[Bug 509957] Re: cryptdisk sets up partitions by index/device instead of uuid

AleksanderAdamowski aleksander.adamowski at olo.org.pl
Fri Dec 20 19:11:32 UTC 2013 

I've developed a solution to random crypted swap devices not having a
UUID, at least for GPT (Guid Partition Tables).

The cryptswap partitions indeed don't have an ordinary UUID, but if they
are GPT partitions, they do have a persistent PARTUUID (UUID assigned to
partition) and are available through /dev/disk/by-partuuid/ .

Arch Linux guys have patched their  cryptsetup functions to support this
format: https://patchwork.archlinux.org/patch/389/

I've applied similar approach to /lib/cryptsetup/cryptdisks.functions as
seen in the patch below:

--- cryptdisks.functions.orig   2013-12-20 19:42:02.048667466 +0100
+++ cryptdisks.functions.olo.partuuid.2013-12-20        2013-12-20 19:49:37.876503582 +0100
@@ -488,6 +488,9 @@
        # parse UUID= symlinks
        if [ "${src#UUID=}" != "$src" ]; then
                src="/dev/disk/by-uuid/${src#UUID=}"
+       elif [ "${src#PARTUUID=}" != "$src" ]; then
+               # inspired by https://patchwork.archlinux.org/patch/389/
+               src="/dev/disk/by-partuuid/${src#PARTUUID=}"
        elif [ "${src#LABEL=}" != "$src" ]; then
                src="/dev/disk/by-label/${src#LABEL=}"
        fi
@@ -599,6 +602,9 @@
        egrep -v "^[[:space:]]*(#|$)" "$TABFILE" | while read dst src key opts; do
                if [ "xUUID=$ID_FS_UUID" = "x$src" ]; then
                        src="/dev/disk/by-uuid/${src#UUID=}"
+               elif [ "xPARTUUID=$ID_PART_ENTRY_UUID" = "x$src" ]; then
+                       # inspired by https://patchwork.archlinux.org/patch/389/
+                       src="/dev/disk/by-partuuid/${src#PARTUUID=}"
                elif [ "xLABEL=$ID_FS_LABEL_ENC" = "x$src" ]; then
                        src="/dev/disk/by-label/${src#LABEL=}"
                elif [ "x$1" != "x$src" ]; then


This enables the following format for crypttab:

cryptswap1 PARTUUID=c352d0c2-3584-44a1-9de7-c2bfdb9c58f8 /dev/urandom
swap,cipher=aes-cbc-essiv:sha256

Obviously, this has to also be documented in crypttab manpage (man 5
crypttab).

** Patch added: "Patch for PARTUUID support in crypttab"
   https://bugs.launchpad.net/ubuntu/+source/partman-crypto/+bug/509957/+attachment/3933359/+files/cryptdisks.functions-partuuid_support.patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to partman-crypto in Ubuntu.
https://bugs.launchpad.net/bugs/509957

Title:
  cryptdisk sets up partitions by index/device instead of uuid

Status in “partman-crypto” package in Ubuntu:
  New

Bug description:
  Binary package hint: cryptsetup

  It's obvious cryptsetup should map partitions by UUID instead of dev
  entries (e.g. /dev/sda5) -- and it's obvious I don't know how
  difficult it is ;-) --, even more while cryptdisks service doesn't do
  enough validation on the partition used
  (https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/509952).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/partman-crypto/+bug/509957/+subscriptions

More information about the foundations-bugs mailing list