#2492 Issue closed: Excluding LUKS filesystem does not exclude LUKS volume¶
Labels: enhancement, won't fix / can't fix / obsolete
jsmeix opened issue at 2020-09-15 12:52:¶
Current GitHub master code on my x86_64 home office laptop:
With EXCLUDE_COMPONENTS+=( fs:/lukstest ) in etc/rear/local.conf
I get only that LUKS filesystem excluded but not the underlying LUKS
volume
in var/lib/rear/layout/disklayout.conf
# Disk layout dated 20200915141517 (YYYYmmddHHMMSS)
# NAME KNAME PKNAME TRAN TYPE FSTYPE SIZE MOUNTPOINT
# /dev/sda /dev/sda sata disk 465.8G
# |-/dev/sda1 /dev/sda1 /dev/sda part 8M
# |-/dev/sda2 /dev/sda2 /dev/sda part crypto_LUKS 4G
# | `-/dev/mapper/cr_ata-TOSHIBA_MQ01ABF050_Y2PLP02CT-part2 /dev/dm-1 /dev/sda2 crypt swap 4G [SWAP]
# |-/dev/sda3 /dev/sda3 /dev/sda part crypto_LUKS 200G
# | `-/dev/mapper/cr_ata-TOSHIBA_MQ01ABF050_Y2PLP02CT-part3 /dev/dm-0 /dev/sda3 crypt ext4 200G /
# |-/dev/sda4 /dev/sda4 /dev/sda part ext4 100G /nfs
# |-/dev/sda5 /dev/sda5 /dev/sda part ext4 150G /var/lib/libvirt
# |-/dev/sda6 /dev/sda6 /dev/sda part ext2 8G /other
# `-/dev/sda7 /dev/sda7 /dev/sda part crypto_LUKS 1G
# `-/dev/mapper/lukstest /dev/dm-2 /dev/sda7 crypt ext2 1022M /lukstest
# /dev/sr0 /dev/sr0 sata rom 1024M
# Disk /dev/sda
# Format: disk <devname> <size(bytes)> <partition label type>
disk /dev/sda 500107862016 gpt
# Partitions on /dev/sda
# Format: part <device> <partition size(bytes)> <partition start(bytes)> <partition type|name> <flags> /dev/<partition>
part /dev/sda 8388608 1048576 rear-noname bios_grub /dev/sda1
part /dev/sda 4294967296 9437184 rear-noname swap /dev/sda2
part /dev/sda 214748364800 4304404480 rear-noname legacy_boot /dev/sda3
part /dev/sda 107374182400 219052769280 rear-noname none /dev/sda4
part /dev/sda 161061273600 326426951680 rear-noname none /dev/sda5
part /dev/sda 8589934592 487488225280 other none /dev/sda6
part /dev/sda 1073741824 496078159872 playground none /dev/sda7
# Filesystems (only ext2,ext3,ext4,vfat,xfs,reiserfs,btrfs are supported).
# Format: fs <device> <mountpoint> <fstype> [uuid=<uuid>] [label=<label>] [<attributes>]
fs /dev/mapper/cr_ata-TOSHIBA_MQ01ABF050_Y2PLP02CT-part3 / ext4 uuid=f05af948-6075-40a3-9191-354b0a0a9afc label= blocksize=4096 reserved_blocks=4% max_mounts=-1 check_interval=0d bytes_per_inode=16383 default_mount_options=user_xattr,acl options=rw,relatime,data=ordered
#fs /dev/mapper/lukstest /lukstest ext2 uuid=84e951c1-170d-489d-b1cc-191f95608d97 label= blocksize=4096 reserved_blocks=4% max_mounts=-1 check_interval=0d bytes_per_inode=16384 default_mount_options=user_xattr,acl options=rw,relatime
fs /dev/sda4 /nfs ext4 uuid=4c4a923d-1562-4254-a1fa-4e761278c02f label= blocksize=4096 reserved_blocks=5% max_mounts=-1 check_interval=0d bytes_per_inode=16384 default_mount_options=user_xattr,acl options=rw,relatime,data=ordered
fs /dev/sda5 /var/lib/libvirt ext4 uuid=4a42395e-4f9d-4056-9948-6d5d9d92d990 label= blocksize=4096 reserved_blocks=5% max_mounts=-1 check_interval=0d bytes_per_inode=16384 default_mount_options=user_xattr,acl options=rw,relatime,data=ordered
#fs /dev/sda6 /other ext2 uuid=259dac9c-f2fd-4181-a351-83603398e465 label= blocksize=4096 reserved_blocks=4% max_mounts=-1 check_interval=0d bytes_per_inode=16384 default_mount_options=user_xattr,acl options=rw,relatime
# Swap partitions or swap files
# Format: swap <filename> uuid=<uuid> label=<label>
swap /dev/mapper/cr_ata-TOSHIBA_MQ01ABF050_Y2PLP02CT-part2 uuid=6d8f8998-dd20-412a-bcc2-618eed858662 label=
crypt /dev/mapper/lukstest /dev/sda7 cipher=aes-xts-plain64 key_size=256 hash=sha256 uuid=1b4198c9-d9b0-4c57-b9a3-3433e391e706
crypt /dev/mapper/cr_ata-TOSHIBA_MQ01ABF050_Y2PLP02CT-part3 /dev/sda3 cipher=aes-xts-plain64 key_size=256 hash=sha256 uuid=a6dba0d8-5be8-4970-b1e7-a272ae0cafdd
crypt /dev/mapper/cr_ata-TOSHIBA_MQ01ABF050_Y2PLP02CT-part2 /dev/sda2 cipher=aes-xts-plain64 key_size=256 hash=sha256 uuid=54fc77c5-8ec2-457f-b558-9deda3b843b2
I would expect to get also
#crypt /dev/mapper/lukstest /dev/sda7 cipher=aes-xts-plain64 key_size=256 hash=sha256 uuid=1b4198c9-d9b0-4c57-b9a3-3433e391e706
Details of my LUKS1 testing setup:
I created a partition for it:
# parted -s /dev/sda unit B mkpart playground ext2 496078159872 497151901695
# parted -s /dev/sda unit B print
Model: ATA TOSHIBA MQ01ABF0 (scsi)
Disk /dev/sda: 500107862016B
Sector size (logical/physical): 512B/4096B
Partition Table: gpt
Disk Flags: pmbr_boot
Number Start End Size File system Name Flags
1 1048576B 9437183B 8388608B bios_grub
2 9437184B 4304404479B 4294967296B swap
3 4304404480B 219052769279B 214748364800B legacy_boot
4 219052769280B 326426951679B 107374182400B ext4
5 326426951680B 487488225279B 161061273600B ext4
6 487488225280B 496078159871B 8589934592B ext2 other
7 496078159872B 497151901695B 1073741824B playground
I made that partition a LUKS volume:
# cryptsetup luksFormat --type luks1 --force-password /dev/sda7
WARNING!
========
This will overwrite data on /dev/sda7 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/sda7:
Verify passphrase:
# lsblk -ipo NAME,KNAME,PKNAME,TRAN,TYPE,FSTYPE,SIZE,MOUNTPOINT
NAME KNAME PKNAME TRAN TYPE FSTYPE SIZE MOUNTPOINT
...
`-/dev/sda7 /dev/sda7 /dev/sda part crypto_LUKS 1G
# cryptsetup luksOpen /dev/sda7 lukstest
# lsblk -ipo NAME,KNAME,PKNAME,TRAN,TYPE,FSTYPE,SIZE,MOUNTPOINT
NAME KNAME PKNAME TRAN TYPE FSTYPE SIZE MOUNTPOINT
...
`-/dev/sda7 /dev/sda7 /dev/sda part crypto_LUKS 1G
`-/dev/mapper/lukstest /dev/dm-2 /dev/sda7 crypt 1022M
# mkfs.ext2 /dev/mapper/lukstest
mke2fs 1.43.8 (1-Jan-2018)
Creating filesystem with 261632 4k blocks and 65408 inodes
Filesystem UUID: 84e951c1-170d-489d-b1cc-191f95608d97
Superblock backups stored on blocks:
32768, 98304, 163840, 229376
Allocating group tables: done
Writing inode tables: done
Writing superblocks and filesystem accounting information: done
# lsblk -ipo NAME,KNAME,PKNAME,TRAN,TYPE,FSTYPE,SIZE,MOUNTPOINT
NAME KNAME PKNAME TRAN TYPE FSTYPE SIZE MOUNTPOINT
...
`-/dev/sda7 /dev/sda7 /dev/sda part crypto_LUKS 1G
`-/dev/mapper/lukstest /dev/dm-2 /dev/sda7 crypt ext2 1022M
I mounted that LUKS volume:
# mkdir /lukstest
# mount /dev/mapper/lukstest /lukstest
jsmeix commented at 2020-09-17 14:33:¶
According to my current understanding with LUKS volumes
and in particular according to my tests related to
https://github.com/rear/rear/pull/2493
I think it would be even wrong to let ReaR automatically
exclude a LUKS volume (i.e. disable its crypt entry in
disklayout.conf)
when a LUKS filesystem is excluded (i.e. when its fs entry gets
disabled in disklayout.conf).
Reasoning:
When a filesystem is excluded its parent partition is not automatically
excluded
because the parent partition can and should still be recreated but
without a filesystem.
In contrast when a partition is excluded its child filesystem must be
also excluded
because one cannot create a filesystem when no partition exist for it.
For LUKS this means:
When a LUKS filesystem is excluded its parent LUKS volume is not
automatically excluded
because the parent LUKS volume can and should still be recreated but
without a filesystem.
because the parent partition can and should still be recreated but without a filesystem.
[Export of Github issue for rear/rear.]