Bug 479865 - encrypted swap disabled during f10 upgrade
encrypted swap disabled during f10 upgrade
Product: Fedora
Classification: Fedora
Component: anaconda (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: David Lehman
Fedora Extras Quality Assurance
Depends On:
Blocks: AnacondaStorage
  Show dependency treegraph
Reported: 2009-01-13 12:15 EST by Sam W.
Modified: 2010-01-20 13:37 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-01-20 13:37:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
anaconda.log (15.86 KB, application/octet-stream)
2009-01-22 14:17 EST, Sam W.
no flags Details

  None (edit)
Description Sam W. 2009-01-13 12:15:36 EST
Description of problem:

upgrading to f10 (using media), anaconda silently rewrites /etc/crypttab and /etc/fstab so as to disable encrypted swap.  During an u-g from f8, I editted crypttab and fstab to prepend "luks-" on the mapper labels for both encrypted ext3 partitions and the encrypted swap.  After u-g completed, the fstab entry just lists the raw swap partition (UUID...) and swap doesn't appear in crypttab at all.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:
Comment 1 David Lehman 2009-01-22 13:06:45 EST
It seems as though anaconda was unable to recognize your swap partition as being encrypted. Do your encrypted partitions have different passphrases? If so, were you prompted for both/all of them during the upgrade?

What (exactly) did your fstab and crypttab look like before the upgrade? Can you attach /var/log/anaconda.log to this bug?
Comment 2 Sam W. 2009-01-22 14:17:59 EST
Created attachment 329730 [details]
Comment 3 Sam W. 2009-01-22 14:19:06 EST
Swap was encrypted with a random transient key.  There was only one other encrypted partition (with a different, long-lived passphrase).  I was only prompted for one passphrase (as was appropriate).

Before the upgrade crypttab:
swap /dev/sda6 /dev/urandom swap,cipher=aes-cbc-essiv:sha256 
weiler /dev/sda5 none

/dev/mapper/swap         swap                    swap    defaults        0 0
/dev/mapper/weiler        /home/weiler                    ext3    defaults 
       0 0

Based on bug 473352, I then hand-editted both to prepend "luks", though I didn't retain those editted files.  fstab-anaconda shows:
/dev/mapper/luks-swap         swap                    swap    defaults        0 
/dev/mapper/luks-weiler        /home/weiler                    ext3    defaults 
       0 0

crypttab was similar.
Comment 4 David Lehman 2009-01-23 17:35:05 EST
This is a bug, as you have probably guessed. We do not include in /etc/crypttab any encrypted devices which we have not accessed. We also do not have any smarts to handle random transient keys, or any random keys for that matter.

This code is being rewritten for F11. This bug will be taken into account when doing the rewrite. For F10, however, there will not be a fix.
Comment 5 Joel Andres Granados 2009-09-09 07:43:36 EDT
Is this still an issue in f12 alpha or later?
Comment 6 Bug Zapper 2009-11-16 04:46:19 EST
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle.
Changing version to '12'.

More information and reason for this action is here:

Note You need to log in before you can comment on or make changes to this bug.