[dm-crypt] [ANNOUNCE] cryptsetup 1.6.0-rc1

Milan Broz gmazyland at gmail.com
Mon Jan 7 09:53:51 CET 2013


On 01/07/2013 07:23 AM, Yves-Alexis Perez wrote:
> On dim., 2013-01-06 at 17:24 +0100, Milan Broz wrote:
>>> Is this really the proper fix? Usually, userland needing headers
>> more
>>> recent than what's in linux-libc-dev should embed them, and
>> correctly
>>> handle at runtime if the interfaces are available.
>>
>> These are two separate problems
>> - you need to compile it on system where new header/kernel is not
>> available
>> - you need to detect that current kernel is not able to use
>> userspace crypto API interface (this includes missing module etc.)
>>
>> Both should be handled already.
>>
>>> What happens here if cryptsetup is built on a recent enough kernel
>> where
>>> the header is present, and then run on an old kernel? Will it fail
>>> gracefully?
>>
>> It should print something like
>> ...
>> Required kernel crypto interface not available.
>> Ensure you have algif_skcipher kernel module loaded.
> 
> Good. And what happens if cryptsetup is built on an old box not having
> recent enough headers (typically a buildd) but is run on a box with
> recent kernels? I guess there's no support, while, when headers are
> embedded, they would be available.

The same as above. Kernel crypto api is just new AF_ALG socket interface,
if is is not known to kernel, or the command fails, it should fail
the same way like kernel is compiled without it.

(TBH if is not clear how to properly detect it otherwise than just
try to use it... but that works).

Milan


More information about the dm-crypt mailing list