From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI
	autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 10884 invoked from network); 8 Sep 2023 23:39:18 -0000
Received: from minnie.tuhs.org (2600:3c01:e000:146::1)
  by inbox.vuxu.org with ESMTPUTF8; 8 Sep 2023 23:39:18 -0000
Received: from minnie.tuhs.org (localhost [IPv6:::1])
	by minnie.tuhs.org (Postfix) with ESMTP id 8C9D640FC2;
	Sat,  9 Sep 2023 09:39:09 +1000 (AEST)
Received: from sdaoden.eu (sdaoden.eu [217.144.132.164])
	by minnie.tuhs.org (Postfix) with ESMTPS id E0EB840FA3
	for <tuhs@tuhs.org>; Sat,  9 Sep 2023 09:38:58 +1000 (AEST)
Date: Sat, 09 Sep 2023 01:38:54 +0200
Author: Steffen Nurpmeso <steffen@sdaoden.eu>
From: Steffen Nurpmeso <steffen@sdaoden.eu>
To: Michael =?utf-8?Q?Kj=C3=B6rling?= <e5655f30a07f@ewoof.net>
Message-ID: <20230908233854.Xni_j%steffen@sdaoden.eu>
In-Reply-To: <f948d06c-14f4-40bd-8e32-4db1c5b1dd21@home.arpa>
References: <9A989054DE79CE5059CBA74797391E39.for-standards-violators@oclsc.org>
 <20230904221059.sF2G0%steffen@sdaoden.eu>
 <20230905155301.mIziN%steffen@sdaoden.eu>
 <f948d06c-14f4-40bd-8e32-4db1c5b1dd21@home.arpa>
Mail-Followup-To: Michael =?utf-8?Q?Kj=C3=B6rling?= <e5655f30a07f@ewoof.net>,
 tuhs@tuhs.org
User-Agent: s-nail v14.9.24-507-g0e7e3e8c46
OpenPGP: id=EE19E1C1F2F7054F8D3954D8308964B51883A0DD;
 url=https://ftp.sdaoden.eu/steffen.asc; preference=signencrypt
BlahBlahBlah: Any stupid boy can crush a beetle. But all the professors in
 the world can make no bugs.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: K3TOJUGJGGINEGVKBMNLFMR2ME7FS7VA
X-Message-ID-Hash: K3TOJUGJGGINEGVKBMNLFMR2ME7FS7VA
X-MailFrom: steffen@sdaoden.eu
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: tuhs@tuhs.org
X-Mailman-Version: 3.3.6b1
Precedence: list
Subject: [TUHS] Re: Unix install & "standalone" package
List-Id: The Unix Heritage Society mailing list <tuhs.tuhs.org>
Archived-At: <https://www.tuhs.org/mailman3/hyperkitty/list/tuhs@tuhs.org/message/K3TOJUGJGGINEGVKBMNLFMR2ME7FS7VA/>
List-Archive: <https://www.tuhs.org/mailman3/hyperkitty/list/tuhs@tuhs.org/>
List-Help: <mailto:tuhs-request@tuhs.org?subject=help>
List-Owner: <mailto:tuhs-owner@tuhs.org>
List-Post: <mailto:tuhs@tuhs.org>
List-Subscribe: <mailto:tuhs-join@tuhs.org>
List-Unsubscribe: <mailto:tuhs-leave@tuhs.org>

Michael Kj=C3=B6rling wrote in
 <f948d06c-14f4-40bd-8e32-4db1c5b1dd21@home.arpa>:
 |On 5 Sep 2023 17:53 +0200, from steffen@sdaoden.eu (Steffen Nurpmeso):
 |> Unfortunately cryptsetup is needed even though, i think, the
 |> kernel has anything needed; you just cannot access it.  cryptsetup
 |> is only needed for "$cs open $PART_ROOT p_root --key-file -".
 |> Of course i am no real Linux expert but only a do-it-yourself guy.
 |
 |If your need is restricted to a highly specific use case and you are
 |trying to keep it as small as possible, then it should be possible to
 |write a custom wrapper around whatever libcryptsetup functionality you
 |need and avoid the extra code that you get with cryptsetup proper.

It is nicely documented, and my Linux distribution ships the
static library anyhow.  But i am a lazy sort regarding such,
i just take the thing of my distribution and copy it over (they do
build it statically also by default).
You know, things change, and if you do not follow closely, you
stand in the rain.  I am not a paid Linux engineer that follows
this rapidly moving target in the end.
For example the (no longer) new random developer chose to disable
feeding entropy via /dev/urandom, here (distribution) still is

  # Load random seed
  /bin/cat /var/lib/urandom/seed > /dev/urandom

for almost two decades (it is a rather young one), but the code
path was mutilated (i read the kernel source once he had rewritten
that to be blake2/some 32-byte block thing based), now one needs
to use some ioctl interface fwiw.
Or once here cryptsetup was updated to use OpenSSL 3.0 suddenly
ripemd160 was no longer available on EFI (aka purely static,
without the filesystem avaialable), even though its release notes
explicitly mentioned the problem as solved, and OpenSSL 3's
libcrypto.a _had_ ripemd160...  I had to switch to sha512 .. then
to sha256 once cryptsetup started warning args had to be explicit
in the future.  Mind you, i in fact use it twice, also for
encrypted swap, i only wrongly searched for $cs

    $2 open --type plain --cipher aes --key-size 256 \
      --hash sha256 $PART_SWAP p_swap --key-file - &&

i said on IRC

  cryptsetup does EVP_DigestInit_ex(h->md, h->hash_id, NULL),
  i presume that does load additional things.

That surely is it, i did not track it further.
So no, to answer you, i have no highly specific use case at all.
This is only an encrypted volume with my own boot-style that
requires no boot loader but Linux itself.
Maybe i should really look deeply in how cryptsetup then attaches
a LUKS2 volume to the kernel, maybe it actually _would_ be
possible to do this simply in some other way.
But truly writing a program?  I feel much saver in the horde, with
so many people, specialists even, working on Linux, LUKS2,
cryptsetup, OpenSSL, .. these are all moving targets.
(I mean, i am lucky if i _can_ do a bit of programming on at least
the MUA i maintain; so much to do!  And roff hopefully somewhere
on the horizon, somewhen; today it was zero minutes.)

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)