From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id YvVQTRnkg8MF for <dm-crypt@saout.de>;
 Mon,  7 Jan 2013 09:53:55 +0100 (CET)
Received: from mail-wg0-f45.google.com (mail-wg0-f45.google.com [74.125.82.45])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Mon,  7 Jan 2013 09:53:55 +0100 (CET)
Received: by mail-wg0-f45.google.com with SMTP id dq12so9199769wgb.0
 for <dm-crypt@saout.de>; Mon, 07 Jan 2013 00:53:54 -0800 (PST)
Message-ID: <50EA8D1F.20205@gmail.com>
Date: Mon, 07 Jan 2013 09:53:51 +0100
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <50DF635C.90003@gmail.com> <20121230083814.GA12005@tansi.org>
 <5f058e3c77fb70c10ba5e65e077baa3e.squirrel@ssl.verfeiert.org>
 <20121230102039.GA12533@tansi.org> <50E02816.9000001@gmail.com>
 <1357474572.2800.50.camel@scapa> <50E9A54F.1060203@gmail.com>
 <1357539821.2800.67.camel@scapa>
In-Reply-To: <1357539821.2800.67.camel@scapa>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] [ANNOUNCE] cryptsetup 1.6.0-rc1
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: Yves-Alexis Perez <corsac@debian.org>
Cc: dm-crypt@saout.de


On 01/07/2013 07:23 AM, Yves-Alexis Perez wrote:
> On dim., 2013-01-06 at 17:24 +0100, Milan Broz wrote:
>>> Is this really the proper fix? Usually, userland needing headers
>> more
>>> recent than what's in linux-libc-dev should embed them, and
>> correctly
>>> handle at runtime if the interfaces are available.
>>
>> These are two separate problems
>> - you need to compile it on system where new header/kernel is not
>> available
>> - you need to detect that current kernel is not able to use
>> userspace crypto API interface (this includes missing module etc.)
>>
>> Both should be handled already.
>>
>>> What happens here if cryptsetup is built on a recent enough kernel
>> where
>>> the header is present, and then run on an old kernel? Will it fail
>>> gracefully?
>>
>> It should print something like
>> ...
>> Required kernel crypto interface not available.
>> Ensure you have algif_skcipher kernel module loaded.
> 
> Good. And what happens if cryptsetup is built on an old box not having
> recent enough headers (typically a buildd) but is run on a box with
> recent kernels? I guess there's no support, while, when headers are
> embedded, they would be available.

The same as above. Kernel crypto api is just new AF_ALG socket interface,
if is is not known to kernel, or the command fails, it should fail
the same way like kernel is compiled without it.

(TBH if is not clear how to properly detect it otherwise than just
try to use it... but that works).

Milan