[pkg-cryptsetup-devel] Bug#669861: Bug#669861: Bug#669861: cryptsetup: Unable to select correct swap device
Jonas Meurer
jonas at freesources.org
Fri Jun 8 08:49:12 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey Rodolfo,
any news regarding the questions below? Otherwise I would like to
close this bugreport.
Regards,
jonas
Am 22.04.2012 13:07, schrieb Jonas Meurer:
> Hey Rodolfo,
>
> Am 21.04.2012 17:26, schrieb Rodolfo GarcÃÂa Peñas:
>> the cryptroot initramfs hook script searches for resume devices
>> in the following files. Please send the content of all of them:
>
>> /etc/uswsusp.conf
>
>>> The important part is:
>
>>> resume device = /dev/dm-1
>
> mh, I've no idea how uswusp detects the resume device, but
> apparently there's something wrong. did you try 'dpkg-reconfigure
> uswsusp' yet? maybe /dev/dm-1 was correct in the past, and your
> setup changed in the meantime?
>
>> /etc/initramfs-tools/conf.d/resume
>
>>> Is here :-)
>
>>> RESUME=UUID=81c6f99f-d571-497c-a6db-759f4beb0b2d
>
> all right, that's the reason why cryptroot initramfs hook detects
> a second resume device. I've a gut feeling that something's wrong
> with your setup.
>
> what's the content of this file after 'dpkg-reconfigure
> initramfs-tools'?
>
> And more importantly: you have 'luks,swap' as options to your
> encrypted swap device in /etc/crypttab, right? The option 'swap'
> results in cryptdisks scripts running 'mkswap' over the device on
> every boot. This is not required and indeed wrong for your setup.
>
> In general, you've two options for encrypted swap:
>
> 1/ use a random key (e.g. /dev/urandom) for decryption, and
> recreate the swap partition on every boot. this is what the 'swap'
> option in crypttab(5) is for. it has the advantage of more
> security, but doesn't support resume from this device - as there's
> no consistent encryption key and as a result no way to restore the
> suspend image for resume.
>
> 2/ use a consistent key for decryption. this is required for
> suspend/ resume functions. and this is what you're using. in that
> case you don't need to rerun 'mkswap' over the unlocked crypto-swap
> every time. as a result, the 'swap' option to crypttab(5) is not
> needed in that case.
>
> I suggest that you read sections 8 & 9 of the cryptroot initramfs
> documentation in /usr/share/doc/cryptsetup/README.initramfs.gz.
>
> I'm still curious whether there's a real bug in the package, or
> whether this is merely a setup issue on your side. Thus it would
> be great if you could answer my questions above.
>
> Regards, jonas
>
>
>
> _______________________________________________
> pkg-cryptsetup-devel mailing list
> pkg-cryptsetup-devel at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cryptsetup-devel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJP0bx/AAoJEFJi5/9JEEn++nAP/R9GBT2K/IV9fJU12i9bDxua
7EFpNBWlPtvdwiMPof4ACALJxMAUQzP20aj5amSTN358T07Xpn7ieHKkmipyttgU
U9mjTkjAdY47anIDr5iP20mPykS9iVPP4RK23Co34Mgbivi9yY/DmVbPWK8RVVeW
z1ajreCuZKJNEBhphKVTvFjSs4KPfqVhZ6qMi5g1MNaItU6Y95E0+4lN7RQyCUaV
6zWv9F/U0nMmo94009sL/hv/k4b0NJNZLFQoZPmaHH2g9w6Q7xymB5Xaef1FHtMZ
6UrEJyCWByKxELUIAdNwADu+26YY/JKKgDNnt6Ugq2lgKCQleN6R0C5B/ggUKpHA
cZyeNpMHd38M1BzYUZDJlOFIL9yeOjocoDnaRcjKnKgok7M/xe+zX09s+mqdBbVC
/rapgqM/3UKK1NmMz/Lci8znem409sEEF0udCZXAOXtOQ78ABqh8H5ddunR9XzqA
OQ11eTerCGk083STcQpBghRn8F1qHC0SKVFTiQiZXY/2LV+wcIFzOLw4tqzTUDnK
rJFy16/Vo9cWC+j2iwb0t4CxhDJu+GQwyas6nBNpZp3kERbWemkdKn/KJ0nXfJr0
Wy1P3C+SVZ/QIDKEIgxpCcuN+pPLQqK+yl4xNmuqDBH9NMkOiDw+l/Z7cSA2ehDs
IkIlPBxuyMawPDBFI319
=EsvX
-----END PGP SIGNATURE-----
More information about the pkg-cryptsetup-devel
mailing list