Roger Heflin wrote:
I am not sure what version mine last worked on. I would guess the default changed on 39 or 40.
What fixed it for me (type plain password from stdin) was adding --hash ripemd160 (they appear to have changed the default hash, BAD developer).
Guessing related to this: https://gitlab.com/cryptsetup/cryptsetup/-/issues/758
And given people could have a script/command to mount like this(and ask for a password), changing the default is not nice especially since it will break the password working with no indication of anything except the password/hash not decrypting the fs.
This would have been in cryptsetup-2.7.0, so Fedora 40. Upstream does note this backward incompatible change in the 2.7.0 release notes¹ and it doesn't seem like they made it just to make it. Sure, it's annoying when it happens and catches one of us, but it is a necessary evil sometimes.
Relevant to the initial problem in this thread, does anything in Fedora use cryptsetup plain mode by default? Doesn't the installer use LUKS when encrypting a drive (which isn't affected by this change) and lack support encrypting /boot or /boot/efi? I thought that was something you could do, but you had to work it out on your own?
¹ https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/docs/v2.7.0-ReleaseNote...