On 01/07/2013 07:23 AM, Yves-Alexis Perez wrote: > On dim., 2013-01-06 at 17:24 +0100, Milan Broz wrote: >>> Is this really the proper fix? Usually, userland needing headers >> more >>> recent than what's in linux-libc-dev should embed them, and >> correctly >>> handle at runtime if the interfaces are available. >> >> These are two separate problems >> - you need to compile it on system where new header/kernel is not >> available >> - you need to detect that current kernel is not able to use >> userspace crypto API interface (this includes missing module etc.) >> >> Both should be handled already. >> >>> What happens here if cryptsetup is built on a recent enough kernel >> where >>> the header is present, and then run on an old kernel? Will it fail >>> gracefully? >> >> It should print something like >> ... >> Required kernel crypto interface not available. >> Ensure you have algif_skcipher kernel module loaded. > > Good. And what happens if cryptsetup is built on an old box not having > recent enough headers (typically a buildd) but is run on a box with > recent kernels? I guess there's no support, while, when headers are > embedded, they would be available. The same as above. Kernel crypto api is just new AF_ALG socket interface, if is is not known to kernel, or the command fails, it should fail the same way like kernel is compiled without it. (TBH if is not clear how to properly detect it otherwise than just try to use it... but that works). Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt