Bug 610885
| Summary: | update cryptsetup-luks to 1.1.2 for pam_mount | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Till Maas <opensource> |
| Component: | cryptsetup-luks | Assignee: | Milan Broz <mbroz> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 12 | CC: | agk, dwysocha, lvm-team, maurizio.antillon, mbroz, opensource, pjones, prajnoha, prockai, pvrabec, whulbert |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | cryptsetup-luks-1.1.3-1.fc12 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-07-13 07:26:10 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 608400 | ||
|
Description
Till Maas
2010-07-02 16:50:19 UTC
F13 should be no problem, F12 need retain old plain crypt mode, should be just configuration switch. (rawhide should be ready) (In reply to comment #1) > F13 should be no problem, F12 need retain old plain crypt mode, should be just > configuration switch. Ok, I updated and built F13. I guess you mean that I need to add "--with-plain-mode cbc-plain" after %configure for F12? Btw. does it really make sense to use aes 256 with luks instead of aes 192? Afaik the luks master key is only 168 bits long. LUKS master key is so long how you configure it.
Please do not change default in distribution, should be for F13 and later:
plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripemd160
LUKS1: aes-cbc-essiv:sha256, Key: 256 bits, LUKS header hashing: sha1
and for F12
plain: aes-cbc-plain, Key: 256 bits, Password hashing: ripemd160
LUKS1: aes-cbc-essiv:sha256, Key: 128 bits, LUKS header hashing: sha1
(need to verify - I have no F12 here now, see cryptsetup --help with 1.1.x
you can simple luksFormat and luksDump to check)
(In reply to comment #3) > LUKS master key is so long how you configure it. > > Please do not change default in distribution, should be for F13 and later: > > plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripemd160 > LUKS1: aes-cbc-essiv:sha256, Key: 256 bits, LUKS header hashing: sha1 > > and for F12 > plain: aes-cbc-plain, Key: 256 bits, Password hashing: ripemd160 > LUKS1: aes-cbc-essiv:sha256, Key: 128 bits, LUKS header hashing: sha1 > > (need to verify - I have no F12 here now, see cryptsetup --help with 1.1.x > you can simple luksFormat and luksDump to check) according to the manpage and luksDump from F12 you are right here. I adjusted the F12 spec to set these values. Unluckily there is a compilation error for F12: libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../luks -DDATADIR=\"/usr/share\" -DLIBDIR=\"/lib64\" -DPREFIX=\"/usr\" -DSYSCONFDIR=\"/etc\" -DVERSION=\"1.1.2\" -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -MT libcryptsetup_la-gcrypt.lo -MD -MP -MF .deps/libcryptsetup_la-gcrypt.Tpo -c gcrypt.c -fPIC -DPIC -o .libs/libcryptsetup_la-gcrypt.o libdevmapper.c: In function '_dm_simple': libdevmapper.c:292: error: too many arguments to function 'dm_task_set_cookie' libdevmapper.c: In function 'dm_create_device': libdevmapper.c:437: error: 'DM_UDEV_DISABLE_SUBSYSTEM_RULES_FLAG' undeclared (first use in this function) libdevmapper.c:437: error: (Each undeclared identifier is reported only once libdevmapper.c:437: error: for each function it appears in.) libdevmapper.c:437: error: 'DM_UDEV_DISABLE_DISK_RULES_FLAG' undeclared (first use in this function) libdevmapper.c:437: error: 'DM_UDEV_DISABLE_OTHER_RULES_FLAG' undeclared (first use in this function) libdevmapper.c:458: error: too many arguments to function 'dm_task_set_cookie' libdevmapper.c:484: error: too many arguments to function 'dm_task_set_cookie' Does it maybe also require a device-mapper / lvm2 update? cryptsetup-luks-1.1.2-2.fc13,libHX-3.4-1.fc13,pam_mount-2.4-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/cryptsetup-luks-1.1.2-2.fc13,libHX-3.4-1.fc13,pam_mount-2.4-1.fc13 (In reply to comment #4) > libdevmapper.c:292: error: too many arguments to function 'dm_task_set_cookie' well, I must admint that I do not like changing devmapper API/ABI this way... Despite the fact if was evolving according to udev requirements. Anyway, it should compile, I probably did udev detection wrong there - it should disable it completely if not supported in devmapper. Ouch.. yes, the addition of udev flags. My apologies for any inconvenience. The udev synchronisation interface was introduced in libdevmapper v1.02.36 (lvm v2.02.51) and changed (dm_task_set_cookie has one more arg - the udev flags) in libdevmapper v1.02.39 (lvm v2.02.54). But fortunately, that was the only interface change... ok, I'll prepare upstream 1.1.3 with patches and compatibility wrapper for this libdevmapper version soon, stay tuned:) (I do not want to require specific version of libdevmapper to build, it is not really needed here.) Cryptsetup 1.1.3 is built for rawhide,F12 and F13. Till, please let me know if I should fill new update or you add this builds to your pam_mount errata, thanks. (I did only very limited testing in F12, but it seems to work properly now...) (In reply to comment #9) > Cryptsetup 1.1.3 is built for rawhide,F12 and F13. > > Till, please let me know if I should fill new update or you add this builds to > your pam_mount errata, thanks. Thank you, too. I will create/modify the updates. > (I did only very limited testing in F12, but it seems to work properly now...) Ok, I'll test it, too, on F12. cryptsetup-luks-1.1.3-1.fc12,libHX-3.4-1.fc12,pam_mount-2.4-2.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/cryptsetup-luks-1.1.3-1.fc12,libHX-3.4-1.fc12,pam_mount-2.4-2.fc12 cryptsetup-luks-1.1.3-1.fc12, pam_mount-2.4-2.fc12, libHX-3.4-1.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update cryptsetup-luks pam_mount libHX'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/cryptsetup-luks-1.1.3-1.fc12,libHX-3.4-1.fc12,pam_mount-2.4-2.fc12 cryptsetup-luks-1.1.3-1.fc13, pam_mount-2.4-2.fc13, libHX-3.4-1.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update cryptsetup-luks pam_mount libHX'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/cryptsetup-luks-1.1.3-1.fc13,libHX-3.4-1.fc13,pam_mount-2.4-2.fc13 cryptsetup-luks-1.1.3-1.fc13, pam_mount-2.4-2.fc13, libHX-3.4-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. cryptsetup-luks-1.1.3-1.fc12, pam_mount-2.4-2.fc12, libHX-3.4-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. |