Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 460700 - anaconda should do encrypted devices a bit differently
Summary: anaconda should do encrypted devices a bit differently
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: David Lehman
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-08-29 20:11 UTC by Ray Strode [halfline]
Modified: 2008-09-30 18:03 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-09-30 18:03:41 UTC
Type: ---


Attachments (Terms of Use)

Description Ray Strode [halfline] 2008-08-29 20:11:58 UTC
<halfline> dlehman: okay so the plan going forward is 1) change encrypted devices in fstab to us /dev/mapper/luks-$UUID instead of
           UUID=$OTHERUUID 2) change crypttab to use luks-$UUID instead of luks-sda2 3) change anaconda to require a global passphrase for new
           setups, adding a global passphrase for old setups ?                                                        

<dlehman> halfline: sounds right to me 
<pjones+ sounds right, yeah.

Comment 1 Ray Strode [halfline] 2008-09-03 14:25:57 UTC
here's a follow up conversation about this issue:

<jlaska> halfline: hey, I saw you and dlehman talking about the device paths used in fstab and crypttab               
<jlaska> I'm working through validating the expected results of an install ... comparing crypttab and fstab contents etc...
<jlaska> did you guys discuss changes on that front?
<halfline> jlaska: yea                      
<halfline> i filed a bug                      
<halfline> one sec, lemme find it             
<halfline> jlaska: https://bugzilla.redhat.com/show_bug.cgi?id=460700
<jlaska> halfline: ah okay, so the goal is to use UUID throughout both cryptab and fstab?
<jlaska> err I guess, what was the backstory ... was there something breaking that you found during plymouth work?
<halfline> jlaska: we need to correlate crypttab and fstab
<halfline> so we can provide a prompt to the user
<halfline> like "/opt is password protected"
<halfline> because of the way crypttab and fstab are written out currently
<halfline> there's no way to map an entry in crypttab to one that's in fstab   
<halfline> so we can't determine "this encrypted device here is "/opt"    
<jlaska> gotcha                                        
<jlaska> okay, that's the struggle I'm finding right now in trying to write some validation of encrypted installs

Comment 2 David Lehman 2008-09-11 22:14:04 UTC
Anaconda commit 6ba27da62255443446b288f8e042addf19d7815e should handle #1 from comment #1. Commit 55e2d031258af55908da2ebb070e2203e4626caa should take care of #2.

A fix for item #3 should land in anaconda GIT tonight.


Note You need to log in before you can comment on or make changes to this bug.