[Bug 2054620] Re: libdm returns wrong error code when dm-verity key cannot be found
Luca Boccassi
2054620 at bugs.launchpad.net
Wed Mar 6 18:48:35 UTC 2024
The previous lvm2 upload has now migrated from proposed to noble.
cryptsetup 2.7.0 is also now available in noble, which also can make use
of this bug fix.
--
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2054620
Title:
libdm returns wrong error code when dm-verity key cannot be found
Status in lvm2 package in Ubuntu:
Confirmed
Status in lvm2 source package in Noble:
Confirmed
Bug description:
When libcryptsetup tries to activate a signed dm-verity volume, and
the key is not in the kernel keyring, libdevicemapper does not return
the appropriate ENOKEY, so the failure cannot be distinguished from
other generic issues.
This is a problem when software like systemd via libcryptsetup try to
open a volume, and get an unrecognizable error out of it. With the fix
in libdm and libcryptsetup, there is a clear ENOKEY returned when a
key is missing and activation fails for that reason. This allows
systemd (and other applications) to make the right decision depending
on the failure case. Without this, the same generic error is returned
in any case.
For more details, see:
https://gitlab.com/cryptsetup/cryptsetup/-/issues/841
libcryptsetup 2.7.0, now available in debian stable, and systemd v255,
shipped in Noble, make use of this error code.
This is fixed in the lvm2 version 2.03.23 upstream release.
Please consider backporting this patch for Noble.
Upstream PR: https://gitlab.com/lvmteam/lvm2/-/merge_requests/3
Upstream commit: 25ef7a7b1a876f491bd361369423d7309358f6c1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lvm2/+bug/2054620/+subscriptions
More information about the Ubuntu-sponsors
mailing list