Re: [systemd-devel] [systemd-commits] src/cryptsetup

Tue, 25 Nov 2014 03:09:07 -0800 

Hi,

On 24/11/2014 19:17, Zbigniew Jędrzejewski-Szmek wrote :

On Mon, Nov 24, 2014 at 07:03:27PM +0100, Quentin Lefebvre wrote:

On 24/11/2014 19:01, Zbigniew Jędrzejewski-Szmek wrote :

On Mon, Nov 24, 2014 at 06:44:25PM +0100, Quentin Lefebvre wrote:

Hi,

I tested your patch and actually it doesn't solve the bug.
For example, if "hash=sha512" is provided in /etc/crypttab, the
first >                           if (!streq(arg_hash, "plain"))
is true, and the

+                } else if (!key_file)

is not reached.

This is be design. My patch is quite different from your patch,
which I tried to make clear in the description.

If you specify hash=sha512, then you get hash=sha512.


Yes, and this is the problem.
cryptsetup ignores the hash, so that we should obtain hash=NULL for
it to work.

Systemd is not going to work around a bug in a different package.
Specifying a hash in the configuration if you don't want a hash
is an error, please just fix it there.
As I mention it in the bugreport (https://bugs.freedesktop.org/show_bug.cgi?id=52630), this is not exactly a cryptsetup bug, but rather the intended and documented way it works. Please see the "NOTES ON PASSPHRASE PROCESSING FOR PLAIN MODE" section, where it is clearly stated that hash processing is only used on *passphrases*.
So, I'm afraid commit http://cgit.freedesktop.org/systemd/systemd/commit/?id=8a52210c93 doesn't make the job it should. Actually it doesn't solve a bug that definitely seems related to systemd, and it kind of breaks the previous logic of the code.
To be clear, when a hash algorithm is provided along with a key file for plain mode encryption, systemd-cryptsetup should, IMHO, ignore the hash algorithm as cryptsetup does.
Please don't get angry at me for insisting like this. I don't want to declare a futile war against anybody. I'm just a systemd user who wants the best from the software he uses. And I'm sure you're doing your best here. 

Best regards,
Quentin
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Reply via email to