[Bug 1453738] Re: installer in LVM mode sets up broken encrypted swap, using duplicate unencrypted swap

Martin Pitt martin.pitt at ubuntu.com
Fri Jun 12 07:26:08 UTC 2015 

We need to fix existing stables at least, including trusty. Even though
upstart doesn't give you a hint/error about the broken swap
configuration, we are still using unencrypted swap there
unintentionally. For an SRU we need to extend our horrible ecryptfs
postinst hack to detect this situation, apply the "offset=" to crypttab,
and comment out the unencrypted swap from /etc/fstab.

Given that we have shipped broken swap partitions in pretty much every
scenario with ecryptfs (bug 953875, this bug, and to a lesser degree bug
1447282), and static swap partitions are also inflexible and unnecessary
on most modern hardware, we should also consider (for wily and later) to
entirely stop configuring them, and consider other solutions like
"swapspace".

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1453738

Title:
  installer in LVM mode sets up broken encrypted swap, using duplicate
  unencrypted swap

Status in eCryptfs:
  New
Status in ecryptfs-utils package in Ubuntu:
  Triaged
Status in ecryptfs-utils source package in Trusty:
  Triaged
Status in ecryptfs-utils source package in Utopic:
  Triaged
Status in ecryptfs-utils source package in Vivid:
  Triaged
Status in ecryptfs-utils source package in Wily:
  Triaged

Bug description:
  When installing Ubuntu with "Use LVM" (but not encryption!), and
  "encrypt my home dir", the installer adds the original unencrypted
  swap to fstab. Then, ecryptfs-setup-swap keeps that, and additionally
  configures an encrypted swap via an UUID and without offset (which
  would trigger bug 953857 again!), so that you end up with *two* swap
  configs for one and the same partition, once unencrypted and once
  encrypted:

  fstab:
  /dev/mapper/ubuntu--vg-swap_1 none swap sw 0 0
  /dev/mapper/cryptswap1 none swap sw 0 0

  crypttab:
  cryptswap1 UUID=f636d7ef-9405-482d-a90a-5ba67026fcfb /dev/urandom swap,offset=1024,cipher=aes-xts-plain64

  (UUID is for ubuntubuntu--vg-swap_1). This can't work, as the
  unencrypted one is faster, so trying to set up the encrypted one
  fails.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/1453738/+subscriptions

More information about the foundations-bugs mailing list