Bug 479865

Summary: encrypted swap disabled during f10 upgrade
Product: [Fedora] Fedora Reporter: Sam W. <weiler+redhat-bugzilla>
Component: anacondaAssignee: David Lehman <dlehman>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: dlehman, jgranado
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-01-20 18:37:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 472555    
Attachments:
Description Flags
anaconda.log none

Description Sam W. 2009-01-13 17:15:36 UTC 
Description of problem:

upgrading to f10 (using media), anaconda silently rewrites /etc/crypttab and /etc/fstab so as to disable encrypted swap.  During an u-g from f8, I editted crypttab and fstab to prepend "luks-" on the mapper labels for both encrypted ext3 partitions and the encrypted swap.  After u-g completed, the fstab entry just lists the raw swap partition (UUID...) and swap doesn't appear in crypttab at all.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 David Lehman 2009-01-22 18:06:45 UTC 
It seems as though anaconda was unable to recognize your swap partition as being encrypted. Do your encrypted partitions have different passphrases? If so, were you prompted for both/all of them during the upgrade?

What (exactly) did your fstab and crypttab look like before the upgrade? Can you attach /var/log/anaconda.log to this bug?
Comment 2 Sam W. 2009-01-22 19:17:59 UTC 
Created attachment 329730 [details]
anaconda.log
Comment 3 Sam W. 2009-01-22 19:19:06 UTC 
Swap was encrypted with a random transient key.  There was only one other encrypted partition (with a different, long-lived passphrase).  I was only prompted for one passphrase (as was appropriate).

Before the upgrade crypttab:
swap /dev/sda6 /dev/urandom swap,cipher=aes-cbc-essiv:sha256 
weiler /dev/sda5 none

fstab:
/dev/mapper/swap         swap                    swap    defaults        0 0
/dev/mapper/weiler        /home/weiler                    ext3    defaults 
       0 0

Based on bug 473352, I then hand-editted both to prepend "luks", though I didn't retain those editted files.  fstab-anaconda shows:
/dev/mapper/luks-swap         swap                    swap    defaults        0 
0
/dev/mapper/luks-weiler        /home/weiler                    ext3    defaults 
       0 0

crypttab was similar.
Comment 4 David Lehman 2009-01-23 22:35:05 UTC 
This is a bug, as you have probably guessed. We do not include in /etc/crypttab any encrypted devices which we have not accessed. We also do not have any smarts to handle random transient keys, or any random keys for that matter.

This code is being rewritten for F11. This bug will be taken into account when doing the rewrite. For F10, however, there will not be a fix.
Comment 5 Joel Andres Granados 2009-09-09 11:43:36 UTC 
Is this still an issue in f12 alpha or later?
Comment 6 Bug Zapper 2009-11-16 09:46:19 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping