[Bug 1453738] Re: installer in LVM mode sets up broken encrypted swap, using duplicate unencrypted swap

Jeremy Lansman jeremy.lansman at gmail.com
Mon May 30 01:01:42 UTC 2016 

I have had this for a long long while
So I will post here ...
**********
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
# / was on /dev/sda9 during installation
UUID=9516cab7-32d5-463b-9a99-2c1bf02b5fdb /               ext4    errors=remoun$
# /boot was on /dev/sda8 during installation
UUID=52680116-7ccf-44ff-a5f1-463956e30599 /boot           ext2    defaults     $
# /boot/efi was on /dev/sda1 during installation
UUID=DE4E-245D  /boot/efi       vfat    umask=0077      0       1
# swap was on /dev/sda10 during installation
# uncomment below per askubuntu 616663?
#UUID=89d05b04-6d5a-45c8-bfe8-038c5cc4be7b none            swap    sw          $
*******
cryptswap1 UUID=89d05b04-6d5a-45c8-bfe8-038c5cc4be7b /dev/urandom swap,offset=1$
******
/dev/sda1: LABEL="SYSTEM_DRV" UUID="DE4E-245D" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID="fa3ebedc-6a3c-4c28-8f53-4a9588ff9cf2"
/dev/sda2: PARTLABEL="Microsoft reserved partition" PARTUUID="090c64a5-4e69-4b14-9bd5-f33d20f7e39c"
/dev/sda3: LABEL="Windows" UUID="CCD45187D4517524" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="fba026e5-cd85-4c4b-b491-20911a75b3a4"
/dev/sda4: LABEL="LENOVO" UUID="225C0D1F5C0CEEFB" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="f37cbed8-7a33-46e7-a166-389751ebc245"
/dev/sda5: LABEL="WINRE_DRV" UUID="988E5EF48E5ECB00" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="ffdb1a41-6b21-424e-82ab-28c6e3acfe30"
/dev/sda6: LABEL="LENOVO_PART" UUID="22E662F4E662C79D" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="abbe5d86-8929-43ea-81bc-0e020e9bbc44"
/dev/sda7: LABEL="LRS_ESP" UUID="1065-1475" TYPE="vfat" PARTLABEL="Basic data partition" PARTUUID="51b5372f-5c24-4367-810f-2e36848b50eb"
/dev/sda8: UUID="52680116-7ccf-44ff-a5f1-463956e30599" TYPE="ext2" PARTUUID="d50df29f-41b2-404e-9fac-53d5698cbe30"
/dev/sda9: UUID="9516cab7-32d5-463b-9a99-2c1bf02b5fdb" TYPE="ext4" PARTUUID="54562aea-f675-4491-8b4f-32dfcf01f98f"
/dev/sda10: UUID="89d05b04-6d5a-45c8-bfe8-038c5cc4be7b" TYPE="swap" PARTUUID="3fea77b6-35a0-4fae-b6fd-6aab4a90831a"

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1453738

Title:
  installer in LVM mode sets up broken encrypted swap, using duplicate
  unencrypted swap

Status in eCryptfs:
  New
Status in ecryptfs-utils package in Ubuntu:
  Fix Released
Status in ecryptfs-utils source package in Trusty:
  Triaged
Status in ecryptfs-utils source package in Utopic:
  Won't Fix
Status in ecryptfs-utils source package in Vivid:
  Fix Released
Status in ecryptfs-utils source package in Wily:
  Fix Released

Bug description:
  When installing Ubuntu with "Use LVM" (but not encryption!), and
  "encrypt my home dir", the installer adds the original unencrypted
  swap to fstab. Then, ecryptfs-setup-swap keeps that, and additionally
  configures an encrypted swap via an UUID and without offset (which
  would trigger bug 953875 again!), so that you end up with *two* swap
  configs for one and the same partition, once unencrypted and once
  encrypted:

  fstab:
  /dev/mapper/ubuntu--vg-swap_1 none swap sw 0 0
  /dev/mapper/cryptswap1 none swap sw 0 0

  crypttab:
  cryptswap1 UUID=f636d7ef-9405-482d-a90a-5ba67026fcfb /dev/urandom swap,offset=1024,cipher=aes-xts-plain64

  (UUID is for ubuntubuntu--vg-swap_1). This can't work, as the
  unencrypted one is faster, so trying to set up the encrypted one
  fails.

  SRU TEST CASE:
  --------------
  - Install 15.04 with LVM (no encryption) and select "encrypt my home dir"
  - Boot will ask you for a (nonexisting) passphrase for the swap partition; press Enter
  - Install the update
  - Reboot and verified that the bogus passphrase question is gone
  - Verify that "swapon -s" has a swap partition (usually dm-2), and that /dev/mapper/cryptswap1 points to that. It should NOT be the unencrypted /dev/mapper/ubuntu--vg-swap_1!.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/1453738/+subscriptions

More information about the foundations-bugs mailing list