[18.10 FEAT] Support 4k sectors for fast clear key dm-crypt - crypttab part
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | Ubuntu on IBM z Systems |
High
|
Canonical Foundations Team | ||
| | cryptsetup (Ubuntu) |
Undecided
|
Unassigned | ||
| | Bionic |
Undecided
|
Unassigned | ||
| | systemd (Ubuntu) |
Undecided
|
Skipper Bug Screeners | ||
| | Bionic |
Undecided
|
Unassigned | ||
Bug Description
[Impact]
* cryptsetup in bionic supports creating luks volumes with a non-standard sector-size option, and thus this option also needs to be used when activating the LUKS volumes. Add sector-size= option support to /etc/crypttab.
[Test Case]
* Create a plain LUKS volume with sector-size 4096
* Specify sector-size=4096 option in /etc/crypttab
* reload systemd, start systemd-
* check the journal, to ensure that `sector-size` option was recognized and is active. (i.e. there is not error messages about unrecognized option `sector-size` from systemd-cryptsetup)
[Regression Potential]
* This is an optional argument, not used by default. Currently custom sector-size crypttab does not work correctly, and thus cannot regress.
[Other Info]
* Original bug report
Support fast clear key dm-crypt with 4k support
Extend /etc/crypttab to enable 4k sector support in plain mode
The proposed enhancements are posted on github, see
https:/
| tags: | added: architecture-s39064 bugnameltc-168839 severity-high targetmilestone-inin1810 |
| Changed in ubuntu: | |
| assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
| affects: | ubuntu → systemd (Ubuntu) |
| Changed in ubuntu-z-systems: | |
| importance: | Undecided → High |
| assignee: | nobody → Canonical Foundations Team (canonical-foundations) |
| Dimitri John Ledkov (xnox) wrote : | #1 |
------- Comment From <email address hidden> 2018-06-13 07:55 EDT-------
Cryptsetup should already have support for this, see https:/
| Dimitri John Ledkov (xnox) wrote : | #3 |
I do not mean upstream cryptsetup option =)
I mean that Debian/Ubuntu crypttab parser shipped in the cryptsetup package will also need a sector-size option support, just like the one requested to be supported by systemd's crypttab parser.
See https:/
| Changed in ubuntu-z-systems: | |
| status: | New → Triaged |
| bugproxy (bugproxy) wrote : | #4 |
------- Comment From <email address hidden> 2018-07-26 09:43 EDT-------
OK, I see. I assume you will update the Debian/Ubuntu crypttab parser on your own?
| Dimitri John Ledkov (xnox) wrote : | #5 |
well =) i would love for somebody else to write the patch too.... =) it's not like i will say no, to free patches =)))))
| Dimitri John Ledkov (xnox) wrote : | #6 |
systemd-cryptsetup: https:/
initramfs-tools crypttab: https:/
| Changed in systemd (Ubuntu): | |
| status: | New → In Progress |
| Changed in cryptsetup (Ubuntu): | |
| status: | New → In Progress |
| Changed in ubuntu-z-systems: | |
| status: | Triaged → In Progress |
| Dimitri John Ledkov (xnox) wrote : | #7 |
My implementation of https:/
| Changed in systemd (Ubuntu): | |
| status: | In Progress → Fix Committed |
| information type: | Private → Public |
| Changed in cryptsetup (Ubuntu): | |
| status: | In Progress → Fix Committed |
| tags: | added: id-5b59f569271dc3d96ea29d30 |
| Changed in ubuntu-z-systems: | |
| status: | In Progress → Fix Committed |
| Launchpad Janitor (janitor) wrote : | #8 |
This bug was fixed in the package cryptsetup - 2:2.0.4-2ubuntu2
---------------
cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium
* Implement support for --sector-size cryptsetup plain mode option in
crypttab. Matching support is also proposed to systemd-cryptsetup as
well. LP: #1776626
-- Dimitri John Ledkov <email address hidden> Fri, 31 Aug 2018 17:00:07 +0100
| Changed in cryptsetup (Ubuntu): | |
| status: | Fix Committed → Fix Released |
| Launchpad Janitor (janitor) wrote : | #9 |
This bug was fixed in the package systemd - 239-7ubuntu7
---------------
systemd (239-7ubuntu7) cosmic; urgency=medium
* boot-and-services: skip gdm test, when gdm-x-session fails.
Across all architectures, gdm fails to come up reliably since cosmic.
(LP: #1790478)
-- Dimitri John Ledkov <email address hidden> Mon, 03 Sep 2018 16:33:00 +0100
| Changed in systemd (Ubuntu): | |
| status: | Fix Committed → Fix Released |
| Dimitri John Ledkov (xnox) wrote : | #10 |
systemd (239-7ubuntu7) cosmic; urgency=medium
* boot-and-services: skip gdm test, when gdm-x-session fails.
Across all architectures, gdm fails to come up reliably since cosmic.
(LP: #1790478)
systemd (239-7ubuntu6) cosmic; urgency=medium
[ Dimitri John Ledkov ]
* debian/control: strengthen dependencies.
Make systemd-sysv depend on matching version of systemd. Autopkgtests at times
upgrade systemd-sysv without upgrading systemd. However, upgrading systemd-sysv
alone makes little sense.
Make systemd conflict, rather than just break, systemd-shim. As there are
upgrade failures cause by systemd-shim presence whilst upgrading to new
systemd.
* Correct gdm3 exclution on arm64, in boot-and-services test.
[ Christian Ehrhardt ]
* Improve autopkgtest success rate, by bumping up timeouts. (LP: #1789841)
systemd (239-7ubuntu5) cosmic; urgency=medium
[ Michael Biebl ]
* Clean up dbus-org.
(Closes: #904290)
[ Martin Pitt ]
* timedated: Fix wrong PropertyChanged values and refcounting
[ Dimitri John Ledkov ]
* autopkgtest: drop gdm3 on arm64 as well.
The cloud instances are configured without a graphics card, and thus X fails to
start, hence the gdm test fails.
* Revert "Workaround broken meson copying symlinked data files, as dangling symlinks."
This reverts commit 059bfb5349123fa
* Cherrypick v239-stable patches.
* cryptsetup: add support for sector-size= option (LP: #1776626)
* Cherrypick upstrem patches to fix ftbfs with new glibc.
[ Michael Vogt ]
* Re-add support for /etc/writable for core18. (LP: #1778936)
| Dimitri John Ledkov (xnox) wrote : | #11 |
It should be possible to specify sector-size option in crypttab now, in ubuntu. And it should be supported by both initramfs-tools and systemd, depending on which one does the mount. Please test this, and let me know if everything is alright. It did work for me... but I used non-4k hardware.
| Changed in ubuntu-z-systems: | |
| status: | Fix Committed → Fix Released |
| Dimitri John Ledkov (xnox) wrote : | #12 |
Note that there is no UI to set sector-size in the installer, and the installer does not generate sector-size option in the crypttab either. I kind of wish sector-size could just be autodetected, and e.g. used by default on 4k native drives. But I'll check if this option can be added to partman-crypto.
| Changed in systemd (Ubuntu Bionic): | |
| status: | New → In Progress |
| description: | updated |
Hello bugproxy, or anyone else affected,
Accepted systemd into bionic-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-
Further information regarding the verification process can be found at https:/
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.
| Changed in systemd (Ubuntu Bionic): | |
| status: | In Progress → Fix Committed |
| tags: | added: verification-needed verification-needed-bionic |
| Changed in ubuntu-z-systems: | |
| status: | Fix Released → In Progress |
| Łukasz Zemczak (sil2100) wrote : | #14 |
Hello bugproxy, or anyone else affected,
Accepted systemd into bionic-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-
Further information regarding the verification process can be found at https:/
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.
------- Comment From <email address hidden> 2018-11-20 07:38 EDT-------
This function was verified by IBM on
https:/
| Frank Heimes (fheimes) wrote : | #16 |
Adjusting tags according to comment #15.
| tags: |
added: verification-done verification-done-bionic removed: verification-needed verification-needed-bionic |
| Dimitri John Ledkov (xnox) wrote : | #17 |
@hws
Thank you. However 10.8 got trumped by security upload 10.9, hence we are re-doing the upload with 10.10. Sorry about the noise, but -security uploads always trump the inflight -proposed uploads.
| Changed in systemd (Ubuntu Bionic): | |
| status: | Fix Committed → Triaged |
| Frank Heimes (fheimes) wrote : | #18 |
According to the systemd changelog for bionic:
https:/
support for "ector-size= option" was released with 237-3ubuntu10.10.
And since we are at:
systemd | 237-3ubuntu10.13 | bionic-updates | s390x
I'm setting systemd/bionic to Fix Released.
| Changed in systemd (Ubuntu Bionic): | |
| status: | Triaged → Fix Released |
| Changed in cryptsetup (Ubuntu Bionic): | |
| status: | New → Won't Fix |
| Changed in ubuntu-z-systems: | |
| status: | In Progress → Fix Released |
| bugproxy (bugproxy) wrote : | #19 |
------- Comment From <email address hidden> 2019-03-05 10:44 EDT-------
IBM bugzilla status -> closed, Fix Released for all requested distros
| Changed in systemd (Ubuntu Bionic): | |
| status: | Fix Released → In Progress |
| Balint Reczey (rbalint) wrote : | #20 |
Apparently the 237-3ubuntu10.10 upload got overwritten by a security upload, too, thus the fix is still not present in systemd.
I'm preparing a new upload and intend to fix this bug.
Hello bugproxy, or anyone else affected,
Accepted systemd into bionic-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-
Further information regarding the verification process can be found at https:/
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.
| Changed in systemd (Ubuntu Bionic): | |
| status: | In Progress → Fix Committed |
| tags: |
added: verification-needed verification-needed-bionic removed: verification-done verification-done-bionic |
| Steve Langasek (vorlon) wrote : | #22 |
Hello bugproxy, or anyone else affected,
Accepted systemd into bionic-proposed. The package will build now and be available at https:/
Please help us by testing this new package. See https:/
If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-
Further information regarding the verification process can be found at https:/
N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.
| Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (systemd/237-3ubuntu10.31) | #23 |
All autopkgtests for the newly accepted systemd (237-3ubuntu10.31) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:
gvfs/1.
netplan.
apt/1.6.12 (arm64, ppc64el)
pulseaudio/unknown (armhf)
Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUp
https:/
[1] https:/
Thank you!
| Balint Reczey (rbalint) wrote : | #24 |
Verified with systemd/
ubuntu@
ubuntu@
ubuntu@
Please enter passphrase for disk vdb_crypt! ****
ubuntu@
vdb_crypt /dev/vdb none luks,sector-
ubuntu@
● systemd-
Loaded: loaded (/etc/crypttab; generated)
Active: active (exited) since Tue 2019-10-08 21:05:11 CEST; 13s ago
Docs: man:crypttab(5)
Process: 1999 ExecStart=
Main PID: 1999 (code=exited, status=0/SUCCESS)
okt 08 21:05:06 ubuntu-
okt 08 21:05:09 ubuntu-
okt 08 21:05:11 ubuntu-
ubuntu@
Welcome to fdisk (util-linux 2.31.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0x313e0336.
Command (m for help): p
Disk /dev/mapper/
Units: sectors of 1 * 4096 = 4096 bytes
Sector size (logical/physical): 4096 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0x313e0336
Command (m for help): q
ubuntu@
| tags: |
added: verification-done verification-done-bionic removed: verification-needed verification-needed-bionic |
| Launchpad Janitor (janitor) wrote : | #25 |
This bug was fixed in the package systemd - 237-3ubuntu10.31
---------------
systemd (237-3ubuntu10.31) bionic; urgency=medium
[ Dimitri John Ledkov ]
* Add conflicts with upstart and systemd-shim. (LP: #1773859)
* d/p/debian/
- units: Disable journald Watchdog (LP: #1773148)
* d/p/cryptsetup-
- cryptsetup: add support for sector-size= option (LP: #1776626)
* d/p/systemctl-
- systemctl: correctly proceed to immediate shutdown if scheduling fails
(LP: #1670291)
* d/p/networkd-
- networkd: add support to set IPv6MTUBytes (LP: #1671951)
-- Balint Reczey <email address hidden> Mon, 30 Sep 2019 17:23:17 +0200
| Changed in systemd (Ubuntu Bionic): | |
| status: | Fix Committed → Fix Released |
This potentially needs implementation in cryptsetup package as well, since systemd cryptsetup support is not used by Debian's initramfs-tools to mount the rootfs for example.