So I have been using this same setup perfectly for like a year until yesterday when I updated my system and rebooted to find that init was hanging when trying to mount my swap. It appears the problem occured because of something to do with a cryptsetup upgrade. I forgot to run dispatch-conf after the system update and found that my system would hang very early in init with 'Warning: exhausting read requested, but key file is not a regular file, function might never return' and an invalid variable 'type=luks' error. So I boot the live cd and mount the root fs and run dispatch-conf and find that indeed there is no longer a 'type' variable. After modifying the new /etc/conf.d/cryptfs to match my old one as much as i could and carefully reading the comments, I rebooted again only to find that the 'invalid variable' error was gone but the error about an exhausting read persisted
According to the new cryptfs, options '-c aes -h sha1 -d /dev/urandom' are used with swap by default but the command echo'd during boot reflects this, but also appears to use the 'luksOpen' action with the command. when i issued the command from the shell prompt, it didn't prompt for a pass and failed just as i'm assuming it did during boot and gave the same error. i should think the command issued by init would be one that uses the 'create' action rather than 'luksOpen', since that is what is specified in most of the documentation on creating encrypted swaps i have read. when i do it manually with 'create' rather than 'luksOpen' it still works fine so i don't know what is going on with the new script(s) that reference this file. the new /etc/conf.d/cryptfs says that the script should autodetect if it is a LUKS partition or not but apparently it doesn't do a very good job... or i'm missing something really obvious somehow any help regarding this would be greatly appreciated. here is a copy of my new /etc/conf.d/cryptfs options: ## swap # Swap partitions. These should come first so that no keys make their # way into unencrypted swap. # If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom # If no makefs is given then mkswap will be assumed swap=crypt-swap source='/dev/sda1' #options='-c aes -h 256 -d /dev/urandom' ## /home with passphrase target=home source='/dev/sda3' Thanks in advance -- gentoo-amd64@gentoo.org mailing list
