control: severity -1 important thanks On Mon, Oct 14, 2024 at 10:00:25PM +0800, ChangZhuo Chen (陳昌倬) wrote: > On Mon, Oct 14, 2024 at 11:31:22AM +0000, Holger Levsen wrote: > > One question, which will be obvious to you, but it's not 100% clear to me: > > do you > > use a smart card here? :) > Yes, I use YubiKey 5 Nano in this case.
ok, thanks!
> I think it shall be some way to info user about the problem in the
> combination of cryptsetup + gpg-from-sq since The problem happens only
> when all the following conditions meet:
>
> * Use cryptsetup to encrypt disk with LUK
plus, a pgp key on a smartcard is used. (i'm picky about this, as this
doesnt seem to affect just cryptsetup and gpg-from-sq installed, which
is something eg I use currently :)
> * Use gpg-from-sq to replace gpg
> * Install new kernel and run update-initramfs during the installation
> process. The gpg from Sequoia will be used to create initramfs, and
> decrypt_gnupg-sc does not support gpg from Sequoia.
>
> User cannot find the problem immediately, and when the problem happen,
> they cannot decrypt disk and boot. They need to use previous kernel,
> which might be removed already.
this is still pretty bad. :/ raising severity accordingly.
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
Imagine god created trillions of galaxies but freaks out because some dude
kisses another.
signature.asc
Description: PGP signature
