--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: debian-installer: manual partitioning with LVM destroys all non-target LVM+LUKS+GPT volumes
- From: Drake Wilson <drake@dasyatidae.net>
- Date: Sun, 09 Nov 2014 17:12:58 -0600
- Message-id: <545FF4FA.4070902@dasyatidae.net>
Package: debian-installer
Version: (from Debian 7.6.0 amd64 DVD 1)
Severity: critical
Justification: causes serious data loss
As with some other d-i reports, the Version is set from the ISO image,
as I'm not sure how to get the d-i version proper from that.
My current best test case for this:
(blkid lines are split for readability.)
1. The starting conditions: I've pared them down to two small disks,
tested in a QEMU+KVM virtual machine. Both have GPT partition
tables, per [[STARTING-TABLES]] below. Take note of disk 2,
partition 3, which is marked with an LVM type code (applied via
setting 8e00 in gdisk) but in fact contains a LUKS volume which
contains an LVM PV.
(gdisk doesn't have an obvious type code for "Linux LUKS volume",
and a straw poll of another Linux sysadmin says they do the same
thing I do and use the underlying type. Maybe "Linux reserved"
would be more accurate?)
host# losetup --show --find disk2
/dev/loop0
host# kpartx -a /dev/loop0
host# blkid /dev/mapper/loop0p3
/dev/mapper/loop0p3:
UUID="67e3b0d0-986d-43d3-9618-f6f8895ebbb7"
TYPE="crypto_LUKS"
PARTLABEL="Linux LVM"
PARTUUID="1eec58ea-5479-49f1-88cb-308dd583ff66"
2. Boot the Debian 7.6.0 amd64 installer:
host% /sbin/blkid /dev/cdrom
/dev/cdrom:
UUID="2014-07-12-14-23-02-00"
LABEL="Debian 7.6.0 amd64 1"
TYPE="iso9660"
PTUUID="46bf9aa7"
PTTYPE="dos"
host% qemu-system-x86_64 -enable-kvm \
-cdrom /dev/cdrom -boot d \
-hda disk1 -hda disk2 -m 4096 -monitor stdio
3. Choose all defaults (and meaningless usernames, etc.) up until
the partitioning stage. Then choose "Manual" partitioning.
At this point it will be apparent to the particularly alert
viewer that both sda3 and sdb3 are shown with a "K" and an "lvm"
marker. (I'm not sure what the "K" means; maybe it's meant to
represent a flaming skull?)
From the second console:
virt# blkid /dev/sdb3 # (line split)
/dev/sdb3:
UUID="67e3b0d0-986d-43d3-9618-f6f8895ebbb7"
TYPE="crypto_LUKS"
... so blkid from the d-i environment at this stage at least
recognizes that there is a typed volume on that block device
(this seems to be true earlier on as well).
4a. Choose sda2, and set it to Ext4, mount point /boot, then "Done"
to return to "Partition disks".
4b. Choose sda3, and set it to "physical volume for encryption",
"Erase data: no", then "Done" to return to "Partition disks".
5. Choose "Configure encrypted volumes". A dialog about which
changes will be made to the disks appears. The main listings
read:
| The partition tables of the following devices are changed:
| SCSI1 (0,0,0) (sda)
|
| The following partitions are going to be formatted:
| partition #2 of SCSI1 (0,0,0) (sda) as ext4
Choose "Yes" to write changes to disks.
6. Choose "Create encrypted volumes", then select /dev/sda3 only.
"Continue", then "Finish". Enter an arbitrary passphrase.
Some progress bars appear, then "Partition disks" again.
7. Choose sda3_crypt part 1, and set it to "physical volume for LVM",
then "Done" to return to "Partition disks".
8. Choose "Configure the Logical Volume Manager". The alert viewer
will notice that there are more "Free Physical Volumes" than
there should be.
At this point sdb3 has _already_ been reinitialized as a new PV,
destroying its LUKS header and rendering it unrecoverable except
by restoring from backup:
host# blkid /dev/mapper/loop0p3 # (line split)
/dev/mapper/loop0p3:
UUID="1jZyPo-mXqX-GuSt-L1KP-knSn-j6Yw-5yl2ct"
TYPE="LVM2_member"
PARTLABEL="Linux LVM"
PARTUUID="1eec58ea-5479-49f1-88cb-308dd583ff66"
host# cryptsetup luksOpen /dev/mapper/loop0p3 DITest_pv
Device /dev/mapper/loop0p3 is not a valid LUKS device.
Note especially that none of the warning screens that normally appear
to confirm which partitions will have their data destroyed refer to
sdb3 at all, and this occurs regardless of whether I create any VGs
incorporating sdb3 as a PV. Continuing with the installation in this
vein, if I:
- create a single VG using only sda3_crypt,
+ for which the selection dialog for PVs displays _all_ available
block devices, not merely those marked for LVM use per se---so
the idea that sdb3 is now a PV is not made obvious by that means
(but this would be too late anyway)
- then a single LV on it with an ext4 root partition
then a warning appears about overwriting data on the VG and the LV,
but makes no reference to the physical partitions.
If I go for "Configure the Logical Volume Manager" _first_, there is
some kind of warning about not being able to change the partition
tables of the disks on which PVs will be placed later, which I didn't
investigate further, but this doesn't appear in the above sequence.
The original configuration was somewhat more complicated than this
test case, which also made it harder to see the non-target disks as
most of them were off the screen. I also used EFI boot into an
LXDE-variant expert install then; I don't think that matters here.
Outcome: all attached LVM+LUKS+GPT volumes were destroyed. :-( :-(
:-(
Expected outcome: "Manual" partitioning mode should only ever
overwrite data on volumes specifically designated by the user.
Additionally, I would normally expect that:
- Partitions with _existing_ LVM type codes but no recognizable PV
header should not be presumed to be uninitialized PVs without
asking the user. (What if a future LVM release creates a new,
incompatible PV type, even, and the user wants to incorporate
the existing volume?)
+ ... and _certainly_ not if they have a header recognizable by
blkid, which might apply more generally too.
- The warning screen used for writing new partition tables and
filesystems should also appear before physically initializing LVM
PVs, LUKS, etc., as that would be the clearest for the user to
know "which data might I be about to vaporize" and have the option
to back out.
I rechecked the Installation Guide and Release Notes and I didn't see
anything about this specifically, but I'd sure appreciate a pointer if
I just missed it somehow.
Unrelatedly, I was actually planning on unplugging all the non-target
disks first as a precautionary measure, but then I forgot to and
didn't think anything further of it until the cold chill of cryptsetup
failing when I tried to read anything from them.
Now I am sad and have filesystems to reconstruct. I had backups of
the more important unreplaceable stuff, but some of the configuration
will be a major pain. :-(
(One might say the real lesson is "never install with insufficient
sleep and insufficient tea", but anyway.)
I'll upload the test disk images shortly.
---> Drake Wilson
Additional data:
* STARTING-TABLES
host% /sbin/gdisk -l disk1
[...]
Found valid GPT with protective MBR; using GPT.
Disk disk1: 8388608 sectors, 4.0 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): 958553DA-8C9D-45F8-81D0-F061581778D1
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 8388574
Partitions will be aligned on 2048-sector boundaries
Total free space is 2014 sectors (1007.0 KiB)
Number Start (sector) End (sector) Size Code Name
1 2048 526335 256.0 MiB EF00 EFI System
2 526336 2099199 768.0 MiB 8300 Linux filesystem
3 2099200 8388574 3.0 GiB 8E00 Linux LVM
host% /sbin/gdisk -l disk2
[...]
Found valid GPT with protective MBR; using GPT.
Disk disk2: 8388608 sectors, 4.0 GiB
Logical sector size: 512 bytes
Disk identifier (GUID): 4B88191F-49C6-4DA5-B126-5C09CA409E8B
Partition table holds up to 128 entries
First usable sector is 34, last usable sector is 8388574
Partitions will be aligned on 2048-sector boundaries
Total free space is 2014 sectors (1007.0 KiB)
Number Start (sector) End (sector) Size Code Name
3 2048 8388574 4.0 GiB 8E00 Linux LVM
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: installation-guide
Source-Version: 20180923
We believe that the bug you reported is fixed in the latest version of
installation-guide, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 776313@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Samuel Thibault <sthibault@debian.org> (supplier of updated installation-guide package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 23 Sep 2018 22:23:34 +0200
Source: installation-guide
Binary: installation-guide-amd64 installation-guide-arm64 installation-guide-armel installation-guide-armhf installation-guide-i386 installation-guide-mips installation-guide-mips64el installation-guide-mipsel installation-guide-ppc64el installation-guide-s390x
Architecture: source all
Version: 20180923
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Samuel Thibault <sthibault@debian.org>
Description:
installation-guide-amd64 - Debian installation guide for amd64
installation-guide-arm64 - Debian installation guide for arm64
installation-guide-armel - Debian installation guide for armel
installation-guide-armhf - Debian installation guide for armhf
installation-guide-i386 - Debian installation guide for i386
installation-guide-mips - Debian installation guide for mips
installation-guide-mips64el - Debian installation guide for mips64el
installation-guide-mipsel - Debian installation guide for mipsel
installation-guide-ppc64el - Debian installation guide for powerpc
installation-guide-s390x - Debian installation guide for s390x
Closes: 615646 756859 759428 776313 784206 863868 864037 864039 898665
Changes:
installation-guide (20180923) unstable; urgency=medium
.
[ Samuel Thibault ]
* rules: Fix release name.
.
[ Holger Wansing ]
* Update remaining Alioth references to dillon. Closes: #898665
* Overhaul of 'Baking your own kernel' chapter. Closes: #784206
* Creating bootable usb devices: link to Debian CD FAQ, on how to achieve
this on other OS'es. Closes: #863868
* Remove references to non-US (no longer existing for ages). Closes: #759428
* Document how to install additional packages afterwards. Closes: #615646
* Improve/update documentation regarding booting from USB storage.
Closes: #756859
* Add a warning about the use of LVM partition types. Closes: #776313
* Reorganize chapter about "Further reading" and merge with "New to Unix"
chapter. Closes: #864037
* Update of "What is Debian" chapter. Closes: #864039
.
[ Frans Spiesschaert ]
* Dutch translation update
Checksums-Sha1:
b8a4d384eca1bd5b05006446330146eaa9e509b0 2844 installation-guide_20180923.dsc
32c77674bb662a2ffa0d6c44f8bb4035fcb4f2ca 9720298 installation-guide_20180923.tar.gz
7dfb7ee23392e92ced3b89db0237340370d74145 16512568 installation-guide-amd64_20180923_all.deb
0017d3ec958ffb7a1e59c6635fd92dd48f4fffc3 15074144 installation-guide-arm64_20180923_all.deb
86b3ae2a9b3ebdd465560e9e2384b2eeb32cadc1 14768780 installation-guide-armel_20180923_all.deb
e31047353d4e35c9678e31bc3be2d9143ba32fd7 15160532 installation-guide-armhf_20180923_all.deb
a718fb8cb5c081b36a328f340c3e326e796c9e73 16559892 installation-guide-i386_20180923_all.deb
4461fcde2a7f53be30fe9395b69d7c66adc0beb6 14215648 installation-guide-mips64el_20180923_all.deb
d8fc3e21c450afcfac7666a1c09bb9fa8cfa8db9 14189184 installation-guide-mips_20180923_all.deb
6ab9ad774c972de80d27fe8456af5ef865968232 14216004 installation-guide-mipsel_20180923_all.deb
d86ae86be6aaa42c3380ed6974a6b3ed9e8c2c51 14534176 installation-guide-ppc64el_20180923_all.deb
f70f2143094b8c5b18a231516c6927abc10dd957 13088120 installation-guide-s390x_20180923_all.deb
cce2c832f8f1305ce5a4a80b40f3cb4407e94bf2 14181 installation-guide_20180923_amd64.buildinfo
Checksums-Sha256:
9946dfbd0c6d3c3802f6118b3c882ec981da1ac6d204f11ec7a9516198a52370 2844 installation-guide_20180923.dsc
c9064d3576d259a498e8caa4b4f6072874334f655b32cf6957f65ea84e9f8a30 9720298 installation-guide_20180923.tar.gz
d5ddc26452d76a730f5d8c6bd8092103911e035cdcaadc9fbede38b4cec507b4 16512568 installation-guide-amd64_20180923_all.deb
61641261671f7a70f4444f264d5423b800365984e629239e68184cce30ad2352 15074144 installation-guide-arm64_20180923_all.deb
9b7a18bc1cf90df04a21fdbcfadcad7f80b2bc4e60c6718931f1d60cf458063a 14768780 installation-guide-armel_20180923_all.deb
5829615e949c6db95b18497bb86aa7fde200642475a74784764baa39b12bce16 15160532 installation-guide-armhf_20180923_all.deb
167492ae97445f343d2a3fdf669c2b744282ceb9434feea3c9a582dd06eda284 16559892 installation-guide-i386_20180923_all.deb
5fb8f07c3812d2756047f848011c8fd81dafe255084a0482fe46f759ee3bc90b 14215648 installation-guide-mips64el_20180923_all.deb
4568225fcd8e2bee1de2d3741a0bebb18e8198e44ba7946001bc962df36bf94a 14189184 installation-guide-mips_20180923_all.deb
722e207811cd48b139f4bab8021ca062f9db258c7787c552649dedd7ab7d570e 14216004 installation-guide-mipsel_20180923_all.deb
a2de42f4c51ebf9238d403eba47c64f1a35a37667fab97c3168db6e71fb813df 14534176 installation-guide-ppc64el_20180923_all.deb
40bc2760bd1d3b27ccc2d06030c44cd51b8d77f0e83609b71a1d19293ac27d6e 13088120 installation-guide-s390x_20180923_all.deb
10f78e29752c3cc03cce6f8ddd1a3f70f8e10622f411a972705994a483b161d8 14181 installation-guide_20180923_amd64.buildinfo
Files:
c41043df014554ac7d78a73c2e9d2518 2844 doc optional installation-guide_20180923.dsc
90e5ab2224f7481d14a0ba551cedff3e 9720298 doc optional installation-guide_20180923.tar.gz
e4fef4b79b1e6f2360cc9187d4af0cf1 16512568 doc optional installation-guide-amd64_20180923_all.deb
fa63e581e2fc58d72f02c14fd845fe23 15074144 doc optional installation-guide-arm64_20180923_all.deb
51902c47c94a25dd4792104525ef4034 14768780 doc optional installation-guide-armel_20180923_all.deb
3fbe05112449e68309bb87547b21174e 15160532 doc optional installation-guide-armhf_20180923_all.deb
cd46d93c6a61fe680a8c9b0065665fd7 16559892 doc optional installation-guide-i386_20180923_all.deb
4f42bffe33b5f9e5ecc8502d35664fa1 14215648 doc optional installation-guide-mips64el_20180923_all.deb
9122bf7b95ceb09a76b958a2490fbf5f 14189184 doc optional installation-guide-mips_20180923_all.deb
c21cf0d6e18e269fa472e7e5ce103f48 14216004 doc optional installation-guide-mipsel_20180923_all.deb
61b5d302d569448a8deaca4c55b88245 14534176 doc optional installation-guide-ppc64el_20180923_all.deb
8e0cac85f7e35504bae59a6196b75f87 13088120 doc optional installation-guide-s390x_20180923_all.deb
f890bdb461d6061940e21aed9893d237 14181 doc optional installation-guide_20180923_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOjpdRkZg6GdhDKQnmWhJwc9WBHgFAlun/YMACgkQmWhJwc9W
BHg7ZQ//fm5HijHs85K48ItDyS0NTR7apizuCIN5q7zzjxeXqdeaavDDR/oMFDdS
dm7dPYb1dut5eRj2ApRl3UAoT+FvxrPqjm04QdBjjH8tLbpljXOkCrMAeJQAAKqP
qvEbKqCB47EJ8Pfx14099Dz7meAC0r1SOmNiaVud6qsDb1LD+SqbvHdO4unMXRan
8e1p2v+s35Cfg0tJXWGz/JQQNmfO8uo9Su6DwTTCQoNFg7cmtBoVUosCtYRwvGMq
6feTr9RO4Bn3m9hQwwVjnptkXdshKPSkaAWChiCmbDNWNUltsjhfZn7QBENSlBfw
iHYoh8Bx266G6eQGpsByUqTtfXgYqqWri8I9toqD7+7oycVg6iSVGejou7kZpHnH
ICOjd7ZpPUGfRKRWzZEQThLPAF0lfpTRgY/hxSByld40aKiRE3Y4ssG+eZfw7s/b
FGeh7DpsQAD3p65PRk6Msaq16ypJAqSv1K3DFDnwAyJp7jngTU/3fOQEwwEPo/aB
+k4KsbBVnFmlckmqeAGaOdQqZz5A+QfaBg7CAMBZBnljFMNDI2nUPEdlrvtLca/E
POTA7su4fbU5qu8kuEZmoA927gM2jrA2ekOQ4cawCFKsHEfXGWM7nrgChGKov4aK
awgA2QWiO1CsnNQwGLtioqgOIzeFh+7302Ed1T0hOH03J9DqLc0=
=S2Mn
-----END PGP SIGNATURE-----
--- End Message ---