Bugzilla – Bug 258222
YaST cannot mount encrypted filesystem on upgrade
Last modified: 2007-08-12 17:06:41 UTC
YaST cannot mount my encrypted partition on update to 10.3a2. It asks for my passphrase but fails to mount with a "-2001" error. dmesg gives me no useful information.
Please attach y2logs. If you are in doubt follow: http://en.opensuse.org/Bugs/YaST Thanks!
Created attachment 127208 [details] YaST2 logs
Update Problem. The device name is not translated from /dev/hda2 to /dev/sda2. Storage part gets the translation right (works for hda1 and hda3). Somehow the values in crtab (in RootRoot.ycp) seem strange (have no "spec" entry).
I see. Both fstab and cryptotab are translated (in RootPart.ycp) but cryptotab has no "spec" key in the tab, that's why it is not actually translated at all. The correct key for cryptotab is "file". I'll fix it. Anyway, this might be a bit related to bug #246684.
partly fixed in yast2-update: - Fixed reading fstab and cryptotab to always call Storage to translate old devices to new ones (#258222). - Added new popup showing details when fsck.jfs fails. - yast2-update-2.15.7 (Plus one small fix went to 2.15.8) Nevertheless it seems that (on my system) Storage never translates these devices because of ... hmmm ... let's blame 'hwinfo'? --- cut --- GetTranslatedDevices old:$["major":10, "minor":2, "name":"openSUSE", "nameandversion":"openSUSE 10.2", "show":"openSUSE 10.2", "version":"10.2"] new:$["major":10, "minor":3, "name":"openSUSE 10.3", "nameandversion":"openSUSE 10.3 10.3", "show":"openSUSE 10.3", "version":"10.3"] GetTranslatedDevices names ["/dev/hda3", "/dev/hdb1", "proc", "sysfs", "debugfs", "usbfs", "devpts", "/dev/fd0"] BuildDiskmap cmd LIBHD_HDDB_DIR=/mnt/var/lib/hardware hwinfo --map BuildDiskmap bo $["exit":0, "stderr":"", "stdout":""] BuildDiskmap bo $["exit":0, "stderr":"", "stdout":""] BuildDiskmap DiskMap $[] BuildDiskmap DiskMapVersion $["major":10, "minor":2, "name":"openSUSE", "nameandversion":"openSUSE 10.2", "show":"openSUSE 10.2", "version":"10.2"] GetTranslatedDevices ret ["/dev/hda3", "/dev/hdb1", "proc", "sysfs", "debugfs", "usbfs", "devpts", "/dev/fd0"] --- cut --- Please, use the latest yast2-update and check Storage and/or Hwinfo (Tested on modified Alpha2)
Created attachment 129200 [details] YaST logs
In the original YaST logs the translation from hda to sda works. The translation depends of course on the specific hardware. This early in the alpha phase we can assume the problem is fixed with the new yast2-update package.
I just tried again with alpha3 and it still fails. Attaching logs.
Created attachment 131224 [details] y2logs for 10.3a3
Here are some important messages: GetTranslatedDevices names ["/dev/hda3", "/dev/hda1", "proc", "sysfs", "usbfs", "devpts", "none", "/tmp/app/1/image", "/tmp/app/2/image", "/tmp/app/3/image", "/tmp/app/4/image", "/tmp/app/5/image", "/tmp/app/6/image", "/tmp/app/7/image"] GetTranslatedDevices ret ["/dev/sda3", "/dev/sda1", "proc", "sysfs", "usbfs", "devpts", "none", "/tmp/app/1/image", "/tmp/app/2/image", "/tmp/app/3/image", "/tmp/app/4/image", "/tmp/app/5/image", "/tmp/app/6/image", "/tmp/app/7/image"] GetTranslatedDevices names ["/dev/hda2"] GetTranslatedDevices ret ["/dev/sda3"] crtab: [$["file":"/dev/hda2", "loop":"/dev/loop0", "mount":"/home/jfunk/.stuff", "opt1":"twofish256", "opt2":"acl,user_xattr", "vfstype":"reiserfs"]] crtab: (translated) [$["file":"/dev/sda2", "loop":"/dev/loop0", "mount":"/home/jfunk/.stuff", "opt1":"twofish256", "opt2":"acl,user_xattr", "vfstype":"reiserfs"]] From mounting: RootPart.ycp:767 crypt pwd ok:true Storage.ycp:4556 PerformLosetup mdir:/tmp/YaST2-03381-o5lVBq/tmp_mp Storage.ycp:2999 SetCryptPwd device:/dev/sda2 ... SystemCmd.cc(execute):160 SystemCmd Executing:"cryptsetup remove cr_sda2" SystemCmd.cc(addLine):625 Adding Line 1 "Command failed" SystemCmd.cc(getUntilEOF):591 pid:4179 added lines:1 stderr:1 SystemCmd.cc(doExecute):305 system() Returns:237 ... SystemCmd.cc(execute):160 SystemCmd Executing:"losetup -d /dev/loop2" SystemCmd.cc(addLine):625 Adding Line 1 "ioctl: LOOP_CLR_FD: No such device or address" SystemCmd.cc(getUntilEOF):591 pid:4180 added lines:1 stderr:1 SystemCmd.cc(logOutput):636 stderr:ioctl: LOOP_CLR_FD: No such device or address ... SystemCmd.cc(logOutput):636 stderr:/dev/sda2 is not a LUKS partition SystemCmd.cc(logOutput):636 stderr:Command failed: No key available with this passphrase. ... SystemCmd.cc(execute):160 SystemCmd Executing:"losetup -d /dev/loop2" SystemCmd.cc(addLine):625 Adding Line 1 "ioctl: LOOP_CLR_FD: No such device or address" ... SystemCmd Executing:"rmmod twofish cryptoloop; modprobe loop_fish2; /sbin/losetup -e twofish /dev/loop2 /dev/sda2 -p0 < /tmp/liby2storage69TVQq/pwdf" Adding Line 1 "ERROR: Module twofish does not exist in /proc/modules" Adding Line 2 "ERROR: Module cryptoloop does not exist in /proc/modules" Adding Line 3 "Switching to old S.u.S.E. loop_fish2 compatibility mode." ... SystemCmd Executing:"mount -oro -t reiserfs /dev/loop2 /tmp/liby2storage69TVQq/mp" Adding Line 1 "mount: cannot mount block device /dev/loop2 read-only" ... SystemCmd Executing:"rmmod loop_fish2; modprobe twofish; modprobe cryptoloop; /sbin/losetup -e twofish256 /dev/loop2 /dev/sda2 -p0 < /tmp/liby2storage69TVQq/pwdf" SystemCmd.cc(addLine):625 Adding Line 1 "ioctl: LOOP_SET_STATUS: No such file or directory, " >> ...requested cipher or key length (256 bits) not supported by kernel... << Anyway, from Update/RootPart view, the behavior seems to be correct.
Please, see also this: [opensuse-security] Weird encrypted filesystem problem. http://lists.opensuse.org/opensuse-security/2007-04/msg00005.html
Maybe some kernel modules are missing like in bug #261847. I will check it.
Indeed, same problem as bug #261847: The kernel modules cbc and blkcypher are missing. Will be fixed in next alpha. *** This bug has been marked as a duplicate of bug 261847 ***
I just tried alpha4 and it still does not work. Attaching y2logs
Created attachment 141070 [details] yast2 logs
Command 'losetup -e twofish256 /dev/loop2 /dev/sda2' still fails with 'ioctl: LOOP_SET_STATUS: No such file or directory'. Will have a look.
There was a bug in one of the inst-sys scripts that prevented cbc from really being added. It's fixed now.
Even with the kernel modules loaded losetup gives the error message as in comment #16. We have tested that the losetup called works in 10.3 Alpha 1 Plus but not in 10.3 Alpha 3 Plus. Matthias, please check if this is a losetup or kernel problem.
We are currently migrating the deprecated cryptoloop to device-mapper. losetup does not understand and should not be used for encryption anymore. losetup -e calls in Yast should be replaced with calls to losetup (without encryption) and cryptsetup (setting up the device-mapper encryption layer). Some attention has to be paid for choosing the right parameters for hash and cipher to stay backwards compatible with existing crypto filesystems. Arvin, please look in the draft ~mkoenig/doc/cryptofs/migration and also the new boot.crypto script in the util-linux-crypto package, that has been migrated by Ludwig.
YaST now uses the new cryptsetup commands. You might want to try with Alpha 6 but so far the code is untested in the update workflow.
Created attachment 154116 [details] Yast2 logs for a6 This is still broken in alpha 6. Here are the logs.
Ok, fixed some problems that were caused by using dmcrypt instead of losetup. The fixed in yast2-storage will be available in beta#2. Lukas, please apply the attached changes to RootPart.ycp, they are needed because in 10.3 we do not use losetup any more but dmcrypt for encrypted devices.
Created attachment 156500 [details] Adaptions for crypt handling needed for RootPart.ycp
------------------------------------------------------------------- Thu Aug 9 16:20:58 CEST 2007 - locilka@suse.cz - Using cryptsetup instead of losetup, patch created by Thomas Fehr (#258222). - 2.15.20 ------------------------------------------------------------------- Fixed in yast2-update-2.15.20 Anyway, thanks for the patch :)
added to most annoying bugs of 10.3 beta1 :-/