Bug#768577: There's also a problem with passphrases on plain mode
Hi intrigeri, First, thanks for your replies and for the links. I have been investigating cryptsetup behavior as you suggested, and I found out that there is also a problem with passphrases in plain mode. I described it here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768407#20 . This one may or may not be systemd-related. Anyway I'll continue to dig into this issue, maybe I can fix it. Best regards, Quentin ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
Hi again, Actually, I solved the bug pretty easily (thanks to your links) by editing cryptsetup.c file in package systemd. What should we do now? Are you interested in a patch for Debian? Best, Quentin ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
I could provide a patch so that systemd-cryptsetup behaves the same way
as cryptsetup.
But actually, there is even an easier way to solve this: change the
'hash' parameter in /etc/crypttab to 'plain'.
Doing this, cryptdisks_{start,stop} scripts work well, and so do
systemd-cryptsetup (as it will pass a NULL pointer as hash parameter to
cryptsetup, which is also legacy cryptsetup's way to handle keyfile +
hash in plain mode).
This is the correct /etc/crypttab:
vaioHDpart6c_home /dev/sda6 /root/keys/home.key
cipher=aes-xts-plain64,size=512,hash=plain,offset=0
instead of
vaioHDpart6c_home /dev/sda6 /root/keys/home.key
cipher=aes-xts-plain64,size=512,hash=sha512,offset=0
Note that the hash algorithm "sha512" was, in this case, just ignored.
Maybe next versions of cryptsetup will change that.
Of course, don't forget the command:
update-initramfs -k all -u
after changing /etc/crypttab.
Thank you for your help.
Cheers,
Quentin
___
Pkg-systemd-maintainers mailing list
Pkg-systemd-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#768577: systemd-cryptsetup handles keyfile differently from cryptsetup on plain mode
On 18/11/2014 09:39, intrigeri wrote: 1. The proper solution still seems to patch systemd-cryptsetup so that this workaround isn't needed; may you please send your patch upstream? If not, just tell us and I guess someone here will do it :) I sent the patch today. In the meanwhile, is it useful to patch Debian? By the way, what is the proper tool to create a patch for Debian? I read about dpatch, but I was told it's not relevant. 2. If a fix doesn't make it into systemd in Jessie, then I guess we'll want to document this workaround in NEWS.Debian, and make sure the release notes point there. IMO, let's not spend time on #2 right now, and instead focus on #1. All right. Cheers, Quentin ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#768577: Patch applied upstream
Hi, For your information, a patch has been applied upstream. Here is the link: http://cgit.freedesktop.org/systemd/systemd/commit/?id=8a52210c93 Cheers, Quentin ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#768577: Patch applied upstream
Hi, On 24/11/2014 16:37, intrigeri wrote : Quentin Lefebvre wrote (24 Nov 2014 14:35:45 GMT) : For your information, a patch has been applied upstream. Here is the link: http://cgit.freedesktop.org/systemd/systemd/commit/?id=8a52210c93 Congrats! Can you please try to apply the upstream patch on top of Debian unstable's systemd, and confirm that it works and fixes the issue for you? Thanks for making me test the new patch. Actually it is a rewrite of the one I first proposed, and it doesn't work. I hope the developers will agree on my original patch. So... waiting! Cheers, Quentin ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
Bug#768577: Patch applied upstream
So here is the point of view of the developers. The upstream patch works provided that "hash=plain" is mentioned in /etc/cryptab. To summarize: - when a user creates a plain dm-crypt device providing a --hash parameter along with a key file - he *should* be aware of the fact that the hash parameter is ignored - and as a consequence, he should write "hash=plain" in /etc/crypttab - in short, it's a cryptsetup bug, and systemd won't be "compatible with cryptsetup's bug"... Let's say that's fine. It may be worth documenting this. Please note that this patch basically changes nothing about the aforementioned bug, so I'm not convinced it should be applied in Debian, and I don't attach it. The trick with "hash=plain" already works with Debian's current version of systemd. Best regards, Quentin ___ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
