Re: [solved, unsafely?] What is the correct way to set encrypted swap with systemd?
Quoting ~Stack~ (i.am.stack@gmail.com):
> On 03/28/2015 08:32 AM, Sven Hartge wrote:
> > ~Stack~ <i.am.stack@gmail.com> wrote:
> >
> >> Remember back a few months ago when systemd wouldn't stop fsck'ing my
> >> swap partition?
> >
> > Why would systemd fsck the swap? swap does not need fscking.
>
> I have no idea. But, if I disable the swap partition the system boots
> just fine. If I enable it, fsck tries to run and the partition is
> complains about is the swap partition. I have no idea why systemd.fsck
> does this. :-/
>
> [snip]
> > I have the same setup on Debian Sid with systemd, just like you:
> >
> > ,----[ /etc/crypttab
> > | # <target name> <source device> <key file> <options>
> > | cswap /dev/disk/by-id/md-uuid-a805edd5:bcfd4c98:ce747c2c:77d42131 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256
> > `----
>
> Thank you!! I think I just found out what my note "systemd.fsck doesn't
> like UUID's" meant! I was assuming it was in the /etc/fstab or
> somewhere, but when I noticed you have the /dev location of your disk
> and I have a UUID in the /etc/crypttab I decided to give it a try.
>
> $ grep swap /etc/crypttab
> # causes systemd to fsck swap
> #sda3_crypt UUID=ef2496cd-ca4d-43aa-8c90-dba084029f6e /dev/urandom
> cipher=aes-xts-plain64,size=256,swap
> # systemd doesn't fsck swap
> sda3_crypt /dev/sda3 /dev/urandom cipher=aes-xts-plain64,size=256,swap
>
> I reverted all of my changes that I took notes on and
> bada-bing-bada-boom! It works now!
That cure looks retrograde to me because it throws away the uniqueness
of UUIDs. What if /dev/sda3 changes, for whatever reason.
A systemd 216 man page for crypttab says:
"WARNING: Using the swap option will destroy the contents of the
named partition during every boot, so make sure the underlying
block device is specified correctly."
Could you not try using a /dev/disk/by-foo/... entry instead and see
if that works? (I don't recognise the particular one Sven uses.)
Cheers,
David.
Reply to: