X X*_*X X 10 partitioning swap cryptswap
我在创建加密交换时遇到问题。
我按照这些步骤
sudo swapoff -a/etc/crypttab/etc/fstabsudo mkswap /dev/sda5/etc/initramfs-tools/conf.d/resume使用新的 UUID更新sudo update-initramfs -usudo swapon /dev/sda5sudo ecryptfs-setup-swap 那时我遇到了这个问题
root@username-UX430UN:/home/username# ecryptfs-setup-swap
WARNING:
An encrypted swap is required to help ensure that encrypted files are not leaked to disk in an unencrypted format.
HOWEVER, THE SWAP ENCRYPTION CONFIGURATION PRODUCED BY THIS PROGRAM WILL BREAK HIBERNATE/RESUME ON THIS SYSTEM!
NOTE: Your suspend/resume capabilities will not be affected.
Do you want to proceed with encrypting your swap? [y/N]: y
INFO: Setting up swap: [/dev/sda5]
marking GPT swap partition /dev/sda5 as no-auto...
swapon: stat of /dev/mapper/cryptswap1 failed: No such file or directory
小智 10
我在尝试设置加密交换空间时遇到了同样的问题,并认为我已经找到了解决方案。首先,这里有几个我在研究中使用的链接:
ecryptfs-setup-swap第一次运行的时候(注意我安装的时候已经设置了swap空间,所以不需要再运行了mkswap,收到了一条错误信息说swap空间无法正确挂载。
$ sudo ecryptfs-setup-swap
[sudo] password for isaac:
WARNING:
An encrypted swap is required to help ensure that encrypted files are not leaked to disk in an unencrypted format.
HOWEVER, THE SWAP ENCRYPTION CONFIGURATION PRODUCED BY THIS PROGRAM WILL BREAK HIBERNATE/RESUME ON THIS SYSTEM!
NOTE: Your suspend/resume capabilities will not be affected.
Do you want to proceed with encrypting your swap? [y/N]: y
INFO: Setting up swap: [/dev/nvme0n1p5]
WARNING: Commented out your unencrypted swap from /etc/fstab
marking GPT swap partition /dev/nvme0n1p5 as no-auto...
swapon: stat of /dev/mapper/cryptswap1 failed: No such file or directory
我尝试再次运行该命令并收到一条消息,指出我不再有任何交换空间。
$ sudo ecryptfs-setup-swap
INFO: You do not currently have any swap space defined.
You can create a swap file by doing:
$ sudo dd if=/dev/zero of=/swapfile count=130667600
$ sudo mkswap /swapfile
$ sudo swapon /swapfile
And then re-run /usr/bin/ecryptfs-setup-swap
仔细检查第一次运行 ecrypt 命令的错误消息,它似乎/dev/mapper/cryptswap1不存在。
$ ls /dev/mapper/
control
根据前面提到的博客文章,我决定开始在我的系统文件中寻找证据,以证明为什么没有识别交换空间。该博客提到硬盘分区命名方案的更改会导致 ecryptfs 出现问题,并且切换到使用基于 UUID 的标识符更加一致。
$ blkid
/dev/nvme0n1p5: UUID="aea96d7f-e091-460b-95fd-a34ab884d440" TYPE="swap" PARTUUID="0a7db4e0-17bf-40e3-8675-afec7891afc5"
/dev/nvme0n1p1: LABEL="ESP" UUID="C291-E533" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID="63fc7fb9-2ca5-422b-90c7-0db698acdb3c"
/dev/nvme0n1p3: UUID="16F4C1EEF4C1D063" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="c04d0838-5570-4bfc-a961-4b9224b8cc0c"
/dev/nvme0n1p4: UUID="0EEE7736EE7714E5" TYPE="ntfs" PARTUUID="4dc6595f-cc9c-4d80-99ab-ffd9cbe3c1d7"
/dev/nvme0n1p6: UUID="8b2f5c94-db79-4c8d-b5c6-403d912bc0dd" TYPE="ext4" PARTUUID="e373c83f-f992-4e62-a235-1fdd01ac7cf0"
请注意,我的交换空间是/dev/nvme0n1p5并且具有 UUID aea96d7f...。现在我就来看看/etc/fstab,并/etc/crypttab看到交换配置中的样子。
$ cat /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/nvme0n1p6 during installation
UUID=8b2f5c94-db79-4c8d-b5c6-403d912bc0dd / ext4 errors=remount-ro 0 1
# /boot/efi was on /dev/nvme0n1p1 during installation
UUID=C291-E533 /boot/efi vfat umask=0077 0 1
# swap was on /dev/nvme0n1p5 during installation
#UUID=aea96d7f-e091-460b-95fd-a34ab884d440 none swap sw 0 0
/dev/mapper/cryptswap1 none swap sw 0 0
$ cat /etc/crypttab
# <target name> <source device> <key file> <options>
cryptswap1 UUID=aea96d7f-e091-460b-95fd-a34ab884d440 /dev/urandom swap,offset=1024,cipher=aes-xts-plain64
这里有几件事情值得注意,所以我将一次通过它们。
fstab以禁用我的旧交换空间(用交换 UUID 注释掉)并启用加密的交换空间。最后,我检查swapon了它是否找到了任何交换空间。
$ swapon -s
Filename Type Size Used Priority
/dev/dm-0 partition 31248892 0 -1
看起来它指向一个交换空间(大小正确),但该交换空间没有正确设置/dev/mapper(如 fstab 所引用)。
按照博客文章中的建议,我决定看看简单地重新启动cryptdisks服务是否可以解决问题。
$ swapoff -a
$ /etc/init.d/cryptdisks start
$ swapon -a
$ swapon -s
Filename Type Size Used Priority
/dev/dm-0 partition 31248892 0 -1
$ ls -l /dev/mapper/
total 0
crw------- 1 root root 10, 236 Jan 9 11:30 control
lrwxrwxrwx 1 root root 7 Jan 9 12:28 cryptswap1 -> ../dm-0
在这一点上,我的交换空间似乎配置正确。运行htop显示适当数量的交换空间和我在上面使用的诊断命令都blkid显示为正,特别是现在显示/dev/mapper/cryptswap1.
$ sudo blkid
/dev/nvme0n1p1: LABEL="ESP" UUID="C291-E533" TYPE="vfat" PARTLABEL="EFI system partition" PARTUUID="63fc7fb9-2ca5-422b-90c7-0db698acdb3c"
/dev/nvme0n1p3: UUID="16F4C1EEF4C1D063" TYPE="ntfs" PARTLABEL="Basic data partition" PARTUUID="c04d0838-5570-4bfc-a961-4b9224b8cc0c"
/dev/nvme0n1p4: UUID="0EEE7736EE7714E5" TYPE="ntfs" PARTUUID="4dc6595f-cc9c-4d80-99ab-ffd9cbe3c1d7"
/dev/nvme0n1p5: UUID="aea96d7f-e091-460b-95fd-a34ab884d440" TYPE="swap" PARTUUID="0a7db4e0-17bf-40e3-8675-afec7891afc5"
/dev/nvme0n1p6: UUID="8b2f5c94-db79-4c8d-b5c6-403d912bc0dd" TYPE="ext4" PARTUUID="e373c83f-f992-4e62-a235-1fdd01ac7cf0"
/dev/mapper/cryptswap1: UUID="113abaa7-c122-4d47-a826-181ee6a29627" TYPE="swap"
重新启动后设置仍然存在,并且一切似乎都运行正常,据我所知,这有效。希望这会有所帮助。
为了确保我的答案正常工作,我尝试在 EC2 实例上复制该问题。我有相同的行为,sudo ecryptfs-setup-swap在尝试运行时会出错的地方运行swappon。但是,由于某种原因,设备映射/dev/dm-0似乎没有正确设置。该/etc文件似乎是好了,所以我想简单地重新启动实例。这似乎工作得很好;但是,我建议至少在重新启动之前检查适当的配置设置,以确保它们设置正确,以便内核可以在重新启动时挂载交换。