Bug#379771: marked as done (cryptsetup: encrypted swap does not work on existing swap partition)

Mon, 16 Oct 2006 16:29:05 -0700 

Your message dated Mon, 16 Oct 2006 15:06:10 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#385317: fixed in cryptsetup 2:1.0.4-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: cryptsetup
Version: 2:1.0.3-3
Severity: normal

Contrary to the instructions given in /usr/share/doc/cryptsetup/CryptoSwap.HowTo
it is not possible to activate the encryption for an existing swap partition.

The init script detects a valid swap signature on the original partition (not
encrypted) and refuses to overwrite it with the encrypted swap.  So the
instructions given in CryptoSwap.HowTo are incorrect.

I have been using an encrypted swap partition on my "testing" systems since a
while.  I am glad that bugs #371135, #371160 and #377434 have been fixed so
that encrypted swap partitions with random keys are working again.  However,
some of my systems dual-boot with other Linux configurations in which the same
partition is used as a standard swap (no encryption).  Switching between these
configurations prevents the encrypted swap from working as it did before,
because the valid swap signature created by the other configurations prevents
the encrypted device from working.

Proposed solutions:
1) Allow the creation of the encrypted swap partition even if a valid swap
   signature exists on the target partition.  Destroying a valid swap
   partition is much less dangerous than destroying another filesystem.
   The only concern might be for people using suspend on swap and doing
   something stupid in their crypttab configuration, but this is a minor
   issue.
2) If the first solution is not possible or not desirable for whatever
   reasons, at least update CryptoSwap.HowTo and suggest destroying the
   swap partition by hand before using it in crypttab, or disabling the
   test (check=/bin/true) as had been suggested in another bug report.
   For example, CryptSetup.HowTo could say:
     Before starting your crypted device, erase its contents with:
     dd if=/dev/urandom of=/dev/hda9 bs=1024 count=<whatever>
   It is a bit strange to suggest to destroy things by hand just because
   an overzealous test in the init script tries hard to prevent people
   from making mistakes.  But if the other solution is rejected, then at
   least this would fix the documentation.

-Raphaël

--- End Message ---
--- Begin Message --- 
Source: cryptsetup
Source-Version: 2:1.0.4-1

We believe that the bug you reported is fixed in the latest version of
cryptsetup, which is due to be installed in the Debian FTP archive:

cryptsetup-udeb_1.0.4-1_amd64.udeb
  to pool/main/c/cryptsetup/cryptsetup-udeb_1.0.4-1_amd64.udeb
cryptsetup_1.0.4-1.diff.gz
  to pool/main/c/cryptsetup/cryptsetup_1.0.4-1.diff.gz
cryptsetup_1.0.4-1.dsc
  to pool/main/c/cryptsetup/cryptsetup_1.0.4-1.dsc
cryptsetup_1.0.4-1_amd64.deb
  to pool/main/c/cryptsetup/cryptsetup_1.0.4-1_amd64.deb
cryptsetup_1.0.4.orig.tar.gz
  to pool/main/c/cryptsetup/cryptsetup_1.0.4.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Meurer <[EMAIL PROTECTED]> (supplier of updated cryptsetup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 16 Oct 2006 19:22:41 +0200
Source: cryptsetup
Binary: cryptsetup cryptsetup-udeb
Architecture: source amd64
Version: 2:1.0.4-1
Distribution: unstable
Urgency: low
Maintainer: Jonas Meurer <[EMAIL PROTECTED]>
Changed-By: Jonas Meurer <[EMAIL PROTECTED]>
Description: 
 cryptsetup - configures encrypted block devices
 cryptsetup-udeb - configures encrypted block devices (udeb)
Closes: 385317 387158 388083 388871 389835 390354 390514
Changes: 
 cryptsetup (2:1.0.4-1) unstable; urgency=low
 .
   [ David Härdeman ]
   * Always update the current initramfs when a new version is installed
   * Move the double-ssl decryption into a keyscript and change the ssl
     option to use that script instead
   * Move the gpg key decryption into a keyscript and change the gpg
     option to use that script instead
   * Clean up cryptdisks.functions
   * Let initramfs-tools know that we need busybox in the initramfs image
   * Fix bogus error message from initramfs hook, based on patch by
     Loïc Minier <[EMAIL PROTECTED]>. (closes: #388871)
   * Remove the undocumented kernel boot argument "cryptopts"
   * Always add some crypto modules/tools to the initramfs image unless
     MODULES=dep. (closes: #389835)
   * Update README.initramfs.
   * Add checks and warnings that the ssl and gpg options are going away
     in favour of the keyscript option
   * Fix the decrypt_ssl script (closes: #390514)
 .
   [ Jonas Meurer ]
   * New upstream release.
     - [01_terminal_output.dpatch] removed, finally went upstream
     - [02_docs_tries.dpatch] removed, went upstream
     - [03_fix_build_error.dpatch] renamed to 01_fix_build_error.dpatch
   * Fix SYNOPSIS in crypttab(5) manpage to show all arguments as mandatory.
     Thanks to Michael Steinfurth.
   * Check in postinst for entries with missing arguments in /etc/crypttab.
     Warn is one is found. Thanks to Michael Steinfurth (closes: #388083)
   * Fix pretest for encrypted swap. Allow unencrypted swap on the source
     device. Thanks to Dennis Furey. (closes: #387158)
   * Fix posttest for encrypted swap. Don't skip if a swap filesystem is found
     on the target device. Thanks to Sam Couter. (closes: #385317)
   * Use 'set -e' and 'if [ -r <file> ]; then ...; fi' in init script. Thanks
     to Goswin Brederlow. (closes: #390354)
   * change '... > &2' to ... >&2' in cryptdisks.functions
Files: 
 9fa08a079e8c0c3a2eec01195b064e8c 813 admin optional cryptsetup_1.0.4-1.dsc
 bc3fa31b2e743deb755b04ca8e582617 429504 admin optional 
cryptsetup_1.0.4.orig.tar.gz
 5b7735163cb12a0ffcec4b59c2b4d6f7 38961 admin optional 
cryptsetup_1.0.4-1.diff.gz
 d839080e60bf15dc5109fa93d23715c4 257652 admin optional 
cryptsetup_1.0.4-1_amd64.deb
 ecee58df571a8cb18ab88389eb54cca1 183850 debian-installer optional 
cryptsetup-udeb_1.0.4-1_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFM8+td6lUs+JfIQIRAtdDAJ9q+CFIsHws/a96Yb3WxHgkmYJvFgCeMENY
y350Rda64xlwyG2fqeIywTw=
=Zs2r
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to