2224235 – ReaR fails to reapply normal LUKS key upon recovery displaying a BUG error

Bug 2224235 - ReaR fails to reapply normal LUKS key upon recovery displaying a BUG error

Summary: ReaR fails to reapply normal LUKS key upon recovery displaying a BUG error

Keywords:
Status:	POST
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	rear
Sub Component:
Version:	8.8
Hardware:	All
OS:	All
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Pavel Cahyna
QA Contact:	Jakub Haruda
Docs Contact:
URL:
Whiteboard:
Depends On:	2228779
Blocks:
TreeView+	depends on / blocked

Reported:	2023-07-20 08:44 UTC by Renaud Métrich
Modified:	2023-08-07 17:55 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	2228779 (view as bug list)
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	rear/rear/commit/728c2b000efd79c9e6f8cd82e1bbcded79c1f57d	0	None	None	None	2023-08-02 17:31:19 UTC
Red Hat Issue Tracker	RHELPLAN-162827	0	None	None	None	2023-07-20 08:45:53 UTC

Description Renaud Métrich 2023-07-20 08:44:09 UTC

Description of problem:

When restoring a LUKS encrypted system being unlocked using a keyfile, the reassignment of the keyfile to the newly recovered LUKS devices fails with following output:
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
Error: Restored files do not match the recreated system in /mnt/local
ERROR: 
====================
BUG in /usr/share/rear/finalize/GNU/Linux/240_reassign_luks_keyfiles.sh line 29:
'temporary keyfile /tmp/LUKS-keyfile-luks-6f7e7b9a-4fae-4d56-af3a-54ceb11174a3 not found'
--------------------
Please report this issue at https://github.com/rear/rear/issues
and include the relevant parts from /var/log/rear/rear-vm-luks88.log
preferably with full debug information via 'rear -D recover'
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

The issue happens because of a bug in the code, which was fixed Upstream by commit 728c2b000efd79c9e6f8cd82e1bbcded79c1f57d.

Version-Release number of selected component (if applicable):

rear-2.6-9.el8.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Setup a system with LUKS encrypted /dev/rhel/root and /dev/rhel/swap

  # Disk partitioning information
  part pv.356 --fstype="lvmpv" --ondisk=vda --size=19455
  part /boot --fstype="xfs" --ondisk=vda --size=1024
  volgroup rhel --pesize=4096 pv.356
  logvol / --fstype="xfs" --size=10240 --encrypted --label="ROOT" --luks-version=luks2 --name=root --vgname=rhel
  logvol swap --fstype="swap" --size=2048 --encrypted --luks-version=luks2 --name=swap --vgname=rhel

2. Create/setup a LUKS key for automatic unlocking

  # dd if=/dev/urandom of=/lukskey bs=1K count=4
  # chmod 400 /lukskey
  # cryptsetup luksAddKey /dev/rhel/root /lukskey
  [...]
  # cryptsetup luksAddKey /dev/rhel/swap /lukskey
  [...]

  # cat /etc/crypttab
  luks-c29a6bb5-539e-42fe-9eeb-a6ba0863bb17 UUID=c29a6bb5-539e-42fe-9eeb-a6ba0863bb17 /lukskey discard
  luks-6f7e7b9a-4fae-4d56-af3a-54ceb11174a3 UUID=6f7e7b9a-4fae-4d56-af3a-54ceb11174a3 /lukskey discard

  # cat /etc/dracut.conf.d/luks.conf 
  install_items+=" /lukskey "

  
  # cat /etc/default/grub
  [...]
  #GRUB_CMDLINE_LINUX="resume=/dev/mapper/luks-6f7e7b9a-4fae-4d56-af3a-54ceb11174a3 rd.luks.uuid=luks-c29a6bb5-539e-42fe-9eeb-a6ba0863bb17 rd.lvm.lv=rhel/root rd.luks.uuid=luks-6f7e7b9a-4fae-4d56-af3a-54ceb11174a3 rd.lvm.lv=rhel/swap console=tty0 console=ttyS0,115200n8"
  GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"
  [...]
  # grub2-mkconfig /etc/grub2.cfg

  # cat /etc/fstab
  [...]
  /dev/mapper/luks-c29a6bb5-539e-42fe-9eeb-a6ba0863bb17 /                       xfs     defaults,x-initrd.mount,x-systemd.device-timeout=60 0 0
  /dev/mapper/luks-6f7e7b9a-4fae-4d56-af3a-54ceb11174a3 none                    swap    defaults,x-initrd.mount,x-systemd.device-timeout=60 0 0

  # dracut -f --regenerate-all
  # reboot

3. Create a backup and try restoring it

Actual results:

-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
Error: Restored files do not match the recreated system in /mnt/local
ERROR: 
====================
BUG in /usr/share/rear/finalize/GNU/Linux/240_reassign_luks_keyfiles.sh line 29:
'temporary keyfile /tmp/LUKS-keyfile-luks-6f7e7b9a-4fae-4d56-af3a-54ceb11174a3 not found'
--------------------
Please report this issue at https://github.com/rear/rear/issues
and include the relevant parts from /var/log/rear/rear-vm-luks88.log
preferably with full debug information via 'rear -D recover'
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

Expected results:

No BUG

Note You need to log in before you can comment on or make changes to this bug.