Re: Filesystem type survives formatting in debian installer?

To: Josef Wolf <jw@raven.inka.de>, debian-boot@lists.debian.org
Subject: Re: Filesystem type survives formatting in debian installer?
From: David Härdeman <david@hardeman.nu>
Date: Fri, 02 Mar 2007 21:50:27 +0100
Message-id: <[🔎] 20070302205027.GB453@hardeman.nu>
Mail-followup-to: Josef Wolf <jw@raven.inka.de>, debian-boot@lists.debian.org
In-reply-to: <[🔎] 20070302172619.GE24819@raven.wolf.local>
References: <20070225122626.GA17113@raven.wolf.local> <[🔎] 20070301222108.GA739@hardeman.nu> <[🔎] 20070302001749.GD24819@raven.wolf.local> <[🔎] 35715.145.64.134.244.1172822341.squirrel@www.hardeman.nu> <[🔎] 20070302172619.GE24819@raven.wolf.local>

On Fri, Mar 02, 2007 at 06:26:19PM +0100, Josef Wolf wrote:

On Fri, Mar 02, 2007 at 08:59:01AM +0100, David Härdeman wrote:

On Fri, March 2, 2007 1:17, Josef Wolf said:
> The error occures on the first reboot (before any of my scripts
> mentioned above come into the game).
>
>   fsck.ext3: Unable to resolve 'UUID=xxxxxxxxx'
>   fsck died with exit status 8

If you get this error on the first reboot, then you have already managed
to hose something prior to the first reboot.


The only thing I do prior the first reboot is to install my scripts
in /etc/rcS.d/S9Xfoobar, so they would be run at the end of the boot
process:

 d-i preseed/late_command string \
   cp /cdrom/preseed/postinstall.sh  /target; \
   cp -a /cdrom/preseed/cryptsetup.d /target; \
   ln -s /postinstall.sh        /target/etc/rcS.d/S98postinstall; \
   ln -s /cryptsetup.d/setup.pl /target/etc/rcS.d/S99cryptsetup

I do _not_ create any crypt filesystems before the reboot.  The partitions
contained crypted filesystems in the _previous_ install.  But those should
not be recognized as crypted filesystems anymore because I advised partman
to reformat them with ext3.

As far as I know the ubuntu
initramfs scripts default to identifying the root fs via the UUID.


This happens for _any_ fs, not only for root fs.

> Then I get dropped into the initramfs shell:
>
>   # mount /dev/hda7 /mnt
>   mount: unknown filesystem type 'crypto_LUKS'
>   # mount -t ext3 /dev/hda7 /mnt
>   #

There is something wrong with your scripts.


As I noted above, the error occures before any of my scripts are started
They _would_ be started later in the boot process (as they are installed
as /etc/rcS.d/S99foobar) if only the error would not occur.

How can the scripts screw up anything if they are not even started?

I have verified that mkfs.ext3 does remove the LUKS signature from a
device,


This is exactly what I wrote in my previos mail: when I run mke2fs by hand,
everything works.  If I choose "reformat with ext3" in partman, it fails.

Sorry, I should have mentioned also that partman uses mkfs.ext3 toreformat a partition with ext3.


I ran the following test yesterday:

Full install, /dev/sda split into /dev/sda1 /dev/sda2, /dev/sda1unencrypted and containing /boot, /dev/sda2 encrypted and containing aLVM PV which contained the rest of the filesystems and swap partition.


Reboot into new system, verify that it works.

New full install, same hd, used /dev/sda1 as /boot again, set /dev/sda2to be / using ext3, continued install, rebooted, verified that allworks.


So, partman seems to do what it should do...

so somehow you have actually
setup a crypto filesystem on /dev/hda7 at some stage or you haven't
actually created an ext3 fs on /dev/hda7 at some stage.


Yes, there actually _is_ a luks filesystem from the _previous_ install.
But on the fresh install I advice partman to _reformat_ this partition
with ext3.  And partman actually reformats it.  But it does it _not_
properly.  The first reboot (after the base system is installed) fails,
before any of my scripts are started

If I (while beeing in partman) switch to a different vterm and run
mke2fs manually, then go back to partman and continue the installation,
everything works properly.  So a manual mke2fs wipes out the luks
signature, while "format with ext3" in partman fails to wipe it.


Which libklibc version does your installed system use?

Anyhow, your approach seems quite fragile and contains some potential for
information leaks,


Can you please activate your verbosity mode? ;-)  What potential problems
do you see?

If you install to one unencrypted partition first, things like/etc/passwd will be written there. Then (as far as I've understood fromyour scripts) you create an encrypted partition later and move over allthe data to that partition...correct? If so, you must take care to bothwipe the old unencrypted partition (not format it, but wipe it) andbefore the crypted partition is used, it should also be wiped withrandom data to make sure that it is not possible to tell which parts arein use and which are not.

If there are any other issues I couldn't tell without analysing yourscripts further.


--
David Härdeman

Reply to:

References:
- Re: Filesystem type survives formatting in debian installer?
  - From: David Härdeman <david@hardeman.nu>
- Re: Filesystem type survives formatting in debian installer?
  - From: Josef Wolf <jw@raven.inka.de>
- Re: Filesystem type survives formatting in debian installer?
  - From: David Härdeman <david@hardeman.nu>
- Re: Filesystem type survives formatting in debian installer?
  - From: Josef Wolf <jw@raven.inka.de>

Prev by Date: Processed: RE: Bug#412982: installation-reports: Enabling 'sudo' in installer skips setting root password and breaks desktop root tasks
Next by Date: Bug#410328: installation-reports: Successful install
Previous by thread: Re: Filesystem type survives formatting in debian installer?
Next by thread: Re: Filesystem type survives formatting in debian installer?
Index(es):
- Date
- Thread