[Bug 1719176] Re: cryptsetup fails to initialize /tmp encrypted by /dev/urandom during boot
Konstantin Boyandin
1719176 at bugs.launchpad.net
Sun Oct 15 02:11:38 UTC 2017
Additional tests and results:
Test 1.
/etc/crypttab:
cryptswap1 UUID=ba7eaa11-bfcf-4d28-917d-f9b4e2a48830 /dev/urandom swap,offset=1024,cipher=aes-xts-plain64
ctmp /dev/vdb6 /dev/urandom tmp
/etc/fstab:
/dev/mapper/cryptswap1 none swap sw 0 0
/dev/mapper/ctmp /tmp ext4 defaults,noatime,nodiratime,nosuid,nofail 0 2
The above works, both encrypted swap and /tmp are mounted at boot time.
Also:
# # cryptsetup status ctmp
/dev/mapper/ctmp is active and is in use.
type: PLAIN
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/vdb6
offset: 0 sectors
size: 258048 sectors
mode: read/write
Test 2.
/etc/crypttab:
cryptswap1 UUID=ba7eaa11-bfcf-4d28-917d-f9b4e2a48830 /dev/urandom swap,offset=1024,cipher=aes-xts-plain64
ctmp /dev/vdb6 /dev/urandom tmp=ext2
/etc/fstab:
/dev/mapper/cryptswap1 none swap sw 0 0
/dev/mapper/ctmp /tmp ext2 defaults,noatime,nodiratime,nosuid,nofail 0 2
Encrypted swap is mounted at boot time, /tmp doesn't. Also:
# grep ctmp /var/log/syslog
Oct 15 09:00:23 ubuntu-1604-home systemd[1]: Starting Cryptography Setup for ctmp...
Oct 15 09:00:23 ubuntu-1604-home systemd[1]: systemd-cryptsetup at ctmp.service: Main process exited, code=exited, status=1/FAILURE
Oct 15 09:00:23 ubuntu-1604-home systemd[1]: Failed to start Cryptography Setup for ctmp.
Oct 15 09:00:23 ubuntu-1604-home systemd[1]: Dependency failed for dev-mapper-ctmp.device.
Oct 15 09:00:23 ubuntu-1604-home systemd[1]: Dependency failed for File System Check on /dev/mapper/ctmp.
Oct 15 09:00:23 ubuntu-1604-home systemd[1]: systemd-fsck at dev-mapper-ctmp.service: Job systemd-fsck at dev-mapper-ctmp.service/start failed with result 'dependency'.
Oct 15 09:00:23 ubuntu-1604-home systemd[1]: dev-mapper-ctmp.device: Job dev-mapper-ctmp.device/start failed with result 'dependency'.
Oct 15 09:00:23 ubuntu-1604-home systemd[1]: systemd-cryptsetup at ctmp.service: Unit entered failed state.
Oct 15 09:00:23 ubuntu-1604-home systemd[1]: systemd-cryptsetup at ctmp.service: Failed with result 'exit-code'.
Test 3.
/etc/crypttab:
cryptswap1 UUID=ba7eaa11-bfcf-4d28-917d-f9b4e2a48830 /dev/urandom swap,offset=1024,cipher=aes-xts-plain64
ctmp /dev/vdb6 /dev/urandom tmp,cipher=aes-cbc-essiv
/etc/fstab:
/dev/mapper/cryptswap1 none swap sw 0 0
/dev/mapper/ctmp /tmp ext4 defaults,noatime,nodiratime,nosuid,nofail 0 2
The boot process is stuck: the below question is printed on console:
"Please enter passphrase for disk ctmp on /tmp"
When Enter is entered (the above question appears twice), OS boots,
encrypted swap is mounted, ctmp isn't initialized. Also:
# grep ctmp /var/log/syslog
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: Starting Cryptography Setup for ctmp...
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: systemd-cryptsetup at ctmp.service: Main process exited, code=exited, status=1/FAILURE
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: Failed to start Cryptography Setup for ctmp.
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: Dependency failed for dev-mapper-ctmp.device.
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: Dependency failed for File System Check on /dev/mapper/ctmp.
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: systemd-fsck at dev-mapper-ctmp.service: Job systemd-fsck at dev-mapper-ctmp.service/start failed with result 'dependency'.
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: dev-mapper-ctmp.device: Job dev-mapper-ctmp.device/start failed with result 'dependency'.
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: systemd-cryptsetup at ctmp.service: Unit entered failed state.
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: systemd-cryptsetup at ctmp.service: Failed with result 'exit-code'.
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: Starting Cryptography Setup for ctmp...
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: systemd-cryptsetup at ctmp.service: Main process exited, code=exited, status=1/FAILURE
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: Failed to start Cryptography Setup for ctmp.
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: Dependency failed for dev-mapper-ctmp.device.
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: Dependency failed for File System Check on /dev/mapper/ctmp.
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: systemd-fsck at dev-mapper-ctmp.service: Job systemd-fsck at dev-mapper-ctmp.service/start failed with result 'dependency'.
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: dev-mapper-ctmp.device: Job dev-mapper-ctmp.device/start failed with result 'dependency'.
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: systemd-cryptsetup at ctmp.service: Unit entered failed state.
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: systemd-cryptsetup at ctmp.service: Failed with result 'exit-code'.
Oct 15 09:09:43 ubuntu-1604-home systemd[1]: Starting Cryptography Setup for ctmp...
Question: are Test 2 and Test 3 setups expected to fail, according to
cryptsetup manual reference?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1719176
Title:
cryptsetup fails to initialize /tmp encrypted by /dev/urandom during
boot
Status in cryptsetup package in Ubuntu:
New
Bug description:
Checked to happen on several instance of Ubuntu 16.04 (64bit).
Setup: /dev/vdb6 partition is set for /tmp
/etc/crypttab:
cryptswap1 UUID=ba7eaa11-bfcf-4d28-917d-f9b4e2a48830 /dev/urandom swap,offset=1024,cipher=aes-xts-plain64
crypttmp1 /dev/vdb6 /dev/urandom tmp=ext4,cipher=aes-xts-plain64
After the system boots, there's /dev/mapper/cryptswap1, but not
/dev/mapper/crypttmp1 available.
In /var/log/syslog:
Sep 24 18:15:03 ubuntu-1604 systemd[1]: Starting Cryptography Setup for crypttmp1...
Sep 24 18:15:03 ubuntu-1604 systemd[1]: Starting Authenticate and Authorize
Users to Run Privileged Tasks...
Sep 24 18:15:03 ubuntu-1604 systemd-cryptsetup[1162]: Encountered unknown /etc/crypttab option 'tmp=ext4', ignoring.
Sep 24 18:15:03 ubuntu-1604 systemd-cryptsetup[1162]: crypt_load() failed on device /dev/vdb6.
Sep 24 18:15:03 ubuntu-1604 systemd-cryptsetup[1162]: Failed to activate: Invalid argument
Sep 24 18:15:03 ubuntu-1604 systemd[1]: systemd-cryptsetup at crypttmp1.service: Main process exited, code=exited, status=1/FAILURE
Sep 24 18:15:03 ubuntu-1604 systemd[1]: Failed to start Cryptography Setup
for crypttmp1.
Sep 24 18:15:03 ubuntu-1604 systemd[1]: Dependency failed for dev-mapper-crypttmp1.device.
Sep 24 18:15:03 ubuntu-1604 systemd[1]: dev-mapper-crypttmp1.device: Job dev-mapper-crypttmp1.device/start failed with result 'dependency'.
Sep 24 18:15:03 ubuntu-1604 systemd[1]: systemd-cryptsetup at crypttmp1.service: Unit entered failed state.
Sep 24 18:15:03 ubuntu-1604 systemd[1]: systemd-cryptsetup at crypttmp1.service: Failed with result 'exit-code'.
After the boot sequence concludes, /tmp can be initialized manually,
but with quirks:
# cryptdisks_start crypttmp1
* Starting crypto disk... * crypttmp1 (starting)..
* crypttmp1 (started)... [ OK ]
# ls /dev/mapper
control cryptswap1 crypttmp1
# blkid
/dev/vda5: UUID="d604b9da-9ef0-4a88-b1e2-416104f6dac9" TYPE="ext4" PARTUUID="aa8f7570-05"
/dev/vdb5: UUID="ba7eaa11-bfcf-4d28-917d-f9b4e2a48830" TYPE="swap" PARTUUID="aa7293f2-05"
/dev/vdb6: PARTUUID="aa7293f2-06"
/dev/mapper/cryptswap1: UUID="2fef28d0-25df-4feb-96c5-cefef62b388e" TYPE="swap"
/dev/mapper/crypttmp1: UUID="1b372ae0-5042-4cbf-9dfe-05d60e2c357c" TYPE="ext2"
(pay attention to filesystem type, despite the parameter tmp=ext4 )
# mount -t ext2 /dev/mapper/crypttmp1 /tmp
#
(note that /tmp filesystem is formatted as ext2, despite the parameter
in /etc/crypttab)
If 'tmp=' option is omitted from /etc/crypttab line for /tmp, no valid
filesystem is created on /dev/mapper/crypttmp1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1719176/+subscriptions
More information about the foundations-bugs
mailing list