Description of problem: I've been trying to get Anaconda to prompt me for a LUKS passphrase during kickstart, so that I don't have to hardcode the passphrase I want to use inside the kickstart file itself in plain text. (via the --passphrase='somestring' argument.) The anaconda documentation states that if no value for --passphrase is provided in kickstart, that anaconda will prompt me for one before moving on. however, this is not the case. I have tried using part with --encrypt, and various combinations of --passphrase to get it to prompt me. `--encrypt --passphrase` and `--encrypt --passphrase=''` and `--encrypt` without --passphrase all throw the same exception. Version-Release number of selected component: anaconda-20.25.15-1 The following was filed automatically by anaconda: anaconda 20.25.15-1 exception report Traceback (most recent call first): File "/usr/lib/python2.7/site-packages/blivet/formats/luks.py", line 188, in create raise LUKSError("luks device has no key/passphrase") File "/usr/lib/python2.7/site-packages/blivet/deviceaction.py", line 473, in execute options=self.device.formatArgs) File "/usr/lib/python2.7/site-packages/blivet/devicetree.py", line 239, in processActions action.execute() File "/usr/lib/python2.7/site-packages/blivet/__init__.py", line 308, in doIt self.devicetree.processActions() File "/usr/lib/python2.7/site-packages/blivet/__init__.py", line 167, in turnOnFilesystems storage.doIt() File "/usr/lib64/python2.7/site-packages/pyanaconda/install.py", line 142, in doInstall turnOnFilesystems(storage, mountOnly=flags.flags.dirInstall) File "/usr/lib64/python2.7/threading.py", line 764, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib64/python2.7/site-packages/pyanaconda/threads.py", line 192, in run threading.Thread.run(self, *args, **kwargs) LUKSError: luks device has no key/passphrase Additional info: cmdline: /usr/bin/python /sbin/anaconda cmdline_file: initrd=f20/x86_64/initrd.img repo=http://10.100.0.3/yum/fedora/20/iso/x86_64/ ks=http://10.100.0.3/~vector/ks/f20-kde-x64-ks.cfg BOOT_IMAGE=f20/x86_64/vmlinuz executable: /sbin/anaconda hashmarkername: anaconda kernel: 3.11.10-301.fc20.x86_64 product: Fedora release: Cannot get release name. type: anaconda version: 20
Created attachment 898988 [details] File: anaconda-tb
Created attachment 898989 [details] File: anaconda.log
Created attachment 898990 [details] File: environ
Created attachment 898991 [details] File: ks.cfg
Created attachment 898992 [details] File: lsblk_output
Created attachment 898993 [details] File: nmcli_dev_list
Created attachment 898994 [details] File: os_info
Created attachment 898995 [details] File: program.log
Created attachment 898996 [details] File: storage.log
Created attachment 898997 [details] File: syslog
Created attachment 898998 [details] File: ifcfg.log
Created attachment 898999 [details] File: packaging.log
OK, wow. I should file another bug against ABRT inside anaconda. It should strip out any password hashes it finds. Or at least it would be nice if I could sanitize the attachment myself before it sends it, sheesh!
Also, the kickstart documentation I was working from that set the expectations: https://fedoraproject.org/wiki/Anaconda/Kickstart#part_or_partition
Created attachment 899000 [details] anaconda-tb log file, sanitized to remove sensitive things. Sensitive data removed.
Hi! We believe that this was fixed in anaconda-21.21-1. Please be aware that text mode does not handle encryption at all, so in text mode you will not be prompted for a passphrase. The fix is that the actual install ought not to begin and you will be warned of the missing passphrase. The GUI will, however, prompt you for a passphrase. If you wish to file separate bugs for the issues you raised in Comment 13 and Comment 14, please do so. Thanks, - mulhern *** This bug has been marked as a duplicate of bug 1023442 ***