Bug 796167

Summary: splitting of cryptsetup-mkinitrd broke booting systems that reside on an encrypted lvm
Product: [openSUSE] openSUSE Tumbleweed Reporter: Christoph Obexer <cobexer>
Component: SecurityAssignee: Ludwig Nussel <lnussel>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Critical    
Priority: P5 - None CC: aschnell, ismail, lnussel, mls
Version: 13.1 Milestone 1   
Target Milestone: ---   
Hardware: x86-64   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Solver testcase

Description Christoph Obexer 2012-12-29 22:55:05 UTC 
User-Agent:       Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20121226 Firefox/19.0

the initrd did not contain the programs necessary to do a cryptsetup luksOpen ...
and thus the system was unable to access it's partitions and could not boot

there were a lot of messages scrolling all over the screen for a few minutes:
---
PARTIAL MODE. Incomplete logical volumes will be processed.
Volume Group "system" not found
...
Could not find /dev/mapper/system-root.
Want me to fall back to /dev/system/root? (Y/n)
---

installing cryptsetup-mkinitrd fixed the problem. why was this not installed by default???

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Comment 1 Christoph Obexer 2012-12-29 22:56:23 UTC 
assigning to idonmez since he committed cryptsetup-mkinitrd to Factory
Comment 2 Ismail Dönmez 2013-01-02 18:54:41 UTC 
Ludwig?
Comment 3 Ludwig Nussel 2013-01-07 09:18:28 UTC 
Hmm. I've added a packageand(mkinitrd:cryptsetup) to the package to have it auto installed if both mkinitrd and cryptsetup are installed. To make really sure yast could probably also add it as requirement when installing with root on crypted lvm. Would that be possible?
Comment 4 Bernhard Wiedemann 2013-01-07 10:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (796167) was mentioned in
https://build.opensuse.org/request/show/147355 Factory / cryptsetup-mkinitrd
Comment 5 Arvin Schnell 2013-01-07 17:33:38 UTC 
The package dependencies have to work reliable for 'zypper up' anyway so I
don't see the need to add special handling in YaST.
Comment 6 Ludwig Nussel 2013-01-08 08:14:56 UTC 
the "zypper dup" case is handled by the split-provides, I'm referring to the initial installation here.
Comment 7 Sascha Peilicke 2013-01-08 08:42:57 UTC 
Created attachment 519267 [details]
Solver testcase

(In reply to comment #6)
> the "zypper dup" case is handled by the split-provides, I'm referring to the
> initial installation here.

No, it is not. Yesterday, I spend some time with Dirk to debug why this is the case. Here's the result of "zypper -v dup --debug-solver" from the old set of packages (before the split).
Comment 8 Ludwig Nussel 2013-01-08 09:06:52 UTC 
Ok, so either we need to split the bug into separate ones now or take one step at a time. From my PoV the packaging side is implemented correctly by the split-provides and the new packageand I added yesterday. If zypp doesn't evaluate those tags properly it's a zypp or solver bug so we have to reassign. But first I'd like to have Arvin make yast explicitly require cryptsetup-mkinitrd during initial installation if root is on crypted lvm. Just to make sure it's installed as the package tags are only weak deps.
Comment 9 Arvin Schnell 2013-01-08 09:53:27 UTC 
Apparently I misunderstood "to make really sure yast could probably ..." as
being something nice to have.

The problem with adding cryptsetup-mkinitrd during installation only if the
volume group is using an encrypted physical volume is that the package will be
missing if later on an encrypted physical volume is added to a volume group so
far not including encrypted physical volumes. So I will simply add
cryptsetup-mkinitrd where so far cryptsetup is installed. After all I don't
see the reason for a package-split with only a few files - and no reason is
provided in the changelog.

I recommend to make a separate bug for the zypp problem.
Comment 10 Bernhard Wiedemann 2013-01-14 15:00:24 UTC 
This is an autogenerated message for OBS integration:
This bug (796167) was mentioned in
https://build.opensuse.org/request/show/148446 Factory / yast2-storage