[Pkg-cryptsetup-devel] Re: Cryptsetup in Debian

Tue Nov 15 22:44:22 UTC 2005

On 15/11/2005 Michael Gebetsroither wrote:
> > another point is, that you use some complex build structure, instead of
> > simply building the cryptsetup-luks upstream sources as suggested in
> > upstream documentation.
> 
> not anymore, i'm using plain luks upstream.
> Copied debian dir from cryptsetup and fixed a few things (using
> manpage from cryptsetup-luks + added 2 new libs to link cryptsetup
> against).
> Thats it ;).

great. so all we have to do is
'diff -rNu cryptsetup-20050111/debian cryptsetup-luks-1.0.1/debian'

do you still remember what the 'few things' where, that you fixed?

> > i didn't inspect your packages exactly yet, but
> > i assume that this makes new upstream releases etc. more complicated
> > too.
> 
> This is _VERY_ complicated with cryptsetup, because there is no real
> upstream anymore.
> original author has an cvs.
> cryptsetup-luks uses the lastest cvs version.

i know, but when we use cryptsetup-luks as upstream, new releases are
likely. clemens already announced a ondisk layout change, as you
mentioned later in your mail.

> but there are many bugs in the cryptsetup code + there is a possible
> incompatible ondisk layout change in luks in the near future.

is there a bug tracker for cryptsetup bugs, and are people actively
maintaining it?

> > yes, the only desirable option would be to add modules/plugin support to
> > mount, and make cryptsetup a module/plugin for mount.
> 
> crypsetup allready provides a lib:
> /usr/lib/libcryptsetup.so.0.0.0
> /usr/lib/libcryptsetup.la
> /usr/include/libcryptsetup.h

... but mount has no support for plugins.

> In the last revision of cryptsetup-luks i've adapted
> /etc/init.d/cryptdisks to support luks as option, completly
> backwardcompatible to the script in debian cryptsetup.

yes, i already use that one on my server ,-)

> The only problem is, that i'm not shure if the ondisk layout of the
> luks extension is stable betwenn different architectures.
> Known to work are currently _only_ ia32<->amd64. ppc is also known
> to work on his own.
> A user reported me that he is not able to open cryptsetup-luks
> loop-filesystems on i386 (bugreport is outstanding).

uh, i didn't know that. maybe it's a bug in the kernel crypto modules?

> > i've neither the time nor the skills to do all of raised issues, that's
> > why i created a project on alioth to team-maintain cryptsetup in debian.
> 
> I've also created a few patches for cryptsetup-luks, like a
> --batch-mode that i've sent to Clemens (upstream of
> cryptsetup-luks).

sounds good, so maybe we can integrate some of the patches into debian,
even if no new upstream release happens in near future. but first let's
prepare cryptsetup packages with luks support.

i'll see if i can setup a development repository on alioth this week.
then we can start with the packaging stuff.
to get write access to the repository i need your alioth username.

> Together there shoud be no issues ;).
> I've not really enough time to do cryptsetup-luks in debian alone.
> I'm core developer of grml[0].
> + i've 30 hours per week at the university :(.

sounds good. maybe even more developers join the team and help in
future. my initial mail was addressed to 4 people, all of them
interested in cryptsetup maintainership - according to wesley.

...
 jonas