steinex | Hi, we have a weird problem with an ubuntu precise preseed install using latest installer als kernel from proposed. The problem is that crypto-modules in /lib/modules/<kernel>/crypto are missing in the installer, thus the installer is unable to create a LUKS partition | 16:00 |
---|---|---|
steinex | there is no additional "installer component" to get these modules. the weird thing is: this worked 14 days ago | 16:01 |
steinex | *any* hints? | 16:01 |
xnox | steinex: please use 12.04.4 installer. or wait for the updated kernel (the fix for the missing crypto kernel module will be in the proposed kernel after current one, eg. 1-3 weeks) | 16:01 |
xnox | steinex: if you are doing pxeboot, you need to update it. | 16:01 |
steinex | ok, will have a look | 16:02 |
xnox | steinex: http://cdimage.ubuntu.com/netboot/12.04/ quantal, raring, saucy stack netboot images work. | 16:02 |
xnox | steinex: the one with precise 3.2 kernel does not at the moment. It has been release noted at 12.04.4 release, and fix for this will be in the next kernel SRU cadence. | 16:03 |
xnox | (it was too late to be included in the current one about to be released) | 16:03 |
xnox | steinex: we could publish a partman-crypto revert / check for the kernel module, but such an SRU would only arrive after the fixed kernel will be available from proposed =( | 16:05 |
infinity | xnox: A previous build of the 3.2 d-i would work. | 16:20 |
infinity | xnox: Assuming those modules just got dropped recently... | 16:21 |
infinity | xnox: Or was it userspace that changed and needed the kernel fixed? | 16:21 |
xnox | infinity: userspace started to use it. So one needs older partma-crypto udeb. | 16:22 |
infinity | Ahh, that's a bit tougher, except with an ISO install. | 16:23 |
xnox | infinity: i've checked d-i sources, and i don't see a way to disable -security -updates pockets for udebs. | 16:23 |
xnox | infinity: one can opt-in into -proposed, but not opt-out from -security -updates =( | 16:23 |
xnox | infinity: are the current SRU kernels released and new ones building? cause the fix is committed for the next 3.2 kernel sru and as soon as that hits proposed, we can direct people at enabling -proposed for udebs only. | 16:24 |
infinity | xnox: That won't work until there's a new d-i too, but yeah, new SRU kernels are on their way soon. | 16:25 |
xnox | infinity: i think it would. i only need crypto-modules udeb be in -proposed, which is not in the d-i image for pxeboot and fetched over the network.... or all of them get renamed and get fetched by strict versioned name? | 16:27 |
infinity | xnox: Uhm, it's a kernel module, dude. | 16:28 |
infinity | xnox: You kinda need it to match your kernel. | 16:28 |
infinity | Hence need a new d-i image with matching kernel and other modules. | 16:28 |
xnox | infinity: ok. | 16:29 |
bdmurray | cjwatson: Could you have a look at bug 1277436 which has a patch? | 17:01 |
ubot2` | Launchpad bug 1277436 in biosdevname (Ubuntu) "biosdevname renaming rule not present in initramfs, leads to unpredictable names" [High,Triaged] https://launchpad.net/bugs/1277436 | 17:01 |
xnox | bdmurray: that seems solid reasoning, and clean implementation. I might just sponsor that. | 18:07 |
steinex | xnox: that has helped, thank you again | 18:20 |
steinex | raring kernel/installer is working | 18:20 |
xnox | steinex: i'm glad I've helped you. | 18:25 |
xnox | steinex: the 3.2 kernel bug is tracked as bug 1276739 and is scheduled to be fixed as part of next kernel sru cadence. As a result, from now on the installed machines will use xts IV algorithm, and thus will be resilient to a malleability attack which worked against cbc algorithm. If you concerned about it, it may be a good idea to reprovision / reinstall all LUKS encrypted machines which were installed with pre-12.04.4 partman-crypto. More infor | 18:31 |
xnox | mation about the potential attack vector is here: http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/ | 18:31 |
ubot2` | Launchpad bug 1276739 in linux (Ubuntu Precise) "partman-crypto uses xts by default, yet xts.ko kernel module is not present in 3.2 (original-point-zero stack) crypto-modules-udeb" [High,Fix committed] https://launchpad.net/bugs/1276739 | 18:31 |
darien | I'm testing migrating our automated installation from 10.04 to 14.04, and I'm having some difficulty trying to figure out where, exactly, to make it stop loading the graphical installer. I was wondering if the new (to 14.04?) install process is documented somewhere so I can figure out how it all works. | 22:51 |
darien | (the graphical installer seems to ignore the preseed file, which is where I'm currently stuck) | 22:54 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!