touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #70654
[Bug 953875] Re: Encrypted swap no longer mounted at bootup
Launchpad has imported 5 comments from the remote bug at
https://bugs.freedesktop.org/show_bug.cgi?id=87717.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.
------------------------------------------------------------------------
On 2014-12-25T20:58:35+00:00 Vecu-bosseur wrote:
Dear Developpers,
My /etc/crypttab contains:
cryptswap1 UUID=c836dd13-1b4e-4bfb-9be5-6e5d972aa75a /dev/urandom
swap,offset=2048,cipher=aes-cbc-essiv:sha256
And my /etc/fstab contains:
/dev/mapper/cryptswap1 none swap sw 0 0
And this worked fine with cryptdisks_start however the option "offset"
is not understood by systemd 215. I did change init system from sysvinit
to systemd, and now, after 2 reboots, I don't have any swap and my
device that had UUID c836dd13-1b4e-4bfb-9be5-6e5d972aa75a has seen its
start erased, and thus its UUID itself, as if I had not mentioned an
offset=>>0 in crypttab.
The use case for "offset=2048" is to be able to use a UUID to identify
the partition I want to have encrypted swap on. Not using an offset=>>0
parameter would unconditionally erase the whole partition, including the
portion where its UUID is stored. Using any other way to identify a
partition can thus cause data loss if I reparttion my disk and forget to
update /etc/crypttab.
Please make systemd understand the "offset=" paramater of /etc/crypttab.
Has this problem been addressed in a subsequent systemd version?
Note: related to debian bug #751707
( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751707 )
Thanks,
Vecu Bosseur
Reply at: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-
utils/+bug/953875/comments/29
------------------------------------------------------------------------
On 2014-12-26T01:37:53+00:00 zbyszek wrote:
It's a long-standing well-known limitation:
/* Options Debian's crypttab knows we don't:
offset=
skip=
precheck=
check=
checkargs=
noearly=
loud=
keyscript=
*/
Some of those will probably never be implemented (noearly, keyscript,
loud, ...), but offset certainly should.
Reply at: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-
utils/+bug/953875/comments/30
------------------------------------------------------------------------
On 2015-04-16T11:53:47+00:00 Martin Pitt wrote:
Created attachment 115118
cryptsetup: Implement offset and skip options
Simple patch.
Reply at: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-
utils/+bug/953875/comments/74
------------------------------------------------------------------------
On 2015-04-16T11:54:21+00:00 Martin Pitt wrote:
Created attachment 115119
reproducer/test script
This is the reproducer and test script which I used.
Reply at: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-
utils/+bug/953875/comments/75
------------------------------------------------------------------------
On 2015-04-16T11:57:12+00:00 zbyszek wrote:
I think a failure to parse those parameters should be fatal. It's just
to dangerous to continue.
Also "meatadata" in description :)
Reply at: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-
utils/+bug/953875/comments/76
** Changed in: systemd
Status: Unknown => Confirmed
** Changed in: systemd
Importance: Unknown => Medium
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/953875
Title:
Encrypted swap no longer mounted at bootup
Status in eCryptfs:
Fix Released
Status in systemd:
Confirmed
Status in ecryptfs-utils package in Ubuntu:
Fix Released
Status in systemd package in Ubuntu:
Fix Committed
Status in ubiquity package in Ubuntu:
Fix Released
Status in ecryptfs-utils source package in Vivid:
Fix Released
Status in systemd source package in Vivid:
Fix Committed
Status in ubiquity source package in Vivid:
Fix Released
Status in systemd package in Debian:
Confirmed
Bug description:
SUMMARY
=======
During installation with "encrypt my home folder" mode, a broken /etc/crypttab gets created which defines a non-existing swap device (usually "cryptswap1") with a UUID. This will also be put into /etc/fstab. As after installation the UUID does not exist, such systems don't have any actual swap.
UPGRADE FIX
===========
An upgrade to Ubuntu 15.04 ("vivid") will detect and comment out these broken swap devices from /etc/fstab and /etc/crypttab. If you actually want to use those, do these steps:
- Find the swap device that was meant to be used in "sudo fdisk -l" (it should say "Linux swap" in the last column), remember the device name (something like "/dev/sda5")
- Find the UUID in /etc/crypttab (the long alphanumeric ID after UUID=)
- Run "sudo mkswap -U 1234... /dev/sda5", replacing "1234" with the above UUID, and /dev/sda5 with the device name from step 1.
- Edit /etc/crypttab to append ",offset=1024" in the fourth (last) column of the cryptswap1 line; ensure that there is *no space* between the "cipher=aes-cbc-essiv:sha256" and the appended option. If there is a leading "#" in the file, remove that too.
- If there is a leading "#" in /etc/fstab in the line starting with /dev/mapper/cryptswap1 line, remove that.
- Run "sudo update-initramfs -u".
ORIGINAL REPORT
===============
Clean install of 12.04 and with encrypted home for my user. Did all
updates and now the bootup hangs waiting for swap to become available
and it never seems to ever finish. The 200GB SSD below is my boot
drive and root filesystem.
alan@mesh:~$ sudo swapon -a
[sudo] password for alan:
swapon: /dev/mapper/cryptswap1: stat failed: No such file or directory
alan@mesh:~$ grep swap /etc/fstab
# swap was on /dev/sdg5 during installation
#UUID=22d3f7f0-f715-4582-81ba-dcbd4cdd1495 none swap sw 0 0
/dev/mapper/cryptswap1 none swap sw 0 0
alan@mesh:~$ sudo fdisk -l
Disk /dev/sda: 115.0 GB, 115033153536 bytes
255 heads, 63 sectors/track, 13985 cylinders, total 224674128 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000ba2ed
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 206847 102400 7 HPFS/NTFS/exFAT
/dev/sda2 206848 224671743 112232448 7 HPFS/NTFS/exFAT
Disk /dev/sdb: 200.0 GB, 200049647616 bytes
255 heads, 63 sectors/track, 24321 cylinders, total 390721968 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xf0fa0806
Device Boot Start End Blocks Id System
/dev/sdb1 2048 349304831 174651392 7 HPFS/NTFS/exFAT
/dev/sdb2 374722558 390721535 7999489 5 Extended
/dev/sdb3 * 349304832 374720511 12707840 83 Linux
/dev/sdb5 374722560 390721535 7999488 82 Linux swap / Solaris
Partition table entries are not in disk order
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libecryptfs0 96-0ubuntu2
ProcVersionSignature: Ubuntu 3.2.0-18.29-generic 3.2.9
Uname: Linux 3.2.0-18-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 1.94.1-0ubuntu2
Architecture: amd64
Date: Tue Mar 13 09:56:56 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha amd64 (20120215)
ProcEnviron:
LANGUAGE=en_GB:en
TERM=xterm
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: ecryptfs-utils
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/953875/+subscriptions
