Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
Hi, Quentin Lefebvre wrote (18 Nov 2014 17:51:48 GMT) : I sent the patch today. \o/ FTR, this is: http://lists.freedesktop.org/archives/systemd-devel/2014-November/025303.html http://lists.freedesktop.org/archives/systemd-devel/2014-November/025302.html I suggest attaching the patch to the upstream bug, so that it doesn't get lost in the mailing-list archive. In the meanwhile, is it useful to patch Debian? I suspect the maintainers will want to see upstream review and ack the patch first. But still, it would be good to get this in Jessie in time before December 5 (it's an important bug, not a RC one). By the way, what is the proper tool to create a patch for Debian? I read about dpatch, but I was told it's not relevant. It depends on how the package is maintained. In this case, see debian/README.source in the source package :) Cheers, -- intrigeri -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
Hi, On 19/11/2014 10:38, intrigeri wrote : I suggest attaching the patch to the upstream bug, so that it doesn't get lost in the mailing-list archive. I just did that. In the meanwhile, is it useful to patch Debian? I suspect the maintainers will want to see upstream review and ack the patch first. But still, it would be good to get this in Jessie in time before December 5 (it's an important bug, not a RC one). December 5th is coming soon. So I hope the process will be quick enough. By the way, what is the proper tool to create a patch for Debian? I read about dpatch, but I was told it's not relevant. It depends on how the package is maintained. In this case, see debian/README.source in the source package :) Thanks for the information. Best, Quentin -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
Hi Quentin, Quentin Lefebvre wrote (17 Nov 2014 17:24:38 GMT) : I could provide a patch so that systemd-cryptsetup behaves the same way as cryptsetup. But actually, there is even an easier way to solve this: change the 'hash' parameter in /etc/crypttab to 'plain'. Doing this, cryptdisks_{start,stop} scripts work well, and so do systemd-cryptsetup (as it will pass a NULL pointer as hash parameter to cryptsetup, which is also legacy cryptsetup's way to handle keyfile + hash in plain mode). Good to know, congrats for the debugging! Now: 1. The proper solution still seems to patch systemd-cryptsetup so that this workaround isn't needed; may you please send your patch upstream? If not, just tell us and I guess someone here will do it :) 2. If a fix doesn't make it into systemd in Jessie, then I guess we'll want to document this workaround in NEWS.Debian, and make sure the release notes point there. IMO, let's not spend time on #2 right now, and instead focus on #1. Cheers, -- intrigeri -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
On 18/11/2014 09:39, intrigeri wrote: 1. The proper solution still seems to patch systemd-cryptsetup so that this workaround isn't needed; may you please send your patch upstream? If not, just tell us and I guess someone here will do it :) I sent the patch today. In the meanwhile, is it useful to patch Debian? By the way, what is the proper tool to create a patch for Debian? I read about dpatch, but I was told it's not relevant. 2. If a fix doesn't make it into systemd in Jessie, then I guess we'll want to document this workaround in NEWS.Debian, and make sure the release notes point there. IMO, let's not spend time on #2 right now, and instead focus on #1. All right. Cheers, Quentin -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
Hi again, Actually, I solved the bug pretty easily (thanks to your links) by editing cryptsetup.c file in package systemd. What should we do now? Are you interested in a patch for Debian? Best, Quentin -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
I could provide a patch so that systemd-cryptsetup behaves the same way as cryptsetup. But actually, there is even an easier way to solve this: change the 'hash' parameter in /etc/crypttab to 'plain'. Doing this, cryptdisks_{start,stop} scripts work well, and so do systemd-cryptsetup (as it will pass a NULL pointer as hash parameter to cryptsetup, which is also legacy cryptsetup's way to handle keyfile + hash in plain mode). This is the correct /etc/crypttab: vaioHDpart6c_home /dev/sda6 /root/keys/home.key cipher=aes-xts-plain64,size=512,hash=plain,offset=0 instead of vaioHDpart6c_home /dev/sda6 /root/keys/home.key cipher=aes-xts-plain64,size=512,hash=sha512,offset=0 Note that the hash algorithm sha512 was, in this case, just ignored. Maybe next versions of cryptsetup will change that. Of course, don't forget the command: update-initramfs -k all -u after changing /etc/crypttab. Thank you for your help. Cheers, Quentin -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org