Mailing List Archive

Am Dienstag, 14. August 2007 schrieb ext Benjamin Smee:

I'm not a developer, but since I was already bitten by this, a few comments:

> >=cryptsetup-1.0.5 as -luks will be deprecated soon.

Don't do this until upgrading/replacing will be seemless.

> Those of you that use cryptsetup for mounting encrypted partitions will
> be glad to know that the new version also supports baselayout-2, mostly
> thanks to ikelos.

Shouldn't it have a hint, then. baselayout-2 is still hard masked and
replacing cryptsetup-luks with cryptsetup made my laptop simply unbootable,
because the mechanism for creating the mappuings has changed and the
dmcrypt initscript just printed a message that it will only work with
baselayout 2. But that was _way_ to late.

Please hard mask cryptsetup as long as baselayout 2 is, or fix it to work
with bl 1, too.

Bye...

Dirk
--
Dirk Heinrichs | Tel: +49 (0)162 234 3408
Configuration Manager | Fax: +49 (0)211 47068 111
Capgemini Deutschland | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68 | Web: http://www.capgemini.com
D-40468 Düsseldorf | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

Dirk Heinrichs <dirk.heinrichs.ext@nsn.com> posted
200708150801.17483.dirk.heinrichs.ext@nsn.com, excerpted below, on Wed,
15 Aug 2007 08:01:12 +0200:

> Please hard mask cryptsetup as long as baselayout 2 is, or fix it to
> work with bl 1, too.

See the "baselayout-2 stabilization plans" thread from July 21, and
http://bugs.gentoo.org/show_bug.cgi?id=187487 . Briefly, baselayout-2 is
already considered ~arch material and has already been ~arch keyworded by
a number of archs. When they've all keyworded it, it'll be unmasked to
all of them together.

So baselayout-2 hard-masking isn't likely to be an issue for much longer.

--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman

--
gentoo-dev@gentoo.org mailing list

Duncan <1i5t5.duncan@cox.net>:

> So baselayout-2 hard-masking isn't likely to be an issue for much
> longer.
As long as it bl-2 is hard masked, all packages depending on it,
should be too.

V-Li

--
http://www.gentoo.org/
http://www.faulhammer.org/
http://www.gnupg.org/

Am Mittwoch, 15. August 2007 schrieb ext Duncan:

> So baselayout-2 hard-masking isn't likely to be an issue for much longer.

Well, for me it was an issue yesterday.

Bye...

Dirk
--
Dirk Heinrichs | Tel: +49 (0)162 234 3408
Configuration Manager | Fax: +49 (0)211 47068 111
Capgemini Deutschland | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68 | Web: http://www.capgemini.com
D-40468 Düsseldorf | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dirk,
Could you please describe the problem you faced? From the detail you
gave, it sounds as though you might not have moved /etc/conf.d/cryptfs
to /etc/conf.d/dmcrypt. There's currently several ewarn lines saying
that this must be done before the package will continue to work. The
idea is that the package should work with both baselayout-1.12 and
baselayout-2, so it therefore should not need hardmasking.
Could you please provide a few more details and/or file a bug report so
that we can figure out what exactly went wrong? If it was something
other than the move from cryptfs to dmcrypt then we should investigate,
and we'll need as much information as you can provide us to help get it
solved. Thanks very much,
Mike 5:)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.5 (GNU/Linux)

iD8DBQFGwtJQu7rWomwgFXoRAmvWAKCWqguvu98OVrV/CSUSU3Uz26jd5ACfZfNe
UKrhItE7ETb7XVW3UWlwNIk=
=7gz/
-----END PGP SIGNATURE-----
--
gentoo-dev@gentoo.org mailing list

On 11:15 Wed 15 Aug , Mike Auty wrote:
> Could you please describe the problem you faced? From the detail you
> gave, it sounds as though you might not have moved /etc/conf.d/cryptfs
> to /etc/conf.d/dmcrypt. There's currently several ewarn lines saying
> that this must be done before the package will continue to work. The
> idea is that the package should work with both baselayout-1.12 and
> baselayout-2, so it therefore should not need hardmasking.

Is there some reason you can't do this automatically in the ebuild? It ought
not to hurt bl-1 compat to have two copies of the file.

Thanks,
Donnie
--
gentoo-dev@gentoo.org mailing list

Am Mittwoch, 15. August 2007 schrieb ext Mike Auty:
> Dirk,
> Could you please describe the problem you faced? From the detail you
> gave, it sounds as though you might not have moved /etc/conf.d/cryptfs
> to /etc/conf.d/dmcrypt.

Yes, did it. And added dmcrypt to the boot runlevel.

> There's currently several ewarn lines saying
> that this must be done before the package will continue to work. The
> idea is that the package should work with both baselayout-1.12 and
> baselayout-2, so it therefore should not need hardmasking.

But it doesn't. While booting, the dmcrypt init script says it works on bl 2
only, mappings are not created. Why is this change needed anyway, the
current mechanism works fine.

> Could you please provide a few more details and/or file a bug report so
> that we can figure out what exactly went wrong? If it was something
> other than the move from cryptfs to dmcrypt then we should investigate,
> and we'll need as much information as you can provide us to help get it
> solved.

The cryptsetup ebuild doesn't provide

/lib/rcscripts/addons/dm-crypt-start.sh
/lib/rcscripts/addons/dm-crypt-stop.sh

which would IMHO make it compatible with bl-1.

HTH...

Dirk
--
Dirk Heinrichs | Tel: +49 (0)162 234 3408
Configuration Manager | Fax: +49 (0)211 47068 111
Capgemini Deutschland | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68 | Web: http://www.capgemini.com
D-40468 Düsseldorf | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net

heya,

On Wednesday 15 August 2007 07:01:12 Dirk Heinrichs wrote:
> Am Dienstag, 14. August 2007 schrieb ext Benjamin Smee:
> I'm not a developer, but since I was already bitten by this, a few comments:
> > >=cryptsetup-1.0.5 as -luks will be deprecated soon.
>
> Don't do this until upgrading/replacing will be seemless.

wasn't planning on, just giving everyone notice that it is coming...

> Shouldn't it have a hint, then. baselayout-2 is still hard masked and
> replacing cryptsetup-luks with cryptsetup made my laptop simply unbootable,
> because the mechanism for creating the mappuings has changed and the
> dmcrypt initscript just printed a message that it will only work with
> baselayout 2. But that was _way_ to late.

it works with baselayout-1.

> Please hard mask cryptsetup as long as baselayout 2 is, or fix it to work
> with bl 1, too.

I'm not hardmasking it as it works with both on my testbeds. So please file a
bug.

--
Benjamin Smee (strerror)
net-mail/netmon/forensics/crypto
Fingerprint: 497F 5E98 1FA0 C313 EA0B 08C7 004A 66ED 448B E78C
--
gentoo-dev@gentoo.org mailing list

On Wednesday 15 August 2007 11:56:55 Donnie Berkholz wrote:
> On 11:15 Wed 15 Aug , Mike Auty wrote:
> > Could you please describe the problem you faced? From the detail you
> > gave, it sounds as though you might not have moved /etc/conf.d/cryptfs
> > to /etc/conf.d/dmcrypt. There's currently several ewarn lines saying
> > that this must be done before the package will continue to work. The
> > idea is that the package should work with both baselayout-1.12 and
> > baselayout-2, so it therefore should not need hardmasking.
>
> Is there some reason you can't do this automatically in the ebuild? It
> ought not to hurt bl-1 compat to have two copies of the file.

fair point. I was thinking more about baselayout-2 migration when I wrote it.
I'll have a look at it later and see what's the most sensible way of doing
it.

thanks,

--
Benjamin Smee (strerror)
net-mail/netmon/forensics/crypto
Fingerprint: 497F 5E98 1FA0 C313 EA0B 08C7 004A 66ED 448B E78C
--
gentoo-dev@gentoo.org mailing list

heya,

On Wednesday 15 August 2007 12:26:32 Dirk Heinrichs wrote:
> Yes, did it. And added dmcrypt to the boot runlevel.

don't unless you're running baselayout-2

> But it doesn't. While booting, the dmcrypt init script says it works on bl
> 2 only, mappings are not created. Why is this change needed anyway, the
> current mechanism works fine.

It does work, or rather it works for everyone else that's tested it and on my
4 testbeds with setups from a password through to a usbdrive with keys gpg
encrypted on it.

> The cryptsetup ebuild doesn't provide
>
> /lib/rcscripts/addons/dm-crypt-start.sh
> /lib/rcscripts/addons/dm-crypt-stop.sh

look at lines 80-83.

I'm not sure what you've done but it sounds like you have a few things
confused. File a bug and I'll be happy to help.

regards,

--
Benjamin Smee (strerror)
net-mail/netmon/forensics/crypto
Fingerprint: 497F 5E98 1FA0 C313 EA0B 08C7 004A 66ED 448B E78C
--
gentoo-dev@gentoo.org mailing list

Mike Auty <ikelos@gentoo.org> writes:

> Could you please describe the problem you faced? From the detail you
> gave, it sounds as though you might not have moved /etc/conf.d/cryptfs
> to /etc/conf.d/dmcrypt.

I had a problem. I moved /etc/conf.d/cryptfs to /etc/conf.d/dmcrypt, but
none of the encrypted mounts happened on re-boot. I found that running
'cryptsetup luksOpen /dev/hhh mountname' segfaulted (but cryptsetup
--help displayed help). But when I ran it using gdb (and using set args
to set the identical command line) it worked correctly. I will be
investigating more later, but for now I have re-emerged cryptsetup-luks
1.0.4-r3 and all works well again.
--
gentoo-dev@gentoo.org mailing list

Graham Murray wrote:
> Mike Auty <ikelos@gentoo.org> writes:
>
>
>> Could you please describe the problem you faced? From the detail you
>> gave, it sounds as though you might not have moved /etc/conf.d/cryptfs
>> to /etc/conf.d/dmcrypt.
>>
>
> I had a problem. I moved /etc/conf.d/cryptfs to /etc/conf.d/dmcrypt, but
> none of the encrypted mounts happened on re-boot. I found that running
> 'cryptsetup luksOpen /dev/hhh mountname' segfaulted (but cryptsetup
> --help displayed help). But when I ran it using gdb (and using set args
> to set the identical command line) it worked correctly. I will be
> investigating more later, but for now I have re-emerged cryptsetup-luks
> 1.0.4-r3 and all works well again.
>
Could be related to bug #163803.

http://bugs.gentoo.org/show_bug.cgi?id=163803
--
gentoo-dev@gentoo.org mailing list

Am Mittwoch, 15. August 2007 schrieb ext Benjamin Smee:

> it works with baselayout-1.

I rechecked again yesterday evening, to make sure I didn't overlook
something. No, it doesn't, at least for me.

> So please file a bug.

Done. http://bugs.gentoo.org/show_bug.cgi?id=189073

Bye...

Dirk
--
Dirk Heinrichs | Tel: +49 (0)162 234 3408
Configuration Manager | Fax: +49 (0)211 47068 111
Capgemini Deutschland | Mail: dirk.heinrichs@capgemini.com
Wanheimerstraße 68 | Web: http://www.capgemini.com
D-40468 Düsseldorf | ICQ#: 110037733
GPG Public Key C2E467BB | Keyserver: www.keyserver.net