[Pkg-cryptsetup-devel] [dm-crypt] list of patches for cryptsetup 1.0.5

David Härdeman david at hardeman.nu
Wed Oct 24 21:05:45 UTC 2007 

On Sat, Oct 20, 2007 at 05:20:23PM +0200, Clemens Fruhwirth wrote:
>Hello Jonas, 
>
>First of all thanks for maintaining the list of patches!  Please make
>liberal use of your commit privileges to the SVN repo. These are all
>reasonable and small fixes, just Cc me and commit if you feel like.

Done, comments below

>> Desc:   Improve the upstream manpage
>
>Should be merged.

Done

>> Desc:   detect read-only devices automatically
>
>In SVN.

It is? I couldn't find it...

>> Desc:   stop cryptsetup from segfaulting with invalid device
>
>In SVN.

Yes

>> Desc:   check for UID == 0 before actually doing anything
>
>As others pointed out, I'm not sure if that's really neccessary.

I don't agree. The warning that is printed right now:

$ cryptsetup luksOpen /dev/sdd2 fff
mlockall failed: Cannot allocate memory
WARNING!!! Possibly insecure memory. Are you root?
Command failed: Can't get device information.

Is just a side effect of mlockall failing. However, mlockall does not 
fail for a non-root user who has the CAP_IPC_LOCK capability or if the 
RLIMIT_MEMLOCK resource limit is set high enough.

I still think something like:

if (geteuid() != 0)
	fprintf(stderr, _("NOTE: You do not seem to be root, cryptsetup might fail!\n");

would be helpful.

>> Desc:   rename luksInit to luksFormat in libcrytsetup.h
>
>In SVN.

No it wasn't...but it is now :)

>> Desc:   run udevsettle after dm device creation
>
>Should be merged.

Done...still needs fixes in libdevmapper though (after which this can be 
removed again).

>> Desc:   fix some gcc warnings about unused or unitialized variables
>
>Should be merged.

Done

>> Desc:   fix implicit function declarations
>
>Should be merged.

Done

>> Desc:   fix segfault when trying to open a non existing device
>
>I think that's fixed in SVN. Have to check.

It was fixed in SVN

>> Desc:   use set_error instead of printf in library to report errors
>
>Should be merged.

Done...with a lot of fuzzing and manual changes though. Not sure I 
caught everything.

>The cryptsetup SVN changes slightly refactoring a bit of stuff. If
>some patch fails to apply or something else seems wrong, feel free to ask.

Feel free to take a closer look at the round of patches I applied. 
Hopefully Jonas can push a new cryptsetup version based on the SVN 
version to Debian Unstable soon so that the changes can have some wider 
testing.

>Thanks to all contributors.

Agreed :)

-- 
David Härdeman

More information about the Pkg-cryptsetup-devel mailing list