I tried to install mga9 (cauldron) on a new laptop. But setup of cryptsetup always fails.
Marc, you need to give more information; a much fuller description of what you did. cryptsetup : Utility for setting up encrypted filesystems LUKS is the upcoming standard for Linux hard disk encryption What ISO were you using? Did cryptsetup fail doing disc partitioning? If so, please describe what partitions you wanted to set up. Did cryptsetup fail while it was being installed with all the other packages? Did it stop the installation in the middle, or did that proceed to end in spite of the failure? Can you give the error messages? Perhaps you should leave the following paragraph until you have provided more information. "For bugs related to the traditional installer (not installing from a Live ISO), the reporter should provide the file /root/drakx/report.bug.xz as an attachment. An easy way for doing this is ask the reporter to switch to console 2 (by pressing "Ctrl-Alt-F2") during installation after the bug occurs, plug a USB key/stick and type: bug /dev/sdxy where xy is the proper USB stick device & pertition. You can find by first running dmesg whether your USB key is on e.g. "/dev/sdb", "/dev/sdc" or "/dev/sdd", etc." For bugs related to installing from a Live USB or NetInstall [to follow] CC'ing Martin for advice about these (yes, I should know. Our wiki needs updating).
Source RPM: (none) => cryptsetup-2.6.0-1.mga9.src.rpmCC: (none) => lewyssmith, mageia
This may be the same as https://bugs.mageia.org/show_bug.cgi?id=31206#c2 The prompt for the passphrase does show up, but there are several lines from other things after it. As soon as any key is pressed, the prompt shows again.
CC: (none) => davidwhodgins
I'm sorry. I was in a hurry. Just booted the "Mageia-Cauldron-netinstall-nonfree-x86_64.iso" from usb, and started the setup. Choose manual partitioning, added UEFI-partition and then tried to add a lvm partition with encryption. Entered the password twice in the fields. Then the message is "cryptsetup failed". But it fails with any other partition type as well. But I try this again tomorrow and provide the asked bug report. (in the console there was no useful information).
Created attachment 13590 [details] Bug
The error seems to be: * running: cryptsetup --cipher=aes-xts-benbi --key-size=512 luksFormat --batch-mode /dev/sda2 /tmp/.dmcrypt_key-490 Requested hash sha256 is not supported. Failed to set pbkdf parameters. * error: cryptsetup failed
is this due to updated openssl? What about "old" installations? Do they work if the crypt cipher was removed?
(In reply to Marc Krämer from comment #6) > is this due to updated openssl? This suggests it might be: https://gitlab.com/cryptsetup/cryptsetup/-/issues/782 > What about "old" installations? Do they work if the crypt cipher was removed? and if so, that report indicates it will affect old installations too.
oh, that makes it a release blocker.
This does not seem the same problem as noted in comment 2. The other link from Martin comment 7 looks closer, although the error messages are not the same apart from "Requested hash sha256 is not supported". That was for cryptsetup 2.5.0, and applied to booting a LUKS system. It had another link: https://bugzilla.redhat.com/show_bug.cgi?id=2133884 which steers things to openSSL. Except we have the 'missing' file: lrwxrwxrwx 1 root root 49 Rha 14 15:31 /etc/crypto-policies/back-ends/opensslcnf.config -> /usr/share/crypto-policies/DEFAULT/opensslcnf.txt Assigning this globally because both possible packages interest different packagers, and this looks like needing more than 1 head.
CC: lewyssmith => (none)Source RPM: cryptsetup-2.6.0-1.mga9.src.rpm => cryptsetup-2.6.0-1.mga9.src.rpm, openssl-3.0.5-3.mga9Assignee: bugsquad => pkg-bugsPriority: Normal => release_blocker
I'm seeing the same issue as in Comment 5 when installing on a QEMU/KVM virtual machine. ISO: Mageia-9-beta1-x86_64.iso DATE: Tue Dec 6 02:12:07 PM CET 2022 SHA3: 6EF90DF313BC19ADB2758D30A247C10F89A479D46E7B7509FEFDDBD78E1106AEDFC543EE5EED05FCBD72A6CC81A2201912365D190F01D1647886029B84971078 Will attach bug report.
CC: (none) => mageia
Created attachment 13605 [details] video of installation on QEMU/KVM showing steps resulting in "cryptsetup failed".
Created attachment 13606 [details] bug report of installation on a QEMU/KVM virtual machine that fails with "cryptsetup failed".
Relevant part of the bug report showing the "cryptsetup failed" message: """ * running: /sbin/modprobe padlock_aes modprobe: ERROR: could not insert 'padlock_aes': No such device * running: /sbin/modprobe -n padlock_aes * running: cryptsetup --cipher=aes-xts-benbi --key-size=512 luksFormat --batch-mode /dev/vda1 /tmp/.dmcrypt_key-567 Requested hash sha256 is not supported. Failed to set pbkdf parameters. * error: cryptsetup failed """
Experienced failure of cryptsetup (did not check log) After that i retried without, using non encrypted LVM, but lvcreate did not succeed creating lv. That was after removing the failed encrypted partition, and made a new partition for LVM successfully, then when creating logical partitions the graphical interface never said it finished and in another terminal i saw the lvcreate command was still running. So either more than crypstetup use is borked, or it was a side effect of some problem still persisting despite having made a fresh unencrypted pv for LVM? To be tested more...
CC: (none) => fri
Next try with mga8 partions: Used the mga8 installer to create partitions: /boot/EFI, encrypted LVM Then used the mga9 installer to install and it worked. All parttions are accepted and encryption too. So I guess this is a small (but severe) bug.
Should be fixed when drakx-installer-stage2-18.53-1.mga9 reaches the mirrors.
Source RPM: cryptsetup-2.6.0-1.mga9.src.rpm, openssl-3.0.5-3.mga9 => drakx-installer-stage2-18.52-2.mga9
Better. Created encrypted LVM using netinstaller (booted with option to use wget) let it install xfce: all seem to go well until reboot: grub drops to rescue mode with error: ../../grub-core/kern/disk.c:236:disk `lvmid/TIBLsE-and-about-fifty-more-characters' not fond.
Are you using encryption at the physical volume level or the logical volume level?
Physical. Using installer partitioning step: Dreated a partition, selecting typ "Linux Logical Volume Manager", checked the box to encrypt and set the key. Next pressed button to add it to LVM, accepted default "vg-mga" Selected the new tab "vg-mga" and in that created /, swap, /home.
I just did a similar install in a vb guest using today's plasma live iso, which worked. I only put / inside the encrypted lvm physical volume. swap and /boot are in regular partitons. Do you have a separate /boot?
Confirmed the same error after an install from the live xfce iso without the separate /boot. I did a non-uefi install using an mbr style partition table. The first stage of grub2 from the boot sector has to be able to read the stage2 as well as the kernel/initrd which then handles the decryption of the rest. Please confirm you did not have a separate /boot and close this bug as invalid if that is the case.
Or rather close as fixed, not invalid since there was a change to the installer.
Thinking about it more, the partitioning step should require /boot to be in an unencrypted partition if the lvm physical or logical volume containing the root file system is encrypted, so don't close as fixed yet.
from /usr/lib/libDrakX ... fsedit.pm: cdie N("You've selected an encrypted partition as root (/). fsedit.pm: die N("You cannot use an encrypted filesystem for mount point %s", "/boot"); So it already prevents encrypting the file system containing /boot, but that check fails if /boot is inside of an encrypted device such as an lvm physical volume.
Closing this bug as fixed. If there are other, different, issues, please open new bug reports for those.
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
@Dave: I ran into this issue myself, by accident. I created an encrypted disk and put boot into this disk, which was really stupid, but things like this happens. If this can be easily fixed, it would be great.
Doh. Yes. Thanks. Bug 31343 - Warn if no unencrypted /boot is available.