[18.10 FEAT] Support 4k sectors for fast clear key dm-crypt - crypttab part

This potentially needs implementation in cryptsetup package as well, since systemd cryptsetup support is not used by Debian's initramfs-tools to mount the rootfs for example.

------- Comment From <email address hidden> 2018-06-13 07:55 EDT-------
Cryptsetup should already have support for this, see https://gitlab.com/cryptsetup/cryptsetup/commit/19a1852e4bf9146f41386e8f32072d7dd25595f1

I do not mean upstream cryptsetup option =)

I mean that Debian/Ubuntu crypttab parser shipped in the cryptsetup package will also need a sector-size option support, just like the one requested to be supported by systemd's crypttab parser.

See https://salsa.debian.org/cryptsetup-team/cryptsetup/blob/master/debian/cryptdisks.functions#L25

------- Comment From <email address hidden> 2018-07-26 09:43 EDT-------
OK, I see. I assume you will update the Debian/Ubuntu crypttab parser on your own?

well =) i would love for somebody else to write the patch too.... =) it's not like i will say no, to free patches =)))))

systemd-cryptsetup: https://github.com/systemd/systemd/pull/9936

initramfs-tools crypttab: https://salsa.debian.org/cryptsetup-team/cryptsetup/merge_requests/6/diffs

My implementation of https://github.com/systemd/systemd/issues/8881 got merged upstream and will be part of v240. Cherrypicked into Ubuntu package, which is now stuck in -proposed.

This bug was fixed in the package cryptsetup - 2:2.0.4-2ubuntu2

---------------
cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium

  * Implement support for --sector-size cryptsetup plain mode option in
    crypttab. Matching support is also proposed to systemd-cryptsetup as
    well. LP: #1776626

 -- Dimitri John Ledkov <email address hidden> Fri, 31 Aug 2018 17:00:07 +0100

This bug was fixed in the package systemd - 239-7ubuntu7

---------------
systemd (239-7ubuntu7) cosmic; urgency=medium

  * boot-and-services: skip gdm test, when gdm-x-session fails.
    Across all architectures, gdm fails to come up reliably since cosmic.
    (LP: #1790478)

 -- Dimitri John Ledkov <email address hidden> Mon, 03 Sep 2018 16:33:00 +0100

systemd (239-7ubuntu7) cosmic; urgency=medium

  * boot-and-services: skip gdm test, when gdm-x-session fails.
    Across all architectures, gdm fails to come up reliably since cosmic.
    (LP: #1790478)

systemd (239-7ubuntu6) cosmic; urgency=medium

  [ Dimitri John Ledkov ]
  * debian/control: strengthen dependencies.
    Make systemd-sysv depend on matching version of systemd. Autopkgtests at times
    upgrade systemd-sysv without upgrading systemd. However, upgrading systemd-sysv
    alone makes little sense.
    Make systemd conflict, rather than just break, systemd-shim. As there are
    upgrade failures cause by systemd-shim presence whilst upgrading to new
    systemd.
  * Correct gdm3 exclution on arm64, in boot-and-services test.

  [ Christian Ehrhardt ]
  * Improve autopkgtest success rate, by bumping up timeouts. (LP: #1789841)

systemd (239-7ubuntu5) cosmic; urgency=medium

  [ Michael Biebl ]
  * Clean up dbus-org.freedesktop.timesync1.service Alias on purge
    (Closes: #904290)

  [ Martin Pitt ]
  * timedated: Fix wrong PropertyChanged values and refcounting

  [ Dimitri John Ledkov ]
  * autopkgtest: drop gdm3 on arm64 as well.
    The cloud instances are configured without a graphics card, and thus X fails to
    start, hence the gdm test fails.
  * Revert "Workaround broken meson copying symlinked data files, as dangling symlinks."
    This reverts commit 059bfb5349123fabc8c92324e0473193f01fc87c.
  * Cherrypick v239-stable patches.
  * cryptsetup: add support for sector-size= option (LP: #1776626)
  * Cherrypick upstrem patches to fix ftbfs with new glibc.

  [ Michael Vogt ]
  * Re-add support for /etc/writable for core18. (LP: #1778936)

It should be possible to specify sector-size option in crypttab now, in ubuntu. And it should be supported by both initramfs-tools and systemd, depending on which one does the mount. Please test this, and let me know if everything is alright. It did work for me... but I used non-4k hardware.

Note that there is no UI to set sector-size in the installer, and the installer does not generate sector-size option in the crypttab either. I kind of wish sector-size could just be autodetected, and e.g. used by default on 4k native drives. But I'll check if this option can be added to partman-crypto.

Hello bugproxy, or anyone else affected,

Accepted systemd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.8 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello bugproxy, or anyone else affected,

Accepted systemd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.10 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

------- Comment From <email address hidden> 2018-11-20 07:38 EDT-------
This function was verified by IBM on
https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.8

Adjusting tags according to comment #15.

@hws

Thank you. However 10.8 got trumped by security upload 10.9, hence we are re-doing the upload with 10.10. Sorry about the noise, but -security uploads always trump the inflight -proposed uploads.

According to the systemd changelog for bionic:
https://launchpad.net/ubuntu/bionic/+source/systemd/+changelog
support for "ector-size= option" was released with 237-3ubuntu10.10.
And since we are at:
systemd | 237-3ubuntu10.13 | bionic-updates | s390x
I'm setting systemd/bionic to Fix Released.

------- Comment From <email address hidden> 2019-03-05 10:44 EDT-------
IBM bugzilla status -> closed, Fix Released for all requested distros

Apparently the 237-3ubuntu10.10 upload got overwritten by a security upload, too, thus the fix is still not present in systemd.
I'm preparing a new upload and intend to fix this bug.

Hello bugproxy, or anyone else affected,

Accepted systemd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.30 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Hello bugproxy, or anyone else affected,

Accepted systemd into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/systemd/237-3ubuntu10.31 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

All autopkgtests for the newly accepted systemd (237-3ubuntu10.31) for bionic have finished running.
The following regressions have been reported in tests triggered by the package:

gvfs/1.36.1-0ubuntu1.3.3 (ppc64el, amd64)
netplan.io/0.97-0ubuntu1~18.04.1 (amd64)
apt/1.6.12 (arm64, ppc64el)
pulseaudio/unknown (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/bionic/update_excuses.html#systemd

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Verified with systemd/237-3ubuntu10.31:

ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ sudo vi /etc/crypttab
ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ sudo systemctl daemon-reload
ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ sudo service systemd-cryptsetup@vdb_crypt start
Please enter passphrase for disk vdb_crypt! ****
ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ cat /etc/crypttab
vdb_crypt /dev/vdb none luks,sector-size=4096

ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ sudo service systemd-cryptsetup@vdb_crypt status
● systemd-cryptsetup@vdb_crypt.service - Cryptography Setup for vdb_crypt
   Loaded: loaded (/etc/crypttab; generated)
   Active: active (exited) since Tue 2019-10-08 21:05:11 CEST; 13s ago
     Docs: man:crypttab(5)
           man:systemd-cryptsetup-generator(8)
           man:systemd-cryptsetup@.service(8)
  Process: 1999 ExecStart=/lib/systemd/systemd-cryptsetup attach vdb_crypt /dev/vdb none luks,sector-size=4096 (cod
 Main PID: 1999 (code=exited, status=0/SUCCESS)

okt 08 21:05:06 ubuntu-Standard-PC-i440FX-PIIX-1996 systemd[1]: Starting Cryptography Setup for vdb_crypt...
okt 08 21:05:09 ubuntu-Standard-PC-i440FX-PIIX-1996 systemd-cryptsetup[1999]: Set cipher aes, mode xts-plain64, key
okt 08 21:05:11 ubuntu-Standard-PC-i440FX-PIIX-1996 systemd[1]: Started Cryptography Setup for vdb_crypt.
ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$ sudo fdisk /dev/mapper/vdb_crypt

Welcome to fdisk (util-linux 2.31.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0x313e0336.

Command (m for help): p
Disk /dev/mapper/vdb_crypt: 5 GiB, 5366611968 bytes, 1310208 sectors
Units: sectors of 1 * 4096 = 4096 bytes
Sector size (logical/physical): 4096 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0x313e0336

Command (m for help): q

ubuntu@ubuntu-Standard-PC-i440FX-PIIX-1996:~$

This bug was fixed in the package systemd - 237-3ubuntu10.31

---------------
systemd (237-3ubuntu10.31) bionic; urgency=medium

  [ Dimitri John Ledkov ]
  * Add conflicts with upstart and systemd-shim. (LP: #1773859)
  * d/p/debian/UBUNTU-units-disable-journald-watchdog.patch
    - units: Disable journald Watchdog (LP: #1773148)
  * d/p/cryptsetup-add-support-for-sector-size-option-8881.patch
    - cryptsetup: add support for sector-size= option (LP: #1776626)
  * d/p/systemctl-correctly-proceed-to-immediate-shutdown-if-sche.patch
    - systemctl: correctly proceed to immediate shutdown if scheduling fails
      (LP: #1670291)
  * d/p/networkd-add-support-to-configure-IPv6-MTU-8664.patch
    - networkd: add support to set IPv6MTUBytes (LP: #1671951)

 -- Balint Reczey <email address hidden> Mon, 30 Sep 2019 17:23:17 +0200