Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#6297 - mkinitcpio, encrypt hook syntax

Attached to Project: Arch Linux
Opened by Henrik Holst (holst) - Sunday, 28 January 2007, 16:36 GMT
Last edited by Roman Kyrylych (Romashka) - Saturday, 09 February 2008, 15:25 GMT
Task Type Bug Report
Category System
Status Closed
Assigned To Thomas Bächler (brain0)
Architecture not specified
Severity Low
Priority Normal
Reported Version 0.7.2 Gimmick
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

mkinitcpio has in my oppinion a faulty syntax for the "crypto=hash:cipher:keysize:offset:skip" argument to the kernel:

From http://wiki.archlinux.org/index.php/Mkinitcpio :

"""
Using legacy cryptsetup volumes

If you are using a legacy cryptsetup volume, you have to specify all cryptsetup options necessary to unlock it on the kernel command line. The option format is representing cryptsetup's --hash, --cipher, --keysize, --offset and --skip options. If you omit an option, cryptsetup's default value is used, so you can just specify crypto=:::: if you created your volume with the default settings.
"""

The attached patch for current/mkinitcpio 0.5.13-1 will use "," as an argument separator instead. This will allow usage of the aes-cbc-essiv:sha256 cipher in "legacy" cryptsetup volumes.
   encrypt.diff (1.4 KiB)
This task depends upon

Closed by  Roman Kyrylych (Romashka)
Saturday, 09 February 2008, 15:25 GMT
Reason for closing:  Won't fix
Comment by Thomas Bächler (brain0) - Monday, 29 January 2007, 18:37 GMT
I'm afraid I didn't think of that when I designed the hook, although I should have known that a cipher may contain a colon. The problem now is that we cannot change the syntax without breaking existing setups. Therefore I am unsure what to do here.

I strongly advise everyone to use LUKS to avoid any such problems and to improve security.
Comment by Henrik Holst (holst) - Monday, 29 January 2007, 21:56 GMT
I don't agreed. Two points:

1) This is not redhat or debian. If Arch users wanted "written-in-stone-never-break" packages they will run: redhat or debian.

2) We should change something if it's wrong.

We can warn now that the syntax WILL change in a short while (cf. mkinitrd). I don't think there is such a high level of cryptoroot (non LUKS) users out there using this package- because then they would have the same problem as I had (before the patch).

/holst

Loading...