Hi, (Letting Paul and the bug report know about our little chat.)
Guilhem Moulin <guil...@debian.org> (2023-04-20): > AFAICT the issue is now fully fixed upstream: on systems without swap > the memory cost won't exceed half the amount of free memory during > PBKDF benchmarking. As a reminder: the “no swap” case happens in d-i when using guided partitioning, as the swap will only be added/activated after formatting the disk. > * Don't do anything: ship 2:2.6.1-3~deb12u1 in bookworm and leave the > DI errata in place. The downside is that the PBKDF needs roughly > half of the physical memory, so the OOM killer might trigger if the > rest of the system uses close to the other half. Moreover this not > future proof, as memory requirement increases along releases. (That > said the issue has been present since 2 releases and there is nothing > we can do about existing volumes. Concretely, that means low-memory > Bookworm rescue systems will likely OOM when trying to luksOpen an > existing LUKS2 volume in graphical mode.) I'd rather avoid that one for the reasons you mention. > * Wait for upstream to release 2.6.2 with fixes for #-1 as well as > other bugfixes and upload it, either via t-p-u during the hard freeze > or later via s-p-u. In upstream's own words “[the minor release] > will take few week because of translation loop etc.” The downside > being of course more review work for the release team, as the diff is > already rather large: > > https://gitlab.com/cryptsetup/cryptsetup/-/compare/v2.6.1...main?from_project_id=195655&straight=false Waiting is definitely not needed from my point of view. > * Backport upstream MR !498, let it mature in sid for a few > weeks then upload 2:2.6.1-4~deb12u1 via t-p-u. There are only 2 > upstream commits to cherry-pick and neither is large nor intrusive; > moreover like the commits previously cherry-picked they are no-op on > “normal” systems (only systems without swap are affected). For > convenience I attach a debdiff for 2:2.6.1-3~deb12u2 and you'll also > find binary packages for amd64 at > https://people.debian.org/~guilhem/tmp/cryptsetup_2.6.1-3~deb12u2/ > Tested: autopkgtests (incl. full upstream test suite), d-i in both > graphical and text install on VMs with 1024M RAM (now memory cost > won't exceed ~250M resp. ~300M thus leaving plenty of headroom for > the rest). Since you're happy with that approach, let's go for an upload to unstable for the time being, I'll conduct some tests shortly, and once it's indeed confirmed to work fine, go via t-p-u (because of the same fun as before with some library) so that it can be used for rc3 (if it's ready by then — we haven't really defined when it's going to happen besides “somewhen before end of April”). Cheers, -- Cyril Brulebois (k...@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
signature.asc
Description: PGP signature
