<halfline> dlehman: okay so the plan going forward is 1) change encrypted devices in fstab to us /dev/mapper/luks-$UUID instead of
UUID=$OTHERUUID 2) change crypttab to use luks-$UUID instead of luks-sda2 3) change anaconda to require a global passphrase for new
setups, adding a global passphrase for old setups ?
<dlehman> halfline: sounds right to me
<pjones+ sounds right, yeah.
here's a follow up conversation about this issue:
<jlaska> halfline: hey, I saw you and dlehman talking about the device paths used in fstab and crypttab
<jlaska> I'm working through validating the expected results of an install ... comparing crypttab and fstab contents etc...
<jlaska> did you guys discuss changes on that front?
<halfline> jlaska: yea
<halfline> i filed a bug
<halfline> one sec, lemme find it
<halfline> jlaska: https://bugzilla.redhat.com/show_bug.cgi?id=460700
<jlaska> halfline: ah okay, so the goal is to use UUID throughout both cryptab and fstab?
<jlaska> err I guess, what was the backstory ... was there something breaking that you found during plymouth work?
<halfline> jlaska: we need to correlate crypttab and fstab
<halfline> so we can provide a prompt to the user
<halfline> like "/opt is password protected"
<halfline> because of the way crypttab and fstab are written out currently
<halfline> there's no way to map an entry in crypttab to one that's in fstab
<halfline> so we can't determine "this encrypted device here is "/opt"
<jlaska> okay, that's the struggle I'm finding right now in trying to write some validation of encrypted installs
Anaconda commit 6ba27da62255443446b288f8e042addf19d7815e should handle #1 from comment #1. Commit 55e2d031258af55908da2ebb070e2203e4626caa should take care of #2.
A fix for item #3 should land in anaconda GIT tonight.