Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 350105

Summary: sys-fs/cryptsetup-1.2.0: USE=-dynamic does not produce a static cryptsetup
Product: Gentoo Linux Reporter: Casey Carter <rockear>
Component: [OLD] Core systemAssignee: Gentoo's Team for Core System packages <base-system>
Status: RESOLVED FIXED    
Severity: major CC: gef.kornflakes, kripton
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: Fix ebuild for USE="-dynamic"

Description Casey Carter 2010-12-30 00:02:31 UTC 
cryptsetup-1.2.0 always builds a dynamically-linked version of /sbin/cryptsetup. This is a problem for anyone using genkernel (at least as of genkernel 3.4.10.908) to build a kernel/initrd with LUKS support, because the genkernel build procedure demands a statically-linked cryptsetup.


Reproducible: Always

Steps to Reproduce:
1. Update to sys-fs/cryptsetup-1.2.0.
2. genkernel --luks all

Actual Results:  
Observe how the message "LUKS support requires static cryptsetup at /bin/cryptsetup or /sbin/cryptsetup\nNot including LUKS support" flashes by, but a LUKS-less initrd is installed to /boot anyway.

Expected Results:  
cryptsetup should be built statically by default, or at the very least pay attention to whether the "static" USE flag is set or not.

This could be a serious problem for people who, like me, are booting an encrypted root partition; see for example
<http://en.gentoo-wiki.com/wiki/Booting_encrypted_system_from_USB_stick>

If you don't notice that the new initrd -- which has just overwritten the previous initrd on the USB stick -- doesn't have LUKS support, you could easily end up with an unbootable system.
Comment 1 Gef 2010-12-30 10:50:51 UTC 
Created attachment 258427 [details, diff]
Fix ebuild for USE="-dynamic"

Trivial fix for the currently in-tree ebuild. There have been changes in the naming of ./configure options between 1.1.3 and 1.2.0.
Anyway, the handling of dynamic building USE flag may be a little misleading. How about ditching that dynamic USE flag for a new static USE flag, handled sys-fs/lvm2 does ?
Comment 2 Gef 2010-12-30 10:58:42 UTC 
However the previous fix won't help you, because looking at /usr/share/genkernel/gen_initramfs.sh, genkernel tests /bin/cryptsetup and /sbin/cryptsetup for a static candidate, though sys-fs/cryptsetup-1.2.0 installs its static binary as /sbin/cryptsetup.static

Added genkernel team in the CC list
Comment 3 SpanKY gentoo-dev 2010-12-30 17:08:05 UTC 
cryptsetup has no USE=static flag, so its status is meaningless
Comment 4 SpanKY gentoo-dev 2010-12-30 17:11:11 UTC 
although now that we have newer EAPI's, the need to invert USE flag logic is no longer necessary.  cryptsetup-1.2.0-r1 has IUSE=+static now.
Comment 5 jannis 2011-01-01 21:20:02 UTC 
So, why does this ebuild have the "static" USE-flag set by default? S.o. not using cryptsetup in an initrd rather wants a dynamically linked version.
I don't know exactly against which libs cryptsetup links but am I right that if it uses ncurses and I update ncurses, the statically linked version still uses the old version of ncurses? So I would have to re-emerge cryptsetup every time I update a library it links against to have it use the latest versions?
Comment 6 SpanKY gentoo-dev 2011-01-01 21:32:34 UTC 
cryptsetup has always built statically by default.  it uses a lot of libs from /usr which may be on a sep partition.

if you dont want it statically linked, then add USE=-static to your config.
Comment 7 Matt 2011-01-01 22:41:15 UTC 
anyone experienced that emerging sys-fs/cryptsetup-1.2.0-r1 ended up in an error 14 in your running system and that it couldn't boot with the version included in genkernel ?

e.g.: cryptsetup[1226]: segfault at ffffffffffffffff ip ffffffffffffffff sp 00007fffa8e03368 error 14


at bootup for me it said that there wasn't any luks header on my partition - strange - probably because it had crashed before being able to detect one

I know I should open up a new bug - but this is somehow related to this one and might interest the ones subscribed to this bug
Comment 8 SpanKY gentoo-dev 2011-01-02 01:50:18 UTC 
you're right ... you should be opening a new bug