From 49fb6550dd8a7bf7da690ee58051a7f666f0ce1e Mon Sep 17 00:00:00 2001 From: Florian Vallee Date: Wed, 9 Sep 2020 15:15:52 +0200 Subject: [PATCH] Fix a bunch of small cryptroot image builds issues (#2195) * Dockerfile update Add package to fill-in missing ssh-keygen dependency (required by lib/distributions.sh when CRYPTROOT_ENABLE is true) * lib/chroot-buildpackages.sh: Fix mistakes with shellcheck linting This breaks the apt command line, resulting in the following error: > E: Invalid operation * lib/configuration.sh: cryptroot >= 2.1 uses memory intensive key derivation fix that by reverting to the < 2.1 default algorithm (pbkdf2) --- config/templates/Dockerfile | 1 + lib/chroot-buildpackages.sh | 4 ++-- lib/configuration.sh | 5 +++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/config/templates/Dockerfile b/config/templates/Dockerfile index a35bdffed..31fb64b68 100644 --- a/config/templates/Dockerfile +++ b/config/templates/Dockerfile @@ -68,6 +68,7 @@ RUN apt-get update \ ncurses-term \ nfs-kernel-server \ ntpdate \ + openssh-client \ p7zip-full \ parted \ patchutils \ diff --git a/lib/chroot-buildpackages.sh b/lib/chroot-buildpackages.sh index 48988f642..08f29f063 100644 --- a/lib/chroot-buildpackages.sh +++ b/lib/chroot-buildpackages.sh @@ -336,7 +336,7 @@ chroot_installpackages() cat <<-EOF > "${SDCARD}"/tmp/install.sh #!/bin/bash [[ "$remote_only" != yes ]] && apt-key add /tmp/buildpkg.key - apt-get "${apt_extra}" -q update + apt-get ${apt_extra} -q update # uncomment to debug # /bin/bash # TODO: check if package exists in case new config was added @@ -345,7 +345,7 @@ chroot_installpackages() # if grep -qE "apt.armbian.com|localhost" <(apt-cache madison \$p); then # if apt-get -s -qq install \$p; then #fi - apt-get -q "${apt_extra}" --show-progress -o DPKG::Progress-Fancy=1 install -y ${install_list} + apt-get -q ${apt_extra} --show-progress -o DPKG::Progress-Fancy=1 install -y ${install_list} apt-get clean [[ "${remote_only}" != yes ]] && apt-key del "925644A6" rm /etc/apt/sources.list.d/armbian-temp.list 2>/dev/null diff --git a/lib/configuration.sh b/lib/configuration.sh index 77374e61c..fc4e94f41 100644 --- a/lib/configuration.sh +++ b/lib/configuration.sh @@ -83,6 +83,11 @@ CAN_BUILD_STRETCH=yes ATF_COMPILE=yes [[ -z $CRYPTROOT_SSH_UNLOCK ]] && CRYPTROOT_SSH_UNLOCK=yes [[ -z $CRYPTROOT_SSH_UNLOCK_PORT ]] && CRYPTROOT_SSH_UNLOCK_PORT=2022 +# Default to pdkdf2, this used to be the default with cryptroot <= 2.0, however +# cryptroot 2.1 changed that to Argon2i. Argon2i is a memory intensive +# algorithm which doesn't play well with SBCs (need 1GiB RAM by default !) +# https://gitlab.com/cryptsetup/cryptsetup/-/issues/372 +[[ -z $CRYPTROOT_PARAMETERS ]] && CRYPTROOT_PARAMETERS="--pbkdf pbkdf2" [[ -z $WIREGUARD ]] && WIREGUARD="yes" [[ -z $EXTRAWIFI ]] && EXTRAWIFI="yes" [[ -z $AUFS ]] && AUFS="yes"