Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#66498 - [cryptsetup] 2.3.2-1: Show warning about changed "allow-discards" behaviour on package upgrade
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Friday, 01 May 2020, 19:06 GMT
Last edited by freswa (frederik) - Sunday, 13 September 2020, 15:20 GMT
Opened by Pascal Ernster (hardfalcon) - Friday, 01 May 2020, 19:06 GMT
Last edited by freswa (frederik) - Sunday, 13 September 2020, 15:20 GMT
|
DetailsCryptsetup 2.3.2-1 refuses to open a LUKS2 device with hmac(sha512) for integrity and the "allow-discards" flag set in the LUKS2 header with the error message "Discard/TRIM is not supported.", which breaks the boot process if that flag is set (which older versions allowed users to do). Cryptsetup 2.3.1-3 opens the very same devices without any complaint whatsoever - not even a warning is shown.
This is obviously an especially grave issue for people using full disk encryption on remote systems with cryptsetup unlock over SSH on reboot. Also, at least when using the "sd-encrypt" mkinitcpio hook, users won't even see cryptsetup's error message, making debugging the issue needlessly cumbersome. The new behaviour is loosely documented in upstream's changelog [1], but since this can break the boot process for people, there should be a warning message displayed when the cryptsetup package is upgraded to the new version. [1] https://mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.3/v2.3.2-ReleaseNotes |
This task depends upon
Closed by freswa (frederik)
Sunday, 13 September 2020, 15:20 GMT
Reason for closing: Upstream
Additional comments about closing: https://gitlab.com/cryptsetup/cryptsetup /-/issues/558
Sunday, 13 September 2020, 15:20 GMT
Reason for closing: Upstream
Additional comments about closing: https://gitlab.com/cryptsetup/cryptsetup /-/issues/558
https://gitlab.com/cryptsetup/cryptsetup/-/issues/558
https://gitlab.com/cryptsetup/cryptsetup/-/issues/558#note_335279806
"cryptsetup refresh $luksname --persistent" works only with opened/unlocked LUKS devices though, so it required a temporary downgrade to cryptsetup 2.3.1.