[18.10 FEAT] Support 4k sectors for fast clear key dm-crypt - crypttab part

Bug #1776626 reported by bugproxy on 2018-06-13
20
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
High
Canonical Foundations Team
cryptsetup (Ubuntu)
Undecided
Unassigned
Bionic
Undecided
Unassigned
systemd (Ubuntu)
Undecided
Skipper Bug Screeners
Bionic
Undecided
Unassigned

Bug Description

[Impact]

 * cryptsetup in bionic supports creating luks volumes with a non-standard sector-size option, and thus this option also needs to be used when activating the LUKS volumes. Add sector-size= option support to /etc/crypttab.

[Test Case]

 * Create a plain LUKS volume with sector-size 4096
 * Specify sector-size=4096 option in /etc/crypttab
 * reload systemd, start systemd-cryptsetup@.service for that volume
 * check the journal, to ensure that `sector-size` option was recognized and is active. (i.e. there is not error messages about unrecognized option `sector-size` from systemd-cryptsetup)

[Regression Potential]

 * This is an optional argument, not used by default. Currently custom sector-size crypttab does not work correctly, and thus cannot regress.

[Other Info]

 * Original bug report

Support fast clear key dm-crypt with 4k support

Extend /etc/crypttab to enable 4k sector support in plain mode

The proposed enhancements are posted on github, see
     https://github.com/systemd/systemd/issues/8881

bugproxy (bugproxy) on 2018-06-13
tags: added: architecture-s39064 bugnameltc-168839 severity-high targetmilestone-inin1810
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → systemd (Ubuntu)
Changed in ubuntu-z-systems:
importance: Undecided → High
assignee: nobody → Canonical Foundations Team (canonical-foundations)
Dimitri John Ledkov (xnox) wrote :

This potentially needs implementation in cryptsetup package as well, since systemd cryptsetup support is not used by Debian's initramfs-tools to mount the rootfs for example.

------- Comment From <email address hidden> 2018-06-13 07:55 EDT-------
Cryptsetup should already have support for this, see https://gitlab.com/cryptsetup/cryptsetup/commit/19a1852e4bf9146f41386e8f32072d7dd25595f1

Dimitri John Ledkov (xnox) wrote :

I do not mean upstream cryptsetup option =)

I mean that Debian/Ubuntu crypttab parser shipped in the cryptsetup package will also need a sector-size option support, just like the one requested to be supported by systemd's crypttab parser.

See https://salsa.debian.org/cryptsetup-team/cryptsetup/blob/master/debian/cryptdisks.functions#L25

Changed in ubuntu-z-systems:
status: New → Triaged
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-07-26 09:43 EDT-------
OK, I see. I assume you will update the Debian/Ubuntu crypttab parser on your own?

Dimitri John Ledkov (xnox) wrote :

well =) i would love for somebody else to write the patch too.... =) it's not like i will say no, to free patches =)))))

Dimitri John Ledkov (xnox) wrote :
Changed in systemd (Ubuntu):
status: New → In Progress
Changed in cryptsetup (Ubuntu):
status: New → In Progress
Changed in ubuntu-z-systems:
status: Triaged → In Progress
Dimitri John Ledkov (xnox) wrote :

My implementation of https://github.com/systemd/systemd/issues/8881 got merged upstream and will be part of v240. Cherrypicked into Ubuntu package, which is now stuck in -proposed.

Changed in systemd (Ubuntu):
status: In Progress → Fix Committed
information type: Private → Public
Changed in cryptsetup (Ubuntu):
status: In Progress → Fix Committed
tags: added: id-5b59f569271dc3d96ea29d30
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cryptsetup - 2:2.0.4-2ubuntu2

---------------
cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium

  * Implement support for --sector-size cryptsetup plain mode option in
    crypttab. Matching support is also proposed to systemd-cryptsetup as
    well. LP: #1776626

 -- Dimitri John Ledkov <email address hidden> Fri, 31 Aug 2018 17:00:07 +0100

Changed in cryptsetup (Ubuntu):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package systemd - 239-7ubuntu7

---------------
systemd (239-7ubuntu7) cosmic; urgency=medium

  * boot-and-services: skip gdm test, when gdm-x-session fails.
    Across all architectures, gdm fails to come up reliably since cosmic.
    (LP: #1790478)

 -- Dimitri John Ledkov <email address hidden> Mon, 03 Sep 2018 16:33:00 +0100

Changed in systemd (Ubuntu):
status: Fix Committed → Fix Released
Dimitri John Ledkov (xnox) wrote :

systemd (239-7ubuntu7) cosmic; urgency=medium

  * boot-and-services: skip gdm test, when gdm-x-session fails.
    Across all architectures, gdm fails to come up reliably since cosmic.
    (LP: #1790478)

systemd (239-7ubuntu6) cosmic; urgency=medium

  [ Dimitri John Ledkov ]
  * debian/control: strengthen dependencies.
    Make systemd-sysv depend on matching version of systemd. Autopkgtests at times
    upgrade systemd-sysv without upgrading systemd. However, upgrading systemd-sysv
    alone makes little sense.
    Make systemd conflict, rather than just break, systemd-shim. As there are
    upgrade failures cause by systemd-shim presence whilst upgrading to new
    systemd.
  * Correct gdm3 exclution on arm64, in boot-and-services test.

  [ Christian Ehrhardt ]
  * Improve autopkgtest success rate, by bumping up timeouts. (LP: #1789841)

systemd (239-7ubuntu5) cosmic; urgency=medium

  [ Michael Biebl ]
  * Clean up dbus-org.freedesktop.timesync1.service Alias on purge
    (Closes: #904290)

  [ Martin Pitt ]
  * timedated: Fix wrong PropertyChanged values and refcounting

  [ Dimitri John Ledkov ]
  * autopkgtest: drop gdm3 on arm64 as well.
    The cloud instances are configured without a graphics card, and thus X fails to
    start, hence the gdm test fails.
  * Revert "Workaround broken meson copying symlinked data files, as dangling symlinks."
    This reverts commit 059bfb5349123fabc8c92324e0473193f01fc87c.
  * Cherrypick v239-stable patches.
  * cryptsetup: add support for sector-size= option (LP: #1776626)
  * Cherrypick upstrem patches to fix ftbfs with new glibc.

  [ Michael Vogt ]
  * Re-add support for /etc/writable for core18. (LP: #1778936)

Dimitri John Ledkov (xnox) wrote :

It should be possible to specify sector-size option in crypttab now, in ubuntu. And it should be supported by both initramfs-tools and systemd, depending on which one does the mount. Please test this, and let me know if everything is alright. It did work for me... but I used non-4k hardware.

Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
Dimitri John Ledkov (xnox) wrote :

Note that there is no UI to set sector-size in the installer, and the installer does not generate sector-size option in the crypttab either. I kind of wish sector-size could just be autodetected, and e.g. used by default on 4k native drives. But I'll check if this option can be added to partman-crypto.

Changed in systemd (Ubuntu Bionic):
status: New → In Progress
description: updated

Hello bugproxy, or anyone else affected,

Accepted systemd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.8 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in systemd (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic
Changed in ubuntu-z-systems:
status: Fix Released → In Progress
Łukasz Zemczak (sil2100) wrote :

Hello bugproxy, or anyone else affected,

Accepted systemd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

------- Comment From <email address hidden> 2018-11-20 07:38 EDT-------
This function was verified by IBM on
https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.8

Frank Heimes (frank-heimes) wrote :

Adjusting tags according to comment #15.

tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic
Dimitri John Ledkov (xnox) wrote :

@hws

Thank you. However 10.8 got trumped by security upload 10.9, hence we are re-doing the upload with 10.10. Sorry about the noise, but -security uploads always trump the inflight -proposed uploads.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.