Project

General

Profile

Actions
Copy link

Bug #37857

closed

Clevis/Tang disk encryption broken for Ubuntu/multiple disks

Added by Martin Spiessl 6 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Unattended installations
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
https://github.com/theforeman/foreman/pull/10334
Fixed in Releases:
3.14.0
Found in Releases:
Red Hat JIRA:

Description

Support for disk encryption via Clevis/Tang was added in #36885.

This works in basic cases where there is only one encrypted disk behind the root partition,
but fails if there are multiple encrypted disk: the passphrase is only replaced with Tang
on the first disk, on the others the passphrase is untouched, leading to password prompts at boot.

There are also some bugs in the support of Clevis/Tang for Ubuntu:
- disk_enc_clevis_tang.erb needs to work with dash (not just bash)
- the check of the minor version in the autoinstall template is broken,
recommendation is also to not rely on the minor version for this OS
- PKG_MANAGER_INSTALL is missing in preseed_autoinstall_cloud_init.erb

Actions
Copy link
 #1

Updated by The Foreman Bot 6 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/10334 added
Actions
Copy link
 #2

Updated by The Foreman Bot 4 months ago

  • Fixed in Releases 3.14.0 added
Actions
Copy link
 #3

Updated by Anonymous 4 months ago

  • Status changed from Ready For Testing to Closed
Actions
Copy link
 #4

Updated by Ewoud Kohl van Wijngaarden about 1 month ago

  • Triaged changed from No to Yes
Actions
Copy link

Also available in: Atom PDF