losetup encryption not supported

A Precise Puppy tester reported that an encrypted save-file no longer works -- it could not be opened at next bootup. This applies to both light and heavy encryption.

I tested a light-encrypted save-file on the commandline:

# losetup-FULL -p 0 -E 1 /dev/loop2 precisesave_cryptx.2fs

losetup-FULL: --pass-fd is no longer supported: No such file or directory
losetup-FULL: encryption not supported, use cryptsetup(8) instead


The "full" losetup is in package 'util-linux', and a quick google revealed that encryption support for 'losetup' was removed mid-2012:
http://www.spinics.net/lists/util-linux-ng/msg06398.html

...this change also applies to 'mount-FULL'.

I think, at this stage of Precise Puppy 5.5's life-cycle, that I will take the easy way out and roll back to an earlier version of util-linux.
But, there's the catch, I compiled the latest util-linux out of git, to get f2fs support, used in Precise 5.4.93.

The versioning of util-linux is confusing. At one stage it was forked, as 'util-linux-ng', then, as the original project stalled, the fork merged back into 'util-linux'.
The freecode page gives a picture of this:
http://freecode.com/projects/util-linux
...it seems that version 2.21.2 was the merging of util-linux-ng back into util-linux.

I wonder if the f2fs patch can be applied to an earlier version (pre-mid-2012) of util-linux-ng?


Posted on 22 Feb 2013, 8:43


Comments:

Posted on 22 Feb 2013, 9:03 by BarryK
re util-linux-ng
No, freecode is not showing the true picture.
From here, I can see it better:
http://pkgs.fedoraproject.org/repo/pkgs/util-linux/

Version 2.19 is the one where util-linux-ng merged back into util-linux.

Version 2.21.2 was released May 2012, so still has the encryption support.

Personal note: I do wish that they had made the attempt to fix encryption, rather than remove the functionality. it's a cop-out.



Posted on 22 Feb 2013, 9:17 by BarryK
util-linux f2fs patch
Here is the f2fs patch:
http://git.kernel.org/?p=utils/util-linux/util-linux.git;a=patch;h=7dcfc89e3061fc2276ce5b3b8d64db6d9eca8f8f



Posted on 22 Feb 2013, 10:39 by linuxcbon
remasterpup2
Did you read my bug report about it ?
I guess you started some f2fs stuff in it.
- remasterpup2 doesn't accept "mounted iso" as "virtual CD"


Posted on 22 Feb 2013, 20:06 by jamesbond
cryptoloop is going the dinosaurs way too
losetup from klibc (the latest I tried is 2.0.2) also supports encryption (both -e and -p).

That being the case, the cryptoloop module itself will be going soon as soon as this patch is merged with mainline https://lkml.org/lkml/2012/11/1/375.

cryptsetup (aka dm-crypt) has been around for years and getting more mature, as well as more secure than cryptoloop.

It is relatively easy to replace losetup with cryptsetup:

"losetup -e aes /dev/loop5 x.img"

can be replaced with

"cryptsetup -M plain -c aes-cbc-plain -h plain open `pwd`/x.img encrypted_device"

There is however no known methods of replacing the "xor" (aka "light") encryption.

For more info please see https://lkml.org/lkml/2012/11/2/162 (that URL still uses cryptsetup 1.5.x format, "open" is introduced in 1.6.0).

Fatdog already uses cryptsetup by default for new encrypted savefile although it still uses losetup as "compatibility mode" for older, existing encrypted savefile. Once the cryptoloop is gone I will have to migrate to cryptsetup for all encryption modes.

cheers!