When building sys-fs/cryptsetup-2.3.4 (and 2.3.5) with -argon2, the default PBKDF function for LUKS2 is still set to argon2. This means a plain `cryptsetup luksFormat` always fails with an obscure error, as tries and fails to use the missing argon2 support: # cryptsetup luksFormat /dev/foo WARNING! ======== This will overwrite data on /dev/foo irrevocably. Are you sure? (Type 'yes' in capital letters): YES Enter passphrase for /dev/foo: Verify passphrase: Not compatible PBKDF options. Requested maximum PBKDF memory cannot be zero. The ebuild should pass --with-luks2-pbkdf=pbkdf2 when the argon2 USE flag is disabled, so that it is built with working defaults. This is related to #641182, but that fix was incomplete. The ebuild should be +argon2 by default indeed, but if disabled by the user, the default algorithm should also be changed to keep things working.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6b4747fd6f5917f28a1756a24f9760f49813fbb commit d6b4747fd6f5917f28a1756a24f9760f49813fbb Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2021-04-28 08:19:58 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2021-04-28 08:21:58 +0000 sys-fs/cryptsetup: Revbump to fix default pw-hashing with USE="-argon2" Thanks-to: Hector Martin <marcan@marcan.st> Closes: https://bugs.gentoo.org/786372 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> .../cryptsetup/{cryptsetup-2.3.4.ebuild => cryptsetup-2.3.4-r1.ebuild} | 1 + .../cryptsetup/{cryptsetup-2.3.5.ebuild => cryptsetup-2.3.5-r1.ebuild} | 1 + 2 files changed, 2 insertions(+)