The problem is in the loop that tries to comment out existing swap from /etc/fstab: It only checks for UUID= and the resolved name like /dev/dm-1, but it does not take any symlinks like "/dev/mapper/ubuntu--vg-swap_1 -> ../dm-1" into account.
This can be fixed with
--- /usr/bin/ecryptfs-setup-swap 2015-03-28 01:37:38.000000000 +0100
+++ ecryptfs-setup-swap 2015-07-09 08:51:38.554860202 +0200
@@ -149,7 +149,9 @@
for swap in $swaps; do
info `gettext "Setting up swap:"` "[$swap]"
uuid=$(blkid -o value -s UUID $swap)
- for target in "UUID=$uuid" $swap; do
+ # /etc/fstab might use a symlink like /dev/mapper/ubuntu--vg-swap_1
+ links=$(for d in $(udevadm info --query=symlink -n /dev/dm-1); do echo /dev/$d; done)
+ for target in "UUID=$uuid" $swap $links; do
if [ -n "$target" ] && grep -qs "^$target\s\+" /etc/fstab; then
sed -i "s:^$target\s\+:\#$target :" /etc/fstab
warn "Commented out your unencrypted swap from /etc/fstab"
$ sudo swapon -s
Filename Type Size Used Priority
/dev/dm-2 partition 2096636 0 -1
Now we need to clean this up on upgrades. The trick there is to avoid reintroducing bug 953875, from installations which don't have the "offset=" in crypttab.
Notes for myself, please ignore.
This resets what ecryptfs-setup-swap does and re-runs it, for testing a fixed version:
sudo sed -i '/cryptswap/d' /etc/fstab /etc/crypttab && sudo sh -ex /usr/bin/ ecryptfs- setup-swap --force; echo "---- fstab ---"; grep swap /etc/fstab; echo "--- crypttab ----"; cat /etc/crypttab; echo "--- swap stat ---"; swapon -s
The problem is in the loop that tries to comment out existing swap from /etc/fstab: It only checks for UUID= and the resolved name like /dev/dm-1, but it does not take any symlinks like "/dev/mapper/ ubuntu- -vg-swap_ 1 -> ../dm-1" into account.
This can be fixed with
--- /usr/bin/ ecryptfs- setup-swap 2015-03-28 01:37:38.000000000 +0100 ubuntu- -vg-swap_ 1 s\+:\#$ target :" /etc/fstab
+++ ecryptfs-setup-swap 2015-07-09 08:51:38.554860202 +0200
@@ -149,7 +149,9 @@
for swap in $swaps; do
info `gettext "Setting up swap:"` "[$swap]"
uuid=$(blkid -o value -s UUID $swap)
- for target in "UUID=$uuid" $swap; do
+ # /etc/fstab might use a symlink like /dev/mapper/
+ links=$(for d in $(udevadm info --query=symlink -n /dev/dm-1); do echo /dev/$d; done)
+ for target in "UUID=$uuid" $swap $links; do
if [ -n "$target" ] && grep -qs "^$target\s\+" /etc/fstab; then
sed -i "s:^$target\
warn "Commented out your unencrypted swap from /etc/fstab"
This then produces
---- fstab --- ubuntu- -vg-swap_ 1 none swap sw 0 0 cryptswap1 none swap sw 0 0 8a98-4e95- bf76-a01e79029f 35 /dev/urandom swap,offset= 1024,cipher= aes-xts- plain64
#/dev/mapper/
/dev/mapper/
--- crypttab ----
cryptswap1 UUID=ddec94de-
which works fine:
lrwxrwxrwx 1 root root 7 Jul 9 08:55 /dev/mapper/ cryptswap1 -> ../dm-2
$ sudo swapon -s
Filename Type Size Used Priority
/dev/dm-2 partition 2096636 0 -1
Now we need to clean this up on upgrades. The trick there is to avoid reintroducing bug 953875, from installations which don't have the "offset=" in crypttab.