Re: [solved securely now??] What is the correct way to set encrypted swap with systemd?
Quoting ~Stack~ (i.am.stack@gmail.com):
> On 03/29/2015 07:06 AM, Sven Hartge wrote:
> > ~Stack~ <i.am.stack@gmail.com> wrote:
> >
> >> One more question if you don't mind: I understand why the encrypted
> >> partition UUID is going to change every time, but the physical
> >> partition UUID for my /dev/sda3 shouldn't change though. If they are
> >> the same systemd.fsck shouldn't have a problem with the physical
> >> partition UUID of /dev/sda3, but yet it does (at least for me). So
> >> what is the difference between the UUID pointing to /dev/sda3 and the
> >> /dev/disk/by-id pointing to /dev/sda3?
> >
> > Please provide an example of such an UUID and the way you obtained it.
>
> Greetings Sven,
>
> So something odd has happened...
>
> # blkid |grep sda3
> /dev/sda3: PARTUUID="0003efe2-03"
> /dev/mapper/sda3_crypt: UUID="f4aad427-3462-4dcf-a40d-617e90a7b1cb"
> TYPE="swap"
>
> # grep sda3 /etc/crypttab
> sda3_crypt /dev/disk/by-id/ata-TOSHIBA_MK3259GSXP_42K5CE0TT-part3
> /dev/urandom cipher=aes-xts-plain64,size=256,swap
>
> That "PARTUUID" is odd because it used to be a UUID...huh...really not
> sure what happened...but I have a guess (below)...
I can't work out why your blkid | grep produces so little
output. Here's some of mine:
wheezy:
/dev/sda1: LABEL="gina01" UUID="a854f3b7-4ba1-4fa3-8d43-c150169c91a6" TYPE="ext4"
/dev/sda4: LABEL="gina04" UUID="32e87272-a109-46ba-8914-c0b5374cb32e" TYPE="swap"
/dev/sdb2: LABEL="mama02" UUID="2013-1105" TYPE="vfat"
/dev/sdb4: LABEL="mama04" UUID="8561eb12-3ee8-42e1-a5c7-6d36fea217d3" SEC_TYPE="ext2" TYPE="ext3"
jessie:
/dev/sda1: LABEL="john01" UUID="53515dcb-96fb-4c28-b456-1efbd1fdac38" TYPE="ext3" PARTUUID="c889c889-01"
/dev/sda4: LABEL="john04" UUID="876c1170-c64f-4fdf-aae2-a20e9c4a26f6" TYPE="swap" PARTUUID="c889c889-04"
/dev/sdb1: PARTLABEL="EFI" PARTUUID="d01dcc00-c77d-4e35-81d9-6ffc12536839"
/dev/sdb2: LABEL="mama02" UUID="2013-1105" TYPE="vfat" PARTLABEL="FAT32" PARTUUID="4123d2d5-b471-405e-90ed-76afea329c13"
/dev/sdb4: LABEL="mama04" UUID="8561eb12-3ee8-42e1-a5c7-6d36fea217d3" TYPE="ext3" PARTLABEL="m04" PARTUUID="5fabaa67-6f04-4d59-b797-e6fee7f4d454"
I don't suppose it's relevant in your case that wheezy is blind to
PARTxxx unlike jessie, so sdb1 doesn't even appear.
I prefer the output from /run/udev/data because, though much more
voluminous, the labelling is better:
S:disk/by-id/ata-ST3000DM001-1E6166_Z1F3FX1E-part4
S:disk/by-id/wwn-0x5000c500642bbfd3-part4
S:disk/by-label/mama04
S:disk/by-partlabel/m04
S:disk/by-partuuid/5fabaa67-6f04-4d59-b797-e6fee7f4d454
S:disk/by-path/pci-0000:00:1d.7-usb-0:5:1.0-scsi-0:0:0:0-part4
S:disk/by-uuid/8561eb12-3ee8-42e1-a5c7-6d36fea217d3
E:ID_FS_LABEL=mama04
E:ID_FS_TYPE=ext3
E:ID_FS_USAGE=filesystem
E:ID_FS_UUID=8561eb12-3ee8-42e1-a5c7-6d36fea217d3
E:ID_PART_ENTRY_TYPE=0fc63daf-8483-4772-8e79-3d69d8477de4
E:ID_PART_ENTRY_UUID=5fabaa67-6f04-4d59-b797-e6fee7f4d454
E:ID_PART_TABLE_TYPE=gpt
E:ID_PART_TABLE_UUID=35365a04-6978-4588-9fbe-75c8f3263aba
Unlike, say, sba4 and mama04 where the difference is obvious, UUIDs
all look alike with a quick glance.
> Thus, I would want to point to the partition PARTUUID because (as you
> pointed out to me earlier) the swap filesystem is going to change every
> time due to urandom and thus the UUID should be changing on every
> boot...blkid is probably seeing that this is a ever changing swap
> partition and just returning the PARTUUID for me.
I don't think it's blkid's prerogative to interpret the information,
but just to present it.
> But putting that PARTUUID in my /etc/crypttab didn't work and I ended up
> with the systemd.fsck timing out and not mounting swap. Hrm.
I don't recall seeing you post what you actually put into
/etc/crypttab to test PARTUUID, only the erroneous earlier versions
where you were still using swap's UUID.
Cheers,
David.
Reply to: