[blfs-support] libgcrypt-1.6.4

Richard Melville richard.melville69 at googlemail.com
Tue Nov 3 03:31:36 PST 2015

On 2 November 2015 at 14:47, William Harrington <kb0iic at berzerkula.org> wrote:
> On Mon, November 2, 2015 13:17, Richard Melville wrote:
>> Under "Command Explanations" it reads "--with-capabilities: This
>> option enables libcap2 support".
>> May we have a health warning here because if this option is enabled,
>> and the user goes on to build and install cryptsetup, they will find
>> that their cryptsetup build is completely broken.
>> Result:-
>> device-mapper: version ioctl on  failed: Permission denied
>> Incompatible libdevmapper (unknown version) and kernel driver (unknown
>> version).
>> I know that cryptsetup is not in the book, but I'm sure that I'm not
>> the only one that sees it as an essential tool for encrypting block
>> devices.  Building libgcrypt with the "capabilities" option gave me
>> two days of building, rebuilding and testing other packages until I
>> discovered the cause of the problem.
>> Richard
> Just to give a bit of history, this issue has been around since about
> 2010. I'm also posting urls with some more info about the issue:
> https://bugs.gnupg.org/gnupg/issue1181
> http://code.google.com/p/cryptsetup/issues/detail?id=47
> The project has moved to gitlab and am not able to view the issue linked
> in the above bug or can determine if it would be valid:

The bug is easy enough to replicate: remove libgcrypt and re-build it
with "capabilities"; test cryptsetup and you'll see it's broken.
Remove libgcrypt and re-build *without* "capabilities"; test
cryptsetup again and it works as expected.

I suppose another answer is to use a different crypto library with
crypsetup, but as cryptsetup is not in the BLFS book then it's
irrelevant here.

> https://gitlab.com/cryptsetup/cryptsetup/issues/detail?id=47
> I usually build cryptsetup with systemd for encrypted filesystem support
> and I do remember long ago I had the same issue with Richard. I ended up
> not using --with-capabilities after I encountered the same problem.


More information about the blfs-support mailing list