Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
Hi, Quentin Lefebvre wrote (18 Nov 2014 17:51:48 GMT) : I sent the patch today. \o/ FTR, this is: http://lists.freedesktop.org/archives/systemd-devel/2014-November/025303.html http://lists.freedesktop.org/archives/systemd-devel/2014-November/025302.html I suggest attaching the patch to the upstream bug, so that it doesn't get lost in the mailing-list archive. In the meanwhile, is it useful to patch Debian? I suspect the maintainers will want to see upstream review and ack the patch first. But still, it would be good to get this in Jessie in time before December 5 (it's an important bug, not a RC one). By the way, what is the proper tool to create a patch for Debian? I read about dpatch, but I was told it's not relevant. It depends on how the package is maintained. In this case, see debian/README.source in the source package :) Cheers, -- intrigeri -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
Hi, On 19/11/2014 10:38, intrigeri wrote : I suggest attaching the patch to the upstream bug, so that it doesn't get lost in the mailing-list archive. I just did that. In the meanwhile, is it useful to patch Debian? I suspect the maintainers will want to see upstream review and ack the patch first. But still, it would be good to get this in Jessie in time before December 5 (it's an important bug, not a RC one). December 5th is coming soon. So I hope the process will be quick enough. By the way, what is the proper tool to create a patch for Debian? I read about dpatch, but I was told it's not relevant. It depends on how the package is maintained. In this case, see debian/README.source in the source package :) Thanks for the information. Best, Quentin -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
Hi Quentin,
Quentin Lefebvre wrote (17 Nov 2014 17:24:38 GMT) :
I could provide a patch so that systemd-cryptsetup behaves the same way
as cryptsetup.
But actually, there is even an easier way to solve this: change the 'hash'
parameter
in /etc/crypttab to 'plain'.
Doing this, cryptdisks_{start,stop} scripts work well, and so do
systemd-cryptsetup
(as it will pass a NULL pointer as hash parameter to cryptsetup, which is
also legacy
cryptsetup's way to handle keyfile + hash in plain mode).
Good to know, congrats for the debugging!
Now:
1. The proper solution still seems to patch systemd-cryptsetup so that
this workaround isn't needed; may you please send your patch
upstream? If not, just tell us and I guess someone here will do
it :)
2. If a fix doesn't make it into systemd in Jessie, then I guess we'll
want to document this workaround in NEWS.Debian, and make sure the
release notes point there.
IMO, let's not spend time on #2 right now, and instead focus on #1.
Cheers,
--
intrigeri
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
On 18/11/2014 09:39, intrigeri wrote: 1. The proper solution still seems to patch systemd-cryptsetup so that this workaround isn't needed; may you please send your patch upstream? If not, just tell us and I guess someone here will do it :) I sent the patch today. In the meanwhile, is it useful to patch Debian? By the way, what is the proper tool to create a patch for Debian? I read about dpatch, but I was told it's not relevant. 2. If a fix doesn't make it into systemd in Jessie, then I guess we'll want to document this workaround in NEWS.Debian, and make sure the release notes point there. IMO, let's not spend time on #2 right now, and instead focus on #1. All right. Cheers, Quentin -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
Hi again, Actually, I solved the bug pretty easily (thanks to your links) by editing cryptsetup.c file in package systemd. What should we do now? Are you interested in a patch for Debian? Best, Quentin -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
I could provide a patch so that systemd-cryptsetup behaves the same way
as cryptsetup.
But actually, there is even an easier way to solve this: change the
'hash' parameter in /etc/crypttab to 'plain'.
Doing this, cryptdisks_{start,stop} scripts work well, and so do
systemd-cryptsetup (as it will pass a NULL pointer as hash parameter to
cryptsetup, which is also legacy cryptsetup's way to handle keyfile +
hash in plain mode).
This is the correct /etc/crypttab:
vaioHDpart6c_home /dev/sda6 /root/keys/home.key
cipher=aes-xts-plain64,size=512,hash=plain,offset=0
instead of
vaioHDpart6c_home /dev/sda6 /root/keys/home.key
cipher=aes-xts-plain64,size=512,hash=sha512,offset=0
Note that the hash algorithm sha512 was, in this case, just ignored.
Maybe next versions of cryptsetup will change that.
Of course, don't forget the command:
update-initramfs -k all -u
after changing /etc/crypttab.
Thank you for your help.
Cheers,
Quentin
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
