[pkg-cryptsetup-devel] Bug#669861: Bug#669861: Bug#669861: cryptsetup: Unable to select correct swap device
Rodolfo kix Garcia
kix at kix.es
Fri Jun 8 09:13:33 UTC 2012
Hi Jonas,
I am so sorry! I forget this mail (is in my inbox, but I have a lot of
mails with "to-to" things).
Please, close this bug. It is solved. I will send the info that you
request me offlist as soon as possible.
Thanks a lot for your help.
Rodolfo.
El 08.06.2012 10:49, Jonas Meurer escribió:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey Rodolfo,
>
> any news regarding the questions below? Otherwise I would like to
> close this bugreport.
>
> Regards,
> jonas
>
> Am 22.04.2012 13:07, schrieb Jonas Meurer:
>> Hey Rodolfo,
>>
>> Am 21.04.2012 17:26, schrieb Rodolfo GarcÃa Peñas:
>>> the cryptroot initramfs hook script searches for resume devices
>>> in the following files. Please send the content of all of them:
>>
>>> /etc/uswsusp.conf
>>
>>>> The important part is:
>>
>>>> resume device = /dev/dm-1
>>
>> mh, I've no idea how uswusp detects the resume device, but
>> apparently there's something wrong. did you try 'dpkg-reconfigure
>> uswsusp' yet? maybe /dev/dm-1 was correct in the past, and your
>> setup changed in the meantime?
>>
>>> /etc/initramfs-tools/conf.d/resume
>>
>>>> Is here :-)
>>
>>>> RESUME=UUID=81c6f99f-d571-497c-a6db-759f4beb0b2d
>>
>> all right, that's the reason why cryptroot initramfs hook detects
>> a second resume device. I've a gut feeling that something's wrong
>> with your setup.
>>
>> what's the content of this file after 'dpkg-reconfigure
>> initramfs-tools'?
>>
>> And more importantly: you have 'luks,swap' as options to your
>> encrypted swap device in /etc/crypttab, right? The option 'swap'
>> results in cryptdisks scripts running 'mkswap' over the device on
>> every boot. This is not required and indeed wrong for your setup.
>>
>> In general, you've two options for encrypted swap:
>>
>> 1/ use a random key (e.g. /dev/urandom) for decryption, and
>> recreate the swap partition on every boot. this is what the 'swap'
>> option in crypttab(5) is for. it has the advantage of more
>> security, but doesn't support resume from this device - as there's
>> no consistent encryption key and as a result no way to restore the
>> suspend image for resume.
>>
>> 2/ use a consistent key for decryption. this is required for
>> suspend/ resume functions. and this is what you're using. in that
>> case you don't need to rerun 'mkswap' over the unlocked crypto-swap
>> every time. as a result, the 'swap' option to crypttab(5) is not
>> needed in that case.
>>
>> I suggest that you read sections 8 & 9 of the cryptroot initramfs
>> documentation in /usr/share/doc/cryptsetup/README.initramfs.gz.
>>
>> I'm still curious whether there's a real bug in the package, or
>> whether this is merely a setup issue on your side. Thus it would
>> be great if you could answer my questions above.
>>
>> Regards, jonas
>>
>>
>>
>> _______________________________________________
>> pkg-cryptsetup-devel mailing list
>> pkg-cryptsetup-devel at lists.alioth.debian.org
>>
>> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-cryptsetup-devel
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJP0bx/AAoJEFJi5/9JEEn++nAP/R9GBT2K/IV9fJU12i9bDxua
> 7EFpNBWlPtvdwiMPof4ACALJxMAUQzP20aj5amSTN358T07Xpn7ieHKkmipyttgU
> U9mjTkjAdY47anIDr5iP20mPykS9iVPP4RK23Co34Mgbivi9yY/DmVbPWK8RVVeW
> z1ajreCuZKJNEBhphKVTvFjSs4KPfqVhZ6qMi5g1MNaItU6Y95E0+4lN7RQyCUaV
> 6zWv9F/U0nMmo94009sL/hv/k4b0NJNZLFQoZPmaHH2g9w6Q7xymB5Xaef1FHtMZ
> 6UrEJyCWByKxELUIAdNwADu+26YY/JKKgDNnt6Ugq2lgKCQleN6R0C5B/ggUKpHA
> cZyeNpMHd38M1BzYUZDJlOFIL9yeOjocoDnaRcjKnKgok7M/xe+zX09s+mqdBbVC
> /rapgqM/3UKK1NmMz/Lci8znem409sEEF0udCZXAOXtOQ78ABqh8H5ddunR9XzqA
> OQ11eTerCGk083STcQpBghRn8F1qHC0SKVFTiQiZXY/2LV+wcIFzOLw4tqzTUDnK
> rJFy16/Vo9cWC+j2iwb0t4CxhDJu+GQwyas6nBNpZp3kERbWemkdKn/KJ0nXfJr0
> Wy1P3C+SVZ/QIDKEIgxpCcuN+pPLQqK+yl4xNmuqDBH9NMkOiDw+l/Z7cSA2ehDs
> IkIlPBxuyMawPDBFI319
> =EsvX
> -----END PGP SIGNATURE-----
--
||// //\\// Rodolfo "kix" Garcia
||\\// //\\ http://www.kix.es/
More information about the pkg-cryptsetup-devel
mailing list