[Pkg-cryptsetup-devel] Re: Cryptsetup in Debian

Michael Gebetsroither michael.geb at gmx.at
Tue Nov 15 20:46:24 UTC 2005

* Jonas Meurer <jonas at freesources.org> [051115 21:00]:
> i know, but there are a few issues remaining. for example your packages,
> compiled on amd64 segfault, while the cryptsetup packages in debian
> don't.

Not anymore, i've fixed this bug by completly switching to luks

> another point is, that you use some complex build structure, instead of
> simply building the cryptsetup-luks upstream sources as suggested in
> upstream documentation.

not anymore, i'm using plain luks upstream.
Copied debian dir from cryptsetup and fixed a few things (using
manpage from cryptsetup-luks + added 2 new libs to link cryptsetup
Thats it ;).

> i didn't inspect your packages exactly yet, but
> i assume that this makes new upstream releases etc. more complicated
> too.

This is _VERY_ complicated with cryptsetup, because there is no real
upstream anymore.
original author has an cvs.
cryptsetup-luks uses the lastest cvs version.

but there are many bugs in the cryptsetup code + there is a possible
incompatible ondisk layout change in luks in the near future.

> yes, the only desirable option would be to add modules/plugin support to
> mount, and make cryptsetup a module/plugin for mount.

crypsetup allready provides a lib:

In the last revision of cryptsetup-luks i've adapted
/etc/init.d/cryptdisks to support luks as option, completly
backwardcompatible to the script in debian cryptsetup.

The only problem is, that i'm not shure if the ondisk layout of the
luks extension is stable betwenn different architectures.
Known to work are currently _only_ ia32<->amd64. ppc is also known
to work on his own.
A user reported me that he is not able to open cryptsetup-luks
loop-filesystems on i386 (bugreport is outstanding).

> i've neither the time nor the skills to do all of raised issues, that's
> why i created a project on alioth to team-maintain cryptsetup in debian.

I've also created a few patches for cryptsetup-luks, like a
--batch-mode that i've sent to Clemens (upstream of

Together there shoud be no issues ;).
I've not really enough time to do cryptsetup-luks in debian alone.
I'm core developer of grml[0].
+ i've 30 hours per week at the university :(.

[0]: http://grml.org

Michael Gebetsroither
/*The only secure computer is one that's unplugged, locked in a
safe, and buried 20 feet under the ground in a secret location...
and i'm not even too sure about that one.*/

More information about the Pkg-cryptsetup-devel mailing list