Your message dated Sun, 20 Nov 2022 18:53:39 +0100
with message-id <[email protected]>
and subject line Re: Bug#923513: cryptsetup-bin: Can no longer luksFormat as
non-root: "Not compatible PBKDF options."
has caused the Debian Bug report #923513,
regarding Argon2i/d benchmark doesn't honor `getrlimit(RLIMIT_MEMLOCK,)`
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
923513: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923513
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cryptsetup-bin
Version: 2:2.1.0-2
Severity: normal
Dear Maintainer,
it's no longer possible to create a container using cryptsetup
luksFormat as non-root.
Step to reproduce:
$ dd if=/dev/zero bs=16M count=1 of=/tmp/blob
$ /sbin/cryptsetup luksFormat /tmp/blob
... and an arbitrary passphrase, or shorter:
$ echo foo | /sbin/cryptsetup luksFormat /tmp/blob -
Error message:
Not compatible PBKDF options.
Running as root still succeeds - and I haven't compared the strace
output yet for time constraints, sorry.
Workaround:
Declare usage of format 1 like in
$ echo -n foo | cryptsetup luksFormat --type luks1 /tmp/blob -
and possibly some other ways.
This broke the luksmeta test suite, I've fixed that locally for the time
being but this might affect other people. I don't know whether
there's another situation where you would luksFormat as non-root (some
containerization perhaps?), so this might be release notice material as
well.
Kind regards,
Christoph
-- Package-specific info:
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.21 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect
Versions of packages cryptsetup-bin depends on:
ii libblkid1 2.33.1-0.1
ii libc6 2.28-8
ii libcryptsetup12 2:2.1.0-2
ii libpopt0 1.16-12
ii libuuid1 2.33.1-0.1
cryptsetup-bin recommends no packages.
cryptsetup-bin suggests no packages.
-- no debconf information
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Version: 2:2.6.0~rc0-1
Fixed in 2:2.6.0~rc0-1 as libcryptsetup no longer uses mlockall(2):
https://salsa.debian.org/cryptsetup-team/cryptsetup/-/commit/4b47091b85bcd768ca048dc59fad2bf7806ef1b1
With that RC version (currently in experimental) I'm no longer able to
reproduce the issue described in
https://gitlab.com/cryptsetup/cryptsetup/-/issues/465 .
--
Guilhem.
signature.asc
Description: PGP signature
--- End Message ---
