Bug#642115: debian-installer: guided full disk encryption + LVM complains about insecure swap

[Jon Dowland <jmtd@debian.org>]

On Tue, Sep 20, 2011 at 11:54:21AM +0100, Jon Dowland wrote:
> Thus the outer-if is passing. dm_is_safe looks fine to me, at least it
> invokes dm_dev_is_safe, I'll try to look at dm_dev_is_safe next.

I think this is where the problem is.

crypto-base.sh, dm_dev_is_safe:

    dminfo=$(dmsetup table -j$mag -m$min 2> /dev/null | \
             head -n1 | cut -d' ' -f3) || return 1

dm_dev_is_safe calls itself recursively for each dependency of the supplied
device (supplied as a major/minor number pair).

The swap partition has sda5 as a dependency (the first logical partition, used
as the crypt base).

dmsetup table -j$mag -m$min returns:

    sda5_crypt: 0 16269312 crypt …

the above command results in $dminfo being 16269312. It is then checked against
'crypt':

    if [ "$dminfo" = "crypt" ]; then
            return 0
    fi

This seems to be an off-by-one problem. field 4 would be 'crypt' and would
correctly return success.  I hypothesise that the prefixed 'sda5_crypt:' is
new.


-- 
Jon Dowland