Red Hat Bugzilla – Bug 479865
encrypted swap disabled during f10 upgrade
Last modified: 2010-01-20 13:37:27 EST
Description of problem:
upgrading to f10 (using media), anaconda silently rewrites /etc/crypttab and /etc/fstab so as to disable encrypted swap. During an u-g from f8, I editted crypttab and fstab to prepend "luks-" on the mapper labels for both encrypted ext3 partitions and the encrypted swap. After u-g completed, the fstab entry just lists the raw swap partition (UUID...) and swap doesn't appear in crypttab at all.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
It seems as though anaconda was unable to recognize your swap partition as being encrypted. Do your encrypted partitions have different passphrases? If so, were you prompted for both/all of them during the upgrade?
What (exactly) did your fstab and crypttab look like before the upgrade? Can you attach /var/log/anaconda.log to this bug?
Created attachment 329730 [details]
Swap was encrypted with a random transient key. There was only one other encrypted partition (with a different, long-lived passphrase). I was only prompted for one passphrase (as was appropriate).
Before the upgrade crypttab:
swap /dev/sda6 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
weiler /dev/sda5 none
/dev/mapper/swap swap swap defaults 0 0
/dev/mapper/weiler /home/weiler ext3 defaults
Based on bug 473352, I then hand-editted both to prepend "luks", though I didn't retain those editted files. fstab-anaconda shows:
/dev/mapper/luks-swap swap swap defaults 0
/dev/mapper/luks-weiler /home/weiler ext3 defaults
crypttab was similar.
This is a bug, as you have probably guessed. We do not include in /etc/crypttab any encrypted devices which we have not accessed. We also do not have any smarts to handle random transient keys, or any random keys for that matter.
This code is being rewritten for F11. This bug will be taken into account when doing the rewrite. For F10, however, there will not be a fix.
Is this still an issue in f12 alpha or later?
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.
More information and reason for this action is here: