Bug 610885 - update cryptsetup-luks to 1.1.2 for pam_mount
update cryptsetup-luks to 1.1.2 for pam_mount
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: cryptsetup-luks (Show other bugs)
12
All Linux
low Severity medium
: ---
: ---
Assigned To: Milan Broz
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 608400
  Show dependency treegraph
 
Reported: 2010-07-02 12:50 EDT by Till Maas
Modified: 2013-02-28 23:09 EST (History)
11 users (show)

See Also:
Fixed In Version: cryptsetup-luks-1.1.3-1.fc12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-07-13 03:26:10 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Till Maas 2010-07-02 12:50:19 EDT
Description of problem:
pam_mount 2.4 and newer requires cryptsetup-luks 1.1.2 or newer. Are you ok with updating it in Fedora 12 and 13? I can do it myself if you don't have any objections.
Comment 1 Milan Broz 2010-07-02 13:21:34 EDT
F13 should be no problem, F12 need retain old plain crypt mode, should be just configuration switch.

(rawhide should be ready)
Comment 2 Till Maas 2010-07-02 13:55:24 EDT
(In reply to comment #1)
> F13 should be no problem, F12 need retain old plain crypt mode, should be just
> configuration switch.

Ok, I updated and built F13. I guess you mean that I need to add "--with-plain-mode cbc-plain" after %configure for F12?

Btw. does it really make sense to use aes 256 with luks instead of aes 192? Afaik the luks master key is only 168 bits long.
Comment 3 Milan Broz 2010-07-02 14:28:27 EDT
LUKS master key is so long how you configure it.

Please do not change default in distribution, should be for F13 and later:

        plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripemd160
        LUKS1: aes-cbc-essiv:sha256, Key: 256 bits, LUKS header hashing: sha1

and for F12
        plain: aes-cbc-plain, Key: 256 bits, Password hashing: ripemd160
        LUKS1: aes-cbc-essiv:sha256, Key: 128 bits, LUKS header hashing: sha1

(need to verify - I have no F12 here now, see cryptsetup --help with 1.1.x
you can simple luksFormat and luksDump to check)
Comment 4 Till Maas 2010-07-02 14:56:33 EDT
(In reply to comment #3)
> LUKS master key is so long how you configure it.
> 
> Please do not change default in distribution, should be for F13 and later:
> 
>         plain: aes-cbc-essiv:sha256, Key: 256 bits, Password hashing: ripemd160
>         LUKS1: aes-cbc-essiv:sha256, Key: 256 bits, LUKS header hashing: sha1
> 
> and for F12
>         plain: aes-cbc-plain, Key: 256 bits, Password hashing: ripemd160
>         LUKS1: aes-cbc-essiv:sha256, Key: 128 bits, LUKS header hashing: sha1
> 
> (need to verify - I have no F12 here now, see cryptsetup --help with 1.1.x
> you can simple luksFormat and luksDump to check)    

according to the manpage and luksDump from F12 you are right here. I adjusted the F12 spec to set these values. Unluckily there is a compilation error for F12:

libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../luks -DDATADIR=\"/usr/share\" -DLIBDIR=\"/lib64\" -DPREFIX=\"/usr\" -DSYSCONFDIR=\"/etc\" -DVERSION=\"1.1.2\" -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Wall -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -MT libcryptsetup_la-gcrypt.lo -MD -MP -MF .deps/libcryptsetup_la-gcrypt.Tpo -c gcrypt.c  -fPIC -DPIC -o .libs/libcryptsetup_la-gcrypt.o
libdevmapper.c: In function '_dm_simple':
libdevmapper.c:292: error: too many arguments to function 'dm_task_set_cookie'
libdevmapper.c: In function 'dm_create_device':
libdevmapper.c:437: error: 'DM_UDEV_DISABLE_SUBSYSTEM_RULES_FLAG' undeclared (first use in this function)
libdevmapper.c:437: error: (Each undeclared identifier is reported only once
libdevmapper.c:437: error: for each function it appears in.)
libdevmapper.c:437: error: 'DM_UDEV_DISABLE_DISK_RULES_FLAG' undeclared (first use in this function)
libdevmapper.c:437: error: 'DM_UDEV_DISABLE_OTHER_RULES_FLAG' undeclared (first use in this function)
libdevmapper.c:458: error: too many arguments to function 'dm_task_set_cookie'
libdevmapper.c:484: error: too many arguments to function 'dm_task_set_cookie'

Does it maybe also require a device-mapper / lvm2 update?
Comment 5 Fedora Update System 2010-07-02 15:28:17 EDT
cryptsetup-luks-1.1.2-2.fc13,libHX-3.4-1.fc13,pam_mount-2.4-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/cryptsetup-luks-1.1.2-2.fc13,libHX-3.4-1.fc13,pam_mount-2.4-1.fc13
Comment 6 Milan Broz 2010-07-02 18:08:17 EDT
(In reply to comment #4)
> libdevmapper.c:292: error: too many arguments to function 'dm_task_set_cookie'

well, I must admint that I do not like changing devmapper API/ABI this way...
Despite the fact if was evolving according to udev requirements.

Anyway, it should compile, I probably did udev detection wrong there - it should disable it completely if not supported in devmapper.
Comment 7 Peter Rajnoha 2010-07-03 04:14:15 EDT
Ouch.. yes, the addition of udev flags. My apologies for any inconvenience.

The udev synchronisation interface was introduced in libdevmapper v1.02.36 (lvm v2.02.51) and changed (dm_task_set_cookie has one more arg - the udev flags) in libdevmapper v1.02.39 (lvm v2.02.54).

But fortunately, that was the only interface change...
Comment 8 Milan Broz 2010-07-03 08:38:12 EDT
ok, I'll prepare upstream 1.1.3 with patches and compatibility wrapper for this libdevmapper version soon, stay tuned:)

(I do not want to require specific version of libdevmapper to build, it is not really needed here.)
Comment 9 Milan Broz 2010-07-03 11:30:38 EDT
Cryptsetup 1.1.3 is built for rawhide,F12 and F13.

Till, please let me know if I should fill new update or you add this builds to your pam_mount errata, thanks.

(I did only very limited testing in F12, but it seems to work properly now...)
Comment 10 Till Maas 2010-07-03 12:33:30 EDT
(In reply to comment #9)
> Cryptsetup 1.1.3 is built for rawhide,F12 and F13.
> 
> Till, please let me know if I should fill new update or you add this builds to
> your pam_mount errata, thanks.

Thank you, too. I will create/modify the updates.

> (I did only very limited testing in F12, but it seems to work properly now...)    

Ok, I'll test it, too, on F12.
Comment 11 Fedora Update System 2010-07-03 14:49:44 EDT
cryptsetup-luks-1.1.3-1.fc12,libHX-3.4-1.fc12,pam_mount-2.4-2.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/cryptsetup-luks-1.1.3-1.fc12,libHX-3.4-1.fc12,pam_mount-2.4-2.fc12
Comment 12 Fedora Update System 2010-07-06 13:12:50 EDT
cryptsetup-luks-1.1.3-1.fc12, pam_mount-2.4-2.fc12, libHX-3.4-1.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update cryptsetup-luks pam_mount libHX'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/cryptsetup-luks-1.1.3-1.fc12,libHX-3.4-1.fc12,pam_mount-2.4-2.fc12
Comment 13 Fedora Update System 2010-07-06 13:29:10 EDT
cryptsetup-luks-1.1.3-1.fc13, pam_mount-2.4-2.fc13, libHX-3.4-1.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update cryptsetup-luks pam_mount libHX'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/cryptsetup-luks-1.1.3-1.fc13,libHX-3.4-1.fc13,pam_mount-2.4-2.fc13
Comment 14 Fedora Update System 2010-07-13 03:25:48 EDT
cryptsetup-luks-1.1.3-1.fc13, pam_mount-2.4-2.fc13, libHX-3.4-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Fedora Update System 2010-08-06 16:58:37 EDT
cryptsetup-luks-1.1.3-1.fc12, pam_mount-2.4-2.fc12, libHX-3.4-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.