Bug#782712: pre-upload unblock request: systemd/215-17 for RC bug #751707
Cyril Brulebois
kibi at debian.org
Thu Apr 16 21:05:17 BST 2015
Martin Pitt <mpitt at debian.org> (2015-04-16):
> Hello Cyril,
>
> Cyril Brulebois [2015-04-16 19:40 +0200]:
> > Anyway, asking for home encryption indeed leads to swap encryption,
> > through a ecryptfs-setup-swap call, which in turn triggers:
> > | echo "cryptswap$i UUID=$uuid /dev/urandom swap,offset=1024,cipher=aes-xts-plain64" >> /etc/crypttab
> > `---[ src/utils/ecryptfs-setup-swap ]---
> >
> > The same file in the Debian package has no offset, so I guess that means
> > Debian is rather safe.
>
> Well, it actually means that it's even more broken :-( If you don't
> specify an offset at all, then you can only boot this system once.
> Then your partition will be overwritten with random data entirely, and
> the next time you won't have any matching UUID any more, and you again
> get a hanging boot (this affects sysvinit and upstart too). I. e. you
> will have exactly the same effect.
>
> So to properly fix this, we need:
>
> (1) the fix to add the offset=:
> https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/840
>
> (Updating the used cipher would also be a good idea, but not
> essential)
>
> This fix alone is sufficient under sysvinit and upstart.
>
> (2) this systemd fix to actually respect offset= when booting under
> systemd.
Huh? Last I checked, guided encrypted LVM just works…
Mraw,
KiBi.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20150416/16b5bf7f/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list