https://bugzilla.novell.com/show_bug.cgi?id=230732 chrubis@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team- |mkoenig@novell.com |screening@forge.provo.novell| |.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=230732 ------- Comment #2 from walter.haidinger@gmx.at 2007-01-08 10:43 MST ------- Under SuSE 10.1 I had the following cryptsetup config. The keys were files of 16k of random data, i.e. created with dd if=/dev/random of=home.key bs=4096 count=4 During boot, a custom script (/etc/init.d/boot.dmcrypt) ran the following command: cat home.key | cryptsetup -c aes -s 256 -h sha512 create home /dev/vg/crypt_home and subsequently mounted /dev/mapper/home (ext3). Please note that the encrypted device was an LVM logical volume too! After upgrading to 10.2, the (unmodified) script did not work anymore. The quick fix was to replace cryptsetup from 10.1. Do you want my /etc/init.d/boot.dmcrypt script? While I think about it, something comes to mind: I was not able to MOUNT the encrypted filesystem! Therefore, it may very well be the script did succeed to setup /dev/mapper/home but mount could not see a valid filesystem. So, the steps to reproduce would be: # cat test.key | cryptsetup101 -c aes -s 256 -h sha512 create test /dev/vg/crypt_test # mke2fs -j /dev/mapper/test # mount -t ext3 /dev/mapper/test /test # date > /test/blah # umount /test # cryptsetup101 remove test # cat test.key | cryptsetup102 -c aes -s 256 -h sha512 create test /dev/vg/crypt_test # mount -t ext3 /dev/mapper/test /test The last mount command should fail! I'll also try to reproduce and report back. However, in the meantime I've recreated the encrypted partitions from scratch with 10.2 cryptsetup, switching to LUKS on the fly. I'm still using the slightly modified boot.dmcrypt switch, though. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

https://bugzilla.novell.com/show_bug.cgi?id=230732 mkoenig@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Comment #4 from mkoenig@novell.com 2007-01-09 04:02 MST ------- I see, there is a change in the passphrase/key reading function. But this affects the compatibility only as your usage of the key file is wrong. If you pipe the passphrase into cryptsetup you do not want to use the key file! There is a distinction between passphrase and key file. The passphrase should not contain newline characters, because cryptsetup stops reading then. If you want to use a binary key file, use the --key-file option. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.