In the new anaconda webUI workflow, if you enter an encryption passphrase using non-ASCII characters, there is no error or warning. When you then try to actually complete the installation, anaconda crashes, with a blivet error that the characters are not in the acceptable range 0-255 (the extended ASCII character set range). Reproducible: Always Steps to Reproduce: 1. Boot a recent F39 or Rawhide Workstation live image. 2. At g-i-s, select Russian as the language and accept the default keyboard layout. Proceed to the installer. 3. In the installer, choose to encrypt data, and type some string or other - I press the keys "helloworld" on a US keyboard. Proceed through the installation process. Actual Results: No warning or error is shown about the passphrase selected. When the install starts, it soon crashes, with an error "org.fedoraproject.Anaconda.Error: 1088 not in range 0 to 255". In the detailed logs we can see this error originates in blivet (attached). Expected Results: The passphrase should trigger some kind of warning or error; it's not a good idea to let users enter non-Latin passphrases, even if we could somehow fix it so they *work* at creation time at least. They may well not be able to enter them again at unlock time anyway. I'm pretty sure the old UI refused to let you do this.
Proposing as a Beta blocker as a conditional violation of "Encrypt newly-created storage volumes" at https://fedoraproject.org/wiki/Fedora_39_Beta_Release_Criteria#Custom_partitioning , and the subsequent requirements that the install must succeed. Conditional on entering an encryption passphrase with non-ASCII characters.
Created attachment 1985103 [details] storage.log showing the error
Reproduced outside Anaconda with just libblockdev Python bindings so moving to libblockdev. This is caused by the LUKS support changes in the recently released libblockdev 3.0 and should also happen with the GTK based Anaconda UI so I am also removing the WebUI tracker bug.
Reproducer with just libblockdev: In [1]: from gi.repository import BlockDev; BlockDev.init() Out[1]: True In [2]: BlockDev.CryptoKeyslotContext(passphrase="дддддддд") --------------------------------------------------------------------------- OverflowError Traceback (most recent call last) Cell In[2], line 1 ----> 1 BlockDev.CryptoKeyslotContext(passphrase="дддддддд") File /usr/lib64/python3.11/site-packages/gi/overrides/BlockDev.py:270, in CryptoKeyslotContext.__new__(cls, passphrase, keyfile, keyfile_offset, key_size, keyring, volume_key) 268 if passphrase: 269 if isinstance(passphrase, str): --> 270 ret = BlockDev.CryptoKeyslotContext.new_passphrase([ord(c) for c in passphrase]) 271 else: 272 ret = BlockDev.CryptoKeyslotContext.new_passphrase(passphrase) OverflowError: Item 0: 1076 not in range 0 to 255
Um. I think you missed some of my notes in the description. "The passphrase should trigger some kind of warning or error; it's not a good idea to let users enter non-Latin passphrases, even if we could somehow fix it so they *work* at creation time at least. They may well not be able to enter them again at unlock time anyway. I'm pretty sure the old UI refused to let you do this."
OK, I checked. The old UI doesn't *prevent* you from doing this, but it does *warn* you: "The passphrase you have provided contains non-ASCII characters. You may not be able to switch between keyboard layouts when typing it." I'm setting this back to anaconda and blocking the UI tracker again. I'll create a separate bug for the blockdev part.
Filed https://bugzilla.redhat.com/show_bug.cgi?id=2234928 for the blockdev part.
This has enough votes in https://pagure.io/fedora-qa/blocker-review/issue/1193 to be a blocker, but as the proposer I'm no longer convinced that it is, so I'm leaving that open to discuss at Monday's meeting. However, to let the anaconda team implement a fix on Monday if they want to, let's say it's definitely accepted as at least a freeze exception issue (to add the warning back).
Created attachment 1985679 [details] the warning oldUI shows when you do this For reference, this is the warning that the old UI shows when you put a non-ASCII character in the passphrase.
Discussed during the 2023-08-28 blocker review meeting: [0] The decision to delay the classification of this as a blocker bug was made as currently, votes are +4 / -4, with the remaining +1s from earlier ticket votes. We will describe the situation more clearly in the ticket and ask if anyone who voted +1 wishes to change their vote [0] https://meetbot.fedoraproject.org/fedora-blocker-review/2023-08-28/f39-blocker-review.2023-08-28-16.07.txt
PR: https://github.com/rhinstaller/anaconda/pull/5114
Discussed during the 2023-09-04 blocker review meeting: [1] The decision to classify this bug as a RejectedBlocker (Beta) AcceptedFreezeException (Beta) was made: "We agreed that anaconda not displaying a warning here is not in itself serious enough to be a blocker bug, but fixing it would be useful. The libblockdev crash and gnome-initial-setup keyboard layout selection issues are being addressed separately." [1] https://meetbot-raw.fedoraproject.org/fedora-blocker-review/2023-09-04/f39-blocker-review.2023-09-04-16.00.log.txt
FEDORA-2023-755dc0b0c0 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-755dc0b0c0
Confirmed fixed, the warning is now shown.
FEDORA-2023-755dc0b0c0 has been pushed to the Fedora 39 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-755dc0b0c0` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-755dc0b0c0 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2023-755dc0b0c0 has been pushed to the Fedora 39 stable repository. If problem still persists, please make note of it in this bug report.