[Bug 1453738] Re: installer in LVM mode sets up broken encrypted swap, using duplicate unencrypted swap

Thu Jul 9 10:13:41 UTC 2015

This is the debdiff for vivid which I just uploaded. I verified that it
repairs /etc/fstab and leads to a correctly booting system with
encrypted swap for a vivid LVM+ecryptfs installation. It also behaves
sufficiently correctly for an upgrade where the swap partition has been
wiped by ubiquity from bug 953875.

** Patch added: "ecryptfs-utils vivid debdiff"
   https://bugs.launchpad.net/ubuntu/wily/+source/ecryptfs-utils/+bug/1453738/+attachment/4426897/+files/vivid.debdiff

** Changed in: ecryptfs-utils (Ubuntu Vivid)
       Status: Triaged => In Progress

** Description changed:

  When installing Ubuntu with "Use LVM" (but not encryption!), and
  "encrypt my home dir", the installer adds the original unencrypted swap
  to fstab. Then, ecryptfs-setup-swap keeps that, and additionally
  configures an encrypted swap via an UUID and without offset (which would
  trigger bug 953875 again!), so that you end up with *two* swap configs
  for one and the same partition, once unencrypted and once encrypted:

  fstab:
  /dev/mapper/ubuntu--vg-swap_1 none swap sw 0 0
  /dev/mapper/cryptswap1 none swap sw 0 0

  crypttab:
  cryptswap1 UUID=f636d7ef-9405-482d-a90a-5ba67026fcfb /dev/urandom swap,offset=1024,cipher=aes-xts-plain64

  (UUID is for ubuntubuntu--vg-swap_1). This can't work, as the
  unencrypted one is faster, so trying to set up the encrypted one fails.
+ 
+ SRU TEST CASE:
+ --------------
+ - Install 15.04 with LVM (no encryption) and select "encrypt my home dir"
+ - Boot will ask you for a (nonexisting) passphrase for the swap partition; press Enter
+ - Install the update
+ - Reboot and verified that the bogus passphrase question is gone
+ - Verify that "swapon -s" has a swap partition (usually dm-2), and that /dev/mapper/cryptswap1 points to that. It should NOT be the unencrypted /dev/mapper/ubuntu--vg-swap_1!.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1453738

Title:
  installer in LVM mode sets up broken encrypted swap, using duplicate
  unencrypted swap

Status in eCryptfs:
  New
Status in ecryptfs-utils package in Ubuntu:
  Fix Committed
Status in ecryptfs-utils source package in Trusty:
  Triaged
Status in ecryptfs-utils source package in Utopic:
  Won't Fix
Status in ecryptfs-utils source package in Vivid:
  In Progress
Status in ecryptfs-utils source package in Wily:
  Fix Committed

Bug description:
  When installing Ubuntu with "Use LVM" (but not encryption!), and
  "encrypt my home dir", the installer adds the original unencrypted
  swap to fstab. Then, ecryptfs-setup-swap keeps that, and additionally
  configures an encrypted swap via an UUID and without offset (which
  would trigger bug 953875 again!), so that you end up with *two* swap
  configs for one and the same partition, once unencrypted and once
  encrypted:

  fstab:
  /dev/mapper/ubuntu--vg-swap_1 none swap sw 0 0
  /dev/mapper/cryptswap1 none swap sw 0 0

  crypttab:
  cryptswap1 UUID=f636d7ef-9405-482d-a90a-5ba67026fcfb /dev/urandom swap,offset=1024,cipher=aes-xts-plain64

  (UUID is for ubuntubuntu--vg-swap_1). This can't work, as the
  unencrypted one is faster, so trying to set up the encrypted one
  fails.

  SRU TEST CASE:
  --------------
  - Install 15.04 with LVM (no encryption) and select "encrypt my home dir"
  - Boot will ask you for a (nonexisting) passphrase for the swap partition; press Enter
  - Install the update
  - Reboot and verified that the bogus passphrase question is gone
  - Verify that "swapon -s" has a swap partition (usually dm-2), and that /dev/mapper/cryptswap1 points to that. It should NOT be the unencrypted /dev/mapper/ubuntu--vg-swap_1!.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/1453738/+subscriptions