[Pkg-cryptsetup-devel] Bug#342079: cryptsetup: should check swap partition type

Jonas Meurer jonas at freesources.org
Sun Jan 22 20:51:50 UTC 2006 

On 22/01/2006 Tuomo Valkonen wrote:
> On 2006-01-22 18:33 +0100, Jonas Meurer wrote:
> > unix systems rely on the responsibility of system admins, /bin/rm or
> > /bin/dd don't check what they remove/override before doing so too.
> 
> The difference is that crypsetup at boot is automated, and the configuration
> may have changed for various reasons which might not be predictable without
> being completely paranoid about it (and therefore always setting up swap
> manually). Given the let's-map-everything-to-random-SCSI-devices
> insanity, I have zero trust for it to not happen.

i just implemented the precheck and postcheck/retry options based on a
patch from A Mennucc to the /etc/init.d/cryptdisk script in cryptsetup
1:1.0.1-13.
the prechecks are run against the source device before the target device
is created, and the postchecks are run against the target device after
creation, repeated as often as specified by retry when they fail.

debs and sources are available from the pkg-cryptsetup alioth-projectpage
http://alioth.debian.org/projects/pkg-cryptsetup or from debian/unstable
after it has passed the incoming queue.

if you like to have a swap test, just write a precheck script for swap
partitions at /usr/share/cryptsetup/prechecks/swap, and add the option
"precheck=swap" to the relevant entry in /etc/crypttab. i'll happily add
it into the package if you send me a copy.
i don't know how to check for swap partitions, as fdisk is no general
option for reasons like lvm, and i don't know other ways. therefore
i'm not able to provide such a script currently.

a start could be this anyway:
--- snip /usr/share/cryptsetup/checks/swap ---
#!/bin/sh

case "$1" in
  /dev/[ehsx]d[a-h][0-9][0-9])
    drive=`echo $1| sed -e 's/[0-9]//g'`
    if /sbin/fdisk $drive | grep $1 | grep -q "swap"; then
      exit 0
    else
      echo "The device $1 is not a SWAP partition."
      exit 1
    fi
  ;;
  *)
    echo "WARNING: Could not check the device $1 for a swap partition."
    exit 0
  ;;
esac
--- snip ---

> > would you object against closing this bug?
> 
> I'd rather see it fixed in order to not have to use custom scripts.

ok, i'll keep this bug open as withlist item. it doesn't hurt. and maybe
we have a useful swap check script soon.

...
 jonas

More information about the Pkg-cryptsetup-devel mailing list