From unknown Tue Sep 23 12:56:10 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#53005 <53005@debbugs.gnu.org> To: bug#53005 <53005@debbugs.gnu.org> Subject: Status: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF Reply-To: bug#53005 <53005@debbugs.gnu.org> Date: Tue, 23 Sep 2025 19:56:10 +0000 retitle 53005 cryptsetup-static aborts opening LUKS2 volume with Argon2i PB= KDF reassign 53005 guix submitter 53005 Simon South severity 53005 serious tag 53005 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 04 09:37:10 2022 Received: (at submit) by debbugs.gnu.org; 4 Jan 2022 14:37:10 +0000 Received: from localhost ([127.0.0.1]:37178 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n4kw2-0002pa-In for submit@debbugs.gnu.org; Tue, 04 Jan 2022 09:37:10 -0500 Received: from lists.gnu.org ([209.51.188.17]:51348) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n4kvy-0002pP-5A for submit@debbugs.gnu.org; Tue, 04 Jan 2022 09:37:09 -0500 Received: from eggs.gnu.org ([209.51.188.92]:46834) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n4kvw-00057d-Dn for bug-guix@gnu.org; Tue, 04 Jan 2022 09:37:05 -0500 Received: from mailout.easymail.ca ([64.68.200.34]:51134) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1n4kvs-0006Gr-HU for bug-guix@gnu.org; Tue, 04 Jan 2022 09:37:02 -0500 Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id A6E60C7F25 for ; Tue, 4 Jan 2022 14:36:58 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at emo01-pco.easydns.vpn Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo01-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id drz7Gi5X590v for ; Tue, 4 Jan 2022 14:36:58 +0000 (UTC) Received: from mars (23-233-96-244.cpe.pppoe.ca [23.233.96.244]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id 6033AC7F1A for ; Tue, 4 Jan 2022 14:36:58 +0000 (UTC) From: Simon South To: bug-guix@gnu.org Subject: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF Date: Tue, 04 Jan 2022 09:36:57 -0500 Message-ID: <87v8yz1sae.fsf@simonsouth.net> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=64.68.200.34; envelope-from=simon@simonsouth.net; helo=mailout.easymail.ca X-Spam_score_int: -22 X-Spam_score: -2.3 X-Spam_bar: -- X-Spam_report: (-2.3 / 5.0 requ) RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) Currently cryptsetup from the "cryptsetup-static" package is unable to open LUKS2 encrypted volumes that use the Argon2i key-derivation algorithm, the default for LUKS2. It catches SIGABRT and exits without opening the volume. This appears to be a regression following the merge of the core-updates-frozen branch and because of it, I'm unable to boot into an up-to-date system as there is no way to get past the "Enter passphrase" prompt at startup. I've verified this on both AArch64 and x86-64. To reproduce: 1. Ensure the "cryptsetup" package is installed in your profile and that "cryptsetup-static", the statically-linked equivalent added to the initrd and used during startup, is available on your system: guix install cryptsetup guix build --verbosity=2 cryptsetup-static 2. Create a file containing a dummy LUKS2 volume: truncate -s 32M ./dummy-luks-volume cryptsetup luksFormat --type luks2 ./dummy-luks-volume Make sure the Argon2i PBKDF algorithm was selected during formatting: cryptsetup luksDump ./dummy-luks-volume | grep argon This should output "PBKDF: argon2i". 3. Verify the volume can be opened using the regular cryptsetup tool: sudo cryptsetup open --type luks ./dummy-luks-volume dummy-volume ls /dev/mapper/dummy-volume sudo cryptsetup close /dev/mapper/dummy-volume 4. Now try opening the volume using the statically-linked cryptsetup: sudo `guix build cryptsetup-static`/sbin/cryptsetup open \ --type luks ./dummy-luks-volume dummy-volume ls /dev/mapper/dummy-volume You should find (on most runs, at least) after you enter the passphrase the tool exits with "Aborted" and with no entry added beneath /dev/mapper. -- Simon South simon@simonsouth.net From debbugs-submit-bounces@debbugs.gnu.org Tue Jan 04 09:45:02 2022 Received: (at 53005) by debbugs.gnu.org; 4 Jan 2022 14:45:02 +0000 Received: from localhost ([127.0.0.1]:37191 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n4l3d-00033g-FZ for submit@debbugs.gnu.org; Tue, 04 Jan 2022 09:45:02 -0500 Received: from mailout.easymail.ca ([64.68.200.34]:34982) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n4l3b-00033S-9X for 53005@debbugs.gnu.org; Tue, 04 Jan 2022 09:45:00 -0500 Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 82A8C415B6 for <53005@debbugs.gnu.org>; Tue, 4 Jan 2022 14:44:53 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at emo02-pco.easydns.vpn Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo02-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QUltsVj00FPE for <53005@debbugs.gnu.org>; Tue, 4 Jan 2022 14:44:53 +0000 (UTC) Received: from mars (23-233-96-244.cpe.pppoe.ca [23.233.96.244]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id 3C6BA41329 for <53005@debbugs.gnu.org>; Tue, 4 Jan 2022 14:44:53 +0000 (UTC) From: Simon South To: 53005@debbugs.gnu.org Subject: Re: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF Date: Tue, 04 Jan 2022 09:44:52 -0500 Message-ID: <87sfu31rx7.fsf@simonsouth.net> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 53005 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) This seems to be caused by the symbol "__pthread_key_create" being absent from cryptsetup's symbol table during linking, even though it is meant to be exported explicitly by glibc. The fundamental issue is that cryptsetup's Argon2i implementation (and thus cryptsetup itself) is multithreaded, but libgcc[0], a low-level runtime library used by the compiler, is unaware of this fact. Consequently libgcc's stack-unwinding code skips the use of a mutex that would normally synchronize data access among multiple threads, allowing a race condition to develop when two or more threads try to exit simultaneously. One thread will fail to locate its frame-descriptor entry, causing NULL to be returned by libgcc's _Unwind_Find_FDE() function (libgcc/unwind-dw2-fde.c:1029), leading to an assertion failing (in uw_init_context_1() at libgcc/unwind-dw2.c:1593) and abort() being called, terminating the process. The underlying failure is indicated in a comment in gcc's code, at libgcc/gthr-posix.h:215. libgcc uses the presence of specific symbols in a program's symbol table to infer whether or not the program is multithreaded: For a program to be multi-threaded the only thing that it certainly must be using is pthread_create. However, there may be other libraries that intercept pthread_create with their own definitions to wrap pthreads functionality for some purpose. In those cases, pthread_create being defined might not necessarily mean that libpthread is actually linked in. For the GNU C library, we can use a known internal name. This is always available in the ABI, but no other library would define it. That is ideal, since any public pthread function might be intercepted just as pthread_create might be. __pthread_key_create is an "internal" implementation symbol, but it is part of the public exported ABI. Also, it's among the symbols that the static libpthread.a always links in whenever pthread_create is used, so there is no danger of a false negative result in any statically-linked, multi-threaded program. It seems the final sentence is no longer true, at least in recent versions of Guix. Building the "cryptsetup-static" package with "#:strip-binaries? #f" and dumping the resulting binary's symbol table with "objdump -t" shows "pthread_create" is present but not "__pthread_key_create". This seems to be why libgcc's __gthread_active_p() always returns false, turning wrapper functions like __gthread_mutex_lock() into no-ops and effectively disabling the use of the mutex in _Unwind_Find_FDE(). The question then is why this symbol either is no longer being exported by glibc or is being dropped at some point during cryptsetup's compilation. (Other packages may be affected as well: Even the regular, dynamically-linked cryptsetup shows this problem, but avoids a crash by not invoking libgcc's stack-unwinding routines.) I'll keep working on this but having gotten this far, I'm hoping someone else has some insight. [0] https://gcc.gnu.org/onlinedocs/gccint/Libgcc.html -- Simon South simon@simonsouth.net From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 07 20:52:41 2022 Received: (at 53005) by debbugs.gnu.org; 8 Jan 2022 01:52:41 +0000 Received: from localhost ([127.0.0.1]:46116 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n60uP-0003jm-8H for submit@debbugs.gnu.org; Fri, 07 Jan 2022 20:52:41 -0500 Received: from mailout.easymail.ca ([64.68.200.34]:48606) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n60uM-0003jX-9e for 53005@debbugs.gnu.org; Fri, 07 Jan 2022 20:52:40 -0500 Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 10D2B80588 for <53005@debbugs.gnu.org>; Sat, 8 Jan 2022 01:52:32 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at emo03-pco.easydns.vpn Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo03-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IO78A-Khw3_o for <53005@debbugs.gnu.org>; Sat, 8 Jan 2022 01:52:31 +0000 (UTC) Received: from laptop (23-233-96-244.cpe.pppoe.ca [23.233.96.244]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id C9AFC8051A for <53005@debbugs.gnu.org>; Sat, 8 Jan 2022 01:52:31 +0000 (UTC) From: Simon South To: 53005@debbugs.gnu.org Subject: Re: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF Date: Fri, 07 Jan 2022 20:52:31 -0500 Message-ID: <87ee5jt2n4.fsf@simonsouth.net> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 53005 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) After some testing I've found the regression was introduced in commits f32a6055a5 and e0f31baacc, "build-system/gnu: strip with --strip-unneeded", which replace "--strip-debug" with "--strip-unneeded" for packages that use the GNU build system. It seems this is now stripping a bit too much. The solution may be as simple as undoing this change in (at least) the "static-package" function (guix/build-system/gnu.scm:211). Alternatively we may need to add a "--keep-symbol" flag in a few places. I'm continuing to investigate. -- Simon South simon@simonsouth.net From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 07 22:14:31 2022 Received: (at control) by debbugs.gnu.org; 8 Jan 2022 03:14:31 +0000 Received: from localhost ([127.0.0.1]:46166 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n62Ba-000616-S2 for submit@debbugs.gnu.org; Fri, 07 Jan 2022 22:14:30 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:37899) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n62BX-00060p-IF for control@debbugs.gnu.org; Fri, 07 Jan 2022 22:14:29 -0500 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 505465C0163; Fri, 7 Jan 2022 22:14:22 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Fri, 07 Jan 2022 22:14:22 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:message-id:mime-version:content-type; s=mesmtp; bh=4+NE4F6rOf3LNVU9WyWuv2wuhTpBFZHT/oPOzqqz6cQ=; b=zWXwTNGoS9p8 9AdtMx0hBco0AcrXqfiRLvMsp16pdQTbwUOArlzkjBBGEtM7u3D3JOVKIjhoYM0W BHBT5dQcHWrxPDkiQBnhH2mIkxOsISELusk3IJEIfPtpQ9BzKNxtdiZm2rpwCuNm TN7qVkRU7h/NqU1fZoaKE5Ml0AWWJ5I= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=4+NE4F6rOf3LNVU9WyWuv2wuhTpBFZHT/oPOzqqz6 cQ=; b=kNBEc5ZJm+jqWRVFe+r2EXOkrxIR9wGqpHOA6KTDYL/VOYB3co5na84MT G/78CcfMR/IoOHg5fpTRxRi5aBX7RtyujaKNYR/g+hPiQdUwxYFkLwehWx2e+Jnr eNhbH8iDBNVxqWRNjZ9OZnzW3BYMkVb7zHgTUoy5EEuPKUmIpT87j4bGNapW54Ng JS2eyKSSWN8aMHeXY7hwVk4gsppRh5+3LS8w8wpf+72AGD4cSe1gsZh0C1BFQqzK Lnrjk7xaStfm1klXATUqS1rNTJou3OYfFLhpXOj39rbqv7b1OT/B3bi6G689uF0V LB14/cRBtigLk6ZcSHVrUE6thLijg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvuddrudegfedgheeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucfgmhhpthihuchsuhgsjhgvtghtucdluddtmdenuc fjughrpeffhffvkfggtggusehttdortddttddvnecuhfhrohhmpefnvghoucfhrghmuhhl rghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrghtthgvrhhnpe evieeugedvheeugfetveefjefgtdfgveegvefhieetheetueeftdeifeeggfeiheenucev lhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghosehfrg hmuhhlrghrihdrnhgrmhgv X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Fri, 7 Jan 2022 22:14:22 -0500 (EST) Date: Fri, 7 Jan 2022 22:14:20 -0500 From: Leo Famulari To: control@debbugs.gnu.org Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: severity 53005 serious Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/, low trust [66.111.4.28 listed in list.dnswl.org] 0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3) [66.111.4.28 listed in wl.mailspike.net] 1.8 MISSING_SUBJECT Missing Subject: header 0.2 NO_SUBJECT Extra score for no subject 0.0 RCVD_IN_MSPIKE_WL Mailspike good senders X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.3 (/) severity 53005 serious From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 10 18:35:04 2022 Received: (at 53005) by debbugs.gnu.org; 10 Jan 2022 23:35:04 +0000 Received: from localhost ([127.0.0.1]:53544 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n74Bs-0005Uw-8T for submit@debbugs.gnu.org; Mon, 10 Jan 2022 18:35:04 -0500 Received: from mailout.easymail.ca ([64.68.200.34]:60592) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n74Bp-0005UE-Mj for 53005@debbugs.gnu.org; Mon, 10 Jan 2022 18:35:03 -0500 Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 2CF292D554 for <53005@debbugs.gnu.org>; Mon, 10 Jan 2022 23:34:56 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at emo02-pco.easydns.vpn Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo02-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XBNMhPsRTTVy for <53005@debbugs.gnu.org>; Mon, 10 Jan 2022 23:34:55 +0000 (UTC) Received: from localhost.localdomain (23-233-96-244.cpe.pppoe.ca [23.233.96.244]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id CA0762D570 for <53005@debbugs.gnu.org>; Mon, 10 Jan 2022 23:34:55 +0000 (UTC) From: Simon South To: 53005@debbugs.gnu.org Subject: [PATCH 1/1] gnu: glibc: Preserve "__pthread_key_create" symbol. Date: Mon, 10 Jan 2022 18:34:26 -0500 Message-Id: <7e85b4a230a68240759120e8440ea77cf1d6e927.1641856285.git.simon@simonsouth.net> X-Mailer: git-send-email 2.34.0 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 53005 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Avoid a potential crash in multithreaded applications by preserving the pthread library's "__pthread_key_create" symbol, used by libgcc to detect the use of threads in an application. Fixes . * gnu/packages/base.scm (glibc)[arguments]: Add "#:strip-flags" with "--keep-symbol=__pthread_key_create" appended to the default set. --- gnu/packages/base.scm | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 12e4de52d4..68c85dcdd5 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -795,6 +795,16 @@ (define-public glibc '())) #:tests? #f ; XXX + + #:strip-flags '("--strip-unneeded" + "--enable-deterministic-archives" + + ;; Preserve the symbol "__pthread_key_create" in the + ;; pthread library as this is used by libgcc to detect + ;; the use of threads in an application. + ;; See https://issues.guix.gnu.org/53005. + "--keep-symbol=__pthread_key_create") + #:phases (modify-phases %standard-phases (add-before 'configure 'pre-configure -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 10 18:35:05 2022 Received: (at 53005) by debbugs.gnu.org; 10 Jan 2022 23:35:05 +0000 Received: from localhost ([127.0.0.1]:53546 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n74Bs-0005Uy-KH for submit@debbugs.gnu.org; Mon, 10 Jan 2022 18:35:04 -0500 Received: from mailout.easymail.ca ([64.68.200.34]:60586) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n74Bp-0005UD-PI for 53005@debbugs.gnu.org; Mon, 10 Jan 2022 18:35:03 -0500 Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 158302D57D for <53005@debbugs.gnu.org>; Mon, 10 Jan 2022 23:34:56 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at emo02-pco.easydns.vpn Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo02-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BcsIajboVB4z for <53005@debbugs.gnu.org>; Mon, 10 Jan 2022 23:34:55 +0000 (UTC) Received: from localhost.localdomain (23-233-96-244.cpe.pppoe.ca [23.233.96.244]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id ACE712D554 for <53005@debbugs.gnu.org>; Mon, 10 Jan 2022 23:34:55 +0000 (UTC) From: Simon South To: 53005@debbugs.gnu.org Subject: Re: bug#53005: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF Date: Mon, 10 Jan 2022 18:34:25 -0500 Message-Id: X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 53005 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Here's a patch that fixes this problem by modifying the glibc package so the "__pthread_key_create" symbol in its pthread library is preserved, as opposed to being stripped off as it is today. This tests fine for me on both AArch64 and x86-64: Stepping through the code in gdb I can see libgcc's __gthread_active_p() is now returning true, and both cryptsetup tools now open a LUKS2 volume without issue. So far nothing else seems to be affected. This is the smallest and least-intrusive fix I can think of though I expect it will still result in a large number of packages being rebuilt. -- Simon South simon@simonsouth.net Simon South (1): gnu: glibc: Preserve "__pthread_key_create" symbol. gnu/packages/base.scm | 10 ++++++++++ 1 file changed, 10 insertions(+) base-commit: e2d8125a5c6d4338749e6bf8882f220395b25275 -- 2.34.0 From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 10 18:39:49 2022 Received: (at control) by debbugs.gnu.org; 10 Jan 2022 23:39:49 +0000 Received: from localhost ([127.0.0.1]:53551 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n74GT-0005cu-Ae for submit@debbugs.gnu.org; Mon, 10 Jan 2022 18:39:49 -0500 Received: from mailout.easymail.ca ([64.68.200.34]:44202) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n74GE-0005cJ-As for control@debbugs.gnu.org; Mon, 10 Jan 2022 18:39:48 -0500 Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 15493731F2 for ; Mon, 10 Jan 2022 23:39:29 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at emo05-pco.easydns.vpn Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo05-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EEM0_hgpBsnU for ; Mon, 10 Jan 2022 23:39:28 +0000 (UTC) Received: from jupiter (23-233-96-244.cpe.pppoe.ca [23.233.96.244]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id D11F96CACD for ; Mon, 10 Jan 2022 23:39:28 +0000 (UTC) From: Simon South To: control@debbugs.gnu.org Subject: control message for bug #53005 Date: Mon, 10 Jan 2022 18:39:01 -0500 Message-ID: <87fspvduui.fsf@simonsouth.net> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) tags 53005 + patch quit From debbugs-submit-bounces@debbugs.gnu.org Wed Jan 12 14:22:05 2022 Received: (at 53005) by debbugs.gnu.org; 12 Jan 2022 19:22:05 +0000 Received: from localhost ([127.0.0.1]:59148 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n7jC9-0003nK-Gq for submit@debbugs.gnu.org; Wed, 12 Jan 2022 14:22:05 -0500 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]:44229) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n7jC7-0003mo-TE for 53005@debbugs.gnu.org; Wed, 12 Jan 2022 14:22:04 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 0E0AE3200F76; Wed, 12 Jan 2022 14:21:57 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Wed, 12 Jan 2022 14:21:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=mesmtp; bh=4iZn2xMMOw1pkvR1WI3MyJhR rYTAjT4ogJA227BMG6o=; b=hL3jy6FC7eF+wwq5iGF91sG0tzGfvtN2HXdgf9kV bK5aRu0wbizMkhnX1ySgl/x0oJv1QaFKSFSCpgux1CFxJDV9f25CC8T90PcBS/Dy JEeyEFKi5tMkQaGcvNXp025n3WoahepI8GZ9e68OFsZb3rYa3R1u1N/dok9VYksO 7co= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=4iZn2x MMOw1pkvR1WI3MyJhRrYTAjT4ogJA227BMG6o=; b=gkCFY3cU6qaaPjWxh3y8N4 QpMSnvJHcJrIemGHj9fWfdESrhKR5t8TdY1LWLXzoTh4frI+taewwF+M3RA6CDKR lPhPaCcRhswJwZWDezJiixYYX857j6AHTRlAf/EkEMSFzSCpn8mXLTxFyh0deWOj xai+5ip2iCLNhStqlKCdV62VHe1kDZef2vhY19PGO7mmoP4IQnMrfK/mcViv9RJ7 yT8Oo2CeRcBwWwfVnicp8KLLuvO9ue3v0yct40aYsz4O4RW5fjQOO+s5s7NiZl6i Wk36aOtYgFT3MaDzOImUeG4Wbw97ljCee8yata7m6sj6grpvTCGWLmeEJF4QkkMQ == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrtddugdellecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomhepnfgvohcuhfgr mhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrthhtvg hrnhepvddvudegffefiedttdfhfedvuefhgfekieekgeekveetgefhfeetgfegueduffei necuffhomhgrihhnpehgnhhurdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrg hrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghmvg X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 12 Jan 2022 14:21:57 -0500 (EST) Date: Wed, 12 Jan 2022 14:21:55 -0500 From: Leo Famulari To: Simon South Subject: Re: bug#53005: [PATCH 1/1] gnu: glibc: Preserve "__pthread_key_create" symbol. Message-ID: References: <7e85b4a230a68240759120e8440ea77cf1d6e927.1641856285.git.simon@simonsouth.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <7e85b4a230a68240759120e8440ea77cf1d6e927.1641856285.git.simon@simonsouth.net> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 53005 Cc: 53005@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On Mon, Jan 10, 2022 at 06:34:26PM -0500, Simon South wrote: > Avoid a potential crash in multithreaded applications by preserving the > pthread library's "__pthread_key_create" symbol, used by libgcc to detect the > use of threads in an application. > > Fixes . > > * gnu/packages/base.scm (glibc)[arguments]: Add "#:strip-flags" with > "--keep-symbol=__pthread_key_create" appended to the default set. Thanks for analysing this bug and sending a patch. Because the proposed fix changes glibc, it will require rebuilding the entire distro. That's expensive, so, we need to think about it some more before deciding what to do. First, how was the LUKS2 volume created? Was it created by Guix System? Is it the default type of LUKS volume created by Guix? I see that our cryptsetup package has "with-default-luks-format=LUKS1". I'm trying to understand how many users will be affected by this bug. Second, do other distros have to apply the same workaround with '--keep-symbol'? Like, is this problem widespread? Is Guix doing something wrong that requires the workaround? Sorry if you already answered these questions in your previous messages. From debbugs-submit-bounces@debbugs.gnu.org Wed Jan 12 16:22:34 2022 Received: (at 53005) by debbugs.gnu.org; 12 Jan 2022 21:22:34 +0000 Received: from localhost ([127.0.0.1]:59285 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n7l4k-00071g-5V for submit@debbugs.gnu.org; Wed, 12 Jan 2022 16:22:34 -0500 Received: from mailout.easymail.ca ([64.68.200.34]:48496) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1n7l4i-00071D-Ee for 53005@debbugs.gnu.org; Wed, 12 Jan 2022 16:22:32 -0500 Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 8BB4E6EEB5; Wed, 12 Jan 2022 21:22:26 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at emo05-pco.easydns.vpn Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo05-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G_cGWc6vNEZk; Wed, 12 Jan 2022 21:22:26 +0000 (UTC) Received: from laptop (23-233-96-244.cpe.pppoe.ca [23.233.96.244]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id 375E76DA55; Wed, 12 Jan 2022 21:22:26 +0000 (UTC) From: Simon South To: Leo Famulari Subject: Re: bug#53005: [PATCH 1/1] gnu: glibc: Preserve "__pthread_key_create" symbol. References: <7e85b4a230a68240759120e8440ea77cf1d6e927.1641856285.git.simon@simonsouth.net> Date: Wed, 12 Jan 2022 16:22:27 -0500 In-Reply-To: (Leo Famulari's message of "Wed, 12 Jan 2022 14:21:55 -0500") Message-ID: <878rvkodik.fsf@simonsouth.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 53005 Cc: 53005@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Leo Famulari writes: > First, how was the LUKS2 volume created? Was it created by Guix > System? No, this would've been a volume I created myself; I expect only users who are partitioning their drives manually or replacing an existing system would encounter this. The Guix manual actually instructs users to select a different PBKDF algorithm[0] for compatibility with GRUB, one that by coincidence does not appear to be affected[1]. However, remember this problem potentially affects _all_ packages that use threads in C or C++. It appears that dynamically-linked executables (i.e. the vast majority) generally sidestep the problem by avoiding any "dangerous" methods in libgcc, but there could still be crashing bugs elsewhere waiting to be discovered. > Is Guix doing something wrong that requires the workaround? This is all a consequence of stripping libraries with the "--strip-unneeded" option instead of "--strip-debug"[2], in the interest of reducing store sizes. The man page for "strip" describes it like this: --strip-unneeded Remove all symbols that are not needed for relocation processing. My personal opinion is that this option makes sense for executables but is too aggressive to use on libraries. - Unlike executables, we generally want to do more with a library than just relocate it. - Providing a rich set of symbols is normally a desirable feature of a library and not a bug. - Only at link time is it possible to say which of a library's symbols are truly relevant; therefore, the selection of symbols to retain should logically be performed by the linker, not an automated step during the library's packaging (outside of any link context). Specifically, it's impossible for us to predict cases like this one, where a symbol not obviously needed to use a library is nonetheless relied on by an application. However, Guix's gnu-build-system provides only a single "#:strip-flags" argument that is applied to all of a package's binaries. So, as an alternative solution, we could either extend that mechanism to allow different sets of flags to be applied to different types of binaries, or revert the changes (commits f32a6055a5 and e0f31baacc) altogether. I didn't expect either of those options would be popular, and truthfully, everything does appear to work okay (for now) with only this one change to glibc. [0] https://guix.gnu.org/en/manual/devel/en/html_node/Keyboard-Layout-and-Networking-and-Partitioning.html#Disk-Partitioning [1] But then, neither GRUB nor the Guix installer are commonly used on non-Intel systems. [2] Originally proposed in https://issues.guix.gnu.org/42555 -- Simon South simon@simonsouth.net From debbugs-submit-bounces@debbugs.gnu.org Sun May 01 05:49:45 2022 Received: (at submit) by debbugs.gnu.org; 1 May 2022 09:49:45 +0000 Received: from localhost ([127.0.0.1]:59570 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nl6D2-000294-Qu for submit@debbugs.gnu.org; Sun, 01 May 2022 05:49:45 -0400 Received: from lists.gnu.org ([209.51.188.17]:46240) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nl6D1-00028w-Bf for submit@debbugs.gnu.org; Sun, 01 May 2022 05:49:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:37482) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nl6D1-0001TA-4U for bug-guix@gnu.org; Sun, 01 May 2022 05:49:43 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:37169) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nl6Cy-0006w4-PF for bug-guix@gnu.org; Sun, 01 May 2022 05:49:42 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 848FF5C0116 for ; Sun, 1 May 2022 05:49:38 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Sun, 01 May 2022 05:49:38 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= tom-fitzhenry.me.uk; h=cc:content-transfer-encoding:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to; s=fm1; t=1651398578; x=1651484978; bh=7dpg1huTUpte7e2Ulow5/uvo2 YiTt3CoP6Z6bluv3Hc=; b=f7H4igZ4bQN6gtRf0/urG1dr0lpw4nii67UC258mi 633fGLFchWFiDx/ivC4DbFZtAX6ECm0x3EsQvE7XLUgbEZekb699Z51eWuBPWDiI ggBtjbM8kkcIq56CO7jvskwxiN9lP8AcaJuHqCAxClBNAcbSdtHGchYBcIGtUyld 4FHCA7ZWHb0VQ03Yx/FKmZhKp29Q8O5JL2Lg2VYqFGPkalsU/AJGYeTOSnrxkYPX V6cpm1UPgJV/x0Ns2MgAP3nzUH4OFgUXse5Nxic/Y2uvSsbmUzfqbnQ0UyQJbRUf uLurLi388tHLPS064FYmyoPm3qtny9llFblpzpPFRv+WA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1651398578; x=1651484978; bh=7dpg1huTUpte7e2Ulow5/uvo2YiT t3CoP6Z6bluv3Hc=; b=Oq+y0Y4D3Z9s69ZXzfJIkd11nNiSmKWIykhHgeTGruf8 NRb+cZHghcZsW/2Qb/lNpxZ8QnVYOr+0eSHjm0DUeb1aXLwrE03O3B5j+s0Mqh0W ihegwRaZX7AIMZaVoZPk8vvRfyhrD7+Iejj0JILa/9nO9CSQvvYjobk5/Bn+FNGp U1rpkEDWc39HE6WjLKV+/6rGBYNUSCBr3NFB1t2T+ee23nVaNKkaSMoCa5Z0o2va nj6QEFVkHw15WZdtCZc346YvCfKfTvzaBeOKkqv4oUHO6hnB9/8/niny8wlWgQW5 ERg44sdAWgMd/pXhWuKFS3USuLMG+EP8LpoVX82EbQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrvdefgddvtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepkfffgggfvfhfhffujggtgfesthejre dttdefjeenucfhrhhomhepvfhomhcuhfhithiihhgvnhhrhicuoehtohhmsehtohhmqdhf ihhtiihhvghnrhihrdhmvgdruhhkqeenucggtffrrghtthgvrhhnpeffhfeihfeifeetie efleeuleeljedvtefhkeelvdeujedtuefggeekffeileegveenucevlhhushhtvghrufhi iigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehtohhmsehtohhmqdhfihhtiihhvg hnrhihrdhmvgdruhhk X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Sun, 1 May 2022 05:49:37 -0400 (EDT) Message-ID: Date: Sun, 1 May 2022 19:49:34 +1000 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.8.0 Content-Language: en-US To: bug-guix@gnu.org References: <7e85b4a230a68240759120e8440ea77cf1d6e927.1641856285.git.simon@simonsouth.net> <878rvkodik.fsf@simonsouth.net> From: Tom Fitzhenry Subject: Re: bug#53005: [PATCH 1/1] gnu: glibc: Preserve "__pthread_key_create" symbol. In-Reply-To: <878rvkodik.fsf@simonsouth.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Received-SPF: pass client-ip=66.111.4.27; envelope-from=tom@tom-fitzhenry.me.uk; helo=out3-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) On 13/1/22 08:22, Simon South wrote: > No, this would've been a volume I created myself; I expect only users > who are partitioning their drives manually or replacing an existing > system would encounter this. +1. I encountered this while installing Guix on my pre-existing LUKS volume that I share with another distro. As a workaround to the immediate issue, I replaced my LUKS volume's argon2 key with a pbkdf2 key, via `cryptsetup luksAddKey --pbkdf pbkdf2 $DEV` and `cryptsetup luksRemoveKey $DEV`. Changing cryptographic algorithms introduces risk, which might not be right for everyone, however. From debbugs-submit-bounces@debbugs.gnu.org Thu Aug 18 23:37:56 2022 Received: (at 53005) by debbugs.gnu.org; 19 Aug 2022 03:37:56 +0000 Received: from localhost ([127.0.0.1]:57015 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oOspX-0003Hd-RN for submit@debbugs.gnu.org; Thu, 18 Aug 2022 23:37:56 -0400 Received: from [37.120.193.124] (port=57474 helo=mail.cock.li) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oOspS-0003HL-Gi for 53005@debbugs.gnu.org; Thu, 18 Aug 2022 23:37:55 -0400 User-agent: mu4e 1.8.7; emacs 28.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cock.li; s=mail; t=1660880263; bh=9jpZQ88zpLcwHY3C5T2x9JSCvggqvadnLkNkI4KwqIM=; h=From:To:Subject:Date:From; b=vs2soFWYg7BAezdmIFLrP86Q9ubddtGnOFg5FkAsY5RG4zFLWy971Ht3gbckCBT10 giudJTL4nYjo+HHF6SwP29vc9rGp0S6gbEnyPiHQDc2MI1AZpDx9zA+IQB5NV82OXp wwPEtHL5c5elGbNU/CqRgq6GFQykLOfsIFyM6bM9HtHHijLd1RYBC1bdVGerxSIjcd GwdxkLrXY2CuS07TTr2jeGzi3UTM+TDLRKGEegj3kyD23HEqGu13RgAtGhZRhayBi/ 6HOh1L/457YrUvFUacY6GZkf9F8KmaRAKZRD8EwRcqEnjq0I4cbIzWbceIJacEIgDR cNh+VqaEemK9w== From: angry rectangle To: 53005@debbugs.gnu.org Subject: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF Date: Thu, 18 Aug 2022 23:31:17 -0400 Message-ID: <87zgg0q4xq.fsf@cock.li> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: I too have been affected by this bug for a long time and hope it will be fixed one day. For end-users, attached is a drop-in workaround you can use to make guix utilize the old cryptsetup build. It's [...] Content analysis details: (1.3 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Debbugs-Envelope-To: 53005 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.3 (/) --=-=-= Content-Type: text/plain I too have been affected by this bug for a long time and hope it will be fixed one day. For end-users, attached is a drop-in workaround you can use to make guix utilize the old cryptsetup build. It's sloppy, but at least the system can boot again. Thanks for the research, Simon. --=-=-= Content-Type: text/plain Content-Disposition: attachment; filename=alt-luks-device-mapping.scm Content-Description: workaround ;; workaround for https://issues.guix.gnu.org/53005 ;; ;; How to use: ;; Run this code in your operating system config file. ;; Then replace `luks-device-mapping' with `alt-luks-device-mapping'. ;; ;; i may have forgotten some use-modules. use your brain if necessary. ;; to-do: it would be better to use package transformation procedures to fix cryptsetup from the current guix (use-modules (guix inferior) (guix channels) (srfi srfi-1)) (define channels (list (channel (name 'guix) (url "https://git.savannah.gnu.org/git/guix.git") (commit "0996fcc657593955845c2761d7eb0f656149fe11")))) (define inferior (inferior-for-channels channels)) (define old-cryptsetup-static (first (lookup-inferior-packages inferior "cryptsetup-static"))) (use-modules (gnu system uuid)) (use-modules (ice-9 match)) (use-modules (guix modules)) ;; copied from guix. ;; the whole point is to edit the `file-append' line. ;; (if i knew a way to modify gexp, this could simply modify the output of the old procedure.) (define (my-open-luks-device source targets) "Return a gexp that maps SOURCE to TARGET as a LUKS device, using 'cryptsetup'." (with-imported-modules (source-module-closure '((gnu build file-systems) (guix build utils))) ;; For mkdir-p (match targets ((target) #~(let ((source #$(if (uuid? source) (uuid-bytevector source) source))) ;; XXX: 'use-modules' should be at the top level. (use-modules (rnrs bytevectors) ;bytevector? ((gnu build file-systems) #:select (find-partition-by-luks-uuid system*/tty)) ((guix build utils) #:select (mkdir-p))) (mkdir-p "/run/cryptsetup/") (zero? (system*/tty #$(file-append old-cryptsetup-static "/sbin/cryptsetup") "open" "--type" "luks" (if (bytevector? source) (or (let loop ((tries-left 10)) (and (positive? tries-left) (or (find-partition-by-luks-uuid source) (begin (sleep 1) (loop (- tries-left 1)))))) (error "LUKS partition not found" source)) source) #$target))))))) (define alt-luks-device-mapping (mapped-device-kind (inherit luks-device-mapping) (open my-open-luks-device))) --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 07 14:59:58 2024 Received: (at 53005-done) by debbugs.gnu.org; 7 Feb 2024 19:59:58 +0000 Received: from localhost ([127.0.0.1]:57955 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rXo5O-0008Ke-Dt for submit@debbugs.gnu.org; Wed, 07 Feb 2024 14:59:58 -0500 Received: from mailout.easymail.ca ([64.68.200.34]:46350) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rXo5M-0008KR-DI for 53005-done@debbugs.gnu.org; Wed, 07 Feb 2024 14:59:57 -0500 Received: from localhost (localhost [127.0.0.1]) by mailout.easymail.ca (Postfix) with ESMTP id 9521A6936D for <53005-done@debbugs.gnu.org>; Wed, 7 Feb 2024 19:59:06 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at emo07-pco.easydns.vpn Received: from mailout.easymail.ca ([127.0.0.1]) by localhost (emo07-pco.easydns.vpn [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FpNzGNVykjPg for <53005-done@debbugs.gnu.org>; Wed, 7 Feb 2024 19:59:06 +0000 (UTC) Received: from earth (23-233-96-210.cpe.pppoe.ca [23.233.96.210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mailout.easymail.ca (Postfix) with ESMTPSA id 43EE66936B for <53005-done@debbugs.gnu.org>; Wed, 7 Feb 2024 19:59:06 +0000 (UTC) From: Simon South To: 53005-done@debbugs.gnu.org Subject: Re: bug#53005: cryptsetup-static aborts opening LUKS2 volume with Argon2i PBKDF In-Reply-To: <87v8yz1sae.fsf@simonsouth.net> (Simon South's message of "Tue, 04 Jan 2022 09:36:57 -0500") References: <87v8yz1sae.fsf@simonsouth.net> Date: Wed, 07 Feb 2024 14:59:05 -0500 Message-ID: <87jzng59me.fsf@simonsouth.net> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 53005-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) This issue was fixed with commit 6b6fb7872486, "gnu: glibc: Build with '--strip-debug' instead of '--strip-all'." -- Simon South simon@simonsouth.net From unknown Tue Sep 23 12:56:10 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 07 Mar 2024 12:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator