[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1028250: debian-installer: broken cryptsetup support



Guilhem Moulin <guilhem@debian.org> (2023-04-21):
> Just uploaded 2:2.6.1-4 to sid, and locally prepared a rebuild for
> bookworm (2:2.6.1-4~deb12u1).

\o/

> Bottom line:
> 
>  * The upstream patches in the patch-queue (the 2 backported earlier
>    from upstream MR !490 plus the new other two from upstream MR !498)
>    only affect systems with <2G RAM (i.e., those where half the amount
>    of physical memory is lower than DEFAULT_LUKS2_MEMORY_KB).  And only
>    those without swap.  On such systems the memory cost is set to a
>    lower value at the expense of a higher time cost, which is the
>    intended behavior; it appear to leave enough head-room for the
>    graphical installer to succeed with 1G RAM, so I believe the errata
>    can be removed if the changes makes it to bookworm.

Looks very good to me, thanks.

>  * I was surprised to see the memory cost settle at ~550-600M on systems
>    with a decent amount of RAM in d-i.  Would have expected to see 1G
>    here just like after running `cryptsetup luksConvertKey` in the
>    normal system.  I get a similarily low memory cost after dropping to
>    a rescue shell early in d-i and running `luksFormat` manually:

[…]

>    I think what happens here is that compared to the final system d-i is
>    a bit crippled so the 2s threshold is reached earlier in the
>    benchmark.

Summing up some out-of-band brainstorming about what “a bit crippled”
means, it might just be libargon2-1-udeb's being built without pthread
support:
  https://salsa.debian.org/debian/argon2/-/commit/31225912349933993e49f5007e97630b20465c32

>    Never noticed that before, but that's not a regression since buster
>    and bullseye both have the same behavior.  (At least in my test VMs;
>    didn't compare on real hardware.)

Based on Samuel's feedback on IRC, what used to be true in 2019 might no
longer be today; we might try and enable pthread support, and see
whether that makes a difference.

As noted in https://mjg59.dreamwidth.org/66429.html what happens during
installation might not get changed at all during the life of a given
system, so if we can somewhat easily improve what happens during
installation… :)


Cheers,
-- 
Cyril Brulebois (kibi@debian.org)            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

Attachment: signature.asc
Description: PGP signature


Reply to: