New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Recovery fails on LUKS-encrypted filesystem using simple password #2151
Comments
After some investigation, it seems to be the result of an inconsistency between:
and:
In the first script, the temp. keyfile is only created when a keyfile was specified on the source system (see l. 46-48). In the absence of a keyfile, a password is either read from the options or (as is the case for me) the user is prompted for it. In the second script, we fail as BUG if the temp. keyfile doesn't exist (see l. 28-29) -- which is the case for us. The script should probably not have reached the inside of the Some error in the |
Second hypothesis correct. Here is relevant line from 'disklayout.conf':
This does indeed cause the 'awk' scriptlet to match, but to return an empty string for Will add an extra test in the |
@petroniusniger |
The The
Of course one could reverse-engineer what it does |
Thanks for the report and your correct analysis. The To me it looks like
What exactly is impossible to understand? Looks pretty clear to me. |
Here is the contents of the original '/etc/crypttab' (from backup archive):
I checked the (partially) recovered VM, and '/mnt/local/etc/crypttab' is identical (recovery died before call to |
Just to clarify: I've created the encrypted volume using the YaST2 partitioner module, and I've not edited /etc/crypttab manually afterwards. |
@OliverO2
Shall I test and submit a pull request if successful? |
@petroniusniger You might want to check crypttab(5) on your system and file a bug with YaST as well. |
Extracts from crypttab(5) on openSUSE Leap 15.0:
and further down:
So, not a bug from the point of view of SUSE, I guess. |
Thanks for the insights! Just did a quick research on Ubuntu manpages where even the 7 year old Ubuntu 12.04 crypttab(5) manpage says in the description's final section:
Anyway, if there are systems around that do not agree, it's always a good idea to call it a bug in ReaR and fix it accordingly. |
I can confirm that I'm able to successfully recover my test system using the proposed fix.
I'll now proceed with the PR creation. |
Successfully retested after having re-aligned my working copy with trunk/LATEST. Pull request created: #2154 |
PR has been merged - if all is well we can close this issue - just let me now how it works out? |
I think it can be closed immediately. We already have a double confirmation from @petroniusniger that the PR's change resolves the issue. |
ReaR version ("/usr/sbin/rear -V"): Relax-and-Recover 2.5 / Git
OS version ("cat /etc/rear/os.conf" or "lsb_release -a" or "cat /etc/os-release"):
OS_VENDOR=SUSE_LINUX
OS_VERSION=15.0
# The following information was added automatically by the mkbackup workflow:
ARCH='Linux-i386'
OS='GNU/Linux'
OS_VERSION='15.0'
OS_VENDOR='SUSE_LINUX'
OS_VENDOR_VERSION='SUSE_LINUX/15.0'
OS_VENDOR_ARCH='SUSE_LINUX/i386'
# End of what was added automatically by the mkbackup workflow.
ReaR configuration files ("cat /etc/rear/site.conf" and/or "cat /etc/rear/local.conf"):
OUTPUT=ISO
BACKUP=NETFS
BACKUP_URL="nfs://mcbackup.cbptc.org/Stations_bkup/rear/"
KEEP_OLD_OUTPUT_COPY=1
Hardware (PC or PowerNV BareMetal or ARM) or virtual machine (KVM guest or PoverVM LPAR): VMware-based VM
System architecture (x86 compatible or PPC64/PPC64LE or what exact ARM device): x86_64
Firmware (BIOS or UEFI or Open Firmware) and bootloader (GRUB or ELILO or Petitboot): grub2-uefi
Storage (local disk or SSD) and/or SAN (FC or iSCSI or FCoE) and/or multipath (DM or NVMe): local (virtual) disk, 32GB, thin prov.
Description of the issue (ideally so that others can reproduce it): the VM I try to recover contains one LUKS-encrypted filesystem (inside a LVM logical volume). The key to decrypt and mount that filesystem is provided as a password, to be typed during boot time. During recovery, ReaR correctly detects that this LV should be encrypted and prompts me to enter a (new) password for it. It then successfully creates the LV, the filesystem and mounts it, then proceed with restoring the data. The failure arises later, when ReaR tries to re-assign a key file that doesn't exist:
Workaround, if any: none at this stage
Attachments, as applicable ("rear -D mkrescue/mkbackup/recover" debug log files):
(see below)
The text was updated successfully, but these errors were encountered: