cryptsetup: 1.7.5 -> 2.0.2 by lukateras · Pull Request #38382 · NixOS/nixpkgs

lukateras · 2018-04-03T11:26:13Z

Tested using sandboxing (nix.useSandbox on NixOS, or option build-use-sandbox in nix.conf on non-NixOS)
Built on platform(s)
- NixOS
- macOS
- other Linux distributions
Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
Tested execution of all binary files (usually in ./result/bin/)
Fits CONTRIBUTING.md.

lukateras · 2018-04-03T11:47:10Z

GrahamcOfBorg · 2018-04-03T11:48:13Z

Success on x86_64-linux (full log)

Attempted: cryptsetup

Partial log (click to expand)

shrinking /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/sbin/integritysetup
shrinking /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/sbin/cryptsetup
shrinking /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/sbin/cryptsetup-reencrypt
gzipping man pages under /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/share/man/
strip is /nix/store/fzcs0fn6bb04m82frhlb78nc03ny3w55-binutils-2.28.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/lib  /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/sbin
patching script interpreter paths in /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2
checking for references to /tmp/nix-build-cryptsetup-2.0.2.drv-0 in /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2...
moving /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/sbin/* to /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/bin
/nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2

GrahamcOfBorg · 2018-04-03T11:48:55Z

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: cryptsetup

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowBroken = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowBroken = true; }
to ~/.config/nixpkgs/config.nix.

GrahamcOfBorg · 2018-04-03T11:49:27Z

Success on aarch64-linux (full log)

Attempted: cryptsetup

Partial log (click to expand)

shrinking /nix/store/gmrd9jyzwmkkjpllnmijxkvz0cypx5vw-cryptsetup-2.0.2/sbin/veritysetup
shrinking /nix/store/gmrd9jyzwmkkjpllnmijxkvz0cypx5vw-cryptsetup-2.0.2/sbin/cryptsetup
shrinking /nix/store/gmrd9jyzwmkkjpllnmijxkvz0cypx5vw-cryptsetup-2.0.2/lib/libcryptsetup.so.12.2.0
gzipping man pages under /nix/store/gmrd9jyzwmkkjpllnmijxkvz0cypx5vw-cryptsetup-2.0.2/share/man/
strip is /nix/store/3zq400fri5dv7d30lpxlqm2v9y1iis6j-binutils-2.28.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/gmrd9jyzwmkkjpllnmijxkvz0cypx5vw-cryptsetup-2.0.2/lib  /nix/store/gmrd9jyzwmkkjpllnmijxkvz0cypx5vw-cryptsetup-2.0.2/sbin
patching script interpreter paths in /nix/store/gmrd9jyzwmkkjpllnmijxkvz0cypx5vw-cryptsetup-2.0.2
checking for references to /build in /nix/store/gmrd9jyzwmkkjpllnmijxkvz0cypx5vw-cryptsetup-2.0.2...
moving /nix/store/gmrd9jyzwmkkjpllnmijxkvz0cypx5vw-cryptsetup-2.0.2/sbin/* to /nix/store/gmrd9jyzwmkkjpllnmijxkvz0cypx5vw-cryptsetup-2.0.2/bin
/nix/store/gmrd9jyzwmkkjpllnmijxkvz0cypx5vw-cryptsetup-2.0.2

GrahamcOfBorg · 2018-04-03T11:57:56Z

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: cryptsetup

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowBroken = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowBroken = true; }
to ~/.config/nixpkgs/config.nix.

GrahamcOfBorg · 2018-04-03T11:58:05Z

Success on aarch64-linux (full log)

Attempted: cryptsetup

Partial log (click to expand)

/nix/store/gmrd9jyzwmkkjpllnmijxkvz0cypx5vw-cryptsetup-2.0.2

GrahamcOfBorg · 2018-04-03T11:58:18Z

Success on x86_64-linux (full log)

Attempted: cryptsetup

Partial log (click to expand)

shrinking /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/sbin/veritysetup
shrinking /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/sbin/integritysetup
shrinking /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/sbin/cryptsetup-reencrypt
gzipping man pages under /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/share/man/
strip is /nix/store/fzcs0fn6bb04m82frhlb78nc03ny3w55-binutils-2.28.1/bin/strip
stripping (with command strip and flags -S) in /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/lib  /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/sbin
patching script interpreter paths in /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2
checking for references to /build in /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2...
moving /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/sbin/* to /nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2/bin
/nix/store/xkf0pkhypx92mf28qlj38x2c5zmlh6vz-cryptsetup-2.0.2

jtojnar · 2018-04-03T15:10:02Z

I recall there were some patches needed for compatibility but not sure what the package was.

jtojnar · 2018-04-03T15:12:34Z

Oh, right that was https://pagure.io/volume_key/c/ecef526a51c5a276681472fd6df239570c9ce518?branch=master and I am already applying it in #35551

cript0nauta · 2018-04-05T15:03:39Z

Hi! I tried to use this patch to boot a nixos installed in a a LUKS2 encrypted device, but couldn't make it work. Appearently when running cryptsetup 2 from the initrd image to mount LUKS2 devices doesn't work. I'm not sure if this should be discused here, so ping me if you want more information about the bug.

mkaito · 2018-04-19T16:27:30Z

I only use this for LUKS encrypted offline storage on some thumb drives, and this has worked for me for the past 2 weeks perfectly.

supersedes NixOS#35551 closes NixOS#34999 /cc NixOS#38382

lukateras · 2018-06-15T11:52:28Z

@sh4r3m4n Please tell more about the bug.

cript0nauta · 2018-06-15T22:24:21Z

@yegortimoshenko: I had to modify the cryptsetup derivation in order to boot from a LUKS2 partition. I had to make two important changes to the pull request patch

Set NIX_LDFLAGS to lgcc_s to prevent a libgcc.so.1 must be installed for pthread_cancel to work error
Use the --disable-kernel_crypto flag because it wasn't available from the initrd image

After this two fixes I was able to boot with LVM inside a LUKS 2 device

Here is my custom version of the cryptsetup derivation:

({ stdenv, fetchurl, devicemapper, json_c, openssl, libuuid, pkgconfig, popt
, enablePython ? false, python2 ? null, ...
}:

assert enablePython -> python2 != null;

stdenv.mkDerivation rec {
  name = "cryptsetup-2.0.2";
  NIX_LDFLAGS = "-lgcc_s";

  src = fetchurl {
    url = "mirror://kernel/linux/utils/cryptsetup/v2.0/${name}.tar.xz";
    sha256 = "15wyjfgcqjf0wy5gxnmjj8aah33csv5v6n1hv9c8sxdzygbhb0ag";
  };

  configureFlags = [ "--enable-cryptsetup-reencrypt" "--with-crypto_backend=openssl" "--disable-kernel_crypto"]
                ++ stdenv.lib.optional enablePython "--enable-python";

  nativeBuildInputs = [ pkgconfig ];
  buildInputs = [ devicemapper json_c openssl libuuid popt ]
             ++ stdenv.lib.optional enablePython python2;

  meta = {
    homepage = https://gitlab.com/cryptsetup/cryptsetup/;
    description = "LUKS for dm-crypt";
    license = stdenv.lib.licenses.gpl2;
    maintainers = with stdenv.lib.maintainers; [ viric chaoflow ];
    platforms = with stdenv.lib.platforms; linux;
  };
}) (import <nixpkgs> {})

lukateras · 2018-06-15T23:21:33Z

@sh4r3m4n Thank you a lot!

Hopefully will be able to commit updated cryptsetup to the tree this week.

GrahamcOfBorg · 2018-06-15T23:38:55Z

No attempt on x86_64-darwin (full log)

The following builds were skipped because they don't evaluate on x86_64-darwin: cryptsetup

Partial log (click to expand)


a) For `nixos-rebuild` you can set
  { nixpkgs.config.allowUnsupportedSystem = true; }
in configuration.nix to override this.

b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
  { allowUnsupportedSystem = true; }
to ~/.config/nixpkgs/config.nix.

GrahamcOfBorg · 2018-06-15T23:39:23Z

Success on x86_64-linux (full log)

Attempted: cryptsetup

Partial log (click to expand)

shrinking /nix/store/8l6lwrli072c86d7aa1pksf4j2dgywp5-cryptsetup-2.0.2/sbin/veritysetup
shrinking /nix/store/8l6lwrli072c86d7aa1pksf4j2dgywp5-cryptsetup-2.0.2/sbin/integritysetup
shrinking /nix/store/8l6lwrli072c86d7aa1pksf4j2dgywp5-cryptsetup-2.0.2/sbin/cryptsetup-reencrypt
gzipping man pages under /nix/store/8l6lwrli072c86d7aa1pksf4j2dgywp5-cryptsetup-2.0.2/share/man/
strip is /nix/store/4mf2xm9p32lzrim927yk92xhx35yaz62-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/8l6lwrli072c86d7aa1pksf4j2dgywp5-cryptsetup-2.0.2/lib  /nix/store/8l6lwrli072c86d7aa1pksf4j2dgywp5-cryptsetup-2.0.2/sbin
patching script interpreter paths in /nix/store/8l6lwrli072c86d7aa1pksf4j2dgywp5-cryptsetup-2.0.2
checking for references to /build in /nix/store/8l6lwrli072c86d7aa1pksf4j2dgywp5-cryptsetup-2.0.2...
moving /nix/store/8l6lwrli072c86d7aa1pksf4j2dgywp5-cryptsetup-2.0.2/sbin/* to /nix/store/8l6lwrli072c86d7aa1pksf4j2dgywp5-cryptsetup-2.0.2/bin
/nix/store/8l6lwrli072c86d7aa1pksf4j2dgywp5-cryptsetup-2.0.2

GrahamcOfBorg · 2018-06-15T23:43:39Z

Success on aarch64-linux (full log)

Attempted: cryptsetup

Partial log (click to expand)

shrinking /nix/store/5bigsk1jcm3a94wcpg19crkpy0ksbmqz-cryptsetup-2.0.2/sbin/veritysetup
shrinking /nix/store/5bigsk1jcm3a94wcpg19crkpy0ksbmqz-cryptsetup-2.0.2/sbin/cryptsetup
shrinking /nix/store/5bigsk1jcm3a94wcpg19crkpy0ksbmqz-cryptsetup-2.0.2/lib/libcryptsetup.so.12.2.0
gzipping man pages under /nix/store/5bigsk1jcm3a94wcpg19crkpy0ksbmqz-cryptsetup-2.0.2/share/man/
strip is /nix/store/min150lkigznaayzpwvf8d4jdl1dqvx6-binutils-2.30/bin/strip
stripping (with command strip and flags -S) in /nix/store/5bigsk1jcm3a94wcpg19crkpy0ksbmqz-cryptsetup-2.0.2/lib  /nix/store/5bigsk1jcm3a94wcpg19crkpy0ksbmqz-cryptsetup-2.0.2/sbin
patching script interpreter paths in /nix/store/5bigsk1jcm3a94wcpg19crkpy0ksbmqz-cryptsetup-2.0.2
checking for references to /build in /nix/store/5bigsk1jcm3a94wcpg19crkpy0ksbmqz-cryptsetup-2.0.2...
moving /nix/store/5bigsk1jcm3a94wcpg19crkpy0ksbmqz-cryptsetup-2.0.2/sbin/* to /nix/store/5bigsk1jcm3a94wcpg19crkpy0ksbmqz-cryptsetup-2.0.2/bin
/nix/store/5bigsk1jcm3a94wcpg19crkpy0ksbmqz-cryptsetup-2.0.2

xeji · 2018-06-18T13:20:23Z

pkgs/os-specific/linux/cryptsetup/default.nix

+  NIX_LDFLAGS = "-lgcc_s";
+
+  configureFlags = [
+    "--disable-kernel_crypto"


Why disable kernel crypto? I tried and cryptsetup builds fine without this flag.

Because it doesn't seem to be available in initrd image, see #38382 (comment).

I see. Is this setting likely to hurt performance of the encrypted disks? If yes, it might be better to add the missing module(s) to initrd at some point.

It likely will hurt performance. I agree that adding missing modules to initrd would be preferable.

I would suggest to merge this now anyway, observe the effects and optimize later if needed. What do you think?

This is long overdue, so yes. I've opened #42163 to track this issue.

peti · 2018-06-20T14:53:53Z

This change broke nixos-rebuild boot because stage-1.nix no longer compiles.

cryptsetup: 1.7.5 -> 2.0.2

d72f226

GrahamcOfBorg added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin. 10.rebuild-linux: 11-100 This PR causes between 11 and 100 packages to rebuild on Linux. labels Apr 3, 2018

flokli mentioned this pull request Jun 8, 2018

udisks 2.1.6 -> 2.7.6 #41723

Merged

8 tasks

flokli added a commit to flokli/nixpkgs that referenced this pull request Jun 11, 2018

udisks2: 2.1.6 → 2.7.6

41b140c

supersedes NixOS#35551 closes NixOS#34999 /cc NixOS#38382

cryptsetup: apply Matías Lang's patch

397f5c3

jtojnar mentioned this pull request Jun 18, 2018

Cryptsetup: 1.7.5 -> 2.0.3. Also, support libressl-2.7. #42148

Closed

8 tasks

xeji reviewed Jun 18, 2018

View reviewed changes

lukateras mentioned this pull request Jun 18, 2018

Enable initrd modules required by cryptsetup --kernel-crypto #42163

Closed

xeji merged commit 590b51c into master Jun 18, 2018

qolii mentioned this pull request Jun 19, 2018

Cryptsetup: 2.0.2 -> 2.0.3. Also, add upstream libressl-2.7 patch. #42200

Merged

8 tasks

fpletz deleted the yegortimoshenko-patch-1 branch June 19, 2018 16:30

peti mentioned this pull request Jun 20, 2018

stage-1.nix fails to be built on nixos-unstable-small #42276

Closed

hlandau mentioned this pull request Jan 16, 2019

cryptsetup open --type=tcrypt no longer works (regression) #54019

Closed

Uh oh!

Conversation

lukateras commented Apr 3, 2018

Uh oh!

lukateras commented Apr 3, 2018

Uh oh!

GrahamcOfBorg commented Apr 3, 2018

Uh oh!

GrahamcOfBorg commented Apr 3, 2018

Uh oh!

GrahamcOfBorg commented Apr 3, 2018

Uh oh!

GrahamcOfBorg commented Apr 3, 2018

Uh oh!

GrahamcOfBorg commented Apr 3, 2018

Uh oh!

GrahamcOfBorg commented Apr 3, 2018

Uh oh!

jtojnar commented Apr 3, 2018

Uh oh!

jtojnar commented Apr 3, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

cript0nauta commented Apr 5, 2018

Uh oh!

mkaito commented Apr 19, 2018

Uh oh!

lukateras commented Jun 15, 2018

Uh oh!

cript0nauta commented Jun 15, 2018

Uh oh!

lukateras commented Jun 15, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

GrahamcOfBorg commented Jun 15, 2018

Uh oh!

GrahamcOfBorg commented Jun 15, 2018

Uh oh!

GrahamcOfBorg commented Jun 15, 2018

Uh oh!

xeji Jun 18, 2018

Choose a reason for hiding this comment

Uh oh!

lukateras Jun 18, 2018

Choose a reason for hiding this comment

Uh oh!

xeji Jun 18, 2018

Choose a reason for hiding this comment

Uh oh!

lukateras Jun 18, 2018

Choose a reason for hiding this comment

Uh oh!

xeji Jun 18, 2018

Choose a reason for hiding this comment

Uh oh!

lukateras Jun 18, 2018

Choose a reason for hiding this comment

Uh oh!

peti commented Jun 20, 2018

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

jtojnar commented Apr 3, 2018 •

edited

Loading

lukateras commented Jun 15, 2018 •

edited

Loading