/etc/crypttab
Comment 9 Charles R. Anderson 2008-04-09 14:40:36 EDT
Created attachment 301879 [details]
anaconda.log
Comment 10 Charles R. Anderson 2008-04-09 15:05:03 EDT
Created attachment 301883 [details]
[PATCH] fix for rc.sysinit to call init_crypto again after LVM init

The problem was that rc.sysinit wasn't handling the case where you have an
encrypted LV.  Calling init_crypto again after LVM is activated fixes the
problem.  Since anaconda now supports creating encrypted LV's, can you please
apply this fix to rc.sysinit?  Thanks.
Comment 11 Bill Nottingham 2008-04-09 16:30:12 EDT
*** Bug 221304 has been marked as a duplicate of this bug. ***
Comment 12 Bill Nottingham 2008-04-09 16:32:02 EDT
Added in git, will be in 8.70-1.

http://git.fedorahosted.org/git/?p=initscripts.git;a=commit;h=1e610b947935fa07f427c06bb0490d92ab67a0ae