-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cryptsetup: add support for sector-size= option (#8881) #9936
Conversation
Validated that the option is accepted, and that Will work on adding the identical option to cryptsetup package in debian/ubuntu too, to keep the two implementations in sync. |
Hi, The code looks fine and should work for cryptsetup >= 2.x. On the other side, I think it will not compile on older cryptsetup (libcryptsetup) version because the sector_size is a new member in struct crypt_params_plain. To distinguish whether the sector_size member is present, I think it is sufficient to check for CRYPT_LUKS2 as 4K sector size support has been added to cryptsetup as of 2.x. So for example, you might change as follows: + } else if ((val = startswith(option, "sector-size="))) {
+#ifdef CRYPT_LUKS2
+ r = safe_atou(val, &arg_sector_size);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse %s: %m", option);
+ /* Do the other checks here ... */
+#else
+ log_error("This version of cryptsetup does not support different sector sizes; refusing.");
+ return -EINVAL;
+#endif
/* [..] */
struct crypt_params_plain params = {
.offset = arg_offset,
.skip = arg_skip,
+#ifdef CRYPT_LUKS2
+ .sector_size = arg_sector_size,
+#endif
}; |
man/crypttab.xml
Outdated
<varlistentry> | ||
<term><option>sector-size=</option></term> | ||
|
||
<listitem><para>Specifies the sector size in bits. See |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bytes?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes.
src/cryptsetup/cryptsetup.c
Outdated
} | ||
|
||
if (arg_sector_size < CRYPT_SECTOR_SIZE || arg_sector_size > CRYPT_MAX_SECTOR_SIZE) { | ||
log_error("sector-size= is outside of %u and %u.", CRYPT_SECTOR_SIZE, CRYPT_MAX_SECTOR_SIZE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
", ignoring"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes.
I'm not sure I care at all compiling against old cryptsetup. It has been out for a while now, I would just bump the requirement to >= 2.0.0. E.g. meson was bumped to 0.46 as well - albeit that is not a runtime dep. I guess it depends on what we need to support or want to require. Feel a bit like wasting my time now, if there were patches already available. Were you not able to share them earlier when LTC requested this feature in Ubuntu? 😔 |
I agree on increasing the cryptsetup version to >= 2.0.0 to avoid the #ifdefs. My intention was to keep some backward compatibility to older libcryptsetup versions at build time. But for upstream this is indeed not an issue. Regarding the LTC request, I was not really aware of that. I started to look at this issue when Ingo created the systemd issue. Honestly, I did not have the time to test the patch at all, that's why I am glad that you have shard your version. Looking at your change again, I have one minor comment (will follow separately), otherwise I am fine with your version with the build dependency updated. Many thanks. |
man/crypttab.xml
Outdated
<varlistentry> | ||
<term><option>sector-size=</option></term> | ||
|
||
<listitem><para>Specifies the sector size in bits. See |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you make this a bit more clear. For example:
Specifies the sector size in bytes for use with disk encryption in plain mode.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should not really copy the cryptsetup manpage here, as the cryptsetup (8) reference has the details about the option, including caveats etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's ok.. but you commit just changes for plain mode. So it would be good prevent confusing and yet another iteration of man page look-ups. Of course, the full description can be found in the cryptsetup man-page and it is important to add a reference.
Hmm, as already mentioned by @hbrueckner, |
@yuwata looking at semaphore setup, it still uses xenial as a base, and then pulls more things from pitti's ppa and then adds artful..... and artful is EOL btw. IMHO semaphore CI should be moved to bionic as well. That will get one newer things / closer to what people integrate new upstream releases on. How can I see full configs for semaphore ci and propose changes to it? i'm not that familiar with it - any pointers would be appreciated. |
I guess @keszybz can help you. Anyway, if you want to drop supporting v1.x, then please also update meson.build and README. |
How can I check what is wrong with the Fedora Rawhide build? |
LGTM.
@xnox Sometimes it fails with 'internal error' and we cannot get the reason... Please just ignore it. |
|
||
static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */ | ||
static char *arg_cipher = NULL; | ||
static unsigned arg_key_size = 0; | ||
static unsigned arg_sector_size = CRYPT_SECTOR_SIZE; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line should probably be enclosed in "#if/#endif" so as not to get
[649/1610] Generating sanitize-address-fuzzers with a custom command.
../src/cryptsetup/cryptsetup.c:34:17: warning: ‘arg_sector_size’ defined but not used [-Wunused-variable]
static unsigned arg_sector_size = CRYPT_SECTOR_SIZE;
^
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@xnox could you enclose the definition of arg_sector_size
in #if/#endif
? The warning is still there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah, thanks, I missed this comment entirely.
Does anybody know when the issue the link points to will be publicly available? |
@yuwata yes, it is merged, my question is why it is needed? |
@xnox because it's usually a good idea to write code that either doesn't compile with older libraries or, if it has been decided that it should be backwards compatible, compiles without any warnings. At https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#Warning-Options some flags that people might use to make sure that the code they're building isn't problematic are documented, of which the most interesting in the context of this PR is |
@evverx Thank you for the explanation :-) |
Bug-Ubuntu: https://launchpad.net/bugs/1776626 Closes systemd#8881. (cherry picked from commit a9fc640) [fbui: adjust context] [fbui: fixes fate#325634]
…md#9990) Follow-up for systemd#9936. (cherry picked from commit 645461f)
Bug-Ubuntu: https://launchpad.net/bugs/1776626 Closes systemd#8881. (cherry picked from commit a9fc640) [fbui: adjust context] [fbui: fixes fate#325697]
…md#9990) Follow-up for systemd#9936. (cherry picked from commit 645461f)
Bug-Ubuntu: https://launchpad.net/bugs/1776626