← Back to team overview

touch-packages team mailing list archive

[Bug 953875] Re: Encrypted swap no longer mounted at bootup

 

Launchpad has imported 5 comments from the remote bug at
https://bugs.freedesktop.org/show_bug.cgi?id=87717.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2014-12-25T20:58:35+00:00 Vecu-bosseur wrote:

Dear Developpers,

My /etc/crypttab contains:

cryptswap1 UUID=c836dd13-1b4e-4bfb-9be5-6e5d972aa75a /dev/urandom
swap,offset=2048,cipher=aes-cbc-essiv:sha256

And my /etc/fstab contains:

/dev/mapper/cryptswap1 none swap sw 0 0

And this worked fine with cryptdisks_start however the option "offset"
is not understood by systemd 215. I did change init system from sysvinit
to systemd, and now, after 2 reboots, I don't have any swap and my
device that had UUID c836dd13-1b4e-4bfb-9be5-6e5d972aa75a has seen its
start erased, and thus its UUID itself, as if I had not mentioned an
offset=>>0 in crypttab.

The use case for "offset=2048" is to be able to use a UUID to identify
the partition I want to have encrypted swap on.  Not using an offset=>>0
parameter would unconditionally erase the whole partition, including the
portion where its UUID is stored. Using any other way to identify a
partition can thus cause data loss if I reparttion my disk and forget to
update /etc/crypttab.

Please make systemd understand the "offset=" paramater of /etc/crypttab.

Has this problem been addressed in a subsequent systemd version?

Note: related to debian bug #751707
( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751707 )

Thanks,
Vecu Bosseur

Reply at: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-
utils/+bug/953875/comments/29

------------------------------------------------------------------------
On 2014-12-26T01:37:53+00:00 zbyszek wrote:

It's a long-standing well-known limitation:

/* Options Debian's crypttab knows we don't:

    offset=
    skip=
    precheck=
    check=
    checkargs=
    noearly=
    loud=
    keyscript=
*/

Some of those will probably never be implemented (noearly, keyscript,
loud, ...), but offset certainly should.

Reply at: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-
utils/+bug/953875/comments/30

------------------------------------------------------------------------
On 2015-04-16T11:53:47+00:00 Martin Pitt wrote:

Created attachment 115118
cryptsetup: Implement offset and skip options

Simple patch.

Reply at: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-
utils/+bug/953875/comments/74

------------------------------------------------------------------------
On 2015-04-16T11:54:21+00:00 Martin Pitt wrote:

Created attachment 115119
reproducer/test script

This is the reproducer and test script which I used.

Reply at: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-
utils/+bug/953875/comments/75

------------------------------------------------------------------------
On 2015-04-16T11:57:12+00:00 zbyszek wrote:

I think a failure to parse those parameters should be fatal. It's just
to dangerous to continue.

Also "meatadata" in description :)

Reply at: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-
utils/+bug/953875/comments/76


** Changed in: systemd
       Status: Unknown => Confirmed

** Changed in: systemd
   Importance: Unknown => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/953875

Title:
  Encrypted swap no longer mounted at bootup

Status in eCryptfs:
  Fix Released
Status in systemd:
  Confirmed
Status in ecryptfs-utils package in Ubuntu:
  Fix Released
Status in systemd package in Ubuntu:
  Fix Committed
Status in ubiquity package in Ubuntu:
  Fix Released
Status in ecryptfs-utils source package in Vivid:
  Fix Released
Status in systemd source package in Vivid:
  Fix Committed
Status in ubiquity source package in Vivid:
  Fix Released
Status in systemd package in Debian:
  Confirmed

Bug description:
  SUMMARY
  =======
  During installation with "encrypt my home folder" mode, a broken /etc/crypttab gets created which defines a non-existing swap device (usually "cryptswap1") with a UUID. This will also be put into /etc/fstab. As after installation the UUID does not exist, such systems don't have any actual swap.

  UPGRADE FIX
  ===========
  An upgrade to Ubuntu 15.04 ("vivid") will detect and comment out these broken swap devices from /etc/fstab and /etc/crypttab. If you actually want  to use those, do these steps:

   - Find the swap device that was meant to be used in "sudo fdisk -l" (it should say "Linux swap" in the last column), remember the device name (something like "/dev/sda5")
   - Find the UUID in /etc/crypttab (the long alphanumeric ID after UUID=)
   - Run "sudo mkswap -U 1234... /dev/sda5", replacing "1234" with the above UUID, and /dev/sda5 with the device name from step 1.
   - Edit /etc/crypttab to append ",offset=1024" in the fourth (last) column of the cryptswap1 line; ensure that there is *no space* between the "cipher=aes-cbc-essiv:sha256" and the appended option. If there is a leading "#" in the file, remove that too.
   - If there is a leading "#" in /etc/fstab in the line starting with /dev/mapper/cryptswap1 line, remove that.
   - Run "sudo update-initramfs -u".

  
  ORIGINAL REPORT
  ===============

  Clean install of 12.04 and with encrypted home for my user. Did all
  updates and now the bootup hangs waiting for swap to become available
  and it never seems to ever finish. The 200GB SSD below is my boot
  drive and root filesystem.

  alan@mesh:~$ sudo swapon -a
  [sudo] password for alan:
  swapon: /dev/mapper/cryptswap1: stat failed: No such file or directory

  alan@mesh:~$ grep swap /etc/fstab
  # swap was on /dev/sdg5 during installation
  #UUID=22d3f7f0-f715-4582-81ba-dcbd4cdd1495 none            swap    sw              0       0
  /dev/mapper/cryptswap1 none swap sw 0 0

  alan@mesh:~$ sudo fdisk -l

  Disk /dev/sda: 115.0 GB, 115033153536 bytes
  255 heads, 63 sectors/track, 13985 cylinders, total 224674128 sectors
  Units = sectors of 1 * 512 = 512 bytes
  Sector size (logical/physical): 512 bytes / 512 bytes
  I/O size (minimum/optimal): 512 bytes / 512 bytes
  Disk identifier: 0x000ba2ed

     Device Boot      Start         End      Blocks   Id  System
  /dev/sda1   *        2048      206847      102400    7  HPFS/NTFS/exFAT
  /dev/sda2          206848   224671743   112232448    7  HPFS/NTFS/exFAT

  Disk /dev/sdb: 200.0 GB, 200049647616 bytes
  255 heads, 63 sectors/track, 24321 cylinders, total 390721968 sectors
  Units = sectors of 1 * 512 = 512 bytes
  Sector size (logical/physical): 512 bytes / 512 bytes
  I/O size (minimum/optimal): 512 bytes / 512 bytes
  Disk identifier: 0xf0fa0806

     Device Boot      Start         End      Blocks   Id  System
  /dev/sdb1            2048   349304831   174651392    7  HPFS/NTFS/exFAT
  /dev/sdb2       374722558   390721535     7999489    5  Extended
  /dev/sdb3   *   349304832   374720511    12707840   83  Linux
  /dev/sdb5       374722560   390721535     7999488   82  Linux swap / Solaris

  Partition table entries are not in disk order

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: libecryptfs0 96-0ubuntu2
  ProcVersionSignature: Ubuntu 3.2.0-18.29-generic 3.2.9
  Uname: Linux 3.2.0-18-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 1.94.1-0ubuntu2
  Architecture: amd64
  Date: Tue Mar 13 09:56:56 2012
  EcryptfsInUse: Yes
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha amd64 (20120215)
  ProcEnviron:
   LANGUAGE=en_GB:en
   TERM=xterm
   LANG=en_GB.UTF-8
   SHELL=/bin/bash
  SourcePackage: ecryptfs-utils
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/953875/+subscriptions