site  contact  subhomenews

losetup encryption not supported

February 22, 2013 — BarryK
A Precise Puppy tester reported that an encrypted save-file no longer works -- it could not be opened at next bootup. This applies to both light and heavy encryption.

I tested a light-encrypted save-file on the commandline:

# losetup-FULL -p 0 -E 1 /dev/loop2 precisesave_cryptx.2fs

losetup-FULL: --pass-fd is no longer supported: No such file or directory
losetup-FULL: encryption not supported, use cryptsetup(8) instead


The "full" losetup is in package 'util-linux', and a quick google revealed that encryption support for 'losetup' was removed mid-2012:
http://www.spinics.net/lists/util-linux-ng/msg06398.html

...this change also applies to 'mount-FULL'.

I think, at this stage of Precise Puppy 5.5's life-cycle, that I will take the easy way out and roll back to an earlier version of util-linux.
But, there's the catch, I compiled the latest util-linux out of git, to get f2fs support, used in Precise 5.4.93.

The versioning of util-linux is confusing. At one stage it was forked, as 'util-linux-ng', then, as the original project stalled, the fork merged back into 'util-linux'.
The freecode page gives a picture of this:
http://freecode.com/projects/util-linux
...it seems that version 2.21.2 was the merging of util-linux-ng back into util-linux.

I wonder if the f2fs patch can be applied to an earlier version (pre-mid-2012) of util-linux-ng?

Comments

re util-linux-ng
Username: BarryK
No, freecode is not showing the true picture. From here, I can see it better: http://pkgs.fedoraproject.org/repo/pkgs/util-linux/ Version 2.19 is the one where util-linux-ng merged back into util-linux. Version 2.21.2 was released May 2012, so still has the encryption support. Personal note: I do wish that they had made the attempt to fix encryption, rather than remove the functionality. it's a cop-out.

util-linux f2fs patch
Username: BarryK
"Here is the f2fs patch: http://git.kernel.org/?p=utils/util-linux/util-linux.git;a=patch;h=7dcfc89e3061fc2276ce5b3b8d64db6d9eca8f8f

remasterpup2
Username: linuxcbon
"Did you read my bug report about it ? I guess you started some f2fs stuff in it. - remasterpup2 doesn't accept "mounted iso" as "virtual CD"

cryptoloop is going the dinosaurs way too
Username: jamesbond
"losetup from klibc (the latest I tried is 2.0.2) also supports encryption (both -e and -p). That being the case, the cryptoloop module itself will be going soon as soon as this patch is merged with mainline https://lkml.org/lkml/2012/11/1/375. cryptsetup (aka dm-crypt) has been around for years and getting more mature, as well as more secure than cryptoloop. It is relatively easy to replace losetup with cryptsetup: "losetup -e aes /dev/loop5 x.img" can be replaced with "cryptsetup -M plain -c aes-cbc-plain -h plain open `pwd`/x.img encrypted_device" There is however no known methods of replacing the "xor" (aka "light") encryption. For more info please see https://lkml.org/lkml/2012/11/2/162 (that URL still uses cryptsetup 1.5.x format, "open" is introduced in 1.6.0). Fatdog already uses cryptsetup by default for new encrypted savefile although it still uses losetup as "compatibility mode" for older, existing encrypted savefile. Once the cryptoloop is gone I will have to migrate to cryptsetup for all encryption modes. cheers!


Tags: puppy