[Bug 1453738] Re: installer in LVM mode sets up broken encrypted swap, using duplicate unencrypted swap
Bruno Munoz
1453738 at bugs.launchpad.net
Fri Jul 17 07:12:38 UTC 2015
# sudo apt-get install ecryptfs-utils/vivid-proposed
Reading package lists... Done
Building dependency tree
Reading state information... Done
Selected version '107-0ubuntu1.2' (Ubuntu:15.04/vivid-proposed [amd64]) for 'ecryptfs-utils'
Suggested packages:
opencryptoki zescrow-client
The following packages will be upgraded:
ecryptfs-utils
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/105 kB of archives.
After this operation, 4 096 B of additional disk space will be used.
(Reading database ... 271391 files and directories currently installed.)
Preparing to unpack .../ecryptfs-utils_107-0ubuntu1.2_amd64.deb ...
Unpacking ecryptfs-utils (107-0ubuntu1.2) over (107-0ubuntu1.1) ...
Processing triggers for man-db (2.7.0.2-5) ...
Setting up ecryptfs-utils (107-0ubuntu1.2) ...
Disabling unencrypted swap device /dev/mapper/ubuntu--vg-swap_1 in /etc/fstab to enable cryptswap1
=> entry has been removed from fstab
confirmed fix is ok
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1453738
Title:
installer in LVM mode sets up broken encrypted swap, using duplicate
unencrypted swap
Status in eCryptfs:
New
Status in ecryptfs-utils package in Ubuntu:
Fix Released
Status in ecryptfs-utils source package in Trusty:
Triaged
Status in ecryptfs-utils source package in Utopic:
Won't Fix
Status in ecryptfs-utils source package in Vivid:
Fix Committed
Status in ecryptfs-utils source package in Wily:
Fix Released
Bug description:
When installing Ubuntu with "Use LVM" (but not encryption!), and
"encrypt my home dir", the installer adds the original unencrypted
swap to fstab. Then, ecryptfs-setup-swap keeps that, and additionally
configures an encrypted swap via an UUID and without offset (which
would trigger bug 953875 again!), so that you end up with *two* swap
configs for one and the same partition, once unencrypted and once
encrypted:
fstab:
/dev/mapper/ubuntu--vg-swap_1 none swap sw 0 0
/dev/mapper/cryptswap1 none swap sw 0 0
crypttab:
cryptswap1 UUID=f636d7ef-9405-482d-a90a-5ba67026fcfb /dev/urandom swap,offset=1024,cipher=aes-xts-plain64
(UUID is for ubuntubuntu--vg-swap_1). This can't work, as the
unencrypted one is faster, so trying to set up the encrypted one
fails.
SRU TEST CASE:
--------------
- Install 15.04 with LVM (no encryption) and select "encrypt my home dir"
- Boot will ask you for a (nonexisting) passphrase for the swap partition; press Enter
- Install the update
- Reboot and verified that the bogus passphrase question is gone
- Verify that "swapon -s" has a swap partition (usually dm-2), and that /dev/mapper/cryptswap1 points to that. It should NOT be the unencrypted /dev/mapper/ubuntu--vg-swap_1!.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/1453738/+subscriptions
More information about the foundations-bugs
mailing list