encrypted swap not working + screenshare on wayland | Gentoo Linux Community | Page 1

whole pilot Jul 29, 2023, 10:47 PM

#

hi

#

org.kde.xwaylandvideobridge: Could not select sources QDBusError("org.freedesktop.portal.Error.InvalidArgument", "Unavailable cursor mode 4")

#

DESKTOP-OUNAE5C /opt # dd if=/dev/zero of=swap count=8192 bs=1M 
8192+0 records in
8192+0 records out
8589934592 bytes (8.6 GB, 8.0 GiB) copied, 4.02722 s, 2.1 GB/s
DESKTOP-OUNAE5C /opt #  btrfs subvolume create swap_vol 
Create subvolume './swap_vol'
DESKTOP-OUNAE5C /opt # chattr +C swap_vol 
DESKTOP-OUNAE5C /opt # fallocate -l 8G swap_vol/swapfile 
DESKTOP-OUNAE5C /opt # chmod 600 swap_vol/swapfile 
DESKTOP-OUNAE5C /opt # swapon swap 
swapon: /opt/swap: insecure permissions 0644, 0600 suggested.
swapon: /opt/swap: read swap header failed
DESKTOP-OUNAE5C /opt # chmod 600 swap_vol/swapfile 
DESKTOP-OUNAE5C /opt # swapon swap 
swapon: /opt/swap: insecure permissions 0644, 0600 suggested.
swapon: /opt/swap: read swap header failed
DESKTOP-OUNAE5C /opt # ```

#

https://github.com/xchar08/gentoo-secured-dwl

GitHub

GitHub - xchar08/gentoo-secured-dwl: Minimal encrypted/hardened gen...

Minimal encrypted/hardened gentoo installation script w/ xorg, bspwm, and polybar - GitHub - xchar08/gentoo-secured-dwl: Minimal encrypted/hardened gentoo installation script w/ xorg, bspwm, and po...

#

#

#

DESKTOP-OUNAE5C /opt # dd if=/dev/zero of=swap count=8192 bs=1M 
8192+0 records in
8192+0 records out
8589934592 bytes (8.6 GB, 8.0 GiB) copied, 4.02722 s, 2.1 GB/s
DESKTOP-OUNAE5C /opt #  btrfs subvolume create swap_vol 
Create subvolume './swap_vol'
DESKTOP-OUNAE5C /opt # chattr +C swap_vol 
DESKTOP-OUNAE5C /opt # fallocate -l 8G swap_vol/swapfile 
DESKTOP-OUNAE5C /opt # chmod 600 swap_vol/swapfile 
DESKTOP-OUNAE5C /opt # swapon swap 
swapon: /opt/swap: insecure permissions 0644, 0600 suggested.
swapon: /opt/swap: read swap header failed
DESKTOP-OUNAE5C /opt # chmod 600 swap_vol/swapfile 
DESKTOP-OUNAE5C /opt # swapon swap 
swapon: /opt/swap: insecure permissions 0644, 0600 suggested.
swapon: /opt/swap: read swap header failed
DESKTOP-OUNAE5C /opt # emerge -pv util-linux

These are the packages that would be merged, in order:

Calculating dependencies... done!
Dependency resolution took 2.13 s.

[ebuild   R    ] sys-apps/util-linux-2.39.1::gentoo  USE="(audit) (caps) cramfs cryptsetup hardlink logger ncurses nls pam readline (selinux) (split-usr) su suid (unicode) -build -fdformat -kill -magic -python (-rtas) -slang -static-libs -systemd -test -tty-helpers -udev -verify-sig" ABI_X86="32 (64) (-x32)" PYTHON_TARGETS="python3_11 -python3_10" 0 KiB

Total: 1 package (1 reinstall), Size of downloads: 0 KiB

 * IMPORTANT: 19 news items need reading for repository 'gentoo'.
 * Use eselect news read to view new items.

DESKTOP-OUNAE5C /opt #

tardy crest Jul 29, 2023, 11:09 PM

#

try ```sh
cryptsetup --type plain -d /dev/urandom open path_to_swapfile swap
mkswap path_to_swapfile
swapon path_to_swapfile

#

after creating the btrfs subvolume and the swapfile

#

"Then, edit /etc/fstab and either /etc/crypttab (if using systemd) or /etc/conf.d/dmcrypt (if using OpenRC) to automatically active the swap file: ..."

#

i think this swapon: /opt/swap: read swap header failed is because you didnt mkswap first

#

also im not sure what doing cryptsetup on the file will do if the whole partition is already encrypted maybe try w/o just mkswap

grave glen Jul 30, 2023, 12:20 AM

#

whole pilot https://github.com/xchar08/gentoo-secured-dwl

also it's not recommended to use scripts unless you wrote them, or understand what the script(s) are doing

whole pilot Jul 30, 2023, 12:25 AM

#

grave glen also it's not recommended to use scripts unless you wrote them, or understand wh...

I wrote it

#

Changed my username though

grave glen Jul 30, 2023, 12:25 AM

#

ah I see

whole pilot Jul 30, 2023, 12:25 AM

#

tardy crest "Then, edit /etc/fstab and either /etc/crypttab (if using systemd) or /etc/conf....

Ohh ok thanks

#

How would I undo all the steps I did already

#

Like creating the subvolume and stuff?

#

Btrfs subvolume delete swap_vol 
rm swap
swapoff swap```

#

Like that?

tardy crest Jul 30, 2023, 12:26 AM

#

you probably dont need to undo that just pick up where the last thing worked

#

like the subvol is probably good

whole pilot Jul 30, 2023, 12:42 AM

#

tardy crest try ```sh cryptsetup --type plain -d /dev/urandom open path_to_swapfile swap mks...

was I supposed to swapon the file called 'swap' or should I have just did the swapfile in the volume?

#

should there be two separate files btw? Swap and swapfile?

tardy crest Jul 30, 2023, 12:44 AM

#

im not sure why there's the two files

#

im scared that the 'swap' file was created by cryptsetup as the "mapped name" idk what those args do

#

it does appear as if you've successfully made and mounted swap_vol/swapfile tho

#

maybe try cryptsetup again with swap_vol/swapfile as both the last args?

#

was it the cryptsetup command that created swap?

whole pilot Jul 30, 2023, 12:47 AM

#

No, the dd if=swap command

tardy crest Jul 30, 2023, 12:48 AM

#

oh okay

#

yeah thats just a zero file rn you can delete it

#

cuz it looks like the other things you did worked

#

i dont know how to check if cryptsetup worked like the command returned success

#

i dont know what the command does lol i just picked it out of the wiki

whole pilot Jul 30, 2023, 12:50 AM

#

cryptsetup created an encrypted subvolume

tardy crest Jul 30, 2023, 12:50 AM

#

the type of your swap is crypt from lsblk maybe thats a good indication

#

yeah nice

whole pilot Jul 30, 2023, 12:50 AM

#

tardy crest the type of your swap is crypt from `lsblk` maybe thats a good indication

shouldn't it say [swap] next to it?

tardy crest Jul 30, 2023, 12:50 AM

#

uhhh maybe

#

can you check if its functioning as swap

#

check top or something

#

see if you have swap

whole pilot Jul 30, 2023, 12:52 AM

#

I do not see swap

tardy crest Jul 30, 2023, 12:53 AM

#

hmm

#

cuz it looks like swapon worked

whole pilot Jul 30, 2023, 12:54 AM

#

should this be in my /etc/crypttab btw?

tardy crest Jul 30, 2023, 12:54 AM

#

i think so

#

"to automatically active the swap file" according to the wiki

whole pilot Jul 30, 2023, 12:56 AM

#

and this in dmcrypt?

tardy crest Jul 30, 2023, 12:57 AM

#

uh its one or the other

#

depending on your init

whole pilot Jul 30, 2023, 12:57 AM

#

wait shad do you mean

#

oh

#

wait

#

I'm using openrc

tardy crest Jul 30, 2023, 12:57 AM

#

ah the dmcrypt one then

whole pilot Jul 30, 2023, 12:58 AM

#

ye

tardy crest Jul 30, 2023, 12:58 AM

#

and you gotta enable the service

#

concerning rn tho is that the swapfile isnt working

#

maybe try swapon <file> again?

whole pilot Jul 30, 2023, 12:59 AM

#

tardy crest Jul 30, 2023, 1:00 AM

#

uh fuser /opt/swap_vol/swapfile ?

whole pilot Jul 30, 2023, 1:00 AM

#

ran

#

#

tardy crest Jul 30, 2023, 1:01 AM

#

returned nothing

#

hmm

#

wth

#

maybe try again but without cryptsetup

#

see if that gets you swap at least

#

i mean

#

delete swap_vol/swapfile

#

fallocate it again

#

and just swapon it

#

and see if that works as swap

whole pilot Jul 30, 2023, 1:08 AM

#

alright 👍

#

rm: cannot remove 'swap_vol/swapfile': Operation not permitted

#

I think I'd have to swapoff everything

#

lemme try rebooting and see if everything works first

tardy crest Jul 30, 2023, 1:11 AM

#

okay yeah

whole pilot Jul 30, 2023, 1:16 AM

#

#

@tardy crest

tardy crest Jul 30, 2023, 1:17 AM

#

uhhh yes lmao?

#

i mean its not gonna break anything important

#

yeah i think it was cryptsetup --type plain -d /dev/urandom open path_to_swapfile swap this that was wrong

#

and it should be cryptsetup --type plain -d /dev/urandom open path_to_swapfile path_to_swapfile

whole pilot Jul 30, 2023, 1:21 AM

#

Ahh

tardy crest Jul 30, 2023, 1:21 AM

#

maybe

whole pilot Jul 30, 2023, 1:22 AM

#

Should I type no and then redo it?

tardy crest Jul 30, 2023, 1:22 AM

#

nah you should type YES

#

and see what happens

#

maybe it works who knows

#

it looks like it almost wants to work

whole pilot Jul 30, 2023, 4:10 AM

#

tardy crest and see what happens

I think I might have to restart the process but thank you

#

I might call it a night due to that jui jitsu injury plus I've got a headache but thank you for all the help

tardy crest Jul 30, 2023, 10:50 PM

#

yeah np lmk if it works later or not

whole pilot Jul 31, 2023, 4:18 PM

#

Do you think you would be able to help me out later today @tardy crest

tardy crest Jul 31, 2023, 9:10 PM

#

yeah sure

whole pilot Aug 1, 2023, 2:52 AM

#

tardy crest yeah sure

oh wait are you free rn

tardy crest Aug 1, 2023, 3:12 AM

#

yeah

whole pilot Aug 1, 2023, 3:35 AM

#

tardy crest yeah

why do i not get notifications

#

ok

#

im online

tardy crest Aug 1, 2023, 3:36 AM

#

aight sick

#

what did you do yesterday with the yes/no thing

#

did you end up checking it out

#

or going and restarting or something

#

@whole pilot

whole pilot Aug 1, 2023, 3:42 AM

#

I don't think any of it ended up working

#

I just switched to my Gentoo system btw

#

From windows

tardy crest Aug 1, 2023, 3:43 AM

#

ah okay

#

yeah id try to make the btrfs subvolume and fallocate the swapfile again

whole pilot Aug 1, 2023, 3:44 AM

#

it's still up though so I've got to follow the steps in reverse

tardy crest Aug 1, 2023, 3:45 AM

#

yeah just swapoff it and delete the swapfile

whole pilot Aug 1, 2023, 3:46 AM

#

#

oh wait how exactly

tardy crest Aug 1, 2023, 3:46 AM

#

maybe swapoff isnt needed

#

just delete the swapfile and fallocate a new one

#

then try to swapon it without cryptsetup-ing it so we know the btrfs stuff works

#

basically just follow Swap Files - Creation on https://wiki.gentoo.org/wiki/Swap

Swap

#

dont do the Encrypted Swap bit

whole pilot Aug 1, 2023, 3:59 AM

#

im undoing the file stuff too

#

and restarting my laptop

tardy crest Aug 1, 2023, 4:00 AM

#

lol fair enough

whole pilot Aug 1, 2023, 4:02 AM

#

just so I don't have that partition up

#

like in lsblk

tardy crest Aug 1, 2023, 4:04 AM

#

yee sure

whole pilot Aug 1, 2023, 4:16 AM

#

ok

#

back to square one

#

I'm pulling up thw wiki @tardy crest

#

#

it'll probably show [swap] if I reboot

#

should I?

tardy crest Aug 1, 2023, 4:24 AM

#

yeah im not sure if the subvolume/swapfile should appear as a block device

#

maybe not

#

swapon --show is a good sign that its worked

#

now you can try to decipher the crpytsetup command and make that work if you want

#

also id uh unify your boot partition

#

you dont need two partitions for a uefi boot system

#

like the 8gb partition is doing nothing (?) except being the mountpoint for another partition your actual esp

whole pilot Aug 1, 2023, 4:32 AM

#

cd /opt
btrfs subvolume create swap_vol 
chattr +C swap_vol 
cd swap_vol
dd if=/dev/zero of=swap count=8192 bs=1M
cryptsetup --type plain -d /dev/urandom open swap swap 
mkswap swap 
chmod 600 swap 
swapon swap 
swapon --show

#

#/etc/fstab
/opt/swap_vol/swap none swap sw 0 0

tardy crest Aug 1, 2023, 4:33 AM

#

yeah that looks about right actually

whole pilot Aug 1, 2023, 4:34 AM

#

#/etc/conf.d/dmcrypt
swap=swap
source=/opt/swap_vol/swap

tardy crest Aug 1, 2023, 4:34 AM

#

youll want a dmcrypt entry too to automatically activate it

whole pilot Aug 1, 2023, 4:35 AM

#

rc-update add dmcrypt boot

#

# If you are only using local swap partitions, you should not change
# this file. Otherwise, you need to uncomment the below rc_before line
# followed by the appropriate rc_need line.
rc_before="!localmount"
#
# If you are using swap files stored on local file systems, uncomment
# this line.
rc_need="localmount"
#
# If you are using swap files stored on network file systems or swap
# partitions stored on network block devices such as iSCSI, uncomment
# this line.
#rc_need="netmount"

tardy crest Aug 1, 2023, 4:36 AM

#

edit /etc/conf.d/dmcrypt as the wiki suggests

#

also

#

^^

whole pilot Aug 1, 2023, 4:38 AM

#

tardy crest edit /etc/conf.d/dmcrypt as the wiki suggests

did i post it well

tardy crest Aug 1, 2023, 4:39 AM

#

oh you did post it yeah

#

yeah looks good 👌

whole pilot Aug 1, 2023, 4:51 AM

#

alright, I have set it up

tardy crest Aug 1, 2023, 4:56 AM

#

it works?

whole pilot Aug 1, 2023, 4:56 AM

#

it was being weird

#

so

#

#

i got this once i unlocked my drive

#

then it said some weird stuff about hashing or something regarding swap

#

and then said dmcrypt failed to start

#

but now it started so idk

#

it's really weird

tardy crest Aug 1, 2023, 4:57 AM

#

lol aight

#

semisuccess

whole pilot Aug 1, 2023, 4:58 AM

#

also idk why it's giving me that modprobe error

#

I only ran modprobe once a really long time ago on that kernel module

#

this is in lsblk btw

#

no [swap]

#

when i run swapon --show it doesn't work btw

#

like

#

there's no output

#

meaning it's not being autostarted

#

i ran swapon /opt/swap_vol/swap and it shows up under it but I don't have much of a way of checking it

#

oh wait c:

#

so it works but it's not autostarted

whole pilot Aug 1, 2023, 3:45 PM

#

Not sure how to fix the autostart

#

I might be able to take a picture of the error but it's only on the screen for a split second

whole pilot Aug 2, 2023, 11:37 PM

#

@timber flame could you possibly take a look?

timber flame Aug 3, 2023, 2:32 AM

#

whole pilot I might be able to take a picture of the error but it's only on the screen for a...

video

whole pilot Aug 3, 2023, 2:32 AM

#

I shall share my screen momentarily

whole pilot Aug 3, 2023, 5:36 AM

#

#

Btw not a vid but how would I fix this warning

#

Regarding modules

#

And then involving swap, I'm not sure what to do

#

#

Around where decrypt is

timber flame Aug 3, 2023, 9:08 AM

#

@grave glen can you read for me please

grave glen Aug 3, 2023, 9:48 AM

#

WARNING: The --hash parameter is being ignored in plain mode with keufile specified
WARNING: Device /opt/swap_vol/swap already contains a 'swap' superblock signature

Detected device signature(s) on /opt/swap_vol/swap. Proceeding further may damage existing data.

timber flame Aug 3, 2023, 9:54 AM

#

I don’t think you were supposed to format it

#

Should have been an empty file

#

Or partition

whole pilot Aug 3, 2023, 5:09 PM

#

#1134980581365665883 message

#

@timber flame this is what I had run

#

and then I have the files I edited and their contents up there too

#

you have to have it in a subvolume for btrfs and for encryption, you need the files that were specified

whole pilot Aug 3, 2023, 5:13 PM

#

grave glen WARNING: The --hash parameter is being ignored in plain mode with keufile specif...

mkswap: unable to erase bootable sectors
Failed to setup dm-crypt devices
ERROR: dmcrypt failed to start

This is what it says after saying 'YES' btw

whole pilot Aug 4, 2023, 3:15 AM

#

hello @timber flame are you possibly availible to look at it?

arctic talon Aug 7, 2023, 10:18 AM

#

I don't think dmcrypt is the right place to setup (create) an encrypted block. If you're going to run a custom script anyway just create your own init script or call the script in local. Also why always recreate the block?

timber flame Aug 7, 2023, 10:22 AM

#

arctic talon I don't think dmcrypt is the right place to setup (create) an encrypted block. I...

https://wiki.archlinux.org/title/dm-crypt/Swap_encryption

Swap encryption

#

He’s doing encrypted swap because if you don’t need hibernation it is simpler than putting it inside the luks container. Especially compared to swap files on btrfs.

Random encryption key at startup means you don’t need to store the key somewhere, which also reduces complexity.

arctic talon Aug 7, 2023, 10:30 AM

#

Ok I see the point. The warnings can be probably be avoided by running a few dd writes against the existing block before create.

#

The "unable to erase bootable sectors" however needs to be reproduced in the command-line first.

#

The insmod errors on the other hand... I'm not sure how to fix them... it's odd that openrc doesn't use modprobe instead. Modprobe wouldn't complain if they're alreaded loaded. In this case they're already loaded as builtin.

timber flame Aug 7, 2023, 10:33 AM

#

I wonder if this is what is happening

arctic talon Aug 7, 2023, 10:35 AM

#

I think it's best to just avoid use of crypttab as well since it's just a disposable LUKS. Again better just create your own init.l script. You'll have full control over dependencies.

timber flame Aug 7, 2023, 10:35 AM

#

Oh he formatted it as swap: use wipefs -a /dev/path/to/swap/partition

arctic talon Aug 7, 2023, 10:44 AM

#

timber flame Oh he formatted it as swap: use `wipefs -a /dev/path/to/swap/partition`

I don't see i though. I think an update of what he's done so far needs to be given.

timber flame Aug 7, 2023, 10:45 AM

#

Unable to erase bootable sectors

#

You are right this is too confusing

#

I dont know if hes on file or partition now

#

It worked when I did it but then again I always use wipefs when changing a disk around, and I didn’t try to mkswap partition

#

And it was not a file, making it a file on btrfs has the chattr +C requirement, and it has to be on it’s own subvolume because any subvolume containing a swap file btrfs will refuse to snapshot

#encrypted swap not working + screenshare on wayland