Merge ~mkukri/ubuntu/+source/cryptsetup:merge into ubuntu/+source/cryptsetup:debian/sid
- Git
- lp:~mkukri/ubuntu/+source/cryptsetup
- merge
- Merge into debian/sid
Proposed by
Mate Kukri
Status: | Merged | ||||||||
---|---|---|---|---|---|---|---|---|---|
Merge reported by: | Mate Kukri | ||||||||
Merged at revision: | 5092a322e94ccbf5a2e97f9d42070bda8dec8d1c | ||||||||
Proposed branch: | ~mkukri/ubuntu/+source/cryptsetup:merge | ||||||||
Merge into: | ubuntu/+source/cryptsetup:debian/sid | ||||||||
Diff against target: |
2709 lines (+2061/-27) 14 files modified
debian/changelog (+1931/-0) debian/control (+7/-5) debian/functions (+9/-1) debian/initramfs/cryptroot-unlock (+12/-6) debian/initramfs/hooks/cryptroot (+5/-3) debian/rules (+3/-0) debian/tests/control (+3/-2) debian/tests/cryptroot-lvm.d/mock (+7/-2) debian/tests/cryptroot-nested.d/config (+7/-0) debian/tests/cryptroot-sysvinit.d/config (+7/-2) debian/tests/initramfs-hook (+16/-2) debian/tests/utils/cryptroot-common (+27/-3) debian/tests/utils/mkinitramfs (+2/-0) debian/tests/utils/mock.pm (+25/-1) |
||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Lukas Märdian (community) | Approve | ||
Simon Quigley | Pending | ||
Review via email:
|
This proposal supersedes a proposal from 2024-01-03.
Commit message
Merge with Debian sid. Rebased the previously split Ubuntu changes.
Description of the change
To post a comment you must log in.
Revision history for this message
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Simon Quigley (tsimonq2) wrote : Posted in a previous version of this proposal | # |
review:
Needs Fixing
Revision history for this message
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Lukas Märdian (slyon) wrote : | # |
Test build available in https:/
Revision history for this message
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Lukas Märdian (slyon) wrote : | # |
Diff against ubuntu/noble-devel and debian/sid are looking good. Delta got split up nicely.
Test builds are looking good, passing the build-time tests.
Autopkgtests need investigation, but this is unrelated to this merge (they have been failing for a while).
LGTM.
review:
Approve
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 78803a1..edadf8b 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,34 @@ |
6 | +cryptsetup (2:2.6.1-6ubuntu1) noble; urgency=medium |
7 | + |
8 | + * Merge with Debian unstable. Remaining changes: |
9 | + - Support zstd compressed modules for the self test. |
10 | + - Compile-in support for a FIPS mode. LP #2032659 |
11 | + - debian/control: |
12 | + + Recommend plymouth. |
13 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
14 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
15 | + + Do not build cryptsetup-suspend binary package on i386. |
16 | + - Fix cryptroot-unlock for busybox compatibility. |
17 | + - Fix warning and error when running on ZFS on root |
18 | + + d/functions: Return an empty devno for ZFS devices as they don't have |
19 | + major:minor device numbers. |
20 | + + d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
21 | + when devices don't have a devno. |
22 | + - Fix cryptroot-* autopkgtests on Ubuntu. (LP #1983522) |
23 | + + debian/tests/utils/mock.pm: return from consume() function if select() |
24 | + times out or fails |
25 | + + debian/tests/utils/cryptroot-common: fix apt source and kernel package |
26 | + names for Ubuntu |
27 | + + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu |
28 | + cryptroot-sysvinit package test |
29 | + + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add |
30 | + workaround for LP1831747 by adding a e2fsprogs dependency |
31 | + + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and |
32 | + allow blowfish test use 64Mb of provisioned space (drop --size) |
33 | + + debian/tests/control: disable cryptdisks test |
34 | + |
35 | + -- Mate Kukri <mate.kukri@canonical.com> Wed, 03 Jan 2024 10:38:16 +0000 |
36 | + |
37 | cryptsetup (2:2.6.1-6) unstable; urgency=medium |
38 | |
39 | [ Kevin Locke ] |
40 | @@ -11,6 +42,37 @@ cryptsetup (2:2.6.1-6) unstable; urgency=medium |
41 | |
42 | -- Guilhem Moulin <guilhem@debian.org> Tue, 05 Dec 2023 17:48:58 +0100 |
43 | |
44 | +cryptsetup (2:2.6.1-5ubuntu1) noble; urgency=medium |
45 | + |
46 | + * Merge with Debian unstable. Remaining changes: |
47 | + - Support zstd compressed modules for the self test. |
48 | + - Compile-in support for a FIPS mode. LP #2032659 |
49 | + - debian/control: |
50 | + + Recommend plymouth. |
51 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
52 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
53 | + + Do not build cryptsetup-suspend binary package on i386. |
54 | + - Fix cryptroot-unlock for busybox compatibility. |
55 | + - Fix warning and error when running on ZFS on root |
56 | + + d/functions: Return an empty devno for ZFS devices as they don't have |
57 | + major:minor device numbers. |
58 | + + d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
59 | + when devices don't have a devno. |
60 | + - Fix cryptroot-* autopkgtests on Ubuntu. (LP #1983522) |
61 | + + debian/tests/utils/mock.pm: return from consume() function if select() |
62 | + times out or fails |
63 | + + debian/tests/utils/cryptroot-common: fix apt source and kernel package |
64 | + names for Ubuntu |
65 | + + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu |
66 | + cryptroot-sysvinit package test |
67 | + + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add |
68 | + workaround for LP1831747 by adding a e2fsprogs dependency |
69 | + + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and |
70 | + allow blowfish test use 64Mb of provisioned space (drop --size) |
71 | + + debian/tests/control: disable cryptdisks test |
72 | + |
73 | + -- Mate Kukri <mate.kukri@canonical.com> Mon, 20 Nov 2023 09:50:25 +0000 |
74 | + |
75 | cryptsetup (2:2.6.1-5) unstable; urgency=medium |
76 | |
77 | [ Guilhem Moulin ] |
78 | @@ -24,6 +86,49 @@ cryptsetup (2:2.6.1-5) unstable; urgency=medium |
79 | |
80 | -- Guilhem Moulin <guilhem@debian.org> Sun, 27 Aug 2023 12:24:57 +0200 |
81 | |
82 | +cryptsetup (2:2.6.1-4ubuntu3) mantic; urgency=medium |
83 | + |
84 | + * Support zstd compressed modules for the self test. |
85 | + |
86 | + -- Andrea Righi <andrea.righi@canonical.com> Mon, 11 Sep 2023 15:05:35 +0000 |
87 | + |
88 | +cryptsetup (2:2.6.1-4ubuntu2) mantic; urgency=medium |
89 | + |
90 | + * Compile-in support for a FIPS mode. LP: #2032659 |
91 | + |
92 | + -- Dimitri John Ledkov <dimitri.ledkov@canonical.com> Tue, 22 Aug 2023 16:06:53 +0100 |
93 | + |
94 | +cryptsetup (2:2.6.1-4ubuntu1) mantic; urgency=medium |
95 | + |
96 | + * Merge with Debian unstable (LP: #2019292). Remaining changes: |
97 | + - debian/control: |
98 | + + Recommend plymouth. |
99 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
100 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
101 | + + Do not build cryptsetup-suspend binary package on i386. |
102 | + - Fix cryptroot-unlock for busybox compatibility. |
103 | + - Fix warning and error when running on ZFS on root |
104 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
105 | + major:minor device numbers. |
106 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
107 | + when devices don't have a devno. |
108 | + - debian/patches/decrease_memlock_ulimit.patch |
109 | + Fixed FTBFS due to a restricted build environment |
110 | + - Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522) |
111 | + + debian/tests/utils/mock.pm: return from consume() function if select() |
112 | + times out or fails |
113 | + + debian/tests/utils/cryptroot-common: fix apt source and kernel package |
114 | + names for Ubuntu |
115 | + + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu |
116 | + cryptroot-sysvinit package test |
117 | + + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add |
118 | + workaround for LP1831747 by adding a e2fsprogs dependency |
119 | + + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and |
120 | + allow blowfish test use 64Mb of provisioned space (drop --size) |
121 | + + debian/tests/control: disable cryptdisks test |
122 | + |
123 | + -- Vladimir Petko <vladimir.petko@canonical.com> Mon, 15 May 2023 09:55:25 +1200 |
124 | + |
125 | cryptsetup (2:2.6.1-4) unstable; urgency=medium |
126 | |
127 | * Backport upstream MR !498, see #1028250: |
128 | @@ -58,6 +163,37 @@ cryptsetup (2:2.6.1-2) unstable; urgency=medium |
129 | |
130 | -- Guilhem Moulin <guilhem@debian.org> Thu, 02 Mar 2023 05:01:53 +0100 |
131 | |
132 | +cryptsetup (2:2.6.1-1ubuntu1) lunar; urgency=low |
133 | + |
134 | + * Merge with Debian unstable (LP: #2004423). Remaining changes: |
135 | + - debian/control: |
136 | + + Recommend plymouth. |
137 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
138 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
139 | + + Do not build cryptsetup-suspend binary package on i386. |
140 | + - Fix cryptroot-unlock for busybox compatibility. |
141 | + - Fix warning and error when running on ZFS on root |
142 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
143 | + major:minor device numbers. |
144 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
145 | + when devices don't have a devno. |
146 | + - debian/patches/decrease_memlock_ulimit.patch |
147 | + Fixed FTBFS due to a restricted build environment |
148 | + - Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522) |
149 | + + debian/tests/utils/mock.pm: return from consume() function if select() |
150 | + times out or fails |
151 | + + debian/tests/utils/cryptroot-common: fix apt source and kernel package |
152 | + names for Ubuntu |
153 | + + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu |
154 | + cryptroot-sysvinit package test |
155 | + + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add |
156 | + workaround for LP1831747 by adding a e2fsprogs dependency |
157 | + + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and |
158 | + allow blowfish test use 64Mb of provisioned space (drop --size) |
159 | + + debian/tests/control: disable cryptdisks test |
160 | + |
161 | + -- Vladimir Petko <vladimir.petko@canonical.com> Mon, 13 Feb 2023 15:57:18 +1300 |
162 | + |
163 | cryptsetup (2:2.6.1-1) unstable; urgency=medium |
164 | |
165 | * New upstream bugfix release. |
166 | @@ -107,6 +243,54 @@ cryptsetup (2:2.6.0~rc0-1) experimental; urgency=medium |
167 | |
168 | -- Guilhem Moulin <guilhem@debian.org> Sat, 19 Nov 2022 17:30:40 +0100 |
169 | |
170 | +cryptsetup (2:2.5.0-6ubuntu3) lunar; urgency=medium |
171 | + |
172 | + * Fix cryptroot-lvm autopkgtest on Ubuntu. (LP: #1983522) |
173 | + - debian/tests/control: enable cryptroot-lvm |
174 | + - debian/tests/utils/mock.pm: return from consume() function if select() |
175 | + times out or fails |
176 | + |
177 | + -- Vladimir Petko <vladimir.petko@canonical.com> Fri, 02 Dec 2022 15:53:42 +1300 |
178 | + |
179 | +cryptsetup (2:2.5.0-6ubuntu2) lunar; urgency=medium |
180 | + |
181 | + * Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522) |
182 | + - debian/tests/utils/cryptroot-common: fix apt source and kernel package |
183 | + names for Ubuntu |
184 | + - debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu |
185 | + cryptroot-sysvinit package test |
186 | + - debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add |
187 | + workaround for LP1831747 by adding a e2fsprogs dependency |
188 | + - debian/tests/control: disable cryptdisks, cryptroot-lvm due to CI |
189 | + failures and update comments |
190 | + - debian/tests/utils/mock.pm: fix cryptoroot-lvm test adding retries to the |
191 | + suspend operation and consuming the console buffer before making |
192 | + assertions. It still hangs in CI and requires further work. |
193 | + - debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and |
194 | + allow blowfish test use 64Mb of provisioned space (drop --size) |
195 | + |
196 | + -- Vladimir Petko <vladimir.petko@canonical.com> Fri, 02 Dec 2022 14:14:42 +1300 |
197 | + |
198 | +cryptsetup (2:2.5.0-6ubuntu1) lunar; urgency=low |
199 | + |
200 | + * Merge from Debian unstable. Remaining changes: |
201 | + - debian/control: |
202 | + + Recommend plymouth. |
203 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
204 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
205 | + + Do not build cryptsetup-suspend binary package on i386. |
206 | + - Fix cryptroot-unlock for busybox compatibility. |
207 | + - Fix warning and error when running on ZFS on root |
208 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
209 | + major:minor device numbers. |
210 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
211 | + when devices don't have a devno. |
212 | + - debian/patches/decrease_memlock_ulimit.patch |
213 | + Fixed FTBFS due to a restricted build environment |
214 | + - Disable failing Debian-tailored cryptroot-* autopkgtests |
215 | + |
216 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 07 Nov 2022 08:36:38 -0800 |
217 | + |
218 | cryptsetup (2:2.5.0-6) unstable; urgency=medium |
219 | |
220 | * d/t/cryptroot-*: Mask systemd-firstboot.service. |
221 | @@ -202,6 +386,26 @@ cryptsetup (2:2.5.0-3) unstable; urgency=low |
222 | |
223 | -- Guilhem Moulin <guilhem@debian.org> Sun, 18 Sep 2022 23:01:46 +0200 |
224 | |
225 | +cryptsetup (2:2.5.0-2ubuntu1) kinetic; urgency=medium |
226 | + |
227 | + * Merge from Debian unstable. Remaining changes: |
228 | + - debian/control: |
229 | + + Recommend plymouth. |
230 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
231 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
232 | + + Do not build cryptsetup-suspend binary package on i386. |
233 | + - Fix cryptroot-unlock for busybox compatibility. |
234 | + - Fix warning and error when running on ZFS on root: (LP: #1830110) |
235 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
236 | + major:minor device numbers. |
237 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
238 | + when devices don't have a devno. |
239 | + - debian/patches/decrease_memlock_ulimit.patch |
240 | + Fixed FTBFS due to a restricted build environment |
241 | + * Disable failing Debian-tailored cryptroot-* autopkgtests, see bug #1983522 |
242 | + |
243 | + -- Benjamin Drung <bdrung@ubuntu.com> Wed, 24 Aug 2022 00:56:28 +0200 |
244 | + |
245 | cryptsetup (2:2.5.0-2) unstable; urgency=low |
246 | |
247 | [ Matthias Klose ] |
248 | @@ -260,6 +464,29 @@ cryptsetup (2:2.5.0-2) unstable; urgency=low |
249 | |
250 | -- Guilhem Moulin <guilhem@debian.org> Tue, 09 Aug 2022 01:40:50 +0200 |
251 | |
252 | +cryptsetup (2:2.5.0-1ubuntu1) kinetic; urgency=medium |
253 | + |
254 | + * Merge from Debian unstable. Remaining changes: |
255 | + - debian/control: |
256 | + + Recommend plymouth. |
257 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
258 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
259 | + + Do not build cryptsetup-suspend binary package on i386. |
260 | + - Fix cryptroot-unlock for busybox compatibility. |
261 | + - Fix warning and error when running on ZFS on root: (LP: #1830110) |
262 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
263 | + major:minor device numbers. |
264 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
265 | + when devices don't have a devno. |
266 | + - debian/patches/decrease_memlock_ulimit.patch |
267 | + Fixed FTBFS due to a restricted build environment |
268 | + - Stop building the udeb on request. |
269 | + * d/initramfs/hooks/cryptroot: Include OpenSSL legacy.so for ripemd160 and |
270 | + whirlpool hash algorithms (LP: #1979159) |
271 | + * Disable failing Debian-tailored cryptroot-* autopkgtests, see bug #1983522 |
272 | + |
273 | + -- Benjamin Drung <bdrung@ubuntu.com> Thu, 04 Aug 2022 12:30:02 +0200 |
274 | + |
275 | cryptsetup (2:2.5.0-1) unstable; urgency=medium |
276 | |
277 | * New upstream release. (Closes: #1000634, #1011128) |
278 | @@ -338,6 +565,26 @@ cryptsetup (2:2.5.0~rc1-1) experimental; urgency=low |
279 | |
280 | -- Guilhem Moulin <guilhem@debian.org> Fri, 15 Jul 2022 01:49:59 +0200 |
281 | |
282 | +cryptsetup (2:2.4.3-1ubuntu1) jammy; urgency=low |
283 | + |
284 | + * Merge from Debian unstable (LP: #1959427). Remaining changes: |
285 | + - debian/control: |
286 | + + Recommend plymouth. |
287 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
288 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
289 | + + Do not build cryptsetup-suspend binary package on i386. |
290 | + - Fix cryptroot-unlock for busybox compatibility. |
291 | + - Fix warning and error when running on ZFS on root: (LP: #1830110) |
292 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
293 | + major:minor device numbers. |
294 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
295 | + when devices don't have a devno. |
296 | + - debian/patches/decrease_memlock_ulimit.patch |
297 | + Fixed FTBFS due to a restricted build environment |
298 | + - Stop building the udeb on request. |
299 | + |
300 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 28 Jan 2022 12:14:06 -0800 |
301 | + |
302 | cryptsetup (2:2.4.3-1) unstable; urgency=high |
303 | |
304 | [ Guilhem Moulin ] |
305 | @@ -351,6 +598,64 @@ cryptsetup (2:2.4.3-1) unstable; urgency=high |
306 | |
307 | -- Guilhem Moulin <guilhem@debian.org> Thu, 13 Jan 2022 19:07:05 +0100 |
308 | |
309 | +cryptsetup (2:2.4.2-1ubuntu4) jammy; urgency=medium |
310 | + |
311 | + * Move cryptsetup-initramfs back to cryptsetup's Recommends (from Suggests). |
312 | + |
313 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 09 Dec 2021 12:53:00 +1300 |
314 | + |
315 | +cryptsetup (2:2.4.2-1ubuntu3) jammy; urgency=medium |
316 | + |
317 | + * Fix build on i386. |
318 | + |
319 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 07 Dec 2021 13:17:48 +1300 |
320 | + |
321 | +cryptsetup (2:2.4.2-1ubuntu2) jammy; urgency=medium |
322 | + |
323 | + * Do not build new cryptsetup-suspend binary package on i386. |
324 | + |
325 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 07 Dec 2021 11:47:55 +1300 |
326 | + |
327 | +cryptsetup (2:2.4.2-1ubuntu1) jammy; urgency=medium |
328 | + |
329 | + * Merge from Debian unstable. Remaining changes: |
330 | + - debian/control: |
331 | + + Recommend plymouth. |
332 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
333 | + - Fix cryptroot-unlock for busybox compatibility. |
334 | + - Fix warning and error when running on ZFS on root: (LP: #1830110) |
335 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
336 | + major:minor device numbers. |
337 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when |
338 | + devices don't have a devno. |
339 | + Submitted to debian upstream as bug #902449. |
340 | + - debian/patches/decrease_memlock_ulimit.patch |
341 | + Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473) |
342 | + tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test. |
343 | + - Thanks Guilherme G. Piccoli. |
344 | + - Stop building the udeb on request. |
345 | + * Dropped change, included in Debian: |
346 | + - Introduce retry logic for external invocations after mdadm (LP: #1879980) |
347 | + - Currently, if an encrypted rootfs is configured on top of a MD RAID1 |
348 | + array and such array gets degraded (e.g., a member is removed/failed) |
349 | + the cryptsetup scripts cannot mount the rootfs, and the boot fails. |
350 | + We fix that issue here by allowing the cryptroot script to be re-run |
351 | + by initramfs-tools/local-block stage, as mdadm can activate degraded |
352 | + arrays at that stage. |
353 | + There is an initramfs-tools counter-part for this fix, but alone the |
354 | + cryptsetup portion is harmless. |
355 | + - d/cryptsetup-initramfs.install: ship the new local-bottom script. |
356 | + - d/functions: declare variables for local-top|block|bottom scripts |
357 | + (flag that local-block is running and external invocation counter.) |
358 | + - d/i/s/local-block/cryptroot: set flag that local-block is running. |
359 | + - d/i/s/local-bottom/cryptroot: clean up the flag and counter files. |
360 | + - d/i/s/local-top/cryptroot: change the logic from just waiting 180 |
361 | + seconds to waiting 5 seconds first, then allowing initramfs-tools |
362 | + to run mdadm (to activate degraded arrays) and call back at least |
363 | + 30 times/seconds more. |
364 | + |
365 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 02 Dec 2021 11:58:05 +1300 |
366 | + |
367 | cryptsetup (2:2.4.2-1) unstable; urgency=high |
368 | |
369 | * New upstream bugfix release 2.4.2. |
370 | @@ -469,6 +774,18 @@ cryptsetup (2:2.3.6-1+exp1) experimental; urgency=medium |
371 | |
372 | -- Guilhem Moulin <guilhem@debian.org> Fri, 28 May 2021 22:54:20 +0200 |
373 | |
374 | +cryptsetup (2:2.3.6-0ubuntu2) jammy; urgency=medium |
375 | + |
376 | + * No-change rebuild against openssl3 |
377 | + |
378 | + -- Simon Chopin <simon.chopin@canonical.com> Thu, 25 Nov 2021 14:22:07 +0200 |
379 | + |
380 | +cryptsetup (2:2.3.6-0ubuntu1) impish; urgency=medium |
381 | + |
382 | + * New upstream release. |
383 | + |
384 | + -- Matthieu Clemenceau <matthieu.clemenceau@canonical.com> Fri, 20 Aug 2021 11:32:12 +1200 |
385 | + |
386 | cryptsetup (2:2.3.5-1+exp1) experimental; urgency=medium |
387 | |
388 | * Upload to experimental. |
389 | @@ -541,6 +858,69 @@ cryptsetup (2:2.3.4-1+exp1) experimental; urgency=medium |
390 | |
391 | -- Guilhem Moulin <guilhem@debian.org> Fri, 04 Sep 2020 00:55:41 +0200 |
392 | |
393 | +cryptsetup (2:2.3.4-1ubuntu3) hirsute; urgency=medium |
394 | + |
395 | + * Stop building the udeb on request. |
396 | + |
397 | + -- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 12:10:36 +0100 |
398 | + |
399 | +cryptsetup (2:2.3.4-1ubuntu2) hirsute; urgency=medium |
400 | + |
401 | + * No-change rebuild to drop the udeb package. |
402 | + |
403 | + -- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:30:38 +0100 |
404 | + |
405 | +cryptsetup (2:2.3.4-1ubuntu1) hirsute; urgency=medium |
406 | + |
407 | + * Merge with Debian unstable. Remaining changes: |
408 | + - debian/control: |
409 | + + Recommend plymouth. |
410 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
411 | + - Fix cryptroot-unlock for busybox compatibility. |
412 | + - Fix warning and error when running on ZFS on root: (LP #1830110) |
413 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
414 | + major:minor device numbers. |
415 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when |
416 | + devices don't have a devno. |
417 | + Submitted to debian upstream as bug #902449. |
418 | + - debian/patches/decrease_memlock_ulimit.patch |
419 | + Fixed FTBFS due a restrict environment in the new Bionic Builder (LP #1891473) |
420 | + tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test. |
421 | + - Thanks Guilherme G. Piccoli. |
422 | + - Introduce retry logic for external invocations after mdadm (LP #1879980) |
423 | + - Currently, if an encrypted rootfs is configured on top of a MD RAID1 |
424 | + array and such array gets degraded (e.g., a member is removed/failed) |
425 | + the cryptsetup scripts cannot mount the rootfs, and the boot fails. |
426 | + We fix that issue here by allowing the cryptroot script to be re-run |
427 | + by initramfs-tools/local-block stage, as mdadm can activate degraded |
428 | + arrays at that stage. |
429 | + There is an initramfs-tools counter-part for this fix, but alone the |
430 | + cryptsetup portion is harmless. |
431 | + - d/cryptsetup-initramfs.install: ship the new local-bottom script. |
432 | + - d/functions: declare variables for local-top|block|bottom scripts |
433 | + (flag that local-block is running and external invocation counter.) |
434 | + - d/i/s/local-block/cryptroot: set flag that local-block is running. |
435 | + - d/i/s/local-bottom/cryptroot: clean up the flag and counter files. |
436 | + - d/i/s/local-top/cryptroot: change the logic from just waiting 180 |
437 | + seconds to waiting 5 seconds first, then allowing initramfs-tools |
438 | + to run mdadm (to activate degraded arrays) and call back at least |
439 | + 30 times/seconds more. |
440 | + * Dropped changes: |
441 | + - Included in new upstream version: |
442 | + - SECURITY UPDATE: Out-of-bounds write |
443 | + - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of |
444 | + heap space in lib/luks2/luks2_json_metadata.c. |
445 | + - CVE-2020-14382 |
446 | + - included in Debian: |
447 | + - debian/cryptsetup-bin.install: |
448 | + - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where |
449 | + it was installed from ./scripts/crypsetup.conf. |
450 | + - debian/rules: |
451 | + - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even |
452 | + without systemd knows how to ship cryptsetup.conf |
453 | + |
454 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 10 Nov 2020 10:37:25 +1300 |
455 | + |
456 | cryptsetup (2:2.3.4-1) unstable; urgency=high |
457 | |
458 | * New upstream bugfix release, including fix for CVE-2020-14382: |
459 | @@ -608,6 +988,80 @@ cryptsetup (2:2.3.3-2) unstable; urgency=medium |
460 | |
461 | -- Guilhem Moulin <guilhem@debian.org> Wed, 12 Aug 2020 00:22:59 +0200 |
462 | |
463 | +cryptsetup (2:2.3.3-1ubuntu6) groovy; urgency=medium |
464 | + |
465 | + * Introduce retry logic for external invocations after mdadm (LP: #1879980) |
466 | + - Currently, if an encrypted rootfs is configured on top of a MD RAID1 |
467 | + array and such array gets degraded (e.g., a member is removed/failed) |
468 | + the cryptsetup scripts cannot mount the rootfs, and the boot fails. |
469 | + We fix that issue here by allowing the cryptroot script to be re-run |
470 | + by initramfs-tools/local-block stage, as mdadm can activate degraded |
471 | + arrays at that stage. |
472 | + There is an initramfs-tools counter-part for this fix, but alone the |
473 | + cryptsetup portion is harmless. |
474 | + - d/cryptsetup-initramfs.install: ship the new local-bottom script. |
475 | + - d/functions: declare variables for local-top|block|bottom scripts |
476 | + (flag that local-block is running and external invocation counter.) |
477 | + - d/i/s/local-block/cryptroot: set flag that local-block is running. |
478 | + - d/i/s/local-bottom/cryptroot: clean up the flag and counter files. |
479 | + - d/i/s/local-top/cryptroot: change the logic from just waiting 180 |
480 | + seconds to waiting 5 seconds first, then allowing initramfs-tools |
481 | + to run mdadm (to activate degraded arrays) and call back at least |
482 | + 30 times/seconds more. |
483 | + |
484 | + -- Guilherme G. Piccoli <gpiccoli@canonical.com> Wed, 16 Sep 2020 17:35:59 -0300 |
485 | + |
486 | +cryptsetup (2:2.3.3-1ubuntu5) groovy; urgency=medium |
487 | + |
488 | + * SECURITY UPDATE: Out-of-bounds write |
489 | + - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of |
490 | + heap space in lib/luks2/luks2_json_metadata.c. |
491 | + - CVE-2020-14382 |
492 | + * debian/patches/decrease_memlock_ulimit.patch |
493 | + Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473) |
494 | + tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test. |
495 | + - Thanks Guilherme G. Piccoli. |
496 | + |
497 | + -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Wed, 09 Sep 2020 09:29:17 -0300 |
498 | + |
499 | +cryptsetup (2:2.3.3-1ubuntu4) groovy; urgency=medium |
500 | + |
501 | + * No change rebuild against new json-c ABI. |
502 | + |
503 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 28 Jul 2020 17:42:50 +0100 |
504 | + |
505 | +cryptsetup (2:2.3.3-1ubuntu3) groovy; urgency=medium |
506 | + |
507 | + * debian/rules: |
508 | + - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even |
509 | + without systemd knows how to ship cryptsetup.conf |
510 | + |
511 | + -- Didier Roche <didrocks@ubuntu.com> Thu, 18 Jun 2020 11:44:50 +0200 |
512 | + |
513 | +cryptsetup (2:2.3.3-1ubuntu2) groovy; urgency=medium |
514 | + |
515 | + * debian/cryptsetup-bin.install: |
516 | + - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where |
517 | + it was installed from ./scripts/crypsetup.conf. |
518 | + * Fix warning and error when running on ZFS on root: (LP: #1830110) |
519 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
520 | + major:minor device numbers. |
521 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when |
522 | + devices don't have a devno. |
523 | + Submitted to debian upstream as bug #902449. |
524 | + |
525 | + -- Didier Roche <didrocks@ubuntu.com> Thu, 18 Jun 2020 10:12:10 +0200 |
526 | + |
527 | +cryptsetup (2:2.3.3-1ubuntu1) groovy; urgency=low |
528 | + |
529 | + * Merge from Debian unstable. Remaining changes: |
530 | + - debian/control: |
531 | + + Recommend plymouth. |
532 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
533 | + - Fix cryptroot-unlock for busybox compatibility. |
534 | + |
535 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 09 Jun 2020 10:40:32 -0700 |
536 | + |
537 | cryptsetup (2:2.3.3-1) unstable; urgency=medium |
538 | |
539 | [ Guilhem Moulin ] |
540 | @@ -636,6 +1090,16 @@ cryptsetup (2:2.3.2-1) unstable; urgency=medium |
541 | |
542 | -- Guilhem Moulin <guilhem@debian.org> Wed, 06 May 2020 16:22:01 +0200 |
543 | |
544 | +cryptsetup (2:2.3.1-1ubuntu1) groovy; urgency=low |
545 | + |
546 | + * Merge from Debian unstable. Remaining changes: |
547 | + - debian/control: |
548 | + + Recommend plymouth. |
549 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
550 | + - Fix cryptroot-unlock for busybox compatibility. |
551 | + |
552 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 01 May 2020 07:07:58 -0700 |
553 | + |
554 | cryptsetup (2:2.3.1-1) unstable; urgency=medium |
555 | |
556 | * New upstream release. |
557 | @@ -671,6 +1135,23 @@ cryptsetup (2:2.3.0-1) unstable; urgency=low |
558 | |
559 | -- Guilhem Moulin <guilhem@debian.org> Wed, 04 Mar 2020 00:48:19 +0100 |
560 | |
561 | +cryptsetup (2:2.2.2-3ubuntu2) focal; urgency=medium |
562 | + |
563 | + * Depend on cryptsetup from cryptsetup-initramfs instead of the dummy |
564 | + cryptsetup-run package. LP: #1864360. |
565 | + |
566 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 27 Feb 2020 00:16:14 -0600 |
567 | + |
568 | +cryptsetup (2:2.2.2-3ubuntu1) focal; urgency=medium |
569 | + |
570 | + * Merge from Debian unstable. Remaining changes: |
571 | + - debian/control: |
572 | + + Recommend plymouth. |
573 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
574 | + - Fix cryptroot-unlock for busybox compatibility. |
575 | + |
576 | + -- Matthias Klose <doko@ubuntu.com> Mon, 10 Feb 2020 09:20:12 +0100 |
577 | + |
578 | cryptsetup (2:2.2.2-3) unstable; urgency=high |
579 | |
580 | * initramfs hook: Workaround fix for the libgcc_s's source location. |
581 | @@ -679,6 +1160,16 @@ cryptsetup (2:2.2.2-3) unstable; urgency=high |
582 | |
583 | -- Guilhem Moulin <guilhem@debian.org> Tue, 04 Feb 2020 14:11:12 +0100 |
584 | |
585 | +cryptsetup (2:2.2.2-2ubuntu1) focal; urgency=low |
586 | + |
587 | + * Merge from Debian unstable. Remaining changes: |
588 | + - debian/control: |
589 | + + Recommend plymouth. |
590 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
591 | + - Fix cryptroot-unlock for busybox compatibility. |
592 | + |
593 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 01 Feb 2020 22:11:22 -0800 |
594 | + |
595 | cryptsetup (2:2.2.2-2) unstable; urgency=medium |
596 | |
597 | [ Guilhem Moulin ] |
598 | @@ -696,6 +1187,16 @@ cryptsetup (2:2.2.2-2) unstable; urgency=medium |
599 | |
600 | -- Guilhem Moulin <guilhem@debian.org> Sat, 18 Jan 2020 20:53:19 +0100 |
601 | |
602 | +cryptsetup (2:2.2.2-1ubuntu1) focal; urgency=low |
603 | + |
604 | + * Merge from Debian unstable. Remaining changes: |
605 | + - debian/control: |
606 | + + Recommend plymouth. |
607 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
608 | + - Fix cryptroot-unlock for busybox compatibility. |
609 | + |
610 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 11 Nov 2019 22:07:44 -0800 |
611 | + |
612 | cryptsetup (2:2.2.2-1) unstable; urgency=medium |
613 | |
614 | * New upstream bugfix release. |
615 | @@ -706,6 +1207,16 @@ cryptsetup (2:2.2.2-1) unstable; urgency=medium |
616 | |
617 | -- Guilhem Moulin <guilhem@debian.org> Fri, 01 Nov 2019 19:32:36 +0100 |
618 | |
619 | +cryptsetup (2:2.2.1-1ubuntu1) focal; urgency=low |
620 | + |
621 | + * Merge from Debian unstable. Remaining changes: |
622 | + - debian/control: |
623 | + + Recommend plymouth. |
624 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
625 | + - Fix cryptroot-unlock for busybox compatibility. |
626 | + |
627 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 18 Oct 2019 15:14:29 -0700 |
628 | + |
629 | cryptsetup (2:2.2.1-1) unstable; urgency=medium |
630 | |
631 | * New upstream bugfix release. |
632 | @@ -713,6 +1224,16 @@ cryptsetup (2:2.2.1-1) unstable; urgency=medium |
633 | |
634 | -- Guilhem Moulin <guilhem@debian.org> Fri, 06 Sep 2019 13:28:55 +0200 |
635 | |
636 | +cryptsetup (2:2.2.0-3ubuntu1) eoan; urgency=low |
637 | + |
638 | + * Merge from Debian unstable. Remaining changes: |
639 | + - debian/control: |
640 | + + Recommend plymouth. |
641 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
642 | + - Fix cryptroot-unlock for busybox compatibility. |
643 | + |
644 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 28 Aug 2019 16:13:22 -0700 |
645 | + |
646 | cryptsetup (2:2.2.0-3) unstable; urgency=medium |
647 | |
648 | * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on |
649 | @@ -720,6 +1241,16 @@ cryptsetup (2:2.2.0-3) unstable; urgency=medium |
650 | |
651 | -- Guilhem Moulin <guilhem@debian.org> Mon, 26 Aug 2019 12:53:45 +0200 |
652 | |
653 | +cryptsetup (2:2.2.0-2ubuntu1) eoan; urgency=low |
654 | + |
655 | + * Merge from Debian unstable. Remaining changes: |
656 | + - debian/control: |
657 | + + Recommend plymouth. |
658 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
659 | + - Fix cryptroot-unlock for busybox compatibility. |
660 | + |
661 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Aug 2019 12:25:55 -0700 |
662 | + |
663 | cryptsetup (2:2.2.0-2) unstable; urgency=medium |
664 | |
665 | * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy |
666 | @@ -731,6 +1262,25 @@ cryptsetup (2:2.2.0-2) unstable; urgency=medium |
667 | |
668 | -- Guilhem Moulin <guilhem@debian.org> Wed, 21 Aug 2019 22:45:12 +0200 |
669 | |
670 | +cryptsetup (2:2.2.0-1ubuntu2) eoan; urgency=medium |
671 | + |
672 | + * debian/initramfs/cryptroot-unlock: canonicalize executable paths. |
673 | + Thanks to Paride Legovini <paride.legovini@canonical.com> for the patch. |
674 | + LP: #1840752. |
675 | + |
676 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 20 Aug 2019 15:34:10 -0700 |
677 | + |
678 | +cryptsetup (2:2.2.0-1ubuntu1) eoan; urgency=low |
679 | + |
680 | + * Merge from Debian unstable. Remaining changes: |
681 | + - debian/control: |
682 | + + Recommend plymouth. |
683 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
684 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
685 | + compatibility. |
686 | + |
687 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 20 Aug 2019 14:21:34 +0200 |
688 | + |
689 | cryptsetup (2:2.2.0-1) unstable; urgency=medium |
690 | |
691 | * New upstream release 2.2.0. Highlights include: |
692 | @@ -808,6 +1358,23 @@ cryptsetup (2:2.1.0-6) unstable; urgency=low |
693 | |
694 | -- Guilhem Moulin <guilhem@debian.org> Sat, 20 Jul 2019 22:15:04 -0300 |
695 | |
696 | +cryptsetup (2:2.1.0-5ubuntu2) eoan; urgency=medium |
697 | + |
698 | + * Rebuild against new libjson-c4. |
699 | + |
700 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 29 Jun 2019 13:48:37 +0200 |
701 | + |
702 | +cryptsetup (2:2.1.0-5ubuntu1) eoan; urgency=low |
703 | + |
704 | + * Merge from Debian unstable. Remaining changes: |
705 | + - debian/control: |
706 | + + Recommend plymouth. |
707 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
708 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
709 | + compatibility. |
710 | + |
711 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 14 Jun 2019 14:09:31 -0700 |
712 | + |
713 | cryptsetup (2:2.1.0-5) unstable; urgency=medium |
714 | |
715 | [ Jonas Meurer ] |
716 | @@ -820,6 +1387,17 @@ cryptsetup (2:2.1.0-5) unstable; urgency=medium |
717 | |
718 | -- Guilhem Moulin <guilhem@debian.org> Mon, 10 Jun 2019 14:51:15 +0200 |
719 | |
720 | +cryptsetup (2:2.1.0-4ubuntu1) eoan; urgency=low |
721 | + |
722 | + * Merge from Debian unstable. Remaining changes: |
723 | + - debian/control: |
724 | + + Recommend plymouth. |
725 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
726 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
727 | + compatibility. |
728 | + |
729 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 28 May 2019 18:32:08 -0700 |
730 | + |
731 | cryptsetup (2:2.1.0-4) unstable; urgency=medium |
732 | |
733 | [Guilhem Moulin] |
734 | @@ -839,6 +1417,26 @@ cryptsetup (2:2.1.0-4) unstable; urgency=medium |
735 | |
736 | -- Guilhem Moulin <guilhem@debian.org> Tue, 28 May 2019 17:04:16 +0200 |
737 | |
738 | +cryptsetup (2:2.1.0-3ubuntu2) eoan; urgency=medium |
739 | + |
740 | + * Depend on busybox-initramfs, which is the implementation we actually use |
741 | + for the initramfs and is guaranteed to always be present, instead of |
742 | + busybox-static. |
743 | + |
744 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 09 May 2019 14:47:04 -0700 |
745 | + |
746 | +cryptsetup (2:2.1.0-3ubuntu1) eoan; urgency=low |
747 | + |
748 | + * Merge from Debian unstable. Remaining changes: |
749 | + - debian/control: |
750 | + + Recommend plymouth. |
751 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
752 | + is the one we ship in main as part of the ubuntu-standard task. |
753 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
754 | + compatibility. LP: #1651818 |
755 | + |
756 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 03 May 2019 16:22:03 -0700 |
757 | + |
758 | cryptsetup (2:2.1.0-3) unstable; urgency=medium |
759 | |
760 | * d/scripts/decrypt_opensc: Fix standard output poisoning. Thanks to Nils |
761 | @@ -862,6 +1460,19 @@ cryptsetup (2:2.1.0-2) unstable; urgency=medium |
762 | |
763 | -- Guilhem Moulin <guilhem@debian.org> Thu, 28 Feb 2019 22:32:43 +0100 |
764 | |
765 | +cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium |
766 | + |
767 | + * Merge from Debian unstable. LP: #1815484 |
768 | + * Remaining changes: |
769 | + - debian/control: |
770 | + + Recommend plymouth. |
771 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
772 | + is the one we ship in main as part of the ubuntu-standard task. |
773 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
774 | + compatibility. LP: #1651818 |
775 | + |
776 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 13 Feb 2019 21:28:23 +0000 |
777 | + |
778 | cryptsetup (2:2.1.0-1) unstable; urgency=medium |
779 | |
780 | * New upstream release. Highlights include: |
781 | @@ -904,6 +1515,20 @@ cryptsetup (2:2.1.0-1) unstable; urgency=medium |
782 | |
783 | -- Guilhem Moulin <guilhem@debian.org> Sat, 09 Feb 2019 00:40:17 +0100 |
784 | |
785 | +cryptsetup (2:2.0.6-1ubuntu1) disco; urgency=medium |
786 | + |
787 | + * Merge from Debian unstable. |
788 | + * Remaining changes: |
789 | + - debian/control: |
790 | + + Recommend plymouth. |
791 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
792 | + is the one we ship in main as part of the ubuntu-standard task. |
793 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
794 | + compatibility. LP: #1651818 |
795 | + * Dropped delta sector_size support, merged in Debian. |
796 | + |
797 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 05 Feb 2019 13:43:25 +0000 |
798 | + |
799 | cryptsetup (2:2.0.6-1) unstable; urgency=medium |
800 | |
801 | * New upstream bugfix release. Highlights include: |
802 | @@ -968,6 +1593,27 @@ cryptsetup (2:2.0.4-3) unstable; urgency=medium |
803 | |
804 | -- Guilhem Moulin <guilhem@debian.org> Mon, 22 Oct 2018 17:45:35 +0200 |
805 | |
806 | +cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium |
807 | + |
808 | + * Implement support for --sector-size cryptsetup plain mode option in |
809 | + crypttab. Matching support is also proposed to systemd-cryptsetup as |
810 | + well. LP: #1776626 |
811 | + |
812 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 31 Aug 2018 17:00:07 +0100 |
813 | + |
814 | +cryptsetup (2:2.0.4-2ubuntu1) cosmic; urgency=low |
815 | + |
816 | + * Merge from Debian unstable. LP: #1785610. |
817 | + * Remaining changes: |
818 | + - debian/control: |
819 | + + Recommend plymouth. |
820 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
821 | + is the one we ship in main as part of the ubuntu-standard task. |
822 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
823 | + compatibility. LP: #1651818 |
824 | + |
825 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 22 Aug 2018 22:51:47 +0100 |
826 | + |
827 | cryptsetup (2:2.0.4-2) unstable; urgency=medium |
828 | |
829 | * debian/cryptsetup-initramfs.preinst: Don't try to overwrite |
830 | @@ -1000,6 +1646,28 @@ cryptsetup (2:2.0.3-7) unstable; urgency=medium |
831 | |
832 | -- Guilhem Moulin <guilhem@debian.org> Mon, 30 Jul 2018 16:32:07 +0800 |
833 | |
834 | +cryptsetup (2:2.0.3-6ubuntu1) cosmic; urgency=low |
835 | + |
836 | + * Merge from Debian unstable. LP: #1781912. |
837 | + * Remaining changes: |
838 | + - debian/control: |
839 | + + Recommend plymouth. |
840 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
841 | + is the one we ship in main as part of the ubuntu-standard task. |
842 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
843 | + compatibility. LP: #1651818 |
844 | + * Dropped changes, included in Debian: |
845 | + - Drop explicit libgcrypt20 dependency from libcryptsetup4. |
846 | + - Drop the CRYPTSETUP variable warning from the initramfs hook, as |
847 | + overlayroot package ships a dropin in conf-hooks.d triggering false |
848 | + warnings. |
849 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
850 | + - Drop c99 std, as the default is now higher than that |
851 | + * Dropped changes, no longer needed: |
852 | + - Add maintscript to drop removed upstart system jobs. |
853 | + |
854 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 16 Jul 2018 08:27:58 -0400 |
855 | + |
856 | cryptsetup (2:2.0.3-6) unstable; urgency=medium |
857 | |
858 | * debian/TODO.md: Remove mention of parent device detection for mdadm |
859 | @@ -1284,6 +1952,45 @@ cryptsetup (2:2.0.3-1) unstable; urgency=medium |
860 | |
861 | -- Jonas Meurer <jonas@freesources.org> Fri, 15 Jun 2018 15:32:16 +0200 |
862 | |
863 | +cryptsetup (2:2.0.2-1ubuntu3) cosmic; urgency=medium |
864 | + |
865 | + * No-change rebuild against libargon2-1 |
866 | + |
867 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 10 Jul 2018 17:01:23 +0000 |
868 | + |
869 | +cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium |
870 | + |
871 | + * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
872 | + compatibility. LP: #1651818 |
873 | + |
874 | + -- Dimitri John Ledkov 🌈 <xnox@ubuntu.com> Thu, 21 Jun 2018 16:38:31 +0100 |
875 | + |
876 | +cryptsetup (2:2.0.2-1ubuntu1) bionic; urgency=low |
877 | + |
878 | + * Merge from Debian unstable. |
879 | + - bugfix upstream release, which solves problems with luks2 format |
880 | + disks not unlocking. LP: #1755322. |
881 | + * Remaining changes: |
882 | + - debian/control: |
883 | + + Depend on plymouth. |
884 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
885 | + is the one we ship in main as part of the ubuntu-standard task. |
886 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
887 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
888 | + - Drop c99 std, as the default is now higher than that |
889 | + - Drop upstart system jobs. |
890 | + - Add maintscript to drop removed upstart system jobs. |
891 | + - debian has its own now, but we have different version numbers. |
892 | + this delta can be dropped after 18.04 release. |
893 | + - Drop the CRYPTSETUP variable warning from the initramfs hook, as |
894 | + overlayroot package ships a dropin in conf-hooks.d triggering false |
895 | + warnings. |
896 | + * Dropped changes: |
897 | + - debian/cryptdisks{,-udev}.maintscript: drop, there is no package named |
898 | + 'cryptdisks' or 'cryptdisks-udev'. |
899 | + |
900 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 06 Apr 2018 10:23:53 -0700 |
901 | + |
902 | cryptsetup (2:2.0.2-1) unstable; urgency=low |
903 | |
904 | * New upstream release 2.0.2 |
905 | @@ -1313,6 +2020,40 @@ cryptsetup (2:2.0.1-1) unstable; urgency=low |
906 | |
907 | -- Guilhem Moulin <guilhem@debian.org> Sun, 11 Feb 2018 00:02:05 +0100 |
908 | |
909 | +cryptsetup (2:2.0.1-0ubuntu2) bionic; urgency=medium |
910 | + |
911 | + * Drop the CRYPTSETUP variable warning from the initramfs hook, as |
912 | + overlayroot package ships a dropin in conf-hooks.d triggering false |
913 | + warnings. |
914 | + |
915 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 22 Feb 2018 14:49:16 +0000 |
916 | + |
917 | +cryptsetup (2:2.0.1-0ubuntu1) bionic; urgency=medium |
918 | + |
919 | + * Merge from Debian unstable. Remaining changes: |
920 | + - debian/control: |
921 | + + Depend on plymouth. |
922 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
923 | + is the one we ship in main as part of the ubuntu-standard task. |
924 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
925 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
926 | + - Drop c99 std, as the default is now higher than that |
927 | + - Drop upstart system jobs. |
928 | + - Add maintscript to drop removed upstart system jobs. |
929 | + - debian has its own now, but we have different version numbers |
930 | + * New upstream release |
931 | + * Cherry-pick Guilhem Moulin's changes below from Debian git |
932 | + |
933 | + [ Guilhem Moulin ] |
934 | + * New upstream release 2.0.1: |
935 | + - Use /run/cryptsetup as default for cryptsetup locking dir. |
936 | + - Add missing symbols for new functions to debian/libcryptsetup12.symbols. |
937 | + * debian/copyright: update copyright years. |
938 | + * debian/patches: backport upstream's 8728ba08 to fix opening of loop-AES |
939 | + devices using --key-file=-. (Closes: #888162.) |
940 | + |
941 | + -- Julian Andres Klode <juliank@ubuntu.com> Mon, 29 Jan 2018 13:48:55 +0100 |
942 | + |
943 | cryptsetup (2:2.0.0-1) unstable; urgency=low |
944 | |
945 | [ Guilhem Moulin ] |
946 | @@ -1362,6 +2103,26 @@ cryptsetup (2:2.0.0~rc0-1) experimental; urgency=low |
947 | |
948 | -- Guilhem Moulin <guilhem@debian.org> Tue, 03 Oct 2017 03:37:36 +0200 |
949 | |
950 | +cryptsetup (2:1.7.5-1ubuntu1) bionic; urgency=low |
951 | + |
952 | + * Merge from Debian unstable. Remaining changes: |
953 | + - debian/control: |
954 | + + Depend on plymouth. |
955 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
956 | + is the one we ship in main as part of the ubuntu-standard task. |
957 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
958 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
959 | + - Drop c99 std, as the default is now higher than that |
960 | + - Drop upstart system jobs. |
961 | + - Add maintscript to drop removed upstart system jobs. |
962 | + * Merged upstream: |
963 | + - d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat |
964 | + with recent FIPS enabled kernels. |
965 | + * Merged in Debian: |
966 | + - Use DEB_VERSION from dpkg/default.mk for pod2man release variable |
967 | + |
968 | + -- Julian Andres Klode <juliank@ubuntu.com> Wed, 17 Jan 2018 21:39:10 +0100 |
969 | + |
970 | cryptsetup (2:1.7.5-1) unstable; urgency=low |
971 | |
972 | * New upstream release 1.7.5. |
973 | @@ -1384,6 +2145,25 @@ cryptsetup (2:1.7.5-1) unstable; urgency=low |
974 | |
975 | -- Guilhem Moulin <guilhem@debian.org> Thu, 14 Sep 2017 13:00:23 +0200 |
976 | |
977 | +cryptsetup (2:1.7.3-4ubuntu1) artful; urgency=low |
978 | + |
979 | + * New upstream release, merge from Debian unstable. Remaining |
980 | + Ubuntu changes: |
981 | + - debian/control: |
982 | + + Depend on plymouth. |
983 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
984 | + is the one we ship in main as part of the ubuntu-standard task. |
985 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
986 | + * d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat |
987 | + with recent FIPS enabled kernels. |
988 | + * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
989 | + * Drop c99 std, as the default is now higher than that |
990 | + * Use DEB_VERSION from dpkg/default.mk for pod2man release variable |
991 | + * Drop upstart system jobs. |
992 | + * Add maintscript to drop removed upstart system jobs. |
993 | + |
994 | + -- Andy Whitcroft <apw@ubuntu.com> Thu, 10 Aug 2017 14:07:29 +0100 |
995 | + |
996 | cryptsetup (2:1.7.3-4) unstable; urgency=high |
997 | |
998 | [ Guilhem Moulin ] |
999 | @@ -1596,6 +2376,40 @@ cryptsetup (2:1.7.2-1) unstable; urgency=medium |
1000 | |
1001 | -- Jonas Meurer <mejo@debian.org> Wed, 05 Oct 2016 20:53:09 +0200 |
1002 | |
1003 | +cryptsetup (2:1.7.2-0ubuntu4) artful; urgency=medium |
1004 | + |
1005 | + * Add maintscript to drop removed upstart system jobs. |
1006 | + |
1007 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 21 Aug 2017 11:36:04 +0100 |
1008 | + |
1009 | +cryptsetup (2:1.7.2-0ubuntu3) artful; urgency=medium |
1010 | + |
1011 | + * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCe |
1012 | + * Drop c99 std, as the default is now higher than that |
1013 | + * Use DEB_VERSION from dpkg/default.mk for pod2man release variable |
1014 | + |
1015 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 19 Aug 2017 21:46:19 +0100 |
1016 | + |
1017 | +cryptsetup (2:1.7.2-0ubuntu2) artful; urgency=medium |
1018 | + |
1019 | + * Drop upstart system jobs. |
1020 | + |
1021 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 19 Aug 2017 20:57:17 +0100 |
1022 | + |
1023 | +cryptsetup (2:1.7.2-0ubuntu1) yakkety; urgency=medium |
1024 | + |
1025 | + * New upstream release, merge from Debian unstable (LP: #1548137). Remaining |
1026 | + Ubuntu changes: |
1027 | + - debian/control: |
1028 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1029 | + potentially rendered unbootable. |
1030 | + + Depend on plymouth. |
1031 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
1032 | + is the one we ship in main as part of the ubuntu-standard task. |
1033 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
1034 | + |
1035 | + -- Unit 193 <unit193@ubuntu.com> Wed, 22 Jun 2016 16:30:01 -0400 |
1036 | + |
1037 | cryptsetup (2:1.7.0-2) unstable; urgency=medium |
1038 | |
1039 | [ Guilhem Moulin ] |
1040 | @@ -1670,6 +2484,35 @@ cryptsetup (2:1.7.0-1) unstable; urgency=medium |
1041 | |
1042 | -- Jonas Meurer <mejo@debian.org> Thu, 07 Jan 2016 02:22:33 +0100 |
1043 | |
1044 | +cryptsetup (2:1.6.6-5ubuntu2) wily; urgency=medium |
1045 | + |
1046 | + * Fix stupid typo in Recommends "busybox | busybox-static" inversion. |
1047 | + Fixes binary moves for busybox into main. |
1048 | + |
1049 | + -- Andy Whitcroft <apw@ubuntu.com> Fri, 21 Aug 2015 08:56:34 +0100 |
1050 | + |
1051 | +cryptsetup (2:1.6.6-5ubuntu1) wily; urgency=low |
1052 | + |
1053 | + * Merge from Debian unstable. Remaining changes: |
1054 | + - debian/control: |
1055 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1056 | + potentially rendered unbootable. |
1057 | + + Depend on plymouth. |
1058 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
1059 | + is the one we ship in main as part of the ubuntu-standard task. |
1060 | + + Drop explicit libgcrypt11 dependency from libcryptsetup4. |
1061 | + * Dropped changes, now in Debian: |
1062 | + - Remove hardcoded paths to udevadm. |
1063 | + - debian/initramfs/cryptroot-hook: |
1064 | + + Do not unconditionally include cryptsetup utils in the initramfs. |
1065 | + + Do not include any modules or utils in the initramfs, unless |
1066 | + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in |
1067 | + the initramfs.conf configuration file. |
1068 | + - debian/cryptsetup.maintscripts: |
1069 | + + Migrate upstart jobs to new names. |
1070 | + |
1071 | + -- Andy Whitcroft <apw@ubuntu.com> Tue, 07 Jul 2015 16:58:45 +0100 |
1072 | + |
1073 | cryptsetup (2:1.6.6-5) unstable; urgency=high |
1074 | |
1075 | * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart |
1076 | @@ -1822,6 +2665,71 @@ cryptsetup (2:1.6.4-1) unstable; urgency=low |
1077 | |
1078 | -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:14:55 +0200 |
1079 | |
1080 | +cryptsetup (2:1.6.1-1ubuntu7) vivid; urgency=medium |
1081 | + |
1082 | + * Drop explicit libgcrypt11 dependency from libcryptsetup4. |
1083 | + |
1084 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 27 Mar 2015 18:24:38 -0600 |
1085 | + |
1086 | +cryptsetup (2:1.6.1-1ubuntu6) vivid; urgency=medium |
1087 | + |
1088 | + * No-change rebuild for the libgcrypt20 transition. |
1089 | + |
1090 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 27 Mar 2015 06:16:08 -0600 |
1091 | + |
1092 | +cryptsetup (2:1.6.1-1ubuntu5) vivid; urgency=medium |
1093 | + |
1094 | + * ./debian/scripts/luksformat: Drop luksFormat -s and --ciper options. They |
1095 | + aren't necessary any more, and aes-cbc-essiv:sha256 is obsolete. This will |
1096 | + now use aes-xts-plain64 by default. (LP: #1414719) |
1097 | + |
1098 | + -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 27 Feb 2015 09:37:05 +0100 |
1099 | + |
1100 | +cryptsetup (2:1.6.1-1ubuntu4) vivid; urgency=medium |
1101 | + |
1102 | + * No change rebuild to get debug symbols for all architectures. |
1103 | + |
1104 | + -- Brian Murray <brian@ubuntu.com> Wed, 03 Dec 2014 08:03:31 -0800 |
1105 | + |
1106 | +cryptsetup (2:1.6.1-1ubuntu3) utopic; urgency=high |
1107 | + |
1108 | + * No change rebuild against new dh_installinit, to call update-rc.d at |
1109 | + postinst. |
1110 | + |
1111 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:39:30 +0100 |
1112 | + |
1113 | +cryptsetup (2:1.6.1-1ubuntu2) utopic; urgency=medium |
1114 | + |
1115 | + * debian/askpass.c: |
1116 | + - Fix bug (LP: #1301086) where askpass fails to restore terminal |
1117 | + settings. |
1118 | + |
1119 | + -- Robert Barabas <dc@0xdc.org> Fri, 18 Apr 2014 14:08:51 -0400 |
1120 | + |
1121 | +cryptsetup (2:1.6.1-1ubuntu1) trusty; urgency=low |
1122 | + |
1123 | + * Merge from debian unstable, remaining changes: |
1124 | + - debian/control: |
1125 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1126 | + potentially rendered unbootable. |
1127 | + + Depend on plymouth. |
1128 | + |
1129 | + - Invert the "busybox | busybox-static" Recommends, as the latter is |
1130 | + the one we ship in main as part of the ubuntu-standard task. |
1131 | + |
1132 | + - Remove hardcoded paths to udevadm (LP: #1184066). |
1133 | + |
1134 | + - debian/initramfs/cryptroot-hook: |
1135 | + + Do not unconditionally include cryptsetup utils in the initramfs. |
1136 | + + Do not include any modules or utils in the initramfs, unless |
1137 | + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in |
1138 | + the initramfs.conf configuration file. |
1139 | + |
1140 | + - debian/cryptsetup.maintscripts: |
1141 | + + Migrate upstart jobs to new names. |
1142 | + |
1143 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Fri, 01 Nov 2013 16:48:57 +0000 |
1144 | + |
1145 | cryptsetup (2:1.6.1-1) unstable; urgency=low |
1146 | |
1147 | [ Milan Broz ] |
1148 | @@ -1863,6 +2771,50 @@ cryptsetup (2:1.6.1-1) unstable; urgency=low |
1149 | |
1150 | -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:10:41 +0200 |
1151 | |
1152 | +cryptsetup (2:1.4.3-4ubuntu4) saucy; urgency=low |
1153 | + |
1154 | + * debian/initramfs/cryptroot-hook: |
1155 | + - Do not unconditionally include cryptsetup utils in the initramfs. |
1156 | + - Do not include any modules or utils in the initramfs, unless |
1157 | + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in |
1158 | + the initramfs.conf configuration file. |
1159 | + |
1160 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Mon, 10 Jun 2013 16:25:46 +0100 |
1161 | + |
1162 | +cryptsetup (2:1.4.3-4ubuntu3) saucy; urgency=low |
1163 | + |
1164 | + * Remove hardcoded paths to udevadm (LP: #1184066). |
1165 | + |
1166 | + -- Colin Watson <cjwatson@ubuntu.com> Tue, 28 May 2013 11:27:27 +0100 |
1167 | + |
1168 | +cryptsetup (2:1.4.3-4ubuntu2) raring; urgency=low |
1169 | + |
1170 | + * Invert the "busybox | busybox-static" Recommends, as the latter |
1171 | + is the one we ship in main as part of the ubuntu-standard task. |
1172 | + |
1173 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 16 Nov 2012 01:14:35 -0700 |
1174 | + |
1175 | +cryptsetup (2:1.4.3-4ubuntu1) raring; urgency=low |
1176 | + |
1177 | + * Merge from debian unstable, remaining changes: |
1178 | + - debian/control: |
1179 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1180 | + potentially rendered unbootable. |
1181 | + + Depend on plymouth. |
1182 | + |
1183 | + - init/upstart jobs: |
1184 | + + Rename cryptddisks{,-early}.upstart jobs to |
1185 | + cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs |
1186 | + for now. |
1187 | + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1188 | + script a no-op, this should be handled entirely by the upstart job; |
1189 | + and fix the LSB header to not declare this should be started in |
1190 | + runlevel 'S'. |
1191 | + + Do not install start symlinks for init scripts |
1192 | + + NB! shutdown is still handled by the SystemV init scripts |
1193 | + |
1194 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Tue, 13 Nov 2012 11:17:57 +0000 |
1195 | + |
1196 | cryptsetup (2:1.4.3-4) unstable; urgency=medium |
1197 | |
1198 | * change recommends for busybox to busybox | busybox-static. Thanks to |
1199 | @@ -1895,6 +2847,50 @@ cryptsetup (2:1.4.3-3) unstable; urgency=medium |
1200 | |
1201 | -- Jonas Meurer <mejo@debian.org> Thu, 01 Nov 2012 15:34:09 +0100 |
1202 | |
1203 | +cryptsetup (2:1.4.3-2ubuntu1) quantal; urgency=low |
1204 | + |
1205 | + * Merge from debian unstable (LP: #1015753), remaining changes: |
1206 | + - debian/control: |
1207 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1208 | + potentially rendered unbootable. |
1209 | + + Depend on plymouth. |
1210 | + |
1211 | + - init/upstart jobs: |
1212 | + + Add debian/cryptdisks-{enable,udev}.upstart for bootup. |
1213 | + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1214 | + script a no-op, this should be handled entirely by the upstart job; |
1215 | + and fix the LSB header to not declare this should be started in |
1216 | + runlevel 'S'. |
1217 | + + Do not install start symlinks for init scripts |
1218 | + + NB! shutdown is still handled by the SystemV init scripts |
1219 | + |
1220 | + * Rename cryptddisks{,-early}.upstart jobs back to |
1221 | + cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs |
1222 | + for now. |
1223 | + |
1224 | + * Dropped Changes, included in Debian: |
1225 | + - debian/control: |
1226 | + + Split up package in cryptsetup and cryptsetup-bin. (LP: #343363). |
1227 | + |
1228 | + - debian/cryptdisks.functions: |
1229 | + + Do not overwrite existing filesystems when creating swap (LP: #474258). |
1230 | + + Add aesni module when we have hardware encryption. |
1231 | + + Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/874774 |
1232 | + + Suppress "Starting init crypto disks" message in "init" phase, to |
1233 | + avoid writing over fsck progress text. |
1234 | + + new function, crypttab_start_one_disk, to look for the named source |
1235 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1236 | + if configured to do so |
1237 | + + handle the case where crypttab contains a name for the source |
1238 | + device that is not the kernel's preferred name for it (as is the case |
1239 | + for LVs). |
1240 | + |
1241 | + - debian/initramfs/cryptroot-hook: |
1242 | + + Quiet warnings from find on arches that don't have all the |
1243 | + kernel/{arch,crypto} bits we're testing for. |
1244 | + |
1245 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Tue, 21 Aug 2012 11:57:28 +0100 |
1246 | + |
1247 | cryptsetup (2:1.4.3-2) unstable; urgency=medium |
1248 | |
1249 | * fix the shared library symbols magic: so far, the symbols file for |
1250 | @@ -1970,6 +2966,64 @@ cryptsetup (2:1.4.1-3) unstable; urgency=low |
1251 | |
1252 | -- Jonas Meurer <mejo@debian.org> Wed, 11 Apr 2012 23:55:35 +0200 |
1253 | |
1254 | +cryptsetup (2:1.4.1-2ubuntu4) precise; urgency=low |
1255 | + |
1256 | + * Our swap creation can trigger udev change events, which means udev may be |
1257 | + holding the device open at the time we try to call 'dmsetup rename' and |
1258 | + cause the /subsequent/ events to be missed because of dmsetup creating |
1259 | + device nodes by hand. So call 'udevadm settle' before 'dmsetup rename', |
1260 | + to ensure blkid is out of the way first. This should ensure swap |
1261 | + partitions are found by mountall in a non-racy manner. LP: #874774. |
1262 | + |
1263 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 13 Apr 2012 20:23:21 -0700 |
1264 | + |
1265 | +cryptsetup (2:1.4.1-2ubuntu3) precise; urgency=low |
1266 | + |
1267 | + * Start cryptdisks-enable upstart job on 'or container', to let us |
1268 | + simplify the udevtrigger job. |
1269 | + |
1270 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 04 Apr 2012 17:02:00 -0700 |
1271 | + |
1272 | +cryptsetup (2:1.4.1-2ubuntu2) precise; urgency=low |
1273 | + |
1274 | + * Split up package in cryptsetup and cryptsetup-bin. (LP: #343363). |
1275 | + * Do not overwrite existing filesystems when creating swap (LP: #474258). |
1276 | + * Add aesni module when we have hardware encryption. |
1277 | + |
1278 | + -- Jean-Louis Dupond <jean-louis@dupond.be> Mon, 12 Mar 2012 10:14:30 +0100 |
1279 | + |
1280 | +cryptsetup (2:1.4.1-2ubuntu1) precise; urgency=low |
1281 | + |
1282 | + [ Jean-Louis Dupond ] |
1283 | + * Merge from debian unstable (LP: #776264), remaining changes: |
1284 | + - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message |
1285 | + in "init" phase, to avoid writing over fsck progress text. |
1286 | + - debian/cryptroot-hook: Quiet warnings from find on arches that |
1287 | + don't have all the kernel/{arch,crypto} bits we're testing for. |
1288 | + - debian/control: |
1289 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1290 | + potentially rendered unbootable. |
1291 | + + Depend on plymouth. |
1292 | + - Add debian/cryptdisks-{enable,udev}.upstart. |
1293 | + - debian/cryptdisks.functions: |
1294 | + + new function, crypttab_start_one_disk, to look for the named source |
1295 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1296 | + if configured to do so |
1297 | + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1298 | + script a no-op, this should be handled entirely by the upstart job; |
1299 | + and fix the LSB header to not declare this should be started in |
1300 | + runlevel 'S' |
1301 | + - debian/rules: |
1302 | + + Do not install start symlinks for init scripts, and |
1303 | + install debian/cryptdisks-{enable,udev}.upstart scripts. |
1304 | + |
1305 | + [ Steve Langasek ] |
1306 | + * debian/cryptdisks.functions: handle the case where crypttab contains a |
1307 | + name for the source device that is not the kernel's preferred name for |
1308 | + it (as is the case for LVs). |
1309 | + |
1310 | + -- Jean-Louis Dupond <jean-louis@dupond.be> Thu, 08 Mar 2012 07:32:40 +0100 |
1311 | + |
1312 | cryptsetup (2:1.4.1-2) unstable; urgency=low |
1313 | |
1314 | * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182) |
1315 | @@ -2179,6 +3233,56 @@ cryptsetup (2:1.2.0-1) experimental; urgency=low |
1316 | |
1317 | -- Jonas Meurer <mejo@debian.org> Sun, 16 Jan 2011 01:01:03 +0100 |
1318 | |
1319 | +cryptsetup (2:1.1.3-4ubuntu3) precise; urgency=low |
1320 | + |
1321 | + [ Pali Rohar ] |
1322 | + * debian/cryptdisks.functions: Suppress "Starting init crypto disks" message |
1323 | + in "init" phase, to avoid writing over fsck progress text. |
1324 | + |
1325 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 26 Oct 2011 09:16:15 +0200 |
1326 | + |
1327 | +cryptsetup (2:1.1.3-4ubuntu2) oneiric; urgency=low |
1328 | + |
1329 | + * debian/cryptroot-hook: Quiet warnings from find on arches that |
1330 | + don't have all the kernel/{arch,crypto} bits we're testing for. |
1331 | + |
1332 | + -- Adam Conrad <adconrad@ubuntu.com> Sat, 01 Oct 2011 00:33:00 -0600 |
1333 | + |
1334 | +cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low |
1335 | + |
1336 | + * Merge from debian unstable (LP: #682177), remaining changes: |
1337 | + - debian/control: |
1338 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1339 | + potentially rendered unbootable. |
1340 | + + Depend on plymouth. |
1341 | + - Add debian/cryptdisks-{enable,udev}.upstart. |
1342 | + - debian/cryptdisks.functions: |
1343 | + + new function, crypttab_start_one_disk, to look for the named source |
1344 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1345 | + if configured to do so |
1346 | + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure |
1347 | + we only ever have one of these running at a time; otherwise multiple |
1348 | + invocations could steal each other's input and/or write over each |
1349 | + other's output |
1350 | + + when called by cryptdisks-enable, check that we don't already have a |
1351 | + corresponding cryptdisks-udev job running (probably waiting for a |
1352 | + passphrase); if there is, wait until it's finished before continuing. |
1353 | + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1354 | + script a no-op, this should be handled entirely by the upstart job; |
1355 | + and fix the LSB header to not declare this should be started in |
1356 | + runlevel 'S' |
1357 | + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on |
1358 | + upgrade. |
1359 | + - debian/rules: |
1360 | + + Do not install start symlinks for init scripts, and |
1361 | + install debian/cryptdisks-{enable,udev}.upstart scripts. |
1362 | + + link dynamically against libgcrypt and libgpg-error. |
1363 | + - Add debian/cryptsetup.apport: Apport package hook. Install in |
1364 | + debian/rules and create dir in debian/cryptsetup.dirs. |
1365 | + - debian/cryptsetup.postrm: call update-initramfs on package removal. |
1366 | + |
1367 | + -- Lorenzo De Liso <blackz@ubuntu.com> Sat, 27 Nov 2010 17:37:43 +0100 |
1368 | + |
1369 | cryptsetup (2:1.1.3-4) unstable; urgency=high |
1370 | |
1371 | * bump standards-version to 3.9.1, no changes required |
1372 | @@ -2284,6 +3388,69 @@ cryptsetup (2:1.1.3-1) unstable; urgency=low |
1373 | |
1374 | -- Jonas Meurer <mejo@debian.org> Sat, 10 Jul 2010 14:32:40 +0200 |
1375 | |
1376 | +cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low |
1377 | + |
1378 | + * Merge from Debian unstable (LP: #594365). Remaining changes: |
1379 | + - debian/control: |
1380 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1381 | + potentially rendered unbootable. |
1382 | + + Depend on plymouth. |
1383 | + - Add debian/cryptdisks-{enable,udev}.upstart. |
1384 | + - debian/cryptdisks.functions: |
1385 | + + new function, crypttab_start_one_disk, to look for the named source |
1386 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1387 | + if configured to do so |
1388 | + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure |
1389 | + we only ever have one of these running at a time; otherwise multiple |
1390 | + invocations could steal each other's input and/or write over each |
1391 | + other's output |
1392 | + + initially create the device under a temporary name and rename it only |
1393 | + at the end using 'dmsetup rename', to ensure that upstart/mountall |
1394 | + doesn't see our device before it's ready to go. |
1395 | + + do_tmp should mount under /var/run/cryptsetup for changing the |
1396 | + permissions of the filesystem root, not directly on /tmp, since |
1397 | + mounting on /tmp a) is racy, b) confuses mountall something fierce. |
1398 | + + when called by cryptdisks-enable, check that we don't already have a |
1399 | + corresponding cryptdisks-udev job running (probably waiting for a |
1400 | + passphrase); if there is, wait until it's finished before continuing. |
1401 | + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1402 | + script a no-op, this should be handled entirely by the upstart job; |
1403 | + and fix the LSB header to not declare this should be started in |
1404 | + runlevel 'S' |
1405 | + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on |
1406 | + upgrade. |
1407 | + - debian/rules: Do not install start symlinks for init scripts, and |
1408 | + install debian/cryptdisks-{enable,udev}.upstart scripts. |
1409 | + - Add debian/cryptsetup.apport: Apport package hook. Install in |
1410 | + debian/rules and create dir in debian/cryptsetup.dirs. |
1411 | + - debian/rules: link dynamically against libgcrypt and libgpg-error. |
1412 | + - debian/cryptsetup.postrm: call update-initramfs on package removal. |
1413 | + * Dropped changes, merged/superseded in Debian: |
1414 | + - Add ext4 support to passdev. |
1415 | + - cryptroot-hook: don't call copy_modules_dir with empty arguments when |
1416 | + archcrypto isn't found |
1417 | + - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into |
1418 | + the initramfs. |
1419 | + - change interaction to use plymouth directly if present, and if not, to |
1420 | + fall back to /lib/cryptsetup/askpass as before |
1421 | + - cryptdisks.functions: replace 'echo -e' bashism with 'printf'. |
1422 | + - debian/initramfs/cryptroot-script: if plymouth is present in the |
1423 | + initramfs, use this directly, bypassing the cryptsetup askpass script |
1424 | + - debian/initramfs/cryptroot-hook: Properly anchor our regexps when |
1425 | + grepping /etc/crypttab so that we don't incorrectly match device names |
1426 | + that are substrings of one another. |
1427 | + - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot |
1428 | + file descriptor to subprocesses. |
1429 | + - Fix grammar error in debian/initramfs/cryptroot-script |
1430 | + ("setup" -> "set up") |
1431 | + - debian/initramfs/cryptroot-script: Fix this to work with current |
1432 | + initramfs-tools: |
1433 | + + Source /scripts/functions after checking for prerequisites. |
1434 | + + prereqs(): Do not assume we are running within initramfs, and |
1435 | + calculate relative path correctly. |
1436 | + |
1437 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 14 Jun 2010 21:47:28 -0700 |
1438 | + |
1439 | cryptsetup (2:1.1.2-1) unstable; urgency=low |
1440 | |
1441 | * new upstream release, changes include: |
1442 | @@ -2401,6 +3568,171 @@ cryptsetup (2:1.1.0-1) unstable; urgency=low |
1443 | |
1444 | -- Jonas Meurer <mejo@debian.org> Mon, 08 Mar 2010 14:15:35 +0100 |
1445 | |
1446 | +cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low |
1447 | + |
1448 | + [ David Stansby ] |
1449 | + * Fix grammar error in debian/initramfs/cryptroot-script |
1450 | + ("setup" -> "set up") (LP: #578896) |
1451 | + |
1452 | + -- James Westby <james.westby@ubuntu.com> Mon, 17 May 2010 13:33:40 +0100 |
1453 | + |
1454 | +cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low |
1455 | + |
1456 | + * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot |
1457 | + file descriptor to subprocesses. |
1458 | + |
1459 | + -- Colin Watson <cjwatson@ubuntu.com> Mon, 29 Mar 2010 22:18:36 +0100 |
1460 | + |
1461 | +cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low |
1462 | + |
1463 | + * debian/initramfs/cryptroot-hook: Properly anchor our regexps when |
1464 | + grepping /etc/crypttab so that we don't incorrectly match device names |
1465 | + that are substrings of one another. |
1466 | + * debian/cryptdisks-{enable,udev}.conf, debian/control: drop |
1467 | + 'console output' and add a hard dependency on plymouth instead of |
1468 | + watershed, to avoid spitting extra messages to the console. |
1469 | + |
1470 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 18 Feb 2010 06:19:19 -0800 |
1471 | + |
1472 | +cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low |
1473 | + |
1474 | + * Set FRAMEBUFFER=y in the file that we actually ship. |
1475 | + * debian/cryptsetup.postrm: call update-initramfs on package removal. |
1476 | + LP: #468228. |
1477 | + |
1478 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 25 Jan 2010 03:07:52 -0800 |
1479 | + |
1480 | +cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low |
1481 | + |
1482 | + * cryptdisks.functions: replace 'echo -e' bashism with 'printf'. |
1483 | + * cryptdisks.functions: when called by cryptdisks-enable, check that we |
1484 | + don't already have a corresponding cryptdisks-udev job running (probably |
1485 | + waiting for a passphrase); if there is, wait until it's finished before |
1486 | + continuing. |
1487 | + |
1488 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 21 Jan 2010 14:57:21 +0000 |
1489 | + |
1490 | +cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low |
1491 | + |
1492 | + * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the |
1493 | + initramfs. |
1494 | + * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the |
1495 | + invocation of plymouth, so that we actually get proper passphrase prompts |
1496 | + (once bug #496765 is fixed). |
1497 | + |
1498 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 16 Jan 2010 02:32:41 -0800 |
1499 | + |
1500 | +cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low |
1501 | + |
1502 | + * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for |
1503 | + changing the permissions of the filesystem root, not directly on /tmp, |
1504 | + since mounting on /tmp a) is racy, b) confuses mountall something fierce. |
1505 | + LP: #475936. |
1506 | + |
1507 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 22 Dec 2009 20:24:28 +0000 |
1508 | + |
1509 | +cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low |
1510 | + |
1511 | + * Depend on watershed. |
1512 | + |
1513 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 22 Dec 2009 01:37:36 +0000 |
1514 | + |
1515 | +cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low |
1516 | + |
1517 | + [ Steve Langasek ] |
1518 | + * Fix the LSB header in the init scripts, now that we don't install to |
1519 | + rcS.d. |
1520 | + |
1521 | + [ Martin Pitt ] |
1522 | + * debian/initramfs/cryptroot-script: Fix this to work with current |
1523 | + initramfs-tools: |
1524 | + - Source /scripts/functions after checking for prerequisites. |
1525 | + - prereqs(): Do not assume we are running within initramfs, and calculate |
1526 | + relative path correctly. |
1527 | + |
1528 | + -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 18 Dec 2009 17:07:07 +0100 |
1529 | + |
1530 | +cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low |
1531 | + |
1532 | + * Rename the upstart job introduced in the previous upload to |
1533 | + cryptdisks-udev and restore the previous version of the job as |
1534 | + cryptdisks-enable, to run at the end of udev coldplugging as before; |
1535 | + this isn't entirely race-free, but should nevertheless give us the |
1536 | + two passes needed to cover devices that are decrypted using keys stored |
1537 | + on other encrypted disks. LP: #443980. |
1538 | + |
1539 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 16 Dec 2009 06:41:30 +0000 |
1540 | + |
1541 | +cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low |
1542 | + |
1543 | + [ Steve Langasek ] |
1544 | + * debian/initramfs/cryptroot-script: if plymouth is present in the |
1545 | + initramfs, use this directly, bypassing the cryptsetup askpass script; |
1546 | + but keep support for these other frontends around on a transitional |
1547 | + basis. |
1548 | + * debian/cryptdisks.functions: |
1549 | + - change interaction to use plymouth directly if present, and if not, to |
1550 | + fall back to /lib/cryptsetup/askpass as before |
1551 | + - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure |
1552 | + we only ever have one of these running at a time; otherwise multiple |
1553 | + invocations could steal each other's input and/or write over each |
1554 | + other's output |
1555 | + - new function, crypttab_start_one_disk, to look for the named source |
1556 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1557 | + if configured to do so |
1558 | + * debian/cryptdisks-enable.upstart: run the upstart job once for each block |
1559 | + device, using the new crypttab_start_one_disk function, triggered by udev; |
1560 | + this doesn't eliminate the possibility of a race with gdm when the |
1561 | + decrypted volume isn't a 'bootwait' mount point (since gdm kills |
1562 | + plymouth), but it does eliminate the race between udev and cryptsetup. |
1563 | + LP: #454898. |
1564 | + * debian/cryptdisks-enable.upstart: check that the package is installed |
1565 | + and exit gracefully if it's not. LP: #435814 |
1566 | + * debian/cryptdisk.functions: initially create the device under a temporary |
1567 | + name and rename it only at the end using 'dmsetup rename', to ensure that |
1568 | + upstart/mountall doesn't see our device before it's ready to go. |
1569 | + LP: #475936. |
1570 | + |
1571 | + [ Colin Watson ] |
1572 | + * Add ext4 support to passdev. |
1573 | + |
1574 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 15 Dec 2009 18:05:45 -0800 |
1575 | + |
1576 | +cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low |
1577 | + |
1578 | + * cryptroot-hook: Use if [ -n … ] instead of if ! test -z …. |
1579 | + |
1580 | + -- Loïc Minier <loic.minier@ubuntu.com> Sat, 12 Dec 2009 11:32:52 +0100 |
1581 | + |
1582 | +cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low |
1583 | + |
1584 | + * cryptroot-hook: dont call copy_modules_dir with empty arguments when |
1585 | + archcrypto isnt found (LP: #495161) |
1586 | + |
1587 | + -- Oliver Grawert <ogra@ubuntu.com> Fri, 11 Dec 2009 14:39:00 +0100 |
1588 | + |
1589 | +cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low |
1590 | + |
1591 | + * Merge with Debian testing. Remaining Ubuntu changes: |
1592 | + - debian/rules: cryptsetup is linked dynamically against libgcrypt and |
1593 | + libgpg-error. |
1594 | + - Upstart migration: |
1595 | + + Add debian/cryptdisks-enable.upstart. |
1596 | + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1597 | + script a no-op, this should be handled entirely by the upstart job. |
1598 | + (LP #473615) |
1599 | + + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on |
1600 | + upgrade. |
1601 | + + debian/rules: Do not install start symlinks for those two, and install |
1602 | + debian/cryptdisks-enable.upstart scripts. |
1603 | + - Add debian/cryptsetup.apport: Apport package hook. Install in |
1604 | + debian/rules, and create dir in debian/cryptsetup.dirs. |
1605 | + - Start usplash in initramfs, since we need it for fancy passphrase input: |
1606 | + + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y |
1607 | + + debian/control: Bump initramfs-tools Suggests to Depends:. |
1608 | + |
1609 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 11 Nov 2009 15:04:27 +0100 |
1610 | + |
1611 | cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low |
1612 | |
1613 | * new upstream release candidate (1.1.0-rc2), highlights include: |
1614 | @@ -2574,6 +3906,80 @@ cryptsetup (2:1.0.7~rc1-1) unstable; urgency=low |
1615 | |
1616 | -- Jonas Meurer <mejo@debian.org> Sat, 04 Jul 2009 15:52:06 +0200 |
1617 | |
1618 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low |
1619 | + |
1620 | + [ Steve Langasek ] |
1621 | + * Make the 'start' action of the init script a no-op, this should be |
1622 | + handled entirely by the upstart job now; and remove any symlinks from |
1623 | + /etc/rcS.d on upgrade. LP: #473615. |
1624 | + |
1625 | + [ Reinhard Tartler ] |
1626 | + * Add an apport hook |
1627 | + * import the blkid and un_blkid from debian, LP: #446517 |
1628 | + * also use this script by default (setting in /etc/default/cryptdisks) |
1629 | + |
1630 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 04 Nov 2009 12:06:47 +0000 |
1631 | + |
1632 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low |
1633 | + |
1634 | + * Reupload previous version, siretart had left changes in bzr which |
1635 | + weren't documented in the changelog and caused FTBFS. |
1636 | + |
1637 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 14 Oct 2009 13:57:59 +0100 |
1638 | + |
1639 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low |
1640 | + |
1641 | + [ Steve Langasek ] |
1642 | + * Move the Debian Vcs- fields aside. |
1643 | + |
1644 | + [ Scott James Remnant ] |
1645 | + * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy, |
1646 | + cryptsetup should not need a controlling terminal, just a terminal |
1647 | + is fine. May fix LP: #439138. |
1648 | + |
1649 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 14 Oct 2009 04:52:16 +0100 |
1650 | + |
1651 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low |
1652 | + |
1653 | + * debian/cryptdisks-enable.upstart: Things that often help include |
1654 | + not setting stdin/out to /dev/null, so you can actually type the |
1655 | + passphrase. I am an idiot. LP: #430496. |
1656 | + |
1657 | + -- Scott James Remnant <scott@ubuntu.com> Thu, 17 Sep 2009 17:58:01 +0100 |
1658 | + |
1659 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low |
1660 | + |
1661 | + * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted |
1662 | + disks once we've finished probing for udev devices, so that mountall |
1663 | + can use them. LP: #430496. |
1664 | + |
1665 | + -- Scott James Remnant <scott@ubuntu.com> Thu, 17 Sep 2009 00:04:00 +0100 |
1666 | + |
1667 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low |
1668 | + |
1669 | + * debian/initramfs/cryptroot-conf: declare that we want usplash included |
1670 | + in the initramfs whenever this package is installed. LP: #427356. |
1671 | + |
1672 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 15 Sep 2009 08:43:15 -0700 |
1673 | + |
1674 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low |
1675 | + |
1676 | + * Merge from debian unstable, remaining changes: |
1677 | + - Ubuntu specific: |
1678 | + + debian/rules: link dynamically for better security supportability and |
1679 | + smaller packages. |
1680 | + + debian/control: Depend on initramfs-tools so system is not potentially |
1681 | + rendered unbootable. |
1682 | + - debian/initramfs/cryptroot-script wait for encrypted device to appear, |
1683 | + report with log_*_msg (debian bug 488271). |
1684 | + - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL |
1685 | + correlation between fstab and crypttab (debian bug 522041). |
1686 | + - debian/askpass.c, debian/initramfs/cryptroot-script: using newline |
1687 | + escape in passphrase prompt to avoid line-wrapping (debian bug 528133). |
1688 | + * Drop 04_fix_udevsettle_call.patch: fixed upstream differently. |
1689 | + |
1690 | + -- Kees Cook <kees@ubuntu.com> Sun, 10 May 2009 17:29:32 -0700 |
1691 | + |
1692 | cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low |
1693 | |
1694 | * New upstream svn snapshot. Highlights include: |
1695 | @@ -2615,6 +4021,67 @@ cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low |
1696 | |
1697 | -- Jonas Meurer <mejo@debian.org> Mon, 06 Apr 2009 08:49:14 +0200 |
1698 | |
1699 | +cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low |
1700 | + |
1701 | + * debian/control: Depend on initramfs-tools so system is not potentially |
1702 | + rendered unbootable (LP: #358654). |
1703 | + |
1704 | + -- Kees Cook <kees@ubuntu.com> Thu, 09 Apr 2009 12:29:31 -0700 |
1705 | + |
1706 | +cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low |
1707 | + |
1708 | + * debian/initramfs/cryptroot-script: we don't require vol_id to understand |
1709 | + the encrypted device, but we should check the device is fully up first |
1710 | + before continuing by calling udevadm settle. LP: #291752. |
1711 | + |
1712 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 07 Mar 2009 21:39:14 -0800 |
1713 | + |
1714 | +cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low |
1715 | + |
1716 | + * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation |
1717 | + between fstab and crypttab (LP: #287879). |
1718 | + |
1719 | + -- TJ <ubuntu@tjworld.net> Mon, 16 Feb 2009 23:00:00 +0000 |
1720 | + |
1721 | +cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low |
1722 | + |
1723 | + * debian/askpass.c: also handle newline escape code in console prompt. |
1724 | + |
1725 | + -- Kees Cook <kees@ubuntu.com> Sun, 15 Feb 2009 08:57:05 -0800 |
1726 | + |
1727 | +cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low |
1728 | + |
1729 | + [ https://launchpad.net/~svenkata ] |
1730 | + * debian/checks/un_vol_id: dynamically build the "unknown volume type" |
1731 | + string, to allow for encrypted swap, LP: #316607 |
1732 | + |
1733 | + -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 12 Feb 2009 16:57:30 -0600 |
1734 | + |
1735 | +cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low |
1736 | + |
1737 | + * debian/askpass.c: handle newline escape code in password prompt. |
1738 | + * debian/initramfs/cryptroot-script: add newline to split cryptroot |
1739 | + password prompt onto two lines for readability (LP: #326900). |
1740 | + |
1741 | + -- Kees Cook <kees@ubuntu.com> Sun, 08 Feb 2009 07:26:01 -0800 |
1742 | + |
1743 | +cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low |
1744 | + |
1745 | + * Merge from debian unstable, remaining changes: |
1746 | + - debian/initramfs/cryptroot-script: |
1747 | + - must source /scripts/functions to get the log_*_msg() functions. |
1748 | + - wait for encrypted device to show up (LP 164044, 291752). |
1749 | + - disable error message 'failed to setup lvm device' (LP 151532). |
1750 | + - debian/rules: |
1751 | + - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is |
1752 | + in Debian unstable). |
1753 | + - link dynamically (LP 62751). |
1754 | + - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle. |
1755 | + * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's |
1756 | + version is higher now. |
1757 | + |
1758 | + -- Kees Cook <kees@ubuntu.com> Tue, 06 Jan 2009 13:00:16 -0800 |
1759 | + |
1760 | cryptsetup (2:1.0.6-7) unstable; urgency=medium |
1761 | |
1762 | * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE |
1763 | @@ -2659,6 +4126,38 @@ cryptsetup (2:1.0.6-7) unstable; urgency=medium |
1764 | |
1765 | -- Jonas Meurer <mejo@debian.org> Wed, 17 Dec 2008 21:25:45 +0100 |
1766 | |
1767 | +cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low |
1768 | + |
1769 | + * debian/initramfs/cryptroot-script: do not require that vol_id |
1770 | + can parse the encrypted device as valid (LP: #291752). |
1771 | + |
1772 | + -- Kees Cook <kees@ubuntu.com> Fri, 31 Oct 2008 13:10:06 -0700 |
1773 | + |
1774 | +cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low |
1775 | + |
1776 | + * Fixes for (LP: #272301) |
1777 | + * debian/initramfs/cryptroot-script: must source /scripts/functions to get |
1778 | + the log_*_msg() functions |
1779 | + * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle |
1780 | + |
1781 | + -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 19 Sep 2008 18:03:28 -0500 |
1782 | + |
1783 | +cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low |
1784 | + |
1785 | + * drop almost all ubuntu specific changes from the cryptsetup package, |
1786 | + because they have been merged in debian. Thanks a lot! |
1787 | + * merge from debian, remaining changes: |
1788 | + - remove versioned build-depency on libdevmapper-dev, we are using a |
1789 | + rather sophisticated loop for making sure the root filesystem appears. |
1790 | + * debian/rules: fix location of ltmain.sh |
1791 | + * don't exit usplash anymore in the init script. LP: #110970, #139363 |
1792 | + * Disable error message 'failed to setup lvm device'. It is harmless, and |
1793 | + caused by the fact that the udev rules provided by lvm2 are setting up |
1794 | + the lvm on their own. In debian the scripts here are responsible for this |
1795 | + but obviously fail in ubuntu. LP: #151532 |
1796 | + |
1797 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 30 Aug 2008 17:52:16 +0200 |
1798 | + |
1799 | cryptsetup (2:1.0.6-6) unstable; urgency=high |
1800 | |
1801 | * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles |
1802 | @@ -2760,6 +4259,79 @@ cryptsetup (2:1.0.6-3) unstable; urgency=low |
1803 | |
1804 | -- Jonas Meurer <mejo@debian.org> Mon, 07 Jul 2008 00:30:07 +0200 |
1805 | |
1806 | +cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low |
1807 | + |
1808 | + * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally |
1809 | + dropped in version 2:1.0.6-2ubuntu6. |
1810 | + |
1811 | + -- Reinhard Tartler <siretart@tauware.de> Fri, 20 Jun 2008 15:15:54 +0200 |
1812 | + |
1813 | +cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low |
1814 | + |
1815 | + [ Kjell Braden ] |
1816 | + * load scripts/functions for log_{begin,end}_msg |
1817 | + * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device |
1818 | + * debian/initramfs/cryptroot-hook: copy binaries to the right directory |
1819 | + |
1820 | + [ Reinhard Tartler ] |
1821 | + * remove versioned build-depency on libdevmapper-dev, we are using a |
1822 | + rather sophisticated loop for making sure the root filesystem appears. |
1823 | + |
1824 | + -- Reinhard Tartler <siretart@tauware.de> Wed, 18 Jun 2008 00:26:43 +0200 |
1825 | + |
1826 | +cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low |
1827 | + |
1828 | + * Okay, I give up. include preprocessed manpages and adapt |
1829 | + debian/rules to easily produce those. |
1830 | + ATTENTION: on subsequent uploads, make sure that the manpages are |
1831 | + available and up-to-date. |
1832 | + |
1833 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 13:33:07 +0200 |
1834 | + |
1835 | +cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low |
1836 | + |
1837 | + * also use local dtd in debian/doc/variables.xml.in. |
1838 | + |
1839 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 12:55:42 +0200 |
1840 | + |
1841 | +cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low |
1842 | + |
1843 | + * try harder to fix FTBFS. |
1844 | + |
1845 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 11:42:54 +0200 |
1846 | + |
1847 | +cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low |
1848 | + |
1849 | + * build docbook documentation using local dtds instead of trying to |
1850 | + download them at buildtime. Fixes FTBFS. |
1851 | + |
1852 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 11:12:28 +0200 |
1853 | + |
1854 | +cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low |
1855 | + |
1856 | + * Merge new debian version. Remaining changes: |
1857 | + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
1858 | + bzr on launchpad. |
1859 | + - debian/rules: cryptsetup is linked dynamically against libgcrypt and |
1860 | + libgpg-error. |
1861 | + - cryptdisks.functions: stop usplash on user input. LP #62751 |
1862 | + - Parse comments in lines not starting with '#', LP #185380 |
1863 | + - If the encrypted source device hasn't shown up yet, give it a |
1864 | + little while to deal with removable devices. LP #164044 |
1865 | + * Depend on race-free version of libdevmapper, thus making udevsettle |
1866 | + call from cryptsetup binary unnecessary. Dropping patch |
1867 | + debian/patches/06_run_udevsettle.patch |
1868 | + * remove patch from LP #73862, loading optimized modules has been solved |
1869 | + in debian in another way. |
1870 | + * cryptdisk.functions: remove spurious call to load_optimized_module. |
1871 | + LP: #239946 |
1872 | + * bugfix: make regex work if keyfile has extended attributes. LP: #231339. |
1873 | + * remove patch in cryptdisks.functions for rexecing the script itself for |
1874 | + ensuring that a tty is always available. (See LP #58794.) According to |
1875 | + Scott, this is not necessary anymore. |
1876 | + |
1877 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 14 Jun 2008 23:28:51 +0200 |
1878 | + |
1879 | cryptsetup (2:1.0.6-2) unstable; urgency=low |
1880 | |
1881 | [ Jonas Meurer ] |
1882 | @@ -2785,6 +4357,54 @@ cryptsetup (2:1.0.6-2) unstable; urgency=low |
1883 | |
1884 | -- David Härdeman <david@hardeman.nu> Mon, 26 May 2008 08:12:32 +0200 |
1885 | |
1886 | +cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low |
1887 | + |
1888 | + [ Kjell Braden ] |
1889 | + * Fix configuration parsing (LP: #239808) |
1890 | + |
1891 | + [ Reinhard Tartler ] |
1892 | + * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723) |
1893 | + |
1894 | + -- Reinhard Tartler <siretart@tauware.de> Fri, 13 Jun 2008 21:26:17 +0200 |
1895 | + |
1896 | +cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low |
1897 | + |
1898 | + * Parse comments in lines not starting with '#', LP: #185380 |
1899 | + * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough |
1900 | + for the cryptdevice to appear. Reimplement the busy waiting loop found |
1901 | + while waiting for the root file system. Patch based on work by Swâmi |
1902 | + Petaramesh. LP: #164044 |
1903 | + * debian/crypdisks.functions: call 'env' with full path. LP: #178829. |
1904 | + |
1905 | + -- Reinhard Tartler <siretart@tauware.de> Mon, 26 May 2008 22:12:32 +0200 |
1906 | + |
1907 | +cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low |
1908 | + |
1909 | + * Simplify the patch in debian/cryptdisks.functions that stops usplash |
1910 | + before asking for a passphrase. |
1911 | + |
1912 | + -- Reinhard Tartler <siretart@tauware.de> Mon, 26 May 2008 20:18:14 +0200 |
1913 | + |
1914 | +cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low |
1915 | + |
1916 | + * Merge new debian version. Remaining changes: |
1917 | + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
1918 | + - stop usplash on user input. LP #62751 |
1919 | + - debian/cryptdisks.functions: Always output and read from the console. |
1920 | + LP #58794. |
1921 | + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
1922 | + bzr on launchpad. |
1923 | + - debian/initramfs/cryptroot-hook: LP #73862 |
1924 | + Added patch to install aes optimized cypher module |
1925 | + - try to load optimized cypher module in cryptsetup.functions as well, |
1926 | + because cryptroot-hook is only executed when we really have a |
1927 | + cryptoroot. |
1928 | + * other ubuntu changes have been merged into debian. Please report bugs |
1929 | + if you believe some patches have been dropped. |
1930 | + * removed 07_typos_fix.patch, has been reviewed and applied upstream. |
1931 | + |
1932 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 25 May 2008 22:52:30 +0200 |
1933 | + |
1934 | cryptsetup (2:1.0.6-1) unstable; urgency=low |
1935 | |
1936 | [ Jonas Meurer ] |
1937 | @@ -2916,6 +4536,138 @@ cryptsetup (2:1.0.6~pre1-1) unstable; urgency=low |
1938 | |
1939 | -- Jonas Meurer <mejo@debian.org> Thu, 06 Dec 2007 15:56:05 +0100 |
1940 | |
1941 | +cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low |
1942 | + |
1943 | + * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181) |
1944 | + |
1945 | + -- Bruno Barrera Yever <bbyever@gmail.com> Mon, 07 Apr 2008 18:43:05 -0500 |
1946 | + |
1947 | +cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low |
1948 | + |
1949 | + * debian/initramfs/cryptroot-script: Do show the disk name after all, since |
1950 | + some people use multiple encrypted partitions as LVM PVs. (LP: #201413) |
1951 | + |
1952 | + -- Martin Pitt <martin.pitt@ubuntu.com> Sun, 06 Apr 2008 11:54:41 -0600 |
1953 | + |
1954 | +cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low |
1955 | + |
1956 | + * debian/initramfs/cryptroot-script: Do not mention the name of the |
1957 | + encrypted device. It is just technobabble anyway (sda4_crypt), and there |
1958 | + is just one root partition ever, so it is not needed to tell apart |
1959 | + different partitions. From a security POV, someone who can change your |
1960 | + initramfs to boot a different root partition can just as well change the |
1961 | + strings, too. (LP: #201413) |
1962 | + |
1963 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 02 Apr 2008 15:51:53 +0200 |
1964 | + |
1965 | +cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low |
1966 | + |
1967 | + * debian/scripts/luksformat: Use 256 bit key size by default. |
1968 | + (LP: #78508) |
1969 | + * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for |
1970 | + luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508) |
1971 | + |
1972 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 27 Feb 2008 17:43:46 +0100 |
1973 | + |
1974 | +cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low |
1975 | + |
1976 | + * Fix -x calls and access() call. |
1977 | + |
1978 | + -- Scott James Remnant <scott@ubuntu.com> Fri, 14 Dec 2007 16:54:53 +0000 |
1979 | + |
1980 | +cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low |
1981 | + |
1982 | + * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle |
1983 | + * debian/patches/06_call_udevsettle.dpatch: likewise |
1984 | + |
1985 | + -- Scott James Remnant <scott@ubuntu.com> Fri, 14 Dec 2007 16:11:36 +0000 |
1986 | + |
1987 | +cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low |
1988 | + |
1989 | + * Make cryptsetup understand devices specified by UUID=... or LABEL= |
1990 | + in crypttab. (LP: #153597) |
1991 | + |
1992 | + -- Andrea Colangelo <warp10@libero.it> Mon, 29 Oct 2007 18:22:51 +0100 |
1993 | + |
1994 | +cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low |
1995 | + |
1996 | + * reenable additional udevsettle calls in cryptroot hook from |
1997 | + https://launchpad.net/bugs/85640, LP: #132373. |
1998 | + * change maintainer to ubuntu-core-dev. |
1999 | + * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control. |
2000 | + |
2001 | + -- Reinhard Tartler <siretart@tauware.de> Thu, 08 Nov 2007 23:52:19 +0100 |
2002 | + |
2003 | +cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low |
2004 | + |
2005 | + * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last |
2006 | + upload. Sorry, pitti. |
2007 | + * convert patch to lib/libdevmapper.c to a dpatch. |
2008 | + |
2009 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 04 Nov 2007 21:42:43 +0100 |
2010 | + |
2011 | +cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low |
2012 | + |
2013 | + * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation |
2014 | + events are being processed by calling /sbin/udevsettle. Patch based on |
2015 | + OpenSUSE bug #285478, LP: #132373. |
2016 | + * Based on the change above, the patch from LP #85640 is no longer needed. |
2017 | + dropping the relevant parts. |
2018 | + * Fix debian/rules to not fail to build if autom4te.cache is left behind |
2019 | + from a previous incomplete build. |
2020 | + |
2021 | + -- Reinhard Tartler <siretart@tauware.de> Fri, 02 Nov 2007 20:53:31 +0100 |
2022 | + |
2023 | +cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low |
2024 | + |
2025 | + * debian/initramfs/cryptroot-script: |
2026 | + - If the supplied password worked, remove the prompt from usplash again, |
2027 | + so that the user has some visual feedback that everything is alright. |
2028 | + (LP: #151305) |
2029 | + - Do not show the UUID device node of the outer physical device. It is |
2030 | + scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not |
2031 | + improve security at all: If attackers can tamper with your initramfs, |
2032 | + they can also change the prompt, and if the UUID of the physical device |
2033 | + changes, then booting will not even get that far. Now it is a much more |
2034 | + friendly "Enter passphrase for sda5_crypt:" which is still technical, |
2035 | + but it's necessary to point out which device will be unlocked in case |
2036 | + there are several. |
2037 | + |
2038 | + -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 11 Oct 2007 19:51:58 +0200 |
2039 | + |
2040 | +cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low |
2041 | + |
2042 | + * Merge new debian version. Remaining changes: |
2043 | + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
2044 | + This will break systems where /usr is a separate encrypted filesystem |
2045 | + but not have other bad consequences (in particular, systems with |
2046 | + encrypted root are still fine). The upsides include better |
2047 | + security supportability and smaller packages. |
2048 | + - libcryptsetup.so et al removed from the binary packages. They have |
2049 | + no stable ABI and are not suitable for use by other packages, and |
2050 | + were in violation of library policies etc. They're not needed since |
2051 | + the cryptsetup executable statically contains the relevant parts of |
2052 | + libcryptsetup. |
2053 | + - cryptdisks.functions: remove #!/bin/bash as it isn't a script |
2054 | + by itself; it's only sourced by other scripts. This gets rid |
2055 | + of the lintian warning `script-not-executable' for this file. |
2056 | + - stop usplash on user input. LP #62751 |
2057 | + - Always output and read from the console. LP #58794. |
2058 | + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
2059 | + bzr on launchpad. |
2060 | + - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate |
2061 | + libnsl linkage; |
2062 | + - debian/initramfs/cryptroot-hook: (LP: #73862) |
2063 | + Added patch to install aes optimized cypher module |
2064 | + - try to load optimized cypher module in cryptsetup.functions as well, |
2065 | + because cryptroot-hook is only executed when we really have a |
2066 | + cryptoroot. |
2067 | + - apply patch from pitti for allowing UUIDs in /etc/crypttab. |
2068 | + This allowes crypted PVs! LP: #144390. |
2069 | + - remove README.ubuntu, since it contains old and obsolete information. |
2070 | + |
2071 | + -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Oct 2007 21:31:28 +0200 |
2072 | + |
2073 | cryptsetup (2:1.0.5-2) unstable; urgency=low |
2074 | |
2075 | [ Jonas Meurer ] |
2076 | @@ -2964,6 +4716,68 @@ cryptsetup (2:1.0.5-2) unstable; urgency=low |
2077 | |
2078 | -- Jonas Meurer <mejo@debian.org> Mon, 24 Sep 2007 15:42:06 +0200 |
2079 | |
2080 | +cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low |
2081 | + |
2082 | + * apply patch from pitti for allowing UUIDs in /etc/crypttab. |
2083 | + This allowes crypted PVs! LP: #144390. |
2084 | + * remove README.ubuntu, since it contains old and obsolete information. |
2085 | + |
2086 | + -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Oct 2007 19:59:24 +0200 |
2087 | + |
2088 | +cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low |
2089 | + |
2090 | + [ Stephan Hermann ] |
2091 | + * debian/initramfs/cryptroot-hook: (LP: #73862) |
2092 | + - Added patch to install aes optimized cypher module |
2093 | + |
2094 | + [ Reinhard Tartler ] |
2095 | + * re-applying old patch to new package version |
2096 | + * try to load optimized cypher module in cryptsetup.functions as well, |
2097 | + because cryptroot-hook is only executed when we really have a |
2098 | + cryptoroot. |
2099 | + |
2100 | + -- Reinhard Tartler <siretart@tauware.de> Thu, 27 Sep 2007 19:38:48 +0200 |
2101 | + |
2102 | +cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low |
2103 | + |
2104 | + * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate |
2105 | + libnsl linkage; should finally produce a usable cryptsetup binary for |
2106 | + the udeb. |
2107 | + |
2108 | + -- Colin Watson <cjwatson@ubuntu.com> Wed, 19 Sep 2007 15:28:52 +0100 |
2109 | + |
2110 | +cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low |
2111 | + |
2112 | + * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for |
2113 | + proper udeb dependencies. |
2114 | + |
2115 | + -- Colin Watson <cjwatson@ubuntu.com> Wed, 19 Sep 2007 01:37:02 +0100 |
2116 | + |
2117 | +cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low |
2118 | + |
2119 | + * Merge new debian version. Remaining changes: |
2120 | + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
2121 | + This will break systems where /usr is a separate encrypted filesystem |
2122 | + but not have other bad consequences (in particular, systems with |
2123 | + encrypted root are still fine). The upsides include better |
2124 | + security supportability and smaller packages. |
2125 | + - libcryptsetup.so et al removed from the binary packages. They have |
2126 | + no stable ABI and are not suitable for use by other packages, and |
2127 | + were in violation of library policies etc. They're not needed since |
2128 | + the cryptsetup executable statically contains the relevant parts of |
2129 | + libcryptsetup. |
2130 | + - cryptdisks.functions: remove #!/bin/bash as it isn't a script |
2131 | + by itself; it's only sourced by other scripts. This gets rid |
2132 | + of the lintian warning `script-not-executable' for this file. |
2133 | + - stop usplash on user input. LP #62751 |
2134 | + - Always output and read from the console. LP #58794. |
2135 | + * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
2136 | + bzr on launchpad. |
2137 | + * UVF exception request granted by Scott Kitterman and Chuck Short |
2138 | + LP: #138295 |
2139 | + |
2140 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 08 Sep 2007 19:04:54 +0200 |
2141 | + |
2142 | cryptsetup (2:1.0.5-1) unstable; urgency=low |
2143 | |
2144 | [ Jonas Meurer ] |
2145 | @@ -2984,6 +4798,66 @@ cryptsetup (2:1.0.5-1) unstable; urgency=low |
2146 | |
2147 | -- Jonas Meurer <mejo@debian.org> Fri, 27 Jul 2007 04:59:33 +0200 |
2148 | |
2149 | +cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low |
2150 | + |
2151 | + * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu |
2152 | + |
2153 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 08 Sep 2007 18:43:56 +0200 |
2154 | + |
2155 | +cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low |
2156 | + |
2157 | + * cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
2158 | + This will break systems where /usr is a separate encrypted filesystem |
2159 | + but not have other bad consequences (in particular, systems with |
2160 | + encrypted root are still fine). The upsides include better |
2161 | + security supportability and smaller packages. |
2162 | + * libcryptsetup.so et al removed from the binary packages. They have |
2163 | + no stable ABI and are not suitable for use by other packages, and |
2164 | + were in violation of library policies etc. They're not needed since |
2165 | + the cryptsetup executable statically contains the relevant parts of |
2166 | + libcryptsetup. |
2167 | + * cryptdisks.functions: remove #!/bin/bash as it isn't a script |
2168 | + by itself; it's only sourced by other scripts. This gets rid |
2169 | + of the lintian warning `script-not-executable' for this file. |
2170 | + |
2171 | + -- Ian Jackson <iwj@ubuntu.com> Fri, 31 Aug 2007 12:05:33 +0100 |
2172 | + |
2173 | +cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low |
2174 | + |
2175 | + * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions |
2176 | + (LP: #115617) |
2177 | + |
2178 | + -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 17:04:05 +0200 |
2179 | + |
2180 | +cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low |
2181 | + |
2182 | + * make luksformat check if filesystem is already mounted to prevent a |
2183 | + strange error message. thanks to mvo for the patch (LP: #116633) |
2184 | + * remove file debian/initramfs-cryptroot-script from source. it is not |
2185 | + installed anywhere, and a leftover from the last merge. |
2186 | + * add missing hunk of cryptsetup.functions compared to debian package. |
2187 | + * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to |
2188 | + debian/initramfs/cryptroot-script, since stgraber's patch has been |
2189 | + lost in the last merge. (LP: #85640) |
2190 | + |
2191 | + -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 15:02:57 +0200 |
2192 | + |
2193 | +cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low |
2194 | + |
2195 | + * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405) |
2196 | + |
2197 | + -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 13:31:39 +0200 |
2198 | + |
2199 | +cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low |
2200 | + |
2201 | + * Merge from Debian unstable. Remaining Ubuntu changes: |
2202 | + - stop usplash on user input. Ubuntu: #62751 |
2203 | + - Always output and read from the console. Ubuntu: #58794. |
2204 | + - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) |
2205 | + * Modify Maintainer value to match Debian-Maintainer-Field Spec |
2206 | + |
2207 | + -- Andrea Veri <bluekuja@ubuntu.com> Sun, 6 May 2007 22:33:25 +0200 |
2208 | + |
2209 | cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low |
2210 | |
2211 | * New upstream svn snapshot with several bugfixes |
2212 | @@ -3036,6 +4910,20 @@ cryptsetup (2:1.0.4+svn26-2) unstable; urgency=low |
2213 | |
2214 | -- Jonas Meurer <mejo@debian.org> Sat, 28 Apr 2007 20:45:50 +0200 |
2215 | |
2216 | +cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low |
2217 | + |
2218 | + * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) |
2219 | + |
2220 | + -- Stéphane Graber <stgraber@ubuntu.com> Thu, 14 Apr 2007 10:03:41 +0200 |
2221 | + |
2222 | +cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low |
2223 | + |
2224 | + * merge debian changes. Remaining ubuntu changes: |
2225 | + - stop usplash on user input. Ubuntu: #62751 |
2226 | + - Always output and read from the console. Ubuntu: #58794. |
2227 | + |
2228 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 3 Feb 2007 21:30:03 +0100 |
2229 | + |
2230 | cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high |
2231 | |
2232 | [ Jonas Meurer ] |
2233 | @@ -3085,6 +4973,28 @@ cryptsetup (2:1.0.4+svn16-1) unstable; urgency=medium |
2234 | |
2235 | -- Jonas Meurer <mejo@debian.org> Tue, 28 Nov 2006 18:17:12 +0100 |
2236 | |
2237 | +cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low |
2238 | + |
2239 | + * fix and improve initramfs hook: terminate usplash if running, since |
2240 | + adequate secure text input is not possible with usplash ATM |
2241 | + * usplash support: Terminate usplash before asking a password. |
2242 | + Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751 |
2243 | + |
2244 | + -- Reinhard Tartler <siretart@tauware.de> Wed, 24 Jan 2007 22:43:28 +0100 |
2245 | + |
2246 | +cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low |
2247 | + |
2248 | + * merge debian changes, remaining patches: |
2249 | + - Always output and read from the console. Ubuntu: #58794. |
2250 | + * other changes have been merged or do noy apply anymore |
2251 | + * read password via usplash if available in initramfs for rootfs. based on a patch from |
2252 | + Swen Thümmler (Thanks for that!) Ubuntu #62751 |
2253 | + * read password from initscript via usplash if running. should fix the |
2254 | + rest of Ubuntu #62751. Only problem with that patch: It asks only once |
2255 | + for the password! improvements welcome! |
2256 | + |
2257 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 19 Nov 2006 20:04:19 +0100 |
2258 | + |
2259 | cryptsetup (2:1.0.4-8) unstable; urgency=high |
2260 | |
2261 | [ Jonas Meurer ] |
2262 | @@ -3242,6 +5152,27 @@ cryptsetup (2:1.0.4~rc2-1) unstable; urgency=low |
2263 | |
2264 | -- Jonas Meurer <mejo@debian.org> Mon, 4 Sep 2006 03:55:35 +0200 |
2265 | |
2266 | +cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low |
2267 | + |
2268 | + * Always output and read from the console. Ubuntu: #58794. |
2269 | + |
2270 | + -- Scott James Remnant <scott@ubuntu.com> Thu, 21 Sep 2006 03:05:18 +0100 |
2271 | + |
2272 | +cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low |
2273 | + |
2274 | + * Load the dm-crypt module on startup. Ubuntu: #53475. |
2275 | + |
2276 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 23 Aug 2006 11:53:49 +0200 |
2277 | + |
2278 | +cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low |
2279 | + |
2280 | + * Sync with Debian: |
2281 | + Remaining Ubuntu Changes |
2282 | + + debian/cryptdisks.functions: |
2283 | + - Tell usplash to quit if we ask for a passphrase |
2284 | + |
2285 | + -- Sebastian Dröge <slomo@ubuntu.com> Tue, 11 Jul 2006 20:03:27 +0200 |
2286 | + |
2287 | cryptsetup (2:1.0.3-3) unstable; urgency=low |
2288 | |
2289 | [ Jonas Meurer ] |
2290 | diff --git a/debian/control b/debian/control |
2291 | index 4b0278c..4319a20 100644 |
2292 | --- a/debian/control |
2293 | +++ b/debian/control |
2294 | @@ -1,7 +1,8 @@ |
2295 | Source: cryptsetup |
2296 | Section: admin |
2297 | Priority: optional |
2298 | -Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net> |
2299 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
2300 | +XSBC-Original-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net> |
2301 | Uploaders: Jonas Meurer <jonas@freesources.org>, |
2302 | Guilhem Moulin <guilhem@debian.org> |
2303 | Rules-Requires-Root: no |
2304 | @@ -43,7 +44,8 @@ Depends: cryptsetup-bin (>= 2:1.6.0), |
2305 | dmsetup, |
2306 | ${misc:Depends}, |
2307 | ${shlibs:Depends} |
2308 | -Suggests: cryptsetup-initramfs, dosfstools, keyutils, liblocale-gettext-perl |
2309 | +Recommends: cryptsetup-initramfs |
2310 | +Suggests: dosfstools, keyutils, liblocale-gettext-perl |
2311 | Description: disk encryption support - startup scripts |
2312 | Cryptsetup provides an interface for configuring encryption on block |
2313 | devices (such as /home or swap partitions), using the Linux kernel |
2314 | @@ -92,11 +94,11 @@ Description: disk encryption support - experimental SSH token handler |
2315 | |
2316 | Package: cryptsetup-initramfs |
2317 | Architecture: all |
2318 | -Depends: busybox | busybox-static, |
2319 | +Depends: busybox-initramfs, |
2320 | cryptsetup (>= ${source:Version}), |
2321 | initramfs-tools (>= 0.137) | linux-initramfs-tool, |
2322 | ${misc:Depends} |
2323 | -Recommends: console-setup, kbd |
2324 | +Recommends: console-setup, kbd, plymouth |
2325 | Breaks: cryptsetup (<< 2:2.0.3-1) |
2326 | Replaces: cryptsetup (<< 2:2.0.3-1) |
2327 | Conflicts: lvm2 (<< 2.03.15-1) |
2328 | @@ -109,7 +111,7 @@ Description: disk encryption support - initramfs integration |
2329 | This package provides initramfs integration for cryptsetup. |
2330 | |
2331 | Package: cryptsetup-suspend |
2332 | -Architecture: linux-any |
2333 | +Architecture: amd64 arm64 armhf ppc64el riscv64 s390x |
2334 | Multi-Arch: foreign |
2335 | Depends: cryptsetup-initramfs (>= ${source:Version}), |
2336 | initramfs-tools-core, |
2337 | diff --git a/debian/functions b/debian/functions |
2338 | index 917abad..73f5f2a 100644 |
2339 | --- a/debian/functions |
2340 | +++ b/debian/functions |
2341 | @@ -603,6 +603,7 @@ _resolve_device() { |
2342 | # Print the major:minor device ID(s) holding the file system currently |
2343 | # mounted currenty mounted on $mountpoint. |
2344 | # Return 0 on success, 1 on error (if $mountpoint is not a mountpoint). |
2345 | +# devno will be empty if the filesystem must be excluded. |
2346 | get_mnt_devno() { |
2347 | local wantmount="$1" devnos="" uuid dev IFS |
2348 | local spec mountpoint fstype _ DEV MAJ MIN |
2349 | @@ -616,8 +617,15 @@ get_mnt_devno() { |
2350 | # take the last mountpoint if used several times (shadowed) |
2351 | unset -v devnos |
2352 | spec="$(printf '%b' "$spec")" |
2353 | - _resolve_device "$spec" || continue # _resolve_device() already warns on error |
2354 | fstype="$(printf '%b' "$fstype")" |
2355 | + if [ "$fstype" = "zfs" ]; then |
2356 | + # Ignore ZFS entries as they don't have a major/minor and won't |
2357 | + # be imported when local-top cryptroot script will ran. |
2358 | + # Returns success with empty devno |
2359 | + printf '' |
2360 | + return 0 |
2361 | + fi |
2362 | + _resolve_device "$spec" || continue # _resolve_device() already warns on error |
2363 | if [ "$fstype" = "btrfs" ]; then |
2364 | # btrfs can span over multiple devices |
2365 | if uuid="$(_device_uuid "$DEV")"; then |
2366 | diff --git a/debian/initramfs/cryptroot-unlock b/debian/initramfs/cryptroot-unlock |
2367 | index dbc2ad0..0e91701 100644 |
2368 | --- a/debian/initramfs/cryptroot-unlock |
2369 | +++ b/debian/initramfs/cryptroot-unlock |
2370 | @@ -40,8 +40,14 @@ fi |
2371 | pgrep_exe() { |
2372 | local exe pid |
2373 | exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0 |
2374 | - ps -eo pid= | while read pid; do |
2375 | - [ "$(readlink -f "/proc/$pid/exe")" != "$exe" ] || printf '%d\n' "$pid" |
2376 | + ps | awk '{print $1, $5}' | while read LINE; do |
2377 | + set $LINE |
2378 | + local pid=$1 |
2379 | + local cmd=$(readlink -f -- "$2") |
2380 | + if [ "$cmd" == "$exe" ]; then |
2381 | + echo $pid |
2382 | + break |
2383 | + fi |
2384 | done |
2385 | } |
2386 | |
2387 | @@ -101,7 +107,7 @@ wait_for_prompt() { |
2388 | break |
2389 | fi |
2390 | |
2391 | - usleep 100000 |
2392 | + sleep 0.1 |
2393 | timer=$(( $timer - 1 )) |
2394 | if [ $timer -le 0 ]; then |
2395 | echo "Error: Timeout reached while waiting for askpass." >&2 |
2396 | @@ -112,7 +118,7 @@ wait_for_prompt() { |
2397 | # find the cryptsetup process with same $CRYPTTAB_NAME |
2398 | local o v |
2399 | for o in NAME TRIED OPTION_tries; do |
2400 | - if v="$(grep -z -m1 "^CRYPTTAB_$o=" "/proc/$pid/environ")"; then |
2401 | + if v="$(tr '\0' '\n' < "/proc/$pid/environ" | grep -m1 "^CRYPTTAB_$o=")"; then |
2402 | eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}" |
2403 | else |
2404 | eval unset -v "CRYPTTAB_$o" |
2405 | @@ -128,7 +134,7 @@ wait_for_prompt() { |
2406 | fi |
2407 | |
2408 | for pid in $(pgrep_exe "/sbin/cryptsetup"); do |
2409 | - if grep -Fxqz "CRYPTTAB_NAME=$CRYPTTAB_NAME" "/proc/$pid/environ"; then |
2410 | + if tr '\0' '\n' < "/proc/$pid/environ" | grep -Fxq "CRYPTTAB_NAME=$CRYPTTAB_NAME"; then |
2411 | PID=$pid |
2412 | BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break |
2413 | return 0 |
2414 | @@ -148,7 +154,7 @@ wait_for_prompt() { |
2415 | wait_for_answer() { |
2416 | local timer=$(( 10 * $TIMEOUT )) b |
2417 | while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do |
2418 | - usleep 100000 |
2419 | + sleep 0.1 |
2420 | timer=$(( $timer - 1 )) |
2421 | if [ $timer -le 0 ]; then |
2422 | echo "Error: Timeout reached while waiting for PID $PID." >&2 |
2423 | diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot |
2424 | index c16f7c2..87a3589 100644 |
2425 | --- a/debian/initramfs/hooks/cryptroot |
2426 | +++ b/debian/initramfs/hooks/cryptroot |
2427 | @@ -178,16 +178,18 @@ generate_initrd_crypttab() { |
2428 | |
2429 | { |
2430 | if devnos="$(get_mnt_devno /)"; then |
2431 | - usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos |
2432 | + if [ -n "$devnos" ]; then |
2433 | + usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos |
2434 | + fi |
2435 | else |
2436 | cryptsetup_message "WARNING: Couldn't determine root device" |
2437 | fi |
2438 | |
2439 | - if devnos="$(get_resume_devno)"; then |
2440 | + if devnos="$(get_resume_devno)" && [ -n "$devnos" ]; then |
2441 | usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos |
2442 | fi |
2443 | |
2444 | - if devnos="$(get_mnt_devno /usr)"; then |
2445 | + if devnos="$(get_mnt_devno /usr)" && [ -n "$devnos" ]; then |
2446 | usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos |
2447 | fi |
2448 | |
2449 | diff --git a/debian/rules b/debian/rules |
2450 | index 757085c..461e844 100755 |
2451 | --- a/debian/rules |
2452 | +++ b/debian/rules |
2453 | @@ -29,6 +29,7 @@ override_dh_auto_configure: |
2454 | --with-tmpfilesdir=/usr/lib/tmpfiles.d \ |
2455 | --enable-libargon2 \ |
2456 | --enable-shared \ |
2457 | + --enable-fips \ |
2458 | --enable-cryptsetup-reencrypt |
2459 | |
2460 | execute_after_dh_auto_build: |
2461 | @@ -87,8 +88,10 @@ override_dh_bugfiles: |
2462 | execute_after_dh_fixperms-arch: |
2463 | chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/* |
2464 | chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_* |
2465 | +ifneq ($(DEB_HOST_ARCH),i386) |
2466 | chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper |
2467 | chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown |
2468 | +endif |
2469 | ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES))) |
2470 | chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/* |
2471 | chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_* |
2472 | diff --git a/debian/tests/control b/debian/tests/control |
2473 | index 52752a3..0b7e9be 100644 |
2474 | --- a/debian/tests/control |
2475 | +++ b/debian/tests/control |
2476 | @@ -42,8 +42,9 @@ Depends: cryptsetup-bin, |
2477 | sshpass |
2478 | Restrictions: needs-root, isolation-machine |
2479 | |
2480 | - |
2481 | -Tests: cryptdisks, cryptdisks.init |
2482 | +# cryptdisks test is disabled - it fails to open /dev/tty in CI |
2483 | +#Tests: cryptdisks, cryptdisks.init |
2484 | +Tests: cryptdisks.init |
2485 | Depends: cryptsetup, xxd |
2486 | Restrictions: allow-stderr, needs-root, isolation-machine |
2487 | |
2488 | diff --git a/debian/tests/cryptroot-lvm.d/mock b/debian/tests/cryptroot-lvm.d/mock |
2489 | index f57e42f..f777763 100755 |
2490 | --- a/debian/tests/cryptroot-lvm.d/mock |
2491 | +++ b/debian/tests/cryptroot-lvm.d/mock |
2492 | @@ -36,8 +36,13 @@ else { |
2493 | expect($SERIAL => qr/(?:^|\s)?PM: suspend exit\r\n/m); |
2494 | unlock_disk("topsecret"); |
2495 | |
2496 | - # consume PS1 to make sure we're at a shell prompt |
2497 | - expect($CONSOLE => qr/\A $PS1 \z/aamsx); |
2498 | + # suspend() leaves clutter in the console due to the retries |
2499 | + # that prevents test from succeeding. |
2500 | + consume($CONSOLE); |
2501 | + |
2502 | + # ensure that shell is available |
2503 | + shell(q{echo ready}, rv => 0); |
2504 | + |
2505 | my $out = shell(q{dmsetup info -c --noheadings -omangled_name,suspended --separator ' '}); |
2506 | die if grep !/[:[:blank:]]Active$/i, split(/\r?\n/, $out); |
2507 | |
2508 | diff --git a/debian/tests/cryptroot-nested.d/config b/debian/tests/cryptroot-nested.d/config |
2509 | index 995200c..fcfba32 100644 |
2510 | --- a/debian/tests/cryptroot-nested.d/config |
2511 | +++ b/debian/tests/cryptroot-nested.d/config |
2512 | @@ -1,6 +1,13 @@ |
2513 | PKGS_EXTRA+=( btrfs-progs lvm2 mdadm ) |
2514 | PKGS_EXTRA+=( cryptsetup-initramfs ) |
2515 | |
2516 | +# "$DISTRIBUTOR_ID" is defined in ../utils/cryptroot-common |
2517 | +# Workaround for LP1831747 https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1831747 |
2518 | +# Add implicit dependency of cryptsetup-initramfs |
2519 | +if [ "$DISTRIBUTOR_ID" = "ubuntu" ]; then |
2520 | + PKGS_EXTRA+=( e2fsprogs ) |
2521 | +fi |
2522 | + |
2523 | # /dev/mapper/testvg-lv1_crypt and /dev/vdc are both 1G and used in RAID1 mode |
2524 | DRIVE_SIZES=( "1G" "264M" "1G" "512M" ) |
2525 | |
2526 | diff --git a/debian/tests/cryptroot-sysvinit.d/config b/debian/tests/cryptroot-sysvinit.d/config |
2527 | index f6b7392..1d41c24 100644 |
2528 | --- a/debian/tests/cryptroot-sysvinit.d/config |
2529 | +++ b/debian/tests/cryptroot-sysvinit.d/config |
2530 | @@ -1,5 +1,10 @@ |
2531 | PKGS_EXTRA+=( e2fsprogs ) # for fsck.ext4 |
2532 | PKGS_EXTRA+=( cryptsetup-initramfs cryptsetup ) |
2533 | -PKG_INIT="sysvinit-core" |
2534 | - |
2535 | +# "$DISTRIBUTOR_ID" is defined in ../utils/cryptroot-common |
2536 | +case "$DISTRIBUTOR_ID" in |
2537 | + debian) PKG_INIT="sysvinit-core";; |
2538 | + ubuntu) PKG_INIT="systemd-sysv";; |
2539 | + *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't determine default init package" >&2; |
2540 | + exit 1;; |
2541 | +esac |
2542 | # vim: set filetype=bash : |
2543 | diff --git a/debian/tests/initramfs-hook b/debian/tests/initramfs-hook |
2544 | index 4171102..f58e6f5 100755 |
2545 | --- a/debian/tests/initramfs-hook |
2546 | +++ b/debian/tests/initramfs-hook |
2547 | @@ -63,6 +63,20 @@ mkinitramfs() { |
2548 | # `mkinitramfs -k` would be better but we can't set $DESTDIR in advance |
2549 | cleanup_initrd_dir |
2550 | command unmkinitramfs "$INITRD_IMG" "$INITRD_DIR" |
2551 | + |
2552 | + # find subdirectory with the root file system relative to the cryptsetup location |
2553 | + CRYPTSETUP_PATH=sbin/cryptsetup |
2554 | + ROOTFS_DIR=`find "$INITRD_DIR" -name cryptsetup | grep "/usr/$CRYPTSETUP_PATH" | sed -e "s|/usr/$CRYPTSETUP_PATH||"` |
2555 | + |
2556 | + if [[ -z "$ROOTFS_DIR" ]]; then |
2557 | + ROOTFS_DIR=`find "$INITRD_DIR" -name cryptsetup | grep "/$CRYPTSETUP_PATH" | sed -e "s|/$CRYPTSETUP_PATH||"` |
2558 | + fi |
2559 | + |
2560 | + if [[ ! -z "$ROOTFS_DIR" ]] && [[ "$ROOTFS_DIR" != "$INITRD_DIR" ]] && [[ -d "$ROOTFS_DIR" ]]; then |
2561 | + echo move root filesystem from "$ROOTFS_DIR" to "$INITRD_DIR" |
2562 | + mv "$ROOTFS_DIR"/* "$INITRD_DIR" |
2563 | + fi |
2564 | + |
2565 | for d in dev proc sys; do |
2566 | mkdir -p "$INITRD_DIR/$d" |
2567 | mount --bind "/$d" "$INITRD_DIR/$d" |
2568 | @@ -190,9 +204,9 @@ cryptsetup close test3_crypt |
2569 | # plain, blowfish + ripemd160 (ignored due to keyfile) |
2570 | disk_setup |
2571 | head -c32 /dev/urandom >"$TMPDIR/keyfile" |
2572 | -cryptsetup open --type=plain --cipher="blowfish" --key-file="$TMPDIR/keyfile" --size=256 --hash="ripemd160" "$CRYPT_DEV" test3_crypt |
2573 | +cryptsetup open --type=plain --cipher="blowfish" --key-file="$TMPDIR/keyfile" --hash="ripemd160" "$CRYPT_DEV" test3_crypt |
2574 | mkfs.ext2 -m0 /dev/mapper/test3_crypt |
2575 | -echo "test3_crypt $CRYPT_DEV $TMPDIR/keyfile plain,cipher=blowfish,hash=ripemd160,size=256,initramfs" >/etc/crypttab |
2576 | +echo "test3_crypt $CRYPT_DEV $TMPDIR/keyfile plain,cipher=blowfish,hash=ripemd160,initramfs" >/etc/crypttab |
2577 | mkinitramfs |
2578 | legacy_so="$(find "$INITRD_DIR" -xdev -type f -path "*/ossl-modules/legacy.so")" |
2579 | test -z "$legacy_so" || exit 1 # don't need legacy.so here |
2580 | diff --git a/debian/tests/utils/cryptroot-common b/debian/tests/utils/cryptroot-common |
2581 | index a7df37f..8cedda0 100755 |
2582 | --- a/debian/tests/utils/cryptroot-common |
2583 | +++ b/debian/tests/utils/cryptroot-common |
2584 | @@ -81,6 +81,7 @@ load_os_release() { |
2585 | } |
2586 | case "${DISTRIBUTOR_ID:="$(load_os_release && printf "%s" "${ID,,[A-Z]}")"}" in |
2587 | debian) APT_REPO_ORIGIN="Debian"; APT_REPO_URI="http://deb.debian.org/debian";; |
2588 | + ubuntu) APT_REPO_ORIGIN="Ubuntu"; APT_REPO_URI="http://archive.ubuntu.com/ubuntu";; |
2589 | # suitable values for derivative can be added here |
2590 | *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract APT origin" >&2; |
2591 | exit 1;; |
2592 | @@ -164,6 +165,12 @@ case "$BOOT" in |
2593 | efi) PKG_BOOTLOADER="grub-efi";; |
2594 | *) echo "ERROR unknown boot method '$BOOT'" >&2; exit 1;; |
2595 | esac |
2596 | + |
2597 | +if [ "$DISTRIBUTOR_ID" = "ubuntu" ]; then |
2598 | + echo "Overriding kernel arch to generic" |
2599 | + KERNEL_ARCH="generic" |
2600 | +fi |
2601 | + |
2602 | PKG_KERNEL="linux-image-$KERNEL_ARCH" |
2603 | PKG_INIT="systemd-sysv" # default pid1 |
2604 | MERGED_USR="" # use default layout for the target version |
2605 | @@ -301,6 +308,12 @@ setup_apt() { |
2606 | esac >"$TEMPDIR/apt/sources.list" |
2607 | fi |
2608 | |
2609 | + # ubuntu CI populates sources.list.d with PPA source, append them to the list |
2610 | + if [ "$DISTRIBUTOR_ID" = "ubuntu" -a -d /etc/apt/sources.list.d ]; then |
2611 | + echo "Append contents of /etc/apt/sources.list.d to $TEMPDIR/apt/sources.list" |
2612 | + find /etc/apt/sources.list.d -type f | xargs cat >> "$TEMPDIR/apt/sources.list" |
2613 | + fi |
2614 | + |
2615 | local apt_repo |
2616 | for apt_repo in "${EXTRA_REPOS[@]}"; do |
2617 | printf "%s\\n" "$apt_repo" >>"$TEMPDIR/apt/sources.list" |
2618 | @@ -416,9 +429,20 @@ extract_kernel() { |
2619 | fi |
2620 | |
2621 | mkdir "$destdir" |
2622 | - dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \ |
2623 | - "./boot/vmlinuz-$KERNEL_VERSION" \ |
2624 | - "./lib/modules/$KERNEL_VERSION" |
2625 | + if [ "$DISTRIBUTOR_ID" == "debian" ]; then |
2626 | + dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \ |
2627 | + "./boot/vmlinuz-$KERNEL_VERSION" \ |
2628 | + "./lib/modules/$KERNEL_VERSION" |
2629 | + elif [ "$DISTRIBUTOR_ID" == "ubuntu" ]; then |
2630 | + dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \ |
2631 | + "./boot/vmlinuz-$KERNEL_VERSION"; MODULES_DEB="$(echo $KERNEL_DEB | sed s/-image-/-modules-/)"; \ |
2632 | + dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$MODULES_DEB" | tar -C "$destdir" -xf- \ |
2633 | + "./lib/modules/$KERNEL_VERSION" |
2634 | + else |
2635 | + echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract kernel" >&2 |
2636 | + exit 1 |
2637 | + fi |
2638 | + |
2639 | ln -T -- "$destdir/boot/vmlinuz-$KERNEL_VERSION" "$TEMPDIR/vmlinuz-$KERNEL_VERSION" |
2640 | } |
2641 | |
2642 | diff --git a/debian/tests/utils/mkinitramfs b/debian/tests/utils/mkinitramfs |
2643 | index 6bc70f4..84eeb4b 100755 |
2644 | --- a/debian/tests/utils/mkinitramfs |
2645 | +++ b/debian/tests/utils/mkinitramfs |
2646 | @@ -65,6 +65,8 @@ if [ "$BOOT" = "efi" ]; then |
2647 | MODULES="$MODULES efivarfs nls_ascii nls_cp437 vfat" |
2648 | fi |
2649 | |
2650 | +find "$EXTRACT_DIR" -name '*.zst' -exec zstd -d {} \; |
2651 | + |
2652 | depmod -ab "$EXTRACT_DIR" "$KERNEL_VERSION" |
2653 | for kmod in virtio_console virtio_blk virtio_pci virtio_rng \ |
2654 | "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/arch/*/crypto/*.ko* \ |
2655 | diff --git a/debian/tests/utils/mock.pm b/debian/tests/utils/mock.pm |
2656 | index 10db3e6..2425d87 100644 |
2657 | --- a/debian/tests/utils/mock.pm |
2658 | +++ b/debian/tests/utils/mock.pm |
2659 | @@ -97,6 +97,26 @@ sub expect(;$$) { |
2660 | #print STDERR "INFO done reading\n"; |
2661 | } |
2662 | |
2663 | +sub consume($) { |
2664 | + my $chan = shift; |
2665 | + my $buffer = defined $chan ? \$BUFFER{$chan} : undef; |
2666 | + if (! defined $buffer) { |
2667 | + return; |
2668 | + } |
2669 | + |
2670 | + while(unpack("b*", $RBITS) != 0) { |
2671 | + my $rout = $RBITS; |
2672 | + if (select($rout, undef, undef, 1) == -1) { |
2673 | + return; |
2674 | + } |
2675 | + read_data($rout); |
2676 | + if (length($$buffer) == 0) { |
2677 | + return; |
2678 | + } |
2679 | + $$buffer = ""; |
2680 | + } |
2681 | +} |
2682 | + |
2683 | sub write_data($$%) { |
2684 | my $chan = shift; |
2685 | my $data = shift; |
2686 | @@ -167,11 +187,13 @@ BEGIN { |
2687 | hibernate |
2688 | poweroff |
2689 | expect |
2690 | + consume |
2691 | /; |
2692 | } |
2693 | |
2694 | *expect = \&CryptrootTest::Utils::expect; |
2695 | *write_data = \&CryptrootTest::Utils::write_data; |
2696 | +*consume = \&CryptrootTest::Utils::consume; |
2697 | |
2698 | sub unlock_disk($) { |
2699 | my $passphrase = shift; |
2700 | @@ -228,7 +250,9 @@ sub shell($%) { |
2701 | |
2702 | # enter S3 sleep state (suspend to ram aka standby) |
2703 | sub suspend() { |
2704 | - write_data($CONSOLE => q{systemctl suspend}); |
2705 | + # there is a race condition that causes suspend to fail. |
2706 | + # retry until success. Note, this may leave clutter in the console |
2707 | + write_data($CONSOLE => q{until systemctl suspend; do sleep 1; done}); |
2708 | # while the command is asynchronous the system might suspend before |
2709 | # we have a chance to read the next $PS1 |
2710 |
would you mind also submitting this against debian/sid for a cleaner review?
may be personal preference :)