Please unsubscribe..
Thank you. On Fri, Jan 11, 2013 at 2:49 PM, Trek <tre...@inbox.ru> wrote: > Package: partman-crypto > Version: 56 > > Hi, > > I think that using udev persistent device naming in /etc/crypttab > would be useful to prevent some dangerous situation, like the > following one. > > I have a 3 disks setup with the first two in raid mode and the third as > archive. The swap partitions are encrypted with dm-crypt and out of the > raid. After the install /etc/crypttab contains: > > sda1_crypt /dev/sda1 /dev/urandom cipher=aes-xts-plain64,size=256,swap > sdb1_crypt /dev/sdb1 /dev/urandom cipher=aes-xts-plain64,size=256,swap > > When the first or the second disk fails or begin removed, sdc is renamed > sdb and the first partition (that unlucky was not a swap partition) is > overwritten. The recover of the filesystem was not automatic and > required to rewrite with zeros all the sectors overwritten by encrypted > data, as explained by that mail message: > > https://www.redhat.com/archives/ext3-users/2011-January/msg00010.html > > > As dm-crypt without luks do not supports UUIDs, udev persistent naming > should prevent this situation in a safe manner, mapping the device and > doing mkswap or mkfs only if the partition is exactly on the disk > selected by the installer. In other cases it fails, that is safer than > doing mkswap on random partitions. > > I have attached an untested patch to partman-crypto that should address > this issue. As this is my first look of debian installer sources, this > patch is not intended to be applied as is, but as a detailed > explanation of the fix. The /etc/crypttab would be: > > sda1_crypt /dev/disk/by-id/scsi-NAME-SERIAL-part1 /dev/urandom ... > > > This bug affects both squeeze and wheezy. > > Ciao
