Bug 666883

Summary: yast2 partitioner does not open crypted LVM partitions
Product: [openSUSE] openSUSE 11.3 Reporter: Olaf Hering <ohering>
Component: YaST2Assignee: Thomas Fehr <fehr>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Normal    
Priority: P5 - None CC: aschnell
Version: Final   
Target Milestone: ---   
Hardware: x86-64   
OS: Linux   
Whiteboard:
Found By: Outsourced Testing Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: bug666883.tar.bz2

Description Olaf Hering 2011-01-25 10:35:30 UTC 
Since a while yast can create encrypted LVM partitions during installation and assign mount points to the individual logical volumes.
However, it does not offer a way to peek into such an encrypted LVM partition to eventually assign a mount point to a logical volume if the partition was not part of /etc/crypttab during booting.

In my case there is such a encrypted LVM partition on sda6 (used by the installed 11.3), and there is 11.4m5 on sda4:

Model: ATA ST9750420AS (scsi)
Disk /dev/sda: 699GiB
Sector size (logical/physical): 512B/4096B
Partition Table: msdos

Number  Start    End      Size     Type      File system  Flags
 1      0.00GiB  42.0GiB  42.0GiB  primary   ntfs         type=07
 2      42.0GiB  42.5GiB  0.50GiB  primary   ext2         boot, type=83
 3      42.5GiB  690GiB   648GiB   extended               type=05
 5      42.5GiB  170GiB   127GiB   logical                lvm, type=8e
 6      170GiB   670GiB   500GiB   logical                lvm, type=8e
 4      690GiB   699GiB   8.64GiB  primary   ext4         type=83

If I boot into 11.4m5 on sda4, yast shows sda6 as encrypted LVM but does not seem to offer to open it and look whats inside.

The same happens with an eSATA drive sdb, were sdb6 is encrypted LVM. yast partitioner from 11.3 does not offer a way to open sdb6 and look at the LVM volumes and eventually mount logical volumes on the external drive.

Model: ATA Hitachi HTS72505 (scsi)
Disk /dev/sdb: 466GiB
Sector size (logical/physical): 512B/512B
Partition Table: msdos

Number  Start    End      Size     Type      File system     Flags
 1      0.00GiB  0.49GiB  0.49GiB  primary   ext3            boot, type=83
 2      0.49GiB  450GiB   450GiB   extended                  lba, type=0f
 5      0.49GiB  8.49GiB  8.00GiB  logical   linux-swap(v1)  type=82
 6      8.49GiB  450GiB   442GiB   logical                   lvm, type=8e
 3      450GiB   458GiB   8.00GiB  primary   ext3            type=83
Comment 1 Olaf Hering 2011-01-25 10:39:29 UTC 
Created attachment 410080 [details]
bug666883.tar.bz2

11.3 logfiles
Comment 2 Thomas Fehr 2011-01-26 10:40:07 UTC 
During installation there should be a popup where you get asked for the password of the
encrypted volume. If the password provided is correct the volume is unlocked and if there is
a LVM VG on this volume the LVs of this vg are accessible in expert partitioner.
After installation yast should create a /etc/crypttab with the data of the partition.

According to y2log file /etc/crypttab after installation contains:

cr_sda5         /dev/disk/by-id/ata-ST9750420AS_5WS05N7K-part5 none       none

and boot.crypto-early and/or boot.crypto should ask for password during system boot.

At start of your installation there was no encrypted volume present on /dev/sda so of 
course there was no question for a crypt password.

So what exactly is the problem?
Comment 3 Olaf Hering 2011-01-26 13:38:14 UTC 
Thomas, its about the installed system when such a drive is plugged in.
I assume it works during the inst-sys, I have not tried that.

I just did a fresh 11.3 GNOME install. There is a GNOME pop-up to ask for the password, but the tool who attempts to mount the LVM tries to access it as a plain filesystem instead of running vgchange (or whatever) on it. I will open another bug for the desktop. I think KDE doesnt work any better.

This bug however is for yast itself, when started in the running system from the KDE desktop.
Comment 4 Thomas Fehr 2011-01-26 14:40:32 UTC 
Sorry, but from your bug report and attached install log about an installation one can
not easy to conclude you were talking especially about pluggable devices.

Currently there is no support in YaST for encrypted LVM VGs on pluggable devices.
The functionality to query for crypt passwords for unlockable devices is there, we 
just activate it currently only in inst-sys (and having the popup on every yast2 start 
would certainly not be useful). 

I could add a button named "Provide Crypt Passwords" to the "Configure" Menu in
Main Windows of Expert partitioner where one could activate this functionality when
needed. Would that be what you want?
Comment 5 Thomas Fehr 2011-01-27 10:45:02 UTC 
I implemented the soltion with an additional button under "Configure" now in openSuSE 11.4
Comment 6 Olaf Hering 2011-01-27 11:04:50 UTC 
Sorry for being late here.
Thanks for the fix.
If it doesnt make M6, what yast2-storage version should I pull from factory to test it?
Comment 7 Thomas Fehr 2011-01-27 11:09:46 UTC 
It will be in RC1 for openSuSE 11.4