Branches for Sid

Name Status Last Modified Last Commit
lp:debian/cryptsetup bug 1 Development 2015-01-22 21:22:08 UTC 2015-01-22
38. * debian/cryptdisks.functions: fix th...

Author: Jonas Meurer
Revision Date: 2015-01-22 21:22:08 UTC

* debian/cryptdisks.functions: fix the precheck for ubuntu+upstart
  before invoking 'status cryptdisks-udev'. (closes: #773456)
* debian/cryptdisks.functions: fix the insufficient grep regex for
  detecting a running cryptdisks-udev (upstart) init script.

lp:~xnox/debian/sid/cryptsetup/ubuntu bug 1 Development 2013-11-01 16:56:30 UTC 2013-11-01
30. * Merge from debian unstable, remaini...

Author: Dimitri John Ledkov
Revision Date: 2013-11-01 16:56:05 UTC

* Merge from debian unstable, remaining changes:
  - debian/control:
    + Bump initramfs-tools Suggests to Depends: so system is not
      potentially rendered unbootable.
    + Depend on plymouth.
  - Invert the "busybox | busybox-static" Recommends, as the latter is
    the one we ship in main as part of the ubuntu-standard task.

  - Remove hardcoded paths to udevadm (LP: #1184066).

  - debian/initramfs/cryptroot-hook:
    + Do not unconditionally include cryptsetup utils in the initramfs.
    + Do not include any modules or utils in the initramfs, unless
      rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
      the initramfs.conf configuration file.
* debian/initramfs/cryptroot-hook:
  - Do not unconditionally include cryptsetup utils in the initramfs.
  - Do not include any modules or utils in the initramfs, unless
    rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
    the initramfs.conf configuration file.
* Remove hardcoded paths to udevadm (LP: #1184066).
* Invert the "busybox | busybox-static" Recommends, as the latter
  is the one we ship in main as part of the ubuntu-standard task.
* Merge from debian unstable, remaining changes:
  - debian/control:
    + Bump initramfs-tools Suggests to Depends: so system is not
      potentially rendered unbootable.
    + Depend on plymouth.
  - init/upstart jobs:
    + Rename cryptddisks{,-early}.upstart jobs to
      cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
      for now.
    + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
      script a no-op, this should be handled entirely by the upstart job;
     and fix the LSB header to not declare this should be started in
     runlevel 'S'.
    + Do not install start symlinks for init scripts
    + NB! shutdown is still handled by the SystemV init scripts
* Merge from debian unstable (LP: #1015753), remaining changes:
  - debian/control:
    + Bump initramfs-tools Suggests to Depends: so system is not
      potentially rendered unbootable.
    + Depend on plymouth.
  - init/upstart jobs:
    + Add debian/cryptdisks-{enable,udev}.upstart for bootup.
    + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
      script a no-op, this should be handled entirely by the upstart job;
     and fix the LSB header to not declare this should be started in
     runlevel 'S'.
    + Do not install start symlinks for init scripts
    + NB! shutdown is still handled by the SystemV init scripts
* Rename cryptddisks{,-early}.upstart jobs back to
  cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
  for now.
* Dropped Changes, included in Debian:
  - debian/control:
    + Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
  - debian/cryptdisks.functions:
    + Do not overwrite existing filesystems when creating swap (LP: #474258).
    + Add aesni module when we have hardware encryption.
    + Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/874774
    + Suppress "Starting init crypto disks" message in "init" phase, to
      avoid writing over fsck progress text.
    + new function, crypttab_start_one_disk, to look for the named source
      device in /etc/crypttab (by device name, UUID, or label) and start it
      if configured to do so
    + handle the case where crypttab contains a name for the source
      device that is not the kernel's preferred name for it (as is the case
      for LVs).
  - debian/initramfs/cryptroot-hook:
    + Quiet warnings from find on arches that don't have all the
      kernel/{arch,crypto} bits we're testing for.
* Our swap creation can trigger udev change events, which means udev may be
  holding the device open at the time we try to call 'dmsetup rename' and
  cause the /subsequent/ events to be missed because of dmsetup creating
  device nodes by hand. So call 'udevadm settle' before 'dmsetup rename',
  to ensure blkid is out of the way first. This should ensure swap
  partitions are found by mountall in a non-racy manner. LP: #874774.
* Start cryptdisks-enable upstart job on 'or container', to let us
  simplify the udevtrigger job.
* Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
* Do not overwrite existing filesystems when creating swap (LP: #474258).
* Add aesni module when we have hardware encryption.
* Merge from debian unstable (LP: #776264), remaining changes:
  - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
    in "init" phase, to avoid writing over fsck progress text.
  - debian/cryptroot-hook: Quiet warnings from find on arches that
    don't have all the kernel/{arch,crypto} bits we're testing for.
  - debian/control:
    + Bump initramfs-tools Suggests to Depends: so system is not
      potentially rendered unbootable.
    + Depend on plymouth.
  - Add debian/cryptdisks-{enable,udev}.upstart.
  - debian/cryptdisks.functions:
    + new function, crypttab_start_one_disk, to look for the named source
      device in /etc/crypttab (by device name, UUID, or label) and start it
      if configured to do so
  - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
    script a no-op, this should be handled entirely by the upstart job;
    and fix the LSB header to not declare this should be started in
    runlevel 'S'
  - debian/rules:
    + Do not install start symlinks for init scripts, and
      install debian/cryptdisks-{enable,udev}.upstart scripts.
* debian/cryptdisks.functions: handle the case where crypttab contains a
  name for the source device that is not the kernel's preferred name for
  it (as is the case for LVs).
* debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
  in "init" phase, to avoid writing over fsck progress text.
* debian/cryptroot-hook: Quiet warnings from find on arches that
  don't have all the kernel/{arch,crypto} bits we're testing for.
* Merge from debian unstable (LP: #682177), remaining changes:
  - debian/control:
    + Bump initramfs-tools Suggests to Depends: so system is not
      potentially rendered unbootable.
    + Depend on plymouth.
  - Add debian/cryptdisks-{enable,udev}.upstart.
  - debian/cryptdisks.functions:
    + new function, crypttab_start_one_disk, to look for the named source
      device in /etc/crypttab (by device name, UUID, or label) and start it
      if configured to do so
    + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
      we only ever have one of these running at a time; otherwise multiple
      invocations could steal each other's input and/or write over each
      other's output
    + when called by cryptdisks-enable, check that we don't already have a
      corresponding cryptdisks-udev job running (probably waiting for a
      passphrase); if there is, wait until it's finished before continuing.
  - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
    script a no-op, this should be handled entirely by the upstart job;
    and fix the LSB header to not declare this should be started in
    runlevel 'S'
  - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
    upgrade.
  - debian/rules:
    + Do not install start symlinks for init scripts, and
      install debian/cryptdisks-{enable,udev}.upstart scripts.
    + link dynamically against libgcrypt and libgpg-error.
  - Add debian/cryptsetup.apport: Apport package hook. Install in
    debian/rules and create dir in debian/cryptsetup.dirs.
  - debian/cryptsetup.postrm: call update-initramfs on package removal.
* Merge from Debian unstable (LP: #594365). Remaining changes:
  - debian/control:
    + Bump initramfs-tools Suggests to Depends: so system is not
      potentially rendered unbootable.
    + Depend on plymouth.
  - Add debian/cryptdisks-{enable,udev}.upstart.
  - debian/cryptdisks.functions:
    + new function, crypttab_start_one_disk, to look for the named source
      device in /etc/crypttab (by device name, UUID, or label) and start it
      if configured to do so
    + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
      we only ever have one of these running at a time; otherwise multiple
      invocations could steal each other's input and/or write over each
      other's output
    + initially create the device under a temporary name and rename it only
      at the end using 'dmsetup rename', to ensure that upstart/mountall
      doesn't see our device before it's ready to go.
    + do_tmp should mount under /var/run/cryptsetup for changing the
      permissions of the filesystem root, not directly on /tmp, since
      mounting on /tmp a) is racy, b) confuses mountall something fierce.
    + when called by cryptdisks-enable, check that we don't already have a
      corresponding cryptdisks-udev job running (probably waiting for a
      passphrase); if there is, wait until it's finished before continuing.
  - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
    script a no-op, this should be handled entirely by the upstart job;
    and fix the LSB header to not declare this should be started in
    runlevel 'S'
  - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
    upgrade.
  - debian/rules: Do not install start symlinks for init scripts, and
    install debian/cryptdisks-{enable,udev}.upstart scripts.
  - Add debian/cryptsetup.apport: Apport package hook. Install in
    debian/rules and create dir in debian/cryptsetup.dirs.
  - debian/rules: link dynamically against libgcrypt and libgpg-error.
  - debian/cryptsetup.postrm: call update-initramfs on package removal.
* Dropped changes, merged/superseded in Debian:
  - Add ext4 support to passdev.
  - cryptroot-hook: don't call copy_modules_dir with empty arguments when
    archcrypto isn't found
  - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into
    the initramfs.
  - change interaction to use plymouth directly if present, and if not, to
    fall back to /lib/cryptsetup/askpass as before
  - cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
  - debian/initramfs/cryptroot-script: if plymouth is present in the
    initramfs, use this directly, bypassing the cryptsetup askpass script
  - debian/initramfs/cryptroot-hook: Properly anchor our regexps when
    grepping /etc/crypttab so that we don't incorrectly match device names
    that are substrings of one another.
  - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
    file descriptor to subprocesses.
  - Fix grammar error in debian/initramfs/cryptroot-script
    ("setup" -> "set up")
  - debian/initramfs/cryptroot-script: Fix this to work with current
    initramfs-tools:
    + Source /scripts/functions after checking for prerequisites.
    + prereqs(): Do not assume we are running within initramfs, and
      calculate relative path correctly.
* Fix grammar error in debian/initramfs/cryptroot-script
  ("setup" -> "set up") (LP: #578896)
* debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
  file descriptor to subprocesses.
* debian/initramfs/cryptroot-hook: Properly anchor our regexps when
  grepping /etc/crypttab so that we don't incorrectly match device names
  that are substrings of one another.
* debian/cryptdisks-{enable,udev}.conf, debian/control: drop
  'console output' and add a hard dependency on plymouth instead of
  watershed, to avoid spitting extra messages to the console.
* Set FRAMEBUFFER=y in the file that we actually ship.
* debian/cryptsetup.postrm: call update-initramfs on package removal.
  LP: #468228.
* cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
* cryptdisks.functions: when called by cryptdisks-enable, check that we
  don't already have a corresponding cryptdisks-udev job running (probably
  waiting for a passphrase); if there is, wait until it's finished before
  continuing.
* Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the
  initramfs.
* cryptdisks.functions, debian/initramfs/cryptroot-script: fix the
  invocation of plymouth, so that we actually get proper passphrase prompts
  (once bug #496765 is fixed).
* cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for
  changing the permissions of the filesystem root, not directly on /tmp,
  since mounting on /tmp a) is racy, b) confuses mountall something fierce.
  LP: #475936.
* Depend on watershed.
* Fix the LSB header in the init scripts, now that we don't install to
  rcS.d.
* debian/initramfs/cryptroot-script: Fix this to work with current
  initramfs-tools:
  - Source /scripts/functions after checking for prerequisites.
  - prereqs(): Do not assume we are running within initramfs, and calculate
    relative path correctly.
* Rename the upstart job introduced in the previous upload to
  cryptdisks-udev and restore the previous version of the job as
  cryptdisks-enable, to run at the end of udev coldplugging as before;
  this isn't entirely race-free, but should nevertheless give us the
  two passes needed to cover devices that are decrypted using keys stored
  on other encrypted disks. LP: #443980.
* debian/initramfs/cryptroot-script: if plymouth is present in the
  initramfs, use this directly, bypassing the cryptsetup askpass script;
  but keep support for these other frontends around on a transitional
  basis.
* debian/cryptdisks.functions:
  - change interaction to use plymouth directly if present, and if not, to
    fall back to /lib/cryptsetup/askpass as before
  - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
    we only ever have one of these running at a time; otherwise multiple
    invocations could steal each other's input and/or write over each
    other's output
  - new function, crypttab_start_one_disk, to look for the named source
    device in /etc/crypttab (by device name, UUID, or label) and start it
    if configured to do so
* debian/cryptdisks-enable.upstart: run the upstart job once for each block
  device, using the new crypttab_start_one_disk function, triggered by udev;
  this doesn't eliminate the possibility of a race with gdm when the
  decrypted volume isn't a 'bootwait' mount point (since gdm kills
  plymouth), but it does eliminate the race between udev and cryptsetup.
  LP: #454898.
* debian/cryptdisks-enable.upstart: check that the package is installed
  and exit gracefully if it's not. LP: #435814
* debian/cryptdisk.functions: initially create the device under a temporary
  name and rename it only at the end using 'dmsetup rename', to ensure that
  upstart/mountall doesn't see our device before it's ready to go.
  LP: #475936.
* Add ext4 support to passdev.
* cryptroot-hook: Use if [ -n … ] instead of if ! test -z ….
* cryptroot-hook: dont call copy_modules_dir with empty arguments when
  archcrypto isnt found (LP: #495161)
* Merge with Debian testing. Remaining Ubuntu changes:
  - debian/rules: cryptsetup is linked dynamically against libgcrypt and
    libgpg-error.
  - Upstart migration:
    + Add debian/cryptdisks-enable.upstart.
    + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
      script a no-op, this should be handled entirely by the upstart job.
      (LP #473615)
    + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
      upgrade.
    + debian/rules: Do not install start symlinks for those two, and install
      debian/cryptdisks-enable.upstart scripts.
  - Add debian/cryptsetup.apport: Apport package hook. Install in
    debian/rules, and create dir in debian/cryptsetup.dirs.
  - Start usplash in initramfs, since we need it for fancy passphrase input:
    + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y
    + debian/control: Bump initramfs-tools Suggests to Depends:.
* Make the 'start' action of the init script a no-op, this should be
  handled entirely by the upstart job now; and remove any symlinks from
  /etc/rcS.d on upgrade. LP: #473615.
* Add an apport hook
* import the blkid and un_blkid from debian, LP: #446517
* also use this script by default (setting in /etc/default/cryptdisks)
* Reupload previous version, siretart had left changes in bzr which
  weren't documented in the changelog and caused FTBFS.
* Move the Debian Vcs- fields aside.
* debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy,
  cryptsetup should not need a controlling terminal, just a terminal
  is fine. May fix LP: #439138.
* debian/cryptdisks-enable.upstart: Things that often help include
  not setting stdin/out to /dev/null, so you can actually type the
  passphrase. I am an idiot. LP: #430496.
* debian/cryptdisks-enable.upstart: add upstart job to enable encrypted
  disks once we've finished probing for udev devices, so that mountall
  can use them. LP: #430496.
* debian/initramfs/cryptroot-conf: declare that we want usplash included
  in the initramfs whenever this package is installed. LP: #427356.
* Merge from debian unstable, remaining changes:
  - Ubuntu specific:
    + debian/rules: link dynamically for better security supportability and
      smaller packages.
    + debian/control: Depend on initramfs-tools so system is not potentially
      rendered unbootable.
  - debian/initramfs/cryptroot-script wait for encrypted device to appear,
    report with log_*_msg (debian bug 488271).
  - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL
    correlation between fstab and crypttab (debian bug 522041).
  - debian/askpass.c, debian/initramfs/cryptroot-script: using newline
    escape in passphrase prompt to avoid line-wrapping (debian bug 528133).
* Drop 04_fix_udevsettle_call.patch: fixed upstream differently.
* debian/control: Depend on initramfs-tools so system is not potentially
  rendered unbootable (LP: #358654).
* debian/initramfs/cryptroot-script: we don't require vol_id to understand
  the encrypted device, but we should check the device is fully up first
  before continuing by calling udevadm settle. LP: #291752.
* debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation
  between fstab and crypttab (LP: #287879).
* debian/askpass.c: also handle newline escape code in console prompt.
* debian/checks/un_vol_id: dynamically build the "unknown volume type"
  string, to allow for encrypted swap, LP: #316607
* debian/askpass.c: handle newline escape code in password prompt.
* debian/initramfs/cryptroot-script: add newline to split cryptroot
  password prompt onto two lines for readability (LP: #326900).
* Merge from debian unstable, remaining changes:
  - debian/initramfs/cryptroot-script:
    - must source /scripts/functions to get the log_*_msg() functions.
    - wait for encrypted device to show up (LP 164044, 291752).
    - disable error message 'failed to setup lvm device' (LP 151532).
  - debian/rules:
    - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is
      in Debian unstable).
    - link dynamically (LP 62751).
  - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle.
* Revert versioned build-depency on libdevmapper-dev, since Ubuntu's
  version is higher now.
* debian/initramfs/cryptroot-script: do not require that vol_id
  can parse the encrypted device as valid (LP: #291752).
* Fixes for (LP: #272301)
* debian/initramfs/cryptroot-script: must source /scripts/functions to get
  the log_*_msg() functions
* 04_fix_udevsettle_call.patch: fix path to binary for udevsettle
* drop almost all ubuntu specific changes from the cryptsetup package,
  because they have been merged in debian. Thanks a lot!
* merge from debian, remaining changes:
  - remove versioned build-depency on libdevmapper-dev, we are using a
    rather sophisticated loop for making sure the root filesystem appears.
* debian/rules: fix location of ltmain.sh
* don't exit usplash anymore in the init script. LP: #110970, #139363
* Disable error message 'failed to setup lvm device'. It is harmless, and
  caused by the fact that the udev rules provided by lvm2 are setting up
  the lvm on their own. In debian the scripts here are responsible for this
  but obviously fail in ubuntu. LP: #151532
* reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally
  dropped in version 2:1.0.6-2ubuntu6.
* load scripts/functions for log_{begin,end}_msg
* debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device
* debian/initramfs/cryptroot-hook: copy binaries to the right directory
* remove versioned build-depency on libdevmapper-dev, we are using a
  rather sophisticated loop for making sure the root filesystem appears.
* Okay, I give up. include preprocessed manpages and adapt
  debian/rules to easily produce those.
  ATTENTION: on subsequent uploads, make sure that the manpages are
  available and up-to-date.
* also use local dtd in debian/doc/variables.xml.in.
* try harder to fix FTBFS.
* build docbook documentation using local dtds instead of trying to
  download them at buildtime. Fixes FTBFS.
* Merge new debian version. Remaining changes:
  - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
    bzr on launchpad.
  - debian/rules: cryptsetup is linked dynamically against libgcrypt and
    libgpg-error.
  - cryptdisks.functions: stop usplash on user input. LP #62751
  - Parse comments in lines not starting with '#', LP #185380
  - If the encrypted source device hasn't shown up yet, give it a
    little while to deal with removable devices. LP #164044
* Depend on race-free version of libdevmapper, thus making udevsettle
  call from cryptsetup binary unnecessary. Dropping patch
  debian/patches/06_run_udevsettle.patch
* remove patch from LP #73862, loading optimized modules has been solved
  in debian in another way.
* cryptdisk.functions: remove spurious call to load_optimized_module.
  LP: #239946
* bugfix: make regex work if keyfile has extended attributes. LP: #231339.
* remove patch in cryptdisks.functions for rexecing the script itself for
  ensuring that a tty is always available. (See LP #58794.) According to
  Scott, this is not necessary anymore.
* Fix configuration parsing (LP: #239808)
* cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723)
* Parse comments in lines not starting with '#', LP: #185380
* in cryptroot hook, don't rely on 'udevadm settle' to wait long enough
  for the cryptdevice to appear. Reimplement the busy waiting loop found
  while waiting for the root file system. Patch based on work by Swâmi
  Petaramesh. LP: #164044
* debian/crypdisks.functions: call 'env' with full path. LP: #178829.
* Simplify the patch in debian/cryptdisks.functions that stops usplash
  before asking for a passphrase.
* Merge new debian version. Remaining changes:
  - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
  - stop usplash on user input. LP #62751
  - debian/cryptdisks.functions: Always output and read from the console.
    LP #58794.
  - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
    bzr on launchpad.
  - debian/initramfs/cryptroot-hook: LP #73862
    Added patch to install aes optimized cypher module
  - try to load optimized cypher module in cryptsetup.functions as well,
    because cryptroot-hook is only executed when we really have a
    cryptoroot.
* other ubuntu changes have been merged into debian. Please report bugs
  if you believe some patches have been dropped.
* removed 07_typos_fix.patch, has been reviewed and applied upstream.
* added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181)
* debian/initramfs/cryptroot-script: Do show the disk name after all, since
  some people use multiple encrypted partitions as LVM PVs. (LP: #201413)
* debian/initramfs/cryptroot-script: Do not mention the name of the
  encrypted device. It is just technobabble anyway (sda4_crypt), and there
  is just one root partition ever, so it is not needed to tell apart
  different partitions. From a security POV, someone who can change your
  initramfs to boot a different root partition can just as well change the
  strings, too. (LP: #201413)
* debian/scripts/luksformat: Use 256 bit key size by default.
  (LP: #78508)
* debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for
  luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508)
* Fix -x calls and access() call.
* debian/initramfs/cryptroot-script: call udevadm instead of udevsettle
* debian/patches/06_call_udevsettle.dpatch: likewise
* Make cryptsetup understand devices specified by UUID=... or LABEL=
  in crypttab. (LP: #153597)
* reenable additional udevsettle calls in cryptroot hook from
  https://launchpad.net/bugs/85640, LP: #132373.
* change maintainer to ubuntu-core-dev.
* use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control.
* reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last
  upload. Sorry, pitti.
* convert patch to lib/libdevmapper.c to a dpatch.
* RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation
  events are being processed by calling /sbin/udevsettle. Patch based on
  OpenSUSE bug #285478, LP: #132373.
* Based on the change above, the patch from LP #85640 is no longer needed.
  dropping the relevant parts.
* Fix debian/rules to not fail to build if autom4te.cache is left behind
  from a previous incomplete build.
* debian/initramfs/cryptroot-script:
  - If the supplied password worked, remove the prompt from usplash again,
    so that the user has some visual feedback that everything is alright.
    (LP: #151305)
  - Do not show the UUID device node of the outer physical device. It is
    scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not
    improve security at all: If attackers can tamper with your initramfs,
    they can also change the prompt, and if the UUID of the physical device
    changes, then booting will not even get that far. Now it is a much more
    friendly "Enter passphrase for sda5_crypt:" which is still technical,
    but it's necessary to point out which device will be unlocked in case
    there are several.
* Merge new debian version. Remaining changes:
  - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
    This will break systems where /usr is a separate encrypted filesystem
    but not have other bad consequences (in particular, systems with
    encrypted root are still fine). The upsides include better
    security supportability and smaller packages.
  - libcryptsetup.so et al removed from the binary packages. They have
    no stable ABI and are not suitable for use by other packages, and
    were in violation of library policies etc. They're not needed since
    the cryptsetup executable statically contains the relevant parts of
    libcryptsetup.
  - cryptdisks.functions: remove #!/bin/bash as it isn't a script
    by itself; it's only sourced by other scripts. This gets rid
    of the lintian warning `script-not-executable' for this file.
  - stop usplash on user input. LP #62751
  - Always output and read from the console. LP #58794.
  - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
    bzr on launchpad.
  - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
    libnsl linkage;
  - debian/initramfs/cryptroot-hook: (LP: #73862)
    Added patch to install aes optimized cypher module
  - try to load optimized cypher module in cryptsetup.functions as well,
    because cryptroot-hook is only executed when we really have a
    cryptoroot.
  - apply patch from pitti for allowing UUIDs in /etc/crypttab.
    This allowes crypted PVs! LP: #144390.
  - remove README.ubuntu, since it contains old and obsolete information.
* apply patch from pitti for allowing UUIDs in /etc/crypttab.
  This allowes crypted PVs! LP: #144390.
* remove README.ubuntu, since it contains old and obsolete information.
* debian/initramfs/cryptroot-hook: (LP: #73862)
  - Added patch to install aes optimized cypher module
* re-applying old patch to new package version
* try to load optimized cypher module in cryptsetup.functions as well,
  because cryptroot-hook is only executed when we really have a
  cryptoroot.
* Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
  libnsl linkage; should finally produce a usable cryptsetup binary for
  the udeb.
* Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for
  proper udeb dependencies.
* Merge new debian version. Remaining changes:
  - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
    This will break systems where /usr is a separate encrypted filesystem
    but not have other bad consequences (in particular, systems with
    encrypted root are still fine). The upsides include better
    security supportability and smaller packages.
  - libcryptsetup.so et al removed from the binary packages. They have
    no stable ABI and are not suitable for use by other packages, and
    were in violation of library policies etc. They're not needed since
    the cryptsetup executable statically contains the relevant parts of
    libcryptsetup.
  - cryptdisks.functions: remove #!/bin/bash as it isn't a script
    by itself; it's only sourced by other scripts. This gets rid
    of the lintian warning `script-not-executable' for this file.
  - stop usplash on user input. LP #62751
  - Always output and read from the console. LP #58794.
* Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
  bzr on launchpad.
* UVF exception request granted by Scott Kitterman and Chuck Short
  LP: #138295
* Add notes by Ilkka Tuohela in a new file debian/README.ubuntu
* cryptsetup is linked dynamically against libgcrypt and libgpg-error.
  This will break systems where /usr is a separate encrypted filesystem
  but not have other bad consequences (in particular, systems with
  encrypted root are still fine). The upsides include better
  security supportability and smaller packages.
* libcryptsetup.so et al removed from the binary packages. They have
  no stable ABI and are not suitable for use by other packages, and
  were in violation of library policies etc. They're not needed since
  the cryptsetup executable statically contains the relevant parts of
  libcryptsetup.
* cryptdisks.functions: remove #!/bin/bash as it isn't a script
  by itself; it's only sourced by other scripts. This gets rid
  of the lintian warning `script-not-executable' for this file.
* s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions
  (LP: #115617)
* make luksformat check if filesystem is already mounted to prevent a
  strange error message. thanks to mvo for the patch (LP: #116633)
* remove file debian/initramfs-cryptroot-script from source. it is not
  installed anywhere, and a leftover from the last merge.
* add missing hunk of cryptsetup.functions compared to debian package.
* reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to
  debian/initramfs/cryptroot-script, since stgraber's patch has been
  lost in the last merge. (LP: #85640)
* modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405)
* Merge from Debian unstable. Remaining Ubuntu changes:
  - stop usplash on user input. Ubuntu: #62751
  - Always output and read from the console. Ubuntu: #58794.
  - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
* Modify Maintainer value to match Debian-Maintainer-Field Spec
* Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
* merge debian changes. Remaining ubuntu changes:
  - stop usplash on user input. Ubuntu: #62751
  - Always output and read from the console. Ubuntu: #58794.
* fix and improve initramfs hook: terminate usplash if running, since
  adequate secure text input is not possible with usplash ATM
* usplash support: Terminate usplash before asking a password.
  Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751
* merge debian changes, remaining patches:
  - Always output and read from the console. Ubuntu: #58794.
* other changes have been merged or do noy apply anymore
* read password via usplash if available in initramfs for rootfs. based on a patch from
  Swen Thümmler (Thanks for that!) Ubuntu #62751
* read password from initscript via usplash if running. should fix the
  rest of Ubuntu #62751. Only problem with that patch: It asks only once
  for the password! improvements welcome!
* Always output and read from the console. Ubuntu: #58794.
* Load the dm-crypt module on startup. Ubuntu: #53475.
* Sync with Debian:
  Remaining Ubuntu Changes
  + debian/cryptdisks.functions:
    - Tell usplash to quit if we ask for a passphrase

12 of 2 results