[pkg-cryptsetup-devel] Bug#834871: Bug#834871: cryptsetup: initscript "stop" borks encrypted swap partition for subsequent "start"s

Guilhem Moulin guilhem at guilhem.org
Tue Sep 13 16:53:29 UTC 2016 

Hi Wayne,

On Fri, 19 Aug 2016 at 22:20:17 -0700, Wayne Warren wrote:
> Does anyone else even use encrypted swap? 

Sure, many, but I guess most don't specify both ‘luks’ and ‘swap’ in
crypttab(5)'s 4th field :-) 

Specifying ‘swap’ runs mkswap(8) on the created device.  The swap device
is reinitialized at boot time, hence can't be used as a resume device,
thus people usually define a device of type ‘plain’ with a random key,
cf. /usr/share/doc/cryptsetup/README.Debian sec. 2.

If on the other hand you want to use a resume device (for instance, for
hibernation), you'll need to remove ‘swap’ from crypttab(5)'s 4th field.

That being said, there is no reason a priori why you couldn't specify
both ‘luks’ and ‘swap’.  AFAICT the bug isn't in cryptsetup itself, but
in the systemd implementation.  For instance, here is the shutdown log I
obtain with your configuration:

    systemd[1]: Stopped target Swap.
    systemd[1]: Deactivating swap /dev/disk/by-id/dm-uuid-CRYPT-PLAIN-swap...
    systemd[1]: Stopping Cryptography Setup for swap...
    systemd[1]: Deactivated swap /dev/disk/by-uuid/bba16df3-039f-4d11-97c4-c7a039cca0cd.
    systemd[1]: Deactivated swap /dev/disk/by-id/dm-uuid-CRYPT-PLAIN-swap.
    systemd[1]: Deactivated swap /dev/disk/by-id/dm-name-swap.
    systemd[1]: Deactivated swap /dev/dm-1.
    systemd[1]: Deactivated swap /dev/mapper/swap.
    systemd[1]: Stopped (with error) /dev/disk/by-id/dm-uuid-CRYPT-PLAIN-swap.
    systemd[1]: Stopped (with error) /dev/mapper/swap.
    systemd[1]: Stopped (with error) /dev/disk/by-id/dm-name-swap.
    systemd[1]: Stopped Cryptography Setup for swap.

Note the ‘/dev/disk/by-id/dm-uuid-CRYPT-PLAIN-swap’.  Even though ‘luks’
was specified in crypttab(5), systemd seems to think the device is of
type ‘plain’.

As for the “Stopped (with error)” entries, see

    https://github.com/systemd/systemd/issues/1620

Cheers,
-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20160913/ddf32af4/attachment.sig>

More information about the pkg-cryptsetup-devel mailing list