[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Filesystem type survives formatting in debian installer?

On Fri, Mar 02, 2007 at 06:26:19PM +0100, Josef Wolf wrote:
On Fri, Mar 02, 2007 at 08:59:01AM +0100, David Härdeman wrote:
On Fri, March 2, 2007 1:17, Josef Wolf said:
> The error occures on the first reboot (before any of my scripts
> mentioned above come into the game).
>   fsck.ext3: Unable to resolve 'UUID=xxxxxxxxx'
>   fsck died with exit status 8

If you get this error on the first reboot, then you have already managed
to hose something prior to the first reboot.

The only thing I do prior the first reboot is to install my scripts
in /etc/rcS.d/S9Xfoobar, so they would be run at the end of the boot

 d-i preseed/late_command string \
   cp /cdrom/preseed/postinstall.sh  /target; \
   cp -a /cdrom/preseed/cryptsetup.d /target; \
   ln -s /postinstall.sh        /target/etc/rcS.d/S98postinstall; \
   ln -s /cryptsetup.d/setup.pl /target/etc/rcS.d/S99cryptsetup

I do _not_ create any crypt filesystems before the reboot.  The partitions
contained crypted filesystems in the _previous_ install.  But those should
not be recognized as crypted filesystems anymore because I advised partman
to reformat them with ext3.

As far as I know the ubuntu
initramfs scripts default to identifying the root fs via the UUID.

This happens for _any_ fs, not only for root fs.

> Then I get dropped into the initramfs shell:
>   # mount /dev/hda7 /mnt
>   mount: unknown filesystem type 'crypto_LUKS'
>   # mount -t ext3 /dev/hda7 /mnt
>   #

There is something wrong with your scripts.

As I noted above, the error occures before any of my scripts are started
They _would_ be started later in the boot process (as they are installed
as /etc/rcS.d/S99foobar) if only the error would not occur.

How can the scripts screw up anything if they are not even started?

I have verified that mkfs.ext3 does remove the LUKS signature from a

This is exactly what I wrote in my previos mail: when I run mke2fs by hand,
everything works.  If I choose "reformat with ext3" in partman, it fails.

Sorry, I should have mentioned also that partman uses mkfs.ext3 to reformat a partition with ext3.

I ran the following test yesterday:

Full install, /dev/sda split into /dev/sda1 /dev/sda2, /dev/sda1 unencrypted and containing /boot, /dev/sda2 encrypted and containing a LVM PV which contained the rest of the filesystems and swap partition.

Reboot into new system, verify that it works.

New full install, same hd, used /dev/sda1 as /boot again, set /dev/sda2 to be / using ext3, continued install, rebooted, verified that all works.

So, partman seems to do what it should do...

so somehow you have actually
setup a crypto filesystem on /dev/hda7 at some stage or you haven't
actually created an ext3 fs on /dev/hda7 at some stage.

Yes, there actually _is_ a luks filesystem from the _previous_ install.
But on the fresh install I advice partman to _reformat_ this partition
with ext3.  And partman actually reformats it.  But it does it _not_
properly.  The first reboot (after the base system is installed) fails,
before any of my scripts are started

If I (while beeing in partman) switch to a different vterm and run
mke2fs manually, then go back to partman and continue the installation,
everything works properly.  So a manual mke2fs wipes out the luks
signature, while "format with ext3" in partman fails to wipe it.

Which libklibc version does your installed system use?

Anyhow, your approach seems quite fragile and contains some potential for
information leaks,

Can you please activate your verbosity mode? ;-)  What potential problems
do you see?

If you install to one unencrypted partition first, things like /etc/passwd will be written there. Then (as far as I've understood from your scripts) you create an encrypted partition later and move over all the data to that partition...correct? If so, you must take care to both wipe the old unencrypted partition (not format it, but wipe it) and before the crypted partition is used, it should also be wiped with random data to make sure that it is not possible to tell which parts are in use and which are not.

If there are any other issues I couldn't tell without analysing your scripts further.

David Härdeman

Reply to: