[systemd-devel] [systemd-commits] src/cryptsetup
Quentin Lefebvre
qlefebvre_pro at yahoo.com
Tue Nov 25 03:08:29 PST 2014
Hi,
On 24/11/2014 19:17, Zbigniew Jędrzejewski-Szmek wrote :
> On Mon, Nov 24, 2014 at 07:03:27PM +0100, Quentin Lefebvre wrote:
>> On 24/11/2014 19:01, Zbigniew Jędrzejewski-Szmek wrote :
>>> On Mon, Nov 24, 2014 at 06:44:25PM +0100, Quentin Lefebvre wrote:
>>>> Hi,
>>>>
>>>> I tested your patch and actually it doesn't solve the bug.
>>>> For example, if "hash=sha512" is provided in /etc/crypttab, the
>>>> first > if (!streq(arg_hash, "plain"))
>>>> is true, and the
>>>>> + } else if (!key_file)
>>>> is not reached.
>>> This is be design. My patch is quite different from your patch,
>>> which I tried to make clear in the description.
>>>
>>> If you specify hash=sha512, then you get hash=sha512.
>>
>> Yes, and this is the problem.
>> cryptsetup ignores the hash, so that we should obtain hash=NULL for
>> it to work.
> Systemd is not going to work around a bug in a different package.
> Specifying a hash in the configuration if you don't want a hash
> is an error, please just fix it there.
As I mention it in the bugreport
(https://bugs.freedesktop.org/show_bug.cgi?id=52630), this is not
exactly a cryptsetup bug, but rather the intended and documented way it
works. Please see the "NOTES ON PASSPHRASE PROCESSING FOR PLAIN MODE"
section, where it is clearly stated that hash processing is only used on
*passphrases*.
So, I'm afraid commit
http://cgit.freedesktop.org/systemd/systemd/commit/?id=8a52210c93
doesn't make the job it should. Actually it doesn't solve a bug that
definitely seems related to systemd, and it kind of breaks the previous
logic of the code.
To be clear, when a hash algorithm is provided along with a key file for
plain mode encryption, systemd-cryptsetup should, IMHO, ignore the hash
algorithm as cryptsetup does.
Please don't get angry at me for insisting like this. I don't want to
declare a futile war against anybody. I'm just a systemd user who wants
the best from the software he uses. And I'm sure you're doing your best
here.
Best regards,
Quentin
More information about the systemd-devel
mailing list