[Pkg-cryptsetup-devel] Bug#385317: cryptsetup: cannot start encrypted swap with static key

[Sam Couter]

Package: cryptsetup
Version: 1.0.3-3

With the following line in /etc/crypttab:

cswap   /dev/mapper/rootvg-swap   /etc/keys/swap.key   swap


The cryptdisks script fails to start the encrypted swap device:

laptop:/lib/cryptsetup/checks# /etc/init.d/cryptdisks start
Starting remaining crypto disks... cswap(starting)
 - The device /dev/mapper/cswap contains a filesystem type swap.

 - the check for '/dev/mapper/cswap' failed. /dev/mapper/cswap contains data.
 - removing the crypto device cswap
croot(running) done.
laptop:/lib/cryptsetup/checks#


The line that fails is /lib/cryptsetup/cryptdisks.functions line 346:

if $SWCHECK $MAPPER/$dst $SWCHECKARGS; then
	mkswap $MAPPER/$dst 2>/dev/null >/dev/null
else
	echo -e "\n - the check for '$MAPPER/$dst' failed. $MAPPER/$dst contains data." >&2
	echo " - removing the crypto device $dst" >&2
	do_close
fi

SWCHECK is un_vol_id, which fails when the newly started swap partition
already contains a swap header, which it will if the encryption key
isn't random.

I'm not sure of the intent of the test, but the following seems to work:

if /lib/cryptsetup/checks/vol_id $MAPPER/$dst $SWCHECKARGS || $SWCHECK $MAPPER/$dst $SWCHECKARGS; then
	mkswap $MAPPER/$dst 2>/dev/null >/dev/null
elif ! /lib/cryptsetup/checks/vol_id $MAPPER/$dst $SWCHECKARGS; then
	echo -e "\n - the check for '$MAPPER/$dst' failed. $MAPPER/$dst contains data." >&2
	echo " - removing the crypto device $dst" >&2
	do_close
fi

-- 
Sam Couter         |  mailto:sam at couter.id.au
                   |  jabber:sam at teknohaus.dyndns.org
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20060830/c2fd8f76/attachment.pgp