[Bug 1453738] Re: installer in LVM mode sets up broken encrypted swap, using duplicate unencrypted swap

Launchpad Bug Tracker 1453738 at bugs.launchpad.net
Thu Jul 9 13:43:50 UTC 2015 

This bug was fixed in the package ecryptfs-utils - 107-0ubuntu3

---------------
ecryptfs-utils (107-0ubuntu3) wily; urgency=medium

  * Rename libecryptfs0 to libecryptfs1 and adjust the packaging. It has
    actually shipped libecryptfs.so.1 since at least trusty. Add
    C/R/P: libecryptfs0 for smoother upgrades, this needs to be kept until
    after 16.04 LTS.

ecryptfs-utils (107-0ubuntu2) wily; urgency=medium

  * Add setup-swap-check-links.patch: When commenting out existing swap, also
    consider device symlinks like /dev/mapper/ubuntu--vg-swap_1 or
    /dev/disks/by-uuid/ into account. Fixes broken cryptswap under LVM and
    manual setups. (LP: #1453738)
  * debian/ecryptfs-utils.postinst: On upgrade, uncomment underlying
    unencrypted swap partitions that are referred to by a device link when
    crypttab and fstab have a "cryptswap*" device referring to them.

 -- Martin Pitt <martin.pitt at ubuntu.com>  Thu, 09 Jul 2015 12:20:47
+0200

** Changed in: ecryptfs-utils (Ubuntu Wily)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1453738

Title:
  installer in LVM mode sets up broken encrypted swap, using duplicate
  unencrypted swap

Status in eCryptfs:
  New
Status in ecryptfs-utils package in Ubuntu:
  Fix Released
Status in ecryptfs-utils source package in Trusty:
  Triaged
Status in ecryptfs-utils source package in Utopic:
  Won't Fix
Status in ecryptfs-utils source package in Vivid:
  In Progress
Status in ecryptfs-utils source package in Wily:
  Fix Released

Bug description:
  When installing Ubuntu with "Use LVM" (but not encryption!), and
  "encrypt my home dir", the installer adds the original unencrypted
  swap to fstab. Then, ecryptfs-setup-swap keeps that, and additionally
  configures an encrypted swap via an UUID and without offset (which
  would trigger bug 953875 again!), so that you end up with *two* swap
  configs for one and the same partition, once unencrypted and once
  encrypted:

  fstab:
  /dev/mapper/ubuntu--vg-swap_1 none swap sw 0 0
  /dev/mapper/cryptswap1 none swap sw 0 0

  crypttab:
  cryptswap1 UUID=f636d7ef-9405-482d-a90a-5ba67026fcfb /dev/urandom swap,offset=1024,cipher=aes-xts-plain64

  (UUID is for ubuntubuntu--vg-swap_1). This can't work, as the
  unencrypted one is faster, so trying to set up the encrypted one
  fails.

  SRU TEST CASE:
  --------------
  - Install 15.04 with LVM (no encryption) and select "encrypt my home dir"
  - Boot will ask you for a (nonexisting) passphrase for the swap partition; press Enter
  - Install the update
  - Reboot and verified that the bogus passphrase question is gone
  - Verify that "swapon -s" has a swap partition (usually dm-2), and that /dev/mapper/cryptswap1 points to that. It should NOT be the unencrypted /dev/mapper/ubuntu--vg-swap_1!.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/1453738/+subscriptions

More information about the foundations-bugs mailing list