[Bug 1453738] Re: installer in LVM mode sets up broken encrypted swap, using duplicate unencrypted swap

Martin Pitt martin.pitt at ubuntu.com
Thu Jul 9 07:03:45 UTC 2015 

Notes for myself, please ignore.

This resets what ecryptfs-setup-swap does and re-runs it, for testing a
fixed version:

sudo sed -i '/cryptswap/d' /etc/fstab /etc/crypttab && sudo sh -ex
/usr/bin/ecryptfs-setup-swap --force; echo "---- fstab ---"; grep swap
/etc/fstab; echo "--- crypttab ----"; cat /etc/crypttab; echo "--- swap
stat ---"; swapon -s

The problem is in the loop that tries to comment out existing swap from
/etc/fstab: It only checks for UUID= and the resolved name like
/dev/dm-1, but it does not take any symlinks like "/dev/mapper/ubuntu
--vg-swap_1 -> ../dm-1" into account.

This can be fixed with

--- /usr/bin/ecryptfs-setup-swap	2015-03-28 01:37:38.000000000 +0100
+++ ecryptfs-setup-swap	2015-07-09 08:51:38.554860202 +0200
@@ -149,7 +149,9 @@
 for swap in $swaps; do
 	info `gettext "Setting up swap:"` "[$swap]"
 	uuid=$(blkid -o value -s UUID $swap)
-	for target in "UUID=$uuid" $swap; do
+	# /etc/fstab might use a symlink like /dev/mapper/ubuntu--vg-swap_1
+	links=$(for d in $(udevadm info --query=symlink -n /dev/dm-1); do echo /dev/$d; done)
+	for target in "UUID=$uuid" $swap $links; do
 		if [ -n "$target" ] && grep -qs "^$target\s\+" /etc/fstab; then
 			sed -i "s:^$target\s\+:\#$target :" /etc/fstab
 			warn "Commented out your unencrypted swap from /etc/fstab"

This then produces

---- fstab ---
#/dev/mapper/ubuntu--vg-swap_1 none            swap    sw              0       0
/dev/mapper/cryptswap1 none swap sw 0 0
--- crypttab ----
cryptswap1 UUID=ddec94de-8a98-4e95-bf76-a01e79029f35 /dev/urandom swap,offset=1024,cipher=aes-xts-plain64

which works fine:

lrwxrwxrwx 1 root root 7 Jul  9 08:55 /dev/mapper/cryptswap1 -> ../dm-2

$ sudo swapon -s
Filename				Type		Size	Used	Priority
/dev/dm-2                              	partition	2096636	0	-1

Now we need to clean this up on upgrades. The trick there is to avoid
reintroducing bug 953875, from installations which don't have the
"offset=" in crypttab.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1453738

Title:
  installer in LVM mode sets up broken encrypted swap, using duplicate
  unencrypted swap

Status in eCryptfs:
  New
Status in ecryptfs-utils package in Ubuntu:
  Triaged
Status in ecryptfs-utils source package in Trusty:
  Triaged
Status in ecryptfs-utils source package in Utopic:
  Triaged
Status in ecryptfs-utils source package in Vivid:
  Triaged
Status in ecryptfs-utils source package in Wily:
  Triaged

Bug description:
  When installing Ubuntu with "Use LVM" (but not encryption!), and
  "encrypt my home dir", the installer adds the original unencrypted
  swap to fstab. Then, ecryptfs-setup-swap keeps that, and additionally
  configures an encrypted swap via an UUID and without offset (which
  would trigger bug 953857 again!), so that you end up with *two* swap
  configs for one and the same partition, once unencrypted and once
  encrypted:

  fstab:
  /dev/mapper/ubuntu--vg-swap_1 none swap sw 0 0
  /dev/mapper/cryptswap1 none swap sw 0 0

  crypttab:
  cryptswap1 UUID=f636d7ef-9405-482d-a90a-5ba67026fcfb /dev/urandom swap,offset=1024,cipher=aes-xts-plain64

  (UUID is for ubuntubuntu--vg-swap_1). This can't work, as the
  unencrypted one is faster, so trying to set up the encrypted one
  fails.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/1453738/+subscriptions

More information about the foundations-bugs mailing list