Your message dated Mon, 8 Aug 2022 13:18:03 +0200
with message-id <[email protected]>
and subject line Re: Bug#834871: cryptsetup: initscript "stop" borks encrypted
swap partition for subsequent "start"s
has caused the Debian Bug report #834871,
regarding cryptsetup: initscript "stop" borks encrypted swap partition for
subsequent "start"s
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
834871: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=834871
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cryptsetup
Version: 2:1.7.0-2
Severity: normal
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
I installed debian jessie, during which time the installer warned me that it
would be inadvisable not to use encrypted swap. Who am I to disagree? I later
upgraded to debian stretch/testing but as far as I can tell looking at the diff
between 1.6.6-5 and master at git://anonscm.debian.org/pkg-cryptsetup/cryptsetup
the bug is almost certain in jessie also. Does anyone else even use encrypted
swap?
* What exactly did you do (or not do) that was effective (or
ineffective)?
I edited /lib/cryptsetup/cryptdisks.functions to have the "stop" command check
for the "swap" option in the /etc/crypttab line and ran a new function named
"do_unswap()" to call "swapoff -a; do_close; return 0" to ensure that the
encrypted disk would be properly shut down on restart.
* What was the outcome of this action?
Encrypted swap on this machine is great again.
* What outcome did you expect instead?
This is what I expected since I verified manually before modifying the
cryptdisks.functions file that if I properly turn off swap and close the
encrypted partition before rebooting the swap partition would indeed be active
by the time i log in next.
I'll probably try submitting a patch or something.
*** End of the template - remove these template lines ***
-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-4.6.0-1-amd64
root=UUID=d470e0cc-ba84-4b67-bf35-552dd54ce2fd ro initrd=/install/initrd.gz
quiet
-- /etc/crypttab
sdb5_crypt /dev/sdb5 none luks,swap
sdb6_crypt UUID=9815be3f-0dd8-4184-a121-b7ead1c3ee86 none luks
-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/sdb6_crypt / ext4 errors=remount-ro 0 1
# /boot was on /dev/sdb1 during installation
UUID=0574ec56-0269-49ff-a2e9-a00ecf326353 /boot ext2 ro
0 2
/dev/mapper/sdb5_crypt none swap sw 0 0
/dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
tmpfs /run tmpfs nodev,nosuid,size=10%,mode=1755 0 0
tmpfs /run/lock tmpfs nodev,nosuid,size=10%,mode=1777 0 0
tmpfs /run/shm tmpfs nodev,nosuid,size=20%,mode=1777 0 0
tmpfs /tmp tmpfs nodev,nosuid,size=50%,mode=1777 0 0
-- lsmod
Module Size Used by
snd_hda_codec_hdmi 45056 1
iTCO_wdt 16384 0
iTCO_vendor_support 16384 1 iTCO_wdt
intel_rapl 20480 0
x86_pkg_temp_thermal 16384 0
snd_hda_codec_realtek 86016 1
intel_powerclamp 16384 0
coretemp 16384 0
kvm_intel 188416 0
snd_hda_codec_generic 69632 1 snd_hda_codec_realtek
kvm 561152 1 kvm_intel
irqbypass 16384 1 kvm
pcspkr 16384 0
serio_raw 16384 0
snd_hda_intel 36864 0
snd_hda_codec 135168 4
snd_hda_codec_realtek,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_intel
snd_hda_core 81920 5
snd_hda_codec_realtek,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_codec,snd_hda_intel
snd_hwdep 16384 1 snd_hda_codec
joydev 20480 0
snd_pcm 106496 4
snd_hda_codec_hdmi,snd_hda_codec,snd_hda_intel,snd_hda_core
sb_edac 32768 0
snd_timer 32768 1 snd_pcm
edac_core 57344 1 sb_edac
lpc_ich 24576 0
snd 81920 8
snd_hda_codec_realtek,snd_hwdep,snd_timer,snd_hda_codec_hdmi,snd_pcm,snd_hda_codec_generic,snd_hda_codec,snd_hda_intel
sg 32768 0
mei_me 32768 0
i2c_i801 20480 0
mfd_core 16384 1 lpc_ich
ipmi_si 57344 0
soundcore 16384 1 snd
mei 94208 1 mei_me
ioatdma 53248 0
dca 16384 1 ioatdma
shpchp 36864 0
8250_fintek 16384 0
ipmi_msghandler 49152 1 ipmi_si
tpm_infineon 20480 0
tpm_tis 20480 0
tpm 45056 2 tpm_tis,tpm_infineon
processor 36864 0
evdev 24576 19
parport_pc 28672 0
sunrpc 331776 1
ppdev 20480 0
lp 20480 0
parport 49152 3 lp,ppdev,parport_pc
autofs4 40960 2
ext4 593920 4
ecb 16384 0
crc16 16384 1 ext4
jbd2 106496 1 ext4
crc32c_generic 16384 0
mbcache 16384 5 ext4
algif_skcipher 20480 0
af_alg 16384 1 algif_skcipher
uas 24576 0
usb_storage 69632 1 uas
dm_crypt 24576 2
hid_generic 16384 0
usbhid 49152 0
hid 118784 2 hid_generic,usbhid
dm_mod 106496 12 dm_crypt
sr_mod 24576 0
cdrom 57344 1 sr_mod
sd_mod 45056 8
crct10dif_pclmul 16384 0
crc32_pclmul 16384 0
crc32c_intel 24576 0
ghash_clmulni_intel 16384 0
jitterentropy_rng 16384 0
hmac 16384 1
drbg 24576 1
ansi_cprng 16384 0
aesni_intel 167936 7
aes_x86_64 20480 1 aesni_intel
lrw 16384 1 aesni_intel
gf128mul 16384 1 lrw
glue_helper 16384 1 aesni_intel
ablk_helper 16384 1 aesni_intel
cryptd 20480 5 ghash_clmulni_intel,aesni_intel,ablk_helper
psmouse 126976 0
ahci 36864 5
libahci 32768 1 ahci
xhci_pci 16384 0
xhci_hcd 180224 1 xhci_pci
libata 233472 2 ahci,libahci
nouveau 1486848 2
scsi_mod 233472 6 sg,uas,usb_storage,libata,sd_mod,sr_mod
ehci_pci 16384 0
mxm_wmi 16384 1 nouveau
e1000e 233472 0
ehci_hcd 77824 1 ehci_pci
video 40960 1 nouveau
ptp 20480 1 e1000e
i2c_algo_bit 16384 1 nouveau
pps_core 20480 1 ptp
ttm 94208 1 nouveau
usbcore 241664 7
uas,usb_storage,ehci_hcd,ehci_pci,usbhid,xhci_hcd,xhci_pci
drm_kms_helper 147456 1 nouveau
usb_common 16384 1 usbcore
drm 360448 5 ttm,drm_kms_helper,nouveau
wmi 20480 2 mxm_wmi,nouveau
fjes 28672 0
button 16384 1 nouveau
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.6.0-1-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages cryptsetup depends on:
ii cryptsetup-bin 2:1.7.0-2
ii debconf [debconf-2.0] 1.5.59
ii dmsetup 2:1.02.130-1
ii libc6 2.23-4
Versions of packages cryptsetup recommends:
ii busybox 1:1.22.0-19
ii console-setup 1.147
ii initramfs-tools [linux-initramfs-tool] 0.125
ii kbd 2.0.3-2
Versions of packages cryptsetup suggests:
ii dosfstools 4.0-2
pn keyutils <none>
ii liblocale-gettext-perl 1.07-3
-- debconf information:
cryptsetup/prerm_active_mappings: true
--- End Message ---
--- Begin Message ---
On Tue, 13 Sep 2016 at 18:53:29 +0200, Guilhem Moulin wrote:
> That being said, there is no reason a priori why you couldn't specify
> both ‘luks’ and ‘swap’. AFAICT the bug isn't in cryptsetup itself, but
> in the systemd implementation. For instance, here is the shutdown log I
> obtain with your configuration:
>
> systemd[1]: Stopped target Swap.
> systemd[1]: Deactivating swap /dev/disk/by-id/dm-uuid-CRYPT-PLAIN-swap...
> systemd[1]: Stopping Cryptography Setup for swap...
> systemd[1]: Deactivated swap
> /dev/disk/by-uuid/bba16df3-039f-4d11-97c4-c7a039cca0cd.
> systemd[1]: Deactivated swap /dev/disk/by-id/dm-uuid-CRYPT-PLAIN-swap.
> systemd[1]: Deactivated swap /dev/disk/by-id/dm-name-swap.
> systemd[1]: Deactivated swap /dev/dm-1.
> systemd[1]: Deactivated swap /dev/mapper/swap.
> systemd[1]: Stopped (with error) /dev/disk/by-id/dm-uuid-CRYPT-PLAIN-swap.
> systemd[1]: Stopped (with error) /dev/mapper/swap.
> systemd[1]: Stopped (with error) /dev/disk/by-id/dm-name-swap.
> systemd[1]: Stopped Cryptography Setup for swap.
>
> Note the ‘/dev/disk/by-id/dm-uuid-CRYPT-PLAIN-swap’. Even though ‘luks’
> was specified in crypttab(5), systemd seems to think the device is of
> type ‘plain’.
>
> As for the “Stopped (with error)” entries, see
>
> https://github.com/systemd/systemd/issues/1620
Seems these were meanwhile fixed in systemd upstream, at least I'm
unable to reproduce this in an up-to-date sid VM.
--
Guilhem.
signature.asc
Description: PGP signature
--- End Message ---
