cryptsetup --type 'luks' can refer to LUKS v1 or v2 depending on build time configuration
Bug #1834851 reported by
Lee Yarwood
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
os-brick |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Bug #1831994 previously attempted to ensure LuksEncryptor volumes were formatted using the v1 header format by providing a type of `luks`. However it was missed that this type itself can point to v1 or v2 depending on build time options provided when compiling cryptsetup:
$ cryptsetup --version
cryptsetup 2.1.0
$ cryptsetup --help | grep for\ luksFormat\ action
Default compiled-in metadata format is LUKS2 (for luksFormat action).
We should just default to luks1 to avoid this.
To post a comment you must log in.
Reviewed: https:/ /review. opendev. org/668448 /git.openstack. org/cgit/ openstack/ os-brick/ commit/ ?id=97b085f448e 15269c28ed8adc6 0601894c470747
Committed: https:/
Submitter: Zuul
Branch: master
commit 97b085f448e1526 9c28ed8adc60601 894c470747
Author: Lee Yarwood <email address hidden>
Date: Mon Jul 1 12:31:23 2019 +0100
luks: Explicitly use the luks1 type to ensure LUKS v1 is used
I152fe10ff5 a3131950b789d3f d4efa15c554ff09 attempted to ensure LUKS default- luks-format= LUKS1` build time configuration
volumes were formatted using the LUKS v1 header format by using a type
of `luks`. However from cryptsetup 2.1.0 (incorrectly referenced as
2.0.6 in the previous change) this type can actually refer to the newer
LUKS v2 header format in environments where cryptsetup has not complied
with the `--with-
option [1].
This change now explicitly uses the luks1 type when formatting a device
to ensure the correct LUKS v1 header format is used.
[1] https:/ /gitlab. com/cryptsetup/ cryptsetup/ blob/master/ docs/v2. 1.0-ReleaseNote s
Closes-Bug: #1834851 a812d24d9d5ef59 8425ac5d5d4
Change-Id: I0010e9014c06a3