Re: [solved securely now??] What is the correct way to set encrypted swap with systemd?
Quoting Paul E Condon (pecondon@mesanetworks.net):
> You can also use disk LABEL=. As implemented, the LABEL is actually
> applied to individual partition. As long as every partition has a
> different LABEL values there is no ambiguity. You only need to have
> unique values for partitions that you feel you will be mounting and
> umounting. Partitions with no LABEL value set never get compared by
> LABEL value.
That may be a problem for anyone using wheezy as it only appears to
have UUIDs and LABELs, and not PARTUUIDs and PARTLABELs available.
As discussed, only PARTXXXs are persistent. (If ever I let the Debian
installer loose on my labelled swap partition, I have to relabel it
afterwards.)
> The system has always insisted on setting a unique UUID
> value on every partition. Its done that way because of a design
> decision of Debian developers.
The world has decided that, not just DDs.
> But it has a tiny flaw that you can
> avoid by using LABEL values, which YOU can be sure are unique because
> you didn't do repeats, whereas UUIDs are randomly generated and there
> is a tiny, but non-zero chance of repeats for UUIDs.
Oh, please. "Assuming uniform probability for simplicity, the
probability of one duplicate would be about 50% if every person on
earth as of 2014 owned 600 million GUIDs." (Wikipedia)
What if you're running a disk farm of several thousand drives?
No, LABELs don't scale well.
> If I read your message above, you are having trouble understanding how
> to use the UUID/PARTUUID system for identifying partitions on disks.
> I suggest that you don't need to use it, and if you don't use it you
> don't need to understand it.
That's ok until Debian does something behind your back that catches
you out. For example, GRUB uses UUIDs, whereas I prefer LABELs. But I
have to understand what GRUB/Debian Installer/Upgrade is doing so I
can mitigate the effects.
> I was once troubled by a similar situation when Debian first started to
> use UUID, until I realized that for some disks, I had no intention
> of ever changing the partion structure that was put there initially.
Hm. Never say never.
> For disks that I did have some special use and some ideas about how
> that special use might change in the future, I put LABEL=... on their
> partitions and used LABEL= paradigm to identify the partitions. This
> is what I do with all my external drives. And I put sticker on the
> outside of the drive enclosure with the LABEL= value written with a
> ball point pen on it. It is my personal responsibility to myself that
> I never put the same LABEL= value on two different disks.
I agree. All my disks, internal and external are named and labelled
just so. But I have so few, and all in different rôles. If I had lots,
I wouldn't bother.
> You can even
> put a LABEL= value on the root system disk that is always /dev/sda1
> during installation. I suggest that you use LABEL=sda1.
Bad idea. The names should not be loaded with extra meaning. My
partition labelling *is* overloaded: mama01, 02 ... but I'm prepared
to live with the necessary constraints: creating them in the correct
order, and not resizing/creating new partitions afterwards unless I
make a clean sweep of it.
What if you/(s)he were to take a disk labelled sda1 and put it in
another computer to clone/recover/whatever it. Now it sits in a box
where there's a /dev/sda1 and a /dev/sdb1 but the latter is called
sda1. A recipe for disaster.
> As I see it, the only benefit that you the user get from using the
> UUID/PARTUUID system is that if some Linux user is browsing through
> the internals of what is written on your disk, he may wonder where
> you got the software to do that and treat you with a little more
> respect. Let me assure you, you are not Rodney Dangerfield
Eh?
Cheers,
David.
Reply to: