2152509 – autopart --encrypted fails in FIPS

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 2152509 - autopart --encrypted fails in FIPS

Summary: autopart --encrypted fails in FIPS

Keywords:
Status:	CLOSED DUPLICATE of bug 2148841
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	libblockdev
Sub Component:
Version:	9.2
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Vojtech Trefny
QA Contact:	Storage QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-12-12 08:11 UTC by Ondrej Moriš
Modified:	2022-12-13 14:06 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-12-13 14:06:47 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
Kickstart (25.92 KB, text/plain) 2022-12-12 08:11 UTC, Ondrej Moriš	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-141849	0	None	None	None	2022-12-12 08:14:19 UTC

Description Ondrej Moriš 2022-12-12 08:11:13 UTC

Created attachment 1931973 [details]
Kickstart

Description of problem:

Installation with fips=1 fails on "autopart --encrypted --passphrase=fo0m4nchU" because of insufficient --cipher option default.

Version-Release number of selected component (if applicable):

Anaconda in RHEL-9.2.0-20221209.2

How reproducible:

100%

Steps to Reproduce:

1. Clone Beaker job https://beaker.engineering.redhat.com/jobs/7330519 or use attached kickstart.

Actual results:

19:56:07,899 WARNING org.fedoraproject.Anaconda.Modules.Storage:DEBUG:blivet:                PartitionDevice.setup: vda2 ; orig: False ; status: True ; controllable: True ;
19:56:07,902 WARNING org.fedoraproject.Anaconda.Modules.Storage:DEBUG:blivet:                LUKS.create: device: /dev/vda2 ; type: luks ; status: False ;
19:56:07,905 WARNING org.fedoraproject.Anaconda.Modules.Storage:DEBUG:blivet:                  LUKS._create: device: /dev/vda2 ; type: luks ; status: False ;
19:56:08,024 WARNING org.fedoraproject.Anaconda.Modules.Storage:INFO:program:[cryptsetup] Not compatible PBKDF2 options (using hash algorithm sha256).
19:56:08,024 WARNING org.fedoraproject.Anaconda.Modules.Storage:INFO:anaconda.threading:Thread Failed: AnaTaskThread-CreateStorageLayoutTask-1 (139647186265664)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:ERROR:anaconda.modules.common.task.task:Thread AnaTaskThread-CreateStorageLayoutTask-1 has failed: Traceback (most recent call last):
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/gi/overrides/BlockDev.py", line 1093, in wrapped
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    ret = orig_obj(*args, **kwargs)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/gi/overrides/BlockDev.py", line 224, in crypto_luks_format
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return _crypto_luks_format(device, cipher, key_size, passphrase, key_file, min_entropy, luks_version, extra)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to format device: Invalid argument (3)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:During handling of the above exception, another exception occurred:
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:Traceback (most recent call last):
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/threading.py", line 275, in run
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    threading.Thread.run(self)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/threading.py", line 917, in run
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._target(*self._args, **self._kwargs)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/common/task/task.py", line 96, in _thread_run_callback
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._task_run_callback()
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/common/task/task.py", line 109, in _task_run_callback
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._set_result(self.run())
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/storage/installation.py", line 86, in run
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._turn_on_filesystems(
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/storage/installation.py", line 166, in _turn_on_filesystems
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    storage.do_it(callbacks)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/blivet.py", line 115, in do_it
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self.devicetree.actions.process(callbacks=callbacks, devices=self.devices)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/actionlist.py", line 47, in wrapped_func
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return func(obj, *args, **kwargs)
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/actionlist.py", line 284, in process
19:56:08,026 WARNING org.fedoraproject.Anaconda.Modules.Storage:    action.execute(callbacks)
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/deviceaction.py", line 662, in execute
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self.device.format.create(device=self.device.path,
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/formats/__init__.py", line 517, in create
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._create(**kwargs)
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/formats/luks.py", line 322, in _create
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:    blockdev.crypto.luks_format(self.device,
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/gi/overrides/BlockDev.py", line 1115, in wrapped
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:    raise transform[1](msg)
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:gi.overrides.BlockDev.CryptoError: Failed to format device: Invalid argument
19:56:08,027 WARNING org.fedoraproject.Anaconda.Modules.Storage:INFO:anaconda.threading:Thread Done: AnaTaskThread-CreateStorageLayoutTask-1 (139647186265664)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:WARNING:dasbus.server.handler:The call org.fedoraproject.Anaconda.Task.Finish has failed with an exception:
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:Traceback (most recent call last):
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/gi/overrides/BlockDev.py", line 1093, in wrapped
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    ret = orig_obj(*args, **kwargs)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/gi/overrides/BlockDev.py", line 224, in crypto_luks_format
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return _crypto_luks_format(device, cipher, key_size, passphrase, key_file, min_entropy, luks_version, extra)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:gi.repository.GLib.GError: g-bd-crypto-error-quark: Failed to format device: Invalid argument (3)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:During handling of the above exception, another exception occurred:
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:Traceback (most recent call last):
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/dasbus/server/handler.py", line 418, in _method_callback
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    result = self._handle_call(
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/dasbus/server/handler.py", line 234, in _handle_call
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return handler(*parameters)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/common/task/task_interface.py", line 114, in Finish
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self.implementation.finish()
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/common/task/task.py", line 175, in finish
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    threadMgr.raise_if_error(self._thread_name)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/threading.py", line 166, in raise_if_error
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    raise exc_info[1]
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/threading.py", line 275, in run
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    threading.Thread.run(self)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/threading.py", line 917, in run
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._target(*self._args, **self._kwargs)
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/common/task/task.py", line 96, in _thread_run_callback
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._task_run_callback()
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/common/task/task.py", line 109, in _task_run_callback
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._set_result(self.run())
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/storage/installation.py", line 86, in run
19:56:08,629 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._turn_on_filesystems(
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/pyanaconda/modules/storage/installation.py", line 166, in _turn_on_filesystems
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    storage.do_it(callbacks)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/blivet.py", line 115, in do_it
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self.devicetree.actions.process(callbacks=callbacks, devices=self.devices)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/actionlist.py", line 47, in wrapped_func
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return func(obj, *args, **kwargs)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/actionlist.py", line 284, in process
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    action.execute(callbacks)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/deviceaction.py", line 662, in execute
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self.device.format.create(device=self.device.path,
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/formats/__init__.py", line 517, in create
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    self._create(**kwargs)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/threads.py", line 53, in run_with_lock
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    return m(*args, **kwargs)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib/python3.9/site-packages/blivet/formats/luks.py", line 322, in _create
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    blockdev.crypto.luks_format(self.device,
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:  File "/usr/lib64/python3.9/site-packages/gi/overrides/BlockDev.py", line 1115, in wrapped
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:    raise transform[1](msg)
19:56:08,631 WARNING org.fedoraproject.Anaconda.Modules.Storage:gi.overrides.BlockDev.CryptoError: Failed to format device: Invalid argument

Additional info:

When fips mode is disable during the installation, the same kickstart installs flawlessly. Also, the same kickstart worked fine on RHEL-9.1.0 RC. Most likely the ciphersuite passed by anaconda to cryptsetup is not compatible with FIPS 140-3 anymore.

Comment 2 Ondrej Moriš 2022-12-13 14:06:12 UTC

I just found out that this is a duplicate of BZ#2148841.

Comment 3 Ondrej Moriš 2022-12-13 14:06:47 UTC


*** This bug has been marked as a duplicate of bug 2148841 ***

Note You need to log in before you can comment on or make changes to this bug.