SOLVED: F10 Post install encrypt partition issue

[Jason Smith]

On Thu, Nov 27, 2008 at 9:29 AM, Jason Smith <jvsmith at digitalmatter.us>wrote:

> Hello,
>
> I installed F10 last night. Install went file. The machine was previously
> running F9 with encrypted /root and /home. For the install on F10 did an
> install, not upgrade, and formatted /root. Left /home alone.
>
> During the boot process I get prompted for the passphrase to unlock the
> encryption for /root. Once the system gets to the interactive boot process
> and does the check disks routine I do not get prompted to enter a passphrase
> to allow access to  the encrypted /home.
>
> I get the following error then it drops me to a maintenance prompt.
>
> Checking filesystems
> /dev/mapper/luks-ce0ce45d5-c705-4fde-8f7d-a17172c39aae: clean,
> 125896/655370 files, 986044/2621311 blocks
> fsck.ext3: No such file or directory while trying to open
> /dev/mapper/luks-d8590a73-6fd0-46e5-8135-3ad739f58f6c
> /dev/mapper/luks-d8590a73-6fd0-46e5-8135-3ad739f58f6c:
> The superblock could not be read or does not describe a correct ext2
> filesystem. If the device is valid and it really contains an ext2 filesystem
> (and not swap or ufs or something else), then the superblock is corrupt, and
> you might try running e2fsck with an anternate superblock: e2fsck -b 8193
> <dvice>
>
> /boot: clean 36/26104 files, 17648/104388 blocks
>
>
> *** An error occurred during the filesystem check.
> *** Dropping you to a shell; the system will reboot
> *** when you leave the shell
> ...
>
> I've verified through in maintenance mode that /etc/crypttab looks fine and
> the same with /etc/fstab. I can unlock my encrypted /home by running
> cryptsetup luksOpen /dev/mapper/VGSys-LVHome
> luks-d8590a73-6fd0-46e5-8135-3ad739f58f6c and providing the passphrase. I
> then can mount /home. So I know things with that are good and the data is
> there. The problem is that during bootup it just doesn't prompt for the
> passphrase to unlock /home.
>
> From what I can tell /etc/rc.sysinit is responsible for mount partitions
> and in the case of encrypted volumes asking for the passphrase. I'm
> wondering if this is a bug.
>
> Any help is appreciated.
>

Here's what I had to do. I don't think I should of but I guess that just
means that I will be filing a bug report. The problem had nothing to do
concerning LUKS. It appears it had to do with how fcsk is run on bootup. Now
I assume it had something to do with the fact that I am running LVM and
LUKS, but I don't know. In the new /etc/crypttab that F10 created during the
install was the following lines:

luks-ce0e45d5-c705-4fde-8f7d-a17172c39aae
UUID=ce0e45d5-c705-4fde-8f7d-a17172c39aae none
luks-d8590a73-6fd0-46e5-8135-3ad739f58f6c
UUID=d8590a73-6fd0-46e5-8135-3ad739f58f6c none

What I didn't see initially because I couldn't read fast enough was that
fsck was complaining about not being able to find
UUID=ce0e45d5-c705-4fde-8f7d-a17172c39aae. Once I commented some lines out
of /etc/rc.sysinit and fooled around there. I was able to see that. So the
change I made to /etc/crypttab was to remove the UUID and replace it with
the direct position.

New /etc/crypttab
luks-ce0e45d5-c705-4fde-8f7d-a17172c39aae /dev/mapper/VGSys-LVRoot none
luks-d8590a73-6fd0-46e5-8135-3ad739f58f6c /dev/mapper/VGSys-LVHome none

After I made that change and put the original rc.sysinit in place the system
booted up without issue. I was able to modify /etc/crypttab by booting off
the install media and using the rescue mode. I did have to manually mount /.

Jason
-- 
Jason Smith
jvsmith at digitalmatter.us

Nations have recently been led to borrow billions for war;
no nation has ever borrowed largely for education.  Probably,
no nation is rich enough to pay for both war and civilization.
We must make our choice; we cannot have both.
~Abraham Flexner

Education is a better safeguard of liberty than a standing army.
~Edward Everett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20081128/4926cf5e/attachment-0001.htm>