Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package fde-tools for openSUSE:Factory checked in at 2024-08-01 22:03:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/fde-tools (Old) and /work/SRC/openSUSE:Factory/.fde-tools.new.7232 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "fde-tools" Thu Aug 1 22:03:46 2024 rev:24 rq:1190593 version:0.7.2 Changes: -------- --- /work/SRC/openSUSE:Factory/fde-tools/fde-tools.changes 2024-06-11 18:27:14.156363717 +0200 +++ /work/SRC/openSUSE:Factory/.fde-tools.new.7232/fde-tools.changes 2024-08-01 22:04:03.315540779 +0200 @@ -1,0 +2,7 @@ +Wed Jul 31 06:40:52 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com> + +- Add fde-tools-bsc1218181-replace-crypttab-key-path.patch to + change the key path in crypttab to avoid the unexpected error + (bsc#1218181) + +------------------------------------------------------------------- New: ---- fde-tools-bsc1218181-replace-crypttab-key-path.patch BETA DEBUG BEGIN: New: - Add fde-tools-bsc1218181-replace-crypttab-key-path.patch to change the key path in crypttab to avoid the unexpected error BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ fde-tools.spec ++++++ --- /var/tmp/diff_new_pack.ZBUWz4/_old 2024-08-01 22:04:04.227578394 +0200 +++ /var/tmp/diff_new_pack.ZBUWz4/_new 2024-08-01 22:04:04.231578559 +0200 @@ -38,6 +38,7 @@ Patch6: fde-tools-bsc1218390-Switch-to-target-platform-when-available.patch Patch7: fde-tools-bsc1218390-fix-tpm-present-with-the-newer-pcr-oracle.patch Patch8: fde-tools-bsc1223771-firstboot-make-Pass-phrase-mandatory.patch +Patch9: fde-tools-bsc1218181-replace-crypttab-key-path.patch BuildRequires: help2man BuildRequires: pkgconfig(json-c) BuildRequires: pkgconfig(libcryptsetup) ++++++ fde-tools-bsc1218181-replace-crypttab-key-path.patch ++++++ From b5ef2a580e28f80fc1634b32ebf7377b5c4ed40b Mon Sep 17 00:00:00 2001 From: Gary Lin <glin@suse.com> Date: Fri, 26 Jul 2024 16:27:20 +0800 Subject: [PATCH] firstboot: replace the key file path in crypttab The key file path in crypttab is not necessary after the system completes re-encryption since it becomes only a reference for GRUB2 when generating the synthesized initrd to forward the disk key. Specifying a key file path in the directory other than '/' could introduce the extra dependency when unmounting the LUKS partitions and lead to the unexpected error/warning. Unfortunately, the root partition is read-only in SL-Micro, so KIWI has to create the key file in "/root". To avoid the unexpected error/warning, this commit replace the key file path with "/.virtual-root.key" after the firstboot script removes the default key file. This makes dracut/systemd believe that the key file is in the root partition, so there is no extra dependency when unmounting the LUKS partitions. The initrd also needs to be re-generated at the end to reflect the change in /etc/crypttab. FIXES: bsc#1218181 Signed-off-by: Gary Lin <glin@suse.com> --- firstboot/fde | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/firstboot/fde b/firstboot/fde index 59fdb92..b917a35 100755 --- a/firstboot/fde +++ b/firstboot/fde @@ -112,6 +112,11 @@ function fde_setup_encrypted { return 1 fi rm -f "${luks_keyfile}" + + # Replace the key file path in /etc/crypttab with "/.virtual-root.key" + # to avoid errors when unmounting the LUKS partition (bsc#1218181) + sed -i "s,${luks_keyfile},/.virtual-root.key,g" /etc/crypttab + luks_keyfile="" fi @@ -152,11 +157,12 @@ function fde_setup_encrypted { # Remove the password file rm -f ${pass_keyfile} - # Update /boot/grub2/grub.cfg + # Update initrd and /boot/grub2/grub.cfg if test -d "/boot/writable"; then - transactional-update grub.cfg + transactional-update initrd grub.cfg transactional-update apply else + dracut -f grub2-mkconfig -o /boot/grub2/grub.cfg fi -- 2.35.3