FS#23165 - [initscripts] 2011.02.1-1 : problems with encrypted swap partition

Attached to Project: Arch Linux
Opened by hqet4 (hqet4) - Sunday, 06 March 2011, 16:58 GMT
Last edited by Tom Gundersen (tomegun) - Friday, 01 April 2011, 21:37 GMT
Task Type Bug Report
Category Initscripts
Status Closed
Assigned To Thomas Bächler (brain0)
Tom Gundersen (tomegun)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
Encrypted swap partition doesn't work for me since version 2011.02.1.
The problem comes from this commit http://projects.archlinux.org/initscripts.git/commit/?id=6cfb498956013f69aa2d6004b235842be9c938bc
which supposedly verify that the partition is not already used.
I was using this example from the wiki in my crypttab:
https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS_for_dm-crypt#Using_UUIDs_with_encrypted_swap_partitions
It allows to use UUIDs in crypttab by first creating a swap on the partition and then passing the --offset=8 option to cryptsetup to create the encrypted swap after the existing swap header.
It doesn't work anymore because initscripts detects the existing swap on that partition and refuses to overwrite it...

Is there an alternative way to have an encrypted swap on a partition named by uuid that is also usable as a regular swap partition ?
Maybe initscripts could check the output of blkid to see if it contains TYPE="swap" (I doubt overwriting a swap partition could be dangerous)
This task depends upon

Closed by  Tom Gundersen (tomegun)
Friday, 01 April 2011, 21:37 GMT
Reason for closing:  Won't implement
Additional comments about closing:  See comments.
Comment by hqet4 (hqet4) - Saturday, 12 March 2011, 23:07 GMT
bump ?
Comment by Thomas Bächler (brain0) - Sunday, 13 March 2011, 03:07 GMT
I suppose we could exclude swap from it, but your approach still seems unsafe.
Comment by hqet4 (hqet4) - Sunday, 13 March 2011, 15:02 GMT
You could also check that 'findmnt --fstab -t swap --source $2' returns 1 to make sure that the swap partition is not also used the fstab.
Comment by hqet4 (hqet4) - Thursday, 24 March 2011, 01:05 GMT
any update on this ?
Comment by hqet4 (hqet4) - Friday, 01 April 2011, 03:59 GMT
If anyone is having the same problem, i fixed it by simply adding the "-u filesystem" parameter to blkid.
It still prevent regular filesystems from being overwritten but not swap partitions.
Comment by Thomas Bächler (brain0) - Friday, 01 April 2011, 08:12 GMT
There are other types of data you do not want to overwrite (crypto for example).

On the topic itself: User space tools might check the swap signature and assume that there is a valid swap device, and there isn't one. In my opinion, this approach is highly unsafe and should not be considered. I'll leave the final decision to Tom.
Comment by Tom Gundersen (tomegun) - Friday, 01 April 2011, 21:35 GMT
I was intending to look into if there is a proper way to do what the reporter is trying to do (use UUID with encrypted swap), but I don't think I'll have time in the immediate future. If someone knows, please let us know :-)

Either way, the proposal on the wiki seems very wrong to me, so I agree with Thomas that this should not be encouraged nor implemented in initscripts. I'll close for now, if someone has a suggestion for how to do this without the drawbacks mentioned by Thomas, please request a reopen.

Loading...