Bug 460700

Summary: anaconda should do encrypted devices a bit differently
Product: [Fedora] Fedora Reporter: Ray Strode [halfline] <rstrode>
Component: anacondaAssignee: David Lehman <dlehman>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: jlaska, pjones
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-09-30 18:03:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ray Strode [halfline] 2008-08-29 20:11:58 UTC
<halfline> dlehman: okay so the plan going forward is 1) change encrypted devices in fstab to us /dev/mapper/luks-$UUID instead of
           UUID=$OTHERUUID 2) change crypttab to use luks-$UUID instead of luks-sda2 3) change anaconda to require a global passphrase for new
           setups, adding a global passphrase for old setups ?                                                        

<dlehman> halfline: sounds right to me 
<pjones+ sounds right, yeah.

Comment 1 Ray Strode [halfline] 2008-09-03 14:25:57 UTC
here's a follow up conversation about this issue:

<jlaska> halfline: hey, I saw you and dlehman talking about the device paths used in fstab and crypttab               
<jlaska> I'm working through validating the expected results of an install ... comparing crypttab and fstab contents etc...
<jlaska> did you guys discuss changes on that front?
<halfline> jlaska: yea                      
<halfline> i filed a bug                      
<halfline> one sec, lemme find it             
<halfline> jlaska: https://bugzilla.redhat.com/show_bug.cgi?id=460700
<jlaska> halfline: ah okay, so the goal is to use UUID throughout both cryptab and fstab?
<jlaska> err I guess, what was the backstory ... was there something breaking that you found during plymouth work?
<halfline> jlaska: we need to correlate crypttab and fstab
<halfline> so we can provide a prompt to the user
<halfline> like "/opt is password protected"
<halfline> because of the way crypttab and fstab are written out currently
<halfline> there's no way to map an entry in crypttab to one that's in fstab   
<halfline> so we can't determine "this encrypted device here is "/opt"    
<jlaska> gotcha                                        
<jlaska> okay, that's the struggle I'm finding right now in trying to write some validation of encrypted installs

Comment 2 David Lehman 2008-09-11 22:14:04 UTC
Anaconda commit 6ba27da62255443446b288f8e042addf19d7815e should handle #1 from comment #1. Commit 55e2d031258af55908da2ebb070e2203e4626caa should take care of #2.

A fix for item #3 should land in anaconda GIT tonight.