From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr1-x441.google.com (mail-wr1-x441.google.com [IPv6:2a00:1450:4864:20::441]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Sun, 29 Mar 2020 16:09:59 +0200 (CEST) Received: by mail-wr1-x441.google.com with SMTP id s1so17746720wrv.5 for ; Sun, 29 Mar 2020 07:09:59 -0700 (PDT) References: <20200329102015.GA13364@tansi.org> From: Milan Broz Message-ID: Date: Sun, 29 Mar 2020 16:09:56 +0200 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Why is the chk_luks_keyslots tool not routinely included? List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Jordan Glover , Arno Wagner Cc: "dm-crypt@saout.de" On 29/03/2020 14:34, Jordan Glover wrote: > On Sunday, March 29, 2020 10:20 AM, Arno Wagner wrote: > >> I think that is a decision by the distros. I am certainly >> willing to maintain it for the foreseeable future. It is >> not really much effort. > > The distros just do "make install" [1]. I think it's upstream who decides what this command does. > > [1] https://git.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/cryptsetup#n39 My plan was to include this check in repair command instead of adding additional binary. (The code could remain basically the same.) With LUKS2 we can store other data in binary keyslot area (depends on type), so it need a little bit more work but it should not be a big problem. Please report an issue for it, that helps to not forget about it. Thanks, Milan