2

I have a dd image of disk, which is a LUKS container containing a filesystme, and which I can loop mount and unlock to access the files. The filesystem in the container is only about 1/4 full. What is the proper way to take advantage of compression, while allowing me to be able to mounted and unlock the disk?

Improve this question

2 Answers 2

Reset to default
5

You can't compress LUKS encrypted data.

However, if all involved filesystems support it, you can discard free space using fstrim, resulting in a sparse file where free space is zero and does not occupy space.

# du -h foobar.img
1.0G    foobar.img

# cryptsetup open --allow-discards foobar.img foobar
Enter passphrase for foobar.img: foobar
# mount /dev/mapper/foobar loop/

# df -h loop/
Filesystem          Size  Used Avail Use% Mounted on
/dev/mapper/foobar  974M  129M  780M  15% /foobar/loop

# fstrim -v loop/
loop/: 845.7 MiB (886763520 bytes) trimmed

# du -h foobar.img
179M    foobar.img

Yet another option may be to shrink the filesystem itself and truncate the size of the image file accordingly (remember to account for the LUKS header offset, usually 2 MiB for LUKS 1 and 16 MiB for LUKS 2).

The alternative would be to compress the unencrypted data instead.

Improve this answer
5
  • Interesting. Thank you. I'm not sure I understand what's happening there with trim & discard, but I do see your result. I'm going to have to look into that closer. Somehow I thought that was just something for SSD's. Commented Dec 13, 2022 at 14:19
  • @Diagon SSDs support trim/discard in hardware, sure. But fstrim is also used for VM images, LVM thin volumes, loop devices and the like. For the filesystem that holds the image file, you need support for sparse file and hole punching I guess. For the filesystem inside the container, fstrim and/or discard support. Commented Dec 13, 2022 at 14:26
  • Thanks. It looks like that should work. It's btrfs, with an ext4 in LUKS. Commented Dec 13, 2022 at 14:34
  • Actually, that's an xfs in LUKS, but xfs also supports trim. So I went ahead and everything worked as you said; but, once I unmounted the filesystem and closed the container, the .img file was back to its original size! :? Commented Dec 13, 2022 at 14:52
  • 1
    I see. du and ls give different results. I guess du is proper for a sparse file. Commented Dec 13, 2022 at 15:00
2

Compression isn't going to help you here -- encrypted data isn't very compressible by nature of being random -- even same data blocks of the open text are encrypted to a different blocks (so something like zeroing the "empty" parts of the filesystem won't help). If this is a disk image, I would maybe recommend shrinking the filesystem and the LUKS container to save some space and growing it later if you need more space.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.