Debian Bug report logs - #587222
cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it

version graph

Package: cryptsetup; Maintainer for cryptsetup is Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>; Source for cryptsetup is src:cryptsetup.

Reported by: Christoph Anton Mitterer <calestyo@scientia.net>

Date: Sat, 26 Jun 2010 11:33:01 UTC

Severity: normal

Found in version cryptsetup/2:1.1.2-1

Fixed in version cryptsetup/2:1.1.3-1

Done: Jonas Meurer <mejo@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Sat, 26 Jun 2010 11:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
New Bug report received and forwarded. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Sat, 26 Jun 2010 11:33:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Sat, 26 Jun 2010 13:28:26 +0200
Package: cryptsetup
Version: 2:1.1.2-1
Severity: normal


Hi Jonas.

This is rather for the records, than a real bug.

I'm currently investigating in the problems that occur, when having fully
encrypted systems (root-fs on dm-crypt) and the block layers are even stacked
(e.g. with lvm2, mdadm, etc).

I noticed a problem in lvm2, that when the root-fs is on top of lvm, it cannot
close the VG on shutdown/reboot, as / is only remounted-ro (which even happens
after lvm2 stop)... anyway.

The same problem must obviously appear with cryptsetup.
However, I never saw a warning.

Do you generally not warn, if devices could not be closed, or just for root?
If you generally do not warn that could be a problem, if e.g. users set up
dm-crypt devices on a loopback device, because people wouldn not notice,
if closing of dm-crypt device did not work, and therfore also not closing
of the loopback device and clean unmounting of the underlaying filesystem.

For the root-fs it could be a problem, if it's not secured that on the
remount,ro of the root-fs just before halt/reboot, everything that the
fs worte out, has already passed dm-crypt (and further) layer to the disk.
I'll ask at lkml on how this works.


Cheers,
Chris.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Sat, 26 Jun 2010 22:36:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonas Meurer <jonas@freesources.org>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Sat, 26 Jun 2010 22:36:06 GMT) Full text and rfc822 format available.

Message #10 received at 587222@bugs.debian.org (full text, mbox):

From: Jonas Meurer <jonas@freesources.org>
To: Christoph Anton Mitterer <calestyo@scientia.net>, 587222@bugs.debian.org
Subject: Re: [pkg-cryptsetup-devel] Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Sun, 27 Jun 2010 00:34:17 +0200
[Message part 1 (text/plain, inline)]
Hey Christoph,

On 26/06/2010 Christoph Anton Mitterer wrote:
> This is rather for the records, than a real bug.

To be honest, I don't like the idea of using the bug tracking system as
a discussion archive. As maintainer, I like to keep the count of open
bugs against packages low. It's generally better to document
controversial topics in the package or at documentation pages.

Maybe it's time to setup a cryptsetup wiki page at wiki.debian.org,
which documents all these discussion we have. I don't have the time to
maintain it, so feel free to setup, as long as mention all arguments,
and try to keep the documentation neutral ;-)

> I'm currently investigating in the problems that occur, when having fully
> encrypted systems (root-fs on dm-crypt) and the block layers are even stacked
> (e.g. with lvm2, mdadm, etc).
> 
> I noticed a problem in lvm2, that when the root-fs is on top of lvm, it cannot
> close the VG on shutdown/reboot, as / is only remounted-ro (which even happens
> after lvm2 stop)... anyway.

this is a real problem, and I'm glad that you started the discussion
at the linux kernel mailinglist. It would be great to fix the shutdown
process in debian in a way that all keys are wiped from memory.

> The same problem must obviously appear with cryptsetup.
> However, I never saw a warning.
>
> Do you generally not warn, if devices could not be closed, or just for root?
> If you generally do not warn that could be a problem, if e.g. users set up
> dm-crypt devices on a loopback device, because people wouldn not notice,
> if closing of dm-crypt device did not work, and therfore also not closing
> of the loopback device and clean unmounting of the underlaying filesystem.

both init scripts tell you that the to-be-stopped dm-crypt device is
still busy. Just run '/etc/init.d/cryptdisks stop' on your running
system to see what happens:

Stopping early crypto disks...cswap1 (busy)...ctemp1 (busy)...clvm1 (busy)...done.

This for sure holds as well for encrypted root devices. Both at
'cryptdisks stop' and at 'cryptdisks-early' stop, you see the message:

Stopping remaining crypto disks...hda2_crypt (busy)...done.

> For the root-fs it could be a problem, if it's not secured that on the
> remount,ro of the root-fs just before halt/reboot, everything that the
> fs worte out, has already passed dm-crypt (and further) layer to the disk.
> I'll ask at lkml on how this works.

I think that this already became clear in the discussion: remount,ro
should be enough to prevent data loss. But it's not enough security
wise, as the dm-crypt key still is in memory.

Next cryptsetup package upload should fix the boot/halt order of
cryptdisks(-early) initscripts for non-root encryption. But I don't know
a solution for encrypted root devices, and I've never heard about
haltramfs or something like that.

To secure the locking of non-root encryption even more, I'd like to run
luksSuspend for devices where luksClose fails.

Milan, if you're reading this: does luksSuspend work for plain dm-crypt
devices as well?

greetings,
 jonas
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Sat, 26 Jun 2010 22:51:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Sat, 26 Jun 2010 22:51:06 GMT) Full text and rfc822 format available.

Message #15 received at 587222@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: Jonas Meurer <jonas@freesources.org>, 587222@bugs.debian.org
Subject: Re: [pkg-cryptsetup-devel] Bug#587222: Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Sun, 27 Jun 2010 00:47:40 +0200
On Sun, 2010-06-27 at 00:34 +0200, Jonas Meurer wrote:
> To be honest, I don't like the idea of using the bug tracking system
> as
> a discussion archive. As maintainer, I like to keep the count of open
> bugs against packages low. It's generally better to document
> controversial topics in the package or at documentation pages.
Well,... actually it is a bug,.. it's however probably not limited to
Debian itself.


> Maybe it's time to setup a cryptsetup wiki page at wiki.debian.org,
> which documents all these discussion we have. I don't have the time to
> maintain it, so feel free to setup, as long as mention all arguments,
> and try to keep the documentation neutral ;-)
Don't think that a wiki will help much, as it's a development issue,.. I
guess that we have to bring all "affected" maintainers (at least
lvm2,mdadm,dm-crypt) to one table.
I was about to write an email to all you guys,... describing the problem
in detail, and asking what everybody would like to do,... but I can of
course skip you if you're currently not interested.


> this is a real problem, and I'm glad that you started the discussion
> at the linux kernel mailinglist. It would be great to fix the shutdown
> process in debian in a way that all keys are wiped from memory.
If you're glad I don't understand why you dislike this bug...


> both init scripts tell you that the to-be-stopped dm-crypt device is
> still busy. Just run '/etc/init.d/cryptdisks stop' on your running
> system to see what happens:
> 
> Stopping early crypto disks...cswap1 (busy)...ctemp1 (busy)...clvm1
> (busy)...done.
Ah ok,.. I know why I didn't notice... it seems you don't let the
initscript action fail, if some were still busy. lvm2 does,.. so I see
the big red "failed" ;)


> I think that this already became clear in the discussion: remount,ro
> should be enough to prevent data loss. But it's not enough security
> wise, as the dm-crypt key still is in memory.
Yes....


> Next cryptsetup package upload should fix the boot/halt order of
> cryptdisks(-early) initscripts for non-root encryption. But I don't
> know
> a solution for encrypted root devices, and I've never heard about
> haltramfs or something like that.
I guess the best idea is if we discuss the security thingy for
root-devices at lkml.


May I propose, that if doing cryptdisks-[early] stop,... and some
devices could not be stopped, you give an status of failure back.
Then it will be more clear that this action has failed,... and I guess
we can close this bug.



Cheers,
Chris.





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Sun, 27 Jun 2010 00:03:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonas Meurer <jonas@freesources.org>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Sun, 27 Jun 2010 00:03:06 GMT) Full text and rfc822 format available.

Message #20 received at 587222@bugs.debian.org (full text, mbox):

From: Jonas Meurer <jonas@freesources.org>
To: Christoph Anton Mitterer <calestyo@scientia.net>
Cc: Jonas Meurer <jonas@freesources.org>, 587222@bugs.debian.org
Subject: Re: [pkg-cryptsetup-devel] Bug#587222: Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Sun, 27 Jun 2010 02:01:39 +0200
[Message part 1 (text/plain, inline)]
Hey again,

On 27/06/2010 Christoph Anton Mitterer wrote:
> On Sun, 2010-06-27 at 00:34 +0200, Jonas Meurer wrote:
> > To be honest, I don't like the idea of using the bug tracking system
> > as
> > a discussion archive. As maintainer, I like to keep the count of open
> > bugs against packages low. It's generally better to document
> > controversial topics in the package or at documentation pages.
> Well,... actually it is a bug,.. it's however probably not limited to
> Debian itself.
> 
> 
> > Maybe it's time to setup a cryptsetup wiki page at wiki.debian.org,
> > which documents all these discussion we have. I don't have the time to
> > maintain it, so feel free to setup, as long as mention all arguments,
> > and try to keep the documentation neutral ;-)
> Don't think that a wiki will help much, as it's a development issue,.. I
> guess that we have to bring all "affected" maintainers (at least
> lvm2,mdadm,dm-crypt) to one table.
> I was about to write an email to all you guys,... describing the problem
> in detail, and asking what everybody would like to do,... but I can of
> course skip you if you're currently not interested.
> 
> 
> > this is a real problem, and I'm glad that you started the discussion
> > at the linux kernel mailinglist. It would be great to fix the shutdown
> > process in debian in a way that all keys are wiped from memory.
> If you're glad I don't understand why you dislike this bug...

I don't dislike the bug, just the introduction "this is rather for the
records, than a real bug." But never mind, that's not important at all.

> > both init scripts tell you that the to-be-stopped dm-crypt device is
> > still busy. Just run '/etc/init.d/cryptdisks stop' on your running
> > system to see what happens:
> > 
> > Stopping early crypto disks...cswap1 (busy)...ctemp1 (busy)...clvm1
> > (busy)...done.
> Ah ok,.. I know why I didn't notice... it seems you don't let the
> initscript action fail, if some were still busy. lvm2 does,.. so I see
> the big red "failed" ;)
> 
> 
> > I think that this already became clear in the discussion: remount,ro
> > should be enough to prevent data loss. But it's not enough security
> > wise, as the dm-crypt key still is in memory.
> Yes....
> 
> 
> > Next cryptsetup package upload should fix the boot/halt order of
> > cryptdisks(-early) initscripts for non-root encryption. But I don't
> > know
> > a solution for encrypted root devices, and I've never heard about
> > haltramfs or something like that.
> I guess the best idea is if we discuss the security thingy for
> root-devices at lkml.
> 
> 
> May I propose, that if doing cryptdisks-[early] stop,... and some
> devices could not be stopped, you give an status of failure back.
> Then it will be more clear that this action has failed,... and I guess
> we can close this bug.

agreed, but only for cryptdisks-early. 'cryptdisks stop' is invoked
at first in shutdown process, and it's intended to allow dm-crypt
devices to be busy, for example if they contain lvm volumes.

I just  tried to implement this in svn trunk. Would be great if you
could test it.

greetings,
 jonas
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Sun, 27 Jun 2010 00:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Sun, 27 Jun 2010 00:09:03 GMT) Full text and rfc822 format available.

Message #25 received at 587222@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: 587222@bugs.debian.org
Subject: Re: [pkg-cryptsetup-devel] Bug#587222: Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Sun, 27 Jun 2010 02:05:52 +0200
On Sun, 2010-06-27 at 02:01 +0200, Jonas Meurer wrote:
> I don't dislike the bug, just the introduction "this is rather for the
> records, than a real bug." But never mind, that's not important at all.
Sorry for that :)

See what I'm just editing at
http://wiki.debian.org/AdvancedStartupShutdownWithMultilayeredBlockDevices

> agreed, but only for cryptdisks-early. 'cryptdisks stop' is invoked
> at first in shutdown process, and it's intended to allow dm-crypt
> devices to be busy, for example if they contain lvm volumes.
Guess that's ok,.. but OTOH,.. it should not harm to print a "failed"
then either.... because the user then better sees that there might be
sth. wrong.


> I just  tried to implement this in svn trunk. Would be great if you
> could test it.
I'll put this email on my todo list and check ASAP :)


Cheers,
Chris.





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Sun, 27 Jun 2010 09:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonas Meurer <jonas@freesources.org>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Sun, 27 Jun 2010 09:33:04 GMT) Full text and rfc822 format available.

Message #30 received at 587222@bugs.debian.org (full text, mbox):

From: Jonas Meurer <jonas@freesources.org>
To: Christoph Anton Mitterer <calestyo@scientia.net>, 587222@bugs.debian.org
Subject: Re: [pkg-cryptsetup-devel] Bug#587222: Bug#587222: Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Sun, 27 Jun 2010 11:31:37 +0200
[Message part 1 (text/plain, inline)]
hey Christoph,

On 27/06/2010 Christoph Anton Mitterer wrote:
> On Sun, 2010-06-27 at 02:01 +0200, Jonas Meurer wrote:
> > I don't dislike the bug, just the introduction "this is rather for the
> > records, than a real bug." But never mind, that's not important at all.
> Sorry for that :)
> 
> See what I'm just editing at
> http://wiki.debian.org/AdvancedStartupShutdownWithMultilayeredBlockDevices

great, let's see what others think. unfortunately i'll be very busy in
summer, and won't have much time to participate in this discussion. i'll
however try to follow it, and comment when i find time.

> > agreed, but only for cryptdisks-early. 'cryptdisks stop' is invoked
> > at first in shutdown process, and it's intended to allow dm-crypt
> > devices to be busy, for example if they contain lvm volumes.
> Guess that's ok,.. but OTOH,.. it should not harm to print a "failed"
> then either.... because the user then better sees that there might be
> sth. wrong.

as both cryptdisks init script run in the boot/halt process, users
already see the warnings:

boot process:

cryptdisks-early start -> silent
cryptdisks start       -> prints warnings

shutdown process:

cryptdisks stop        -> silent
cryptdisks-early stop  -> prints warnings

> > I just  tried to implement this in svn trunk. Would be great if you
> > could test it.
> I'll put this email on my todo list and check ASAP :)

that would be great. i tested it on my system, and it seems to work.
will test it on some kvm setups before uploading, but more testers are
always welcome, so your report would be much appreciated, before I
upload the new package (which I inted to do within the next three days).

greetings,
 jonas
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Sun, 27 Jun 2010 09:51:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Milan Broz <mbroz@redhat.com>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Sun, 27 Jun 2010 09:51:07 GMT) Full text and rfc822 format available.

Message #35 received at 587222@bugs.debian.org (full text, mbox):

From: Milan Broz <mbroz@redhat.com>
To: Jonas Meurer <jonas@freesources.org>, 587222@bugs.debian.org
Cc: Christoph Anton Mitterer <calestyo@scientia.net>
Subject: Re: Bug#587222: [pkg-cryptsetup-devel] Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Sun, 27 Jun 2010 11:46:37 +0200
On 06/27/2010 12:34 AM, Jonas Meurer wrote:
> Milan, if you're reading this: does luksSuspend work for plain dm-crypt
> devices as well?

yep, I am reading this just have no time to respond to all of these Debian reports:-)

You cannot use luksSuspend for plain device, but you can use dmsetup.

I described this long time ago here (probably before luksSuspend was even implemented)
 http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/2859

Maybe I can add some "kill key" for plain device command to cryptsetup?

(The problem is that in LUKS you can check that calculated key is correct,
so luksResume is possible. In plain crypt device you are simple providing key
so there cannot be perfect equivalent of Resume - any key will fit and if
it is not correct, you data will be corrupted later.)

Milan




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Sun, 27 Jun 2010 10:03:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonas Meurer <jonas@freesources.org>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Sun, 27 Jun 2010 10:03:06 GMT) Full text and rfc822 format available.

Message #40 received at 587222@bugs.debian.org (full text, mbox):

From: Jonas Meurer <jonas@freesources.org>
To: Milan Broz <mbroz@redhat.com>
Cc: 587222@bugs.debian.org, Christoph Anton Mitterer <calestyo@scientia.net>
Subject: Re: Bug#587222: [pkg-cryptsetup-devel] Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Sun, 27 Jun 2010 12:00:36 +0200
[Message part 1 (text/plain, inline)]
Hey Milan,

On 27/06/2010 Milan Broz wrote:
> On 06/27/2010 12:34 AM, Jonas Meurer wrote:
> >Milan, if you're reading this: does luksSuspend work for plain dm-crypt
> >devices as well?
> 
> yep, I am reading this just have no time to respond to all of these Debian reports:-)

quite understandable. just don't reply if you don't have the time to do
so ;-) it would be great if you could help with upstream issues (i.e.
#586120, #584174, #586286) and i'll try to cope with the remaining,
distro-specific issues. you already do a great job at maintaining
cryptsetup!!!

> You cannot use luksSuspend for plain device, but you can use dmsetup.
> 
> I described this long time ago here (probably before luksSuspend was even implemented)
>  http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/2859
> 
> Maybe I can add some "kill key" for plain device command to cryptsetup?
> 
> (The problem is that in LUKS you can check that calculated key is correct,
> so luksResume is possible. In plain crypt device you are simple providing key
> so there cannot be perfect equivalent of Resume - any key will fit and if
> it is not correct, you data will be corrupted later.)

i'm not sure whether wiping the key at shutdown process is a good idea
at all. properly removing/luksClosing should work on clean setups, and
force-wiping the key could lead to data corruption if i got it right.
thus a clear warning that remove/luksClose failed is my favourite.

greetings,
 jonas
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Sun, 27 Jun 2010 12:15:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Sun, 27 Jun 2010 12:15:05 GMT) Full text and rfc822 format available.

Message #45 received at 587222@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: 587222@bugs.debian.org
Subject: Re: Bug#587222: [pkg-cryptsetup-devel] Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Sun, 27 Jun 2010 14:10:34 +0200
On Sun, 2010-06-27 at 11:46 +0200, Milan Broz wrote:
> You cannot use luksSuspend for plain device, but you can use dmsetup.
> I described this long time ago here (probably before luksSuspend was
> even implemented)
> 
> http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/2859
> Maybe I can add some "kill key" for plain device command to
> cryptsetup?
I guess that would be nice, because then we wouldn't have to use the
underlying thingy so often directly, which is IMHO cleaner


> (The problem is that in LUKS you can check that calculated key is
> correct,
> so luksResume is possible. In plain crypt device you are simple
> providing key
> so there cannot be perfect equivalent of Resume - any key will fit and
> if
> it is not correct, you data will be corrupted later.)
Isn't that solved by our nice checkscripts which test wheter any known
filesystem was decrypted?
But this is not yet used within initramfs images, right?
And probably not at all with resume-devices...?


Nevertheless,... I got this right, the neither luksSuspend nor deleting
the key directly via dmsetup, works for root-fs, right?

So...
a) we still need to solve that
b) If e.g. Jonas would simply delete all remaining keys via dmsetup in
the end.... would we end up with data corruption (if someone
reads/writes form/to root-fs)?
c) we should try to not produce useless error messages


Cheers,
Chris.





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Sun, 27 Jun 2010 12:21:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Sun, 27 Jun 2010 12:21:09 GMT) Full text and rfc822 format available.

Message #50 received at 587222@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: 587222@bugs.debian.org
Subject: Re: Bug#587222: [pkg-cryptsetup-devel] Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Sun, 27 Jun 2010 14:19:10 +0200
On Sun, 2010-06-27 at 12:00 +0200, Jonas Meurer wrote:
> you already do a great job at maintaining
> cryptsetup!!!
fully seconded :)


> i'm not sure whether wiping the key at shutdown process is a good idea
> at all. properly removing/luksClosing should work on clean setups, and
> force-wiping the key could lead to data corruption if i got it right.
> thus a clear warning that remove/luksClose failed is my favourite.
I guess he's referring to the root-fs on top of dm-crypt thingy,...
(which you can't close cleanly)


Cheers,
Chris.





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Wed, 30 Jun 2010 21:03:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Wed, 30 Jun 2010 21:03:06 GMT) Full text and rfc822 format available.

Message #55 received at 587222@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: 587222@bugs.debian.org
Subject: Re: [pkg-cryptsetup-devel] Bug#587222: Bug#587222: Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Wed, 30 Jun 2010 22:58:57 +0200
Hi.

sorry for the delay

On Sun, 2010-06-27 at 11:31 +0200, Jonas Meurer wrote:
> great, let's see what others think. unfortunately i'll be very busy in
> summer, and won't have much time to participate in this discussion. i'll
> however try to follow it, and comment when i find time.
I'm already planning a rather mighty solution,... but I guess it's
unlikely that it will be accepted ;)


> that would be great. i tested it on my system, and it seems to work.
> will test it on some kvm setups before uploading, but more testers are
> always welcome, so your report would be much appreciated, before I
> upload the new package (which I inted to do within the next three days).
Seems to be ok,... 

Cheers,
Chris.





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Fri, 02 Jul 2010 20:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Fri, 02 Jul 2010 20:45:03 GMT) Full text and rfc822 format available.

Message #60 received at 587222@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <calestyo@scientia.net>
To: 587222@bugs.debian.org
Cc: Jonas Meurer <jonas@freesources.org>
Subject: Re: [pkg-cryptsetup-devel] Bug#587222: Bug#587222: Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Fri, 02 Jul 2010 22:43:49 +0200
Hi Jonas.

I've just double checked my system (where I boot from USB; and root-fs
is also encrypted)... and with the current sid version of cryptsetup.

Set HALT=halt in /etc/defaults/halt to see what's printed in then end.

There is no cryptsetup warning at all... any idea what could hide this?


Cheers,
Chris.





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Sat, 03 Jul 2010 22:45:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Sat, 03 Jul 2010 22:45:02 GMT) Full text and rfc822 format available.

Message #65 received at 587222@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>
To: 587222@bugs.debian.org
Subject: Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Sun, 04 Jul 2010 00:40:40 +0200
And as addition:

When doing (on an already opened and mounted dm-crypt device)...
1) cryptdisk_start foo...
it says it's already running,... and $? = 0
Which is ok so :)

but on:
2) cryptdisk_stop foo...
it says it's busy,... _BUT_ $? = 0
which should be non-zero I guess.


Cheers,
Chris.





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Wed, 07 Jul 2010 18:39:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonas Meurer <jonas@freesources.org>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Wed, 07 Jul 2010 18:39:05 GMT) Full text and rfc822 format available.

Message #70 received at 587222@bugs.debian.org (full text, mbox):

From: Jonas Meurer <jonas@freesources.org>
To: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>, 587222@bugs.debian.org
Subject: Re: [pkg-cryptsetup-devel] Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Wed, 7 Jul 2010 20:33:55 +0200
[Message part 1 (text/plain, inline)]
hey christoph,

On 04/07/2010 Christoph Anton Mitterer wrote:
> And as addition:
> 
> When doing (on an already opened and mounted dm-crypt device)...
> 1) cryptdisk_start foo...
> it says it's already running,... and $? = 0
> Which is ok so :)
> 
> but on:
> 2) cryptdisk_stop foo...
> it says it's busy,... _BUT_ $? = 0
> which should be non-zero I guess.

this should be fixed in svn now. mind to give it a try again?

greetings,
 jonas
[signature.asc (application/pgp-signature, inline)]

Added tag(s) pending. Request was from Jonas Meurer <mejo@debian.org> to control@bugs.debian.org. (Sat, 10 Jul 2010 11:51:09 GMT) Full text and rfc822 format available.

Reply sent to Jonas Meurer <mejo@debian.org>:
You have taken responsibility. (Sat, 10 Jul 2010 13:21:41 GMT) Full text and rfc822 format available.

Notification sent to Christoph Anton Mitterer <calestyo@scientia.net>:
Bug acknowledged by developer. (Sat, 10 Jul 2010 13:21:41 GMT) Full text and rfc822 format available.

Message #77 received at 587222-close@bugs.debian.org (full text, mbox):

From: Jonas Meurer <mejo@debian.org>
To: 587222-close@bugs.debian.org
Subject: Bug#587222: fixed in cryptsetup 2:1.1.3-1
Date: Sat, 10 Jul 2010 13:17:10 +0000
Source: cryptsetup
Source-Version: 2:1.1.3-1

We believe that the bug you reported is fixed in the latest version of
cryptsetup, which is due to be installed in the Debian FTP archive:

cryptsetup-udeb_1.1.3-1_amd64.udeb
  to main/c/cryptsetup/cryptsetup-udeb_1.1.3-1_amd64.udeb
cryptsetup_1.1.3-1.debian.tar.gz
  to main/c/cryptsetup/cryptsetup_1.1.3-1.debian.tar.gz
cryptsetup_1.1.3-1.dsc
  to main/c/cryptsetup/cryptsetup_1.1.3-1.dsc
cryptsetup_1.1.3-1_amd64.deb
  to main/c/cryptsetup/cryptsetup_1.1.3-1_amd64.deb
cryptsetup_1.1.3.orig.tar.bz2
  to main/c/cryptsetup/cryptsetup_1.1.3.orig.tar.bz2
libcryptsetup-dev_1.1.3-1_amd64.deb
  to main/c/cryptsetup/libcryptsetup-dev_1.1.3-1_amd64.deb
libcryptsetup1_1.1.3-1_amd64.deb
  to main/c/cryptsetup/libcryptsetup1_1.1.3-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 587222@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonas Meurer <mejo@debian.org> (supplier of updated cryptsetup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 10 Jul 2010 14:32:40 +0200
Source: cryptsetup
Binary: cryptsetup cryptsetup-udeb libcryptsetup1 libcryptsetup-dev
Architecture: source amd64
Version: 2:1.1.3-1
Distribution: unstable
Urgency: low
Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>
Changed-By: Jonas Meurer <mejo@debian.org>
Description: 
 cryptsetup - configures encrypted block devices
 cryptsetup-udeb - configures encrypted block devices (udeb)
 libcryptsetup-dev - libcryptsetup development files
 libcryptsetup1 - libcryptsetup shared library
Closes: 554506 575024 575652 576646 581712 585099 585418 585496 585664 585787 586019 586122 586162 586299 587220 587222 587224 588068
Changes: 
 cryptsetup (2:1.1.3-1) unstable; urgency=low
 .
   * new upstream release:
     - fix device alignment ioctl calls parameters for archs like ppc64.
     - fix activate_by_* API calls to handle NULL device name as documented
     - fix udev support for old libdevmapper with not compatible definition
   * fix rm_lo_setup() in cryptdisks.functions for failed device setup. thanks
     to Roger Pettersson. (closes: #581712)
   * add X-Stop-After headers to cryptdisks(-early) initscripts. this fixes
     shutdown process for system without encrypted rootfs at least. thanks to
     Alfredo Finelli. (closes: #575652)
   * more merges from ubuntu, thanks to and Steve Langasek (closes: #575024):
     - debian/cryptdisk.functions: initially create the device under a temporary
       name and rename it only at the end using 'dmsetup rename', to ensure that
       upstart/mountall doesn't see our device before it's ready to go.
       LP: #475936.
     - cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for
       changing the permissions of the filesystem root, not directly on /tmp,
       since mounting on /tmp a) is racy, b) confuses mountall something fierce.
       LP: #475936.
   * fix manpage checkscripts documentation. clarify that both cryptdisks and
     cryptroot invoke checkscripts. thanks Christoph Anton Mitterer.
   * remove quotes from $KEYSCRIPT invokation, thanks Alexandre Rossi.
     (closes: #585099)
   * fix support for commandline options to mkfs in luksformat. thanks to Eduard
     Bloch again for bugreport and patch. (closes: #585787)
   * remove duplicates from debian/NEWS, thanks Steve Langasek (closes: 586019)
   * improve documentation on environment variables in cryptdisks.default and
     crypttab manpage. thanks Christoph Anton Mitterer. (closes: #585664)
   * several improvements to (pre)check scripts, inspired by scripts from
     Christoph Anton Mitterer (closes: #585418, #585496)
     - checkscripts exit with error 1 if executables aren't available.
     - ext2, swap and xfs scripts are depreciated and invoke blkid script.
     - drop filtering of minix filesystem in blkid, util-linux 2.17.2 in debian
     - remove *vol_id check scripts, vol_id isn't available in debian any longer
     - don't use sed in *blkid check scripts any longer
   * fix initramfs/cryptroot-hook to canonicalize $device in get_resume_devices
     function. this should really weed out all duplicates. (closes: #586122),
     and catch all udev/device-mapper symlink setups as well (closes: #554506)
   * bash-completion file now in pck bash-completion (closes: #586299, #586162)
   * add a paragraph about the boot order of init scripts to README.Debian,
     describing the current catch-22 situation. (closes: #576646)
   * initscripts and cryptdisks_st* no longer silently quit in case that include
     file /lib/cryptsetup/cryptdisks.functions is missing. (closes: #587220)
   * fix cryptdisks-early LSB headers to restore legacy boot sequence order.
     mdadm-raid was started before cryptdisks-early. (closes: #587224)
   * cryptdisks initscript now raises a warning for failed started devices, and
     cryptdisks-early initscript raises a warning for failed stopped devices.
     this makes the initscript actions far more transparent to users. same holds
     for cryptdisks_st*. thanks to Christoph Anton Mitterer. (closes: #587222)
   * remove lintian overrides init.d-script-should-depend-on-virtual-facility
     as lintian lintian 2.4.2 has fixed #580082.
   * bump standards-version to 3.9.0, remove version information from replaces/
     provides/conflicts against cryptsetup-luks, change conflicts against
     hashalot (<= 0.3-1) to breaks hashalot (<< 0.3-1) and add replaces.
   * fix loads of typos, thanks to Christoph Anton Mitterer. (closes: #588068)
   * update copyright years and list Milan Broz in debian/copyright
Checksums-Sha1: 
 f423776f6297d4c1779fa79e3a1179d7e1a3711f 1844 cryptsetup_1.1.3-1.dsc
 6f8a4c9a80a0d25f8492dfce6db6abed221598f6 499276 cryptsetup_1.1.3.orig.tar.bz2
 87499331d74cc6672eab9d730929753e283e18f2 73036 cryptsetup_1.1.3-1.debian.tar.gz
 d3bbc36144059e8711ebccaa88de190cd035d4f7 412762 cryptsetup_1.1.3-1_amd64.deb
 c9fb3b0ce7a28147a79097a411a711194805ef6a 297470 cryptsetup-udeb_1.1.3-1_amd64.udeb
 588ddce1f21b5f61db3f3d084e2b10db8ecb7f2d 77078 libcryptsetup1_1.1.3-1_amd64.deb
 91036332b4dde0a3e7e83f7fc5003943433cc6e2 41072 libcryptsetup-dev_1.1.3-1_amd64.deb
Checksums-Sha256: 
 3fa939def9bc5d6d55fdf4294c97427cd44df3b0edc90de0c7e0387514828fb6 1844 cryptsetup_1.1.3-1.dsc
 9c8e68a272f6d9cfb6cd65cc0743f4c44a2096c61f74e0602bf40208b5e69c0a 499276 cryptsetup_1.1.3.orig.tar.bz2
 192bb74e169255be98f5aed7105c80d9da681728b632b81957b1943f7ad39bdd 73036 cryptsetup_1.1.3-1.debian.tar.gz
 0a6d759643b073fb52723d27e216922b2e1905ea54840faa90d40297210ebe3b 412762 cryptsetup_1.1.3-1_amd64.deb
 2379a71e6cbb10be65c5051b7b20b839f39a8d3231026db21468c6de37656a05 297470 cryptsetup-udeb_1.1.3-1_amd64.udeb
 ac4a84e4703c7c944ac7782c5cd7c169bac32ab8d521ca53d7aeb1c76d9dfc39 77078 libcryptsetup1_1.1.3-1_amd64.deb
 9e2e6d9eb81358c00863d45d037167cbf9b73a483ce63a85b0e3d27ee453886e 41072 libcryptsetup-dev_1.1.3-1_amd64.deb
Files: 
 e3a4e032b01ded88dc376262c982b422 1844 admin optional cryptsetup_1.1.3-1.dsc
 318a64470861ea5b92a52f2014f1e7c1 499276 admin optional cryptsetup_1.1.3.orig.tar.bz2
 001520ca62db51930cd1d1ca883fc249 73036 admin optional cryptsetup_1.1.3-1.debian.tar.gz
 de3a714955cb77d730553aac29638e36 412762 admin optional cryptsetup_1.1.3-1_amd64.deb
 b819572d6ba96c40c8d2e79ab83653d5 297470 debian-installer optional cryptsetup-udeb_1.1.3-1_amd64.udeb
 0ed309cfeb9b16cca4ef7984928bef48 77078 libs optional libcryptsetup1_1.1.3-1_amd64.deb
 35cdd38f1ec3550409e814d8eed55240 41072 libdevel optional libcryptsetup-dev_1.1.3-1_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCAAGBQJMOGnEAAoJEHUY1PcOVR4zmeEH/3O81UW7w//flCuswQkvA23L
rWqa0z8g1p/H4aUutfcdFmILj4aci5KuM5pvYcdeZmJImXZbka7/CnuNtzaZuM/7
2IxhrYA49KbocAF8Zu6wAvHD/5qRpujabVJcrSA3GQtHga2YO41wjOCS9RRSHl89
XMQ7vslHozH/JQGFxV6GuvgnjQNu/E9l0rmuxeWGJijwbpdVe6vVUQEF3tievs5M
Rdv1Ol0b/JtmWo+m6Erp5yXk5MXtxUi3IqmsFSPuNv3MiuM6etgL1rzMHN4g9pGZ
V16AwY2LnyoJuMWDUBGT4xvhP7ZVCCYAiFXQoKs5cOCitrPU7Y+kX2Rm4gHnfjQ=
=lXmi
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>:
Bug#587222; Package cryptsetup. (Sun, 18 Jul 2010 16:12:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>:
Extra info received and forwarded to list. Copy sent to Debian Cryptsetup Team <pkg-cryptsetup-devel@lists.alioth.debian.org>. (Sun, 18 Jul 2010 16:12:03 GMT) Full text and rfc822 format available.

Message #82 received at 587222@bugs.debian.org (full text, mbox):

From: Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de>
To: Jonas Meurer <jonas@freesources.org>
Cc: 587222@bugs.debian.org
Subject: Re: [pkg-cryptsetup-devel] Bug#587222: cryptsetup does not/cannot close dm-crypt devices, if root-fs is on it, but does also not warn about it
Date: Sun, 18 Jul 2010 18:09:07 +0200
[Message part 1 (text/plain, inline)]
Hi.

On Wed, 2010-07-07 at 20:33 +0200, Jonas Meurer wrote:
> this should be fixed in svn now. mind to give it a try again?
It seems this works now I guess,.. but I have not yet much time to look
at it. But I'll soon continue to have a closer look at the cryptsetup
package :)
At least I get a failed now when shutting down :)

But what I do not yet understand is,.. IIRC you said you fail only at
either cryptdisks or cryptdisks-early when stopping does not work,.. and
vice versa when starting did not work...

What was the reason for not failing in both cases always?
I guess if starting did not work (because it was already opened) there
does not have to be a warning at all...



Cheers,
Chris.

btw: Guess we can close that,.. if not already done so.
[smime.p7s (application/x-pkcs7-signature, attachment)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 18 Aug 2010 07:33:47 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 11:14:06 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.