[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#378687: marked as done (Cipher modules for loop-AES need to be in /target/etc/modules)

Your message dated Tue, 18 Jul 2006 10:32:21 -0700
with message-id <E1G2tQj-0002X9-Kd@spohr.debian.org>
and subject line Bug#378687: fixed in partman-crypto 8
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: installation-reports

Boot method: netboot/mini.iso
Image version: 2006-07-17 daily from
http://people.debian.org/~fjp/d-i/images/2006-07-17/netboot/mini.iso

Machine: VMWare Player 1.0.1 build-19317
Memory: 128MB
Partitions:

Filesystem    Type    Size  Used Avail Use% Mounted on
/dev/sda1     ext3    897M  292M  558M  35% /
tmpfs        tmpfs     63M     0   63M   0% /dev/shm
/dev/sda2     ext3     89M  4.1M   80M   5% /home
/dev/mapper/crypt0
              ext3     88M  4.1M   79M   5% /opt
/dev/sda5     ext3     92M  5.7M   81M   7% /tmp
tmpfs        tmpfs     10M   96K   10M   1% /dev

# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
/dev/sda1       /               ext3    defaults,errors=remount-ro 0       1
/dev/sda2       /home           ext3    defaults,loop=/dev/loop0,encryption=AES256,gpgkey=/etc/loopkeys/_dev_sda2.gpg 0       0
/dev/mapper/crypt0 /opt            ext3    defaults        0       2
/dev/sda5       /tmp            ext3    defaults,loop=/dev/loop2,encryption=serpent256,phash=random/1777 0       0
/dev/sda3       none            swap    sw,loop=/dev/loop1,encryption=AES256 0       0
/dev/hdc        /media/cdrom0   udf,iso9660 user,noauto     0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto  0       0

/etc/crypttab:
crypt0 /dev/sda6 none luks

losetup -a:
/dev/loop/0: [000c]:4266 (/dev/sda2) encryption=AES256 multi-key-v3
/dev/loop1: [000c]:4337 (/dev/sda3) offset=4096 encryption=AES256 multi-key-v3
/dev/loop2: [000c]:4333 (/dev/sda5) encryption=serpent256 multi-key-v3

/proc/swaps:
Filename				Type		Size	Used	Priority
/dev/loop1                              partition	96376	0	-1

Initial boot worked:    [O]
Configure network HW:   [O]
Config network:         [O]
Detect CD:              [O]
Load installer modules: [O]
Detect hard drives:     [O]
Partition hard drives:  [O]
Create file systems:    [O]
Mount partitions:       [O]
Install base system:    [O]
Install boot loader:    [O]
Reboot:                 [E]

Comments/Problems:

This install was focused on testing partman-crypto; Everything
else worked nicely as expected.

The installed system had two crypto-related problems:

1. The kernel module that provides the serpent cipher for
loop-AES was not automatically loaded during boot (loop_serpent).
As a result, the system booted up without interruption but also
without encrypted /tmp. Something in partman-crypto needs to add
the required modules to /target/etc/modules; This applies to
modules loop_twofish and loop_serpent. I'm currently testing a
change that adds the required modules.

2. Once loop_serpent was included in /etc/modules, checkfs-loop
tried to fsck the /dev/sda5 partition, which was designated to be
used for encrypted /tmp.  This failed because the mount option
phash=random/1777 makes mount use random keys and recreate the
filesystem at each boot. checkfs-loop runs earlier than mount and
so of course cannot fsck correctly. The system stopped booting at
this point and asked for manual repair of the failed fsck. This
can be fixed by excluding loop mounts with a phash=random* option
from being fsck'ed in the checkfs-loop rcS.d script
(loop-aes-utils, change pending upload)

3. Documentation: I can confirm that the checkfs-loop script (which
does the passphrase prompting for loop-AES partitions during
boot) now shows a full prompt including the mountpoint, format:
"Setting up $loop ($mnt)". This is good on the one hand in that
it works as intended, but means that section 7.2.1. loop-AES of
the d-i manual is mostly obsolete. Can we still drop parts of the
manual at this point, without disrupting the beta3 release? Else
I'll try to figure out the correct package to file a bug+patch
against so that we can drop this section post beta3. 

cheers,
Max

--- End Message ---
--- Begin Message --- 
Source: partman-crypto
Source-Version: 8

We believe that the bug you reported is fixed in the latest version of
partman-crypto, which is due to be installed in the Debian FTP archive:

partman-crypto-dm_8_all.udeb
  to pool/main/p/partman-crypto/partman-crypto-dm_8_all.udeb
partman-crypto-loop_8_all.udeb
  to pool/main/p/partman-crypto/partman-crypto-loop_8_all.udeb
partman-crypto_8.dsc
  to pool/main/p/partman-crypto/partman-crypto_8.dsc
partman-crypto_8.tar.gz
  to pool/main/p/partman-crypto/partman-crypto_8.tar.gz
partman-crypto_8_i386.udeb
  to pool/main/p/partman-crypto/partman-crypto_8_i386.udeb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 378687@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Max Vozeler <xam@debian.org> (supplier of updated partman-crypto package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 18 Jul 2006 17:52:02 +0200
Source: partman-crypto
Binary: partman-crypto-dm partman-crypto partman-crypto-loop
Architecture: source i386 all
Version: 8
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Max Vozeler <xam@debian.org>
Description: 
 partman-crypto - Add to partman support for block device encryption (udeb)
 partman-crypto-dm - Add to partman support for dm-crypt encryption (udeb)
 partman-crypto-loop - Add to partman support for loop-AES encryption (udeb)
Closes: 378687
Changes: 
 partman-crypto (8) unstable; urgency=low
 .
   [ David Härdeman ]
   * Rename some files to make their purpose clearer.
   * Depend on base-installer to install cryptsetup when necessary before
     the initramfs is generated (requires base-installer 1.61).
 .
   [ Max Vozeler ]
   * Add loop-AES ciphers to /etc/modules. Closes: #378687
 .
   [ Updated translations ]
   * Estonian (et.po) by Siim Põder
   * Gujarati (gu.po) by Kartik Mistry
   * Japanese (ja.po) by Kenshi Muto
   * Panjabi; Punjabi (pa.po) by A S Alam
   * Swedish (sv.po) by Daniel Nylander
   * Ukrainian (uk.po) by Eugeniy Meshcheryakov
Files: 
 272f9b978eaa6e5246439cf0cb6c0e9e 607 debian-installer standard partman-crypto_8.dsc
 f8c836e4dbba3e8ff73e5021711b167a 222068 debian-installer standard partman-crypto_8.tar.gz
 1bfbdafd2e0351815abaf79ce229fef0 1364 debian-installer standard partman-crypto-dm_8_all.udeb
 38d146df39381b51897aa88a7e9ca7d8 1220 debian-installer standard partman-crypto-loop_8_all.udeb
 79ddb6ded4710a792d67ff5a89a98082 156400 debian-installer standard partman-crypto_8_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEvQaanVvVEbfNotwRAsKWAJ9r+uV3+iKvmsMWosMJcF01OJcGFgCfTbwF
yHvhT1mqeuBquSpt5ogkW+Y=
=QE4r
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: