lubuntu-qa team mailing list archive

Thread
Date

Re: encrypted home does not work alone

To: Lars Noodén <lars.nooden@xxxxxxxxx>, Walter Lapchynski <wxl@xxxxxxxxxx>, "lubuntu-qa@xxxxxxxxxxxxxxxxxxx" <lubuntu-qa@xxxxxxxxxxxxxxxxxxx>
From: Nio Wiklund <nio.wiklund@xxxxxxxxx>
Date: Thu, 05 Mar 2015 10:16:25 +0100
Cc: John Hupp <lubuntu@xxxxxxxxxxxxxx>
In-reply-to: <54F75F19.8060804@gmail.com>
User-agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.5.0

Den 2015-03-04 20:38, Nio Wiklund skrev:
> Hi everybody,
> 
> Continuing testing I found that cryptswap does not work even when it is
> run alone in a 'use the whole disk' installation. This is a bad bug.
> 
> It seems to be an old bug:
> 
> https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/953875
> 
> I found what I think is this bug in a system installed from the Lubuntu
> Vivid alternate 32-bit daily iso file.
> 
> vivid-alternate-i386.iso
> 
> cryptswap is there when I reboot from the installer, but the second time
> I reboot it is gone.
> _____
> 
> /etc/crypttab:
> cryptswap1 UUID=b66610ce-376c-42cf-8d02-8983f2a40d70 /dev/urandom
> swap,cipher=aes-cbc-essiv:sha256
> 
> blkid:
> /dev/sda1: UUID="63725e48-ebeb-4c33-a023-d34191a6b2bd" TYPE="ext4"
> PARTUUID="ef7fb1de-01"
> /dev/sda5: PARTUUID="ef7fb1de-05"
> 
> modified /etc/crypttab:
> # <target name>    <source device>        <key file>    <options>
> cryptswap1 /dev/sda5 /dev/urandom swap,cipher=aes-cbc-essiv:sha256
> _____
> 
> Hint to the developers: It works with the modified crypttab
> 
> So it seems that the device information is wrong in /etc/crypttab. Maybe
> it would be better to have to PARTUUID than the device /dev/sda5.
> 
> Best regards
> Nio
> 

Hi again,

John Hupp helped me find more information about the cryptswap bug. See
comment #37 of the bug report

https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/953875

I can confirm that it works as a work-around, and there should be enough
information in the bug report

https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1310058/

to squash that bug.

We are also getting help from ventrical at the Ubuntu Forums to test
various encrypted systems. See the following link

http://ubuntuforums.org/showthread.php?t=2266912

I try to sum it up in post #35 of the Ubuntu Forums thread.

-o-

We should not be surprised that 'Encrypted home' is no longer part of
any [other] Ubuntu flavour test-case. It does not work :-(

There are certainly user cases, where it would be useful, but 'Encrypted
home' has been buggy since March 2012 when Alan Pope reported bug
#953875. I think it is a bad idea to make a separate test-case for it now.

So let us go ahead with the alternate test-cases, modified only at these
places:
-----
'No' for encrypted home directory # Changed from 'Yes'. This is the most
important modification.

'Yes' unmount mounted partitions in the target drive # Additional item
which is important.

'No' to install grub boot loader to master boot record. Instead select
the target drive for the bootloader manually. # Changed from 'Yes'. This
is optional but I recommend it because the automatic choice often
creates problems for me.
-----

Best regards
Nio

Follow ups

Re: encrypted home does not work alone
From: Walter Lapchynski, 2015-03-12

References

encrypted home does not work alone
From: Nio Wiklund, 2015-03-04