Hi, On Sat, Dec 05, Richard Brown wrote:
On 5 December 2015 at 19:50, Bruno Friedmann <bruno@ioda-net.ch> wrote:
On Thursday 26 November 2015 20.49:32 Andrei Borzenkov wrote:
26.11.2015 20:38, Robby Engelmann пишет:
sorry, I overlooked that...
boot is on ext4. root, home and swap is a lukscrypt lvm setup with root btrfs and home xfs.
Boot from snapshot is offered only if /boot is on btrfs (actually check is probably wrong, it should check that /boot is on the same filesystem and subvolume as /, but that is another matter).
Then this is a huge limitation on what we offer. TW is advertised with the rollback feature, as a recover measure.
In the new world of sensitive information and privacy, this is a really a problem. People that need to have / encrypted for whatever reason (they are all valid: list of package, database content etc) are just left on the side.
What kind of effort we can do to have grub2 asking luks keypass when starting ? and then being able to decrypt the snapshots ...
Can't be done
In order for Boot to Snapshot to work, Grub needs to be able to read /.snapshots on the root filesystem - this is where the snapshots are stored after all
Grub can't do that if / is encrypted - The only way that would be theretically possible is if you instructed Grub to decrypt root BEFORE showing you the boot menu (this is an option I've seen done in the past)
Ok, since I already told Richard that I don't think that his analysis is fully correct, here now a short description how to setup btrfs, snapshots and rollback with full root filesystem encryption on openSUSE Leap 42.1: - Use GPT disk label - In the partitioner, select encrypted LVM, btrfs for the root filesystem and make sure that the snapshot checkbox is activated. - Install. To do the rollback: Select the approbiate snapshot in the grub2 menu or call "snapper rollback <id>" on the commandline. Both works. And yes, due to old legacy code, it is currently not possible to do this without LVM. But we will work on this. Thorsten -- Thorsten Kukuk, Senior Architect SLES & Common Code Base SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nuernberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org