1974271 – [RHEL9] veritysetup man page should not mention --no-superblock as dump action parameter

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1974271 - [RHEL9] veritysetup man page should not mention --no-superblock as dump action parameter

Summary: [RHEL9] veritysetup man page should not mention --no-superblock as dump actio...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	cryptsetup
Sub Component:
Version:	9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	beta
Target Release:	9.0 Beta
Assignee:	Ondrej Kozina
QA Contact:	guazhang@redhat.com
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-06-21 09:11 UTC by guazhang@redhat.com
Modified:	2021-12-07 21:38 UTC (History)
CC List:	4 users (show)
Fixed In Version:	cryptsetup-2.4.0-1.el9
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-12-07 21:35:16 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description guazhang@redhat.com 2021-06-21 09:11:28 UTC

Description of problem:
veritysetup dump failed with --no-superblock if format with --no-superblock, 
but from veritysetup man page the option should be supported, so please have a look if something was wrong.

Version-Release number of selected component (if applicable):
veritysetup-2.3.6-1.el9.x86_64
5.13.0-0.rc4.33.el9.x86_64
RHEL-9.0.0-20210617.1

How reproducible:
100%


Actual results:


Expected results:


Additional info:



man veritysetup

...
       dump <hash_device>

              Reports parameters of verity device from on-disk stored superblock.

              <options> can be [--no-superblock]

...



# veritysetup format --no-superblock --debug /dev/mapper/vg01-lv01 /dev/md/Rqm 
# cryptsetup 2.3.6 processing "veritysetup format --no-superblock --debug /dev/mapper/vg01-lv01 /dev/md/Rqm"
# Running command format.
# Allocating context for crypt device /dev/md/Rqm.
# Trying to open and read device /dev/md/Rqm with direct-io.
# Initialising device-mapper backend library.
# Formatting device /dev/md/Rqm as type VERITY.
# Crypto backend (OpenSSL 1.1.1j  FIPS 16 Feb 2021) initialized in cryptsetup library version 2.3.6.
# Detected kernel Linux 5.13.0-0.rc4.33.el9.x86_64 x86_64.
# Setting ciphertext data device to /dev/mapper/vg01-lv01.
# Trying to open and read device /dev/mapper/vg01-lv01 with direct-io.
# Hash creation sha256, data device /dev/mapper/vg01-lv01, data blocks 2621440, hash_device /dev/md/Rqm, offset 0.
# Data device size required: 10737418240 bytes.
# Hash device size required: 84553728 bytes.
# Using 4 hash levels.
VERITY header information for /dev/md/Rqm
UUID:            	
Hash type:       	1
Data blocks:     	2621440
Data block size: 	4096
Hash block size: 	4096
Hash algorithm:  	sha256
Salt:            	34474230c78ba907eb5cd54d3d3af90a5a76d3aa4deca7b945634e804bed1ebd
Root hash:      	8234b62b8ab981bb1bea8f9f41919285b03d9d87f3b3f19b06a1a982c588564e
# Releasing crypt device /dev/md/Rqm context.
# Releasing device-mapper backend.
Command successful.


# veritysetup dump --no-superblock --debug  /dev/md/Rqm 
# cryptsetup 2.3.6 processing "veritysetup dump --no-superblock --debug /dev/md/Rqm"
# Running command dump.
# Allocating context for crypt device /dev/md/Rqm.
# Trying to open and read device /dev/md/Rqm with direct-io.
# Initialising device-mapper backend library.
# Trying to load VERITY crypt type from device /dev/md/Rqm.
# Crypto backend (OpenSSL 1.1.1j  FIPS 16 Feb 2021) initialized in cryptsetup library version 2.3.6.
# Detected kernel Linux 5.13.0-0.rc4.33.el9.x86_64 x86_64.
# Reading VERITY header of size 512 on device /dev/md/Rqm, offset 0.
Device /dev/md/Rqm is not a valid VERITY device.
# Releasing crypt device /dev/md/Rqm context.
# Releasing device-mapper backend.
# Closing read only fd for /dev/md/Rqm.
Command failed with code -1 (wrong or missing parameters).

Comment 1 Ondrej Kozina 2021-06-21 12:44:03 UTC

This seems to be a man page bug. The option is completely ignored in code involved in veritysetup dump. Moreover the --no-superblock flag is explicitly forbidden crypt_load() for verity devices and crypt_load is necessary to perform veritysetup dump action.

Comment 2 Milan Broz 2021-06-21 12:55:42 UTC

Yes, it is a typo, there should be --hash-offset instead, if the hash area is on the same device after data and includes superblock (test it please... :), fixed upstream
https://gitlab.com/cryptsetup/cryptsetup/-/commit/e884fe93bdbd44d295b9f8f3f7fed15a4809e20d

Comment 3 guazhang@redhat.com 2021-08-19 12:09:20 UTC

Hi

cryptsetup-2.4.0-1.el9

from the man page, the error has fixed.  
       dump <hash_device>

              Reports parameters of verity device from on-disk stored superblock.

              <options> can be [--hash-offset]




# veritysetup --data-blocks=256 --hash-offset=1052672 format /dev/sdl /dev/sdl
VERITY header information for /dev/sdl
UUID:            	8756d550-222f-4153-9372-906507fee77c
Hash type:       	1
Data blocks:     	256
Data block size: 	4096
Hash block size: 	4096
Hash algorithm:  	sha256
Salt:            	12f6c5079978146c246c738c1f912534467c01f5d6ca6b5600eeda88817a6cea
Root hash:      	252fc6d9aca39892b03b988eca5b204230d791e795b8068b5e5f3556ffdc947e
# veritysetup --data-blocks=256 --hash-offset=1052672 create test-device /dev/sdl /dev/sdl 252fc6d9aca39892b03b988eca5b204230d791e795b8068b5e5f3556ffdc947e
# veritysetup --data-blocks=256 --hash-offset=1052672 verify /dev/sdl /dev/sdl 252fc6d9aca39892b03b988eca5b204230d791e795b8068b5e5f3556ffdc947e 
# veritysetup dump /dev/sdl --hash-offset=1052672
VERITY header information for /dev/sdl
UUID:            	8756d550-222f-4153-9372-906507fee77c
Hash type:       	1
Data blocks:     	256
Data block size: 	4096
Hash block size: 	4096
Hash algorithm:  	sha256
Salt:            	12f6c5079978146c246c738c1f912534467c01f5d6ca6b5600eeda88817a6cea

Comment 6 guazhang@redhat.com 2021-08-22 10:49:59 UTC

No regression found, move to verified.

Note You need to log in before you can comment on or make changes to this bug.