Bug#642115: marked as done (debian-installer: guided full disk encryption + LVM complains about insecure swap)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Tue, 20 Sep 2011 16:17:37 +0000
with message-id <E1R630r-0000Lv-5e@franck.debian.org>
and subject line Bug#642115: fixed in partman-crypto 48
has caused the Debian Bug report #642115,
regarding debian-installer: guided full disk encryption + LVM complains about insecure swap
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
642115: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642115
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: debian-installer: guided full disk encryption + LVM complains about insecure swap
• From: Jon Dowland <jmtd@debian.org>
• Date: Mon, 19 Sep 2011 15:47:13 +0100
• Message-id: <[🔎] 20110919144713.GA19671@inoshiro.ncl.ac.uk>

Package: debian-installer
Severity: normal

Hi,

Using a daily build:

-rw-r--r-- 1 libvirt-qemu kvm  240M Sep 16 10:00 debian-testing-i386-netinst.iso

If you choose Guided / Encrypted / LVM as the partitioning type, the resulting
scheme chosen by d-i basically looks like

    (physical partition) → (encrypted volume) → (LVM) → (swap)

Thus, the swap is encrypted, but LVM sits between them.

After choosing that partitioning scheme, you are then asked to input the
encryption pass-phrase.  You are then shown the scheme layed out like with the
manual partitioner.

After you accept this, you are warned that the swap space is unsafe.  d-i
refuses to proceed at this point.  If you set the swap LV to "do not use", you
can proceed (without swap) and fix it later on.

I think this is incorrect and the swap space *is* safe, since it is sitting
on top of an encrypted partition.  However either way, the guided partitioner
should suggest a scheme which is safe.

-- System Information:
Debian Release: 6.0.1
  APT prefers stable
  APT policy: (700, 'stable'), (600, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

• To: 642115-close@bugs.debian.org
• Subject: Bug#642115: fixed in partman-crypto 48
• From: Joey Hess <joeyh@debian.org>
• Date: Tue, 20 Sep 2011 16:17:37 +0000
• Message-id: <E1R630r-0000Lv-5e@franck.debian.org>

Source: partman-crypto
Source-Version: 48

We believe that the bug you reported is fixed in the latest version of
partman-crypto, which is due to be installed in the Debian FTP archive:

partman-crypto-dm_48_all.udeb
  to main/p/partman-crypto/partman-crypto-dm_48_all.udeb
partman-crypto-loop_48_all.udeb
  to main/p/partman-crypto/partman-crypto-loop_48_all.udeb
partman-crypto_48.dsc
  to main/p/partman-crypto/partman-crypto_48.dsc
partman-crypto_48.tar.gz
  to main/p/partman-crypto/partman-crypto_48.tar.gz
partman-crypto_48_i386.udeb
  to main/p/partman-crypto/partman-crypto_48_i386.udeb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 642115@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Joey Hess <joeyh@debian.org> (supplier of updated partman-crypto package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 20 Sep 2011 12:01:12 -0400
Source: partman-crypto
Binary: partman-crypto partman-crypto-dm partman-crypto-loop
Architecture: source i386 all
Version: 48
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Joey Hess <joeyh@debian.org>
Description: 
 partman-crypto - Add to partman support for block device encryption (udeb)
 partman-crypto-dm - Add to partman support for dm-crypt encryption (udeb)
 partman-crypto-loop - Add to partman support for loop-AES encryption (udeb)
Closes: 642115
Changes: 
 partman-crypto (48) unstable; urgency=low
 .
   * Fix parsing of dmsetup table output, so it will actually detect when
     swap is on crypto. Closes: #642115 (Thanks Jon Downland for debugging it.)
 .
   [ Updated translations ]
   * Bulgarian (bg.po) by Damyan Ivanov
   * German (de.po) by Holger Wansing
   * Hebrew (he.po) by Lior Kaplan
   * Hindi (hi.po) by Kumar Appaiah
   * Italian (it.po) by Milo Casagrande
   * Korean (ko.po) by Changwoo Ryu
   * Macedonian (mk.po) by Arangel Angov
   * Polish (pl.po) by Marcin Owsiany
   * Romanian (ro.po) by Ioan Eugen Stan
   * Sinhala (si.po) by Danishka Navin
   * Thai (th.po) by Theppitak Karoonboonyanan
   * Simplified Chinese (zh_CN.po) by YunQiang Su
Checksums-Sha1: 
 adf5728e1462f48b3b13612d6123055649a392ce 1578 partman-crypto_48.dsc
 a4e1bec53bdde6239b4955d8b90c2d6e85eda742 334891 partman-crypto_48.tar.gz
 95195ed21764d4d0cfc190654c5eabd78b79df8a 282576 partman-crypto_48_i386.udeb
 fea120ef41769eec03e5e63138f5b83f35b37d02 1652 partman-crypto-dm_48_all.udeb
 073063fd15d8526edbaa51f988d2fbe1a4b7f192 1212 partman-crypto-loop_48_all.udeb
Checksums-Sha256: 
 7442da1601f9c9b1c307cc77e8fccb45e0e31e7095e7baa2e060e7cc2eb4564c 1578 partman-crypto_48.dsc
 179b58e119720824b7d2dc9a416de696985826ffc4c11cd7c361a3a5b83700d2 334891 partman-crypto_48.tar.gz
 25007f0e5674255c86eabf3c2f85546e8ac64a2be24b224092e885960cb527d1 282576 partman-crypto_48_i386.udeb
 7a87f8f3ba4c858400449446fe08342eb10a17a2ca7d6e4b62d9c8dd99da6a61 1652 partman-crypto-dm_48_all.udeb
 b4241ade62c7016206c32387844dae7ac041090a8267b1b2a6a5c512619d0fa5 1212 partman-crypto-loop_48_all.udeb
Files: 
 51e434247b934eefe5753e53dc0051f9 1578 debian-installer optional partman-crypto_48.dsc
 70aa99c751bc36e8daf684c9ba96499a 334891 debian-installer optional partman-crypto_48.tar.gz
 64b4ff43fd14767cc242c05bc5f76360 282576 debian-installer optional partman-crypto_48_i386.udeb
 933c8d95aeaf4e9b02c81dbb01a69589 1652 debian-installer optional partman-crypto-dm_48_all.udeb
 4d486d731f5c46bb7a957f16097bc19b 1212 debian-installer optional partman-crypto-loop_48_all.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIVAwUBTni51ckQ2SIlEuPHAQhP+g//XYS62lo0QS7jvcmy9rRl0ZmuI3BaWo/h
Bb/y2DFRFQyWlJa8Ds6HdvxV9gVj4W32klFbgbUCCJ6VKRxYas80dO4oAKuwHiuw
yhG6T7f3N9S6Bm92RI51wDesOMdNFUqLFkI8bib+IUD7TssGIvt1IA90vb5Ab19c
W7+qXVNFPFq4W3m/51iUzO2l+bk5TxioHVpMjF5s/FLIOk3LcuJPZLnDSQSBL0G2
VclK+vBW865B0xbmS5AsyB/iiMP/by3ymCgeAjTloBFzVntewUlJuldSFx1Fbqxg
tpefnHf9n//P23tsvKNONobLT5CR1PUbJ+RHMBP/Kq14PAXTO5108XWsjs6dN/FF
LNixho8uYwxTkygNTKg3bzwj5yRO+9otLMAQe/Zw6DtE/Bpm4jivjVn3HyOOa0mm
HPwAaHtYRmFLQM3wbRDmKLOG/z0kjZGf7dGksjKUXmnt3lFu6SQP/BYwnTX6Ud5J
DqHn+vCpSGvJia62MURef3k0Qjlh+BOArHb04mXkCpONNYH20yzfyP4P4My+KciX
OJ2O0Iv5E2jXLfmctFnrBT8/Tmynt+6qkdWFjiWqVuFgNz53z/XTipC0jB6JA+sj
ZsGQU5c/eh/Cim62sfGzeqD4j6bElxOiIucl1maJiAf2HI90X49VzTxIqcPscXhN
TxUL3ayo8hs=
=DtOl
-----END PGP SIGNATURE-----

--- End Message ---