#314 can't create disk image if swap is provided by logical volume listed in crypttab

[Constantino Michailidis]

If I follow the instructions here:
https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#Without_suspend-to-disk_support
to encrypt my swap, clonezilla will fail when making a disk image.

Setting my fstab and crypttab back to the original (and, of course, mkswap'ing the volume again) allow clonezilla to function properly again.

Clonezilla should handle the case where swap space is provided by a logical volume that's listed in the crypttab.

[Constantino Michailidis]

I'd like to note, for myself and others, that if the crypttab swap is identified via LABEL instead of logical volume path... clonezilla will suceed in cloning the full disk :-)

Furthermore, this is what is recommended later in the archlinux wiki for extra reliability; esp. when using simple kernel devices (e.g. /dev/sda5) here:
https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#UUID_and_LABEL

However, the above neglects to point out that (at least in the specific case of LVM) the noearly option should be specified in crypttab. So, your crypttab should contain a line like the following:

swap     LABEL=cryptswap  /dev/urandom  swap,noearly,offset=2048,cipher=aes-xts-plain64,size=512

instead of what the archlinux wiki suggests, which is:

swap     LABEL=cryptswap  /dev/urandom  swap,offset=2048,cipher=aes-xts-plain64,size=512

The fstab can remain the same and is unaffected by the fact that LVM is being used. E.G.:

# https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#Without_suspend-to-disk_support
# https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#UUID_and_LABEL
/dev/mapper/swap none            swap    sw              0       0

The noearly option makes sure things like LVM, RAID, etc. are running. As swap is non-critical for boot, it is fine to start it late.¹ Otherwise the swap specified by crypttab won't be found during boot.

¹ https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions

[Steven Shiau]

Thanks. However, if swap is encrypted, then Clonezilla can only use dd to save that. What the error messages when you said "can't create disk image if swap is provided by logical volume listed in crypttab"? Is it just be ignored or?
Thanks.

Steven

[Constantino Michailidis]

Oh, btw yes... the " Error: Could not stat device /dev/host-vg/swap_ -
No such file or directory. Not dev_ assigned in function
fsck_partition!" does result in an unusable image.

On Sun, Mar 24, 2019 at 9:17 AM Steven Shiau
steven_shiau@users.sourceforge.net wrote:

Thanks. However, if swap is encrypted, then Clonezilla can only use dd to save that. What the error messages when you said "can't create disk image if swap is provided by logical volume listed in crypttab"? Is it just be ignored or?
Thanks.

Steven

---

[bugs:#314] can't create disk image if swap is provided by logical volume listed in crypttab

Status: open
Group: stable_clonezilla_live
Labels: swap crypttab dm-crypt
Created: Thu Feb 14, 2019 04:04 AM UTC by Constantino Michailidis
Last Updated: Sun Feb 17, 2019 06:24 AM UTC
Owner: nobody

If I follow the instructions here:
https://wiki.archlinux.org/index.php/Dm-crypt/Swap_encryption#Without_suspend-to-disk_support
to encrypt my swap, clonezilla will fail when making a disk image.

Setting my fstab and crypttab back to the original (and, of course, mkswap'ing the volume again) allow clonezilla to function properly again.

Clonezilla should handle the case where swap space is provided by a logical volume that's listed in the crypttab.

---

Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/clonezilla/bugs/314/

To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/

--
Software is written for people to read; the machine's execution of it
is ancillary.

[Constantino Michailidis]

Steven,

I understand that under certain circumstances dd is the best (or only)
means of creating an image. That said, I have frequently longed for an
option to skip or ignore the partitions which require use of dd.

I say this because, at least for the situation I'm typically in, the
time required to create an image via dd is more valuable than the
image of that partition itself. Specifically, I'm referring to
encrypted swaps and ZFS l2arc caches. The data on these aren't
particularly useful after a reboot and so having an image [for
restoration] is often not desired. Not to mention a ZFS l2arch cache
can be pretty large... meaning it takes a long time to clone, all for
basically nothing.

I've been replacing the img.gz.xx files in these clonezilla images
with an empty stub so restoration can happen quickly. But, I think an
option which made clonezilla skip these and create the empty stub
itself would be a great time saver.

Anyway, this is a feature/optimization suggestion and somewhat of a
non-sequitur.

As far as the bug itself is concerned, the error message displayed is...

Error: Could not stat device /dev/host-vg/swap_ - No such file or directory.
Not dev_ assigned in function fsck_partition!

The first thing that stands out to me is that the logical volume is
actually called "swap_1" so it's possible the string is somehow
getting truncated. Although, "a simple truncation" may be wishful
thinking.

Afterwards Clonezilla also notes...

"ocs-live-general" finished with error!

I've attached an archive of the ! -empty log files for you. And bear
in mind that recreating the problem is rather simple... just convert a
swap located on a logical volume to use encryption by adding a line to
/etc/crypttab such as:

swap /dev/host_vg/swap_1 /dev/urandom \
swap,cipher=aes-xts-plain64,size=256

and update fstab to use /dev/mapper/swap instead of the lv name; then
try to clone the disk. The clone will fail, the image created is
incomplete and clonezilla will refuse to restore it.

Many thanks for taking a moment to look at this,
CLM

[Constantino Michailidis]

Ok, I noticed that this failure was only occurring when I selected the option to fsck filesystems before cloning. I guess this could have been inferred from the error message too. If fsck was skipped there was no problem.

So I started to read and debug the code more closely. I seems, that the logical volume name really is getting truncated in the default case of function get_diskname . The logical volume is not a physical device and so any numbers contained in the name should probably not be removed by the sed expression.

This is why the error message says:

Error: Could not stat device /dev/host-vg/swap_ - No such file or directory.

when in reality the lv name is /dev/host-vg/swap_1!

A simple solution would be for the default case of get_diskname to search for a forward slash which might indicate(?) that the "disk" in question is actually a logical volume. Feedback on this point is certainly appreciated since some systems allow for multi-level names of physical devices (but currently these are covered by the individual cases). Of course there may be a smarter way of doing this.

Anyway... addressing this issue in get_diskname is largely for the sake of correctness.

The fatal error itself is being triggered from within image_save when fsck_partition is called because ocs-get-part-info has no way to determine that /dev/host-vg/swap_1 is truly swap (remember it's encrypted). This causes the part_fs variable to be empty and when fsck_partition is called the parameters are mismatched. In effect, the partition fs is unknown unsupported.

So fsck_partition complains with:

Not dev_ assigned in function fsck_partition!

Making sure that $part_fs is not zero length before calling fsck_partition will address the failure itself.

I've attached a patch for reference.

Many thanks,
CLM

[Steven Shiau]

Thanks. The patch has been slightly modified and applied in the git repository. It will be used in the next testing Clonezilla live release. Feel free to reopen it if the next testing one still has issues.

Steven