Project

General

Profile

Actions

Bug #37857

closed

Clevis/Tang disk encryption broken for Ubuntu/multiple disks

Added by Martin Spiessl 6 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Unattended installations
Target version:
-
Difficulty:
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

Support for disk encryption via Clevis/Tang was added in #36885.

This works in basic cases where there is only one encrypted disk behind the root partition,
but fails if there are multiple encrypted disk: the passphrase is only replaced with Tang
on the first disk, on the others the passphrase is untouched, leading to password prompts at boot.

There are also some bugs in the support of Clevis/Tang for Ubuntu:
- disk_enc_clevis_tang.erb needs to work with dash (not just bash)
- the check of the minor version in the autoinstall template is broken,
recommendation is also to not rely on the minor version for this OS
- PKG_MANAGER_INSTALL is missing in preseed_autoinstall_cloud_init.erb

Actions #1

Updated by The Foreman Bot 6 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/10334 added
Actions #2

Updated by The Foreman Bot 4 months ago

  • Fixed in Releases 3.14.0 added
Actions #3

Updated by Anonymous 4 months ago

  • Status changed from Ready For Testing to Closed
Actions #4

Updated by Ewoud Kohl van Wijngaarden about 1 month ago

  • Triaged changed from No to Yes
Actions

Also available in: Atom PDF