[dm-crypt] Re: veritysetup and CentOS 8

[Milan Broz <gmazyland@gmail.com>]

Hi Catherine,

I do not want this to sound rude, but providing commercial
support for your company is not something we should do here.

We test compilation of upstream cryptsetup on Centos7 and 8.
All required devel packages are in associated repositories.

If your build servers cannot install required packages, that
is not an upstream package issue. The json-c is mandatory for LUKS2,
you have to provide it for building of the upstream package.
(Version 1.7.x is no longer maintained.)

For FEC - no, it is not required anywhere, I just used it
as an example that kernel can limit libcryptsetup functionality.

Milan


On 26/10/2021 10:13, Wei, Catherine wrote:
> Additional info:
> 
> We use this options to build the cryptsetup 1.7.5:
> 
>          --disable-shared \
> 
>          --disable-dependency-tracking \
> 
>          --disable-selinux \
> 
>          --disable-nls \
> 
>          --disable-udev \
> 
>          --disable-kernel_crypto \
> 
>          --with-crypto_backend=openssl
> 
> Best regards,
> 
> Catherine
> 
> *From:*Wei, Catherine
> *Sent:* 2021年10月26日16:08
> *To:* 'Milan Broz' <gmazyland@gmail.com>; 'dm-crypt@saout.de' <dm-crypt@saout.de>
> *Subject:* RE: [dm-crypt] veritysetup and CentOS 8
> 
> Hi if you have answers to the questions in following email, please let me know. Really appreciate if you’d help.
> 
> Best regards,
> 
> Catherine
> 
> *From:*Wei, Catherine
> *Sent:* 2021年10月18日15:02
> *To:* Milan Broz <gmazyland@gmail.com <mailto:gmazyland@gmail.com>>
> *Subject:* RE: [dm-crypt] veritysetup and CentOS 8
> 
> Hi Broz.
> 
> The reason we don’t want to use cryptsetup 2.0 is that it required new libs such as “json-c”and now many of our build servers haven’t install this library, and it also need us to make some modifications on gcc in the build servers.
> 
> We have only one centos 8 build server, and many centos 7 build servers. In CentOS 7 build server, the veritysetup (1.7.5) could run, but not on the one CentOS 8.
> 
> So we prefer to modify the only CentOS 8 to make the veritysetup command works instead of update all the CentOS 7 servers.
> 
> Regarding the
>>Also CentOS kernel has own options, not everything is available there (e.g. FEC support for dm-verity is not compiled in IIRC).
> 
> We run commands like this:
> 
> *“veritysetup format --no-superblock $our_rootdisk $verity_hashdevice”*
> 
> The veritysetup command was built from cryptsetup 1.7.5. Does this command require special support from kernel such as FEC support for dm-verity?
> 
> Best regards,
> 
> Catherine
> 
> *From:*Milan Broz <gmazyland@gmail.com <mailto:gmazyland@gmail.com>>
> *Sent:* 2021年10月15日16:27
> *To:* Wei, Catherine <catherine.wei@commscope.com <mailto:catherine.wei@commscope.com>>
> *Subject:* Re: [dm-crypt] veritysetup and CentOS 8
> 
> On 14/10/2021 10:23, Wei, Catherine wrote:
> 
>> Hi all,
> 
>> 
> 
>> I found that the veritysetup built from cryptsetup-1.7.5 couldn’t work in CentOS 8.2, when I run veritysetup command on the CentOS 8, it reported error:
> 
>> 
> 
>>  
> 
>> 
> 
>> veritysetup: /lib64/libc.so.6: version `GLIBC_2.28' not found (required by veritysetup)
> 
> This cannot happen, if you compile it properly.
> 
> Just use provided version from CentOS repo.
> 
> Also CentOS kernel has own options, not everything is available there (e.g. FEC support for dm-verity is not compiled in IIRC).
> 
> Anyway, this is upstream list, version 1.7.5 is 4 years old, why are you using that?
> 
> (CentOS8 stream repo provides 2.3.3, at least).
> 
> Milan
> 
> 
> _______________________________________________
> dm-crypt mailing list -- dm-crypt@saout.de
> To unsubscribe send an email to dm-crypt-leave@saout.de
> 
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de