New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Installer parses and modifies pre-existing partitions even if given disk is not selected for installation #2835

Open
marmarek opened this Issue May 31, 2017 · 6 comments

Comments

Projects
None yet
3 participants
@marmarek
Member

marmarek commented May 31, 2017

Qubes OS version (e.g., R3.2):

R3.2, R4.0

--

Expected behavior:

Installer ask the user what disks should be used for installation and only modify selected disks, and only in a way configured in installer (do not touch partition not used as installation target).
Actually main anaconda screen contains phrase: "We won't touch your disks until you click 'Begin Installation'.". This is not true.

Actual behavior:

Before showing main anaconda screen, it "probe for storage". This include:

General notes:

Besides performance impact, this have serious other implications:

  • can lead to data loss - for example if some of those partitions are signed with dm-verity (like in Chromium OS, or Heads), or belongs to hibernated system
  • security aspect: previously installed, malicious OS can try to compromise some of those parses by leaving specifically crafted data on disk

Related issues:

Upstream issues:

Proposed half-solution

Modifying this part of installer from downstream distribution position is quite hard - require forking some more packages. Until upstream issue got fixed, add appropriate info to installation guide. Something like:

Warning: installer will try to access all existing partitions, running fsck there and mounting them. It is recommended to physically disconnect unrelated disks during the installation. If installation target contain potentially compromised system, it is also recommended to wipe the disk before launching the installer.

@marmarek marmarek added this to the Release 4.0 milestone May 31, 2017

@marmarek marmarek self-assigned this May 31, 2017

@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Jun 2, 2017

Member

Oh, wow. I agree with your "proposed half-solution." I'd just add that we want to stress that this is an upstream bug.

Member

andrewdavidwong commented Jun 2, 2017

Oh, wow. I agree with your "proposed half-solution." I'd just add that we want to stress that this is an upstream bug.

andrewdavidwong added a commit to QubesOS/qubes-doc that referenced this issue Jun 2, 2017

marmarek added a commit to QubesOS/qubesos.github.io that referenced this issue Jun 2, 2017

autoupdate: _doc
_doc:
    object d48ca106354c9f5995175e8a40fcd53617a2de8c
    type commit
    tag adw_d48ca106
    tagger Andrew David Wong <adw@andrewdavidwong.com> 1496364288 -0500

    Tag for commit d48ca106354c9f5995175e8a40fcd53617a2de8c

    d48ca10 Add warning about QubesOS/qubes-issues#2835
@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Jun 2, 2017

Member

Added a warning to the installation guide.

Member

andrewdavidwong commented Jun 2, 2017

Added a warning to the installation guide.

marmarek added a commit to marmarek/qubes-installer-qubes-os that referenced this issue Jul 30, 2017

@qubesos-bot

This comment has been minimized.

Show comment
Hide comment
@qubesos-bot

qubesos-bot Jul 30, 2017

Automated announcement from builder-github

The package pykickstart-2.32-3.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

Automated announcement from builder-github

The package pykickstart-2.32-3.fc25 has been pushed to the r4.0 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

@qubesos-bot qubesos-bot referenced this issue in QubesOS/updates-status Jul 30, 2017

Closed

installer-qubes-os v2.1.6-4-blivet (r4.0) #165

andrewdavidwong added a commit to QubesOS/qubes-doc that referenced this issue Jul 30, 2017

@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Jul 30, 2017

Member

Updated the documentation warning to specify that the issue affects only 3.2 and is fixed in 4.0.

Member

andrewdavidwong commented Jul 30, 2017

Updated the documentation warning to specify that the issue affects only 3.2 and is fixed in 4.0.

@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Sep 4, 2017

Member

The fix prevent calling fsck, but do not prevent mounting partitions.

Member

marmarek commented Sep 4, 2017

The fix prevent calling fsck, but do not prevent mounting partitions.

@marmarek marmarek reopened this Sep 4, 2017

@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Sep 8, 2017

Member

@marmarek: If you expect that this will be fixed before the 4.0 stable release, I will leave the documentation as-is (stating that the issue is fixed in 4.0). Otherwise, I can update the documentation to clarify that it is only partially fixed in 4.0.

Member

andrewdavidwong commented Sep 8, 2017

@marmarek: If you expect that this will be fixed before the 4.0 stable release, I will leave the documentation as-is (stating that the issue is fixed in 4.0). Otherwise, I can update the documentation to clarify that it is only partially fixed in 4.0.

fepitre added a commit to fepitre/qubes-installer-qubes-os that referenced this issue Dec 29, 2017

fepitre added a commit to fepitre/qubes-installer-qubes-os that referenced this issue Dec 29, 2017

blivet: backport rhbz#1170803 fix
It disable fsck for all partitions call.

Fixes QubesOS/qubes-issues#2835

fepitre added a commit to fepitre/qubes-installer-qubes-os that referenced this issue Dec 30, 2017

fepitre added a commit to fepitre/qubes-installer-qubes-os that referenced this issue Dec 30, 2017

blivet: backport rhbz#1170803 fix
It disable fsck for all partitions call.

Fixes QubesOS/qubes-issues#2835
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment