Bug#782712: pre-upload unblock request: systemd/215-17 for RC bug #751707
Lennart Sorensen
lsorense at csclub.uwaterloo.ca
Thu Apr 16 21:58:18 BST 2015
On Thu, Apr 16, 2015 at 10:05:17PM +0200, Cyril Brulebois wrote:
> Martin Pitt <mpitt at debian.org> (2015-04-16):
> > Hello Cyril,
> >
> > Cyril Brulebois [2015-04-16 19:40 +0200]:
> > > Anyway, asking for home encryption indeed leads to swap encryption,
> > > through a ecryptfs-setup-swap call, which in turn triggers:
> > > | echo "cryptswap$i UUID=$uuid /dev/urandom swap,offset=1024,cipher=aes-xts-plain64" >> /etc/crypttab
> > > `---[ src/utils/ecryptfs-setup-swap ]---
> > >
> > > The same file in the Debian package has no offset, so I guess that means
> > > Debian is rather safe.
> >
> > Well, it actually means that it's even more broken :-( If you don't
> > specify an offset at all, then you can only boot this system once.
> > Then your partition will be overwritten with random data entirely, and
> > the next time you won't have any matching UUID any more, and you again
> > get a hanging boot (this affects sysvinit and upstart too). I. e. you
> > will have exactly the same effect.
> >
> > So to properly fix this, we need:
> >
> > (1) the fix to add the offset=:
> > https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/840
> >
> > (Updating the used cipher would also be a good idea, but not
> > essential)
> >
> > This fix alone is sufficient under sysvinit and upstart.
> >
> > (2) this systemd fix to actually respect offset= when booting under
> > systemd.
>
> Huh? Last I checked, guided encrypted LVM just works…
Worked for me about a month ago.
--
Len Sorensen
More information about the Pkg-systemd-maintainers
mailing list