[Bug 796167] New: splitting of cryptsetup-mkinitrd broke booting systems that reside on an encrypted lvm
https://bugzilla.novell.com/show_bug.cgi?id=796167 https://bugzilla.novell.com/show_bug.cgi?id=796167#c0 Summary: splitting of cryptsetup-mkinitrd broke booting systems that reside on an encrypted lvm Classification: openSUSE Product: openSUSE Factory Version: 12.3 Milestone 1 Platform: x86-64 OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: cobexer@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20121226 Firefox/19.0 the initrd did not contain the programs necessary to do a cryptsetup luksOpen ... and thus the system was unable to access it's partitions and could not boot there were a lot of messages scrolling all over the screen for a few minutes: --- PARTIAL MODE. Incomplete logical volumes will be processed. Volume Group "system" not found ... Could not find /dev/mapper/system-root. Want me to fall back to /dev/system/root? (Y/n) --- installing cryptsetup-mkinitrd fixed the problem. why was this not installed by default??? Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=796167 https://bugzilla.novell.com/show_bug.cgi?id=796167#c1 Christoph Obexer <cobexer@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|security-team@suse.de |idonmez@suse.com --- Comment #1 from Christoph Obexer <cobexer@gmail.com> 2012-12-29 22:56:23 UTC --- assigning to idonmez since he committed cryptsetup-mkinitrd to Factory -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=796167 https://bugzilla.novell.com/show_bug.cgi?id=796167#c2 Ismail Donmez <idonmez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |idonmez@suse.com AssignedTo|idonmez@suse.com |lnussel@suse.com --- Comment #2 from Ismail Donmez <idonmez@suse.com> 2013-01-02 18:54:41 UTC --- Ludwig? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=796167 https://bugzilla.novell.com/show_bug.cgi?id=796167#c3 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lnussel@suse.com AssignedTo|lnussel@suse.com |aschnell@suse.com --- Comment #3 from Ludwig Nussel <lnussel@suse.com> 2013-01-07 10:18:28 CET --- Hmm. I've added a packageand(mkinitrd:cryptsetup) to the package to have it auto installed if both mkinitrd and cryptsetup are installed. To make really sure yast could probably also add it as requirement when installing with root on crypted lvm. Would that be possible? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=796167 https://bugzilla.novell.com/show_bug.cgi?id=796167#c4 --- Comment #4 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-01-07 11:00:10 CET --- This is an autogenerated message for OBS integration: This bug (796167) was mentioned in https://build.opensuse.org/request/show/147355 Factory / cryptsetup-mkinitrd -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=796167 https://bugzilla.novell.com/show_bug.cgi?id=796167#c5 Arvin Schnell <aschnell@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |aschnell@suse.com Resolution| |FIXED --- Comment #5 from Arvin Schnell <aschnell@suse.com> 2013-01-07 17:33:38 UTC --- The package dependencies have to work reliable for 'zypper up' anyway so I don't see the need to add special handling in YaST. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=796167 https://bugzilla.novell.com/show_bug.cgi?id=796167#c6 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #6 from Ludwig Nussel <lnussel@suse.com> 2013-01-08 09:14:56 CET --- the "zypper dup" case is handled by the split-provides, I'm referring to the initial installation here. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=796167 https://bugzilla.novell.com/show_bug.cgi?id=796167#c7 --- Comment #7 from Sascha Peilicke <speilicke@suse.com> 2013-01-08 08:42:57 UTC --- Created an attachment (id=519267) --> (http://bugzilla.novell.com/attachment.cgi?id=519267) Solver testcase (In reply to comment #6)
the "zypper dup" case is handled by the split-provides, I'm referring to the initial installation here.
No, it is not. Yesterday, I spend some time with Dirk to debug why this is the case. Here's the result of "zypper -v dup --debug-solver" from the old set of packages (before the split). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=796167 https://bugzilla.novell.com/show_bug.cgi?id=796167#c8 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mls@suse.com --- Comment #8 from Ludwig Nussel <lnussel@suse.com> 2013-01-08 10:06:52 CET --- Ok, so either we need to split the bug into separate ones now or take one step at a time. From my PoV the packaging side is implemented correctly by the split-provides and the new packageand I added yesterday. If zypp doesn't evaluate those tags properly it's a zypp or solver bug so we have to reassign. But first I'd like to have Arvin make yast explicitly require cryptsetup-mkinitrd during initial installation if root is on crypted lvm. Just to make sure it's installed as the package tags are only weak deps. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=796167 https://bugzilla.novell.com/show_bug.cgi?id=796167#c9 Arvin Schnell <aschnell@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED AssignedTo|aschnell@suse.com |lnussel@suse.com --- Comment #9 from Arvin Schnell <aschnell@suse.com> 2013-01-08 09:53:27 UTC --- Apparently I misunderstood "to make really sure yast could probably ..." as being something nice to have. The problem with adding cryptsetup-mkinitrd during installation only if the volume group is using an encrypted physical volume is that the package will be missing if later on an encrypted physical volume is added to a volume group so far not including encrypted physical volumes. So I will simply add cryptsetup-mkinitrd where so far cryptsetup is installed. After all I don't see the reason for a package-split with only a few files - and no reason is provided in the changelog. I recommend to make a separate bug for the zypp problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=796167 https://bugzilla.novell.com/show_bug.cgi?id=796167#c10 --- Comment #10 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-01-14 16:00:24 CET --- This is an autogenerated message for OBS integration: This bug (796167) was mentioned in https://build.opensuse.org/request/show/148446 Factory / yast2-storage -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com