Package: cryptsetup Version: 2:1.0.6-1 Severity: normal --- Please enter the report below this line. ---
Hi everyone! I'm running a Debian system with both encrypted root and swap partitions. I have been experiencing a problem with suspend-to-disk and the subsequent resume operation that involves the encrypted swap partition. I tracked the problem down to a bug in the cryptsetup package. In the following, I'll try to explain the problem and suggest both a workaround and bugfix... Problem: I don't know the exact suspend-to-disk method i use, since I simple select "Hibernate" from Gnome's shutqown dialog. However, it is apparent that the swap partition is used to store RAM contents and that initramfs is doing most of the resume work. In case of an LUKS encrypted swap partition cryptsetup has to provide access to that partition during the boot. For that purpose cryptsetup installs a hook script for initramfs-tools, namely "/usr/share/initramfs-tools/hooks/cryptroot". That script is supposed to identify all partitions that may need to be decrypted by initramfs during boot. This includes the root partition and any swap partition used for resume. In my case information about the swap partition to use for resume is found in the configuration file "/etc/initramfs-tools/conf.d/resume". I think, the Debian Installer created this file. Usually it only contains one line, in my case: "RESUME=/dev/mapper/cryptoswap". Line 69 of "/usr/share/initramfs-tools/hooks/cryptroot" tries to use this file to determine which partitions to decrypt during boot. However, the sed scrypt used seems to be buggy. It assumes whitespace where none is present: device=$(sed -rn 's/^RESUME[[:space:]]+=[[:space:]]+// p' \ /etc/initramfs-tools/conf.d/resume) Therefore the encrypted swap device is never added to the list of devices to encrypt during boot. Workaround: The trivial workaround of adding appropriate whitespace around the "=" in the configuration file does not work very well. While this is a worksaround for the mentioned bug, it does break other scripts. There is at least one script that tries to source the configuration file and then use the contents of the environment variable "RESUME". However, the syntax for setting an environment variable does not allow any whitespace there. To enable both kinds of usage of the configuration file I added a duplicate line, and thus changed it to: RESUME = /dev/mapper/cryptoswap RESUME=/dev/mapper/cryptoswap This actually fixed my problem of resuming from my encrypted swap partition. However it seems quite messy! Suggested Bugfix: IMHO the bug should be fixed in "/usr/share/initramfs-tools/hooks/cryptroot" itself. I did not try that yet, since I did not want to modify any files outside of "/etc". However, changing line 69 to either of the following might do the trick: device=$(sed -rn 's/^RESUME[[:space:]]?=[[:space:]]?// p' \ /etc/initramfs-tools/conf.d/resume) device=$(sed -rn 's/^RESUME=// p' \ /etc/initramfs-tools/conf.d/resume) Alternatively the script could be modified so that it sources the configuration file and then uses the variable "RESUME" to determine the device to decrypt. As mentioned, that seems to be the way other scripts do it. Conclusion: I don't know if my use of encrypted partitions is correct let alone typical. But for me it seems to work, except for the mentioned bug. So I'd be happy to see it fixed. Otherwise, could anyone point me to a better way to resume from an encrypted swap partition? BTW, I don't report Debian bugs too often. Sorry. I already tried to report this last week, using "reportbug" and "sendmail", but it didn't seem to work. Now I'm trying with "reportbug-ng" and "icedove". I appologize, if this should be duplicate after all. Regards, Michael Riedel --- System information. --- Architecture: amd64 Kernel: Linux 2.6.24-1-amd64 Debian Release: lenny/sid 500 testing www.debian-multimedia.org 500 testing security.debian.org 500 testing ftp.nz.debian.org --- Package information. --- Depends (Version) | Installed =====================================-+-=============== dmsetup | 2:1.02.24-4 libc6 (>= 2.7-1) | 2.7-10 libdevmapper1.02.1 (>= 2:1.02.20) | 2:1.02.24-4 libpopt0 (>= 1.10) | 1.10-3 libuuid1 | 1.40.8-2 initramfs-tools | 0.91e -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]