Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!
Not eligible to see or edit group visibility for this bug.
View Bug Activity | Format For Printing | XML | Clone This Bug
Truecrypt 4.2a-r1 can't be built with kernel 2.6.20. Probably an upstream issue... Reproducible: Always Steps to Reproduce: 1. emerge truecrypt Actual Results: emerge fails (see below) Expected Results: works /var/tmp/portage/app-crypt/truecrypt-4.2a-r1/work/truecrypt-4.2a/Linux/Kernel/Dm-target.c:444:41: Fehler: dem Makro »INIT_WORK« wurden 3 Argumente übergeben, aber es nimmt nur 2 /var/tmp/portage/app-crypt/truecrypt-4.2a-r1/work/truecrypt-4.2a/Linux/Kernel/Dm-target.c: In Funktion »truecrypt_endio«: /var/tmp/portage/app-crypt/truecrypt-4.2a-r1/work/truecrypt-4.2a/Linux/Kernel/Dm-target.c:444: Fehler: »INIT_WORK« nicht deklariert (erste Benutzung in dieser Funktion) /var/tmp/portage/app-crypt/truecrypt-4.2a-r1/work/truecrypt-4.2a/Linux/Kernel/Dm-target.c:444: Fehler: (Jeder nicht deklarierte Bezeichner wird nur einmal aufgeführt /var/tmp/portage/app-crypt/truecrypt-4.2a-r1/work/truecrypt-4.2a/Linux/Kernel/Dm-target.c:444: Fehler: für jede Funktion in der er auftritt.) make[2]: *** [/var/tmp/portage/app-crypt/truecrypt-4.2a-r1/work/truecrypt-4.2a/Linux/Kernel/Dm-target.o] Fehler 1 make[2]: *** Warte auf noch nicht beendete Prozesse... make[1]: *** [_module_/var/tmp/portage/app-crypt/truecrypt-4.2a-r1/work/truecrypt-4.2a/Linux/Kernel] Fehler 2 make[1]: Leaving directory `/usr/src/linux-2.6.20-gentoo' make: *** [truecrypt] Fehler 2 (sorry, I can't figure out how to change those error messages to english without having the whole system in english again - anyone?)
Created an attachment (id=109259) [details] Patch against changes in kernel 2.6.20
This really should be an upstream issue - the kernel API has changed. I've made a minimal patch that seems to work, above. 4.2a-r2, perhaps?
Kindly set your locales to C when reporting bugs.
Created an attachment (id=109273) [details] ebuild vs the new patch... for me it compiles on 2.6.20... what about you?
Created an attachment (id=109275) [details] Just added one line, to apply the patch Jouni attached (the patch must be saved as truecrypt-4.2a-2.6.20.patch)
Ok, firstly: I managed to get error messages in english (wasn't that hard, actually ;) LOCALE=C and LC_ALL=C). Secondly, I tried the patch in my local overlay, and it works perfectly. I have been reading around in the TrueCrypt forums, and there seems to be a weird schizophrenia about supporting Linux. They all seem to be very fed up with API changes on the kernel side, and they don't seem to care about releasing a new version of TrueCrypt because of those kind of issues at all. To cite a TrueCrypt developer: "It is important to note that this is not a bug in TrueCrypt. Due to the design of Linux, when the Linux kernel is updated, all third-party kernel modules (such as the TrueCrypt kernel module) often have to be recompiled for the new version of the Linux kernel. The reason for that is that the device driver interface is not guaranteed to remain unchanged in future versions of the Linux kernel. We realize that this is not very convenient for users. There have been attempts to establish a stable Linux kernel driver layer/API, which would solve these problems. Unfortunately, all of them appear to have failed." It seems we have a political issue here...
(From update of attachment 109275 [details]) Just added one line, to apply the patch Jouni attached (the patch must be saved as truecrypt-4.2a-2.6.20.patch)
Hello, 1. In the future, please submit ebuild diff, not the whole ebuild, I need to review only what you modify. 2. Upstream is very unresponsive for other changes too... 3. I use loop-aes encryption, I find it much better solution, all I can recommend is for you to look at it... Regards,
loop-aes is a electronic codebook (ecb) cipher system which is really weak. You could use a loopback file and use dm-crypt over the top which is a lot stronger cryptographically. Comment #6 from the Truecrypt devs comes from an unfortunate misconception that they need to maintain it separate from the kernel. I'm sure if they put the effort into it becoming mainstream they wouldn't have API change problems. Oh well. Their decision and their consequences.
(In reply to comment #9) > loop-aes is a electronic codebook (ecb) cipher system which is really weak. I disagree, loop-aes multi-key-v3 mode is the strongest encryption method available. "The AES cipher is used in CBC (cipher block chaining) mode <snip> Multi-key-v2 mode uses cryptographically more secure MD5 IV and 64 different AES keys to encrypt and decrypt sectors in the loop device. In multi-key mode first key is used for first sector, second key for second sector, and so on. Multi-key-v3 is same as multi-key-v2 except that it uses one extra 65th key as additional input to MD5 IV computation" > You could use a loopback file and use dm-crypt over the top which is a lot > stronger cryptographically. dm-crypt is much less secured, since it uses the old loop crypto mechanism. > Comment #6 from the Truecrypt devs comes from an unfortunate misconception that > they need to maintain it separate from the kernel. I'm sure if they put the > effort into it becoming mainstream they wouldn't have API change problems. > > Oh well. Their decision and their consequences. I contacted them regarding all our current patches, got a strange response stating that all is OK...
(In reply to comment #8) > 1. In the future, please submit ebuild diff, not the whole ebuild, I need to > review only what you modify. Aye > 3. I use loop-aes encryption, I find it much better solution, all I can > recommend is for you to look at it... The real strength of TrueCrypt lies in two other things: Cross-platform-ness (Windows/Linux, very important for me) and (for the extra-paranoid) plausible deniability. Also they worked out all the watermarking issues, and I would consider TrueCrypt _quite_ secure these days. This bitchiness about kernel API changes is really _the only_ thing that bothers me.
OK, although I cannot test it (not moved to 2.6.20 yet), I added this patch. Please confirm that it works for you.
Works for me, but that's to be expected. ;)
Also works perfectly for me, as you know already ;)
2.6.20 is stable now, and the current stable version of truecrypt doesn't compile against this kernel. Please mark 4.3 or whatever works as stable.
