[pkg-cryptsetup-devel] Bug#1027299: closed by Guilhem Moulin <guilhem at debian.org>

Łukasz Stelmach steelman at post.pl
Fri Dec 30 15:52:49 GMT 2022 

Guilhem Moulin <guilhem at debian.org> writes:

> On Fri, 30 Dec 2022 at 13:19:10 +0100, Łukasz Stelmach wrote:
>> Yes there are workarounds and I've found them, and I won't stay with
>> buster longer than necessary, but I am reporting a serious IMHO
>> regression.
>
> While of course not being able to boot is an unfortunate regression,
> its scope is very limited

True (see my story below).

> I'm not arguing it's not a bug, just that there is not much we can do in
> oldstable right now.  Should one report a security vulnerability in
> Buster's src:cryptsetup I'll remember to cherry-pick that change though.

BTW. Do you think it may make sense to raise an issue of inadequate
policy regarding "premature" sealing of Release Notes? How could I do
it?  I mean, I think there should be a section for Known Issuse And How
To Work Around Them, that stays open for situations like this. Or a wiki
page, what's important, is that it exists for every release and is
linked from the RN.

>> 1. I upgraded to from stretch to buster with linux-image-4.19.0-23-686-pae.
>> 2. I rebooted — successfully.
>> 2. I installed linux-image-5.10-686-pae from buster/updates (see above).
>> 3. 5.10 didn't boot.
>
> Is there any reason why you don't let the dependency resolver chose
> the kernel for you?  (`apt install linux-image-686-pae` instead of
> specific ABIs.)  You would have ended up with 4.9 after dist-upgrading
> to stretch, 4.19 after dist-upgrading to buster, and with 5.10 after
> dist-upgrading to bullseye.

Yes, dist-upgrade to bsuter has left me with 4.19 and it was fine. At
this point (before upgrading to bullseye), however, I wanted to upgrade
my SSD, because:

a) 4 GB (root) + 16 GB (/home) is somewhat little for doing upgrades
   (yes, I've bind-mounted /home/apt as /var/cache/apt),

b) I'd like to encrypt the new SSD with xchacha12,aes-adiantum[1]
   (27 MB/s vs aes-xts 17 MB/s) which is available since Linux 5.0.

Hence, I chose to install 5.10 ASAP.

I know, it's a complicated and exceptional story. Let's hope this report
will help those few unfortunate who may follow my path.

[1] https://lore.kernel.org/linux-crypto/20181117012631.23528-1-ebiggers@kernel.org/
-- 
Miłego dnia,
Łukasz Stelmach
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 617 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20221230/4f4d3661/attachment.sig>

More information about the pkg-cryptsetup-devel mailing list