[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mostly Solved: [Re: cryptdisks runlevel configuration for lvm2 + encrypted swap file]

Jimmy Wu wrote:
> Since /var is a LVM2 logical volume, it won't get mounted until after 
> mountall.sh (I assume).  Since cryptdisks comes before mountall.sh in the 
> dependency chain I (also assume that I) can't move it after mountall.sh 
> without creating some circular mess.
> I also checked for when swap is enabled (grep -Ri swapon /etc/init.d) 
> and the latest place where swapon gets run is in mountall.sh, so even if 
> I were able to move cryptdisks after mountall.sh somehow, the swap would 
> have to be enabled manually after the /dev/mapper file is set up.

It could be that there will need to be some splitting of functionality
in order to get the bootstrapping all 100% correct.  If you figure out
a nice way to do this it would definitely be worth an enhancement bug
request.  The dependency based booting is new and I am sure it will
take a little bit before all of the bugs get worked out.

> My current kludge is to add the following line to /etc/rc.local:
> services cryptdisks start && swapon -a.

I almost suggested that you might have to add the swap yourself late
in the boot process such as in rc.local but didn't.  Now I wish that I
had suggested it then. :-)

> It makes my shutdown process (even more) unclean - I see some message 
> about being unable to stop the (sole) lvm volume group due to some 
> logical volumes still being in use but since the machine is shutting 
> down anyways, that is comparatively minor.

Actually a freshly installed system will always have that message at
shutdown time.  That is just the way things are right now such as when
root is on lvm.  The scripts are not smart enough to know that and
just try to shut everything down and see an error for the busy root
and emit an error message about it.  I don't think it is specific to
your swap changes.  Or at least I will say that if you were to test
with a fresh install and put root on lvm that you would always see it
at shutdown too.

This is just an aside but have you considered just encrypting
everything?  Create one large partition, encrypt it, set it up with
lvm, then partition out the lvm into whatever partitions, swap,
whatever that you desire.  That is a standard configuration for the
debian-installer.  I use it on laptops.  It works great.  But the
advantage here would be that you wouldn't need a separate encrypted
swap file.  A normal swap file would be encrypted on the filesystem
along with everything else on the filesystem.


Attachment: signature.asc
Description: Digital signature

Reply to: