[Bug 1453738] Re: installer in LVM mode sets up broken encrypted swap, using duplicate unencrypted swap
Martin Pitt
martin.pitt at ubuntu.com
Thu Jul 9 07:03:45 UTC 2015
Notes for myself, please ignore.
This resets what ecryptfs-setup-swap does and re-runs it, for testing a
fixed version:
sudo sed -i '/cryptswap/d' /etc/fstab /etc/crypttab && sudo sh -ex
/usr/bin/ecryptfs-setup-swap --force; echo "---- fstab ---"; grep swap
/etc/fstab; echo "--- crypttab ----"; cat /etc/crypttab; echo "--- swap
stat ---"; swapon -s
The problem is in the loop that tries to comment out existing swap from
/etc/fstab: It only checks for UUID= and the resolved name like
/dev/dm-1, but it does not take any symlinks like "/dev/mapper/ubuntu
--vg-swap_1 -> ../dm-1" into account.
This can be fixed with
--- /usr/bin/ecryptfs-setup-swap 2015-03-28 01:37:38.000000000 +0100
+++ ecryptfs-setup-swap 2015-07-09 08:51:38.554860202 +0200
@@ -149,7 +149,9 @@
for swap in $swaps; do
info `gettext "Setting up swap:"` "[$swap]"
uuid=$(blkid -o value -s UUID $swap)
- for target in "UUID=$uuid" $swap; do
+ # /etc/fstab might use a symlink like /dev/mapper/ubuntu--vg-swap_1
+ links=$(for d in $(udevadm info --query=symlink -n /dev/dm-1); do echo /dev/$d; done)
+ for target in "UUID=$uuid" $swap $links; do
if [ -n "$target" ] && grep -qs "^$target\s\+" /etc/fstab; then
sed -i "s:^$target\s\+:\#$target :" /etc/fstab
warn "Commented out your unencrypted swap from /etc/fstab"
This then produces
---- fstab ---
#/dev/mapper/ubuntu--vg-swap_1 none swap sw 0 0
/dev/mapper/cryptswap1 none swap sw 0 0
--- crypttab ----
cryptswap1 UUID=ddec94de-8a98-4e95-bf76-a01e79029f35 /dev/urandom swap,offset=1024,cipher=aes-xts-plain64
which works fine:
lrwxrwxrwx 1 root root 7 Jul 9 08:55 /dev/mapper/cryptswap1 -> ../dm-2
$ sudo swapon -s
Filename Type Size Used Priority
/dev/dm-2 partition 2096636 0 -1
Now we need to clean this up on upgrades. The trick there is to avoid
reintroducing bug 953875, from installations which don't have the
"offset=" in crypttab.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1453738
Title:
installer in LVM mode sets up broken encrypted swap, using duplicate
unencrypted swap
Status in eCryptfs:
New
Status in ecryptfs-utils package in Ubuntu:
Triaged
Status in ecryptfs-utils source package in Trusty:
Triaged
Status in ecryptfs-utils source package in Utopic:
Triaged
Status in ecryptfs-utils source package in Vivid:
Triaged
Status in ecryptfs-utils source package in Wily:
Triaged
Bug description:
When installing Ubuntu with "Use LVM" (but not encryption!), and
"encrypt my home dir", the installer adds the original unencrypted
swap to fstab. Then, ecryptfs-setup-swap keeps that, and additionally
configures an encrypted swap via an UUID and without offset (which
would trigger bug 953857 again!), so that you end up with *two* swap
configs for one and the same partition, once unencrypted and once
encrypted:
fstab:
/dev/mapper/ubuntu--vg-swap_1 none swap sw 0 0
/dev/mapper/cryptswap1 none swap sw 0 0
crypttab:
cryptswap1 UUID=f636d7ef-9405-482d-a90a-5ba67026fcfb /dev/urandom swap,offset=1024,cipher=aes-xts-plain64
(UUID is for ubuntubuntu--vg-swap_1). This can't work, as the
unencrypted one is faster, so trying to set up the encrypted one
fails.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/1453738/+subscriptions
More information about the foundations-bugs
mailing list