* To anyone experiencing weird 'keyslot open failed' issues with cryptsetup
@ 2025-01-12 8:17 45mg
0 siblings, 0 replies; only message in thread
From: 45mg @ 2025-01-12 8:17 UTC (permalink / raw)
To: guix-devel, help-guix
Hi Guix,
There is currently a bug in libgcrypt affecting cryptsetup, that can
cause it to fail to create and open containers in some cases:
https://gitlab.com/cryptsetup/cryptsetup/-/issues/922
I encountered this when using the Guix installer and trying to open and
retrieve stuff from some very old containers of mine. The issue linked
above specifies `--pbkdf argon2i`, but I can confirm it also happens if
the container was created with `--pbkdf pbkdf2`. The current packaged
version of libgcrypt is 1.10.1, so I can confirm that this issue goes
back at least that far.
While the issue is fixed upstream [1], the fix came after the 1.11.0
release. 1.11.0 was released only six months ago [2], so the next
release may not be for a while.
For now, you can work around this by building cryptsetup with openssl,
and using that:
--8<---------------cut here---------------start------------->8---
(define-public cryptsetup-openssl
(package
(inherit cryptsetup)
(name "cryptsetup-openssl")
(arguments
(substitute-keyword-arguments (package-arguments cryptsetup)
((#:configure-flags flags ''())
`(map
(lambda (s)
(if (equal? s "--with-crypto_backend=gcrypt")
"--with-crypto_backend=openssl"
s))
,flags))))
(inputs (modify-inputs (package-inputs cryptsetup)
(delete libgcrypt)
(append openssl)))))
--8<---------------cut here---------------end--------------->8---
(I could send a patch to add this in Guix, but I'm currently waiting
either until my open patch [5] gets reviewed and into Guix, or to figure
out how to do an authenticated personal fork that I can apply my
not-yet-accepted patches to and pull from [3][4], before I contribute
new ones. Anyone who thinks this package makes sense in Guix is welcome
to do so themselves. Or you can just throw this into your system config,
like I did.)
At any rate - I'm sending this here because I found it really hard to
turn up that cryptsetup issue via a web search, and then to realize that
it's relevant to me. I haven't seen it reported in any of the popular
linux or distro-specific forums, probably because most distros build
cryptsetup with openssl. Hopefully this helps with that. I nearly gave
up on installing Guix because of it.
Good luck,
45mg
[1] https://dev.gnupg.org/rC28327dba6b5ffae4a5e33da827fe0e2b48e99adb
[2] https://dev.gnupg.org/rC9d94d7846cde272b8b1519ba96e53967bf0b90d2
[3] https://lists.gnu.org/archive/html/help-guix/2023-09/msg00010.html
[4] https://lists.gnu.org/archive/html/help-guix/2025-01/msg00093.html
[5] https://issues.guix.gnu.org/75145
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-01-12 8:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-12 8:17 To anyone experiencing weird 'keyslot open failed' issues with cryptsetup 45mg
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).