[dm-crypt] [ANNOUNCE] cryptsetup 1.6.0-rc1

Milan Broz gmazyland at gmail.com
Sun Jan 6 17:24:47 CET 2013


On 01/06/2013 01:16 PM, Yves-Alexis Perez wrote:
> On dim., 2012-12-30 at 12:40 +0100, Milan Broz wrote:

>> The switch --disable-kernel_crypto completely removes support,
>> so you can compile it with old kernel or without kernel headers.
>> (But no cipher benchmark and no tcrypt will be available.)
> 
> Is this really the proper fix? Usually, userland needing headers more
> recent than what's in linux-libc-dev should embed them, and correctly
> handle at runtime if the interfaces are available.

These are two separate problems
- you need to compile it on system where new header/kernel is not available
- you need to detect that current kernel is not able to use
userspace crypto API interface (this includes missing module etc.)

Both should be handled already.

> What happens here if cryptsetup is built on a recent enough kernel where
> the header is present, and then run on an old kernel? Will it fail
> gracefully?

It should print something like
...
Required kernel crypto interface not available.
Ensure you have algif_skcipher kernel module loaded.

Anyway, I would welcome people test this and report any problems here.
So if you have such system, please try it :)

Milan


More information about the dm-crypt mailing list