[Pkg-utopia-maintainers] Bug#928893: gnome-disk-utility: disk content permamently lost when changing LUKS password
Michael Biebl
biebl at debian.org
Sun Jul 21 21:40:38 BST 2019
Hi
Am 21.07.19 um 21:58 schrieb Guilhem Moulin:
> Now that libblockdev uses crypt_keyslot_change_by_passphrase() there is
> AFAICT nothing more to be done on the libblockdev or udisks2 side with
> respect to that bug. But maybe the Changelog entry for libblockdev
> 2.20-7+deb10u1 should be changed to remove the references to MEMLOCK.
> As I wrote in https://gitlab.com/cryptsetup/cryptsetup/issues/466 I
> believe the problem with LUKSv2 is elsewhere (crypt_get_volume_key_size()
> fails because there is no bound keyslot object to retrieve the key size
> from). Maybe changing it to
>
> * Use existing cryptsetup API for changing keyslot passphrase.
> Cherry-pick upstream fix to use existing cryptsetup API for atomically
> changing a keyslot passphrase, instead of deleting the old keyslot
> before adding the new one. This avoids data loss when attempting to
> change the passphrase of a LUKS2 device via udisks2, e.g. from GNOME
> Disks.
> Deleting a keyslot and then adding one is risky: if anything goes wrong
> before the new keyslot is successfully added, no usable keyslot is left
> and the device cannot be unlocked anymore. There's little chances this
> causes actual problems with LUKS1, but as of 2.1.0 libcrypsetup
> fails to add a new keyslot to a LUKS2 header without any
> pre-existing keyslot.
> (Closes: #928893)
>
> Or maybe remoing the last sentence alltogether, ending with “[…] cannot
> be unlocked anymore.”
I already uploaded 2.20-7+deb10u1 with this changelog, so it's not
really possible anymore to undo this other then making a 2.20-7+deb10u2
upload, which seems like overkill to me.
I don't think the changelog is that misleading that we need another
upload fixing it.
Regards,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20190721/3c230d38/attachment-0001.sig>
More information about the Pkg-utopia-maintainers
mailing list