FS#23165 - [initscripts] 2011.02.1-1 : problems with encrypted swap partition
Attached to Project:
Arch Linux
Opened by hqet4 (hqet4) - Sunday, 06 March 2011, 16:58 GMT
Last edited by Tom Gundersen (tomegun) - Friday, 01 April 2011, 21:37 GMT
Opened by hqet4 (hqet4) - Sunday, 06 March 2011, 16:58 GMT
Last edited by Tom Gundersen (tomegun) - Friday, 01 April 2011, 21:37 GMT
|
Details
Description:
Encrypted swap partition doesn't work for me since version 2011.02.1. The problem comes from this commit http://projects.archlinux.org/initscripts.git/commit/?id=6cfb498956013f69aa2d6004b235842be9c938bc which supposedly verify that the partition is not already used. I was using this example from the wiki in my crypttab: https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt#Using_UUIDs_with_encrypted_swap_partitions It allows to use UUIDs in crypttab by first creating a swap on the partition and then passing the --offset=8 option to cryptsetup to create the encrypted swap after the existing swap header. It doesn't work anymore because initscripts detects the existing swap on that partition and refuses to overwrite it... Is there an alternative way to have an encrypted swap on a partition named by uuid that is also usable as a regular swap partition ? Maybe initscripts could check the output of blkid to see if it contains TYPE="swap" (I doubt overwriting a swap partition could be dangerous) |
This task depends upon
Closed by Tom Gundersen (tomegun)
Friday, 01 April 2011, 21:37 GMT
Reason for closing: Won't implement
Additional comments about closing: See comments.
Friday, 01 April 2011, 21:37 GMT
Reason for closing: Won't implement
Additional comments about closing: See comments.
It still prevent regular filesystems from being overwritten but not swap partitions.
On the topic itself: User space tools might check the swap signature and assume that there is a valid swap device, and there isn't one. In my opinion, this approach is highly unsafe and should not be considered. I'll leave the final decision to Tom.
Either way, the proposal on the wiki seems very wrong to me, so I agree with Thomas that this should not be encouraged nor implemented in initscripts. I'll close for now, if someone has a suggestion for how to do this without the drawbacks mentioned by Thomas, please request a reopen.