479865 – encrypted swap disabled during f10 upgrade

Bug 479865 - encrypted swap disabled during f10 upgrade

Summary: encrypted swap disabled during f10 upgrade

Keywords:
Status:	CLOSED INSUFFICIENT_DATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	anaconda
Sub Component:
Version:	12
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	David Lehman
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	AnacondaStorage
TreeView+	depends on / blocked

Reported:	2009-01-13 17:15 UTC by Sam W.
Modified:	2010-01-20 18:37 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2010-01-20 18:37:27 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
anaconda.log (15.86 KB, application/octet-stream) 2009-01-22 19:17 UTC, Sam W.	no flags	Details
View All

Description Sam W. 2009-01-13 17:15:36 UTC

Description of problem:

upgrading to f10 (using media), anaconda silently rewrites /etc/crypttab and /etc/fstab so as to disable encrypted swap.  During an u-g from f8, I editted crypttab and fstab to prepend "luks-" on the mapper labels for both encrypted ext3 partitions and the encrypted swap.  After u-g completed, the fstab entry just lists the raw swap partition (UUID...) and swap doesn't appear in crypttab at all.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 David Lehman 2009-01-22 18:06:45 UTC

It seems as though anaconda was unable to recognize your swap partition as being encrypted. Do your encrypted partitions have different passphrases? If so, were you prompted for both/all of them during the upgrade?

What (exactly) did your fstab and crypttab look like before the upgrade? Can you attach /var/log/anaconda.log to this bug?

Comment 2 Sam W. 2009-01-22 19:17:59 UTC

Created attachment 329730 [details]
anaconda.log

Comment 3 Sam W. 2009-01-22 19:19:06 UTC

Swap was encrypted with a random transient key.  There was only one other encrypted partition (with a different, long-lived passphrase).  I was only prompted for one passphrase (as was appropriate).

Before the upgrade crypttab:
swap /dev/sda6 /dev/urandom swap,cipher=aes-cbc-essiv:sha256 
weiler /dev/sda5 none

fstab:
/dev/mapper/swap         swap                    swap    defaults        0 0
/dev/mapper/weiler        /home/weiler                    ext3    defaults 
       0 0

Based on bug 473352, I then hand-editted both to prepend "luks", though I didn't retain those editted files.  fstab-anaconda shows:
/dev/mapper/luks-swap         swap                    swap    defaults        0 
0
/dev/mapper/luks-weiler        /home/weiler                    ext3    defaults 
       0 0

crypttab was similar.

Comment 4 David Lehman 2009-01-23 22:35:05 UTC

This is a bug, as you have probably guessed. We do not include in /etc/crypttab any encrypted devices which we have not accessed. We also do not have any smarts to handle random transient keys, or any random keys for that matter.

This code is being rewritten for F11. This bug will be taken into account when doing the rewrite. For F10, however, there will not be a fix.

Comment 5 Joel Andres Granados 2009-09-09 11:43:36 UTC

Is this still an issue in f12 alpha or later?

Comment 6 Bug Zapper 2009-11-16 09:46:19 UTC

This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

Note You need to log in before you can comment on or make changes to this bug.