[pkg-cryptsetup-devel] Bug#834871: cryptsetup: initscript "stop" borks encrypted swap partition for subsequent "start"s

Sat Aug 20 05:20:17 UTC 2016

Package: cryptsetup
Version: 2:1.7.0-2
Severity: normal

Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

I installed debian jessie, during which time the installer warned me that it
would be inadvisable not to use encrypted swap. Who am I to disagree? I later
upgraded to debian stretch/testing but as far as I can tell looking at the diff
between 1.6.6-5 and master at git://anonscm.debian.org/pkg-cryptsetup/cryptsetup
the bug is almost certain in jessie also. Does anyone else even use encrypted
swap? 

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

I edited /lib/cryptsetup/cryptdisks.functions to have the "stop" command check
for the "swap" option in the /etc/crypttab line and ran a new function named
"do_unswap()" to call "swapoff -a; do_close; return 0" to ensure that the
encrypted disk would be properly shut down on restart.

   * What was the outcome of this action?

Encrypted swap on this machine is great again.

   * What outcome did you expect instead?

This is what I expected since I verified manually before modifying the
cryptdisks.functions file that if I properly turn off swap and close the
encrypted partition before rebooting the swap partition would indeed be active
by the time i log in next.

I'll probably try submitting a patch or something.

*** End of the template - remove these template lines ***

-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/vmlinuz-4.6.0-1-amd64 root=UUID=d470e0cc-ba84-4b67-bf35-552dd54ce2fd ro initrd=/install/initrd.gz quiet

-- /etc/crypttab
sdb5_crypt /dev/sdb5 none luks,swap
sdb6_crypt UUID=9815be3f-0dd8-4184-a121-b7ead1c3ee86 none luks

-- /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/mapper/sdb6_crypt /               ext4    errors=remount-ro 0       1
# /boot was on /dev/sdb1 during installation
UUID=0574ec56-0269-49ff-a2e9-a00ecf326353 /boot           ext2    ro              0       2
/dev/mapper/sdb5_crypt none            swap    sw              0       0
/dev/sr0        /media/cdrom0   udf,iso9660 user,noauto     0       0
tmpfs	/run	tmpfs	nodev,nosuid,size=10%,mode=1755	0	0
tmpfs	/run/lock	tmpfs	nodev,nosuid,size=10%,mode=1777	0	0
tmpfs	/run/shm	tmpfs	nodev,nosuid,size=20%,mode=1777	0	0
tmpfs	/tmp	tmpfs	nodev,nosuid,size=50%,mode=1777	0	0

-- lsmod
Module                  Size  Used by
snd_hda_codec_hdmi     45056  1
iTCO_wdt               16384  0
iTCO_vendor_support    16384  1 iTCO_wdt
intel_rapl             20480  0
x86_pkg_temp_thermal    16384  0
snd_hda_codec_realtek    86016  1
intel_powerclamp       16384  0
coretemp               16384  0
kvm_intel             188416  0
snd_hda_codec_generic    69632  1 snd_hda_codec_realtek
kvm                   561152  1 kvm_intel
irqbypass              16384  1 kvm
pcspkr                 16384  0
serio_raw              16384  0
snd_hda_intel          36864  0
snd_hda_codec         135168  4 snd_hda_codec_realtek,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_intel
snd_hda_core           81920  5 snd_hda_codec_realtek,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_codec,snd_hda_intel
snd_hwdep              16384  1 snd_hda_codec
joydev                 20480  0
snd_pcm               106496  4 snd_hda_codec_hdmi,snd_hda_codec,snd_hda_intel,snd_hda_core
sb_edac                32768  0
snd_timer              32768  1 snd_pcm
edac_core              57344  1 sb_edac
lpc_ich                24576  0
snd                    81920  8 snd_hda_codec_realtek,snd_hwdep,snd_timer,snd_hda_codec_hdmi,snd_pcm,snd_hda_codec_generic,snd_hda_codec,snd_hda_intel
sg                     32768  0
mei_me                 32768  0
i2c_i801               20480  0
mfd_core               16384  1 lpc_ich
ipmi_si                57344  0
soundcore              16384  1 snd
mei                    94208  1 mei_me
ioatdma                53248  0
dca                    16384  1 ioatdma
shpchp                 36864  0
8250_fintek            16384  0
ipmi_msghandler        49152  1 ipmi_si
tpm_infineon           20480  0
tpm_tis                20480  0
tpm                    45056  2 tpm_tis,tpm_infineon
processor              36864  0
evdev                  24576  19
parport_pc             28672  0
sunrpc                331776  1
ppdev                  20480  0
lp                     20480  0
parport                49152  3 lp,ppdev,parport_pc
autofs4                40960  2
ext4                  593920  4
ecb                    16384  0
crc16                  16384  1 ext4
jbd2                  106496  1 ext4
crc32c_generic         16384  0
mbcache                16384  5 ext4
algif_skcipher         20480  0
af_alg                 16384  1 algif_skcipher
uas                    24576  0
usb_storage            69632  1 uas
dm_crypt               24576  2
hid_generic            16384  0
usbhid                 49152  0
hid                   118784  2 hid_generic,usbhid
dm_mod                106496  12 dm_crypt
sr_mod                 24576  0
cdrom                  57344  1 sr_mod
sd_mod                 45056  8
crct10dif_pclmul       16384  0
crc32_pclmul           16384  0
crc32c_intel           24576  0
ghash_clmulni_intel    16384  0
jitterentropy_rng      16384  0
hmac                   16384  1
drbg                   24576  1
ansi_cprng             16384  0
aesni_intel           167936  7
aes_x86_64             20480  1 aesni_intel
lrw                    16384  1 aesni_intel
gf128mul               16384  1 lrw
glue_helper            16384  1 aesni_intel
ablk_helper            16384  1 aesni_intel
cryptd                 20480  5 ghash_clmulni_intel,aesni_intel,ablk_helper
psmouse               126976  0
ahci                   36864  5
libahci                32768  1 ahci
xhci_pci               16384  0
xhci_hcd              180224  1 xhci_pci
libata                233472  2 ahci,libahci
nouveau              1486848  2
scsi_mod              233472  6 sg,uas,usb_storage,libata,sd_mod,sr_mod
ehci_pci               16384  0
mxm_wmi                16384  1 nouveau
e1000e                233472  0
ehci_hcd               77824  1 ehci_pci
video                  40960  1 nouveau
ptp                    20480  1 e1000e
i2c_algo_bit           16384  1 nouveau
pps_core               20480  1 ptp
ttm                    94208  1 nouveau
usbcore               241664  7 uas,usb_storage,ehci_hcd,ehci_pci,usbhid,xhci_hcd,xhci_pci
drm_kms_helper        147456  1 nouveau
usb_common             16384  1 usbcore
drm                   360448  5 ttm,drm_kms_helper,nouveau
wmi                    20480  2 mxm_wmi,nouveau
fjes                   28672  0
button                 16384  1 nouveau

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.6.0-1-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cryptsetup depends on:
ii  cryptsetup-bin         2:1.7.0-2
ii  debconf [debconf-2.0]  1.5.59
ii  dmsetup                2:1.02.130-1
ii  libc6                  2.23-4

Versions of packages cryptsetup recommends:
ii  busybox                                 1:1.22.0-19
ii  console-setup                           1.147
ii  initramfs-tools [linux-initramfs-tool]  0.125
ii  kbd                                     2.0.3-2

Versions of packages cryptsetup suggests:
ii  dosfstools              4.0-2
pn  keyutils                <none>
ii  liblocale-gettext-perl  1.07-3

-- debconf information:
  cryptsetup/prerm_active_mappings: true