Description of problem: The names of dm-crypt/LUKS mappings, as well as the specification of the underlying device in /etc/crypttab, currently use the device node (eg: sda2). This is not a reliable means of identifying a block device. The LUKS UUID, however, is both constant and unique. The proposal has three parts. First, dm-crypt mapping names created by anaconda will no longer take the form "luks-<device>" (eg: luks-sda3) Instead they will be of the form "luks-<luksuuid>" (eg: luks-50ec957a-5b5a-47ee-85e6-f8085bbc97a8) Second, crypttab entries will no longer refer to to devices by device node. Instead, devices will be identified using the LUKS UUID. The third part serves to facilitate testing and validation. Entries for encrypted block devices in /etc/fstab will no longer refer to devices using the filesystem UUID -- instead, they will be referred to using the mapped device name. This name is constant and unique (like the UUID alone) since the name is based on the LUKS UUID, and not a device node subject to change across reboots, hardware reconfiguration, &c. Version-Release number of selected component (if applicable): anaconda-11.1.2.120-2.i386.rpm
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Fixed in anaconda-11.1.2.126-1.
(In reply to comment #0) > The proposal has three parts. First, dm-crypt mapping names created by anaconda > will no longer take the form > > "luks-<device>" (eg: luks-sda3) > > Instead they will be of the form > > "luks-<luksuuid>" (eg: luks-50ec957a-5b5a-47ee-85e6-f8085bbc97a8) > This works, see: # mount | grep luks /dev/mapper/luks-742aea3a-205d-41c5-ace6-0c10cc127596 on /data type ext3 (rw) > Second, crypttab entries will no longer refer to to devices by device node. > Instead, devices will be identified using the LUKS UUID. > Also works, see: # cat /etc/crypttab luks-742aea3a-205d-41c5-ace6-0c10cc127596 UUID=742aea3a-205d-41c5-ace6-0c10cc127596 none > The third part serves to facilitate testing and validation. Entries for > encrypted block devices in /etc/fstab will no longer refer to devices using the > filesystem UUID -- instead, they will be referred to using the mapped device > name. This name is constant and unique (like the UUID alone) since the name is > based on the LUKS UUID, and not a device node subject to change across reboots, > hardware reconfiguration, &c. > Doesn't really work (/data is encrypted): # cat /etc/fstab LABEL=/ / ext3 defaults 1 1 LABEL=/data /data ext3 defaults 1 2 /dev/sda1 /boot/efi vfat defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 LABEL=SWAP-sda2 swap swap defaults 0 0 I would expect instead of LABEL=/data to see /dev/mapper/luks-742aea3a-205d-41c5-ace6-0c10cc127596 in the first column.
FAILS_QA seems appropriate to me.
Fix for final item (don't use label in fstab for LUKS devs) is in anaconda-11.1.2.135-1.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0164.html