Hi Am 21.07.19 um 21:58 schrieb Guilhem Moulin:
> Now that libblockdev uses crypt_keyslot_change_by_passphrase() there is > AFAICT nothing more to be done on the libblockdev or udisks2 side with > respect to that bug. But maybe the Changelog entry for libblockdev > 2.20-7+deb10u1 should be changed to remove the references to MEMLOCK. > As I wrote in https://gitlab.com/cryptsetup/cryptsetup/issues/466 I > believe the problem with LUKSv2 is elsewhere (crypt_get_volume_key_size() > fails because there is no bound keyslot object to retrieve the key size > from). Maybe changing it to > > * Use existing cryptsetup API for changing keyslot passphrase. > Cherry-pick upstream fix to use existing cryptsetup API for atomically > changing a keyslot passphrase, instead of deleting the old keyslot > before adding the new one. This avoids data loss when attempting to > change the passphrase of a LUKS2 device via udisks2, e.g. from GNOME > Disks. > Deleting a keyslot and then adding one is risky: if anything goes wrong > before the new keyslot is successfully added, no usable keyslot is left > and the device cannot be unlocked anymore. There's little chances this > causes actual problems with LUKS1, but as of 2.1.0 libcrypsetup > fails to add a new keyslot to a LUKS2 header without any > pre-existing keyslot. > (Closes: #928893) > > Or maybe remoing the last sentence alltogether, ending with “[…] cannot > be unlocked anymore.” I already uploaded 2.20-7+deb10u1 with this changelog, so it's not really possible anymore to undo this other then making a 2.20-7+deb10u2 upload, which seems like overkill to me. I don't think the changelog is that misleading that we need another upload fixing it. Regards, Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature