Package: ecryptfs-utils Version: 103-5 Severity: grave Justification: renders package unusable
mind you even though there are 50 dozen ways listed to do encrypted swap correctly, only ONE method seems to work. This is problematic in and of itself. Using LUKS methods simply DO NOT WORK. one has to rely on ecryptfs. sudo ecryptfs-setup-swap to get encrypted swap in the first place. When using it we are presented with another problem. On boot swap fails to properly encrypt.You get a nice "system service cryptswapper" is busy (time remaining) notice, which does nothing but timeout. Swap either never gets its random key, never gets written to disk, or never bothers to properly mount itself. Unfortunately I cannot tell you which happens as all I can tell is that swap never gets mounted.There are no /dev/mapper entries for swap, even though there SHOULD BE. This can create problems for any other encrypted mount points as well. Although not having swap is not critical of itself on systems with LARGE RAM, having unencrypted swap is a security vulnerability and asking for trouble.On systems with less than 4GB of RAM, not having ANY swap may cause serious issues. I do not know yet how repeatable this issue is.This is the first occurrence since swap has been encrypted. -- System Information: Debian Release: 8.1 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ecryptfs-utils depends on: ii gettext-base 0.19.3-2 ii keyutils 1.5.9-5+b1 ii libassuan0 2.1.2-2 ii libc6 2.19-18 ii libecryptfs0 103-5 ii libgpg-error0 1.17-3 ii libgpgme11 1.5.1-6 ii libkeyutils1 1.5.9-5+b1 ii libnss3-1d 2:3.17.2-1.1+deb8u1 ii libpam-runtime 1.1.8-3.1 ii libpam0g 1.1.8-3.1 ii libtspi1 0.3.13-3 ecryptfs-utils recommends no packages. Versions of packages ecryptfs-utils suggests: ii cryptsetup 2:1.6.6-5 -- no debconf information