Bug#1028250: debian-installer: broken cryptsetup support

To: Guilhem Moulin <guilhem@debian.org>, 1028250@bugs.debian.org, Paul Gevers <elbrus@debian.org>
Subject: Bug#1028250: debian-installer: broken cryptsetup support
From: Cyril Brulebois <kibi@debian.org>
Date: Fri, 21 Apr 2023 13:02:24 +0200
Message-id: <[🔎] 20230421110224.ttybxm5gmv325t54@mraw.org>
Reply-to: Cyril Brulebois <kibi@debian.org>, 1028250@bugs.debian.org
In-reply-to: <[🔎] ZEJkmTiVx6JK1VhO@debian.org>
References: <20230216191420.hrnadrs7ctxc7enz@mraw.org> <Y/DN/xH/MMRZhTTi@debian.org> <20230218132051.hpevwcpaqscoy3cn@mraw.org> <ZCBVf2CW6dvSx8Cm@debian.org> <20230326144038.bfolpgqlxzv7l3uq@mraw.org> <20230331223635.vnes32oxu5adk43b@mraw.org> <ZCduHpxUaxZ07lG3@debian.org> <[🔎] ZEE3M+SIVEh2qzC5@debian.org> <[🔎] 20230420180227.y7k3sepcnjzizmy5@mraw.org> <[🔎] ZEJkmTiVx6JK1VhO@debian.org> <167321595819.2619824.14373135052395056490.reportbug@tokyo>

Guilhem Moulin <guilhem@debian.org> (2023-04-21):
> Just uploaded 2:2.6.1-4 to sid, and locally prepared a rebuild for
> bookworm (2:2.6.1-4~deb12u1).

\o/

> Bottom line:
> 
>  * The upstream patches in the patch-queue (the 2 backported earlier
>    from upstream MR !490 plus the new other two from upstream MR !498)
>    only affect systems with <2G RAM (i.e., those where half the amount
>    of physical memory is lower than DEFAULT_LUKS2_MEMORY_KB).  And only
>    those without swap.  On such systems the memory cost is set to a
>    lower value at the expense of a higher time cost, which is the
>    intended behavior; it appear to leave enough head-room for the
>    graphical installer to succeed with 1G RAM, so I believe the errata
>    can be removed if the changes makes it to bookworm.

Looks very good to me, thanks.

>  * I was surprised to see the memory cost settle at ~550-600M on systems
>    with a decent amount of RAM in d-i.  Would have expected to see 1G
>    here just like after running `cryptsetup luksConvertKey` in the
>    normal system.  I get a similarily low memory cost after dropping to
>    a rescue shell early in d-i and running `luksFormat` manually:

[…]

>    I think what happens here is that compared to the final system d-i is
>    a bit crippled so the 2s threshold is reached earlier in the
>    benchmark.

Summing up some out-of-band brainstorming about what “a bit crippled”
means, it might just be libargon2-1-udeb's being built without pthread
support:
  https://salsa.debian.org/debian/argon2/-/commit/31225912349933993e49f5007e97630b20465c32

>    Never noticed that before, but that's not a regression since buster
>    and bullseye both have the same behavior.  (At least in my test VMs;
>    didn't compare on real hardware.)

Based on Samuel's feedback on IRC, what used to be true in 2019 might no
longer be today; we might try and enable pthread support, and see
whether that makes a difference.

As noted in https://mjg59.dreamwidth.org/66429.html what happens during
installation might not get changed at all during the life of a given
system, so if we can somewhat easily improve what happens during
installation… :)


Cheers,
-- 
Cyril Brulebois (kibi@debian.org)            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Bug#1028250: debian-installer: broken cryptsetup support
  - From: Guilhem Moulin <guilhem@debian.org>
- Bug#1028250: debian-installer: broken cryptsetup support
  - From: Cyril Brulebois <kibi@debian.org>
- Bug#1028250: debian-installer: broken cryptsetup support
  - From: Guilhem Moulin <guilhem@debian.org>

Prev by Date: Bug#1028250: debian-installer: broken cryptsetup support
Next by Date: Bug#1028250: debian-installer: broken cryptsetup support
Previous by thread: Bug#1028250: debian-installer: broken cryptsetup support
Next by thread: Bug#1028250: debian-installer: broken cryptsetup support
Index(es):
- Date
- Thread