Bug#379771: marked as done (cryptsetup: encrypted swap does not work on existing swap partition)

Sun, 03 Sep 2006 19:53:23 -0700 

Your message dated Sun, 03 Sep 2006 19:32:11 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#379771: fixed in cryptsetup 2:1.0.4~rc2-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: cryptsetup
Version: 2:1.0.3-3
Severity: normal

Contrary to the instructions given in /usr/share/doc/cryptsetup/CryptoSwap.HowTo
it is not possible to activate the encryption for an existing swap partition.

The init script detects a valid swap signature on the original partition (not
encrypted) and refuses to overwrite it with the encrypted swap.  So the
instructions given in CryptoSwap.HowTo are incorrect.

I have been using an encrypted swap partition on my "testing" systems since a
while.  I am glad that bugs #371135, #371160 and #377434 have been fixed so
that encrypted swap partitions with random keys are working again.  However,
some of my systems dual-boot with other Linux configurations in which the same
partition is used as a standard swap (no encryption).  Switching between these
configurations prevents the encrypted swap from working as it did before,
because the valid swap signature created by the other configurations prevents
the encrypted device from working.

Proposed solutions:
1) Allow the creation of the encrypted swap partition even if a valid swap
   signature exists on the target partition.  Destroying a valid swap
   partition is much less dangerous than destroying another filesystem.
   The only concern might be for people using suspend on swap and doing
   something stupid in their crypttab configuration, but this is a minor
   issue.
2) If the first solution is not possible or not desirable for whatever
   reasons, at least update CryptoSwap.HowTo and suggest destroying the
   swap partition by hand before using it in crypttab, or disabling the
   test (check=/bin/true) as had been suggested in another bug report.
   For example, CryptSetup.HowTo could say:
     Before starting your crypted device, erase its contents with:
     dd if=/dev/urandom of=/dev/hda9 bs=1024 count=<whatever>
   It is a bit strange to suggest to destroy things by hand just because
   an overzealous test in the init script tries hard to prevent people
   from making mistakes.  But if the other solution is rejected, then at
   least this would fix the documentation.

-Raphaël

--- End Message ---
--- Begin Message --- 
Source: cryptsetup
Source-Version: 2:1.0.4~rc2-1

We believe that the bug you reported is fixed in the latest version of
cryptsetup, which is due to be installed in the Debian FTP archive:

cryptsetup-udeb_1.0.4~rc2-1_amd64.udeb
  to pool/main/c/cryptsetup/cryptsetup-udeb_1.0.4~rc2-1_amd64.udeb
cryptsetup_1.0.4~rc2-1.diff.gz
  to pool/main/c/cryptsetup/cryptsetup_1.0.4~rc2-1.diff.gz
cryptsetup_1.0.4~rc2-1.dsc
  to pool/main/c/cryptsetup/cryptsetup_1.0.4~rc2-1.dsc
cryptsetup_1.0.4~rc2-1_amd64.deb
  to pool/main/c/cryptsetup/cryptsetup_1.0.4~rc2-1_amd64.deb
cryptsetup_1.0.4~rc2.orig.tar.gz
  to pool/main/c/cryptsetup/cryptsetup_1.0.4~rc2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Meurer <[EMAIL PROTECTED]> (supplier of updated cryptsetup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  4 Sep 2006 03:55:35 +0200
Source: cryptsetup
Binary: cryptsetup cryptsetup-udeb
Architecture: source amd64
Version: 2:1.0.4~rc2-1
Distribution: unstable
Urgency: low
Maintainer: Jonas Meurer <[EMAIL PROTECTED]>
Changed-By: Jonas Meurer <[EMAIL PROTECTED]>
Description: 
 cryptsetup - configures encrypted block devices
 cryptsetup-udeb - configures encrypted block devices (udeb)
Closes: 370180 370302 375913 376941 378422 379084 379719 379723 379726 379737 
379771
Changes: 
 cryptsetup (2:1.0.4~rc2-1) unstable; urgency=low
 .
   [ Jonas Meurer ]
   * Add some more german translations to de.po.
   * Add a note to NEWS.Debian where the fix for #376393 is explained. thanks
     to Robert Bihlmeyer for the report. (closes: #379719)
   * Allow swap filesystems to be overwritten when the swap flag is set. thanks
     to Raphaël Quinet for the report. (closes: #379771)
   * Update to upstream 1.0.4-rc2. (closes: #378422, #379726, closes: #379723)
   * removed patches 03-05, merged upstream.
   * [01_terminal_output.dpatch] updated for new upstream.
   * [02_docs_tries.dpatch] updated for new upstream, to fix luksDelKey
     documentation and to give more information about the keysize.
     (closes: #379084)
 .
   [ David Härdeman ]
   * Make sure that README.initramfs is included in the package (closes
     #380048)
   * Replace panic calls in cryptsetup script with exit 1 to match the
     behaviour of other scripts. The regular initramfs script will panic
     later when root isn't detected anyway
   * Make all four fields in crypttab mandatory (closes: #370180,
     #376941)
   * Add UTF8 keyboard input support to initramfs image (closes: #379737)
   * Add a keyscript option (closes: #370302, #375913)
   * [03_fix_build_error.dpatch] patch po/Makefile with more recent
     gettext implementation.
Files: 
 cfeaca3ee2a1e19e73a005d05ebceafc 825 admin optional cryptsetup_1.0.4~rc2-1.dsc
 b31e0e44b5fae931765bb97507a7dd58 424259 admin optional 
cryptsetup_1.0.4~rc2.orig.tar.gz
 733c3b86cc0870a3a727eb7cd8a9d1a1 38337 admin optional 
cryptsetup_1.0.4~rc2-1.diff.gz
 03cefc02c1f23dc71668e530492425c6 254700 admin optional 
cryptsetup_1.0.4~rc2-1_amd64.deb
 bbcb0327cd56cc332f420339cb9ea08c 183354 debian-installer optional 
cryptsetup-udeb_1.0.4~rc2-1_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE+4lwd6lUs+JfIQIRAjaQAJ9HtmN1jlyLWNaywGCUDIJ2uuqiyACglFbn
ZesO+JpshwSrquu8N9r4vC8=
=cfyS
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to