[Bug 73862] Re: Add optimized cipher modules to initramfs
** Branch linked: lp:ubuntu/karmic/cryptsetup -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low * Merge new debian version. Remaining changes: - cryptsetup is linked dynamically against libgcrypt and libgpg-error. This will break systems where /usr is a separate encrypted filesystem but not have other bad consequences (in particular, systems with encrypted root are still fine). The upsides include better security supportability and smaller packages. - libcryptsetup.so et al removed from the binary packages. They have no stable ABI and are not suitable for use by other packages, and were in violation of library policies etc. They're not needed since the cryptsetup executable statically contains the relevant parts of libcryptsetup. - cryptdisks.functions: remove #!/bin/bash as it isn't a script by itself; it's only sourced by other scripts. This gets rid of the lintian warning `script-not-executable' for this file. - stop usplash on user input. LP #62751 - Always output and read from the console. LP #58794. - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using bzr on launchpad. - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate libnsl linkage; - debian/initramfs/cryptroot-hook: (LP: #73862) Added patch to install aes optimized cypher module - try to load optimized cypher module in cryptsetup.functions as well, because cryptroot-hook is only executed when we really have a cryptoroot. - apply patch from pitti for allowing UUIDs in /etc/crypttab. This allowes crypted PVs! LP: #144390. - remove README.ubuntu, since it contains old and obsolete information. cryptsetup (2:1.0.5-2) unstable; urgency=low [ Jonas Meurer ] * Add libselinux1-dev and libsepol1-dev to build-depends. Detected by the build daemon from hell by Steinar H. Gunderson. Thanks to Manoj Srivastava for advice. * Fix the watchfile * Fix cryptopensc-hook to honor key=none. Thanks to Daniel Baumann (closes: #436434) * Remove outdated README.html and example usbcrypto.* scripts from documentation. Add example usbcrypto.udev script. Thanks to Volker Sauer for the update. (closes: #409775) * Document that stdin is read different with '--key-file=-' than without. Thanks to Marc Haber. (closes: #418450) * Document that --timeout is useless in conjunction with --key-file. Thanks Alexander Zangerl. (closes: #421693) * [03_check_for_root.dpatch] Check for UID == 0 before actually doing something. Thanks to Benjamin Seidenberg. (closes: #401766) * [04_fix_unused_or_unitialized_variables.dpatch] Fix some gcc warnings about unused or unitialized variables. Thanks to Ludwig Nussel for the patch. * [05_segfault_at_nonexisting_device.dpatch] Fix segfault when trying to open a non existing device. Thanks to Ludwig Nussel for the patch. (closes: #438198) * Add CFLAGS=$(CFLAGS) before ./configure invocation in debian/rules. This way CFLAGS are passed to the configure script. Thanks to Gordon Farquharson for the patch. (closes: #438450) * Add a warning about missing hash option in crypttab to initramfs cryptoroot hook. Thanks to Sebastian Leske for the patch. (closes: #438169) * Add support for openct using data objects on a smartcard as key. Thanks to Daniel Baumann [EMAIL PROTECTED] for patch and documentation. (closes: #438473) * Polish opensc_decrypt and openct_decrypt. * Add initramfs patch by maximilian attems. Bump depends on initramfs-tools to (= 0.91). (closes: #441428) * several cleanups to make lintian happy: - remove #!/bin/sh from cryptsetup.functions as it is not executable. - remove unused-override configure-generated-file-in-source config.log. - add some hyphen fixes to patches/02_manpage.dpatch * Filter out the detection of filesystem type 'minix' in checks vol_id and un_vol_id if checking for any valid filesystem. The minix fs signature seems short enough to be detected erroneously by /lib/udev/vol_id. Thanks to Fredrik Olofsson and arno for the bugreport. (closes: #411784) * Add Homepage field to debian/control. cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low * apply patch from pitti for allowing UUIDs in /etc/crypttab. This allowes crypted PVs! LP: #144390. * remove README.ubuntu, since it contains old and obsolete information. -- Reinhard Tartler [EMAIL PROTECTED] Tue, 02 Oct 2007 21:31:28 +0200 -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
I can confirm that this is not the case, as I do use such a setup in my laptop. lsmod only shows aes, but not aes-i586. Sorry, I was mistaken. It would probably pop up if I had entered it in /etc/modules, but since we cannot modify that file easily (you would need some magic to detect the architecture and module name and stuff), it would be really great if this wasn't really necessary. I think a better solution would be to create /etc/modprobe.d/cryptsetup and let it contain (on amd64): alias aes aes_x86_64 alias twofish twofish_x86_64 ... That would set the asm optimized modules as default. However we could look into this for hardy. The version that have now been included in gutsy will work fine and will give most users of encrypted disks a nice speed boost. :-) -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low [ Stephan Hermann ] * debian/initramfs/cryptroot-hook: (LP: #73862) - Added patch to install aes optimized cypher module [ Reinhard Tartler ] * re-applying old patch to new package version * try to load optimized cypher module in cryptsetup.functions as well, because cryptroot-hook is only executed when we really have a cryptoroot. -- Reinhard Tartler [EMAIL PROTECTED] Thu, 27 Sep 2007 19:38:48 +0200 ** Changed in: cryptsetup (Ubuntu) Status: Confirmed = Fix Released -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
Unsubscribing Ubuntu Sponsors for main from this bug until problems with the patch are solved. -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 73862] Re: Add optimized cipher modules to initramfs
That patch does add optimized ciphers only when in cryptroot mode. Could it be improved to load optimized ciphers even on non-cryptroot, like e.g. crypted /home? I added the patch to the bzr branch nevertheless. -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
Sorry for forgetting about this bug. Thank you Anthony porting this to a newer crypsetup. Reinhard: I only think this is needed for the root file system. If you for example only have /home on dm-crypt then it will set up after leaving initramfs. This means that all kernel modules are available and insmod will be smart enough to load the optimized one. -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
One more thing, should this bug really still be Incomplete+Undecided? -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 73862] Re: Add optimized cipher modules to initramfs
Pär Andersson [EMAIL PROTECTED] writes: One more thing, should this bug really still be Incomplete+Undecided? Well, the cryptroot part is 'pending', as the patch was imported to the bzr branch. The non-cryptroot part (e.g. only /home crypted) is still not resolved. I'm therefore setting this bug to status confirmed -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 ** Changed in: cryptsetup (Ubuntu) Status: Incomplete = Confirmed -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 73862] Re: Add optimized cipher modules to initramfs
Pär Andersson [EMAIL PROTECTED] writes: Reinhard: I only think this is needed for the root file system. If you for example only have /home on dm-crypt then it will set up after leaving initramfs. This means that all kernel modules are available and insmod will be smart enough to load the optimized one. I can confirm that this is not the case, as I do use such a setup in my laptop. lsmod only shows aes, but not aes-i586. It would probably pop up if I had entered it in /etc/modules, but since we cannot modify that file easily (you would need some magic to detect the architecture and module name and stuff), it would be really great if this wasn't really necessary. -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
You should file another bug report for the non-cryptroot stuff. This report is only for updating the initramfs to support the platform specific modules. After / is mounted the modules that are in initramfs do not matter. -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 73862] Re: Add optimized cipher modules to initramfs
Anthony DeStefano [EMAIL PROTECTED] writes: You should file another bug report for the non-cryptroot stuff. This report is only for updating the initramfs to support the platform specific modules. After / is mounted the modules that are in initramfs do not matter. Yes, I could do that. However, I was hoping the author of the patch I'm reviewing for sponsorship was able to make it more general. -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
Find attached a debdiff which adds the patch to the package. Siretart, please add this patch as well to Ubuntus BZR archive for cryptsetup, thx. ** Attachment added: debdiff to fix this bug http://launchpadlibrarian.net/9288761/cryptsetup_1.0.5-1ubuntu2.debdiff -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
Attached is the same patch as above but against cryptsetup_1.0.4+svn29-1ubuntu4 found in gutsy. ** Attachment added: initramfs.patch http://launchpadlibrarian.net/8952866/initramfs.patch -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
we now are at an even more recent version of cryptsetup, and your patch doesn't apply at all any longer :( - I'm very sorry that I missed that patch for feisty. Can you please redo the patch and attach one for the gutsy package? please also send your patch to the debian crypsetup maintainers as well. ** Changed in: cryptsetup (Ubuntu) Assignee: (unassigned) = Pär Andersson Status: Confirmed = Needs Info -- Add optimized cipher modules to initramfs https://bugs.launchpad.net/bugs/73862 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
Yes, the patch is against the cryptsetup ubuntu package and only modifies a few lines of debian/initramfs-cryptroot-hook. However the patch is for 1.0.4-8ubuntu1 and don't seem to apply cleanly to the current feisty version 1.0.4+svn26-1ubuntu1. I can make a new version tomorrow if you don't want to do it yourself. -- Add optimized cipher modules to initramfs https://launchpad.net/bugs/73862 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
** Tags added: bitesize -- Add optimized cipher modules to initramfs https://launchpad.net/bugs/73862 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
The patch looks fine to me. Martin, what do you think? Whom should we ask about this? ** Changed in: cryptsetup (Ubuntu) Status: Unconfirmed = Confirmed -- Add optimized cipher modules to initramfs https://launchpad.net/bugs/73862 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
oh, this is a patch against cryptsetup itself, I think I'll just apply it then. -- Add optimized cipher modules to initramfs https://launchpad.net/bugs/73862 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 73862] Re: Add optimized cipher modules to initramfs
patch ** Attachment added: Add optimized cipher modules to initramfs http://librarian.launchpad.net/5215026/initramfs-cryptroot-hook-patch -- Add optimized cipher modules to initramfs https://launchpad.net/bugs/73862 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs