btrfs installation is unencrypted! #2294
Comments
andrewdavidwong
added
bug
C: installer
security
|
IIRC you should be able to choose btrfs for automatic partitioning as a sort-of workaround -- if erasing the disk is OK. That gives you btrfs on luks. You could even install this way onto a different disk, then reboot and 'btrfs device add' a prepared luks volume on the target disk and then delete the initial device; this will move the contents of the installed root fs to your target disk. But, yeah, the anaconda frontend is terrible. |
|
@ttasket:
Do you mean the menu where you could choose between several different automatic partitioning methods (LVM, btrfs, LVM+btrfs, ...)? At least R3.1-rc2 still had it, but I can't find anything of the sort for the R3.2 release candidates, am I overlooking something? I'm installing in BIOS mode, in case that makes any difference for Anaconda. |
|
@rustybird When I clicked 'Done' it showed a list of queued actions that included deleting old partitions, creating LUKS volumes, and formatting one of the LUKS volumes as btrfs. I didn't go ahead with the install, however. |
|
@ttasket: Hmm, I tried it with RC1 now and still can't find the right moves to get through Anaconda Island R3.2: The Curse of Anaconda Island. Maybe it depends on what partitions you had before installing, can you describe that? For example, if I first start a default installation on an empty disk and reboot into the installer again when the automatic partitioning is done, and then (A) delete the LUKS container, or (B) unlock it and delete the root filesystem, the When trying to install to an empty disk, the error on |
|
@rustybird If I simply chose "I will configure partitioning" and then created space by deleting the partitions listed under the "Unknown" grouping, then select 'btrfs' in the dropdown box.... anaconda would say there was an error when I clicked "Click here to create them". But if I left the partitioning on full automatic and checked the box to let me create free space, when I clicked Done a special popup box appeared for the purpose of flagging partitions as 'delete'. Once I finished with this, switching to "I will configure partitioning" worked... Select 'btrfs' from the dropdown box then click "Click here to create them" would complete without error and I could see the new partitions defined. I have not tried unlocking LUKS containers in anaconda in a long time. My experience is that it will never figure out your intention or act on it correctly. Its best to let it create a new LUKS container. |
|
Yes! Thanks so much for figuring that out and describing it! |
|
As of R4.0rc4, the foray into |
|
@rustybird does it mean the issue doesn't apply to R4.0-rc4? |
Manual partitioning still creates an unencrypted btrfs filesystem. But at least the only case in which it falsely claims to encrypt is if the user switches from LVM Thin to LVM to btrfs. Automatic btrfs partitioning works fine though. |
setDefaultPartitioning is called when executing kickstart "autopart" command - which is the case if one choose to not change disk partitioning. But in manual partitioning there is also an option to start with automatic layout and in that case setDefaultPartitioning isn't called at all. Which results in failed partitioning (missing '/' and bootable partition). Similar thing is already fixed in master commit 378cfc4. QubesOS/qubes-issues#2294 Fixes QubesOS/qubes-issues#3334
|
This issue is being closed because:
If anyone believes that this issue should be reopened, please let us know in a comment here. |
|
This is still an issue on 4.2.3. I could not find any way to get the custom partitioning to prompt me for an encryption password and indeed when I continued with the installation it was unencrypted. I then tried to do this through blivet-gui and it did prompt me for an encryption password, but then would not boot. Finally, I used the automatic installer to install it to the partitions previously created and it worked without issue. |
andrewdavidwong
added
needs diagnosis
|
I just did an install on 4.2.3. This is not reproducible. |
andrewdavidwong
removed
the
needs diagnosis
andrewdavidwong
added
the
R: cannot reproduce
|
This issue has been closed as "cannot reproduce." This means that attempts have been made to replicate the problem, but such attempts have not been reliably successful enough to proceed with fixing the problem. We respect the time and effort you have taken to file this issue, and we understand that this outcome may be unsatisfying. Please accept our sincere apologies and know that we greatly value your participation and membership in the Qubes community. If the problem becomes reliably reproducible in the future, please let us know in a comment below, and we will reopen this issue. If anyone reading this believes that this issue was closed in error or that the resolution of "cannot reproduce" is not accurate, please leave a comment below saying so, and we will review this issue again. For more information, see How issues get closed. |
Qubes OS version:
R3.2 rc3
If you install with btrfs as as the root filesystem, it will be unencrypted.
Steps to reproduce the behavior:
I will configure partitioningMANUAL PARTITIONINGscreen, either keepLVMor chooseBtrfsin the partitioning scheme dropdown./bootandswap./. If you previously choseBtrfs, theEncryptcheckbox is unselected and greyed out. If you previously choseLVM, switch toBtrfsnow; then theEncryptcheckbox will be selected and greyed out.General notes:
Man, that partitioning wizard just keeps getting worse and worse.
Not workarounds:
Reformatcheck box and then complain that reformatting the root mountpoint is required to continue... (ノಠ益ಠ)ノ彡┻━┻Workarounds:
modprobe btrfsso dracut picks up the module, install as ext4, use btrfs-convert, replace the root fs UUID in grub.cfgSlightly cleaner: In the end, I replaced the installer'smke2fsandmountbinaries with a small wrapper script that mangles their invocations as neededThe text was updated successfully, but these errors were encountered: