08:41 <cruxbot> [opt.git/3.6]: imagemagick: update to 7.1.0-32

08:41 <cruxbot> [opt.git/3.6]: mdadm: fix build to include mdadm.static, FS#1909

08:41 <cruxbot> [opt.git/3.6]: freetype: update to 2.12.1

08:41 <cruxbot> [opt.git/3.6]: mutt: update to 2.2.4

15:43 <cruxbot> [opt.git/3.6]: postfix: updated to version 3.7.2

15:43 <cruxbot> [contrib.git/3.6]: postfix-pgsql: updated to version 3.7.2

17:08 <stenur> Anyone an idea: i call "$2 open --type plain $PART_SWAP p_swap --key-file -" where $2=cryptsetup.static from my "first boot level", and it does say "ripemd160 not supported", but the same cryptsetup.static can do it just fine when the system finally is interactive.

17:09 <stenur> This cryptsetup.static was compiled anew on Saturday with OpenSSL 3.0.2

17:10 <stenur> I have never seen this in the past, same kernel (config), same busybox (fwiw).

17:14 <stenur> hmmm https://github.com/openssl/openssl/issues/16994

17:16 <stenur> question why does it work in interactive mode when filesystem is available but not in stage one when it is still encrypted.

17:17 <SiFuh> Understood, is it a module or built in?

17:17 <stenur> hm dlopen(3) there is only in lib/luks2/luks2_token.c

17:17 <stenur> SiFuh: cryptsetup.static?

17:17 <SiFuh> ripemd160

17:17 <stenur> the kernel you mean?

17:17 <SiFuh> Yes

17:18 <stenur> i have no idea whether that has it. wait.

17:18 <stenur> hosts/kent/linux-5.15.config:CONFIG_CRYPTO_RMD160=y

17:19 <SiFuh> You using dracut?

17:20 <stenur> Kernel config unchanged for long really. No no. Kernel has no modules, all static. I do generate an initrd on the fly if it does not exist yet, but no dracut no.

17:21 <stenur> I mean it is easy to reproduce a bit on CRUX 3.7 with OpenSSL 3:

17:21 <stenur> openssl speed ripemd160

17:21 <stenur> You need instead: openssl speed -provider legacy ripemd160

17:22 <SiFuh> Yeah I saw that on your link

17:23 <SiFuh> Not the problem but are you randomnly encrypting swap?

17:24 <stenur> That is what this is for, yes.

17:24 <SiFuh> I do too

17:24 <stenur> Legacy provider enabled since 2.4.1 says cryptsetup release notes

17:24 <SiFuh> https://gitlab.com/SiFuh/Documentation/-/blob/master/CRUX-3.6-Encrypted.txt

17:25 <SiFuh> I am using serpent-xts-plain64 -s 512 on my main machine

17:25 <stenur> it is all encrypted here SiFuh. I am just using static kernels plus kexec

17:26 <SiFuh> stenur: cool, everything here is encrypted too

17:26 <stenur> ok.

17:26 <SiFuh> I left the CIPH="aes-cbc-essiv:sha256" in the swap script to give an idea of options

17:27 <stenur> yes i was thinking about changing cipher, but i yet to discover where to find the list i can use ;-)

17:27 <SiFuh> For me using dracut I had to make sure the encryption was a module. Never had the time to look into why

17:28 <SiFuh> luks has the list

17:29 <SiFuh> cryptsetup benchmark should also

17:30 <stenur> ok. argon2id is the must-have today. the rfc is grazy.

17:30 <SiFuh> I use serpent which is super slow

17:30 <SiFuh> aes is pretty much the fastest

17:30 <stenur> here too :)

17:31 <stenur> but NSA proven for top secret (for 256+ bits _i think_)

17:31 <stenur> We just had two updated NSA RFCs last week

17:32 <SiFuh> NSA are also liars

17:32 <stenur> RFC 9152 and 9151, the latter Commercial National Security Algorithm

17:32 <SiFuh> Also for kernel level you can do cat /proc/crypto

17:35 <stenur> ok thanks

17:35 <stenur> problem is cryptsetup.static :)

17:35 <SiFuh> New flags?

17:48 <SiFuh> Going back to watch Jason and the Argonauts (1963)

17:48 <stenur> Sure. cryptsetup does EVP_DigestInit_ex(h->md, h->hash_id, NULL), i presume that does load additional things.

17:49 <stenur> And these are not available when disk is still encrypted.

17:49 <stenur> Luckily the luks2 decryption is compiled in.

17:49 <SiFuh> So a module?

17:51 <stenur> Well i do not know. /usr/lib/libcrypto.a _does_ seem to have ripemd160.

17:51 <stenur> But swap was not initialized. Well regardless thanks SiFuh. I will check out another algorithm.

17:51 <SiFuh> I have always had to have crypto as a module to be able to boot

17:52 <stenur> Kernel is all static.

17:52 <SiFuh> And lvm

17:52 <SiFuh> Let me know what you learn. Crypto is something I am deeply intersted in

18:59 <farkuhar> How long has /usr/ports/contrib/r/r.png been invalid as a PNG image? The signature verifies fine, but the file itself only contains HTML. Skimming through the gitweb history doesn't reveal an obvious commit that replaced the once-good PNG image.

19:05 <cruxbot> [contrib.git/3.6]: kexec-tools: v2.0.24 (renamed from kexec)

20:46 <cruxbot> [contrib.git/3.6]: zellij: 0.28.1 -> 0.29.1

20:58 <stenur> So i am now using '--hash sha512', will see how this works out on Saturday (shall nothing terrible happen) :-)

20:59 <stenur> 'Still wondering, cryptsetup release notes explicitly mention the problem as solved, OpenSSL 3 libcrypto.a has ripemd160, ... but it is not there.

20:59 <stenur> It is there when the filesystem is available, however.

21:01 <stenur> SiFuh: i am using http://ix.io/3WPr http://ix.io/3WPs http://ix.io/3WPt

21:04 <_moth_> missing "bison" dependence in vala Pkgfile

21:06 <_moth_> looks like it's mandatory -> https://gitlab.gnome.org/GNOME/vala/-/blob/main/README.md

21:22 <farkuhar> _moth_: the CRUX packaging guidelines say that it's not necessary to list core ports among the dependencies. Every user is expected to install the whole core repository.

21:23 <farkuhar> And it appears that bison is among the core ports. Users who choose to install only part of core are responsible for any subsequent breakage.

21:25 <farkuhar> For example, I yanked out core/vim from my system and replaced it with neovim. But then I couldn't build something that relied on /usr/bin/xxd (provided by vim), so I had to make an xxd-standalone port.

21:44 <_moth_> farkuhar: thanks for the clarification, i didn't know that.

21:48 <farkuhar> _moth_: no problem. Once you've upgraded to 3.7, you can remind yourself of such details by running `man Pkgfile`.