Ubuntu
cryptsetup package

Merge ~mkukri/ubuntu/+source/cryptsetup:merge into ubuntu/+source/cryptsetup:debian/sid

Proposed by Mate Kukri on 2024-01-04

Status:

Merged

Merge reported by:

Mate Kukri

Merged at revision:

5092a322e94ccbf5a2e97f9d42070bda8dec8d1c

Proposed branch:

~mkukri/ubuntu/+source/cryptsetup:merge

Merge into:

ubuntu/+source/cryptsetup:debian/sid

Diff against target:

2709 lines (+2061/-27)

14 files modified

debian/changelog (+1931/-0)
debian/control (+7/-5)
debian/functions (+9/-1)
debian/initramfs/cryptroot-unlock (+12/-6)
debian/initramfs/hooks/cryptroot (+5/-3)
debian/rules (+3/-0)
debian/tests/control (+3/-2)
debian/tests/cryptroot-lvm.d/mock (+7/-2)
debian/tests/cryptroot-nested.d/config (+7/-0)
debian/tests/cryptroot-sysvinit.d/config (+7/-2)
debian/tests/initramfs-hook (+16/-2)
debian/tests/utils/cryptroot-common (+27/-3)
debian/tests/utils/mkinitramfs (+2/-0)
debian/tests/utils/mock.pm (+25/-1)

Related bugs:

Bug #1983522: cryptroot-* autopkgtests fail on Ubuntu	High	Fix Released
Bug #2032659: Correctly detect and use FIPS mode	Undecided	Fix Released

Link a bug report

Reviewer	Date Requested	Status
Lukas Märdian (community)	2024-01-04	Approve on 2024-01-09
Simon Quigley	2024-01-04	Pending
Review via email: mp+457969@code.launchpad.net

This proposal supersedes a proposal from 2024-01-03.

Commit message

Merge with Debian sid. Rebased the previously split Ubuntu changes.

Revision history for this message

Simon Quigley (tsimonq2) wrote on 2024-01-03: Posted in a previous version of this proposal

would you mind also submitting this against debian/sid for a cleaner review?

may be personal preference :)

review: Needs Fixing

Revision history for this message

Lukas Märdian (slyon) wrote on 2024-01-09:

Test build available in https://launchpad.net/~mkukri/+archive/ubuntu/dev/+packages

Revision history for this message

Lukas Märdian (slyon) wrote on 2024-01-09:

Diff against ubuntu/noble-devel and debian/sid are looking good. Delta got split up nicely.

Test builds are looking good, passing the build-time tests.
Autopkgtests need investigation, but this is unrelated to this merge (they have been failing for a while).

LGTM.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Mate Kukri

git-ubuntu developers

 diff --git a/debian/changelog b/debian/changelog
 index 78803a1..edadf8b 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,34 @@
++cryptsetup (2:2.6.1-6ubuntu1) noble; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - Support zstd compressed modules for the self test.
++    - Compile-in support for a FIPS mode. LP #2032659
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
++      + Do not build cryptsetup-suspend binary package on i386.
++    - Fix cryptroot-unlock for busybox compatibility.
++    - Fix warning and error when running on ZFS on root
++      + d/functions: Return an empty devno for ZFS devices as they don't have
++        major:minor device numbers.
++      + d/initramfs/hooks/cryptroot: Ignore and don't print an error message
++        when devices don't have a devno.
++    - Fix cryptroot-* autopkgtests on Ubuntu. (LP #1983522)
++      + debian/tests/utils/mock.pm: return from consume() function if select()
++        times out or fails
++      + debian/tests/utils/cryptroot-common: fix apt source and kernel package
++        names for Ubuntu
++      + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu
++        cryptroot-sysvinit package test
++      + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add
++        workaround for LP1831747 by adding a e2fsprogs dependency
++      + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and
++        allow blowfish test use 64Mb of provisioned space (drop --size)
++      + debian/tests/control: disable cryptdisks test
++
++ -- Mate Kukri <mate.kukri@canonical.com>  Wed, 03 Jan 2024 10:38:16 +0000
++
  cryptsetup (2:2.6.1-6) unstable; urgency=medium
    [ Kevin Locke ]
@@ -11,6 +42,37 @@ cryptsetup (2:2.6.1-6) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Tue, 05 Dec 2023 17:48:58 +0100
++cryptsetup (2:2.6.1-5ubuntu1) noble; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - Support zstd compressed modules for the self test.
++    - Compile-in support for a FIPS mode. LP #2032659
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
++      + Do not build cryptsetup-suspend binary package on i386.
++    - Fix cryptroot-unlock for busybox compatibility.
++    - Fix warning and error when running on ZFS on root
++      + d/functions: Return an empty devno for ZFS devices as they don't have
++        major:minor device numbers.
++      + d/initramfs/hooks/cryptroot: Ignore and don't print an error message
++        when devices don't have a devno.
++    - Fix cryptroot-* autopkgtests on Ubuntu. (LP #1983522)
++      + debian/tests/utils/mock.pm: return from consume() function if select()
++        times out or fails
++      + debian/tests/utils/cryptroot-common: fix apt source and kernel package
++        names for Ubuntu
++      + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu
++        cryptroot-sysvinit package test
++      + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add
++        workaround for LP1831747 by adding a e2fsprogs dependency
++      + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and
++        allow blowfish test use 64Mb of provisioned space (drop --size)
++      + debian/tests/control: disable cryptdisks test
++
++ -- Mate Kukri <mate.kukri@canonical.com>  Mon, 20 Nov 2023 09:50:25 +0000
++
  cryptsetup (2:2.6.1-5) unstable; urgency=medium
    [ Guilhem Moulin ]
@@ -24,6 +86,49 @@ cryptsetup (2:2.6.1-5) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Sun, 27 Aug 2023 12:24:57 +0200
++cryptsetup (2:2.6.1-4ubuntu3) mantic; urgency=medium
++
++  * Support zstd compressed modules for the self test.
++
++ -- Andrea Righi <andrea.righi@canonical.com>  Mon, 11 Sep 2023 15:05:35 +0000
++
++cryptsetup (2:2.6.1-4ubuntu2) mantic; urgency=medium
++
++  * Compile-in support for a FIPS mode. LP: #2032659
++
++ -- Dimitri John Ledkov <dimitri.ledkov@canonical.com>  Tue, 22 Aug 2023 16:06:53 +0100
++
++cryptsetup (2:2.6.1-4ubuntu1) mantic; urgency=medium
++
++  * Merge with Debian unstable (LP: #2019292). Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
++      + Do not build cryptsetup-suspend binary package on i386.
++    - Fix cryptroot-unlock for busybox compatibility.
++    - Fix warning and error when running on ZFS on root
++      - d/functions: Return an empty devno for ZFS devices as they don't have
++        major:minor device numbers.
++      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
++        when devices don't have a devno.
++    - debian/patches/decrease_memlock_ulimit.patch
++      Fixed FTBFS due to a restricted build environment
++    - Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522)
++      + debian/tests/utils/mock.pm: return from consume() function if select()
++        times out or fails
++      + debian/tests/utils/cryptroot-common: fix apt source and kernel package
++        names for Ubuntu
++      + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu
++        cryptroot-sysvinit package test
++      + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add
++        workaround for LP1831747 by adding a e2fsprogs dependency
++      + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and
++        allow blowfish test use 64Mb of provisioned space (drop --size)
++      + debian/tests/control: disable cryptdisks test
++
++ -- Vladimir Petko <vladimir.petko@canonical.com>  Mon, 15 May 2023 09:55:25 +1200
++
  cryptsetup (2:2.6.1-4) unstable; urgency=medium
    * Backport upstream MR !498, see #1028250:
@@ -58,6 +163,37 @@ cryptsetup (2:2.6.1-2) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Thu, 02 Mar 2023 05:01:53 +0100
++cryptsetup (2:2.6.1-1ubuntu1) lunar; urgency=low
++
++  * Merge with Debian unstable (LP: #2004423). Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
++      + Do not build cryptsetup-suspend binary package on i386.
++    - Fix cryptroot-unlock for busybox compatibility.
++    - Fix warning and error when running on ZFS on root
++      - d/functions: Return an empty devno for ZFS devices as they don't have
++        major:minor device numbers.
++      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
++        when devices don't have a devno.
++    - debian/patches/decrease_memlock_ulimit.patch
++      Fixed FTBFS due to a restricted build environment
++    - Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522)
++      + debian/tests/utils/mock.pm: return from consume() function if select()
++        times out or fails
++      + debian/tests/utils/cryptroot-common: fix apt source and kernel package
++        names for Ubuntu
++      + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu
++        cryptroot-sysvinit package test
++      + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add
++        workaround for LP1831747 by adding a e2fsprogs dependency
++      + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and
++        allow blowfish test use 64Mb of provisioned space (drop --size)
++      + debian/tests/control: disable cryptdisks test
++
++ -- Vladimir Petko <vladimir.petko@canonical.com>  Mon, 13 Feb 2023 15:57:18 +1300
++
  cryptsetup (2:2.6.1-1) unstable; urgency=medium
    * New upstream bugfix release.
@@ -107,6 +243,54 @@ cryptsetup (2:2.6.0~rc0-1) experimental; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Sat, 19 Nov 2022 17:30:40 +0100
++cryptsetup (2:2.5.0-6ubuntu3) lunar; urgency=medium
++
++  * Fix cryptroot-lvm autopkgtest on Ubuntu. (LP: #1983522)
++    - debian/tests/control: enable cryptroot-lvm
++    - debian/tests/utils/mock.pm: return from consume() function if select()
++      times out or fails
++
++ -- Vladimir Petko <vladimir.petko@canonical.com>  Fri, 02 Dec 2022 15:53:42 +1300
++
++cryptsetup (2:2.5.0-6ubuntu2) lunar; urgency=medium
++
++  * Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522)
++    - debian/tests/utils/cryptroot-common: fix apt source and kernel package
++      names for Ubuntu
++    - debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu
++      cryptroot-sysvinit package test
++    - debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add
++      workaround for LP1831747 by adding a e2fsprogs dependency
++    - debian/tests/control: disable cryptdisks, cryptroot-lvm due to CI
++      failures and update comments
++    - debian/tests/utils/mock.pm: fix cryptoroot-lvm test adding retries to the
++      suspend operation and consuming the console buffer before making
++      assertions. It still hangs in CI and requires further work.
++    - debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and
++      allow blowfish test use 64Mb of provisioned space (drop --size)
++
++ -- Vladimir Petko <vladimir.petko@canonical.com>  Fri, 02 Dec 2022 14:14:42 +1300
++
++cryptsetup (2:2.5.0-6ubuntu1) lunar; urgency=low
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
++      + Do not build cryptsetup-suspend binary package on i386.
++    - Fix cryptroot-unlock for busybox compatibility.
++    - Fix warning and error when running on ZFS on root
++      - d/functions: Return an empty devno for ZFS devices as they don't have
++        major:minor device numbers.
++      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
++        when devices don't have a devno.
++    - debian/patches/decrease_memlock_ulimit.patch
++      Fixed FTBFS due to a restricted build environment
++    - Disable failing Debian-tailored cryptroot-* autopkgtests
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 07 Nov 2022 08:36:38 -0800
++
  cryptsetup (2:2.5.0-6) unstable; urgency=medium
    * d/t/cryptroot-*: Mask systemd-firstboot.service.
@@ -202,6 +386,26 @@ cryptsetup (2:2.5.0-3) unstable; urgency=low
   -- Guilhem Moulin <guilhem@debian.org>  Sun, 18 Sep 2022 23:01:46 +0200
++cryptsetup (2:2.5.0-2ubuntu1) kinetic; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
++      + Do not build cryptsetup-suspend binary package on i386.
++    - Fix cryptroot-unlock for busybox compatibility.
++    - Fix warning and error when running on ZFS on root: (LP: #1830110)
++      - d/functions: Return an empty devno for ZFS devices as they don't have
++        major:minor device numbers.
++      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
++        when devices don't have a devno.
++    - debian/patches/decrease_memlock_ulimit.patch
++      Fixed FTBFS due to a restricted build environment
++  * Disable failing Debian-tailored cryptroot-* autopkgtests, see bug #1983522
++
++ -- Benjamin Drung <bdrung@ubuntu.com>  Wed, 24 Aug 2022 00:56:28 +0200
++
  cryptsetup (2:2.5.0-2) unstable; urgency=low
    [ Matthias Klose ]
@@ -260,6 +464,29 @@ cryptsetup (2:2.5.0-2) unstable; urgency=low
   -- Guilhem Moulin <guilhem@debian.org>  Tue, 09 Aug 2022 01:40:50 +0200
++cryptsetup (2:2.5.0-1ubuntu1) kinetic; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
++      + Do not build cryptsetup-suspend binary package on i386.
++    - Fix cryptroot-unlock for busybox compatibility.
++    - Fix warning and error when running on ZFS on root: (LP: #1830110)
++      - d/functions: Return an empty devno for ZFS devices as they don't have
++        major:minor device numbers.
++      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
++        when devices don't have a devno.
++    - debian/patches/decrease_memlock_ulimit.patch
++      Fixed FTBFS due to a restricted build environment
++    - Stop building the udeb on request.
++  * d/initramfs/hooks/cryptroot: Include OpenSSL legacy.so for ripemd160 and
++    whirlpool hash algorithms (LP: #1979159)
++  * Disable failing Debian-tailored cryptroot-* autopkgtests, see bug #1983522
++
++ -- Benjamin Drung <bdrung@ubuntu.com>  Thu, 04 Aug 2022 12:30:02 +0200
++
  cryptsetup (2:2.5.0-1) unstable; urgency=medium
    * New upstream release. (Closes: #1000634, #1011128)
@@ -338,6 +565,26 @@ cryptsetup (2:2.5.0~rc1-1) experimental; urgency=low
   -- Guilhem Moulin <guilhem@debian.org>  Fri, 15 Jul 2022 01:49:59 +0200
++cryptsetup (2:2.4.3-1ubuntu1) jammy; urgency=low
++
++  * Merge from Debian unstable (LP: #1959427). Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
++      + Do not build cryptsetup-suspend binary package on i386.
++    - Fix cryptroot-unlock for busybox compatibility.
++    - Fix warning and error when running on ZFS on root: (LP: #1830110)
++      - d/functions: Return an empty devno for ZFS devices as they don't have
++        major:minor device numbers.
++      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
++        when devices don't have a devno.
++    - debian/patches/decrease_memlock_ulimit.patch
++      Fixed FTBFS due to a restricted build environment
++    - Stop building the udeb on request.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 28 Jan 2022 12:14:06 -0800
++
  cryptsetup (2:2.4.3-1) unstable; urgency=high
    [ Guilhem Moulin ]
@@ -351,6 +598,64 @@ cryptsetup (2:2.4.3-1) unstable; urgency=high
   -- Guilhem Moulin <guilhem@debian.org>  Thu, 13 Jan 2022 19:07:05 +0100
++cryptsetup (2:2.4.2-1ubuntu4) jammy; urgency=medium
++
++  * Move cryptsetup-initramfs back to cryptsetup's Recommends (from Suggests).
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Thu, 09 Dec 2021 12:53:00 +1300
++
++cryptsetup (2:2.4.2-1ubuntu3) jammy; urgency=medium
++
++  * Fix build on i386.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Tue, 07 Dec 2021 13:17:48 +1300
++
++cryptsetup (2:2.4.2-1ubuntu2) jammy; urgency=medium
++
++  * Do not build new cryptsetup-suspend binary package on i386.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Tue, 07 Dec 2021 11:47:55 +1300
++
++cryptsetup (2:2.4.2-1ubuntu1) jammy; urgency=medium
++
++  * Merge from Debian unstable. Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++    - Fix warning and error when running on ZFS on root: (LP: #1830110)
++      - d/functions: Return an empty devno for ZFS devices as they don't have
++        major:minor device numbers.
++      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
++        devices don't have a devno.
++      Submitted to debian upstream as bug #902449.
++    - debian/patches/decrease_memlock_ulimit.patch
++      Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
++      tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
++      - Thanks Guilherme G. Piccoli.
++    - Stop building the udeb on request.
++  * Dropped change, included in Debian:
++    - Introduce retry logic for external invocations after mdadm (LP: #1879980)
++      - Currently, if an encrypted rootfs is configured on top of a MD RAID1
++        array and such array gets degraded (e.g., a member is removed/failed)
++        the cryptsetup scripts cannot mount the rootfs, and the boot fails.
++        We fix that issue here by allowing the cryptroot script to be re-run
++        by initramfs-tools/local-block stage, as mdadm can activate degraded
++        arrays at that stage.
++        There is an initramfs-tools counter-part for this fix, but alone the
++        cryptsetup portion is harmless.
++      - d/cryptsetup-initramfs.install: ship the new local-bottom script.
++      - d/functions: declare variables for local-top|block|bottom scripts
++        (flag that local-block is running and external invocation counter.)
++      - d/i/s/local-block/cryptroot: set flag that local-block is running.
++      - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
++      - d/i/s/local-top/cryptroot: change the logic from just waiting 180
++        seconds to waiting 5 seconds first, then allowing initramfs-tools
++        to run mdadm (to activate degraded arrays) and call back at least
++        30 times/seconds more.
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Thu, 02 Dec 2021 11:58:05 +1300
++
  cryptsetup (2:2.4.2-1) unstable; urgency=high
    * New upstream bugfix release 2.4.2.
@@ -469,6 +774,18 @@ cryptsetup (2:2.3.6-1+exp1) experimental; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Fri, 28 May 2021 22:54:20 +0200
++cryptsetup (2:2.3.6-0ubuntu2) jammy; urgency=medium
++
++  * No-change rebuild against openssl3
++
++ -- Simon Chopin <simon.chopin@canonical.com>  Thu, 25 Nov 2021 14:22:07 +0200
++
++cryptsetup (2:2.3.6-0ubuntu1) impish; urgency=medium
++
++  * New upstream release.
++
++ -- Matthieu Clemenceau <matthieu.clemenceau@canonical.com>  Fri, 20 Aug 2021 11:32:12 +1200
++
  cryptsetup (2:2.3.5-1+exp1) experimental; urgency=medium
    * Upload to experimental.
@@ -541,6 +858,69 @@ cryptsetup (2:2.3.4-1+exp1) experimental; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Fri, 04 Sep 2020 00:55:41 +0200
++cryptsetup (2:2.3.4-1ubuntu3) hirsute; urgency=medium
++
++  * Stop building the udeb on request.
++
++ -- Matthias Klose <doko@ubuntu.com>  Mon, 22 Feb 2021 12:10:36 +0100
++
++cryptsetup (2:2.3.4-1ubuntu2) hirsute; urgency=medium
++
++  * No-change rebuild to drop the udeb package.
++
++ -- Matthias Klose <doko@ubuntu.com>  Mon, 22 Feb 2021 10:30:38 +0100
++
++cryptsetup (2:2.3.4-1ubuntu1) hirsute; urgency=medium
++
++  * Merge with Debian unstable. Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++    - Fix warning and error when running on ZFS on root: (LP #1830110)
++      - d/functions: Return an empty devno for ZFS devices as they don't have
++        major:minor device numbers.
++      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
++        devices don't have a devno.
++      Submitted to debian upstream as bug #902449.
++    - debian/patches/decrease_memlock_ulimit.patch
++      Fixed FTBFS due a restrict environment in the new Bionic Builder (LP #1891473)
++      tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
++      - Thanks Guilherme G. Piccoli.
++    - Introduce retry logic for external invocations after mdadm (LP #1879980)
++      - Currently, if an encrypted rootfs is configured on top of a MD RAID1
++        array and such array gets degraded (e.g., a member is removed/failed)
++        the cryptsetup scripts cannot mount the rootfs, and the boot fails.
++        We fix that issue here by allowing the cryptroot script to be re-run
++        by initramfs-tools/local-block stage, as mdadm can activate degraded
++        arrays at that stage.
++        There is an initramfs-tools counter-part for this fix, but alone the
++        cryptsetup portion is harmless.
++      - d/cryptsetup-initramfs.install: ship the new local-bottom script.
++      - d/functions: declare variables for local-top|block|bottom scripts
++        (flag that local-block is running and external invocation counter.)
++      - d/i/s/local-block/cryptroot: set flag that local-block is running.
++      - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
++      - d/i/s/local-top/cryptroot: change the logic from just waiting 180
++        seconds to waiting 5 seconds first, then allowing initramfs-tools
++        to run mdadm (to activate degraded arrays) and call back at least
++        30 times/seconds more.
++  * Dropped changes:
++    - Included in new upstream version:
++      - SECURITY UPDATE: Out-of-bounds write
++        - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
++          heap space in lib/luks2/luks2_json_metadata.c.
++        - CVE-2020-14382
++    - included in Debian:
++      - debian/cryptsetup-bin.install:
++        - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
++          it was installed from ./scripts/crypsetup.conf.
++      - debian/rules:
++        - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
++          without systemd knows how to ship cryptsetup.conf
++
++ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Tue, 10 Nov 2020 10:37:25 +1300
++
  cryptsetup (2:2.3.4-1) unstable; urgency=high
    * New upstream bugfix release, including fix for CVE-2020-14382:
@@ -608,6 +988,80 @@ cryptsetup (2:2.3.3-2) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Wed, 12 Aug 2020 00:22:59 +0200
++cryptsetup (2:2.3.3-1ubuntu6) groovy; urgency=medium
++
++  * Introduce retry logic for external invocations after mdadm (LP: #1879980)
++    - Currently, if an encrypted rootfs is configured on top of a MD RAID1
++      array and such array gets degraded (e.g., a member is removed/failed)
++      the cryptsetup scripts cannot mount the rootfs, and the boot fails.
++      We fix that issue here by allowing the cryptroot script to be re-run
++      by initramfs-tools/local-block stage, as mdadm can activate degraded
++      arrays at that stage.
++      There is an initramfs-tools counter-part for this fix, but alone the
++      cryptsetup portion is harmless.
++    - d/cryptsetup-initramfs.install: ship the new local-bottom script.
++    - d/functions: declare variables for local-top|block|bottom scripts
++      (flag that local-block is running and external invocation counter.)
++    - d/i/s/local-block/cryptroot: set flag that local-block is running.
++    - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
++    - d/i/s/local-top/cryptroot: change the logic from just waiting 180
++      seconds to waiting 5 seconds first, then allowing initramfs-tools
++      to run mdadm (to activate degraded arrays) and call back at least
++      30 times/seconds more.
++
++ -- Guilherme G. Piccoli <gpiccoli@canonical.com>  Wed, 16 Sep 2020 17:35:59 -0300
++
++cryptsetup (2:2.3.3-1ubuntu5) groovy; urgency=medium
++
++  * SECURITY UPDATE: Out-of-bounds write
++    - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
++      heap space in lib/luks2/luks2_json_metadata.c.
++    - CVE-2020-14382
++  * debian/patches/decrease_memlock_ulimit.patch
++    Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
++    tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
++    - Thanks Guilherme G. Piccoli.
++
++ -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 09 Sep 2020 09:29:17 -0300
++
++cryptsetup (2:2.3.3-1ubuntu4) groovy; urgency=medium
++
++  * No change rebuild against new json-c ABI.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 28 Jul 2020 17:42:50 +0100
++
++cryptsetup (2:2.3.3-1ubuntu3) groovy; urgency=medium
++
++  * debian/rules:
++    - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
++      without systemd knows how to ship cryptsetup.conf
++
++ -- Didier Roche <didrocks@ubuntu.com>  Thu, 18 Jun 2020 11:44:50 +0200
++
++cryptsetup (2:2.3.3-1ubuntu2) groovy; urgency=medium
++
++  * debian/cryptsetup-bin.install:
++    - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
++      it was installed from ./scripts/crypsetup.conf.
++  * Fix warning and error when running on ZFS on root: (LP: #1830110)
++    -  d/functions: Return an empty devno for ZFS devices as they don't have
++       major:minor device numbers.
++    - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
++       devices don't have a devno.
++    Submitted to debian upstream as bug #902449.
++
++ -- Didier Roche <didrocks@ubuntu.com>  Thu, 18 Jun 2020 10:12:10 +0200
++
++cryptsetup (2:2.3.3-1ubuntu1) groovy; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 09 Jun 2020 10:40:32 -0700
++
  cryptsetup (2:2.3.3-1) unstable; urgency=medium
    [ Guilhem Moulin ]
@@ -636,6 +1090,16 @@ cryptsetup (2:2.3.2-1) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Wed, 06 May 2020 16:22:01 +0200
++cryptsetup (2:2.3.1-1ubuntu1) groovy; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 01 May 2020 07:07:58 -0700
++
  cryptsetup (2:2.3.1-1) unstable; urgency=medium
    * New upstream release.
@@ -671,6 +1135,23 @@ cryptsetup (2:2.3.0-1) unstable; urgency=low
   -- Guilhem Moulin <guilhem@debian.org>  Wed, 04 Mar 2020 00:48:19 +0100
++cryptsetup (2:2.2.2-3ubuntu2) focal; urgency=medium
++
++  * Depend on cryptsetup from cryptsetup-initramfs instead of the dummy
++    cryptsetup-run package.  LP: #1864360.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 27 Feb 2020 00:16:14 -0600
++
++cryptsetup (2:2.2.2-3ubuntu1) focal; urgency=medium
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Matthias Klose <doko@ubuntu.com>  Mon, 10 Feb 2020 09:20:12 +0100
++
  cryptsetup (2:2.2.2-3) unstable; urgency=high
    * initramfs hook: Workaround fix for the libgcc_s's source location.
@@ -679,6 +1160,16 @@ cryptsetup (2:2.2.2-3) unstable; urgency=high
   -- Guilhem Moulin <guilhem@debian.org>  Tue, 04 Feb 2020 14:11:12 +0100
++cryptsetup (2:2.2.2-2ubuntu1) focal; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 01 Feb 2020 22:11:22 -0800
++
  cryptsetup (2:2.2.2-2) unstable; urgency=medium
    [ Guilhem Moulin ]
@@ -696,6 +1187,16 @@ cryptsetup (2:2.2.2-2) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Sat, 18 Jan 2020 20:53:19 +0100
++cryptsetup (2:2.2.2-1ubuntu1) focal; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 11 Nov 2019 22:07:44 -0800
++
  cryptsetup (2:2.2.2-1) unstable; urgency=medium
    * New upstream bugfix release.
@@ -706,6 +1207,16 @@ cryptsetup (2:2.2.2-1) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Fri, 01 Nov 2019 19:32:36 +0100
++cryptsetup (2:2.2.1-1ubuntu1) focal; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 18 Oct 2019 15:14:29 -0700
++
  cryptsetup (2:2.2.1-1) unstable; urgency=medium
    * New upstream bugfix release.
@@ -713,6 +1224,16 @@ cryptsetup (2:2.2.1-1) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Fri, 06 Sep 2019 13:28:55 +0200
++cryptsetup (2:2.2.0-3ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 28 Aug 2019 16:13:22 -0700
++
  cryptsetup (2:2.2.0-3) unstable; urgency=medium
    * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on
@@ -720,6 +1241,16 @@ cryptsetup (2:2.2.0-3) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Mon, 26 Aug 2019 12:53:45 +0200
++cryptsetup (2:2.2.0-2ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Fix cryptroot-unlock for busybox compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sun, 25 Aug 2019 12:25:55 -0700
++
  cryptsetup (2:2.2.0-2) unstable; urgency=medium
    * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy
@@ -731,6 +1262,25 @@ cryptsetup (2:2.2.0-2) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Wed, 21 Aug 2019 22:45:12 +0200
++cryptsetup (2:2.2.0-1ubuntu2) eoan; urgency=medium
++
++  * debian/initramfs/cryptroot-unlock: canonicalize executable paths.
++    Thanks to Paride Legovini <paride.legovini@canonical.com> for the patch.
++    LP: #1840752.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 20 Aug 2019 15:34:10 -0700
++
++cryptsetup (2:2.2.0-1ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility.
++
++ -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 20 Aug 2019 14:21:34 +0200
++
  cryptsetup (2:2.2.0-1) unstable; urgency=medium
    * New upstream release 2.2.0.  Highlights include:
@@ -808,6 +1358,23 @@ cryptsetup (2:2.1.0-6) unstable; urgency=low
   -- Guilhem Moulin <guilhem@debian.org>  Sat, 20 Jul 2019 22:15:04 -0300
++cryptsetup (2:2.1.0-5ubuntu2) eoan; urgency=medium
++
++  * Rebuild against new libjson-c4.
++
++ -- Gianfranco Costamagna <locutusofborg@debian.org>  Sat, 29 Jun 2019 13:48:37 +0200
++
++cryptsetup (2:2.1.0-5ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 14 Jun 2019 14:09:31 -0700
++
  cryptsetup (2:2.1.0-5) unstable; urgency=medium
    [ Jonas Meurer ]
@@ -820,6 +1387,17 @@ cryptsetup (2:2.1.0-5) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Mon, 10 Jun 2019 14:51:15 +0200
++cryptsetup (2:2.1.0-4ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Depend on busybox-initramfs instead of busybox | busybox-static.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 28 May 2019 18:32:08 -0700
++
  cryptsetup (2:2.1.0-4) unstable; urgency=medium
    [Guilhem Moulin]
@@ -839,6 +1417,26 @@ cryptsetup (2:2.1.0-4) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Tue, 28 May 2019 17:04:16 +0200
++cryptsetup (2:2.1.0-3ubuntu2) eoan; urgency=medium
++
++  * Depend on busybox-initramfs, which is the implementation we actually use
++    for the initramfs and is guaranteed to always be present, instead of
++    busybox-static.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 09 May 2019 14:47:04 -0700
++
++cryptsetup (2:2.1.0-3ubuntu1) eoan; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility. LP: #1651818
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 03 May 2019 16:22:03 -0700
++
  cryptsetup (2:2.1.0-3) unstable; urgency=medium
    * d/scripts/decrypt_opensc: Fix standard output poisoning.  Thanks to Nils
@@ -862,6 +1460,19 @@ cryptsetup (2:2.1.0-2) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Thu, 28 Feb 2019 22:32:43 +0100
++cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium
++
++  * Merge from Debian unstable. LP: #1815484
++  * Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility. LP: #1651818
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 13 Feb 2019 21:28:23 +0000
++
  cryptsetup (2:2.1.0-1) unstable; urgency=medium
    * New upstream release.  Highlights include:
@@ -904,6 +1515,20 @@ cryptsetup (2:2.1.0-1) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Sat, 09 Feb 2019 00:40:17 +0100
++cryptsetup (2:2.0.6-1ubuntu1) disco; urgency=medium
++
++  * Merge from Debian unstable.
++  * Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility. LP: #1651818
++  * Dropped delta sector_size support, merged in Debian.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 05 Feb 2019 13:43:25 +0000
++
  cryptsetup (2:2.0.6-1) unstable; urgency=medium
    * New upstream bugfix release.  Highlights include:
@@ -968,6 +1593,27 @@ cryptsetup (2:2.0.4-3) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Mon, 22 Oct 2018 17:45:35 +0200
++cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium
++
++  * Implement support for --sector-size cryptsetup plain mode option in
++    crypttab. Matching support is also proposed to systemd-cryptsetup as
++    well. LP: #1776626
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Fri, 31 Aug 2018 17:00:07 +0100
++
++cryptsetup (2:2.0.4-2ubuntu1) cosmic; urgency=low
++
++  * Merge from Debian unstable.  LP: #1785610.
++  * Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility. LP: #1651818
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 22 Aug 2018 22:51:47 +0100
++
  cryptsetup (2:2.0.4-2) unstable; urgency=medium
    * debian/cryptsetup-initramfs.preinst: Don't try to overwrite
@@ -1000,6 +1646,28 @@ cryptsetup (2:2.0.3-7) unstable; urgency=medium
   -- Guilhem Moulin <guilhem@debian.org>  Mon, 30 Jul 2018 16:32:07 +0800
++cryptsetup (2:2.0.3-6ubuntu1) cosmic; urgency=low
++
++  * Merge from Debian unstable.  LP: #1781912.
++  * Remaining changes:
++    - debian/control:
++      + Recommend plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++      compatibility. LP: #1651818
++  * Dropped changes, included in Debian:
++    - Drop explicit libgcrypt20 dependency from libcryptsetup4.
++    - Drop the CRYPTSETUP variable warning from the initramfs hook, as
++      overlayroot package ships a dropin in conf-hooks.d triggering false
++      warnings.
++    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
++    - Drop c99 std, as the default is now higher than that
++  * Dropped changes, no longer needed:
++    - Add maintscript to drop removed upstart system jobs.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 16 Jul 2018 08:27:58 -0400
++
  cryptsetup (2:2.0.3-6) unstable; urgency=medium
    * debian/TODO.md: Remove mention of parent device detection for mdadm
@@ -1284,6 +1952,45 @@ cryptsetup (2:2.0.3-1) unstable; urgency=medium
   -- Jonas Meurer <jonas@freesources.org>  Fri, 15 Jun 2018 15:32:16 +0200
++cryptsetup (2:2.0.2-1ubuntu3) cosmic; urgency=medium
++
++  * No-change rebuild against libargon2-1
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 10 Jul 2018 17:01:23 +0000
++
++cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium
++
++  * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
++    compatibility. LP: #1651818
++
++ -- Dimitri John Ledkov 🌈 <xnox@ubuntu.com>  Thu, 21 Jun 2018 16:38:31 +0100
++
++cryptsetup (2:2.0.2-1ubuntu1) bionic; urgency=low
++
++  * Merge from Debian unstable.
++    - bugfix upstream release, which solves problems with luks2 format
++      disks not unlocking.  LP: #1755322.
++  * Remaining changes:
++    - debian/control:
++      + Depend on plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
++    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
++    - Drop c99 std, as the default is now higher than that
++    - Drop upstart system jobs.
++    - Add maintscript to drop removed upstart system jobs.
++      - debian has its own now, but we have different version numbers.
++        this delta can be dropped after 18.04 release.
++    - Drop the CRYPTSETUP variable warning from the initramfs hook, as
++      overlayroot package ships a dropin in conf-hooks.d triggering false
++      warnings.
++  * Dropped changes:
++    - debian/cryptdisks{,-udev}.maintscript: drop, there is no package named
++      'cryptdisks' or 'cryptdisks-udev'.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 06 Apr 2018 10:23:53 -0700
++
  cryptsetup (2:2.0.2-1) unstable; urgency=low
    * New upstream release 2.0.2
@@ -1313,6 +2020,40 @@ cryptsetup (2:2.0.1-1) unstable; urgency=low
   -- Guilhem Moulin <guilhem@debian.org>  Sun, 11 Feb 2018 00:02:05 +0100
++cryptsetup (2:2.0.1-0ubuntu2) bionic; urgency=medium
++
++  * Drop the CRYPTSETUP variable warning from the initramfs hook, as
++    overlayroot package ships a dropin in conf-hooks.d triggering false
++    warnings.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Thu, 22 Feb 2018 14:49:16 +0000
++
++cryptsetup (2:2.0.1-0ubuntu1) bionic; urgency=medium
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Depend on plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
++    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
++    - Drop c99 std, as the default is now higher than that
++    - Drop upstart system jobs.
++    - Add maintscript to drop removed upstart system jobs.
++      - debian has its own now, but we have different version numbers
++  * New upstream release
++  * Cherry-pick Guilhem Moulin's changes below from Debian git
++
++  [ Guilhem Moulin ]
++   * New upstream release 2.0.1:
++     - Use /run/cryptsetup as default for cryptsetup locking dir.
++     - Add missing symbols for new functions to debian/libcryptsetup12.symbols.
++  * debian/copyright: update copyright years.
++  * debian/patches: backport upstream's 8728ba08 to fix opening of loop-AES
++    devices using --key-file=-.  (Closes: #888162.)
++
++ -- Julian Andres Klode <juliank@ubuntu.com>  Mon, 29 Jan 2018 13:48:55 +0100
++
  cryptsetup (2:2.0.0-1) unstable; urgency=low
    [ Guilhem Moulin ]
@@ -1362,6 +2103,26 @@ cryptsetup (2:2.0.0~rc0-1) experimental; urgency=low
   -- Guilhem Moulin <guilhem@debian.org>  Tue, 03 Oct 2017 03:37:36 +0200
++cryptsetup (2:1.7.5-1ubuntu1) bionic; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Depend on plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
++    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
++    - Drop c99 std, as the default is now higher than that
++    - Drop upstart system jobs.
++    - Add maintscript to drop removed upstart system jobs.
++  * Merged upstream:
++    - d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat
++      with recent FIPS enabled kernels.
++  * Merged in Debian:
++    - Use DEB_VERSION from dpkg/default.mk for pod2man release variable
++
++ -- Julian Andres Klode <juliank@ubuntu.com>  Wed, 17 Jan 2018 21:39:10 +0100
++
  cryptsetup (2:1.7.5-1) unstable; urgency=low
    * New upstream release 1.7.5.
@@ -1384,6 +2145,25 @@ cryptsetup (2:1.7.5-1) unstable; urgency=low
   -- Guilhem Moulin <guilhem@debian.org>  Thu, 14 Sep 2017 13:00:23 +0200
++cryptsetup (2:1.7.3-4ubuntu1) artful; urgency=low
++
++  * New upstream release, merge from Debian unstable. Remaining
++    Ubuntu changes:
++    - debian/control:
++      + Depend on plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
++  * d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat
++    with recent FIPS enabled kernels.
++  * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
++  * Drop c99 std, as the default is now higher than that
++  * Use DEB_VERSION from dpkg/default.mk for pod2man release variable
++  * Drop upstart system jobs.
++  * Add maintscript to drop removed upstart system jobs.
++
++ -- Andy Whitcroft <apw@ubuntu.com>  Thu, 10 Aug 2017 14:07:29 +0100
++
  cryptsetup (2:1.7.3-4) unstable; urgency=high
    [ Guilhem Moulin ]
@@ -1596,6 +2376,40 @@ cryptsetup (2:1.7.2-1) unstable; urgency=medium
   -- Jonas Meurer <mejo@debian.org>  Wed, 05 Oct 2016 20:53:09 +0200
++cryptsetup (2:1.7.2-0ubuntu4) artful; urgency=medium
++
++  * Add maintscript to drop removed upstart system jobs.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 21 Aug 2017 11:36:04 +0100
++
++cryptsetup (2:1.7.2-0ubuntu3) artful; urgency=medium
++
++  * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCe
++  * Drop c99 std, as the default is now higher than that
++  * Use DEB_VERSION from dpkg/default.mk for pod2man release variable
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Sat, 19 Aug 2017 21:46:19 +0100
++
++cryptsetup (2:1.7.2-0ubuntu2) artful; urgency=medium
++
++  * Drop upstart system jobs.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Sat, 19 Aug 2017 20:57:17 +0100
++
++cryptsetup (2:1.7.2-0ubuntu1) yakkety; urgency=medium
++
++  * New upstream release, merge from Debian unstable (LP: #1548137). Remaining
++    Ubuntu changes:
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
++
++ -- Unit 193 <unit193@ubuntu.com>  Wed, 22 Jun 2016 16:30:01 -0400
++
  cryptsetup (2:1.7.0-2) unstable; urgency=medium
    [ Guilhem Moulin ]
@@ -1670,6 +2484,35 @@ cryptsetup (2:1.7.0-1) unstable; urgency=medium
   -- Jonas Meurer <mejo@debian.org>  Thu, 07 Jan 2016 02:22:33 +0100
++cryptsetup (2:1.6.6-5ubuntu2) wily; urgency=medium
++
++  * Fix stupid typo in Recommends "busybox | busybox-static" inversion.
++    Fixes binary moves for busybox into main.
++
++ -- Andy Whitcroft <apw@ubuntu.com>  Fri, 21 Aug 2015 08:56:34 +0100
++
++cryptsetup (2:1.6.6-5ubuntu1) wily; urgency=low
++
++  * Merge from Debian unstable.  Remaining changes:
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++      + Invert the "busybox | busybox-static" Recommends, as the latter
++        is the one we ship in main as part of the ubuntu-standard task.
++      + Drop explicit libgcrypt11 dependency from libcryptsetup4.
++  * Dropped changes, now in Debian:
++    - Remove hardcoded paths to udevadm.
++    - debian/initramfs/cryptroot-hook:
++      + Do not unconditionally include cryptsetup utils in the initramfs.
++      + Do not include any modules or utils in the initramfs, unless
++        rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
++        the initramfs.conf configuration file.
++    - debian/cryptsetup.maintscripts:
++      + Migrate upstart jobs to new names.
++
++ -- Andy Whitcroft <apw@ubuntu.com>  Tue, 07 Jul 2015 16:58:45 +0100
++
  cryptsetup (2:1.6.6-5) unstable; urgency=high
    * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart
@@ -1822,6 +2665,71 @@ cryptsetup (2:1.6.4-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Fri, 28 Jun 2013 12:14:55 +0200
++cryptsetup (2:1.6.1-1ubuntu7) vivid; urgency=medium
++
++  * Drop explicit libgcrypt11 dependency from libcryptsetup4.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Fri, 27 Mar 2015 18:24:38 -0600
++
++cryptsetup (2:1.6.1-1ubuntu6) vivid; urgency=medium
++
++  * No-change rebuild for the libgcrypt20 transition.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Fri, 27 Mar 2015 06:16:08 -0600
++
++cryptsetup (2:1.6.1-1ubuntu5) vivid; urgency=medium
++
++  * ./debian/scripts/luksformat: Drop luksFormat -s and --ciper options. They
++    aren't necessary any more, and aes-cbc-essiv:sha256 is obsolete. This will
++    now use aes-xts-plain64 by default. (LP: #1414719)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 27 Feb 2015 09:37:05 +0100
++
++cryptsetup (2:1.6.1-1ubuntu4) vivid; urgency=medium
++
++  * No change rebuild to get debug symbols for all architectures.
++
++ -- Brian Murray <brian@ubuntu.com>  Wed, 03 Dec 2014 08:03:31 -0800
++
++cryptsetup (2:1.6.1-1ubuntu3) utopic; urgency=high
++
++  * No change rebuild against new dh_installinit, to call update-rc.d at
++    postinst.
++
++ -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 28 May 2014 10:39:30 +0100
++
++cryptsetup (2:1.6.1-1ubuntu2) utopic; urgency=medium
++
++  * debian/askpass.c:
++    - Fix bug (LP: #1301086) where askpass fails to restore terminal
++      settings.
++
++ -- Robert Barabas <dc@0xdc.org>  Fri, 18 Apr 2014 14:08:51 -0400
++
++cryptsetup (2:1.6.1-1ubuntu1) trusty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++
++    - Invert the "busybox | busybox-static" Recommends, as the latter is
++      the one we ship in main as part of the ubuntu-standard task.
++
++    - Remove hardcoded paths to udevadm (LP: #1184066).
++
++    - debian/initramfs/cryptroot-hook:
++      + Do not unconditionally include cryptsetup utils in the initramfs.
++      + Do not include any modules or utils in the initramfs, unless
++        rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
++        the initramfs.conf configuration file.
++
++    - debian/cryptsetup.maintscripts:
++      + Migrate upstart jobs to new names.
++
++ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Fri, 01 Nov 2013 16:48:57 +0000
++
  cryptsetup (2:1.6.1-1) unstable; urgency=low
    [ Milan Broz ]
@@ -1863,6 +2771,50 @@ cryptsetup (2:1.6.1-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Fri, 28 Jun 2013 12:10:41 +0200
++cryptsetup (2:1.4.3-4ubuntu4) saucy; urgency=low
++
++  * debian/initramfs/cryptroot-hook:
++    - Do not unconditionally include cryptsetup utils in the initramfs.
++    - Do not include any modules or utils in the initramfs, unless
++      rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
++      the initramfs.conf configuration file.
++
++ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Mon, 10 Jun 2013 16:25:46 +0100
++
++cryptsetup (2:1.4.3-4ubuntu3) saucy; urgency=low
++
++  * Remove hardcoded paths to udevadm (LP: #1184066).
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Tue, 28 May 2013 11:27:27 +0100
++
++cryptsetup (2:1.4.3-4ubuntu2) raring; urgency=low
++
++  * Invert the "busybox | busybox-static" Recommends, as the latter
++    is the one we ship in main as part of the ubuntu-standard task.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Fri, 16 Nov 2012 01:14:35 -0700
++
++cryptsetup (2:1.4.3-4ubuntu1) raring; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++
++    - init/upstart jobs:
++      + Rename cryptddisks{,-early}.upstart jobs to
++        cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
++        for now.
++      + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
++        script a no-op, this should be handled entirely by the upstart job;
++        and fix the LSB header to not declare this should be started in
++        runlevel 'S'.
++      + Do not install start symlinks for init scripts
++      + NB! shutdown is still handled by the SystemV init scripts
++
++ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Tue, 13 Nov 2012 11:17:57 +0000
++
  cryptsetup (2:1.4.3-4) unstable; urgency=medium
    * change recommends for busybox to busybox | busybox-static. Thanks to
@@ -1895,6 +2847,50 @@ cryptsetup (2:1.4.3-3) unstable; urgency=medium
   -- Jonas Meurer <mejo@debian.org>  Thu, 01 Nov 2012 15:34:09 +0100
++cryptsetup (2:1.4.3-2ubuntu1) quantal; urgency=low
++
++  * Merge from debian unstable (LP: #1015753), remaining changes:
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++
++    - init/upstart jobs:
++      + Add debian/cryptdisks-{enable,udev}.upstart for bootup.
++      + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
++        script a no-op, this should be handled entirely by the upstart job;
++        and fix the LSB header to not declare this should be started in
++        runlevel 'S'.
++      + Do not install start symlinks for init scripts
++      + NB! shutdown is still handled by the SystemV init scripts
++
++  * Rename cryptddisks{,-early}.upstart jobs back to
++    cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
++    for now.
++
++  * Dropped Changes, included in Debian:
++    - debian/control:
++      + Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
++
++    - debian/cryptdisks.functions:
++      + Do not overwrite existing filesystems when creating swap (LP: #474258).
++      + Add aesni module when we have hardware encryption.
++      + Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/874774
++      + Suppress "Starting init crypto disks" message in "init" phase, to
++        avoid writing over fsck progress text.
++      + new function, crypttab_start_one_disk, to look for the named source
++        device in /etc/crypttab (by device name, UUID, or label) and start it
++        if configured to do so
++      + handle the case where crypttab contains a name for the source
++        device that is not the kernel's preferred name for it (as is the case
++        for LVs).
++
++    - debian/initramfs/cryptroot-hook:
++      + Quiet warnings from find on arches that don't have all the
++        kernel/{arch,crypto} bits we're testing for.
++
++ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Tue, 21 Aug 2012 11:57:28 +0100
++
  cryptsetup (2:1.4.3-2) unstable; urgency=medium
    * fix the shared library symbols magic: so far, the symbols file for
@@ -1970,6 +2966,64 @@ cryptsetup (2:1.4.1-3) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Wed, 11 Apr 2012 23:55:35 +0200
++cryptsetup (2:1.4.1-2ubuntu4) precise; urgency=low
++
++  * Our swap creation can trigger udev change events, which means udev may be
++    holding the device open at the time we try to call 'dmsetup rename' and
++    cause the /subsequent/ events to be missed because of dmsetup creating
++    device nodes by hand.  So call 'udevadm settle' before 'dmsetup rename',
++    to ensure blkid is out of the way first.  This should ensure swap
++    partitions are found by mountall in a non-racy manner.  LP: #874774.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 13 Apr 2012 20:23:21 -0700
++
++cryptsetup (2:1.4.1-2ubuntu3) precise; urgency=low
++
++  * Start cryptdisks-enable upstart job on 'or container', to let us
++    simplify the udevtrigger job.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 04 Apr 2012 17:02:00 -0700
++
++cryptsetup (2:1.4.1-2ubuntu2) precise; urgency=low
++
++  * Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
++  * Do not overwrite existing filesystems when creating swap (LP: #474258).
++  * Add aesni module when we have hardware encryption.
++
++ -- Jean-Louis Dupond <jean-louis@dupond.be>  Mon, 12 Mar 2012 10:14:30 +0100
++
++cryptsetup (2:1.4.1-2ubuntu1) precise; urgency=low
++
++  [ Jean-Louis Dupond ]
++  * Merge from debian unstable (LP: #776264), remaining changes:
++    - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
++      in "init" phase, to avoid writing over fsck progress text.
++    - debian/cryptroot-hook: Quiet warnings from find on arches that
++      don't have all the kernel/{arch,crypto} bits we're testing for.
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++    - Add debian/cryptdisks-{enable,udev}.upstart.
++    - debian/cryptdisks.functions:
++      + new function, crypttab_start_one_disk, to look for the named source
++        device in /etc/crypttab (by device name, UUID, or label) and start it
++        if configured to do so
++    - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
++      script a no-op, this should be handled entirely by the upstart job;
++      and fix the LSB header to not declare this should be started in
++      runlevel 'S'
++    - debian/rules:
++      + Do not install start symlinks for init scripts, and
++        install debian/cryptdisks-{enable,udev}.upstart scripts.
++
++  [ Steve Langasek ]
++  * debian/cryptdisks.functions: handle the case where crypttab contains a
++    name for the source device that is not the kernel's preferred name for
++    it (as is the case for LVs).
++
++ -- Jean-Louis Dupond <jean-louis@dupond.be>  Thu, 08 Mar 2012 07:32:40 +0100
++
  cryptsetup (2:1.4.1-2) unstable; urgency=low
    * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182)
@@ -2179,6 +3233,56 @@ cryptsetup (2:1.2.0-1) experimental; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Sun, 16 Jan 2011 01:01:03 +0100
++cryptsetup (2:1.1.3-4ubuntu3) precise; urgency=low
++
++  [ Pali Rohar ]
++  * debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
++    in "init" phase, to avoid writing over fsck progress text.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 26 Oct 2011 09:16:15 +0200
++
++cryptsetup (2:1.1.3-4ubuntu2) oneiric; urgency=low
++
++  * debian/cryptroot-hook: Quiet warnings from find on arches that
++    don't have all the kernel/{arch,crypto} bits we're testing for.
++
++ -- Adam Conrad <adconrad@ubuntu.com>  Sat, 01 Oct 2011 00:33:00 -0600
++
++cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low
++
++  * Merge from debian unstable (LP: #682177), remaining changes:
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++    - Add debian/cryptdisks-{enable,udev}.upstart.
++    - debian/cryptdisks.functions:
++      + new function, crypttab_start_one_disk, to look for the named source
++        device in /etc/crypttab (by device name, UUID, or label) and start it
++        if configured to do so
++      + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
++        we only ever have one of these running at a time; otherwise multiple
++        invocations could steal each other's input and/or write over each
++        other's output
++      + when called by cryptdisks-enable, check that we don't already have a
++        corresponding cryptdisks-udev job running (probably waiting for a
++        passphrase); if there is, wait until it's finished before continuing.
++    - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
++      script a no-op, this should be handled entirely by the upstart job;
++      and fix the LSB header to not declare this should be started in
++      runlevel 'S'
++    - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
++      upgrade.
++    - debian/rules:
++      + Do not install start symlinks for init scripts, and
++        install debian/cryptdisks-{enable,udev}.upstart scripts.
++      + link dynamically against libgcrypt and libgpg-error.
++    - Add debian/cryptsetup.apport: Apport package hook. Install in
++      debian/rules and create dir in debian/cryptsetup.dirs.
++    - debian/cryptsetup.postrm: call update-initramfs on package removal.
++
++ -- Lorenzo De Liso <blackz@ubuntu.com>  Sat, 27 Nov 2010 17:37:43 +0100
++
  cryptsetup (2:1.1.3-4) unstable; urgency=high
    * bump standards-version to 3.9.1, no changes required
@@ -2284,6 +3388,69 @@ cryptsetup (2:1.1.3-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Sat, 10 Jul 2010 14:32:40 +0200
++cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low
++
++  * Merge from Debian unstable (LP: #594365).  Remaining changes:
++    - debian/control:
++      + Bump initramfs-tools Suggests to Depends: so system is not
++        potentially rendered unbootable.
++      + Depend on plymouth.
++    - Add debian/cryptdisks-{enable,udev}.upstart.
++    - debian/cryptdisks.functions:
++      + new function, crypttab_start_one_disk, to look for the named source
++        device in /etc/crypttab (by device name, UUID, or label) and start it
++        if configured to do so
++      + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
++        we only ever have one of these running at a time; otherwise multiple
++        invocations could steal each other's input and/or write over each
++        other's output
++      + initially create the device under a temporary name and rename it only
++        at the end using 'dmsetup rename', to ensure that upstart/mountall
++        doesn't see our device before it's ready to go.
++      + do_tmp should mount under /var/run/cryptsetup for changing the
++        permissions of the filesystem root, not directly on /tmp, since
++        mounting on /tmp a) is racy, b) confuses mountall something fierce.
++      + when called by cryptdisks-enable, check that we don't already have a
++        corresponding cryptdisks-udev job running (probably waiting for a
++        passphrase); if there is, wait until it's finished before continuing.
++    - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
++      script a no-op, this should be handled entirely by the upstart job;
++      and fix the LSB header to not declare this should be started in
++      runlevel 'S'
++    - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
++      upgrade.
++    - debian/rules: Do not install start symlinks for init scripts, and
++      install debian/cryptdisks-{enable,udev}.upstart scripts.
++    - Add debian/cryptsetup.apport: Apport package hook. Install in
++      debian/rules and create dir in debian/cryptsetup.dirs.
++    - debian/rules: link dynamically against libgcrypt and libgpg-error.
++    - debian/cryptsetup.postrm: call update-initramfs on package removal.
++  * Dropped changes, merged/superseded in Debian:
++    - Add ext4 support to passdev.
++    - cryptroot-hook: don't call copy_modules_dir with empty arguments when
++      archcrypto isn't found
++    - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into
++      the initramfs.
++    - change interaction to use plymouth directly if present, and if not, to
++      fall back to /lib/cryptsetup/askpass as before
++    - cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
++    - debian/initramfs/cryptroot-script: if plymouth is present in the
++      initramfs, use this directly, bypassing the cryptsetup askpass script
++    - debian/initramfs/cryptroot-hook: Properly anchor our regexps when
++      grepping /etc/crypttab so that we don't incorrectly match device names
++      that are substrings of one another.
++    - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
++      file descriptor to subprocesses.
++    - Fix grammar error in debian/initramfs/cryptroot-script
++      ("setup" -> "set up")
++    - debian/initramfs/cryptroot-script: Fix this to work with current
++      initramfs-tools:
++      + Source /scripts/functions after checking for prerequisites.
++      + prereqs(): Do not assume we are running within initramfs, and
++        calculate relative path correctly.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 14 Jun 2010 21:47:28 -0700
++
  cryptsetup (2:1.1.2-1) unstable; urgency=low
    * new upstream release, changes include:
@@ -2401,6 +3568,171 @@ cryptsetup (2:1.1.0-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Mon, 08 Mar 2010 14:15:35 +0100
++cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low
++
++  [ David Stansby ]
++  * Fix grammar error in debian/initramfs/cryptroot-script
++    ("setup" -> "set up") (LP: #578896)
++
++ -- James Westby <james.westby@ubuntu.com>  Mon, 17 May 2010 13:33:40 +0100
++
++cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low
++
++  * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
++    file descriptor to subprocesses.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Mon, 29 Mar 2010 22:18:36 +0100
++
++cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low
++
++  * debian/initramfs/cryptroot-hook: Properly anchor our regexps when
++    grepping /etc/crypttab so that we don't incorrectly match device names
++    that are substrings of one another.
++  * debian/cryptdisks-{enable,udev}.conf, debian/control: drop
++    'console output' and add a hard dependency on plymouth instead of
++    watershed, to avoid spitting extra messages to the console.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 18 Feb 2010 06:19:19 -0800
++
++cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low
++
++  * Set FRAMEBUFFER=y in the file that we actually ship.
++  * debian/cryptsetup.postrm: call update-initramfs on package removal.
++    LP: #468228.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 25 Jan 2010 03:07:52 -0800
++
++cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low
++
++  * cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
++  * cryptdisks.functions: when called by cryptdisks-enable, check that we
++    don't already have a corresponding cryptdisks-udev job running (probably
++    waiting for a passphrase); if there is, wait until it's finished before
++    continuing.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 21 Jan 2010 14:57:21 +0000
++
++cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low
++
++  * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the
++    initramfs.
++  * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the
++    invocation of plymouth, so that we actually get proper passphrase prompts
++    (once bug #496765 is fixed).
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 16 Jan 2010 02:32:41 -0800
++
++cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low
++
++  * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for
++    changing the permissions of the filesystem root, not directly on /tmp,
++    since mounting on /tmp a) is racy, b) confuses mountall something fierce.
++    LP: #475936.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 22 Dec 2009 20:24:28 +0000
++
++cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low
++
++  * Depend on watershed.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 22 Dec 2009 01:37:36 +0000
++
++cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low
++
++  [ Steve Langasek ]
++  * Fix the LSB header in the init scripts, now that we don't install to
++    rcS.d.
++
++  [ Martin Pitt ]
++  * debian/initramfs/cryptroot-script: Fix this to work with current
++    initramfs-tools:
++    - Source /scripts/functions after checking for prerequisites.
++    - prereqs(): Do not assume we are running within initramfs, and calculate
++      relative path correctly.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 18 Dec 2009 17:07:07 +0100
++
++cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low
++
++  * Rename the upstart job introduced in the previous upload to
++    cryptdisks-udev and restore the previous version of the job as
++    cryptdisks-enable, to run at the end of udev coldplugging as before;
++    this isn't entirely race-free, but should nevertheless give us the
++    two passes needed to cover devices that are decrypted using keys stored
++    on other encrypted disks.  LP: #443980.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 16 Dec 2009 06:41:30 +0000
++
++cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low
++
++  [ Steve Langasek ]
++  * debian/initramfs/cryptroot-script: if plymouth is present in the
++    initramfs, use this directly, bypassing the cryptsetup askpass script;
++    but keep support for these other frontends around on a transitional
++    basis.
++  * debian/cryptdisks.functions:
++    - change interaction to use plymouth directly if present, and if not, to
++      fall back to /lib/cryptsetup/askpass as before
++    - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
++      we only ever have one of these running at a time; otherwise multiple
++      invocations could steal each other's input and/or write over each
++      other's output
++    - new function, crypttab_start_one_disk, to look for the named source
++      device in /etc/crypttab (by device name, UUID, or label) and start it
++      if configured to do so
++  * debian/cryptdisks-enable.upstart: run the upstart job once for each block
++    device, using the new crypttab_start_one_disk function, triggered by udev;
++    this doesn't eliminate the possibility of a race with gdm when the
++    decrypted volume isn't a 'bootwait' mount point (since gdm kills
++    plymouth), but it does eliminate the race between udev and cryptsetup.
++    LP: #454898.
++  * debian/cryptdisks-enable.upstart: check that the package is installed
++    and exit gracefully if it's not.  LP: #435814
++  * debian/cryptdisk.functions: initially create the device under a temporary
++    name and rename it only at the end using 'dmsetup rename', to ensure that
++    upstart/mountall doesn't see our device before it's ready to go.
++    LP: #475936.
++
++  [ Colin Watson ]
++  * Add ext4 support to passdev.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 15 Dec 2009 18:05:45 -0800
++
++cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low
++
++  * cryptroot-hook: Use if [ -n … ] instead of if ! test -z ….
++
++ -- Loïc Minier <loic.minier@ubuntu.com>  Sat, 12 Dec 2009 11:32:52 +0100
++
++cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low
++
++  * cryptroot-hook: dont call copy_modules_dir with empty arguments when
++    archcrypto isnt found (LP: #495161)
++
++ -- Oliver Grawert <ogra@ubuntu.com>  Fri, 11 Dec 2009 14:39:00 +0100
++
++cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low
++
++  * Merge with Debian testing. Remaining Ubuntu changes:
++    - debian/rules: cryptsetup is linked dynamically against libgcrypt and
++      libgpg-error.
++    - Upstart migration:
++      + Add debian/cryptdisks-enable.upstart.
++      + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
++        script a no-op, this should be handled entirely by the upstart job.
++        (LP #473615)
++      + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
++        upgrade.
++      + debian/rules: Do not install start symlinks for those two, and install
++        debian/cryptdisks-enable.upstart scripts.
++    - Add debian/cryptsetup.apport: Apport package hook. Install in
++      debian/rules, and create dir in debian/cryptsetup.dirs.
++    - Start usplash in initramfs, since we need it for fancy passphrase input:
++      + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y
++      + debian/control: Bump initramfs-tools Suggests to Depends:.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 11 Nov 2009 15:04:27 +0100
++
  cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low
    * new upstream release candidate (1.1.0-rc2), highlights include:
@@ -2574,6 +3906,80 @@ cryptsetup (2:1.0.7~rc1-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Sat, 04 Jul 2009 15:52:06 +0200
++cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low
++
++  [ Steve Langasek ]
++  * Make the 'start' action of the init script a no-op, this should be
++    handled entirely by the upstart job now; and remove any symlinks from
++    /etc/rcS.d on upgrade.  LP: #473615.
++
++  [ Reinhard Tartler ]
++  * Add an apport hook
++  * import the blkid and un_blkid from debian, LP: #446517
++  * also use this script by default (setting in /etc/default/cryptdisks)
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 04 Nov 2009 12:06:47 +0000
++
++cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low
++
++  * Reupload previous version, siretart had left changes in bzr which
++    weren't documented in the changelog and caused FTBFS.
++
++ -- Scott James Remnant <scott@ubuntu.com>  Wed, 14 Oct 2009 13:57:59 +0100
++
++cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low
++
++  [ Steve Langasek ]
++  * Move the Debian Vcs- fields aside.
++
++  [ Scott James Remnant ]
++  * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy,
++    cryptsetup should not need a controlling terminal, just a terminal
++    is fine.  May fix LP: #439138.
++
++ -- Scott James Remnant <scott@ubuntu.com>  Wed, 14 Oct 2009 04:52:16 +0100
++
++cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low
++
++  * debian/cryptdisks-enable.upstart: Things that often help include
++    not setting stdin/out to /dev/null, so you can actually type the
++    passphrase.  I am an idiot.  LP: #430496.
++
++ -- Scott James Remnant <scott@ubuntu.com>  Thu, 17 Sep 2009 17:58:01 +0100
++
++cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low
++
++  * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted
++    disks once we've finished probing for udev devices, so that mountall
++    can use them.  LP: #430496.
++
++ -- Scott James Remnant <scott@ubuntu.com>  Thu, 17 Sep 2009 00:04:00 +0100
++
++cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low
++
++  * debian/initramfs/cryptroot-conf: declare that we want usplash included
++    in the initramfs whenever this package is installed.  LP: #427356.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 15 Sep 2009 08:43:15 -0700
++
++cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - Ubuntu specific:
++      + debian/rules: link dynamically for better security supportability and
++        smaller packages.
++      + debian/control: Depend on initramfs-tools so system is not potentially
++        rendered unbootable.
++    - debian/initramfs/cryptroot-script wait for encrypted device to appear,
++      report with log_*_msg (debian bug 488271).
++    - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL
++      correlation between fstab and crypttab (debian bug 522041).
++    - debian/askpass.c, debian/initramfs/cryptroot-script: using newline
++      escape in passphrase prompt to avoid line-wrapping (debian bug 528133).
++  * Drop 04_fix_udevsettle_call.patch: fixed upstream differently.
++
++ -- Kees Cook <kees@ubuntu.com>  Sun, 10 May 2009 17:29:32 -0700
++
  cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
    * New upstream svn snapshot. Highlights include:
@@ -2615,6 +4021,67 @@ cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Mon, 06 Apr 2009 08:49:14 +0200
++cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low
++
++  * debian/control: Depend on initramfs-tools so system is not potentially
++    rendered unbootable (LP: #358654).
++
++ -- Kees Cook <kees@ubuntu.com>  Thu, 09 Apr 2009 12:29:31 -0700
++
++cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low
++
++  * debian/initramfs/cryptroot-script: we don't require vol_id to understand
++    the encrypted device, but we should check the device is fully up first
++    before continuing by calling udevadm settle.  LP: #291752.
++
++ -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 07 Mar 2009 21:39:14 -0800
++
++cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low
++
++  * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation
++    between fstab and crypttab (LP: #287879).
++
++ -- TJ <ubuntu@tjworld.net>  Mon, 16 Feb 2009 23:00:00 +0000
++
++cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low
++
++  * debian/askpass.c: also handle newline escape code in console prompt.
++
++ -- Kees Cook <kees@ubuntu.com>  Sun, 15 Feb 2009 08:57:05 -0800
++
++cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low
++
++  [ https://launchpad.net/~svenkata ]
++  * debian/checks/un_vol_id: dynamically build the "unknown volume type"
++    string, to allow for encrypted swap, LP: #316607
++
++ -- Dustin Kirkland <kirkland@ubuntu.com>  Thu, 12 Feb 2009 16:57:30 -0600
++
++cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low
++
++  * debian/askpass.c: handle newline escape code in password prompt.
++  * debian/initramfs/cryptroot-script: add newline to split cryptroot
++    password prompt onto two lines for readability (LP: #326900).
++
++ -- Kees Cook <kees@ubuntu.com>  Sun, 08 Feb 2009 07:26:01 -0800
++
++cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low
++
++  * Merge from debian unstable, remaining changes:
++    - debian/initramfs/cryptroot-script:
++      - must source /scripts/functions to get the log_*_msg() functions.
++      - wait for encrypted device to show up (LP 164044, 291752).
++      - disable error message 'failed to setup lvm device' (LP 151532).
++    - debian/rules:
++      - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is
++        in Debian unstable).
++      - link dynamically (LP 62751).
++    - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle.
++  * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's
++    version is higher now.
++
++ -- Kees Cook <kees@ubuntu.com>  Tue, 06 Jan 2009 13:00:16 -0800
++
  cryptsetup (2:1.0.6-7) unstable; urgency=medium
    * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE
@@ -2659,6 +4126,38 @@ cryptsetup (2:1.0.6-7) unstable; urgency=medium
   -- Jonas Meurer <mejo@debian.org>  Wed, 17 Dec 2008 21:25:45 +0100
++cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low
++
++  * debian/initramfs/cryptroot-script: do not require that vol_id
++    can parse the encrypted device as valid (LP: #291752).
++
++ -- Kees Cook <kees@ubuntu.com>  Fri, 31 Oct 2008 13:10:06 -0700
++
++cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low
++
++  * Fixes for (LP: #272301)
++  * debian/initramfs/cryptroot-script: must source /scripts/functions to get
++    the log_*_msg() functions
++  * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle
++
++ -- Dustin Kirkland <kirkland@ubuntu.com>  Fri, 19 Sep 2008 18:03:28 -0500
++
++cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low
++
++  * drop almost all ubuntu specific changes from the cryptsetup package,
++    because they have been merged in debian. Thanks a lot!
++  * merge from debian, remaining changes:
++    - remove versioned build-depency on libdevmapper-dev, we are using a
++      rather sophisticated loop for making sure the root filesystem appears.
++  * debian/rules: fix location of ltmain.sh
++  * don't exit usplash anymore in the init script. LP: #110970, #139363
++  * Disable error message 'failed to setup lvm device'. It is harmless, and
++    caused by the fact that the udev rules provided by lvm2 are setting up
++    the lvm on their own. In debian the scripts here are responsible for this
++    but obviously fail in ubuntu. LP: #151532
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sat, 30 Aug 2008 17:52:16 +0200
++
  cryptsetup (2:1.0.6-6) unstable; urgency=high
    * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles
@@ -2760,6 +4259,79 @@ cryptsetup (2:1.0.6-3) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Mon, 07 Jul 2008 00:30:07 +0200
++cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low
++
++  * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally
++    dropped in version 2:1.0.6-2ubuntu6.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Fri, 20 Jun 2008 15:15:54 +0200
++
++cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low
++
++  [ Kjell Braden ]
++  * load scripts/functions for log_{begin,end}_msg
++  * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device
++  * debian/initramfs/cryptroot-hook: copy binaries to the right directory
++
++  [ Reinhard Tartler ]
++  * remove versioned build-depency on libdevmapper-dev, we are using a
++    rather sophisticated loop for making sure the root filesystem appears.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Wed, 18 Jun 2008 00:26:43 +0200
++
++cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low
++
++  * Okay, I give up. include preprocessed manpages and adapt
++    debian/rules to easily produce those.
++    ATTENTION: on subsequent uploads, make sure that the manpages are
++    available and up-to-date.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 13:33:07 +0200
++
++cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low
++
++  * also use local dtd in debian/doc/variables.xml.in.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 12:55:42 +0200
++
++cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low
++
++  * try harder to fix FTBFS.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 11:42:54 +0200
++
++cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low
++
++  * build docbook documentation using local dtds instead of trying to
++    download them at buildtime. Fixes FTBFS.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 11:12:28 +0200
++
++cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low
++
++  * Merge new debian version. Remaining changes:
++    - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
++      bzr on launchpad.
++    - debian/rules: cryptsetup is linked dynamically against libgcrypt and
++      libgpg-error.
++    - cryptdisks.functions: stop usplash on user input. LP #62751
++    - Parse comments in lines not starting with '#', LP #185380
++    - If the encrypted source device hasn't shown up yet, give it a
++      little while to deal with removable devices. LP #164044
++  * Depend on race-free version of libdevmapper, thus making udevsettle
++    call from cryptsetup binary unnecessary. Dropping patch
++    debian/patches/06_run_udevsettle.patch
++  * remove patch from LP #73862, loading optimized modules has been solved
++    in debian in another way.
++  * cryptdisk.functions: remove spurious call to load_optimized_module.
++    LP: #239946
++  * bugfix: make regex work if keyfile has extended attributes. LP: #231339.
++  * remove patch in cryptdisks.functions for rexecing the script itself for
++    ensuring that a tty is always available. (See LP #58794.) According to
++    Scott, this is not necessary anymore.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sat, 14 Jun 2008 23:28:51 +0200
++
  cryptsetup (2:1.0.6-2) unstable; urgency=low
    [ Jonas Meurer ]
@@ -2785,6 +4357,54 @@ cryptsetup (2:1.0.6-2) unstable; urgency=low
   -- David Härdeman <david@hardeman.nu>  Mon, 26 May 2008 08:12:32 +0200
++cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low
++
++  [ Kjell Braden ]
++  * Fix configuration parsing (LP: #239808)
++
++  [ Reinhard Tartler ]
++  * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723)
++
++ -- Reinhard Tartler <siretart@tauware.de>  Fri, 13 Jun 2008 21:26:17 +0200
++
++cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low
++
++  * Parse comments in lines not starting with '#', LP: #185380
++  * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough
++    for the cryptdevice to appear. Reimplement the busy waiting loop found
++    while waiting for the root file system. Patch based on work by Swâmi
++    Petaramesh. LP: #164044
++  * debian/crypdisks.functions: call 'env' with full path. LP: #178829.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Mon, 26 May 2008 22:12:32 +0200
++
++cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low
++
++  * Simplify the patch in debian/cryptdisks.functions that stops usplash
++    before asking for a passphrase.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Mon, 26 May 2008 20:18:14 +0200
++
++cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low
++
++  * Merge new debian version. Remaining changes:
++    - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
++    - stop usplash on user input. LP #62751
++    - debian/cryptdisks.functions: Always output and read from the console.
++      LP #58794.
++    - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
++      bzr on launchpad.
++    - debian/initramfs/cryptroot-hook: LP #73862
++      Added patch to install aes optimized cypher module
++    - try to load optimized cypher module in cryptsetup.functions as well,
++      because cryptroot-hook is only executed when we really have a
++      cryptoroot.
++  * other ubuntu changes have been merged into debian. Please report bugs
++    if you believe some patches have been dropped.
++  * removed 07_typos_fix.patch, has been reviewed and applied upstream.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sun, 25 May 2008 22:52:30 +0200
++
  cryptsetup (2:1.0.6-1) unstable; urgency=low
    [ Jonas Meurer ]
@@ -2916,6 +4536,138 @@ cryptsetup (2:1.0.6~pre1-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Thu, 06 Dec 2007 15:56:05 +0100
++cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low
++
++  * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181)
++
++ -- Bruno Barrera Yever <bbyever@gmail.com>  Mon, 07 Apr 2008 18:43:05 -0500
++
++cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low
++
++  * debian/initramfs/cryptroot-script: Do show the disk name after all, since
++    some people use multiple encrypted partitions as LVM PVs. (LP: #201413)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Sun, 06 Apr 2008 11:54:41 -0600
++
++cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low
++
++  * debian/initramfs/cryptroot-script: Do not mention the name of the
++    encrypted device. It is just technobabble anyway (sda4_crypt), and there
++    is just one root partition ever, so it is not needed to tell apart
++    different partitions. From a security POV, someone who can change your
++    initramfs to boot a different root partition can just as well change the
++    strings, too. (LP: #201413)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 02 Apr 2008 15:51:53 +0200
++
++cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low
++
++  * debian/scripts/luksformat: Use 256 bit key size by default.
++    (LP: #78508)
++  * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for
++    luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508)
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 27 Feb 2008 17:43:46 +0100
++
++cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low
++
++  * Fix -x calls and access() call.
++
++ -- Scott James Remnant <scott@ubuntu.com>  Fri, 14 Dec 2007 16:54:53 +0000
++
++cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low
++
++  * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle
++  * debian/patches/06_call_udevsettle.dpatch: likewise
++
++ -- Scott James Remnant <scott@ubuntu.com>  Fri, 14 Dec 2007 16:11:36 +0000
++
++cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low
++
++  * Make cryptsetup understand devices specified by UUID=... or LABEL=
++    in crypttab. (LP: #153597)
++
++ -- Andrea Colangelo <warp10@libero.it>  Mon, 29 Oct 2007 18:22:51 +0100
++
++cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low
++
++  * reenable additional udevsettle calls in cryptroot hook from
++    https://launchpad.net/bugs/85640, LP: #132373.
++  * change maintainer to ubuntu-core-dev.
++  * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Thu, 08 Nov 2007 23:52:19 +0100
++
++cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low
++
++  * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last
++    upload. Sorry, pitti.
++  * convert patch to lib/libdevmapper.c to a dpatch.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sun, 04 Nov 2007 21:42:43 +0100
++
++cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low
++
++  * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation
++    events are being processed by calling /sbin/udevsettle. Patch based on
++    OpenSUSE bug #285478, LP: #132373.
++  * Based on the change above, the patch from LP #85640 is no longer needed.
++    dropping the relevant parts.
++  * Fix debian/rules to not fail to build if autom4te.cache is left behind
++    from a previous incomplete build.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Fri, 02 Nov 2007 20:53:31 +0100
++
++cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low
++
++  * debian/initramfs/cryptroot-script:
++    - If the supplied password worked, remove the prompt from usplash again,
++      so that the user has some visual feedback that everything is alright.
++      (LP: #151305)
++    - Do not show the UUID device node of the outer physical device. It is
++      scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not
++      improve security at all: If attackers can tamper with your initramfs,
++      they can also change the prompt, and if the UUID of the physical device
++      changes, then booting will not even get that far. Now it is a much more
++      friendly "Enter passphrase for sda5_crypt:" which is still technical,
++      but it's necessary to point out which device will be unlocked in case
++      there are several.
++
++ -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 11 Oct 2007 19:51:58 +0200
++
++cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low
++
++  * Merge new debian version. Remaining changes:
++    - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
++      This will break systems where /usr is a separate encrypted filesystem
++      but not have other bad consequences (in particular, systems with
++      encrypted root are still fine).  The upsides include better
++      security supportability and smaller packages.
++    - libcryptsetup.so et al removed from the binary packages.  They have
++      no stable ABI and are not suitable for use by other packages, and
++      were in violation of library policies etc.  They're not needed since
++      the cryptsetup executable statically contains the relevant parts of
++      libcryptsetup.
++    - cryptdisks.functions: remove #!/bin/bash as it isn't a script
++      by itself; it's only sourced by other scripts.  This gets rid
++      of the lintian warning `script-not-executable' for this file.
++    - stop usplash on user input. LP #62751
++    - Always output and read from the console. LP #58794.
++    - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
++      bzr on launchpad.
++    - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
++      libnsl linkage;
++    - debian/initramfs/cryptroot-hook: (LP: #73862)
++      Added patch to install aes optimized cypher module
++    - try to load optimized cypher module in cryptsetup.functions as well,
++      because cryptroot-hook is only executed when we really have a
++      cryptoroot.
++    - apply patch from pitti for allowing UUIDs in /etc/crypttab.
++      This allowes crypted PVs! LP: #144390.
++    - remove README.ubuntu, since it contains old and obsolete information.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Tue, 02 Oct 2007 21:31:28 +0200
++
  cryptsetup (2:1.0.5-2) unstable; urgency=low
    [ Jonas Meurer ]
@@ -2964,6 +4716,68 @@ cryptsetup (2:1.0.5-2) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Mon, 24 Sep 2007 15:42:06 +0200
++cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low
++
++  * apply patch from pitti for allowing UUIDs in /etc/crypttab.
++    This allowes crypted PVs! LP: #144390.
++  * remove README.ubuntu, since it contains old and obsolete information.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Tue, 02 Oct 2007 19:59:24 +0200
++
++cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low
++
++  [ Stephan Hermann ]
++  * debian/initramfs/cryptroot-hook: (LP: #73862)
++    - Added patch to install aes optimized cypher module
++
++  [ Reinhard Tartler ]
++  * re-applying old patch to new package version
++  * try to load optimized cypher module in cryptsetup.functions as well,
++    because cryptroot-hook is only executed when we really have a
++    cryptoroot.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Thu, 27 Sep 2007 19:38:48 +0200
++
++cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low
++
++  * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
++    libnsl linkage; should finally produce a usable cryptsetup binary for
++    the udeb.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Wed, 19 Sep 2007 15:28:52 +0100
++
++cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low
++
++  * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for
++    proper udeb dependencies.
++
++ -- Colin Watson <cjwatson@ubuntu.com>  Wed, 19 Sep 2007 01:37:02 +0100
++
++cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low
++
++  * Merge new debian version. Remaining changes:
++    - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
++      This will break systems where /usr is a separate encrypted filesystem
++      but not have other bad consequences (in particular, systems with
++      encrypted root are still fine).  The upsides include better
++      security supportability and smaller packages.
++    - libcryptsetup.so et al removed from the binary packages.  They have
++      no stable ABI and are not suitable for use by other packages, and
++      were in violation of library policies etc.  They're not needed since
++      the cryptsetup executable statically contains the relevant parts of
++      libcryptsetup.
++    - cryptdisks.functions: remove #!/bin/bash as it isn't a script
++      by itself; it's only sourced by other scripts.  This gets rid
++      of the lintian warning `script-not-executable' for this file.
++    - stop usplash on user input. LP #62751
++    - Always output and read from the console. LP #58794.
++  * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
++    bzr on launchpad.
++  * UVF exception request granted by Scott Kitterman and Chuck Short
++    LP: #138295
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sat, 08 Sep 2007 19:04:54 +0200
++
  cryptsetup (2:1.0.5-1) unstable; urgency=low
    [ Jonas Meurer ]
@@ -2984,6 +4798,66 @@ cryptsetup (2:1.0.5-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Fri, 27 Jul 2007 04:59:33 +0200
++cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low
++
++  * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sat, 08 Sep 2007 18:43:56 +0200
++
++cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low
++
++  * cryptsetup is linked dynamically against libgcrypt and libgpg-error.
++    This will break systems where /usr is a separate encrypted filesystem
++    but not have other bad consequences (in particular, systems with
++    encrypted root are still fine).  The upsides include better
++    security supportability and smaller packages.
++  * libcryptsetup.so et al removed from the binary packages.  They have
++    no stable ABI and are not suitable for use by other packages, and
++    were in violation of library policies etc.  They're not needed since
++    the cryptsetup executable statically contains the relevant parts of
++    libcryptsetup.
++  * cryptdisks.functions: remove #!/bin/bash as it isn't a script
++    by itself; it's only sourced by other scripts.  This gets rid
++    of the lintian warning `script-not-executable' for this file.
++
++ -- Ian Jackson <iwj@ubuntu.com>  Fri, 31 Aug 2007 12:05:33 +0100
++
++cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low
++
++  * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions
++    (LP: #115617)
++
++ -- Reinhard Tartler <siretart@ubuntu.com>  Tue, 29 May 2007 17:04:05 +0200
++
++cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low
++
++  * make luksformat check if filesystem is already mounted to prevent a
++    strange error message. thanks to mvo for the patch (LP: #116633)
++  * remove file debian/initramfs-cryptroot-script from source. it is not
++    installed anywhere, and a leftover from the last merge.
++  * add missing hunk of cryptsetup.functions compared to debian package.
++  * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to
++    debian/initramfs/cryptroot-script, since stgraber's patch has been
++    lost in the last merge. (LP: #85640)
++
++ -- Reinhard Tartler <siretart@ubuntu.com>  Tue, 29 May 2007 15:02:57 +0200
++
++cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low
++
++  * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405)
++
++ -- Reinhard Tartler <siretart@ubuntu.com>  Tue, 29 May 2007 13:31:39 +0200
++
++cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low
++
++  * Merge from Debian unstable. Remaining Ubuntu changes:
++    - stop usplash on user input. Ubuntu: #62751
++    - Always output and read from the console.  Ubuntu: #58794.
++    - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
++  * Modify Maintainer value to match Debian-Maintainer-Field Spec
++
++ -- Andrea Veri <bluekuja@ubuntu.com>  Sun,  6 May 2007 22:33:25 +0200
++
  cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low
    * New upstream svn snapshot with several bugfixes
@@ -3036,6 +4910,20 @@ cryptsetup (2:1.0.4+svn26-2) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Sat, 28 Apr 2007 20:45:50 +0200
++cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low
++
++  * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
++
++ -- Stéphane Graber <stgraber@ubuntu.com>  Thu,  14 Apr 2007 10:03:41 +0200
++
++cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low
++
++  * merge debian changes. Remaining ubuntu changes:
++    - stop usplash on user input. Ubuntu: #62751
++    - Always output and read from the console.  Ubuntu: #58794.
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sat,  3 Feb 2007 21:30:03 +0100
++
  cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high
    [ Jonas Meurer ]
@@ -3085,6 +4973,28 @@ cryptsetup (2:1.0.4+svn16-1) unstable; urgency=medium
   -- Jonas Meurer <mejo@debian.org>  Tue, 28 Nov 2006 18:17:12 +0100
++cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low
++
++  * fix and improve initramfs hook: terminate usplash if running, since
++    adequate secure text input is not possible with usplash ATM
++  * usplash support: Terminate usplash before asking a password.
++    Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751
++
++ -- Reinhard Tartler <siretart@tauware.de>  Wed, 24 Jan 2007 22:43:28 +0100
++
++cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low
++
++  * merge debian changes, remaining patches:
++    - Always output and read from the console.  Ubuntu: #58794.
++  * other changes have been merged or do noy apply anymore
++  * read password via usplash if available in initramfs for rootfs. based on a patch from
++    Swen Thümmler (Thanks for that!)  Ubuntu #62751
++  * read password from initscript via usplash if running. should fix the
++    rest of Ubuntu #62751. Only problem with that patch: It asks only once
++    for the password! improvements welcome!
++
++ -- Reinhard Tartler <siretart@tauware.de>  Sun, 19 Nov 2006 20:04:19 +0100
++
  cryptsetup (2:1.0.4-8) unstable; urgency=high
    [ Jonas Meurer ]
@@ -3242,6 +5152,27 @@ cryptsetup (2:1.0.4~rc2-1) unstable; urgency=low
   -- Jonas Meurer <mejo@debian.org>  Mon,  4 Sep 2006 03:55:35 +0200
++cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low
++
++  * Always output and read from the console.  Ubuntu: #58794.
++
++ -- Scott James Remnant <scott@ubuntu.com>  Thu, 21 Sep 2006 03:05:18 +0100
++
++cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low
++
++  * Load the dm-crypt module on startup.  Ubuntu: #53475.
++
++ -- Scott James Remnant <scott@ubuntu.com>  Wed, 23 Aug 2006 11:53:49 +0200
++
++cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low
++
++  * Sync with Debian:
++    Remaining Ubuntu Changes
++    + debian/cryptdisks.functions:
++      - Tell usplash to quit if we ask for a passphrase
++
++ -- Sebastian Dröge <slomo@ubuntu.com>  Tue, 11 Jul 2006 20:03:27 +0200
++
  cryptsetup (2:1.0.3-3) unstable; urgency=low
    [ Jonas Meurer ]
 diff --git a/debian/control b/debian/control
 index 4b0278c..4319a20 100644
 --- a/debian/control
 +++ b/debian/control
@@ -1,7 +1,8 @@
  Source: cryptsetup
  Section: admin
  Priority: optional
--Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>
++Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
++XSBC-Original-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>
  Uploaders: Jonas Meurer <jonas@freesources.org>,
             Guilhem Moulin <guilhem@debian.org>
  Rules-Requires-Root: no
@@ -43,7 +44,8 @@ Depends: cryptsetup-bin (>= 2:1.6.0),
           dmsetup,
           ${misc:Depends},
           ${shlibs:Depends}
--Suggests: cryptsetup-initramfs, dosfstools, keyutils, liblocale-gettext-perl
++Recommends: cryptsetup-initramfs
++Suggests: dosfstools, keyutils, liblocale-gettext-perl
  Description: disk encryption support - startup scripts
   Cryptsetup provides an interface for configuring encryption on block
   devices (such as /home or swap partitions), using the Linux kernel
@@ -92,11 +94,11 @@ Description: disk encryption support - experimental SSH token handler
  Package: cryptsetup-initramfs
  Architecture: all
--Depends: busybox | busybox-static,
++Depends: busybox-initramfs,
           cryptsetup (>= ${source:Version}),
           initramfs-tools (>= 0.137) | linux-initramfs-tool,
           ${misc:Depends}
--Recommends: console-setup, kbd
++Recommends: console-setup, kbd, plymouth
  Breaks: cryptsetup (<< 2:2.0.3-1)
  Replaces: cryptsetup (<< 2:2.0.3-1)
  Conflicts: lvm2 (<< 2.03.15-1)
@@ -109,7 +111,7 @@ Description: disk encryption support - initramfs integration
   This package provides initramfs integration for cryptsetup.
  Package: cryptsetup-suspend
--Architecture: linux-any
++Architecture: amd64 arm64 armhf ppc64el riscv64 s390x
  Multi-Arch: foreign
  Depends: cryptsetup-initramfs (>= ${source:Version}),
           initramfs-tools-core,
 diff --git a/debian/functions b/debian/functions
 index 917abad..73f5f2a 100644
 --- a/debian/functions
 +++ b/debian/functions
@@ -603,6 +603,7 @@ _resolve_device() {
  #   Print the major:minor device ID(s) holding the file system currently
  #   mounted currenty mounted on $mountpoint.
  #   Return 0 on success, 1 on error (if $mountpoint is not a mountpoint).
++#   devno will be empty if the filesystem must be excluded.
  get_mnt_devno() {
      local wantmount="$1" devnos="" uuid dev IFS
      local spec mountpoint fstype _ DEV MAJ MIN
@@ -616,8 +617,15 @@ get_mnt_devno() {
              # take the last mountpoint if used several times (shadowed)
              unset -v devnos
              spec="$(printf '%b' "$spec")"
--            _resolve_device "$spec" || continue # _resolve_device() already warns on error
              fstype="$(printf '%b' "$fstype")"
++            if [ "$fstype" = "zfs" ]; then
++                # Ignore ZFS entries as they don't have a major/minor and won't
++                # be imported when local-top cryptroot script will ran.
++                # Returns success with empty devno
++                printf ''
++                return 0
++            fi
++            _resolve_device "$spec" || continue # _resolve_device() already warns on error
              if [ "$fstype" = "btrfs" ]; then
                  # btrfs can span over multiple devices
                  if uuid="$(_device_uuid "$DEV")"; then
 diff --git a/debian/initramfs/cryptroot-unlock b/debian/initramfs/cryptroot-unlock
 index dbc2ad0..0e91701 100644
 --- a/debian/initramfs/cryptroot-unlock
 +++ b/debian/initramfs/cryptroot-unlock
@@ -40,8 +40,14 @@ fi
  pgrep_exe() {
  	local exe pid
  	exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0
--	ps -eo pid= | while read pid; do
--		[ "$(readlink -f "/proc/$pid/exe")" != "$exe" ] || printf '%d\n' "$pid"
++	ps | awk '{print $1, $5}' | while read LINE; do
++		set $LINE
++		local pid=$1
++		local cmd=$(readlink -f -- "$2")
++		if [ "$cmd" == "$exe" ]; then
++			echo $pid
++			break
++		fi
  	done
+ }
@@ -101,7 +107,7 @@ wait_for_prompt() {
  			break
  		fi
--		usleep 100000
++		sleep 0.1
  		timer=$(( $timer - 1 ))
  		if [ $timer -le 0 ]; then
  			echo "Error: Timeout reached while waiting for askpass." >&2
@@ -112,7 +118,7 @@ wait_for_prompt() {
  	# find the cryptsetup process with same $CRYPTTAB_NAME
  	local o v
  	for o in NAME TRIED OPTION_tries; do
--		if v="$(grep -z -m1 "^CRYPTTAB_$o=" "/proc/$pid/environ")"; then
++		if v="$(tr '\0' '\n' < "/proc/$pid/environ" | grep -m1 "^CRYPTTAB_$o=")"; then
  			eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}"
  		else
  			eval unset -v "CRYPTTAB_$o"
@@ -128,7 +134,7 @@ wait_for_prompt() {
  	fi
  	for pid in $(pgrep_exe "/sbin/cryptsetup"); do
--		if grep -Fxqz "CRYPTTAB_NAME=$CRYPTTAB_NAME" "/proc/$pid/environ"; then
++		if tr '\0' '\n' < "/proc/$pid/environ" | grep -Fxq "CRYPTTAB_NAME=$CRYPTTAB_NAME"; then
  			PID=$pid
  			BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break
  			return 0
@@ -148,7 +154,7 @@ wait_for_prompt() {
  wait_for_answer() {
  	local timer=$(( 10 * $TIMEOUT )) b
  	while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do
--		usleep 100000
++		sleep 0.1
  		timer=$(( $timer - 1 ))
  		if [ $timer -le 0 ]; then
  			echo "Error: Timeout reached while waiting for PID $PID." >&2
 diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot
 index c16f7c2..87a3589 100644
 --- a/debian/initramfs/hooks/cryptroot
 +++ b/debian/initramfs/hooks/cryptroot
@@ -178,16 +178,18 @@ generate_initrd_crypttab() {
+     {
          if devnos="$(get_mnt_devno /)"; then
--            usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos
++            if [ -n "$devnos" ]; then
++                usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos
++            fi
          else
              cryptsetup_message "WARNING: Couldn't determine root device"
          fi
--        if devnos="$(get_resume_devno)"; then
++        if devnos="$(get_resume_devno)" && [ -n "$devnos" ]; then
              usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos
          fi
--        if devnos="$(get_mnt_devno /usr)"; then
++        if devnos="$(get_mnt_devno /usr)" && [ -n "$devnos" ]; then
              usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos
          fi
 diff --git a/debian/rules b/debian/rules
 index 757085c..461e844 100755
 --- a/debian/rules
 +++ b/debian/rules
@@ -29,6 +29,7 @@ override_dh_auto_configure:
  		--with-tmpfilesdir=/usr/lib/tmpfiles.d \
  		--enable-libargon2 \
  		--enable-shared \
++		--enable-fips \
  		--enable-cryptsetup-reencrypt
  execute_after_dh_auto_build:
@@ -87,8 +88,10 @@ override_dh_bugfiles:
  execute_after_dh_fixperms-arch:
  	chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/*
  	chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_*
++ifneq ($(DEB_HOST_ARCH),i386)
  	chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
  	chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
++endif
  ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES)))
  	chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/*
  	chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_*
 diff --git a/debian/tests/control b/debian/tests/control
 index 52752a3..0b7e9be 100644
 --- a/debian/tests/control
 +++ b/debian/tests/control
@@ -42,8 +42,9 @@ Depends: cryptsetup-bin,
           sshpass
  Restrictions: needs-root, isolation-machine
--
--Tests: cryptdisks, cryptdisks.init
++# cryptdisks test is disabled - it fails to open /dev/tty in CI
++#Tests: cryptdisks, cryptdisks.init
++Tests: cryptdisks.init
  Depends: cryptsetup, xxd
  Restrictions: allow-stderr, needs-root, isolation-machine
 diff --git a/debian/tests/cryptroot-lvm.d/mock b/debian/tests/cryptroot-lvm.d/mock
 index f57e42f..f777763 100755
 --- a/debian/tests/cryptroot-lvm.d/mock
 +++ b/debian/tests/cryptroot-lvm.d/mock
@@ -36,8 +36,13 @@ else {
      expect($SERIAL => qr/(?:^|\s)?PM: suspend exit\r\n/m);
      unlock_disk("topsecret");
--    # consume PS1 to make sure we're at a shell prompt
--    expect($CONSOLE => qr/\A $PS1 \z/aamsx);
++    # suspend() leaves clutter in the console due to the retries
++    # that prevents test from succeeding.
++    consume($CONSOLE);
++
++    # ensure that shell is available
++    shell(q{echo ready}, rv => 0);
++
      my $out = shell(q{dmsetup info -c --noheadings -omangled_name,suspended --separator ' '});
      die if grep !/[:[:blank:]]Active$/i, split(/\r?\n/, $out);
 diff --git a/debian/tests/cryptroot-nested.d/config b/debian/tests/cryptroot-nested.d/config
 index 995200c..fcfba32 100644
 --- a/debian/tests/cryptroot-nested.d/config
 +++ b/debian/tests/cryptroot-nested.d/config
@@ -1,6 +1,13 @@
  PKGS_EXTRA+=( btrfs-progs lvm2 mdadm )
  PKGS_EXTRA+=( cryptsetup-initramfs )
++# "$DISTRIBUTOR_ID" is defined in ../utils/cryptroot-common
++# Workaround for LP1831747 https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1831747
++# Add implicit dependency of cryptsetup-initramfs
++if [ "$DISTRIBUTOR_ID" = "ubuntu" ]; then
++    PKGS_EXTRA+=( e2fsprogs )
++fi
++
  # /dev/mapper/testvg-lv1_crypt and /dev/vdc are both 1G and used in RAID1 mode
  DRIVE_SIZES=( "1G" "264M" "1G" "512M" )
 diff --git a/debian/tests/cryptroot-sysvinit.d/config b/debian/tests/cryptroot-sysvinit.d/config
 index f6b7392..1d41c24 100644
 --- a/debian/tests/cryptroot-sysvinit.d/config
 +++ b/debian/tests/cryptroot-sysvinit.d/config
@@ -1,5 +1,10 @@
  PKGS_EXTRA+=( e2fsprogs ) # for fsck.ext4
  PKGS_EXTRA+=( cryptsetup-initramfs cryptsetup )
--PKG_INIT="sysvinit-core"
--
++# "$DISTRIBUTOR_ID" is defined in ../utils/cryptroot-common
++case "$DISTRIBUTOR_ID" in
++    debian) PKG_INIT="sysvinit-core";;
++    ubuntu) PKG_INIT="systemd-sysv";;
++    *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't determine default init package" >&2;
++       exit 1;;
++esac
  # vim: set filetype=bash :
 diff --git a/debian/tests/initramfs-hook b/debian/tests/initramfs-hook
 index 4171102..f58e6f5 100755
 --- a/debian/tests/initramfs-hook
 +++ b/debian/tests/initramfs-hook
@@ -63,6 +63,20 @@ mkinitramfs() {
      # `mkinitramfs -k` would be better but we can't set $DESTDIR in advance
      cleanup_initrd_dir
      command unmkinitramfs "$INITRD_IMG" "$INITRD_DIR"
++
++    # find subdirectory with the root file system relative to the cryptsetup location
++    CRYPTSETUP_PATH=sbin/cryptsetup
++    ROOTFS_DIR=`find "$INITRD_DIR" -name cryptsetup | grep "/usr/$CRYPTSETUP_PATH" | sed -e "s|/usr/$CRYPTSETUP_PATH||"`
++
++    if [[ -z "$ROOTFS_DIR" ]]; then
++        ROOTFS_DIR=`find "$INITRD_DIR" -name cryptsetup | grep "/$CRYPTSETUP_PATH" | sed -e "s|/$CRYPTSETUP_PATH||"`
++    fi
++
++    if [[ ! -z "$ROOTFS_DIR" ]] && [[ "$ROOTFS_DIR" != "$INITRD_DIR" ]] && [[ -d "$ROOTFS_DIR" ]]; then
++        echo move root filesystem from "$ROOTFS_DIR" to "$INITRD_DIR"
++        mv "$ROOTFS_DIR"/* "$INITRD_DIR"
++    fi
++
      for d in dev proc sys; do
          mkdir -p "$INITRD_DIR/$d"
          mount --bind "/$d" "$INITRD_DIR/$d"
@@ -190,9 +204,9 @@ cryptsetup close test3_crypt
  # plain, blowfish + ripemd160 (ignored due to keyfile)
  disk_setup
  head -c32 /dev/urandom >"$TMPDIR/keyfile"
--cryptsetup open --type=plain --cipher="blowfish" --key-file="$TMPDIR/keyfile" --size=256 --hash="ripemd160" "$CRYPT_DEV" test3_crypt
++cryptsetup open --type=plain --cipher="blowfish" --key-file="$TMPDIR/keyfile" --hash="ripemd160" "$CRYPT_DEV" test3_crypt
  mkfs.ext2 -m0 /dev/mapper/test3_crypt
--echo "test3_crypt $CRYPT_DEV $TMPDIR/keyfile plain,cipher=blowfish,hash=ripemd160,size=256,initramfs" >/etc/crypttab
++echo "test3_crypt $CRYPT_DEV $TMPDIR/keyfile plain,cipher=blowfish,hash=ripemd160,initramfs" >/etc/crypttab
  mkinitramfs
  legacy_so="$(find "$INITRD_DIR" -xdev -type f -path "*/ossl-modules/legacy.so")"
  test -z "$legacy_so" || exit 1 # don't need legacy.so here
 diff --git a/debian/tests/utils/cryptroot-common b/debian/tests/utils/cryptroot-common
 index a7df37f..8cedda0 100755
 --- a/debian/tests/utils/cryptroot-common
 +++ b/debian/tests/utils/cryptroot-common
@@ -81,6 +81,7 @@ load_os_release() {
+ }
  case "${DISTRIBUTOR_ID:="$(load_os_release && printf "%s" "${ID,,[A-Z]}")"}" in
      debian) APT_REPO_ORIGIN="Debian"; APT_REPO_URI="http://deb.debian.org/debian";;
++    ubuntu) APT_REPO_ORIGIN="Ubuntu"; APT_REPO_URI="http://archive.ubuntu.com/ubuntu";;
      # suitable values for derivative can be added here
      *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract APT origin" >&2;
         exit 1;;
@@ -164,6 +165,12 @@ case "$BOOT" in
      efi) PKG_BOOTLOADER="grub-efi";;
      *) echo "ERROR unknown boot method '$BOOT'" >&2; exit 1;;
  esac
++
++if [ "$DISTRIBUTOR_ID" = "ubuntu" ]; then
++    echo "Overriding kernel arch to generic"
++    KERNEL_ARCH="generic"
++fi
++
  PKG_KERNEL="linux-image-$KERNEL_ARCH"
  PKG_INIT="systemd-sysv" # default pid1
  MERGED_USR="" # use default layout for the target version
@@ -301,6 +308,12 @@ setup_apt() {
          esac >"$TEMPDIR/apt/sources.list"
      fi
++    # ubuntu CI populates sources.list.d with PPA source, append them to the list
++    if [ "$DISTRIBUTOR_ID" = "ubuntu" -a -d /etc/apt/sources.list.d ]; then
++        echo "Append contents of /etc/apt/sources.list.d to $TEMPDIR/apt/sources.list"
++        find /etc/apt/sources.list.d -type f | xargs cat >> "$TEMPDIR/apt/sources.list"
++    fi
++
      local apt_repo
      for apt_repo in "${EXTRA_REPOS[@]}"; do
          printf "%s\\n" "$apt_repo" >>"$TEMPDIR/apt/sources.list"
@@ -416,9 +429,20 @@ extract_kernel() {
      fi
      mkdir "$destdir"
--    dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \
--        "./boot/vmlinuz-$KERNEL_VERSION" \
--        "./lib/modules/$KERNEL_VERSION"
++    if [ "$DISTRIBUTOR_ID" == "debian" ]; then
++            dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \
++            "./boot/vmlinuz-$KERNEL_VERSION" \
++            "./lib/modules/$KERNEL_VERSION"
++    elif [ "$DISTRIBUTOR_ID" == "ubuntu" ]; then
++        dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \
++            "./boot/vmlinuz-$KERNEL_VERSION"; MODULES_DEB="$(echo $KERNEL_DEB |  sed s/-image-/-modules-/)"; \
++        dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$MODULES_DEB" | tar -C "$destdir" -xf- \
++            "./lib/modules/$KERNEL_VERSION"
++    else
++        echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract kernel" >&2
++        exit 1
++    fi
++
      ln -T -- "$destdir/boot/vmlinuz-$KERNEL_VERSION" "$TEMPDIR/vmlinuz-$KERNEL_VERSION"
+ }
 diff --git a/debian/tests/utils/mkinitramfs b/debian/tests/utils/mkinitramfs
 index 6bc70f4..84eeb4b 100755
 --- a/debian/tests/utils/mkinitramfs
 +++ b/debian/tests/utils/mkinitramfs
@@ -65,6 +65,8 @@ if [ "$BOOT" = "efi" ]; then
      MODULES="$MODULES efivarfs nls_ascii nls_cp437 vfat"
  fi
++find "$EXTRACT_DIR" -name '*.zst' -exec zstd -d {} \;
++
  depmod -ab "$EXTRACT_DIR" "$KERNEL_VERSION"
  for kmod in virtio_console virtio_blk virtio_pci virtio_rng \
          "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/arch/*/crypto/*.ko* \
 diff --git a/debian/tests/utils/mock.pm b/debian/tests/utils/mock.pm
 index 10db3e6..2425d87 100644
 --- a/debian/tests/utils/mock.pm
 +++ b/debian/tests/utils/mock.pm
@@ -97,6 +97,26 @@ sub expect(;$$) {
      #print STDERR "INFO done reading\n";
+ }
++sub consume($) {
++    my $chan = shift;
++    my $buffer = defined $chan ? \$BUFFER{$chan} : undef;
++    if (! defined $buffer) {
++        return;
++    }
++
++    while(unpack("b*", $RBITS) != 0) {
++        my $rout = $RBITS;
++        if (select($rout, undef, undef, 1) == -1) {
++            return;
++        }
++        read_data($rout);
++        if (length($$buffer) == 0) {
++            return;
++        }
++        $$buffer = "";
++    }
++}
++
  sub write_data($$%) {
      my $chan = shift;
      my $data = shift;
@@ -167,11 +187,13 @@ BEGIN {
          hibernate
          poweroff
          expect
++        consume
      /;
+ }
  *expect     = \&CryptrootTest::Utils::expect;
  *write_data = \&CryptrootTest::Utils::write_data;
++*consume = \&CryptrootTest::Utils::consume;
  sub unlock_disk($) {
      my $passphrase = shift;
@@ -228,7 +250,9 @@ sub shell($%) {
  # enter S3 sleep state (suspend to ram aka standby)
  sub suspend() {
--    write_data($CONSOLE => q{systemctl suspend});
++    # there is a race condition that causes suspend to fail.
++    # retry until success. Note, this may leave clutter in the console
++    write_data($CONSOLE => q{until systemctl suspend; do sleep 1; done});
      # while the command is asynchronous the system might suspend before
      # we have a chance to read the next $PS1

Ubuntucryptsetup package

Merge ~mkukri/ubuntu/+source/cryptsetup:merge into ubuntu/+source/cryptsetup:debian/sid

Commit message

Description of the change

Preview Diff

Subscribers

Ubuntu
cryptsetup package