[systemd-devel] [systemd-commits] src/cryptsetup
Quentin Lefebvre
qlefebvre_pro at yahoo.com
Mon Nov 24 10:25:18 PST 2014
Le 24/11/2014 19:17, Zbigniew Jędrzejewski-Szmek a écrit :
> On Mon, Nov 24, 2014 at 07:03:27PM +0100, Quentin Lefebvre wrote:
>> Le 24/11/2014 19:01, Zbigniew Jędrzejewski-Szmek a écrit :
>>> On Mon, Nov 24, 2014 at 06:44:25PM +0100, Quentin Lefebvre wrote:
>>>> Hi,
>>>>
>>>> I tested your patch and actually it doesn't solve the bug.
>>>> For example, if "hash=sha512" is provided in /etc/crypttab, the
>>>> first > if (!streq(arg_hash, "plain"))
>>>> is true, and the
>>>>> + } else if (!key_file)
>>>> is not reached.
>>> This is be design. My patch is quite different from your patch,
>>> which I tried to make clear in the description.
>>>
>>> If you specify hash=sha512, then you get hash=sha512.
>>
>> Yes, and this is the problem.
>> cryptsetup ignores the hash, so that we should obtain hash=NULL for
>> it to work.
> Systemd is not going to work around a bug in a different package.
> Specifying a hash in the configuration if you don't want a hash
> is an error, please just fix it there.
I understand your point.
Still you have a cryptsetup tool in systemd, so I would expect it
behaves as the "true" cryptsetup program.
The problem here is compatibility, you do something with cryptsetup and
then your system fails to boot because of a different behaviour of systemd.
But it's up to you, that may just get users and installers into trouble.
Best regards,
Quentin
PS: Actually, the good practice is to have a key file obtained from
/dev/random, with the correct key size, so I'm not sure hashing the key
file matters.
More information about the systemd-devel
mailing list