Bug 25574 - pam_mount incompatible with luks2
Summary: pam_mount incompatible with luks2
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 7
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard: MGA7-64-OK
Keywords:
Depends on:
Blocks:
 
Reported: 2019-10-15 20:09 CEST by Vincent D
Modified: 2019-11-19 19:57 CET (History)
2 users (show)

See Also:
Source RPM: pam_mount-2.16-6.mga7.src.rpm
CVE:
Status comment:


Attachments

Description Vincent D 2019-10-15 20:09:32 CEST
Pam_mount plugin can not deal with LUKS2 volume (but is ok with LUKS1).

Unfortunately, mageia installation uses LUKS2 to crypt new volumes.

For a patch and more details please see:
https://bugs.launchpad.net/ubuntu/+source/libpam-mount/+bug/1804408

The patch works well: I did a rebuild of the rpm integrating this patch. So please add the patch.
Comment 1 Lewis Smith 2019-10-15 21:16:33 CEST
Thank you Vincent both for the alert, and identifying the solution.

Assigning to ChrisD as the 'pam_mount' maintainer.

Assignee: bugsquad => eatdirt

Comment 2 Chris Denice 2019-10-16 14:00:44 CEST
Great, I'll push that!
thanks
Comment 3 Chris Denice 2019-10-17 09:09:59 CEST
pam_mount-2.16-6.1.mga7 is landing on core/updates_testing.

I don't have a luks2 encrypted volume, if Vincent D could provide some test, that would be nice.
Thanks!
Comment 4 Vincent D 2019-10-18 08:43:57 CEST
I can confirm this new package works fine with LUKS 2 volumes.

Thanks !
Comment 5 Chris Denice 2019-10-20 12:50:52 CEST
For QA team, we would need some tester knowing already how to use pam_mount, and they should check that luks2 encrypted volume are correctly mounted, but also luks legacy ones, namely that we do not break the backward compatibility.


Suggested advisory:
========================

Updated pam_mount packages to support luks2 encrypted volumes.


References:
https://bugs.mageia.org/show_bug.cgi?id=25574
========================

Updated packages in core/updates_testing:
========================
pam_mount-2.16-6.1.mga7
lib(64)cryptmount0-2.16-6.1.mga7
lib(64)cryptmount-devel-2.16-6.1.mga7

Source RPMs: 
pam_mount-2.16-6.1.mga7.src

Assignee: eatdirt => qa-bugs
CC: (none) => eatdirt

Comment 6 Vincent D 2019-11-11 23:55:24 CET
I can confirm LUKS2 and LUKS1 volumes are correctly mounted using the updated packages (note that both libcryptmount and pam_mount need to be installed).

My current computer is using one old LUKS1 volume, and a new LUKS2 one, and everything is working as expected.

Thanks !
Comment 7 Ulrich Beckmann 2019-11-19 19:57:51 CET
(In reply to Vincent D from comment #6)
> I can confirm LUKS2 and LUKS1 volumes are correctly mounted using the
> updated packages (note that both libcryptmount and pam_mount need to be
> installed).
> 
> My current computer is using one old LUKS1 volume, and a new LUKS2 one, and
> everything is working as expected.
> 
> Thanks !

Setting ok based on your test.
I personally don't use pam_mount or LUKS2. It would be nice, if you document your test as sample procedure for future.

Ulrich

CC: (none) => bequimao.de
Whiteboard: (none) => MGA7-64-OK


Note You need to log in before you can comment on or make changes to this bug.