[Touch-packages] [Bug 2054620] Re: libdm returns wrong error code when dm-verity key cannot be found
This bug was fixed in the package lvm2 - 2.03.16-3ubuntu2 --- lvm2 (2.03.16-3ubuntu2) noble; urgency=medium [ Luca Boccassi ] * Cherry-pick upstream change for libdm returning wrong error code when dm-verity key cannot be found (LP: #2054620) -- Gianfranco Costamagna Wed, 06 Mar 2024 19:53:11 +0100 ** Changed in: lvm2 (Ubuntu Noble) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/2054620 Title: libdm returns wrong error code when dm-verity key cannot be found Status in lvm2 package in Ubuntu: Fix Released Status in lvm2 source package in Noble: Fix Released Bug description: When libcryptsetup tries to activate a signed dm-verity volume, and the key is not in the kernel keyring, libdevicemapper does not return the appropriate ENOKEY, so the failure cannot be distinguished from other generic issues. This is a problem when software like systemd via libcryptsetup try to open a volume, and get an unrecognizable error out of it. With the fix in libdm and libcryptsetup, there is a clear ENOKEY returned when a key is missing and activation fails for that reason. This allows systemd (and other applications) to make the right decision depending on the failure case. Without this, the same generic error is returned in any case. For more details, see: https://gitlab.com/cryptsetup/cryptsetup/-/issues/841 libcryptsetup 2.7.0, now available in debian stable, and systemd v255, shipped in Noble, make use of this error code. This is fixed in the lvm2 version 2.03.23 upstream release. Please consider backporting this patch for Noble. Upstream PR: https://gitlab.com/lvmteam/lvm2/-/merge_requests/3 Upstream commit: 25ef7a7b1a876f491bd361369423d7309358f6c1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2054620/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054620] Re: libdm returns wrong error code when dm-verity key cannot be found
dput ubuntu ../lvm2_2.03.16-3ubuntu2_source.changes
Uploading lvm2 using ftp to ubuntu (host: upload.ubuntu.com; directory: /ubuntu)
running supported-distribution: check whether the target distribution is
currently supported (using distro-info)
{'allowed': ['release', 'proposed', 'backports', 'security'], 'known':
['release', 'proposed', 'updates', 'backports', 'security']}
running required-fields: check whether a field is present and non-empty in the
changes file
running checksum: verify checksums before uploading
running suite-mismatch: check the target distribution for common errors
running check-debs: makes sure the upload contains a binary package
running gpg: check GnuPG signatures before the upload
Uploading lvm2_2.03.16-3ubuntu2.dsc
Uploading lvm2_2.03.16-3ubuntu2.debian.tar.xz
Uploading lvm2_2.03.16-3ubuntu2_source.buildinfo
Uploading lvm2_2.03.16-3ubuntu2_source.changes
unsubscribing sponsors!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lvm2 in Ubuntu.
https://bugs.launchpad.net/bugs/2054620
Title:
libdm returns wrong error code when dm-verity key cannot be found
Status in lvm2 package in Ubuntu:
Confirmed
Status in lvm2 source package in Noble:
Confirmed
Bug description:
When libcryptsetup tries to activate a signed dm-verity volume, and
the key is not in the kernel keyring, libdevicemapper does not return
the appropriate ENOKEY, so the failure cannot be distinguished from
other generic issues.
This is a problem when software like systemd via libcryptsetup try to
open a volume, and get an unrecognizable error out of it. With the fix
in libdm and libcryptsetup, there is a clear ENOKEY returned when a
key is missing and activation fails for that reason. This allows
systemd (and other applications) to make the right decision depending
on the failure case. Without this, the same generic error is returned
in any case.
For more details, see:
https://gitlab.com/cryptsetup/cryptsetup/-/issues/841
libcryptsetup 2.7.0, now available in debian stable, and systemd v255,
shipped in Noble, make use of this error code.
This is fixed in the lvm2 version 2.03.23 upstream release.
Please consider backporting this patch for Noble.
Upstream PR: https://gitlab.com/lvmteam/lvm2/-/merge_requests/3
Upstream commit: 25ef7a7b1a876f491bd361369423d7309358f6c1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2054620/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054620] Re: libdm returns wrong error code when dm-verity key cannot be found
The previous lvm2 upload has now migrated from proposed to noble. cryptsetup 2.7.0 is also now available in noble, which also can make use of this bug fix. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/2054620 Title: libdm returns wrong error code when dm-verity key cannot be found Status in lvm2 package in Ubuntu: Confirmed Status in lvm2 source package in Noble: Confirmed Bug description: When libcryptsetup tries to activate a signed dm-verity volume, and the key is not in the kernel keyring, libdevicemapper does not return the appropriate ENOKEY, so the failure cannot be distinguished from other generic issues. This is a problem when software like systemd via libcryptsetup try to open a volume, and get an unrecognizable error out of it. With the fix in libdm and libcryptsetup, there is a clear ENOKEY returned when a key is missing and activation fails for that reason. This allows systemd (and other applications) to make the right decision depending on the failure case. Without this, the same generic error is returned in any case. For more details, see: https://gitlab.com/cryptsetup/cryptsetup/-/issues/841 libcryptsetup 2.7.0, now available in debian stable, and systemd v255, shipped in Noble, make use of this error code. This is fixed in the lvm2 version 2.03.23 upstream release. Please consider backporting this patch for Noble. Upstream PR: https://gitlab.com/lvmteam/lvm2/-/merge_requests/3 Upstream commit: 25ef7a7b1a876f491bd361369423d7309358f6c1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2054620/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054620] Re: libdm returns wrong error code when dm-verity key cannot be found
With the updated context, I think the proposal looks reasonable and would be comfortable sponsoring the upload. I suggest first waiting for the lvm2 merge to migrate, just to rule out issues on that front. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/2054620 Title: libdm returns wrong error code when dm-verity key cannot be found Status in lvm2 package in Ubuntu: Confirmed Status in lvm2 source package in Noble: Confirmed Bug description: When libcryptsetup tries to activate a signed dm-verity volume, and the key is not in the kernel keyring, libdevicemapper does not return the appropriate ENOKEY, so the failure cannot be distinguished from other generic issues. This is a problem when software like systemd via libcryptsetup try to open a volume, and get an unrecognizable error out of it. With the fix in libdm and libcryptsetup, there is a clear ENOKEY returned when a key is missing and activation fails for that reason. This allows systemd (and other applications) to make the right decision depending on the failure case. Without this, the same generic error is returned in any case. For more details, see: https://gitlab.com/cryptsetup/cryptsetup/-/issues/841 libcryptsetup 2.7.0, now available in debian stable, and systemd v255, shipped in Noble, make use of this error code. This is fixed in the lvm2 version 2.03.23 upstream release. Please consider backporting this patch for Noble. Upstream PR: https://gitlab.com/lvmteam/lvm2/-/merge_requests/3 Upstream commit: 25ef7a7b1a876f491bd361369423d7309358f6c1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2054620/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054620] Re: libdm returns wrong error code when dm-verity key cannot be found
** Merge proposal linked: https://code.launchpad.net/~bluca/ubuntu/+source/lvm2/+git/lvm2/+merge/461372 ** Merge proposal unlinked: https://code.launchpad.net/~bluca/ubuntu/+source/lvm2/+git/lvm2/+merge/460984 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/2054620 Title: libdm returns wrong error code when dm-verity key cannot be found Status in lvm2 package in Ubuntu: Confirmed Status in lvm2 source package in Noble: Confirmed Bug description: When libcryptsetup tries to activate a signed dm-verity volume, and the key is not in the kernel keyring, libdevicemapper does not return the appropriate ENOKEY, so the failure cannot be distinguished from other generic issues. This is a problem when software like systemd via libcryptsetup try to open a volume, and get an unrecognizable error out of it. With the fix in libdm and libcryptsetup, there is a clear ENOKEY returned when a key is missing and activation fails for that reason. This allows systemd (and other applications) to make the right decision depending on the failure case. Without this, the same generic error is returned in any case. For more details, see: https://gitlab.com/cryptsetup/cryptsetup/-/issues/841 libcryptsetup 2.7.0, now available in debian stable, and systemd v255, shipped in Noble, make use of this error code. This is fixed in the lvm2 version 2.03.23 upstream release. Please consider backporting this patch for Noble. Upstream PR: https://gitlab.com/lvmteam/lvm2/-/merge_requests/3 Upstream commit: 25ef7a7b1a876f491bd361369423d7309358f6c1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2054620/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054620] Re: libdm returns wrong error code when dm-verity key cannot be found
** Description changed: When libcryptsetup tries to activate a signed dm-verity volume, and the key is not in the kernel keyring, libdevicemapper does not return the appropriate ENOKEY, so the failure cannot be distinguished from other generic issues. + + This is a problem when software like systemd via libcryptsetup try to + open a volume, and get an unrecognizable error out of it. With the fix + in libdm and libcryptsetup, there is a clear ENOKEY returned when a key + is missing and activation fails for that reason. This allows systemd + (and other applications) to make the right decision depending on the + failure case. Without this, the same generic error is returned in any + case. + + For more details, see: + + https://gitlab.com/cryptsetup/cryptsetup/-/issues/841 + + libcryptsetup 2.7.0, now available in debian stable, and systemd v255, + shipped in Noble, make use of this error code. This is fixed in the lvm2 version 2.03.23 upstream release. Please consider backporting this patch for Noble. Upstream PR: https://gitlab.com/lvmteam/lvm2/-/merge_requests/3 Upstream commit: 25ef7a7b1a876f491bd361369423d7309358f6c1 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/2054620 Title: libdm returns wrong error code when dm-verity key cannot be found Status in lvm2 package in Ubuntu: Confirmed Status in lvm2 source package in Noble: Confirmed Bug description: When libcryptsetup tries to activate a signed dm-verity volume, and the key is not in the kernel keyring, libdevicemapper does not return the appropriate ENOKEY, so the failure cannot be distinguished from other generic issues. This is a problem when software like systemd via libcryptsetup try to open a volume, and get an unrecognizable error out of it. With the fix in libdm and libcryptsetup, there is a clear ENOKEY returned when a key is missing and activation fails for that reason. This allows systemd (and other applications) to make the right decision depending on the failure case. Without this, the same generic error is returned in any case. For more details, see: https://gitlab.com/cryptsetup/cryptsetup/-/issues/841 libcryptsetup 2.7.0, now available in debian stable, and systemd v255, shipped in Noble, make use of this error code. This is fixed in the lvm2 version 2.03.23 upstream release. Please consider backporting this patch for Noble. Upstream PR: https://gitlab.com/lvmteam/lvm2/-/merge_requests/3 Upstream commit: 25ef7a7b1a876f491bd361369423d7309358f6c1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2054620/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054620] Re: libdm returns wrong error code when dm-verity key cannot be found
I just sponsored lvm2 2.03.16-3ubuntu1 which should fix the FTBFS. On including libdm-propagate-ioctl-errors-back-to-caller.patch: I am not sure this bug is important enough to grant that. The patch may apply cleanly to 2.03.16, but still it comes from 2.03.23, which is not a trivial change in the upstream codebase. I can see that better error messages on ENOKEY will result in an overall better UX, however most commits in an upstream devel repo will somehow improve something, still we try to rely on releases as cut by upstream when possible, for the many reasons I certainly don't have to tell you about. :-) However: I may have missed the point here, and maybe the current UX is both (1) terrible, or at least quite bad (2) affecting many users, and not only users with an niche disk encryption configuration. If you think this is the case, can you please update the bug and elaborate a bit more on it? Thanks! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/2054620 Title: libdm returns wrong error code when dm-verity key cannot be found Status in lvm2 package in Ubuntu: Confirmed Status in lvm2 source package in Noble: Confirmed Bug description: When libcryptsetup tries to activate a signed dm-verity volume, and the key is not in the kernel keyring, libdevicemapper does not return the appropriate ENOKEY, so the failure cannot be distinguished from other generic issues. This is fixed in the lvm2 version 2.03.23 upstream release. Please consider backporting this patch for Noble. Upstream PR: https://gitlab.com/lvmteam/lvm2/-/merge_requests/3 Upstream commit: 25ef7a7b1a876f491bd361369423d7309358f6c1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2054620/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054620] Re: libdm returns wrong error code when dm-verity key cannot be found
Note that currently in noble lvm2 fails to build due to https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2054683 which is unrelated to the MR linked here -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/2054620 Title: libdm returns wrong error code when dm-verity key cannot be found Status in lvm2 package in Ubuntu: Confirmed Status in lvm2 source package in Noble: Confirmed Bug description: When libcryptsetup tries to activate a signed dm-verity volume, and the key is not in the kernel keyring, libdevicemapper does not return the appropriate ENOKEY, so the failure cannot be distinguished from other generic issues. This is fixed in the lvm2 version 2.03.23 upstream release. Please consider backporting this patch for Noble. Upstream PR: https://gitlab.com/lvmteam/lvm2/-/merge_requests/3 Upstream commit: 25ef7a7b1a876f491bd361369423d7309358f6c1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2054620/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054620] Re: libdm returns wrong error code when dm-verity key cannot be found
** Changed in: lvm2 (Ubuntu Noble) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/2054620 Title: libdm returns wrong error code when dm-verity key cannot be found Status in lvm2 package in Ubuntu: Confirmed Status in lvm2 source package in Noble: Confirmed Bug description: When libcryptsetup tries to activate a signed dm-verity volume, and the key is not in the kernel keyring, libdevicemapper does not return the appropriate ENOKEY, so the failure cannot be distinguished from other generic issues. This is fixed in the lvm2 version 2.03.23 upstream release. Please consider backporting this patch for Noble. Upstream PR: https://gitlab.com/lvmteam/lvm2/-/merge_requests/3 Upstream commit: 25ef7a7b1a876f491bd361369423d7309358f6c1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2054620/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 2054620] Re: libdm returns wrong error code when dm-verity key cannot be found
Merge request opened at https://code.launchpad.net/~bluca/ubuntu/+source/lvm2/+git/lvm2/+merge/460984 ** Tags added: patch patch-accepted-upstream ** Merge proposal linked: https://code.launchpad.net/~bluca/ubuntu/+source/lvm2/+git/lvm2/+merge/460984 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to lvm2 in Ubuntu. https://bugs.launchpad.net/bugs/2054620 Title: libdm returns wrong error code when dm-verity key cannot be found Status in lvm2 package in Ubuntu: New Status in lvm2 source package in Noble: New Bug description: When libcryptsetup tries to activate a signed dm-verity volume, and the key is not in the kernel keyring, libdevicemapper does not return the appropriate ENOKEY, so the failure cannot be distinguished from other generic issues. This is fixed in the lvm2 version 2.03.23 upstream release. Please consider backporting this patch for Noble. Upstream PR: https://gitlab.com/lvmteam/lvm2/-/merge_requests/3 Upstream commit: 25ef7a7b1a876f491bd361369423d7309358f6c1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2054620/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
