On Fri, 21 Apr 2023 at 12:25:29 +0200, Guilhem Moulin wrote:
> Bookworm (debian-bookworm-DI-rc1-amd64-netinst.iso + cryptsetup
> 2:2.6.1-4~deb12u1,
> graphical install), 1024M RAM:
>
> root@debian:~# cryptsetup luksDump /dev/vda5 | grep -A3 PBKDF
> PB
On Fri, 21 Apr 2023 at 13:02:24 +0200, Cyril Brulebois wrote:
> Summing up some out-of-band brainstorming about what “a bit crippled”
> means, it might just be libargon2-1-udeb's being built without pthread
> support:
>
> https://salsa.debian.org/debian/argon2/-/commit/31225912349933993e49f5007e976
Hi,
On Thu, 20 Apr 2023 at 20:02:27 +0200, Cyril Brulebois wrote:
>> * Backport upstream MR !498, let it mature in sid for a few
>> weeks then upload 2:2.6.1-4~deb12u1 via t-p-u. There are only 2
>> upstream commits to cherry-pick and neither is large nor intrusive;
>> moreover like the commits p
Hi kibi,
On Sat, 01 Apr 2023 at 01:34:54 +0200, Guilhem Moulin wrote:
> Ah right, reopened the upstream issue but forgot to follow-up here :-(
> https://gitlab.com/cryptsetup/cryptsetup/-/issues/802#note_1328592911
AFAICT the issue is now fully fixed upstream: on systems without swap
the
Hi kibi,
On Sat, 01 Apr 2023 at 00:36:35 +0200, Cyril Brulebois wrote:
> Cyril Brulebois (2023-03-26):
>> I'm happy to have the patches included, and I can definitely live with
>> possible temporary regressions (should that happen) that might arise
>> from having them.
>
> Pre-upload testing show
Hi kibi,
In https://bugs.debian.org/1032235#107 elbrus (CC'ed) asked for a t-p-u
upload of cryptsetup to fix a potential major regression should
bookworm's src:argon2 ever be rebuilt with the bookworm toolchain. The
version currently in sid, 2:2.6.1-3, also includes 2 upstream patches to
mitigate
X-Debbugs-Cc: pkg-cryptsetup-de...@alioth-lists.debian.net
Hi kibi!
On Thu, 16 Feb 2023 at 20:14:20 +0100, Cyril Brulebois wrote:
> Cyril Brulebois (2023-01-09):
>> Cyril Brulebois (2023-01-08):
>>> I'm seeing at least two problems with cryptsetup while testing daily
>>> builds:
>>> - with 6.1.
pt-install cryptsetup-initramfs` if any volume needs to be unlocked at
| initramfs stage, i.e., holding /, /usr, and/or the resume device(s).
Cheers,
--
Guilhem.
From b72b0934eb4c729d5fef462bb832aec6665513c8 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin
Date: Fri, 26 Jul 2019 23:24:33 +0200
Subjec
Control: severity -1 normal
On Sat, 08 Jun 2019 at 22:05:42 +0200, Guilhem Moulin wrote:
> Our (cryptsetup maintaining team) plan is to rename ‘cryptsetup-run’ to
> ‘cryptsetup’ once Buster is released, hence this bug should be RC at
> this point: with `apt-install cryptsetup` the
On Mon, 01 Jul 2019 at 04:45:47 +0200, Guilhem Moulin wrote:
> Sure, I even planned to do that when I heard about your post-mini-DebConf
> “hiccup” ;-) I remained on the road for another 3 weeks and unfortunately
> didn't find time since the mini Debconf. Thanks for the poke, I&#x
Hi there,
On Mon, 01 Jul 2019 at 04:21:46 +0200, Cyril Brulebois wrote:
> Roger Shimizu (2019-06-30):
>> Thank for the above doc, which is quite easy understanding and
>> straightforward!
>> […]
>> I confirmed with /boot set up in LUKS1, everything works fine.
>> It‘d configure non encrypted /bo
Hi there,
On Mon, 01 Jul 2019 at 02:54:30 +0200, Cyril Brulebois wrote:
>> [1] https://manpages.debian.org/testing/cryptsetup-bin/cryptsetup.8.en.html
>>
>> ,
>> | LUKS2 is a new version of header format that allows additional extensions
>> like
>> | different PBKDF algorithm or authenticate
Hi there,
On Mon, 15 Apr 2019 at 23:24:19 +0200, Cyril Brulebois wrote:
>>> One could argue that cryptodisk support has never been supported by
>>> d-i anyway,
>>
>> Yup, and I suppose that's why I overlooked this in my mail to
>> debian-boot :-P Jonathan Carter had a similar report last week
>>
Also if #930228 is fixed before #930229 (if ‘partman-crypto’ installs
‘cryptsetup-initramfs’ iff. there are devices to be unlocked early in
the boot process), then #930229's Severity should raise to ≥important.
Otherwise if the resume devices(s) and the device(s) holding / and /usr
are not encrypt
Package: finish-install
Version: 2.100
Severity: wishlist
Tags: patch
Hi there,
Since 2:2.0.3-1 the ‘cryptsetup’ package is a transitional dummy package
for ‘cryptsetup-run’ (various scripts and helpers/wrappers) and
‘cryptsetup-initramfs’ (initramfs integration, depending on the former).
h
Package: partman-crypto
Version: 103
Severity: wishlist
Hi there,
Since 2:2.0.3-1 the ‘cryptsetup’ package is a transitional dummy package
for ‘cryptsetup-run’ (various scripts and helpers/wrappers) and
‘cryptsetup-initramfs’ (initramfs integration, depending on the former).
https://tracker
Hi kibi,
On Mon, 15 Apr 2019 at 23:24:19 +0200, Cyril Brulebois wrote:
> I'm also immensely grateful for all the security-related work Matthew
> Garrett puts everywhere he goes, but I'm not sure that MR qualifies as
> “requested by d-i [0]” as you mentioned in [2].
Just to state that publicly: no
On Mon, 15 Apr 2019 at 23:24:19 +0200, Cyril Brulebois wrote:
> Guilhem Moulin (2019-04-15):
>> On Mon, 15 Apr 2019 at 21:40:35 +0200, Cyril Brulebois wrote:
>>> There are also some other highlights in this changelog entry, regarding
>>> key sizes, and some update
Hi,
On Mon, 15 Apr 2019 at 22:46:16 +0200, Cyril Brulebois wrote:
> And sorry for the lag. While I understand why one might want to use
> LUKS2, this switch seems to be happening very late in the release cycle…
The discussion started in summer 2018 though. We I objected to
‘partman-crypto/merge_
Hi Cyril,
[crytsetup team member here]
On Mon, 15 Apr 2019 at 21:40:35 +0200, Cyril Brulebois wrote:
> There are also some other highlights in this changelog entry, regarding
> key sizes, and some update to partman-crypto might be needed…
GRUB stuff aside? AFAICT not, but FWIW we poked debian-b
Dear d-i team,
I'd like to bring your attention to the fact that cryptsetup 2.1.0-1,
which I just uploaded to sid, might affect the installer. (While the
release has a significant changelog there was no SONAME bump, so it'll
hopefully make it to buster.)
I was able to install from a netinst ISO
On Fri, 22 Jun 2018 at 17:40:34 +0200, Guilhem Moulin wrote:
> This was not the only thing need to fix the cryptsetup initramfs
> There was also an issue with our hook script; I pushed a fix but it's
> not released yet.
The fix is in cryptsetup-initramfs ≥2:2.0.3-4 though. Ju
On Fri, 22 Jun 2018 at 17:30:43 +0200, Guilhem Moulin wrote:
> Upgrading to cryptsetup ≥2:2.0.3-2 from d-i might yield an unbootable system
> if the initramfs image is updated at finish-install stage.
This was not the only thing need to fix the cryptsetup initramfs
integration from d-i,
Package: finish-install
Version: 2.94
Severity: important
Hi there,
Upgrading to cryptsetup ≥2:2.0.3-2 from d-i might yield an unbootable system
if the initramfs image is updated at finish-install stage.
That's because the cryptroot hook script is now relying on pseudo-filesystems
proc(5) (for /
Hi Cyril,
On Mon, 18 Dec 2017 at 01:39:35 +0100, Cyril Brulebois wrote:
> Guilhem Moulin (2017-12-18):
>> On Sun, 17 Dec 2017 at 18:12:21 +0100, Cyril Brulebois wrote:
>>> I've added this as a todo item, along with looking into src:argon2
>>> and src:json-c. I&#x
On Sun, 17 Dec 2017 at 18:12:21 +0100, Cyril Brulebois wrote:
> Guilhem Moulin (2017-12-17):
>> On Sun, 17 Dec 2017 at 13:32:55 +0100, Cyril Brulebois wrote:
>>> Jonas Meurer (2017-12-17):
>>>> Debian-boot is Cc'ed as cryptsetup provides udebs, so
>&g
Hi all,
On Sun, 17 Dec 2017 at 13:32:55 +0100, Cyril Brulebois wrote:
> Jonas Meurer (2017-12-17):
>> Debian-boot is Cc'ed as cryptsetup provides udebs, so debian-installer
>> is affected as well.
>
> Thanks for letting us (debian-boot@) know. AFAICT, on the udeb side we
> only have crypsetup-ud
Hi there,
On Mon, 18 Jan 2016 at 17:32:40 +0100, Guilhem Moulin wrote:
>> Having file:// as mirror URI looks like a reasonable/valid use case to
>> me, we should fix support for it.
>
> Great! I tried the two attached patches: they both work fine for me,
> but I've no
: they both work fine for me,
but I've not tried other installation setups. I think it's cleaner to
set PROTOCOL="cdrom", but the other patch is less invasive.
Cheers,
--
Guilhem.
From f4b259baf5a26d0960b7295f4390b9bf9f61f755 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin
Date:
On Sun, 17 Jan 2016 at 13:56:24 +0100, Geert Stappers wrote:
> Still feel free to describe the use case, the (wanted) setup.
AFAICT (please correct me if I'm wrong) Stefanos wants to share a host
directory with a KVM guest only to expose the preseeding file. (The
other options being either to add
On Sun, 17 Jan 2016 at 13:45:26 +0100, Geert Stappers wrote:
> When the bugreport, BR, came in, I had never heard of "9p" before.
As for 9pvirtio, which is what Stefanos is talking about, you can read
“Filesystem Passthrough for KVM”: this is the modern way to expose a
directory from the host to
On Sun, 17 Jan 2016 at 13:45:26 +0100, Geert Stappers wrote:
> P.S.
> I'm aware that my attempt to merge #809435 with #811198 failed.
>
> The
> Control: block -1 by 811198
> is new attempt to cross-reference both bugs at meta level.
> They are allready referenced with URLs.
Shouldn't the modul
Package: base-installer
Version: 1.160
Severity: normal
Tags: d-i
Hi there,
The following snippet can be found in library.sh:
# Assumes the file protocol is only used for CD (image) installs
configure_apt () {
if [ "$PROTOCOL" = file ]; then
[…]
if
Package: busybox
Version: 1:1.22.0-6
Severity: wishlist
Dear Maintainer,
In udebs, it is common to redirect the standard output of a command to
a fifo, and use that to display progress bars in the installer.
trap 'kill $pid' EXIT
/path/to/command >"$fifo" &
while read -u 7 n; do
Package: grub-installer
Version: 1.85
Followup-For: Bug #666974
Tags: patch
Dear Maintainer,
The bug is still present in Wheezy's installer. The enclosed (naive)
patch makes sure grub-installer jumps to state 2 (hence ignores
$default_bootdev) if grub-installer/bootdev is known. It has been
suc
35 matches
Mail list logo
