Bug 296409

Summary: incorrect fstab entry for encrypted partition
Product: [openSUSE] openSUSE 10.3 Reporter: Danny Al-Gaaf <dalgaaf>
Component: YaST2Assignee: Thomas Fehr <fehr>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: hvogel, lnussel, werner
Version: Alpha 7   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Danny Al-Gaaf 2007-08-01 12:38:30 UTC 
1) broken insserv chain
   - remove boot.localfs from Required-Start in boot.crypto
   - add boot.crypto to Should-Start in boot.localfs
2) the boot.crypto script don't load the correct keyboardlayout. My machine has a german keyboard (everything was configured correct while install and it work in a booted system) but while dialog for password a US-layout is used while boot process.
Comment 1 Hendrik Vogelsang 2007-08-06 13:12:11 UTC 
the init scripts are werners work. And if this is an blocker i eat a broom...
Comment 4 Ludwig Nussel 2007-08-06 14:45:47 UTC 
1) As Werner said, boot.crypto always required boot.localfs. I didn't check whether that's still really necessary. Does yast allow you to encrypt only /usr?

2) boot.crypto runs /etc/init.d/kbd to set up the keyboard mapping. Did you put /usr on a crypted partition?
Comment 5 Danny Al-Gaaf 2007-08-06 15:15:27 UTC 
I didn't put /usr on a crypted partition. The two partitions I created where only backup/data partitons and /boot and / are located in my fstab before the crypted devices.

I can only say: it worked before perfectly (beta 5/6 IIRC) and now no longer with alpha 7. I needed the changes from the initial description to not fall into the maintainance mode (I assume because boot.localfs tried to mount a not encrypted partition). Maybe something else cause the problem, but this was the only way for me to boot my system.
Comment 6 Ludwig Nussel 2007-08-06 15:47:03 UTC 
There were no changes to the cryptsetup package since mid june. Did you use yast to freshly create the encrypted volumes? What's the content of your /etc/fstab and /etc/crypttab resp /etc/cryptotab?
Comment 8 Ludwig Nussel 2007-08-07 07:14:11 UTC 
fs_freq and fs_passno are set for sda9 therefore fsck tries to check the mapped device which doesn't exist yet. The entry for sda8 is correct. Please attach yast logs and reassign to yast.
Comment 9 Danny Al-Gaaf 2007-08-09 15:13:18 UTC 
The needed logfiles are e.g. in bug #296393

I reassign it, but what about the keyboard layout problems?
Comment 10 Michal Zugec 2007-08-19 09:57:52 UTC 
I have another (but probably related) problem:
used /etc/fstab from 10.2:
/etc/vpn.file   /etc/openvpn    ext2    loop=/dev/loop1,encryption=twofish256,acl,noauto,user_xattr 0 0

copy /etc/vpn.file
and after mount /etc/openvpn (and write same password):
ioctl: LOOP_SET_STATUS: No such file or directory

from strace:
...
ioctl(6, SNDCTL_TMR_CONTINUE or TCSETSF, {B38400 opost isig icanon echo ...}) = 0
close(6)                                = 0
munmap(0xb7f0a000, 4096)                = 0
ioctl(4, 0x4c00, 0x3)                   = 0
close(3)                                = 0
ioctl(4, 0x4c04, 0xbfde8810)            = -1 ENOENT (No such file or directory)
ioctl(4, 0x4c02, 0xbfde88f8)            = -1 ENOENT (No such file or directory)
dup(2)                                  = 3
fcntl64(3, F_GETFL)                     = 0x402 (flags O_RDWR|O_APPEND)
fstat64(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f0a000
_llseek(3, 0, 0xbfde865c, SEEK_CUR)     = -1 ESPIPE (Illegal seek)
...

I suppose I need only this modules (they are inserted):
cryptoloop              7040  0
loop                   21508  1 cryptoloop
twofish                10880  0
twofish_common         38912  1 twofish


btw - rpm -ql cryptsetup shows both /etc/cryptotab and /etc/crypttab but they're not included in rpm (cryptsetup-1.0.5-20)
Comment 11 Ludwig Nussel 2007-08-27 14:46:17 UTC 
wrt keyboard problem: boot.crypto runs before boot.cleanup. kbd checks for presence of /var/run/keymap and exits early. The file is at this point left over from the previous boot so kbd doesn't actually do anything useful. Fixed by rm -f /var/run/keymap in boot.crypto

Michal: Your problem is unrelated. The vanilla upstream losetup doesn't have the ability to parse strings like 'twofish256' which should be reintroduced with a (potentially suse specific) patch. Please open a separate bug report for util-linux.

Reassigning to Thomas to look at fstab problem (comment 7 and 8)
Comment 12 Thomas Fehr 2007-08-27 15:15:58 UTC 
ad comment#10:
file based encryption is different in SL 10.3 and 10.2.
encrypted fstab entries from 10.2 will not work any more.

Still investigating, why the fstab line for sda9 is wrong and sda8 is correct.
Comment 13 Thomas Fehr 2007-08-28 11:05:50 UTC 
So far I was not able to reproduce the problem with having non-zero values
for freq and passno fields of encrypted devices in fstab.
I did an installation with exactly the same disk layout than in the report
but the resulting fstab was correct.

Interestingly the resulting fstab differed also in other lines from the one
pasted in comment 7 (order of /boot and / entry was inverted and by-id name
was used for swap partition). So maybe there was some bug in Alpha7 fixed in
beta#2 that had this as a side effect.

Please retest with beta#3. I just added more debug code to fstab handling in
libstorage so maybe this will help debugging thus further.
Comment 14 Thomas Fehr 2007-09-26 15:38:53 UTC 
Should be fixed meanwhile.
Reopen with y2log files if this still occurs.