Bug 588302
Summary: | RFE: support 'noauto' in crypttab | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jelle Geerts <jellegeerts> |
Component: | systemd | Assignee: | Lennart Poettering <lpoetter> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | rawhide | CC: | awilliam, drjohnson1, fedora, felipe.contreras, hdegoede, iarlyy, jonathan, kengert, lpoetter, metherid, mschmidt, notting, plautrba, rstrode, thomasj, vanmeeuwen+fedora |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-02-28 20:01:47 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jelle Geerts
2010-05-03 12:49:04 UTC
You can make this an Anaconda RFE if you like, but essentially this is already implemented. It's dracut, not anaconda, and there are kernel parameters you can use: rd_NO_LUKS Disable crypto LUKS detection rd_LUKS_UUID=<luks uuid> Only activate the LUKS partitions with the given UUID see http://fedoraproject.org/wiki/Dracut/Options . -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers It isn't really implemented in the way requested in this report, though. Also, anaconda isn't the only component this feature request is for, since I pointed out / requested that this be configurable after the installation (I think a lot of users would for example like it to be configurable from a GUI). Example, test setup - F12: ############################################################################## ### file 1 of 4: blkid.txt ############################################################################## /dev/sda1: UUID="dcc4648f-f242-4613-b199-c2c48997b1b7" TYPE="ext4" LABEL="/boot" /dev/sda2: UUID="NhSWGe-WwAd-4e9j-X05i-f1Wf-RCH9-h2hRKM" TYPE="LVM2_member" /dev/mapper/VolGroup-lv_root: UUID="26452833-9fb3-4d0d-b1ce-40e65b87ed86" TYPE="ext4" LABEL="/rootfs" /dev/mapper/VolGroup-lv_swap: UUID="f2e6d5fe-f6e4-47ad-ad66-b662cf18ad48" TYPE="swap" /dev/mapper/VolGroup-LogVol03: UUID="c97cd5b9-cecd-4db8-9551-52c475157e62" TYPE="crypto_LUKS" /dev/mapper/VolGroup-LogVol02: UUID="1df7aea9-8026-4d2e-b486-04d5ced33619" TYPE="crypto_LUKS" /dev/mapper/luks-c97cd5b9-cecd-4db8-9551-52c475157e62: UUID="f571a9d4-f2d6-48be-a386-146b9ff6b57e" TYPE="ext4" LABEL="/trash" /dev/mapper/luks-1df7aea9-8026-4d2e-b486-04d5ced33619: UUID="1fac30d4-f39a-4d72-8862-4594b32272d4" TYPE="ext4" LABEL="/home" ############################################################################## ### file 2 of 4: crypttab.orig ############################################################################## luks-c97cd5b9-cecd-4db8-9551-52c475157e62 UUID=c97cd5b9-cecd-4db8-9551-52c475157e62 none luks-1df7aea9-8026-4d2e-b486-04d5ced33619 UUID=1df7aea9-8026-4d2e-b486-04d5ced33619 none ############################################################################## ### file 3 of 4: crypttab ############################################################################## luks-1df7aea9-8026-4d2e-b486-04d5ced33619 UUID=1df7aea9-8026-4d2e-b486-04d5ced33619 none ############################################################################## ### file 4 of 4: grub.conf ############################################################################## # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,0) # kernel /vmlinuz-version ro root=/dev/mapper/VolGroup-lv_root # initrd /initrd-[generic-]version.img #boot=/dev/sda default=0 timeout=0 splashimage=(hd0,0)/grub/splash.xpm.gz hiddenmenu title Fedora (2.6.32.11-99.fc12.x86_64) root (hd0,0) kernel /vmlinuz-2.6.32.11-99.fc12.x86_64 ro root=/dev/mapper/VolGroup-lv_root LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us rhgb quiet rd_LUKS_UUID="1fac30d4-f39a-4d72-8862-4594b32272d4" rd_NO_LUKS initrd /initramfs-2.6.32.11-99.fc12.x86_64.img By using /etc/crypttab.orig, it still asks for /trash's password. Deleting the line that matches /trash from crypttab, rerun dracut, and it boots but fsck insists that a partition is dirty. If you also remove that line (comment) from fstab, it boots. Sadly, that means you need to edit /etc/{crypttab,fstab,grub.conf} to all match or it tries to mount both crypto filesystems. You could add the entry to autofs so that it would be mountable by the user at will. Debian's solution to this was to use 'noauto' as the 4th param in crypttab. dracut/initrd would need to look for the 4th param to make this work. For F-13 and later anaconda writes a dracut cmdline in such a way, that dracut will only ask for LUKS passwords if they are needed to mount /. This puts this RGE out of anaconda and dracut hands. I think that rc.sysinit will then still ask for LUKS passwords after / has been mounted. Making that configurable would fall up on rc.sysinit, changing component. *** Bug 620589 has been marked as a duplicate of this bug. *** systemd in F-15 supports 'noauto' for crypttab handling; closing as fixed in rawhide. |