Bug #37857: Clevis/Tang disk encryption broken for Ubuntu/multiple disks - Foreman

Actions

Copy link

Bug #37857

closed

Clevis/Tang disk encryption broken for Ubuntu/multiple disks

Added by Martin Spiessl 6 months ago. Updated about 1 month ago.

Status:

Closed

Priority:

Normal

Assignee:

Category:

Unattended installations

Target version:

Difficulty:

Triaged:

Yes

Bugzilla link:

Pull request:

https://github.com/theforeman/foreman/pull/10334

Fixed in Releases:

3.14.0

Found in Releases:

Red Hat JIRA:

Description

Support for disk encryption via Clevis/Tang was added in #36885.

This works in basic cases where there is only one encrypted disk behind the root partition,
but fails if there are multiple encrypted disk: the passphrase is only replaced with Tang
on the first disk, on the others the passphrase is untouched, leading to password prompts at boot.

There are also some bugs in the support of Clevis/Tang for Ubuntu:
- disk_enc_clevis_tang.erb needs to work with dash (not just bash)
- the check of the minor version in the autoinstall template is broken,
recommendation is also to not rely on the minor version for this OS
- PKG_MANAGER_INSTALL is missing in preseed_autoinstall_cloud_init.erb

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #37857

Clevis/Tang disk encryption broken for Ubuntu/multiple disks

Updated by The Foreman Bot 6 months ago

Updated by The Foreman Bot 4 months ago

Updated by Anonymous 4 months ago

Updated by Ewoud Kohl van Wijngaarden about 1 month ago