[Pkg-utopia-maintainers] Bug#928893: gnome-disk-utility: disk content permamently lost when changing LUKS password

Michael Biebl biebl at debian.org
Sun Jul 21 21:40:38 BST 2019


Hi

Am 21.07.19 um 21:58 schrieb Guilhem Moulin:

> Now that libblockdev uses crypt_keyslot_change_by_passphrase() there is
> AFAICT nothing more to be done on the libblockdev or udisks2 side with
> respect to that bug.  But maybe the Changelog entry for libblockdev
> 2.20-7+deb10u1 should be changed to remove the references to MEMLOCK.
> As I wrote in https://gitlab.com/cryptsetup/cryptsetup/issues/466 I
> believe the problem with LUKSv2 is elsewhere (crypt_get_volume_key_size()
> fails because there is no bound keyslot object to retrieve the key size
> from).  Maybe changing it to
> 
>   * Use existing cryptsetup API for changing keyslot passphrase.
>     Cherry-pick upstream fix to use existing cryptsetup API for atomically
>     changing a keyslot passphrase, instead of deleting the old keyslot
>     before adding the new one. This avoids data loss when attempting to
>     change the passphrase of a LUKS2 device via udisks2, e.g. from GNOME
>     Disks.
>     Deleting a keyslot and then adding one is risky: if anything goes wrong
>     before the new keyslot is successfully added, no usable keyslot is left
>     and the device cannot be unlocked anymore.  There's little chances this
>     causes actual problems with LUKS1, but as of 2.1.0 libcrypsetup
>     fails to add a new keyslot to a LUKS2 header without any
>     pre-existing keyslot.
>     (Closes: #928893)
> 
> Or maybe remoing the last sentence alltogether, ending with “[…] cannot
> be unlocked anymore.”

I already uploaded 2.20-7+deb10u1 with this changelog, so it's not
really possible anymore to undo this other then making a 2.20-7+deb10u2
upload, which seems like overkill to me.
I don't think the changelog is that misleading that we need another
upload fixing it.

Regards,
Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20190721/3c230d38/attachment-0001.sig>


More information about the Pkg-utopia-maintainers mailing list