Bug 460700 - anaconda should do encrypted devices a bit differently
anaconda should do encrypted devices a bit differently
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: anaconda (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: David Lehman
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-29 16:11 EDT by Ray Strode [halfline]
Modified: 2008-09-30 14:03 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-30 14:03:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ray Strode [halfline] 2008-08-29 16:11:58 EDT
<halfline> dlehman: okay so the plan going forward is 1) change encrypted devices in fstab to us /dev/mapper/luks-$UUID instead of
           UUID=$OTHERUUID 2) change crypttab to use luks-$UUID instead of luks-sda2 3) change anaconda to require a global passphrase for new
           setups, adding a global passphrase for old setups ?                                                        

<dlehman> halfline: sounds right to me 
<pjones+ sounds right, yeah.
Comment 1 Ray Strode [halfline] 2008-09-03 10:25:57 EDT
here's a follow up conversation about this issue:

<jlaska> halfline: hey, I saw you and dlehman talking about the device paths used in fstab and crypttab               
<jlaska> I'm working through validating the expected results of an install ... comparing crypttab and fstab contents etc...
<jlaska> did you guys discuss changes on that front?
<halfline> jlaska: yea                      
<halfline> i filed a bug                      
<halfline> one sec, lemme find it             
<halfline> jlaska: https://bugzilla.redhat.com/show_bug.cgi?id=460700
<jlaska> halfline: ah okay, so the goal is to use UUID throughout both cryptab and fstab?
<jlaska> err I guess, what was the backstory ... was there something breaking that you found during plymouth work?
<halfline> jlaska: we need to correlate crypttab and fstab
<halfline> so we can provide a prompt to the user
<halfline> like "/opt is password protected"
<halfline> because of the way crypttab and fstab are written out currently
<halfline> there's no way to map an entry in crypttab to one that's in fstab   
<halfline> so we can't determine "this encrypted device here is "/opt"    
<jlaska> gotcha                                        
<jlaska> okay, that's the struggle I'm finding right now in trying to write some validation of encrypted installs
Comment 2 David Lehman 2008-09-11 18:14:04 EDT
Anaconda commit 6ba27da62255443446b288f8e042addf19d7815e should handle #1 from comment #1. Commit 55e2d031258af55908da2ebb070e2203e4626caa should take care of #2.

A fix for item #3 should land in anaconda GIT tonight.

Note You need to log in before you can comment on or make changes to this bug.