Bug 25574 - pam_mount incompatible with luks2
Summary: pam_mount incompatible with luks2
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA7-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2019-10-15 20:09 CEST by Vincent D
Modified: 2019-11-30 14:07 CET (History)
5 users (show)

See Also:
Source RPM: pam_mount-2.16-6.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Vincent D 2019-10-15 20:09:32 CEST 
Pam_mount plugin can not deal with LUKS2 volume (but is ok with LUKS1).

Unfortunately, mageia installation uses LUKS2 to crypt new volumes.

For a patch and more details please see:
https://bugs.launchpad.net/ubuntu/+source/libpam-mount/+bug/1804408

The patch works well: I did a rebuild of the rpm integrating this patch. So please add the patch.
Comment 1 Lewis Smith 2019-10-15 21:16:33 CEST 
Thank you Vincent both for the alert, and identifying the solution.

Assigning to ChrisD as the 'pam_mount' maintainer.

Assignee: bugsquad => eatdirt

Comment 2 Chris Denice 2019-10-16 14:00:44 CEST 
Great, I'll push that!
thanks
Comment 3 Chris Denice 2019-10-17 09:09:59 CEST 
pam_mount-2.16-6.1.mga7 is landing on core/updates_testing.

I don't have a luks2 encrypted volume, if Vincent D could provide some test, that would be nice.
Thanks!
Comment 4 Vincent D 2019-10-18 08:43:57 CEST 
I can confirm this new package works fine with LUKS 2 volumes.

Thanks !
Comment 5 Chris Denice 2019-10-20 12:50:52 CEST 
For QA team, we would need some tester knowing already how to use pam_mount, and they should check that luks2 encrypted volume are correctly mounted, but also luks legacy ones, namely that we do not break the backward compatibility.


Suggested advisory:
========================

Updated pam_mount packages to support luks2 encrypted volumes.


References:
https://bugs.mageia.org/show_bug.cgi?id=25574
========================

Updated packages in core/updates_testing:
========================
pam_mount-2.16-6.1.mga7
lib(64)cryptmount0-2.16-6.1.mga7
lib(64)cryptmount-devel-2.16-6.1.mga7

Source RPMs: 
pam_mount-2.16-6.1.mga7.src

CC: (none) => eatdirt
Assignee: eatdirt => qa-bugs

Comment 6 Vincent D 2019-11-11 23:55:24 CET 
I can confirm LUKS2 and LUKS1 volumes are correctly mounted using the updated packages (note that both libcryptmount and pam_mount need to be installed).

My current computer is using one old LUKS1 volume, and a new LUKS2 one, and everything is working as expected.

Thanks !
Comment 7 Ulrich Beckmann 2019-11-19 19:57:51 CET 
(In reply to Vincent D from comment #6)
> I can confirm LUKS2 and LUKS1 volumes are correctly mounted using the
> updated packages (note that both libcryptmount and pam_mount need to be
> installed).
> 
> My current computer is using one old LUKS1 volume, and a new LUKS2 one, and
> everything is working as expected.
> 
> Thanks !

Setting ok based on your test.
I personally don't use pam_mount or LUKS2. It would be nice, if you document your test as sample procedure for future.

Ulrich

Whiteboard: (none) => MGA7-64-OK
CC: (none) => bequimao.de

Comment 8 Thomas Andrews 2019-11-22 16:16:17 CET 
Validating on the basis of Vincent's test. Advisory in Comment 5.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2019-11-30 13:01:42 CET

CC: (none) => tmb
Keywords: (none) => advisory

Comment 9 Mageia Robot 2019-11-30 14:07:25 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2019-0216.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.