[blfs-support] libgcrypt-1.6.4

Richard Melville richard.melville69 at googlemail.com
Tue Nov 3 07:38:14 PST 2015


On 3 November 2015 at 14:30, William Harrington <kb0iic at berzerkula.org> wrote:
> On Tue, November 3, 2015 11:31, Richard Melville wrote:
>
>> I suppose another answer is to use a different crypto library with
>> crypsetup, but as cryptsetup is not in the BLFS book then it's
>> irrelevant here.
>>
>> Richard
>
> We only have hints which use cryptsetup. I'm not sure why cryptsetup never
> made it into BLFS, Perhaps no one got around to it. We've had hint updates
> for cryptrootfs in 2013.
> http://lists.linuxfromscratch.org/pipermail/hints/2013-April/003308.html
> Nowhere in the hints does it warn to not use --with-capabilities with
> gcrypt, as well.
>
> As far as backends, cryptsetup 1.7 can use:
> gcrypt, openssl, nss, the kernel, and nettle.
>
> It may want gcrypt by default if it finds no other backends.
>
> Not long ago Tim had the same issue:
> http://archive.linuxfromscratch.org/mail-archives/blfs-dev/2015-August/030805.html
> which he also had this, too
> http://archive.linuxfromscratch.org/mail-archives/blfs-dev/2015-August/030808.html
>
There you go then.  I didn't realise that Tim had already flagged the
issue.  Even more reason why a note should be added in the book to
libgcrypt.  I can't understand the reticence.  Just because it isn't
mentioned in the cryptsetup hint doesn't mean that it's not important.
It was probably an oversight.  Don't forget that the bug would only
become apparent if libgcrypt were built with capabilities.  How many
people do that? I don't know.

Anyway, as far as I can see it makes more sense to add it to the
libgcrypt page, where the error will occur, than to a hint on
cryptsetup.  Maybe a note in both places is a good idea.  I would
imagine though that by the time somebody reaches the cryptsetup hint
they have already built and installed libgcrypt, and maybe, with
capabilities.

Richard


More information about the blfs-support mailing list