<halfline> dlehman: okay so the plan going forward is 1) change encrypted devices in fstab to us /dev/mapper/luks-$UUID instead of UUID=$OTHERUUID 2) change crypttab to use luks-$UUID instead of luks-sda2 3) change anaconda to require a global passphrase for new setups, adding a global passphrase for old setups ? <dlehman> halfline: sounds right to me <pjones+ sounds right, yeah.
here's a follow up conversation about this issue: <jlaska> halfline: hey, I saw you and dlehman talking about the device paths used in fstab and crypttab <jlaska> I'm working through validating the expected results of an install ... comparing crypttab and fstab contents etc... <jlaska> did you guys discuss changes on that front? <halfline> jlaska: yea <halfline> i filed a bug <halfline> one sec, lemme find it <halfline> jlaska: https://bugzilla.redhat.com/show_bug.cgi?id=460700 <jlaska> halfline: ah okay, so the goal is to use UUID throughout both cryptab and fstab? <jlaska> err I guess, what was the backstory ... was there something breaking that you found during plymouth work? <halfline> jlaska: we need to correlate crypttab and fstab <halfline> so we can provide a prompt to the user <halfline> like "/opt is password protected" <halfline> because of the way crypttab and fstab are written out currently <halfline> there's no way to map an entry in crypttab to one that's in fstab <halfline> so we can't determine "this encrypted device here is "/opt" <jlaska> gotcha <jlaska> okay, that's the struggle I'm finding right now in trying to write some validation of encrypted installs
Anaconda commit 6ba27da62255443446b288f8e042addf19d7815e should handle #1 from comment #1. Commit 55e2d031258af55908da2ebb070e2203e4626caa should take care of #2. A fix for item #3 should land in anaconda GIT tonight.