Ubuntu
cryptsetup package

Merge ~mkukri/ubuntu/+source/cryptsetup:merge into ubuntu/+source/cryptsetup:debian/sid

  1. Git
  2. lp:~mkukri/ubuntu/+source/cryptsetup
  3. merge
  4. Merge into debian/sid
Proposed by Mate Kukri
Status: Merged
Merge reported by: Mate Kukri
Merged at revision: 5092a322e94ccbf5a2e97f9d42070bda8dec8d1c
Proposed branch: ~mkukri/ubuntu/+source/cryptsetup:merge
Merge into: ubuntu/+source/cryptsetup:debian/sid
Diff against target: 2709 lines (+2061/-27)
14 files modified
debian/changelog (+1931/-0)
debian/control (+7/-5)
debian/functions (+9/-1)
debian/initramfs/cryptroot-unlock (+12/-6)
debian/initramfs/hooks/cryptroot (+5/-3)
debian/rules (+3/-0)
debian/tests/control (+3/-2)
debian/tests/cryptroot-lvm.d/mock (+7/-2)
debian/tests/cryptroot-nested.d/config (+7/-0)
debian/tests/cryptroot-sysvinit.d/config (+7/-2)
debian/tests/initramfs-hook (+16/-2)
debian/tests/utils/cryptroot-common (+27/-3)
debian/tests/utils/mkinitramfs (+2/-0)
debian/tests/utils/mock.pm (+25/-1)
Reviewer Review Type Date Requested Status
Lukas Märdian (community) Approve
Simon Quigley Pending
Review via email: mp+457969@code.launchpad.net

This proposal supersedes a proposal from 2024-01-03.

Commit message

Merge with Debian sid. Rebased the previously split Ubuntu changes.

To post a comment you must log in.
Revision history for this message
Simon Quigley (tsimonq2) wrote : Posted in a previous version of this proposal

would you mind also submitting this against debian/sid for a cleaner review?

may be personal preference :)

review: Needs Fixing
Revision history for this message
Lukas Märdian (slyon) wrote :

Test build available in https://launchpad.net/~mkukri/+archive/ubuntu/dev/+packages

Revision history for this message
Lukas Märdian (slyon) wrote :

Diff against ubuntu/noble-devel and debian/sid are looking good. Delta got split up nicely.

Test builds are looking good, passing the build-time tests.
Autopkgtests need investigation, but this is unrelated to this merge (they have been failing for a while).

LGTM.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 78803a1..edadf8b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,34 @@
1cryptsetup (2:2.6.1-6ubuntu1) noble; urgency=medium
2
3 * Merge with Debian unstable. Remaining changes:
4 - Support zstd compressed modules for the self test.
5 - Compile-in support for a FIPS mode. LP #2032659
6 - debian/control:
7 + Recommend plymouth.
8 + Depend on busybox-initramfs instead of busybox | busybox-static.
9 + Move cryptsetup-initramfs back to cryptsetup's Recommends.
10 + Do not build cryptsetup-suspend binary package on i386.
11 - Fix cryptroot-unlock for busybox compatibility.
12 - Fix warning and error when running on ZFS on root
13 + d/functions: Return an empty devno for ZFS devices as they don't have
14 major:minor device numbers.
15 + d/initramfs/hooks/cryptroot: Ignore and don't print an error message
16 when devices don't have a devno.
17 - Fix cryptroot-* autopkgtests on Ubuntu. (LP #1983522)
18 + debian/tests/utils/mock.pm: return from consume() function if select()
19 times out or fails
20 + debian/tests/utils/cryptroot-common: fix apt source and kernel package
21 names for Ubuntu
22 + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu
23 cryptroot-sysvinit package test
24 + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add
25 workaround for LP1831747 by adding a e2fsprogs dependency
26 + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and
27 allow blowfish test use 64Mb of provisioned space (drop --size)
28 + debian/tests/control: disable cryptdisks test
29
30 -- Mate Kukri <mate.kukri@canonical.com> Wed, 03 Jan 2024 10:38:16 +0000
31
1cryptsetup (2:2.6.1-6) unstable; urgency=medium32cryptsetup (2:2.6.1-6) unstable; urgency=medium
233
3 [ Kevin Locke ]34 [ Kevin Locke ]
@@ -11,6 +42,37 @@ cryptsetup (2:2.6.1-6) unstable; urgency=medium
1142
12 -- Guilhem Moulin <guilhem@debian.org> Tue, 05 Dec 2023 17:48:58 +010043 -- Guilhem Moulin <guilhem@debian.org> Tue, 05 Dec 2023 17:48:58 +0100
1344
45cryptsetup (2:2.6.1-5ubuntu1) noble; urgency=medium
46
47 * Merge with Debian unstable. Remaining changes:
48 - Support zstd compressed modules for the self test.
49 - Compile-in support for a FIPS mode. LP #2032659
50 - debian/control:
51 + Recommend plymouth.
52 + Depend on busybox-initramfs instead of busybox | busybox-static.
53 + Move cryptsetup-initramfs back to cryptsetup's Recommends.
54 + Do not build cryptsetup-suspend binary package on i386.
55 - Fix cryptroot-unlock for busybox compatibility.
56 - Fix warning and error when running on ZFS on root
57 + d/functions: Return an empty devno for ZFS devices as they don't have
58 major:minor device numbers.
59 + d/initramfs/hooks/cryptroot: Ignore and don't print an error message
60 when devices don't have a devno.
61 - Fix cryptroot-* autopkgtests on Ubuntu. (LP #1983522)
62 + debian/tests/utils/mock.pm: return from consume() function if select()
63 times out or fails
64 + debian/tests/utils/cryptroot-common: fix apt source and kernel package
65 names for Ubuntu
66 + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu
67 cryptroot-sysvinit package test
68 + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add
69 workaround for LP1831747 by adding a e2fsprogs dependency
70 + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and
71 allow blowfish test use 64Mb of provisioned space (drop --size)
72 + debian/tests/control: disable cryptdisks test
73
74 -- Mate Kukri <mate.kukri@canonical.com> Mon, 20 Nov 2023 09:50:25 +0000
75
14cryptsetup (2:2.6.1-5) unstable; urgency=medium76cryptsetup (2:2.6.1-5) unstable; urgency=medium
1577
16 [ Guilhem Moulin ]78 [ Guilhem Moulin ]
@@ -24,6 +86,49 @@ cryptsetup (2:2.6.1-5) unstable; urgency=medium
2486
25 -- Guilhem Moulin <guilhem@debian.org> Sun, 27 Aug 2023 12:24:57 +020087 -- Guilhem Moulin <guilhem@debian.org> Sun, 27 Aug 2023 12:24:57 +0200
2688
89cryptsetup (2:2.6.1-4ubuntu3) mantic; urgency=medium
90
91 * Support zstd compressed modules for the self test.
92
93 -- Andrea Righi <andrea.righi@canonical.com> Mon, 11 Sep 2023 15:05:35 +0000
94
95cryptsetup (2:2.6.1-4ubuntu2) mantic; urgency=medium
96
97 * Compile-in support for a FIPS mode. LP: #2032659
98
99 -- Dimitri John Ledkov <dimitri.ledkov@canonical.com> Tue, 22 Aug 2023 16:06:53 +0100
100
101cryptsetup (2:2.6.1-4ubuntu1) mantic; urgency=medium
102
103 * Merge with Debian unstable (LP: #2019292). Remaining changes:
104 - debian/control:
105 + Recommend plymouth.
106 + Depend on busybox-initramfs instead of busybox | busybox-static.
107 + Move cryptsetup-initramfs back to cryptsetup's Recommends.
108 + Do not build cryptsetup-suspend binary package on i386.
109 - Fix cryptroot-unlock for busybox compatibility.
110 - Fix warning and error when running on ZFS on root
111 - d/functions: Return an empty devno for ZFS devices as they don't have
112 major:minor device numbers.
113 - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
114 when devices don't have a devno.
115 - debian/patches/decrease_memlock_ulimit.patch
116 Fixed FTBFS due to a restricted build environment
117 - Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522)
118 + debian/tests/utils/mock.pm: return from consume() function if select()
119 times out or fails
120 + debian/tests/utils/cryptroot-common: fix apt source and kernel package
121 names for Ubuntu
122 + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu
123 cryptroot-sysvinit package test
124 + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add
125 workaround for LP1831747 by adding a e2fsprogs dependency
126 + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and
127 allow blowfish test use 64Mb of provisioned space (drop --size)
128 + debian/tests/control: disable cryptdisks test
129
130 -- Vladimir Petko <vladimir.petko@canonical.com> Mon, 15 May 2023 09:55:25 +1200
131
27cryptsetup (2:2.6.1-4) unstable; urgency=medium132cryptsetup (2:2.6.1-4) unstable; urgency=medium
28133
29 * Backport upstream MR !498, see #1028250:134 * Backport upstream MR !498, see #1028250:
@@ -58,6 +163,37 @@ cryptsetup (2:2.6.1-2) unstable; urgency=medium
58163
59 -- Guilhem Moulin <guilhem@debian.org> Thu, 02 Mar 2023 05:01:53 +0100164 -- Guilhem Moulin <guilhem@debian.org> Thu, 02 Mar 2023 05:01:53 +0100
60165
166cryptsetup (2:2.6.1-1ubuntu1) lunar; urgency=low
167
168 * Merge with Debian unstable (LP: #2004423). Remaining changes:
169 - debian/control:
170 + Recommend plymouth.
171 + Depend on busybox-initramfs instead of busybox | busybox-static.
172 + Move cryptsetup-initramfs back to cryptsetup's Recommends.
173 + Do not build cryptsetup-suspend binary package on i386.
174 - Fix cryptroot-unlock for busybox compatibility.
175 - Fix warning and error when running on ZFS on root
176 - d/functions: Return an empty devno for ZFS devices as they don't have
177 major:minor device numbers.
178 - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
179 when devices don't have a devno.
180 - debian/patches/decrease_memlock_ulimit.patch
181 Fixed FTBFS due to a restricted build environment
182 - Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522)
183 + debian/tests/utils/mock.pm: return from consume() function if select()
184 times out or fails
185 + debian/tests/utils/cryptroot-common: fix apt source and kernel package
186 names for Ubuntu
187 + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu
188 cryptroot-sysvinit package test
189 + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add
190 workaround for LP1831747 by adding a e2fsprogs dependency
191 + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and
192 allow blowfish test use 64Mb of provisioned space (drop --size)
193 + debian/tests/control: disable cryptdisks test
194
195 -- Vladimir Petko <vladimir.petko@canonical.com> Mon, 13 Feb 2023 15:57:18 +1300
196
61cryptsetup (2:2.6.1-1) unstable; urgency=medium197cryptsetup (2:2.6.1-1) unstable; urgency=medium
62198
63 * New upstream bugfix release.199 * New upstream bugfix release.
@@ -107,6 +243,54 @@ cryptsetup (2:2.6.0~rc0-1) experimental; urgency=medium
107243
108 -- Guilhem Moulin <guilhem@debian.org> Sat, 19 Nov 2022 17:30:40 +0100244 -- Guilhem Moulin <guilhem@debian.org> Sat, 19 Nov 2022 17:30:40 +0100
109245
246cryptsetup (2:2.5.0-6ubuntu3) lunar; urgency=medium
247
248 * Fix cryptroot-lvm autopkgtest on Ubuntu. (LP: #1983522)
249 - debian/tests/control: enable cryptroot-lvm
250 - debian/tests/utils/mock.pm: return from consume() function if select()
251 times out or fails
252
253 -- Vladimir Petko <vladimir.petko@canonical.com> Fri, 02 Dec 2022 15:53:42 +1300
254
255cryptsetup (2:2.5.0-6ubuntu2) lunar; urgency=medium
256
257 * Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522)
258 - debian/tests/utils/cryptroot-common: fix apt source and kernel package
259 names for Ubuntu
260 - debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu
261 cryptroot-sysvinit package test
262 - debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add
263 workaround for LP1831747 by adding a e2fsprogs dependency
264 - debian/tests/control: disable cryptdisks, cryptroot-lvm due to CI
265 failures and update comments
266 - debian/tests/utils/mock.pm: fix cryptoroot-lvm test adding retries to the
267 suspend operation and consuming the console buffer before making
268 assertions. It still hangs in CI and requires further work.
269 - debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and
270 allow blowfish test use 64Mb of provisioned space (drop --size)
271
272 -- Vladimir Petko <vladimir.petko@canonical.com> Fri, 02 Dec 2022 14:14:42 +1300
273
274cryptsetup (2:2.5.0-6ubuntu1) lunar; urgency=low
275
276 * Merge from Debian unstable. Remaining changes:
277 - debian/control:
278 + Recommend plymouth.
279 + Depend on busybox-initramfs instead of busybox | busybox-static.
280 + Move cryptsetup-initramfs back to cryptsetup's Recommends.
281 + Do not build cryptsetup-suspend binary package on i386.
282 - Fix cryptroot-unlock for busybox compatibility.
283 - Fix warning and error when running on ZFS on root
284 - d/functions: Return an empty devno for ZFS devices as they don't have
285 major:minor device numbers.
286 - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
287 when devices don't have a devno.
288 - debian/patches/decrease_memlock_ulimit.patch
289 Fixed FTBFS due to a restricted build environment
290 - Disable failing Debian-tailored cryptroot-* autopkgtests
291
292 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 07 Nov 2022 08:36:38 -0800
293
110cryptsetup (2:2.5.0-6) unstable; urgency=medium294cryptsetup (2:2.5.0-6) unstable; urgency=medium
111295
112 * d/t/cryptroot-*: Mask systemd-firstboot.service.296 * d/t/cryptroot-*: Mask systemd-firstboot.service.
@@ -202,6 +386,26 @@ cryptsetup (2:2.5.0-3) unstable; urgency=low
202386
203 -- Guilhem Moulin <guilhem@debian.org> Sun, 18 Sep 2022 23:01:46 +0200387 -- Guilhem Moulin <guilhem@debian.org> Sun, 18 Sep 2022 23:01:46 +0200
204388
389cryptsetup (2:2.5.0-2ubuntu1) kinetic; urgency=medium
390
391 * Merge from Debian unstable. Remaining changes:
392 - debian/control:
393 + Recommend plymouth.
394 + Depend on busybox-initramfs instead of busybox | busybox-static.
395 + Move cryptsetup-initramfs back to cryptsetup's Recommends.
396 + Do not build cryptsetup-suspend binary package on i386.
397 - Fix cryptroot-unlock for busybox compatibility.
398 - Fix warning and error when running on ZFS on root: (LP: #1830110)
399 - d/functions: Return an empty devno for ZFS devices as they don't have
400 major:minor device numbers.
401 - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
402 when devices don't have a devno.
403 - debian/patches/decrease_memlock_ulimit.patch
404 Fixed FTBFS due to a restricted build environment
405 * Disable failing Debian-tailored cryptroot-* autopkgtests, see bug #1983522
406
407 -- Benjamin Drung <bdrung@ubuntu.com> Wed, 24 Aug 2022 00:56:28 +0200
408
205cryptsetup (2:2.5.0-2) unstable; urgency=low409cryptsetup (2:2.5.0-2) unstable; urgency=low
206410
207 [ Matthias Klose ]411 [ Matthias Klose ]
@@ -260,6 +464,29 @@ cryptsetup (2:2.5.0-2) unstable; urgency=low
260464
261 -- Guilhem Moulin <guilhem@debian.org> Tue, 09 Aug 2022 01:40:50 +0200465 -- Guilhem Moulin <guilhem@debian.org> Tue, 09 Aug 2022 01:40:50 +0200
262466
467cryptsetup (2:2.5.0-1ubuntu1) kinetic; urgency=medium
468
469 * Merge from Debian unstable. Remaining changes:
470 - debian/control:
471 + Recommend plymouth.
472 + Depend on busybox-initramfs instead of busybox | busybox-static.
473 + Move cryptsetup-initramfs back to cryptsetup's Recommends.
474 + Do not build cryptsetup-suspend binary package on i386.
475 - Fix cryptroot-unlock for busybox compatibility.
476 - Fix warning and error when running on ZFS on root: (LP: #1830110)
477 - d/functions: Return an empty devno for ZFS devices as they don't have
478 major:minor device numbers.
479 - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
480 when devices don't have a devno.
481 - debian/patches/decrease_memlock_ulimit.patch
482 Fixed FTBFS due to a restricted build environment
483 - Stop building the udeb on request.
484 * d/initramfs/hooks/cryptroot: Include OpenSSL legacy.so for ripemd160 and
485 whirlpool hash algorithms (LP: #1979159)
486 * Disable failing Debian-tailored cryptroot-* autopkgtests, see bug #1983522
487
488 -- Benjamin Drung <bdrung@ubuntu.com> Thu, 04 Aug 2022 12:30:02 +0200
489
263cryptsetup (2:2.5.0-1) unstable; urgency=medium490cryptsetup (2:2.5.0-1) unstable; urgency=medium
264491
265 * New upstream release. (Closes: #1000634, #1011128)492 * New upstream release. (Closes: #1000634, #1011128)
@@ -338,6 +565,26 @@ cryptsetup (2:2.5.0~rc1-1) experimental; urgency=low
338565
339 -- Guilhem Moulin <guilhem@debian.org> Fri, 15 Jul 2022 01:49:59 +0200566 -- Guilhem Moulin <guilhem@debian.org> Fri, 15 Jul 2022 01:49:59 +0200
340567
568cryptsetup (2:2.4.3-1ubuntu1) jammy; urgency=low
569
570 * Merge from Debian unstable (LP: #1959427). Remaining changes:
571 - debian/control:
572 + Recommend plymouth.
573 + Depend on busybox-initramfs instead of busybox | busybox-static.
574 + Move cryptsetup-initramfs back to cryptsetup's Recommends.
575 + Do not build cryptsetup-suspend binary package on i386.
576 - Fix cryptroot-unlock for busybox compatibility.
577 - Fix warning and error when running on ZFS on root: (LP: #1830110)
578 - d/functions: Return an empty devno for ZFS devices as they don't have
579 major:minor device numbers.
580 - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
581 when devices don't have a devno.
582 - debian/patches/decrease_memlock_ulimit.patch
583 Fixed FTBFS due to a restricted build environment
584 - Stop building the udeb on request.
585
586 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 28 Jan 2022 12:14:06 -0800
587
341cryptsetup (2:2.4.3-1) unstable; urgency=high588cryptsetup (2:2.4.3-1) unstable; urgency=high
342589
343 [ Guilhem Moulin ]590 [ Guilhem Moulin ]
@@ -351,6 +598,64 @@ cryptsetup (2:2.4.3-1) unstable; urgency=high
351598
352 -- Guilhem Moulin <guilhem@debian.org> Thu, 13 Jan 2022 19:07:05 +0100599 -- Guilhem Moulin <guilhem@debian.org> Thu, 13 Jan 2022 19:07:05 +0100
353600
601cryptsetup (2:2.4.2-1ubuntu4) jammy; urgency=medium
602
603 * Move cryptsetup-initramfs back to cryptsetup's Recommends (from Suggests).
604
605 -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 09 Dec 2021 12:53:00 +1300
606
607cryptsetup (2:2.4.2-1ubuntu3) jammy; urgency=medium
608
609 * Fix build on i386.
610
611 -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 07 Dec 2021 13:17:48 +1300
612
613cryptsetup (2:2.4.2-1ubuntu2) jammy; urgency=medium
614
615 * Do not build new cryptsetup-suspend binary package on i386.
616
617 -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 07 Dec 2021 11:47:55 +1300
618
619cryptsetup (2:2.4.2-1ubuntu1) jammy; urgency=medium
620
621 * Merge from Debian unstable. Remaining changes:
622 - debian/control:
623 + Recommend plymouth.
624 + Depend on busybox-initramfs instead of busybox | busybox-static.
625 - Fix cryptroot-unlock for busybox compatibility.
626 - Fix warning and error when running on ZFS on root: (LP: #1830110)
627 - d/functions: Return an empty devno for ZFS devices as they don't have
628 major:minor device numbers.
629 - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
630 devices don't have a devno.
631 Submitted to debian upstream as bug #902449.
632 - debian/patches/decrease_memlock_ulimit.patch
633 Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
634 tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
635 - Thanks Guilherme G. Piccoli.
636 - Stop building the udeb on request.
637 * Dropped change, included in Debian:
638 - Introduce retry logic for external invocations after mdadm (LP: #1879980)
639 - Currently, if an encrypted rootfs is configured on top of a MD RAID1
640 array and such array gets degraded (e.g., a member is removed/failed)
641 the cryptsetup scripts cannot mount the rootfs, and the boot fails.
642 We fix that issue here by allowing the cryptroot script to be re-run
643 by initramfs-tools/local-block stage, as mdadm can activate degraded
644 arrays at that stage.
645 There is an initramfs-tools counter-part for this fix, but alone the
646 cryptsetup portion is harmless.
647 - d/cryptsetup-initramfs.install: ship the new local-bottom script.
648 - d/functions: declare variables for local-top|block|bottom scripts
649 (flag that local-block is running and external invocation counter.)
650 - d/i/s/local-block/cryptroot: set flag that local-block is running.
651 - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
652 - d/i/s/local-top/cryptroot: change the logic from just waiting 180
653 seconds to waiting 5 seconds first, then allowing initramfs-tools
654 to run mdadm (to activate degraded arrays) and call back at least
655 30 times/seconds more.
656
657 -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 02 Dec 2021 11:58:05 +1300
658
354cryptsetup (2:2.4.2-1) unstable; urgency=high659cryptsetup (2:2.4.2-1) unstable; urgency=high
355660
356 * New upstream bugfix release 2.4.2.661 * New upstream bugfix release 2.4.2.
@@ -469,6 +774,18 @@ cryptsetup (2:2.3.6-1+exp1) experimental; urgency=medium
469774
470 -- Guilhem Moulin <guilhem@debian.org> Fri, 28 May 2021 22:54:20 +0200775 -- Guilhem Moulin <guilhem@debian.org> Fri, 28 May 2021 22:54:20 +0200
471776
777cryptsetup (2:2.3.6-0ubuntu2) jammy; urgency=medium
778
779 * No-change rebuild against openssl3
780
781 -- Simon Chopin <simon.chopin@canonical.com> Thu, 25 Nov 2021 14:22:07 +0200
782
783cryptsetup (2:2.3.6-0ubuntu1) impish; urgency=medium
784
785 * New upstream release.
786
787 -- Matthieu Clemenceau <matthieu.clemenceau@canonical.com> Fri, 20 Aug 2021 11:32:12 +1200
788
472cryptsetup (2:2.3.5-1+exp1) experimental; urgency=medium789cryptsetup (2:2.3.5-1+exp1) experimental; urgency=medium
473790
474 * Upload to experimental.791 * Upload to experimental.
@@ -541,6 +858,69 @@ cryptsetup (2:2.3.4-1+exp1) experimental; urgency=medium
541858
542 -- Guilhem Moulin <guilhem@debian.org> Fri, 04 Sep 2020 00:55:41 +0200859 -- Guilhem Moulin <guilhem@debian.org> Fri, 04 Sep 2020 00:55:41 +0200
543860
861cryptsetup (2:2.3.4-1ubuntu3) hirsute; urgency=medium
862
863 * Stop building the udeb on request.
864
865 -- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 12:10:36 +0100
866
867cryptsetup (2:2.3.4-1ubuntu2) hirsute; urgency=medium
868
869 * No-change rebuild to drop the udeb package.
870
871 -- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:30:38 +0100
872
873cryptsetup (2:2.3.4-1ubuntu1) hirsute; urgency=medium
874
875 * Merge with Debian unstable. Remaining changes:
876 - debian/control:
877 + Recommend plymouth.
878 + Depend on busybox-initramfs instead of busybox | busybox-static.
879 - Fix cryptroot-unlock for busybox compatibility.
880 - Fix warning and error when running on ZFS on root: (LP #1830110)
881 - d/functions: Return an empty devno for ZFS devices as they don't have
882 major:minor device numbers.
883 - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
884 devices don't have a devno.
885 Submitted to debian upstream as bug #902449.
886 - debian/patches/decrease_memlock_ulimit.patch
887 Fixed FTBFS due a restrict environment in the new Bionic Builder (LP #1891473)
888 tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
889 - Thanks Guilherme G. Piccoli.
890 - Introduce retry logic for external invocations after mdadm (LP #1879980)
891 - Currently, if an encrypted rootfs is configured on top of a MD RAID1
892 array and such array gets degraded (e.g., a member is removed/failed)
893 the cryptsetup scripts cannot mount the rootfs, and the boot fails.
894 We fix that issue here by allowing the cryptroot script to be re-run
895 by initramfs-tools/local-block stage, as mdadm can activate degraded
896 arrays at that stage.
897 There is an initramfs-tools counter-part for this fix, but alone the
898 cryptsetup portion is harmless.
899 - d/cryptsetup-initramfs.install: ship the new local-bottom script.
900 - d/functions: declare variables for local-top|block|bottom scripts
901 (flag that local-block is running and external invocation counter.)
902 - d/i/s/local-block/cryptroot: set flag that local-block is running.
903 - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
904 - d/i/s/local-top/cryptroot: change the logic from just waiting 180
905 seconds to waiting 5 seconds first, then allowing initramfs-tools
906 to run mdadm (to activate degraded arrays) and call back at least
907 30 times/seconds more.
908 * Dropped changes:
909 - Included in new upstream version:
910 - SECURITY UPDATE: Out-of-bounds write
911 - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
912 heap space in lib/luks2/luks2_json_metadata.c.
913 - CVE-2020-14382
914 - included in Debian:
915 - debian/cryptsetup-bin.install:
916 - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
917 it was installed from ./scripts/crypsetup.conf.
918 - debian/rules:
919 - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
920 without systemd knows how to ship cryptsetup.conf
921
922 -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 10 Nov 2020 10:37:25 +1300
923
544cryptsetup (2:2.3.4-1) unstable; urgency=high924cryptsetup (2:2.3.4-1) unstable; urgency=high
545925
546 * New upstream bugfix release, including fix for CVE-2020-14382:926 * New upstream bugfix release, including fix for CVE-2020-14382:
@@ -608,6 +988,80 @@ cryptsetup (2:2.3.3-2) unstable; urgency=medium
608988
609 -- Guilhem Moulin <guilhem@debian.org> Wed, 12 Aug 2020 00:22:59 +0200989 -- Guilhem Moulin <guilhem@debian.org> Wed, 12 Aug 2020 00:22:59 +0200
610990
991cryptsetup (2:2.3.3-1ubuntu6) groovy; urgency=medium
992
993 * Introduce retry logic for external invocations after mdadm (LP: #1879980)
994 - Currently, if an encrypted rootfs is configured on top of a MD RAID1
995 array and such array gets degraded (e.g., a member is removed/failed)
996 the cryptsetup scripts cannot mount the rootfs, and the boot fails.
997 We fix that issue here by allowing the cryptroot script to be re-run
998 by initramfs-tools/local-block stage, as mdadm can activate degraded
999 arrays at that stage.
1000 There is an initramfs-tools counter-part for this fix, but alone the
1001 cryptsetup portion is harmless.
1002 - d/cryptsetup-initramfs.install: ship the new local-bottom script.
1003 - d/functions: declare variables for local-top|block|bottom scripts
1004 (flag that local-block is running and external invocation counter.)
1005 - d/i/s/local-block/cryptroot: set flag that local-block is running.
1006 - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
1007 - d/i/s/local-top/cryptroot: change the logic from just waiting 180
1008 seconds to waiting 5 seconds first, then allowing initramfs-tools
1009 to run mdadm (to activate degraded arrays) and call back at least
1010 30 times/seconds more.
1011
1012 -- Guilherme G. Piccoli <gpiccoli@canonical.com> Wed, 16 Sep 2020 17:35:59 -0300
1013
1014cryptsetup (2:2.3.3-1ubuntu5) groovy; urgency=medium
1015
1016 * SECURITY UPDATE: Out-of-bounds write
1017 - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
1018 heap space in lib/luks2/luks2_json_metadata.c.
1019 - CVE-2020-14382
1020 * debian/patches/decrease_memlock_ulimit.patch
1021 Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
1022 tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
1023 - Thanks Guilherme G. Piccoli.
1024
1025 -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Wed, 09 Sep 2020 09:29:17 -0300
1026
1027cryptsetup (2:2.3.3-1ubuntu4) groovy; urgency=medium
1028
1029 * No change rebuild against new json-c ABI.
1030
1031 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 28 Jul 2020 17:42:50 +0100
1032
1033cryptsetup (2:2.3.3-1ubuntu3) groovy; urgency=medium
1034
1035 * debian/rules:
1036 - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
1037 without systemd knows how to ship cryptsetup.conf
1038
1039 -- Didier Roche <didrocks@ubuntu.com> Thu, 18 Jun 2020 11:44:50 +0200
1040
1041cryptsetup (2:2.3.3-1ubuntu2) groovy; urgency=medium
1042
1043 * debian/cryptsetup-bin.install:
1044 - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
1045 it was installed from ./scripts/crypsetup.conf.
1046 * Fix warning and error when running on ZFS on root: (LP: #1830110)
1047 - d/functions: Return an empty devno for ZFS devices as they don't have
1048 major:minor device numbers.
1049 - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
1050 devices don't have a devno.
1051 Submitted to debian upstream as bug #902449.
1052
1053 -- Didier Roche <didrocks@ubuntu.com> Thu, 18 Jun 2020 10:12:10 +0200
1054
1055cryptsetup (2:2.3.3-1ubuntu1) groovy; urgency=low
1056
1057 * Merge from Debian unstable. Remaining changes:
1058 - debian/control:
1059 + Recommend plymouth.
1060 + Depend on busybox-initramfs instead of busybox | busybox-static.
1061 - Fix cryptroot-unlock for busybox compatibility.
1062
1063 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 09 Jun 2020 10:40:32 -0700
1064
611cryptsetup (2:2.3.3-1) unstable; urgency=medium1065cryptsetup (2:2.3.3-1) unstable; urgency=medium
6121066
613 [ Guilhem Moulin ]1067 [ Guilhem Moulin ]
@@ -636,6 +1090,16 @@ cryptsetup (2:2.3.2-1) unstable; urgency=medium
6361090
637 -- Guilhem Moulin <guilhem@debian.org> Wed, 06 May 2020 16:22:01 +02001091 -- Guilhem Moulin <guilhem@debian.org> Wed, 06 May 2020 16:22:01 +0200
6381092
1093cryptsetup (2:2.3.1-1ubuntu1) groovy; urgency=low
1094
1095 * Merge from Debian unstable. Remaining changes:
1096 - debian/control:
1097 + Recommend plymouth.
1098 + Depend on busybox-initramfs instead of busybox | busybox-static.
1099 - Fix cryptroot-unlock for busybox compatibility.
1100
1101 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 01 May 2020 07:07:58 -0700
1102
639cryptsetup (2:2.3.1-1) unstable; urgency=medium1103cryptsetup (2:2.3.1-1) unstable; urgency=medium
6401104
641 * New upstream release.1105 * New upstream release.
@@ -671,6 +1135,23 @@ cryptsetup (2:2.3.0-1) unstable; urgency=low
6711135
672 -- Guilhem Moulin <guilhem@debian.org> Wed, 04 Mar 2020 00:48:19 +01001136 -- Guilhem Moulin <guilhem@debian.org> Wed, 04 Mar 2020 00:48:19 +0100
6731137
1138cryptsetup (2:2.2.2-3ubuntu2) focal; urgency=medium
1139
1140 * Depend on cryptsetup from cryptsetup-initramfs instead of the dummy
1141 cryptsetup-run package. LP: #1864360.
1142
1143 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 27 Feb 2020 00:16:14 -0600
1144
1145cryptsetup (2:2.2.2-3ubuntu1) focal; urgency=medium
1146
1147 * Merge from Debian unstable. Remaining changes:
1148 - debian/control:
1149 + Recommend plymouth.
1150 + Depend on busybox-initramfs instead of busybox | busybox-static.
1151 - Fix cryptroot-unlock for busybox compatibility.
1152
1153 -- Matthias Klose <doko@ubuntu.com> Mon, 10 Feb 2020 09:20:12 +0100
1154
674cryptsetup (2:2.2.2-3) unstable; urgency=high1155cryptsetup (2:2.2.2-3) unstable; urgency=high
6751156
676 * initramfs hook: Workaround fix for the libgcc_s's source location.1157 * initramfs hook: Workaround fix for the libgcc_s's source location.
@@ -679,6 +1160,16 @@ cryptsetup (2:2.2.2-3) unstable; urgency=high
6791160
680 -- Guilhem Moulin <guilhem@debian.org> Tue, 04 Feb 2020 14:11:12 +01001161 -- Guilhem Moulin <guilhem@debian.org> Tue, 04 Feb 2020 14:11:12 +0100
6811162
1163cryptsetup (2:2.2.2-2ubuntu1) focal; urgency=low
1164
1165 * Merge from Debian unstable. Remaining changes:
1166 - debian/control:
1167 + Recommend plymouth.
1168 + Depend on busybox-initramfs instead of busybox | busybox-static.
1169 - Fix cryptroot-unlock for busybox compatibility.
1170
1171 -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 01 Feb 2020 22:11:22 -0800
1172
682cryptsetup (2:2.2.2-2) unstable; urgency=medium1173cryptsetup (2:2.2.2-2) unstable; urgency=medium
6831174
684 [ Guilhem Moulin ]1175 [ Guilhem Moulin ]
@@ -696,6 +1187,16 @@ cryptsetup (2:2.2.2-2) unstable; urgency=medium
6961187
697 -- Guilhem Moulin <guilhem@debian.org> Sat, 18 Jan 2020 20:53:19 +01001188 -- Guilhem Moulin <guilhem@debian.org> Sat, 18 Jan 2020 20:53:19 +0100
6981189
1190cryptsetup (2:2.2.2-1ubuntu1) focal; urgency=low
1191
1192 * Merge from Debian unstable. Remaining changes:
1193 - debian/control:
1194 + Recommend plymouth.
1195 + Depend on busybox-initramfs instead of busybox | busybox-static.
1196 - Fix cryptroot-unlock for busybox compatibility.
1197
1198 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 11 Nov 2019 22:07:44 -0800
1199
699cryptsetup (2:2.2.2-1) unstable; urgency=medium1200cryptsetup (2:2.2.2-1) unstable; urgency=medium
7001201
701 * New upstream bugfix release.1202 * New upstream bugfix release.
@@ -706,6 +1207,16 @@ cryptsetup (2:2.2.2-1) unstable; urgency=medium
7061207
707 -- Guilhem Moulin <guilhem@debian.org> Fri, 01 Nov 2019 19:32:36 +01001208 -- Guilhem Moulin <guilhem@debian.org> Fri, 01 Nov 2019 19:32:36 +0100
7081209
1210cryptsetup (2:2.2.1-1ubuntu1) focal; urgency=low
1211
1212 * Merge from Debian unstable. Remaining changes:
1213 - debian/control:
1214 + Recommend plymouth.
1215 + Depend on busybox-initramfs instead of busybox | busybox-static.
1216 - Fix cryptroot-unlock for busybox compatibility.
1217
1218 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 18 Oct 2019 15:14:29 -0700
1219
709cryptsetup (2:2.2.1-1) unstable; urgency=medium1220cryptsetup (2:2.2.1-1) unstable; urgency=medium
7101221
711 * New upstream bugfix release.1222 * New upstream bugfix release.
@@ -713,6 +1224,16 @@ cryptsetup (2:2.2.1-1) unstable; urgency=medium
7131224
714 -- Guilhem Moulin <guilhem@debian.org> Fri, 06 Sep 2019 13:28:55 +02001225 -- Guilhem Moulin <guilhem@debian.org> Fri, 06 Sep 2019 13:28:55 +0200
7151226
1227cryptsetup (2:2.2.0-3ubuntu1) eoan; urgency=low
1228
1229 * Merge from Debian unstable. Remaining changes:
1230 - debian/control:
1231 + Recommend plymouth.
1232 + Depend on busybox-initramfs instead of busybox | busybox-static.
1233 - Fix cryptroot-unlock for busybox compatibility.
1234
1235 -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 28 Aug 2019 16:13:22 -0700
1236
716cryptsetup (2:2.2.0-3) unstable; urgency=medium1237cryptsetup (2:2.2.0-3) unstable; urgency=medium
7171238
718 * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on1239 * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on
@@ -720,6 +1241,16 @@ cryptsetup (2:2.2.0-3) unstable; urgency=medium
7201241
721 -- Guilhem Moulin <guilhem@debian.org> Mon, 26 Aug 2019 12:53:45 +02001242 -- Guilhem Moulin <guilhem@debian.org> Mon, 26 Aug 2019 12:53:45 +0200
7221243
1244cryptsetup (2:2.2.0-2ubuntu1) eoan; urgency=low
1245
1246 * Merge from Debian unstable. Remaining changes:
1247 - debian/control:
1248 + Recommend plymouth.
1249 + Depend on busybox-initramfs instead of busybox | busybox-static.
1250 - Fix cryptroot-unlock for busybox compatibility.
1251
1252 -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Aug 2019 12:25:55 -0700
1253
723cryptsetup (2:2.2.0-2) unstable; urgency=medium1254cryptsetup (2:2.2.0-2) unstable; urgency=medium
7241255
725 * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy1256 * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy
@@ -731,6 +1262,25 @@ cryptsetup (2:2.2.0-2) unstable; urgency=medium
7311262
732 -- Guilhem Moulin <guilhem@debian.org> Wed, 21 Aug 2019 22:45:12 +02001263 -- Guilhem Moulin <guilhem@debian.org> Wed, 21 Aug 2019 22:45:12 +0200
7331264
1265cryptsetup (2:2.2.0-1ubuntu2) eoan; urgency=medium
1266
1267 * debian/initramfs/cryptroot-unlock: canonicalize executable paths.
1268 Thanks to Paride Legovini <paride.legovini@canonical.com> for the patch.
1269 LP: #1840752.
1270
1271 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 20 Aug 2019 15:34:10 -0700
1272
1273cryptsetup (2:2.2.0-1ubuntu1) eoan; urgency=low
1274
1275 * Merge from Debian unstable. Remaining changes:
1276 - debian/control:
1277 + Recommend plymouth.
1278 + Depend on busybox-initramfs instead of busybox | busybox-static.
1279 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
1280 compatibility.
1281
1282 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 20 Aug 2019 14:21:34 +0200
1283
734cryptsetup (2:2.2.0-1) unstable; urgency=medium1284cryptsetup (2:2.2.0-1) unstable; urgency=medium
7351285
736 * New upstream release 2.2.0. Highlights include:1286 * New upstream release 2.2.0. Highlights include:
@@ -808,6 +1358,23 @@ cryptsetup (2:2.1.0-6) unstable; urgency=low
8081358
809 -- Guilhem Moulin <guilhem@debian.org> Sat, 20 Jul 2019 22:15:04 -03001359 -- Guilhem Moulin <guilhem@debian.org> Sat, 20 Jul 2019 22:15:04 -0300
8101360
1361cryptsetup (2:2.1.0-5ubuntu2) eoan; urgency=medium
1362
1363 * Rebuild against new libjson-c4.
1364
1365 -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 29 Jun 2019 13:48:37 +0200
1366
1367cryptsetup (2:2.1.0-5ubuntu1) eoan; urgency=low
1368
1369 * Merge from Debian unstable. Remaining changes:
1370 - debian/control:
1371 + Recommend plymouth.
1372 + Depend on busybox-initramfs instead of busybox | busybox-static.
1373 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
1374 compatibility.
1375
1376 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 14 Jun 2019 14:09:31 -0700
1377
811cryptsetup (2:2.1.0-5) unstable; urgency=medium1378cryptsetup (2:2.1.0-5) unstable; urgency=medium
8121379
813 [ Jonas Meurer ]1380 [ Jonas Meurer ]
@@ -820,6 +1387,17 @@ cryptsetup (2:2.1.0-5) unstable; urgency=medium
8201387
821 -- Guilhem Moulin <guilhem@debian.org> Mon, 10 Jun 2019 14:51:15 +02001388 -- Guilhem Moulin <guilhem@debian.org> Mon, 10 Jun 2019 14:51:15 +0200
8221389
1390cryptsetup (2:2.1.0-4ubuntu1) eoan; urgency=low
1391
1392 * Merge from Debian unstable. Remaining changes:
1393 - debian/control:
1394 + Recommend plymouth.
1395 + Depend on busybox-initramfs instead of busybox | busybox-static.
1396 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
1397 compatibility.
1398
1399 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 28 May 2019 18:32:08 -0700
1400
823cryptsetup (2:2.1.0-4) unstable; urgency=medium1401cryptsetup (2:2.1.0-4) unstable; urgency=medium
8241402
825 [Guilhem Moulin]1403 [Guilhem Moulin]
@@ -839,6 +1417,26 @@ cryptsetup (2:2.1.0-4) unstable; urgency=medium
8391417
840 -- Guilhem Moulin <guilhem@debian.org> Tue, 28 May 2019 17:04:16 +02001418 -- Guilhem Moulin <guilhem@debian.org> Tue, 28 May 2019 17:04:16 +0200
8411419
1420cryptsetup (2:2.1.0-3ubuntu2) eoan; urgency=medium
1421
1422 * Depend on busybox-initramfs, which is the implementation we actually use
1423 for the initramfs and is guaranteed to always be present, instead of
1424 busybox-static.
1425
1426 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 09 May 2019 14:47:04 -0700
1427
1428cryptsetup (2:2.1.0-3ubuntu1) eoan; urgency=low
1429
1430 * Merge from Debian unstable. Remaining changes:
1431 - debian/control:
1432 + Recommend plymouth.
1433 + Invert the "busybox | busybox-static" Recommends, as the latter
1434 is the one we ship in main as part of the ubuntu-standard task.
1435 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
1436 compatibility. LP: #1651818
1437
1438 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 03 May 2019 16:22:03 -0700
1439
842cryptsetup (2:2.1.0-3) unstable; urgency=medium1440cryptsetup (2:2.1.0-3) unstable; urgency=medium
8431441
844 * d/scripts/decrypt_opensc: Fix standard output poisoning. Thanks to Nils1442 * d/scripts/decrypt_opensc: Fix standard output poisoning. Thanks to Nils
@@ -862,6 +1460,19 @@ cryptsetup (2:2.1.0-2) unstable; urgency=medium
8621460
863 -- Guilhem Moulin <guilhem@debian.org> Thu, 28 Feb 2019 22:32:43 +01001461 -- Guilhem Moulin <guilhem@debian.org> Thu, 28 Feb 2019 22:32:43 +0100
8641462
1463cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium
1464
1465 * Merge from Debian unstable. LP: #1815484
1466 * Remaining changes:
1467 - debian/control:
1468 + Recommend plymouth.
1469 + Invert the "busybox | busybox-static" Recommends, as the latter
1470 is the one we ship in main as part of the ubuntu-standard task.
1471 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
1472 compatibility. LP: #1651818
1473
1474 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 13 Feb 2019 21:28:23 +0000
1475
865cryptsetup (2:2.1.0-1) unstable; urgency=medium1476cryptsetup (2:2.1.0-1) unstable; urgency=medium
8661477
867 * New upstream release. Highlights include:1478 * New upstream release. Highlights include:
@@ -904,6 +1515,20 @@ cryptsetup (2:2.1.0-1) unstable; urgency=medium
9041515
905 -- Guilhem Moulin <guilhem@debian.org> Sat, 09 Feb 2019 00:40:17 +01001516 -- Guilhem Moulin <guilhem@debian.org> Sat, 09 Feb 2019 00:40:17 +0100
9061517
1518cryptsetup (2:2.0.6-1ubuntu1) disco; urgency=medium
1519
1520 * Merge from Debian unstable.
1521 * Remaining changes:
1522 - debian/control:
1523 + Recommend plymouth.
1524 + Invert the "busybox | busybox-static" Recommends, as the latter
1525 is the one we ship in main as part of the ubuntu-standard task.
1526 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
1527 compatibility. LP: #1651818
1528 * Dropped delta sector_size support, merged in Debian.
1529
1530 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 05 Feb 2019 13:43:25 +0000
1531
907cryptsetup (2:2.0.6-1) unstable; urgency=medium1532cryptsetup (2:2.0.6-1) unstable; urgency=medium
9081533
909 * New upstream bugfix release. Highlights include:1534 * New upstream bugfix release. Highlights include:
@@ -968,6 +1593,27 @@ cryptsetup (2:2.0.4-3) unstable; urgency=medium
9681593
969 -- Guilhem Moulin <guilhem@debian.org> Mon, 22 Oct 2018 17:45:35 +02001594 -- Guilhem Moulin <guilhem@debian.org> Mon, 22 Oct 2018 17:45:35 +0200
9701595
1596cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium
1597
1598 * Implement support for --sector-size cryptsetup plain mode option in
1599 crypttab. Matching support is also proposed to systemd-cryptsetup as
1600 well. LP: #1776626
1601
1602 -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 31 Aug 2018 17:00:07 +0100
1603
1604cryptsetup (2:2.0.4-2ubuntu1) cosmic; urgency=low
1605
1606 * Merge from Debian unstable. LP: #1785610.
1607 * Remaining changes:
1608 - debian/control:
1609 + Recommend plymouth.
1610 + Invert the "busybox | busybox-static" Recommends, as the latter
1611 is the one we ship in main as part of the ubuntu-standard task.
1612 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
1613 compatibility. LP: #1651818
1614
1615 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 22 Aug 2018 22:51:47 +0100
1616
971cryptsetup (2:2.0.4-2) unstable; urgency=medium1617cryptsetup (2:2.0.4-2) unstable; urgency=medium
9721618
973 * debian/cryptsetup-initramfs.preinst: Don't try to overwrite1619 * debian/cryptsetup-initramfs.preinst: Don't try to overwrite
@@ -1000,6 +1646,28 @@ cryptsetup (2:2.0.3-7) unstable; urgency=medium
10001646
1001 -- Guilhem Moulin <guilhem@debian.org> Mon, 30 Jul 2018 16:32:07 +08001647 -- Guilhem Moulin <guilhem@debian.org> Mon, 30 Jul 2018 16:32:07 +0800
10021648
1649cryptsetup (2:2.0.3-6ubuntu1) cosmic; urgency=low
1650
1651 * Merge from Debian unstable. LP: #1781912.
1652 * Remaining changes:
1653 - debian/control:
1654 + Recommend plymouth.
1655 + Invert the "busybox | busybox-static" Recommends, as the latter
1656 is the one we ship in main as part of the ubuntu-standard task.
1657 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
1658 compatibility. LP: #1651818
1659 * Dropped changes, included in Debian:
1660 - Drop explicit libgcrypt20 dependency from libcryptsetup4.
1661 - Drop the CRYPTSETUP variable warning from the initramfs hook, as
1662 overlayroot package ships a dropin in conf-hooks.d triggering false
1663 warnings.
1664 - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
1665 - Drop c99 std, as the default is now higher than that
1666 * Dropped changes, no longer needed:
1667 - Add maintscript to drop removed upstart system jobs.
1668
1669 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 16 Jul 2018 08:27:58 -0400
1670
1003cryptsetup (2:2.0.3-6) unstable; urgency=medium1671cryptsetup (2:2.0.3-6) unstable; urgency=medium
10041672
1005 * debian/TODO.md: Remove mention of parent device detection for mdadm1673 * debian/TODO.md: Remove mention of parent device detection for mdadm
@@ -1284,6 +1952,45 @@ cryptsetup (2:2.0.3-1) unstable; urgency=medium
12841952
1285 -- Jonas Meurer <jonas@freesources.org> Fri, 15 Jun 2018 15:32:16 +02001953 -- Jonas Meurer <jonas@freesources.org> Fri, 15 Jun 2018 15:32:16 +0200
12861954
1955cryptsetup (2:2.0.2-1ubuntu3) cosmic; urgency=medium
1956
1957 * No-change rebuild against libargon2-1
1958
1959 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 10 Jul 2018 17:01:23 +0000
1960
1961cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium
1962
1963 * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
1964 compatibility. LP: #1651818
1965
1966 -- Dimitri John Ledkov 🌈 <xnox@ubuntu.com> Thu, 21 Jun 2018 16:38:31 +0100
1967
1968cryptsetup (2:2.0.2-1ubuntu1) bionic; urgency=low
1969
1970 * Merge from Debian unstable.
1971 - bugfix upstream release, which solves problems with luks2 format
1972 disks not unlocking. LP: #1755322.
1973 * Remaining changes:
1974 - debian/control:
1975 + Depend on plymouth.
1976 + Invert the "busybox | busybox-static" Recommends, as the latter
1977 is the one we ship in main as part of the ubuntu-standard task.
1978 + Drop explicit libgcrypt20 dependency from libcryptsetup4.
1979 - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
1980 - Drop c99 std, as the default is now higher than that
1981 - Drop upstart system jobs.
1982 - Add maintscript to drop removed upstart system jobs.
1983 - debian has its own now, but we have different version numbers.
1984 this delta can be dropped after 18.04 release.
1985 - Drop the CRYPTSETUP variable warning from the initramfs hook, as
1986 overlayroot package ships a dropin in conf-hooks.d triggering false
1987 warnings.
1988 * Dropped changes:
1989 - debian/cryptdisks{,-udev}.maintscript: drop, there is no package named
1990 'cryptdisks' or 'cryptdisks-udev'.
1991
1992 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 06 Apr 2018 10:23:53 -0700
1993
1287cryptsetup (2:2.0.2-1) unstable; urgency=low1994cryptsetup (2:2.0.2-1) unstable; urgency=low
12881995
1289 * New upstream release 2.0.21996 * New upstream release 2.0.2
@@ -1313,6 +2020,40 @@ cryptsetup (2:2.0.1-1) unstable; urgency=low
13132020
1314 -- Guilhem Moulin <guilhem@debian.org> Sun, 11 Feb 2018 00:02:05 +01002021 -- Guilhem Moulin <guilhem@debian.org> Sun, 11 Feb 2018 00:02:05 +0100
13152022
2023cryptsetup (2:2.0.1-0ubuntu2) bionic; urgency=medium
2024
2025 * Drop the CRYPTSETUP variable warning from the initramfs hook, as
2026 overlayroot package ships a dropin in conf-hooks.d triggering false
2027 warnings.
2028
2029 -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 22 Feb 2018 14:49:16 +0000
2030
2031cryptsetup (2:2.0.1-0ubuntu1) bionic; urgency=medium
2032
2033 * Merge from Debian unstable. Remaining changes:
2034 - debian/control:
2035 + Depend on plymouth.
2036 + Invert the "busybox | busybox-static" Recommends, as the latter
2037 is the one we ship in main as part of the ubuntu-standard task.
2038 + Drop explicit libgcrypt20 dependency from libcryptsetup4.
2039 - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
2040 - Drop c99 std, as the default is now higher than that
2041 - Drop upstart system jobs.
2042 - Add maintscript to drop removed upstart system jobs.
2043 - debian has its own now, but we have different version numbers
2044 * New upstream release
2045 * Cherry-pick Guilhem Moulin's changes below from Debian git
2046
2047 [ Guilhem Moulin ]
2048 * New upstream release 2.0.1:
2049 - Use /run/cryptsetup as default for cryptsetup locking dir.
2050 - Add missing symbols for new functions to debian/libcryptsetup12.symbols.
2051 * debian/copyright: update copyright years.
2052 * debian/patches: backport upstream's 8728ba08 to fix opening of loop-AES
2053 devices using --key-file=-. (Closes: #888162.)
2054
2055 -- Julian Andres Klode <juliank@ubuntu.com> Mon, 29 Jan 2018 13:48:55 +0100
2056
1316cryptsetup (2:2.0.0-1) unstable; urgency=low2057cryptsetup (2:2.0.0-1) unstable; urgency=low
13172058
1318 [ Guilhem Moulin ]2059 [ Guilhem Moulin ]
@@ -1362,6 +2103,26 @@ cryptsetup (2:2.0.0~rc0-1) experimental; urgency=low
13622103
1363 -- Guilhem Moulin <guilhem@debian.org> Tue, 03 Oct 2017 03:37:36 +02002104 -- Guilhem Moulin <guilhem@debian.org> Tue, 03 Oct 2017 03:37:36 +0200
13642105
2106cryptsetup (2:1.7.5-1ubuntu1) bionic; urgency=low
2107
2108 * Merge from Debian unstable. Remaining changes:
2109 - debian/control:
2110 + Depend on plymouth.
2111 + Invert the "busybox | busybox-static" Recommends, as the latter
2112 is the one we ship in main as part of the ubuntu-standard task.
2113 + Drop explicit libgcrypt20 dependency from libcryptsetup4.
2114 - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
2115 - Drop c99 std, as the default is now higher than that
2116 - Drop upstart system jobs.
2117 - Add maintscript to drop removed upstart system jobs.
2118 * Merged upstream:
2119 - d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat
2120 with recent FIPS enabled kernels.
2121 * Merged in Debian:
2122 - Use DEB_VERSION from dpkg/default.mk for pod2man release variable
2123
2124 -- Julian Andres Klode <juliank@ubuntu.com> Wed, 17 Jan 2018 21:39:10 +0100
2125
1365cryptsetup (2:1.7.5-1) unstable; urgency=low2126cryptsetup (2:1.7.5-1) unstable; urgency=low
13662127
1367 * New upstream release 1.7.5.2128 * New upstream release 1.7.5.
@@ -1384,6 +2145,25 @@ cryptsetup (2:1.7.5-1) unstable; urgency=low
13842145
1385 -- Guilhem Moulin <guilhem@debian.org> Thu, 14 Sep 2017 13:00:23 +02002146 -- Guilhem Moulin <guilhem@debian.org> Thu, 14 Sep 2017 13:00:23 +0200
13862147
2148cryptsetup (2:1.7.3-4ubuntu1) artful; urgency=low
2149
2150 * New upstream release, merge from Debian unstable. Remaining
2151 Ubuntu changes:
2152 - debian/control:
2153 + Depend on plymouth.
2154 + Invert the "busybox | busybox-static" Recommends, as the latter
2155 is the one we ship in main as part of the ubuntu-standard task.
2156 + Drop explicit libgcrypt20 dependency from libcryptsetup4.
2157 * d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat
2158 with recent FIPS enabled kernels.
2159 * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
2160 * Drop c99 std, as the default is now higher than that
2161 * Use DEB_VERSION from dpkg/default.mk for pod2man release variable
2162 * Drop upstart system jobs.
2163 * Add maintscript to drop removed upstart system jobs.
2164
2165 -- Andy Whitcroft <apw@ubuntu.com> Thu, 10 Aug 2017 14:07:29 +0100
2166
1387cryptsetup (2:1.7.3-4) unstable; urgency=high2167cryptsetup (2:1.7.3-4) unstable; urgency=high
13882168
1389 [ Guilhem Moulin ]2169 [ Guilhem Moulin ]
@@ -1596,6 +2376,40 @@ cryptsetup (2:1.7.2-1) unstable; urgency=medium
15962376
1597 -- Jonas Meurer <mejo@debian.org> Wed, 05 Oct 2016 20:53:09 +02002377 -- Jonas Meurer <mejo@debian.org> Wed, 05 Oct 2016 20:53:09 +0200
15982378
2379cryptsetup (2:1.7.2-0ubuntu4) artful; urgency=medium
2380
2381 * Add maintscript to drop removed upstart system jobs.
2382
2383 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 21 Aug 2017 11:36:04 +0100
2384
2385cryptsetup (2:1.7.2-0ubuntu3) artful; urgency=medium
2386
2387 * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCe
2388 * Drop c99 std, as the default is now higher than that
2389 * Use DEB_VERSION from dpkg/default.mk for pod2man release variable
2390
2391 -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 19 Aug 2017 21:46:19 +0100
2392
2393cryptsetup (2:1.7.2-0ubuntu2) artful; urgency=medium
2394
2395 * Drop upstart system jobs.
2396
2397 -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 19 Aug 2017 20:57:17 +0100
2398
2399cryptsetup (2:1.7.2-0ubuntu1) yakkety; urgency=medium
2400
2401 * New upstream release, merge from Debian unstable (LP: #1548137). Remaining
2402 Ubuntu changes:
2403 - debian/control:
2404 + Bump initramfs-tools Suggests to Depends: so system is not
2405 potentially rendered unbootable.
2406 + Depend on plymouth.
2407 + Invert the "busybox | busybox-static" Recommends, as the latter
2408 is the one we ship in main as part of the ubuntu-standard task.
2409 + Drop explicit libgcrypt20 dependency from libcryptsetup4.
2410
2411 -- Unit 193 <unit193@ubuntu.com> Wed, 22 Jun 2016 16:30:01 -0400
2412
1599cryptsetup (2:1.7.0-2) unstable; urgency=medium2413cryptsetup (2:1.7.0-2) unstable; urgency=medium
16002414
1601 [ Guilhem Moulin ]2415 [ Guilhem Moulin ]
@@ -1670,6 +2484,35 @@ cryptsetup (2:1.7.0-1) unstable; urgency=medium
16702484
1671 -- Jonas Meurer <mejo@debian.org> Thu, 07 Jan 2016 02:22:33 +01002485 -- Jonas Meurer <mejo@debian.org> Thu, 07 Jan 2016 02:22:33 +0100
16722486
2487cryptsetup (2:1.6.6-5ubuntu2) wily; urgency=medium
2488
2489 * Fix stupid typo in Recommends "busybox | busybox-static" inversion.
2490 Fixes binary moves for busybox into main.
2491
2492 -- Andy Whitcroft <apw@ubuntu.com> Fri, 21 Aug 2015 08:56:34 +0100
2493
2494cryptsetup (2:1.6.6-5ubuntu1) wily; urgency=low
2495
2496 * Merge from Debian unstable. Remaining changes:
2497 - debian/control:
2498 + Bump initramfs-tools Suggests to Depends: so system is not
2499 potentially rendered unbootable.
2500 + Depend on plymouth.
2501 + Invert the "busybox | busybox-static" Recommends, as the latter
2502 is the one we ship in main as part of the ubuntu-standard task.
2503 + Drop explicit libgcrypt11 dependency from libcryptsetup4.
2504 * Dropped changes, now in Debian:
2505 - Remove hardcoded paths to udevadm.
2506 - debian/initramfs/cryptroot-hook:
2507 + Do not unconditionally include cryptsetup utils in the initramfs.
2508 + Do not include any modules or utils in the initramfs, unless
2509 rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
2510 the initramfs.conf configuration file.
2511 - debian/cryptsetup.maintscripts:
2512 + Migrate upstart jobs to new names.
2513
2514 -- Andy Whitcroft <apw@ubuntu.com> Tue, 07 Jul 2015 16:58:45 +0100
2515
1673cryptsetup (2:1.6.6-5) unstable; urgency=high2516cryptsetup (2:1.6.6-5) unstable; urgency=high
16742517
1675 * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart2518 * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart
@@ -1822,6 +2665,71 @@ cryptsetup (2:1.6.4-1) unstable; urgency=low
18222665
1823 -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:14:55 +02002666 -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:14:55 +0200
18242667
2668cryptsetup (2:1.6.1-1ubuntu7) vivid; urgency=medium
2669
2670 * Drop explicit libgcrypt11 dependency from libcryptsetup4.
2671
2672 -- Adam Conrad <adconrad@ubuntu.com> Fri, 27 Mar 2015 18:24:38 -0600
2673
2674cryptsetup (2:1.6.1-1ubuntu6) vivid; urgency=medium
2675
2676 * No-change rebuild for the libgcrypt20 transition.
2677
2678 -- Adam Conrad <adconrad@ubuntu.com> Fri, 27 Mar 2015 06:16:08 -0600
2679
2680cryptsetup (2:1.6.1-1ubuntu5) vivid; urgency=medium
2681
2682 * ./debian/scripts/luksformat: Drop luksFormat -s and --ciper options. They
2683 aren't necessary any more, and aes-cbc-essiv:sha256 is obsolete. This will
2684 now use aes-xts-plain64 by default. (LP: #1414719)
2685
2686 -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 27 Feb 2015 09:37:05 +0100
2687
2688cryptsetup (2:1.6.1-1ubuntu4) vivid; urgency=medium
2689
2690 * No change rebuild to get debug symbols for all architectures.
2691
2692 -- Brian Murray <brian@ubuntu.com> Wed, 03 Dec 2014 08:03:31 -0800
2693
2694cryptsetup (2:1.6.1-1ubuntu3) utopic; urgency=high
2695
2696 * No change rebuild against new dh_installinit, to call update-rc.d at
2697 postinst.
2698
2699 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:39:30 +0100
2700
2701cryptsetup (2:1.6.1-1ubuntu2) utopic; urgency=medium
2702
2703 * debian/askpass.c:
2704 - Fix bug (LP: #1301086) where askpass fails to restore terminal
2705 settings.
2706
2707 -- Robert Barabas <dc@0xdc.org> Fri, 18 Apr 2014 14:08:51 -0400
2708
2709cryptsetup (2:1.6.1-1ubuntu1) trusty; urgency=low
2710
2711 * Merge from debian unstable, remaining changes:
2712 - debian/control:
2713 + Bump initramfs-tools Suggests to Depends: so system is not
2714 potentially rendered unbootable.
2715 + Depend on plymouth.
2716
2717 - Invert the "busybox | busybox-static" Recommends, as the latter is
2718 the one we ship in main as part of the ubuntu-standard task.
2719
2720 - Remove hardcoded paths to udevadm (LP: #1184066).
2721
2722 - debian/initramfs/cryptroot-hook:
2723 + Do not unconditionally include cryptsetup utils in the initramfs.
2724 + Do not include any modules or utils in the initramfs, unless
2725 rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
2726 the initramfs.conf configuration file.
2727
2728 - debian/cryptsetup.maintscripts:
2729 + Migrate upstart jobs to new names.
2730
2731 -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Fri, 01 Nov 2013 16:48:57 +0000
2732
1825cryptsetup (2:1.6.1-1) unstable; urgency=low2733cryptsetup (2:1.6.1-1) unstable; urgency=low
18262734
1827 [ Milan Broz ]2735 [ Milan Broz ]
@@ -1863,6 +2771,50 @@ cryptsetup (2:1.6.1-1) unstable; urgency=low
18632771
1864 -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:10:41 +02002772 -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:10:41 +0200
18652773
2774cryptsetup (2:1.4.3-4ubuntu4) saucy; urgency=low
2775
2776 * debian/initramfs/cryptroot-hook:
2777 - Do not unconditionally include cryptsetup utils in the initramfs.
2778 - Do not include any modules or utils in the initramfs, unless
2779 rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
2780 the initramfs.conf configuration file.
2781
2782 -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Mon, 10 Jun 2013 16:25:46 +0100
2783
2784cryptsetup (2:1.4.3-4ubuntu3) saucy; urgency=low
2785
2786 * Remove hardcoded paths to udevadm (LP: #1184066).
2787
2788 -- Colin Watson <cjwatson@ubuntu.com> Tue, 28 May 2013 11:27:27 +0100
2789
2790cryptsetup (2:1.4.3-4ubuntu2) raring; urgency=low
2791
2792 * Invert the "busybox | busybox-static" Recommends, as the latter
2793 is the one we ship in main as part of the ubuntu-standard task.
2794
2795 -- Adam Conrad <adconrad@ubuntu.com> Fri, 16 Nov 2012 01:14:35 -0700
2796
2797cryptsetup (2:1.4.3-4ubuntu1) raring; urgency=low
2798
2799 * Merge from debian unstable, remaining changes:
2800 - debian/control:
2801 + Bump initramfs-tools Suggests to Depends: so system is not
2802 potentially rendered unbootable.
2803 + Depend on plymouth.
2804
2805 - init/upstart jobs:
2806 + Rename cryptddisks{,-early}.upstart jobs to
2807 cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
2808 for now.
2809 + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
2810 script a no-op, this should be handled entirely by the upstart job;
2811 and fix the LSB header to not declare this should be started in
2812 runlevel 'S'.
2813 + Do not install start symlinks for init scripts
2814 + NB! shutdown is still handled by the SystemV init scripts
2815
2816 -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Tue, 13 Nov 2012 11:17:57 +0000
2817
1866cryptsetup (2:1.4.3-4) unstable; urgency=medium2818cryptsetup (2:1.4.3-4) unstable; urgency=medium
18672819
1868 * change recommends for busybox to busybox | busybox-static. Thanks to2820 * change recommends for busybox to busybox | busybox-static. Thanks to
@@ -1895,6 +2847,50 @@ cryptsetup (2:1.4.3-3) unstable; urgency=medium
18952847
1896 -- Jonas Meurer <mejo@debian.org> Thu, 01 Nov 2012 15:34:09 +01002848 -- Jonas Meurer <mejo@debian.org> Thu, 01 Nov 2012 15:34:09 +0100
18972849
2850cryptsetup (2:1.4.3-2ubuntu1) quantal; urgency=low
2851
2852 * Merge from debian unstable (LP: #1015753), remaining changes:
2853 - debian/control:
2854 + Bump initramfs-tools Suggests to Depends: so system is not
2855 potentially rendered unbootable.
2856 + Depend on plymouth.
2857
2858 - init/upstart jobs:
2859 + Add debian/cryptdisks-{enable,udev}.upstart for bootup.
2860 + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
2861 script a no-op, this should be handled entirely by the upstart job;
2862 and fix the LSB header to not declare this should be started in
2863 runlevel 'S'.
2864 + Do not install start symlinks for init scripts
2865 + NB! shutdown is still handled by the SystemV init scripts
2866
2867 * Rename cryptddisks{,-early}.upstart jobs back to
2868 cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
2869 for now.
2870
2871 * Dropped Changes, included in Debian:
2872 - debian/control:
2873 + Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
2874
2875 - debian/cryptdisks.functions:
2876 + Do not overwrite existing filesystems when creating swap (LP: #474258).
2877 + Add aesni module when we have hardware encryption.
2878 + Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/874774
2879 + Suppress "Starting init crypto disks" message in "init" phase, to
2880 avoid writing over fsck progress text.
2881 + new function, crypttab_start_one_disk, to look for the named source
2882 device in /etc/crypttab (by device name, UUID, or label) and start it
2883 if configured to do so
2884 + handle the case where crypttab contains a name for the source
2885 device that is not the kernel's preferred name for it (as is the case
2886 for LVs).
2887
2888 - debian/initramfs/cryptroot-hook:
2889 + Quiet warnings from find on arches that don't have all the
2890 kernel/{arch,crypto} bits we're testing for.
2891
2892 -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Tue, 21 Aug 2012 11:57:28 +0100
2893
1898cryptsetup (2:1.4.3-2) unstable; urgency=medium2894cryptsetup (2:1.4.3-2) unstable; urgency=medium
18992895
1900 * fix the shared library symbols magic: so far, the symbols file for2896 * fix the shared library symbols magic: so far, the symbols file for
@@ -1970,6 +2966,64 @@ cryptsetup (2:1.4.1-3) unstable; urgency=low
19702966
1971 -- Jonas Meurer <mejo@debian.org> Wed, 11 Apr 2012 23:55:35 +02002967 -- Jonas Meurer <mejo@debian.org> Wed, 11 Apr 2012 23:55:35 +0200
19722968
2969cryptsetup (2:1.4.1-2ubuntu4) precise; urgency=low
2970
2971 * Our swap creation can trigger udev change events, which means udev may be
2972 holding the device open at the time we try to call 'dmsetup rename' and
2973 cause the /subsequent/ events to be missed because of dmsetup creating
2974 device nodes by hand. So call 'udevadm settle' before 'dmsetup rename',
2975 to ensure blkid is out of the way first. This should ensure swap
2976 partitions are found by mountall in a non-racy manner. LP: #874774.
2977
2978 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 13 Apr 2012 20:23:21 -0700
2979
2980cryptsetup (2:1.4.1-2ubuntu3) precise; urgency=low
2981
2982 * Start cryptdisks-enable upstart job on 'or container', to let us
2983 simplify the udevtrigger job.
2984
2985 -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 04 Apr 2012 17:02:00 -0700
2986
2987cryptsetup (2:1.4.1-2ubuntu2) precise; urgency=low
2988
2989 * Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
2990 * Do not overwrite existing filesystems when creating swap (LP: #474258).
2991 * Add aesni module when we have hardware encryption.
2992
2993 -- Jean-Louis Dupond <jean-louis@dupond.be> Mon, 12 Mar 2012 10:14:30 +0100
2994
2995cryptsetup (2:1.4.1-2ubuntu1) precise; urgency=low
2996
2997 [ Jean-Louis Dupond ]
2998 * Merge from debian unstable (LP: #776264), remaining changes:
2999 - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
3000 in "init" phase, to avoid writing over fsck progress text.
3001 - debian/cryptroot-hook: Quiet warnings from find on arches that
3002 don't have all the kernel/{arch,crypto} bits we're testing for.
3003 - debian/control:
3004 + Bump initramfs-tools Suggests to Depends: so system is not
3005 potentially rendered unbootable.
3006 + Depend on plymouth.
3007 - Add debian/cryptdisks-{enable,udev}.upstart.
3008 - debian/cryptdisks.functions:
3009 + new function, crypttab_start_one_disk, to look for the named source
3010 device in /etc/crypttab (by device name, UUID, or label) and start it
3011 if configured to do so
3012 - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
3013 script a no-op, this should be handled entirely by the upstart job;
3014 and fix the LSB header to not declare this should be started in
3015 runlevel 'S'
3016 - debian/rules:
3017 + Do not install start symlinks for init scripts, and
3018 install debian/cryptdisks-{enable,udev}.upstart scripts.
3019
3020 [ Steve Langasek ]
3021 * debian/cryptdisks.functions: handle the case where crypttab contains a
3022 name for the source device that is not the kernel's preferred name for
3023 it (as is the case for LVs).
3024
3025 -- Jean-Louis Dupond <jean-louis@dupond.be> Thu, 08 Mar 2012 07:32:40 +0100
3026
1973cryptsetup (2:1.4.1-2) unstable; urgency=low3027cryptsetup (2:1.4.1-2) unstable; urgency=low
19743028
1975 * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182)3029 * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182)
@@ -2179,6 +3233,56 @@ cryptsetup (2:1.2.0-1) experimental; urgency=low
21793233
2180 -- Jonas Meurer <mejo@debian.org> Sun, 16 Jan 2011 01:01:03 +01003234 -- Jonas Meurer <mejo@debian.org> Sun, 16 Jan 2011 01:01:03 +0100
21813235
3236cryptsetup (2:1.1.3-4ubuntu3) precise; urgency=low
3237
3238 [ Pali Rohar ]
3239 * debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
3240 in "init" phase, to avoid writing over fsck progress text.
3241
3242 -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 26 Oct 2011 09:16:15 +0200
3243
3244cryptsetup (2:1.1.3-4ubuntu2) oneiric; urgency=low
3245
3246 * debian/cryptroot-hook: Quiet warnings from find on arches that
3247 don't have all the kernel/{arch,crypto} bits we're testing for.
3248
3249 -- Adam Conrad <adconrad@ubuntu.com> Sat, 01 Oct 2011 00:33:00 -0600
3250
3251cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low
3252
3253 * Merge from debian unstable (LP: #682177), remaining changes:
3254 - debian/control:
3255 + Bump initramfs-tools Suggests to Depends: so system is not
3256 potentially rendered unbootable.
3257 + Depend on plymouth.
3258 - Add debian/cryptdisks-{enable,udev}.upstart.
3259 - debian/cryptdisks.functions:
3260 + new function, crypttab_start_one_disk, to look for the named source
3261 device in /etc/crypttab (by device name, UUID, or label) and start it
3262 if configured to do so
3263 + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
3264 we only ever have one of these running at a time; otherwise multiple
3265 invocations could steal each other's input and/or write over each
3266 other's output
3267 + when called by cryptdisks-enable, check that we don't already have a
3268 corresponding cryptdisks-udev job running (probably waiting for a
3269 passphrase); if there is, wait until it's finished before continuing.
3270 - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
3271 script a no-op, this should be handled entirely by the upstart job;
3272 and fix the LSB header to not declare this should be started in
3273 runlevel 'S'
3274 - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
3275 upgrade.
3276 - debian/rules:
3277 + Do not install start symlinks for init scripts, and
3278 install debian/cryptdisks-{enable,udev}.upstart scripts.
3279 + link dynamically against libgcrypt and libgpg-error.
3280 - Add debian/cryptsetup.apport: Apport package hook. Install in
3281 debian/rules and create dir in debian/cryptsetup.dirs.
3282 - debian/cryptsetup.postrm: call update-initramfs on package removal.
3283
3284 -- Lorenzo De Liso <blackz@ubuntu.com> Sat, 27 Nov 2010 17:37:43 +0100
3285
2182cryptsetup (2:1.1.3-4) unstable; urgency=high3286cryptsetup (2:1.1.3-4) unstable; urgency=high
21833287
2184 * bump standards-version to 3.9.1, no changes required3288 * bump standards-version to 3.9.1, no changes required
@@ -2284,6 +3388,69 @@ cryptsetup (2:1.1.3-1) unstable; urgency=low
22843388
2285 -- Jonas Meurer <mejo@debian.org> Sat, 10 Jul 2010 14:32:40 +02003389 -- Jonas Meurer <mejo@debian.org> Sat, 10 Jul 2010 14:32:40 +0200
22863390
3391cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low
3392
3393 * Merge from Debian unstable (LP: #594365). Remaining changes:
3394 - debian/control:
3395 + Bump initramfs-tools Suggests to Depends: so system is not
3396 potentially rendered unbootable.
3397 + Depend on plymouth.
3398 - Add debian/cryptdisks-{enable,udev}.upstart.
3399 - debian/cryptdisks.functions:
3400 + new function, crypttab_start_one_disk, to look for the named source
3401 device in /etc/crypttab (by device name, UUID, or label) and start it
3402 if configured to do so
3403 + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
3404 we only ever have one of these running at a time; otherwise multiple
3405 invocations could steal each other's input and/or write over each
3406 other's output
3407 + initially create the device under a temporary name and rename it only
3408 at the end using 'dmsetup rename', to ensure that upstart/mountall
3409 doesn't see our device before it's ready to go.
3410 + do_tmp should mount under /var/run/cryptsetup for changing the
3411 permissions of the filesystem root, not directly on /tmp, since
3412 mounting on /tmp a) is racy, b) confuses mountall something fierce.
3413 + when called by cryptdisks-enable, check that we don't already have a
3414 corresponding cryptdisks-udev job running (probably waiting for a
3415 passphrase); if there is, wait until it's finished before continuing.
3416 - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
3417 script a no-op, this should be handled entirely by the upstart job;
3418 and fix the LSB header to not declare this should be started in
3419 runlevel 'S'
3420 - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
3421 upgrade.
3422 - debian/rules: Do not install start symlinks for init scripts, and
3423 install debian/cryptdisks-{enable,udev}.upstart scripts.
3424 - Add debian/cryptsetup.apport: Apport package hook. Install in
3425 debian/rules and create dir in debian/cryptsetup.dirs.
3426 - debian/rules: link dynamically against libgcrypt and libgpg-error.
3427 - debian/cryptsetup.postrm: call update-initramfs on package removal.
3428 * Dropped changes, merged/superseded in Debian:
3429 - Add ext4 support to passdev.
3430 - cryptroot-hook: don't call copy_modules_dir with empty arguments when
3431 archcrypto isn't found
3432 - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into
3433 the initramfs.
3434 - change interaction to use plymouth directly if present, and if not, to
3435 fall back to /lib/cryptsetup/askpass as before
3436 - cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
3437 - debian/initramfs/cryptroot-script: if plymouth is present in the
3438 initramfs, use this directly, bypassing the cryptsetup askpass script
3439 - debian/initramfs/cryptroot-hook: Properly anchor our regexps when
3440 grepping /etc/crypttab so that we don't incorrectly match device names
3441 that are substrings of one another.
3442 - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
3443 file descriptor to subprocesses.
3444 - Fix grammar error in debian/initramfs/cryptroot-script
3445 ("setup" -> "set up")
3446 - debian/initramfs/cryptroot-script: Fix this to work with current
3447 initramfs-tools:
3448 + Source /scripts/functions after checking for prerequisites.
3449 + prereqs(): Do not assume we are running within initramfs, and
3450 calculate relative path correctly.
3451
3452 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 14 Jun 2010 21:47:28 -0700
3453
2287cryptsetup (2:1.1.2-1) unstable; urgency=low3454cryptsetup (2:1.1.2-1) unstable; urgency=low
22883455
2289 * new upstream release, changes include:3456 * new upstream release, changes include:
@@ -2401,6 +3568,171 @@ cryptsetup (2:1.1.0-1) unstable; urgency=low
24013568
2402 -- Jonas Meurer <mejo@debian.org> Mon, 08 Mar 2010 14:15:35 +01003569 -- Jonas Meurer <mejo@debian.org> Mon, 08 Mar 2010 14:15:35 +0100
24033570
3571cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low
3572
3573 [ David Stansby ]
3574 * Fix grammar error in debian/initramfs/cryptroot-script
3575 ("setup" -> "set up") (LP: #578896)
3576
3577 -- James Westby <james.westby@ubuntu.com> Mon, 17 May 2010 13:33:40 +0100
3578
3579cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low
3580
3581 * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
3582 file descriptor to subprocesses.
3583
3584 -- Colin Watson <cjwatson@ubuntu.com> Mon, 29 Mar 2010 22:18:36 +0100
3585
3586cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low
3587
3588 * debian/initramfs/cryptroot-hook: Properly anchor our regexps when
3589 grepping /etc/crypttab so that we don't incorrectly match device names
3590 that are substrings of one another.
3591 * debian/cryptdisks-{enable,udev}.conf, debian/control: drop
3592 'console output' and add a hard dependency on plymouth instead of
3593 watershed, to avoid spitting extra messages to the console.
3594
3595 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 18 Feb 2010 06:19:19 -0800
3596
3597cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low
3598
3599 * Set FRAMEBUFFER=y in the file that we actually ship.
3600 * debian/cryptsetup.postrm: call update-initramfs on package removal.
3601 LP: #468228.
3602
3603 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 25 Jan 2010 03:07:52 -0800
3604
3605cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low
3606
3607 * cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
3608 * cryptdisks.functions: when called by cryptdisks-enable, check that we
3609 don't already have a corresponding cryptdisks-udev job running (probably
3610 waiting for a passphrase); if there is, wait until it's finished before
3611 continuing.
3612
3613 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 21 Jan 2010 14:57:21 +0000
3614
3615cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low
3616
3617 * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the
3618 initramfs.
3619 * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the
3620 invocation of plymouth, so that we actually get proper passphrase prompts
3621 (once bug #496765 is fixed).
3622
3623 -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 16 Jan 2010 02:32:41 -0800
3624
3625cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low
3626
3627 * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for
3628 changing the permissions of the filesystem root, not directly on /tmp,
3629 since mounting on /tmp a) is racy, b) confuses mountall something fierce.
3630 LP: #475936.
3631
3632 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 22 Dec 2009 20:24:28 +0000
3633
3634cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low
3635
3636 * Depend on watershed.
3637
3638 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 22 Dec 2009 01:37:36 +0000
3639
3640cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low
3641
3642 [ Steve Langasek ]
3643 * Fix the LSB header in the init scripts, now that we don't install to
3644 rcS.d.
3645
3646 [ Martin Pitt ]
3647 * debian/initramfs/cryptroot-script: Fix this to work with current
3648 initramfs-tools:
3649 - Source /scripts/functions after checking for prerequisites.
3650 - prereqs(): Do not assume we are running within initramfs, and calculate
3651 relative path correctly.
3652
3653 -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 18 Dec 2009 17:07:07 +0100
3654
3655cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low
3656
3657 * Rename the upstart job introduced in the previous upload to
3658 cryptdisks-udev and restore the previous version of the job as
3659 cryptdisks-enable, to run at the end of udev coldplugging as before;
3660 this isn't entirely race-free, but should nevertheless give us the
3661 two passes needed to cover devices that are decrypted using keys stored
3662 on other encrypted disks. LP: #443980.
3663
3664 -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 16 Dec 2009 06:41:30 +0000
3665
3666cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low
3667
3668 [ Steve Langasek ]
3669 * debian/initramfs/cryptroot-script: if plymouth is present in the
3670 initramfs, use this directly, bypassing the cryptsetup askpass script;
3671 but keep support for these other frontends around on a transitional
3672 basis.
3673 * debian/cryptdisks.functions:
3674 - change interaction to use plymouth directly if present, and if not, to
3675 fall back to /lib/cryptsetup/askpass as before
3676 - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
3677 we only ever have one of these running at a time; otherwise multiple
3678 invocations could steal each other's input and/or write over each
3679 other's output
3680 - new function, crypttab_start_one_disk, to look for the named source
3681 device in /etc/crypttab (by device name, UUID, or label) and start it
3682 if configured to do so
3683 * debian/cryptdisks-enable.upstart: run the upstart job once for each block
3684 device, using the new crypttab_start_one_disk function, triggered by udev;
3685 this doesn't eliminate the possibility of a race with gdm when the
3686 decrypted volume isn't a 'bootwait' mount point (since gdm kills
3687 plymouth), but it does eliminate the race between udev and cryptsetup.
3688 LP: #454898.
3689 * debian/cryptdisks-enable.upstart: check that the package is installed
3690 and exit gracefully if it's not. LP: #435814
3691 * debian/cryptdisk.functions: initially create the device under a temporary
3692 name and rename it only at the end using 'dmsetup rename', to ensure that
3693 upstart/mountall doesn't see our device before it's ready to go.
3694 LP: #475936.
3695
3696 [ Colin Watson ]
3697 * Add ext4 support to passdev.
3698
3699 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 15 Dec 2009 18:05:45 -0800
3700
3701cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low
3702
3703 * cryptroot-hook: Use if [ -n … ] instead of if ! test -z ….
3704
3705 -- Loïc Minier <loic.minier@ubuntu.com> Sat, 12 Dec 2009 11:32:52 +0100
3706
3707cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low
3708
3709 * cryptroot-hook: dont call copy_modules_dir with empty arguments when
3710 archcrypto isnt found (LP: #495161)
3711
3712 -- Oliver Grawert <ogra@ubuntu.com> Fri, 11 Dec 2009 14:39:00 +0100
3713
3714cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low
3715
3716 * Merge with Debian testing. Remaining Ubuntu changes:
3717 - debian/rules: cryptsetup is linked dynamically against libgcrypt and
3718 libgpg-error.
3719 - Upstart migration:
3720 + Add debian/cryptdisks-enable.upstart.
3721 + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
3722 script a no-op, this should be handled entirely by the upstart job.
3723 (LP #473615)
3724 + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
3725 upgrade.
3726 + debian/rules: Do not install start symlinks for those two, and install
3727 debian/cryptdisks-enable.upstart scripts.
3728 - Add debian/cryptsetup.apport: Apport package hook. Install in
3729 debian/rules, and create dir in debian/cryptsetup.dirs.
3730 - Start usplash in initramfs, since we need it for fancy passphrase input:
3731 + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y
3732 + debian/control: Bump initramfs-tools Suggests to Depends:.
3733
3734 -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 11 Nov 2009 15:04:27 +0100
3735
2404cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low3736cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low
24053737
2406 * new upstream release candidate (1.1.0-rc2), highlights include:3738 * new upstream release candidate (1.1.0-rc2), highlights include:
@@ -2574,6 +3906,80 @@ cryptsetup (2:1.0.7~rc1-1) unstable; urgency=low
25743906
2575 -- Jonas Meurer <mejo@debian.org> Sat, 04 Jul 2009 15:52:06 +02003907 -- Jonas Meurer <mejo@debian.org> Sat, 04 Jul 2009 15:52:06 +0200
25763908
3909cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low
3910
3911 [ Steve Langasek ]
3912 * Make the 'start' action of the init script a no-op, this should be
3913 handled entirely by the upstart job now; and remove any symlinks from
3914 /etc/rcS.d on upgrade. LP: #473615.
3915
3916 [ Reinhard Tartler ]
3917 * Add an apport hook
3918 * import the blkid and un_blkid from debian, LP: #446517
3919 * also use this script by default (setting in /etc/default/cryptdisks)
3920
3921 -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 04 Nov 2009 12:06:47 +0000
3922
3923cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low
3924
3925 * Reupload previous version, siretart had left changes in bzr which
3926 weren't documented in the changelog and caused FTBFS.
3927
3928 -- Scott James Remnant <scott@ubuntu.com> Wed, 14 Oct 2009 13:57:59 +0100
3929
3930cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low
3931
3932 [ Steve Langasek ]
3933 * Move the Debian Vcs- fields aside.
3934
3935 [ Scott James Remnant ]
3936 * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy,
3937 cryptsetup should not need a controlling terminal, just a terminal
3938 is fine. May fix LP: #439138.
3939
3940 -- Scott James Remnant <scott@ubuntu.com> Wed, 14 Oct 2009 04:52:16 +0100
3941
3942cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low
3943
3944 * debian/cryptdisks-enable.upstart: Things that often help include
3945 not setting stdin/out to /dev/null, so you can actually type the
3946 passphrase. I am an idiot. LP: #430496.
3947
3948 -- Scott James Remnant <scott@ubuntu.com> Thu, 17 Sep 2009 17:58:01 +0100
3949
3950cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low
3951
3952 * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted
3953 disks once we've finished probing for udev devices, so that mountall
3954 can use them. LP: #430496.
3955
3956 -- Scott James Remnant <scott@ubuntu.com> Thu, 17 Sep 2009 00:04:00 +0100
3957
3958cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low
3959
3960 * debian/initramfs/cryptroot-conf: declare that we want usplash included
3961 in the initramfs whenever this package is installed. LP: #427356.
3962
3963 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 15 Sep 2009 08:43:15 -0700
3964
3965cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low
3966
3967 * Merge from debian unstable, remaining changes:
3968 - Ubuntu specific:
3969 + debian/rules: link dynamically for better security supportability and
3970 smaller packages.
3971 + debian/control: Depend on initramfs-tools so system is not potentially
3972 rendered unbootable.
3973 - debian/initramfs/cryptroot-script wait for encrypted device to appear,
3974 report with log_*_msg (debian bug 488271).
3975 - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL
3976 correlation between fstab and crypttab (debian bug 522041).
3977 - debian/askpass.c, debian/initramfs/cryptroot-script: using newline
3978 escape in passphrase prompt to avoid line-wrapping (debian bug 528133).
3979 * Drop 04_fix_udevsettle_call.patch: fixed upstream differently.
3980
3981 -- Kees Cook <kees@ubuntu.com> Sun, 10 May 2009 17:29:32 -0700
3982
2577cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low3983cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
25783984
2579 * New upstream svn snapshot. Highlights include:3985 * New upstream svn snapshot. Highlights include:
@@ -2615,6 +4021,67 @@ cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
26154021
2616 -- Jonas Meurer <mejo@debian.org> Mon, 06 Apr 2009 08:49:14 +02004022 -- Jonas Meurer <mejo@debian.org> Mon, 06 Apr 2009 08:49:14 +0200
26174023
4024cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low
4025
4026 * debian/control: Depend on initramfs-tools so system is not potentially
4027 rendered unbootable (LP: #358654).
4028
4029 -- Kees Cook <kees@ubuntu.com> Thu, 09 Apr 2009 12:29:31 -0700
4030
4031cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low
4032
4033 * debian/initramfs/cryptroot-script: we don't require vol_id to understand
4034 the encrypted device, but we should check the device is fully up first
4035 before continuing by calling udevadm settle. LP: #291752.
4036
4037 -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 07 Mar 2009 21:39:14 -0800
4038
4039cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low
4040
4041 * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation
4042 between fstab and crypttab (LP: #287879).
4043
4044 -- TJ <ubuntu@tjworld.net> Mon, 16 Feb 2009 23:00:00 +0000
4045
4046cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low
4047
4048 * debian/askpass.c: also handle newline escape code in console prompt.
4049
4050 -- Kees Cook <kees@ubuntu.com> Sun, 15 Feb 2009 08:57:05 -0800
4051
4052cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low
4053
4054 [ https://launchpad.net/~svenkata ]
4055 * debian/checks/un_vol_id: dynamically build the "unknown volume type"
4056 string, to allow for encrypted swap, LP: #316607
4057
4058 -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 12 Feb 2009 16:57:30 -0600
4059
4060cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low
4061
4062 * debian/askpass.c: handle newline escape code in password prompt.
4063 * debian/initramfs/cryptroot-script: add newline to split cryptroot
4064 password prompt onto two lines for readability (LP: #326900).
4065
4066 -- Kees Cook <kees@ubuntu.com> Sun, 08 Feb 2009 07:26:01 -0800
4067
4068cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low
4069
4070 * Merge from debian unstable, remaining changes:
4071 - debian/initramfs/cryptroot-script:
4072 - must source /scripts/functions to get the log_*_msg() functions.
4073 - wait for encrypted device to show up (LP 164044, 291752).
4074 - disable error message 'failed to setup lvm device' (LP 151532).
4075 - debian/rules:
4076 - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is
4077 in Debian unstable).
4078 - link dynamically (LP 62751).
4079 - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle.
4080 * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's
4081 version is higher now.
4082
4083 -- Kees Cook <kees@ubuntu.com> Tue, 06 Jan 2009 13:00:16 -0800
4084
2618cryptsetup (2:1.0.6-7) unstable; urgency=medium4085cryptsetup (2:1.0.6-7) unstable; urgency=medium
26194086
2620 * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE4087 * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE
@@ -2659,6 +4126,38 @@ cryptsetup (2:1.0.6-7) unstable; urgency=medium
26594126
2660 -- Jonas Meurer <mejo@debian.org> Wed, 17 Dec 2008 21:25:45 +01004127 -- Jonas Meurer <mejo@debian.org> Wed, 17 Dec 2008 21:25:45 +0100
26614128
4129cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low
4130
4131 * debian/initramfs/cryptroot-script: do not require that vol_id
4132 can parse the encrypted device as valid (LP: #291752).
4133
4134 -- Kees Cook <kees@ubuntu.com> Fri, 31 Oct 2008 13:10:06 -0700
4135
4136cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low
4137
4138 * Fixes for (LP: #272301)
4139 * debian/initramfs/cryptroot-script: must source /scripts/functions to get
4140 the log_*_msg() functions
4141 * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle
4142
4143 -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 19 Sep 2008 18:03:28 -0500
4144
4145cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low
4146
4147 * drop almost all ubuntu specific changes from the cryptsetup package,
4148 because they have been merged in debian. Thanks a lot!
4149 * merge from debian, remaining changes:
4150 - remove versioned build-depency on libdevmapper-dev, we are using a
4151 rather sophisticated loop for making sure the root filesystem appears.
4152 * debian/rules: fix location of ltmain.sh
4153 * don't exit usplash anymore in the init script. LP: #110970, #139363
4154 * Disable error message 'failed to setup lvm device'. It is harmless, and
4155 caused by the fact that the udev rules provided by lvm2 are setting up
4156 the lvm on their own. In debian the scripts here are responsible for this
4157 but obviously fail in ubuntu. LP: #151532
4158
4159 -- Reinhard Tartler <siretart@tauware.de> Sat, 30 Aug 2008 17:52:16 +0200
4160
2662cryptsetup (2:1.0.6-6) unstable; urgency=high4161cryptsetup (2:1.0.6-6) unstable; urgency=high
26634162
2664 * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles4163 * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles
@@ -2760,6 +4259,79 @@ cryptsetup (2:1.0.6-3) unstable; urgency=low
27604259
2761 -- Jonas Meurer <mejo@debian.org> Mon, 07 Jul 2008 00:30:07 +02004260 -- Jonas Meurer <mejo@debian.org> Mon, 07 Jul 2008 00:30:07 +0200
27624261
4262cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low
4263
4264 * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally
4265 dropped in version 2:1.0.6-2ubuntu6.
4266
4267 -- Reinhard Tartler <siretart@tauware.de> Fri, 20 Jun 2008 15:15:54 +0200
4268
4269cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low
4270
4271 [ Kjell Braden ]
4272 * load scripts/functions for log_{begin,end}_msg
4273 * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device
4274 * debian/initramfs/cryptroot-hook: copy binaries to the right directory
4275
4276 [ Reinhard Tartler ]
4277 * remove versioned build-depency on libdevmapper-dev, we are using a
4278 rather sophisticated loop for making sure the root filesystem appears.
4279
4280 -- Reinhard Tartler <siretart@tauware.de> Wed, 18 Jun 2008 00:26:43 +0200
4281
4282cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low
4283
4284 * Okay, I give up. include preprocessed manpages and adapt
4285 debian/rules to easily produce those.
4286 ATTENTION: on subsequent uploads, make sure that the manpages are
4287 available and up-to-date.
4288
4289 -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 13:33:07 +0200
4290
4291cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low
4292
4293 * also use local dtd in debian/doc/variables.xml.in.
4294
4295 -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 12:55:42 +0200
4296
4297cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low
4298
4299 * try harder to fix FTBFS.
4300
4301 -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 11:42:54 +0200
4302
4303cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low
4304
4305 * build docbook documentation using local dtds instead of trying to
4306 download them at buildtime. Fixes FTBFS.
4307
4308 -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 11:12:28 +0200
4309
4310cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low
4311
4312 * Merge new debian version. Remaining changes:
4313 - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
4314 bzr on launchpad.
4315 - debian/rules: cryptsetup is linked dynamically against libgcrypt and
4316 libgpg-error.
4317 - cryptdisks.functions: stop usplash on user input. LP #62751
4318 - Parse comments in lines not starting with '#', LP #185380
4319 - If the encrypted source device hasn't shown up yet, give it a
4320 little while to deal with removable devices. LP #164044
4321 * Depend on race-free version of libdevmapper, thus making udevsettle
4322 call from cryptsetup binary unnecessary. Dropping patch
4323 debian/patches/06_run_udevsettle.patch
4324 * remove patch from LP #73862, loading optimized modules has been solved
4325 in debian in another way.
4326 * cryptdisk.functions: remove spurious call to load_optimized_module.
4327 LP: #239946
4328 * bugfix: make regex work if keyfile has extended attributes. LP: #231339.
4329 * remove patch in cryptdisks.functions for rexecing the script itself for
4330 ensuring that a tty is always available. (See LP #58794.) According to
4331 Scott, this is not necessary anymore.
4332
4333 -- Reinhard Tartler <siretart@tauware.de> Sat, 14 Jun 2008 23:28:51 +0200
4334
2763cryptsetup (2:1.0.6-2) unstable; urgency=low4335cryptsetup (2:1.0.6-2) unstable; urgency=low
27644336
2765 [ Jonas Meurer ]4337 [ Jonas Meurer ]
@@ -2785,6 +4357,54 @@ cryptsetup (2:1.0.6-2) unstable; urgency=low
27854357
2786 -- David Härdeman <david@hardeman.nu> Mon, 26 May 2008 08:12:32 +02004358 -- David Härdeman <david@hardeman.nu> Mon, 26 May 2008 08:12:32 +0200
27874359
4360cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low
4361
4362 [ Kjell Braden ]
4363 * Fix configuration parsing (LP: #239808)
4364
4365 [ Reinhard Tartler ]
4366 * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723)
4367
4368 -- Reinhard Tartler <siretart@tauware.de> Fri, 13 Jun 2008 21:26:17 +0200
4369
4370cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low
4371
4372 * Parse comments in lines not starting with '#', LP: #185380
4373 * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough
4374 for the cryptdevice to appear. Reimplement the busy waiting loop found
4375 while waiting for the root file system. Patch based on work by Swâmi
4376 Petaramesh. LP: #164044
4377 * debian/crypdisks.functions: call 'env' with full path. LP: #178829.
4378
4379 -- Reinhard Tartler <siretart@tauware.de> Mon, 26 May 2008 22:12:32 +0200
4380
4381cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low
4382
4383 * Simplify the patch in debian/cryptdisks.functions that stops usplash
4384 before asking for a passphrase.
4385
4386 -- Reinhard Tartler <siretart@tauware.de> Mon, 26 May 2008 20:18:14 +0200
4387
4388cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low
4389
4390 * Merge new debian version. Remaining changes:
4391 - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
4392 - stop usplash on user input. LP #62751
4393 - debian/cryptdisks.functions: Always output and read from the console.
4394 LP #58794.
4395 - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
4396 bzr on launchpad.
4397 - debian/initramfs/cryptroot-hook: LP #73862
4398 Added patch to install aes optimized cypher module
4399 - try to load optimized cypher module in cryptsetup.functions as well,
4400 because cryptroot-hook is only executed when we really have a
4401 cryptoroot.
4402 * other ubuntu changes have been merged into debian. Please report bugs
4403 if you believe some patches have been dropped.
4404 * removed 07_typos_fix.patch, has been reviewed and applied upstream.
4405
4406 -- Reinhard Tartler <siretart@tauware.de> Sun, 25 May 2008 22:52:30 +0200
4407
2788cryptsetup (2:1.0.6-1) unstable; urgency=low4408cryptsetup (2:1.0.6-1) unstable; urgency=low
27894409
2790 [ Jonas Meurer ]4410 [ Jonas Meurer ]
@@ -2916,6 +4536,138 @@ cryptsetup (2:1.0.6~pre1-1) unstable; urgency=low
29164536
2917 -- Jonas Meurer <mejo@debian.org> Thu, 06 Dec 2007 15:56:05 +01004537 -- Jonas Meurer <mejo@debian.org> Thu, 06 Dec 2007 15:56:05 +0100
29184538
4539cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low
4540
4541 * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181)
4542
4543 -- Bruno Barrera Yever <bbyever@gmail.com> Mon, 07 Apr 2008 18:43:05 -0500
4544
4545cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low
4546
4547 * debian/initramfs/cryptroot-script: Do show the disk name after all, since
4548 some people use multiple encrypted partitions as LVM PVs. (LP: #201413)
4549
4550 -- Martin Pitt <martin.pitt@ubuntu.com> Sun, 06 Apr 2008 11:54:41 -0600
4551
4552cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low
4553
4554 * debian/initramfs/cryptroot-script: Do not mention the name of the
4555 encrypted device. It is just technobabble anyway (sda4_crypt), and there
4556 is just one root partition ever, so it is not needed to tell apart
4557 different partitions. From a security POV, someone who can change your
4558 initramfs to boot a different root partition can just as well change the
4559 strings, too. (LP: #201413)
4560
4561 -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 02 Apr 2008 15:51:53 +0200
4562
4563cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low
4564
4565 * debian/scripts/luksformat: Use 256 bit key size by default.
4566 (LP: #78508)
4567 * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for
4568 luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508)
4569
4570 -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 27 Feb 2008 17:43:46 +0100
4571
4572cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low
4573
4574 * Fix -x calls and access() call.
4575
4576 -- Scott James Remnant <scott@ubuntu.com> Fri, 14 Dec 2007 16:54:53 +0000
4577
4578cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low
4579
4580 * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle
4581 * debian/patches/06_call_udevsettle.dpatch: likewise
4582
4583 -- Scott James Remnant <scott@ubuntu.com> Fri, 14 Dec 2007 16:11:36 +0000
4584
4585cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low
4586
4587 * Make cryptsetup understand devices specified by UUID=... or LABEL=
4588 in crypttab. (LP: #153597)
4589
4590 -- Andrea Colangelo <warp10@libero.it> Mon, 29 Oct 2007 18:22:51 +0100
4591
4592cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low
4593
4594 * reenable additional udevsettle calls in cryptroot hook from
4595 https://launchpad.net/bugs/85640, LP: #132373.
4596 * change maintainer to ubuntu-core-dev.
4597 * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control.
4598
4599 -- Reinhard Tartler <siretart@tauware.de> Thu, 08 Nov 2007 23:52:19 +0100
4600
4601cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low
4602
4603 * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last
4604 upload. Sorry, pitti.
4605 * convert patch to lib/libdevmapper.c to a dpatch.
4606
4607 -- Reinhard Tartler <siretart@tauware.de> Sun, 04 Nov 2007 21:42:43 +0100
4608
4609cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low
4610
4611 * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation
4612 events are being processed by calling /sbin/udevsettle. Patch based on
4613 OpenSUSE bug #285478, LP: #132373.
4614 * Based on the change above, the patch from LP #85640 is no longer needed.
4615 dropping the relevant parts.
4616 * Fix debian/rules to not fail to build if autom4te.cache is left behind
4617 from a previous incomplete build.
4618
4619 -- Reinhard Tartler <siretart@tauware.de> Fri, 02 Nov 2007 20:53:31 +0100
4620
4621cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low
4622
4623 * debian/initramfs/cryptroot-script:
4624 - If the supplied password worked, remove the prompt from usplash again,
4625 so that the user has some visual feedback that everything is alright.
4626 (LP: #151305)
4627 - Do not show the UUID device node of the outer physical device. It is
4628 scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not
4629 improve security at all: If attackers can tamper with your initramfs,
4630 they can also change the prompt, and if the UUID of the physical device
4631 changes, then booting will not even get that far. Now it is a much more
4632 friendly "Enter passphrase for sda5_crypt:" which is still technical,
4633 but it's necessary to point out which device will be unlocked in case
4634 there are several.
4635
4636 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 11 Oct 2007 19:51:58 +0200
4637
4638cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low
4639
4640 * Merge new debian version. Remaining changes:
4641 - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
4642 This will break systems where /usr is a separate encrypted filesystem
4643 but not have other bad consequences (in particular, systems with
4644 encrypted root are still fine). The upsides include better
4645 security supportability and smaller packages.
4646 - libcryptsetup.so et al removed from the binary packages. They have
4647 no stable ABI and are not suitable for use by other packages, and
4648 were in violation of library policies etc. They're not needed since
4649 the cryptsetup executable statically contains the relevant parts of
4650 libcryptsetup.
4651 - cryptdisks.functions: remove #!/bin/bash as it isn't a script
4652 by itself; it's only sourced by other scripts. This gets rid
4653 of the lintian warning `script-not-executable' for this file.
4654 - stop usplash on user input. LP #62751
4655 - Always output and read from the console. LP #58794.
4656 - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
4657 bzr on launchpad.
4658 - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
4659 libnsl linkage;
4660 - debian/initramfs/cryptroot-hook: (LP: #73862)
4661 Added patch to install aes optimized cypher module
4662 - try to load optimized cypher module in cryptsetup.functions as well,
4663 because cryptroot-hook is only executed when we really have a
4664 cryptoroot.
4665 - apply patch from pitti for allowing UUIDs in /etc/crypttab.
4666 This allowes crypted PVs! LP: #144390.
4667 - remove README.ubuntu, since it contains old and obsolete information.
4668
4669 -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Oct 2007 21:31:28 +0200
4670
2919cryptsetup (2:1.0.5-2) unstable; urgency=low4671cryptsetup (2:1.0.5-2) unstable; urgency=low
29204672
2921 [ Jonas Meurer ]4673 [ Jonas Meurer ]
@@ -2964,6 +4716,68 @@ cryptsetup (2:1.0.5-2) unstable; urgency=low
29644716
2965 -- Jonas Meurer <mejo@debian.org> Mon, 24 Sep 2007 15:42:06 +02004717 -- Jonas Meurer <mejo@debian.org> Mon, 24 Sep 2007 15:42:06 +0200
29664718
4719cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low
4720
4721 * apply patch from pitti for allowing UUIDs in /etc/crypttab.
4722 This allowes crypted PVs! LP: #144390.
4723 * remove README.ubuntu, since it contains old and obsolete information.
4724
4725 -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Oct 2007 19:59:24 +0200
4726
4727cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low
4728
4729 [ Stephan Hermann ]
4730 * debian/initramfs/cryptroot-hook: (LP: #73862)
4731 - Added patch to install aes optimized cypher module
4732
4733 [ Reinhard Tartler ]
4734 * re-applying old patch to new package version
4735 * try to load optimized cypher module in cryptsetup.functions as well,
4736 because cryptroot-hook is only executed when we really have a
4737 cryptoroot.
4738
4739 -- Reinhard Tartler <siretart@tauware.de> Thu, 27 Sep 2007 19:38:48 +0200
4740
4741cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low
4742
4743 * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
4744 libnsl linkage; should finally produce a usable cryptsetup binary for
4745 the udeb.
4746
4747 -- Colin Watson <cjwatson@ubuntu.com> Wed, 19 Sep 2007 15:28:52 +0100
4748
4749cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low
4750
4751 * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for
4752 proper udeb dependencies.
4753
4754 -- Colin Watson <cjwatson@ubuntu.com> Wed, 19 Sep 2007 01:37:02 +0100
4755
4756cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low
4757
4758 * Merge new debian version. Remaining changes:
4759 - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
4760 This will break systems where /usr is a separate encrypted filesystem
4761 but not have other bad consequences (in particular, systems with
4762 encrypted root are still fine). The upsides include better
4763 security supportability and smaller packages.
4764 - libcryptsetup.so et al removed from the binary packages. They have
4765 no stable ABI and are not suitable for use by other packages, and
4766 were in violation of library policies etc. They're not needed since
4767 the cryptsetup executable statically contains the relevant parts of
4768 libcryptsetup.
4769 - cryptdisks.functions: remove #!/bin/bash as it isn't a script
4770 by itself; it's only sourced by other scripts. This gets rid
4771 of the lintian warning `script-not-executable' for this file.
4772 - stop usplash on user input. LP #62751
4773 - Always output and read from the console. LP #58794.
4774 * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
4775 bzr on launchpad.
4776 * UVF exception request granted by Scott Kitterman and Chuck Short
4777 LP: #138295
4778
4779 -- Reinhard Tartler <siretart@tauware.de> Sat, 08 Sep 2007 19:04:54 +0200
4780
2967cryptsetup (2:1.0.5-1) unstable; urgency=low4781cryptsetup (2:1.0.5-1) unstable; urgency=low
29684782
2969 [ Jonas Meurer ]4783 [ Jonas Meurer ]
@@ -2984,6 +4798,66 @@ cryptsetup (2:1.0.5-1) unstable; urgency=low
29844798
2985 -- Jonas Meurer <mejo@debian.org> Fri, 27 Jul 2007 04:59:33 +02004799 -- Jonas Meurer <mejo@debian.org> Fri, 27 Jul 2007 04:59:33 +0200
29864800
4801cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low
4802
4803 * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu
4804
4805 -- Reinhard Tartler <siretart@tauware.de> Sat, 08 Sep 2007 18:43:56 +0200
4806
4807cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low
4808
4809 * cryptsetup is linked dynamically against libgcrypt and libgpg-error.
4810 This will break systems where /usr is a separate encrypted filesystem
4811 but not have other bad consequences (in particular, systems with
4812 encrypted root are still fine). The upsides include better
4813 security supportability and smaller packages.
4814 * libcryptsetup.so et al removed from the binary packages. They have
4815 no stable ABI and are not suitable for use by other packages, and
4816 were in violation of library policies etc. They're not needed since
4817 the cryptsetup executable statically contains the relevant parts of
4818 libcryptsetup.
4819 * cryptdisks.functions: remove #!/bin/bash as it isn't a script
4820 by itself; it's only sourced by other scripts. This gets rid
4821 of the lintian warning `script-not-executable' for this file.
4822
4823 -- Ian Jackson <iwj@ubuntu.com> Fri, 31 Aug 2007 12:05:33 +0100
4824
4825cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low
4826
4827 * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions
4828 (LP: #115617)
4829
4830 -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 17:04:05 +0200
4831
4832cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low
4833
4834 * make luksformat check if filesystem is already mounted to prevent a
4835 strange error message. thanks to mvo for the patch (LP: #116633)
4836 * remove file debian/initramfs-cryptroot-script from source. it is not
4837 installed anywhere, and a leftover from the last merge.
4838 * add missing hunk of cryptsetup.functions compared to debian package.
4839 * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to
4840 debian/initramfs/cryptroot-script, since stgraber's patch has been
4841 lost in the last merge. (LP: #85640)
4842
4843 -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 15:02:57 +0200
4844
4845cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low
4846
4847 * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405)
4848
4849 -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 13:31:39 +0200
4850
4851cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low
4852
4853 * Merge from Debian unstable. Remaining Ubuntu changes:
4854 - stop usplash on user input. Ubuntu: #62751
4855 - Always output and read from the console. Ubuntu: #58794.
4856 - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
4857 * Modify Maintainer value to match Debian-Maintainer-Field Spec
4858
4859 -- Andrea Veri <bluekuja@ubuntu.com> Sun, 6 May 2007 22:33:25 +0200
4860
2987cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low4861cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low
29884862
2989 * New upstream svn snapshot with several bugfixes4863 * New upstream svn snapshot with several bugfixes
@@ -3036,6 +4910,20 @@ cryptsetup (2:1.0.4+svn26-2) unstable; urgency=low
30364910
3037 -- Jonas Meurer <mejo@debian.org> Sat, 28 Apr 2007 20:45:50 +02004911 -- Jonas Meurer <mejo@debian.org> Sat, 28 Apr 2007 20:45:50 +0200
30384912
4913cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low
4914
4915 * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
4916
4917 -- Stéphane Graber <stgraber@ubuntu.com> Thu, 14 Apr 2007 10:03:41 +0200
4918
4919cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low
4920
4921 * merge debian changes. Remaining ubuntu changes:
4922 - stop usplash on user input. Ubuntu: #62751
4923 - Always output and read from the console. Ubuntu: #58794.
4924
4925 -- Reinhard Tartler <siretart@tauware.de> Sat, 3 Feb 2007 21:30:03 +0100
4926
3039cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high4927cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high
30404928
3041 [ Jonas Meurer ]4929 [ Jonas Meurer ]
@@ -3085,6 +4973,28 @@ cryptsetup (2:1.0.4+svn16-1) unstable; urgency=medium
30854973
3086 -- Jonas Meurer <mejo@debian.org> Tue, 28 Nov 2006 18:17:12 +01004974 -- Jonas Meurer <mejo@debian.org> Tue, 28 Nov 2006 18:17:12 +0100
30874975
4976cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low
4977
4978 * fix and improve initramfs hook: terminate usplash if running, since
4979 adequate secure text input is not possible with usplash ATM
4980 * usplash support: Terminate usplash before asking a password.
4981 Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751
4982
4983 -- Reinhard Tartler <siretart@tauware.de> Wed, 24 Jan 2007 22:43:28 +0100
4984
4985cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low
4986
4987 * merge debian changes, remaining patches:
4988 - Always output and read from the console. Ubuntu: #58794.
4989 * other changes have been merged or do noy apply anymore
4990 * read password via usplash if available in initramfs for rootfs. based on a patch from
4991 Swen Thümmler (Thanks for that!) Ubuntu #62751
4992 * read password from initscript via usplash if running. should fix the
4993 rest of Ubuntu #62751. Only problem with that patch: It asks only once
4994 for the password! improvements welcome!
4995
4996 -- Reinhard Tartler <siretart@tauware.de> Sun, 19 Nov 2006 20:04:19 +0100
4997
3088cryptsetup (2:1.0.4-8) unstable; urgency=high4998cryptsetup (2:1.0.4-8) unstable; urgency=high
30894999
3090 [ Jonas Meurer ]5000 [ Jonas Meurer ]
@@ -3242,6 +5152,27 @@ cryptsetup (2:1.0.4~rc2-1) unstable; urgency=low
32425152
3243 -- Jonas Meurer <mejo@debian.org> Mon, 4 Sep 2006 03:55:35 +02005153 -- Jonas Meurer <mejo@debian.org> Mon, 4 Sep 2006 03:55:35 +0200
32445154
5155cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low
5156
5157 * Always output and read from the console. Ubuntu: #58794.
5158
5159 -- Scott James Remnant <scott@ubuntu.com> Thu, 21 Sep 2006 03:05:18 +0100
5160
5161cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low
5162
5163 * Load the dm-crypt module on startup. Ubuntu: #53475.
5164
5165 -- Scott James Remnant <scott@ubuntu.com> Wed, 23 Aug 2006 11:53:49 +0200
5166
5167cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low
5168
5169 * Sync with Debian:
5170 Remaining Ubuntu Changes
5171 + debian/cryptdisks.functions:
5172 - Tell usplash to quit if we ask for a passphrase
5173
5174 -- Sebastian Dröge <slomo@ubuntu.com> Tue, 11 Jul 2006 20:03:27 +0200
5175
3245cryptsetup (2:1.0.3-3) unstable; urgency=low5176cryptsetup (2:1.0.3-3) unstable; urgency=low
32465177
3247 [ Jonas Meurer ]5178 [ Jonas Meurer ]
diff --git a/debian/control b/debian/control
index 4b0278c..4319a20 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: cryptsetup1Source: cryptsetup
2Section: admin2Section: admin
3Priority: optional3Priority: optional
4Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>
5Uploaders: Jonas Meurer <jonas@freesources.org>,6Uploaders: Jonas Meurer <jonas@freesources.org>,
6 Guilhem Moulin <guilhem@debian.org>7 Guilhem Moulin <guilhem@debian.org>
7Rules-Requires-Root: no8Rules-Requires-Root: no
@@ -43,7 +44,8 @@ Depends: cryptsetup-bin (>= 2:1.6.0),
43 dmsetup,44 dmsetup,
44 ${misc:Depends},45 ${misc:Depends},
45 ${shlibs:Depends}46 ${shlibs:Depends}
46Suggests: cryptsetup-initramfs, dosfstools, keyutils, liblocale-gettext-perl47Recommends: cryptsetup-initramfs
48Suggests: dosfstools, keyutils, liblocale-gettext-perl
47Description: disk encryption support - startup scripts49Description: disk encryption support - startup scripts
48 Cryptsetup provides an interface for configuring encryption on block50 Cryptsetup provides an interface for configuring encryption on block
49 devices (such as /home or swap partitions), using the Linux kernel51 devices (such as /home or swap partitions), using the Linux kernel
@@ -92,11 +94,11 @@ Description: disk encryption support - experimental SSH token handler
9294
93Package: cryptsetup-initramfs95Package: cryptsetup-initramfs
94Architecture: all96Architecture: all
95Depends: busybox | busybox-static,97Depends: busybox-initramfs,
96 cryptsetup (>= ${source:Version}),98 cryptsetup (>= ${source:Version}),
97 initramfs-tools (>= 0.137) | linux-initramfs-tool,99 initramfs-tools (>= 0.137) | linux-initramfs-tool,
98 ${misc:Depends}100 ${misc:Depends}
99Recommends: console-setup, kbd101Recommends: console-setup, kbd, plymouth
100Breaks: cryptsetup (<< 2:2.0.3-1)102Breaks: cryptsetup (<< 2:2.0.3-1)
101Replaces: cryptsetup (<< 2:2.0.3-1)103Replaces: cryptsetup (<< 2:2.0.3-1)
102Conflicts: lvm2 (<< 2.03.15-1)104Conflicts: lvm2 (<< 2.03.15-1)
@@ -109,7 +111,7 @@ Description: disk encryption support - initramfs integration
109 This package provides initramfs integration for cryptsetup.111 This package provides initramfs integration for cryptsetup.
110112
111Package: cryptsetup-suspend113Package: cryptsetup-suspend
112Architecture: linux-any114Architecture: amd64 arm64 armhf ppc64el riscv64 s390x
113Multi-Arch: foreign115Multi-Arch: foreign
114Depends: cryptsetup-initramfs (>= ${source:Version}),116Depends: cryptsetup-initramfs (>= ${source:Version}),
115 initramfs-tools-core,117 initramfs-tools-core,
diff --git a/debian/functions b/debian/functions
index 917abad..73f5f2a 100644
--- a/debian/functions
+++ b/debian/functions
@@ -603,6 +603,7 @@ _resolve_device() {
603# Print the major:minor device ID(s) holding the file system currently603# Print the major:minor device ID(s) holding the file system currently
604# mounted currenty mounted on $mountpoint.604# mounted currenty mounted on $mountpoint.
605# Return 0 on success, 1 on error (if $mountpoint is not a mountpoint).605# Return 0 on success, 1 on error (if $mountpoint is not a mountpoint).
606# devno will be empty if the filesystem must be excluded.
606get_mnt_devno() {607get_mnt_devno() {
607 local wantmount="$1" devnos="" uuid dev IFS608 local wantmount="$1" devnos="" uuid dev IFS
608 local spec mountpoint fstype _ DEV MAJ MIN609 local spec mountpoint fstype _ DEV MAJ MIN
@@ -616,8 +617,15 @@ get_mnt_devno() {
616 # take the last mountpoint if used several times (shadowed)617 # take the last mountpoint if used several times (shadowed)
617 unset -v devnos618 unset -v devnos
618 spec="$(printf '%b' "$spec")"619 spec="$(printf '%b' "$spec")"
619 _resolve_device "$spec" || continue # _resolve_device() already warns on error
620 fstype="$(printf '%b' "$fstype")"620 fstype="$(printf '%b' "$fstype")"
621 if [ "$fstype" = "zfs" ]; then
622 # Ignore ZFS entries as they don't have a major/minor and won't
623 # be imported when local-top cryptroot script will ran.
624 # Returns success with empty devno
625 printf ''
626 return 0
627 fi
628 _resolve_device "$spec" || continue # _resolve_device() already warns on error
621 if [ "$fstype" = "btrfs" ]; then629 if [ "$fstype" = "btrfs" ]; then
622 # btrfs can span over multiple devices630 # btrfs can span over multiple devices
623 if uuid="$(_device_uuid "$DEV")"; then631 if uuid="$(_device_uuid "$DEV")"; then
diff --git a/debian/initramfs/cryptroot-unlock b/debian/initramfs/cryptroot-unlock
index dbc2ad0..0e91701 100644
--- a/debian/initramfs/cryptroot-unlock
+++ b/debian/initramfs/cryptroot-unlock
@@ -40,8 +40,14 @@ fi
40pgrep_exe() {40pgrep_exe() {
41 local exe pid41 local exe pid
42 exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 042 exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0
43 ps -eo pid= | while read pid; do43 ps | awk '{print $1, $5}' | while read LINE; do
44 [ "$(readlink -f "/proc/$pid/exe")" != "$exe" ] || printf '%d\n' "$pid"44 set $LINE
45 local pid=$1
46 local cmd=$(readlink -f -- "$2")
47 if [ "$cmd" == "$exe" ]; then
48 echo $pid
49 break
50 fi
45 done51 done
46}52}
4753
@@ -101,7 +107,7 @@ wait_for_prompt() {
101 break107 break
102 fi108 fi
103109
104 usleep 100000110 sleep 0.1
105 timer=$(( $timer - 1 ))111 timer=$(( $timer - 1 ))
106 if [ $timer -le 0 ]; then112 if [ $timer -le 0 ]; then
107 echo "Error: Timeout reached while waiting for askpass." >&2113 echo "Error: Timeout reached while waiting for askpass." >&2
@@ -112,7 +118,7 @@ wait_for_prompt() {
112 # find the cryptsetup process with same $CRYPTTAB_NAME118 # find the cryptsetup process with same $CRYPTTAB_NAME
113 local o v119 local o v
114 for o in NAME TRIED OPTION_tries; do120 for o in NAME TRIED OPTION_tries; do
115 if v="$(grep -z -m1 "^CRYPTTAB_$o=" "/proc/$pid/environ")"; then121 if v="$(tr '\0' '\n' < "/proc/$pid/environ" | grep -m1 "^CRYPTTAB_$o=")"; then
116 eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}"122 eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}"
117 else123 else
118 eval unset -v "CRYPTTAB_$o"124 eval unset -v "CRYPTTAB_$o"
@@ -128,7 +134,7 @@ wait_for_prompt() {
128 fi134 fi
129135
130 for pid in $(pgrep_exe "/sbin/cryptsetup"); do136 for pid in $(pgrep_exe "/sbin/cryptsetup"); do
131 if grep -Fxqz "CRYPTTAB_NAME=$CRYPTTAB_NAME" "/proc/$pid/environ"; then137 if tr '\0' '\n' < "/proc/$pid/environ" | grep -Fxq "CRYPTTAB_NAME=$CRYPTTAB_NAME"; then
132 PID=$pid138 PID=$pid
133 BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break139 BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break
134 return 0140 return 0
@@ -148,7 +154,7 @@ wait_for_prompt() {
148wait_for_answer() {154wait_for_answer() {
149 local timer=$(( 10 * $TIMEOUT )) b155 local timer=$(( 10 * $TIMEOUT )) b
150 while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do156 while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do
151 usleep 100000157 sleep 0.1
152 timer=$(( $timer - 1 ))158 timer=$(( $timer - 1 ))
153 if [ $timer -le 0 ]; then159 if [ $timer -le 0 ]; then
154 echo "Error: Timeout reached while waiting for PID $PID." >&2160 echo "Error: Timeout reached while waiting for PID $PID." >&2
diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot
index c16f7c2..87a3589 100644
--- a/debian/initramfs/hooks/cryptroot
+++ b/debian/initramfs/hooks/cryptroot
@@ -178,16 +178,18 @@ generate_initrd_crypttab() {
178178
179 {179 {
180 if devnos="$(get_mnt_devno /)"; then180 if devnos="$(get_mnt_devno /)"; then
181 usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos181 if [ -n "$devnos" ]; then
182 usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos
183 fi
182 else184 else
183 cryptsetup_message "WARNING: Couldn't determine root device"185 cryptsetup_message "WARNING: Couldn't determine root device"
184 fi186 fi
185187
186 if devnos="$(get_resume_devno)"; then188 if devnos="$(get_resume_devno)" && [ -n "$devnos" ]; then
187 usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos189 usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos
188 fi190 fi
189191
190 if devnos="$(get_mnt_devno /usr)"; then192 if devnos="$(get_mnt_devno /usr)" && [ -n "$devnos" ]; then
191 usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos193 usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos
192 fi194 fi
193195
diff --git a/debian/rules b/debian/rules
index 757085c..461e844 100755
--- a/debian/rules
+++ b/debian/rules
@@ -29,6 +29,7 @@ override_dh_auto_configure:
29 --with-tmpfilesdir=/usr/lib/tmpfiles.d \29 --with-tmpfilesdir=/usr/lib/tmpfiles.d \
30 --enable-libargon2 \30 --enable-libargon2 \
31 --enable-shared \31 --enable-shared \
32 --enable-fips \
32 --enable-cryptsetup-reencrypt33 --enable-cryptsetup-reencrypt
3334
34execute_after_dh_auto_build:35execute_after_dh_auto_build:
@@ -87,8 +88,10 @@ override_dh_bugfiles:
87execute_after_dh_fixperms-arch:88execute_after_dh_fixperms-arch:
88 chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/*89 chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/*
89 chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_*90 chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_*
91ifneq ($(DEB_HOST_ARCH),i386)
90 chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper92 chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
91 chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown93 chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
94endif
92ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES)))95ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES)))
93 chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/*96 chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/*
94 chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_*97 chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_*
diff --git a/debian/tests/control b/debian/tests/control
index 52752a3..0b7e9be 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -42,8 +42,9 @@ Depends: cryptsetup-bin,
42 sshpass42 sshpass
43Restrictions: needs-root, isolation-machine43Restrictions: needs-root, isolation-machine
4444
4545# cryptdisks test is disabled - it fails to open /dev/tty in CI
46Tests: cryptdisks, cryptdisks.init46#Tests: cryptdisks, cryptdisks.init
47Tests: cryptdisks.init
47Depends: cryptsetup, xxd48Depends: cryptsetup, xxd
48Restrictions: allow-stderr, needs-root, isolation-machine49Restrictions: allow-stderr, needs-root, isolation-machine
4950
diff --git a/debian/tests/cryptroot-lvm.d/mock b/debian/tests/cryptroot-lvm.d/mock
index f57e42f..f777763 100755
--- a/debian/tests/cryptroot-lvm.d/mock
+++ b/debian/tests/cryptroot-lvm.d/mock
@@ -36,8 +36,13 @@ else {
36 expect($SERIAL => qr/(?:^|\s)?PM: suspend exit\r\n/m);36 expect($SERIAL => qr/(?:^|\s)?PM: suspend exit\r\n/m);
37 unlock_disk("topsecret");37 unlock_disk("topsecret");
3838
39 # consume PS1 to make sure we're at a shell prompt39 # suspend() leaves clutter in the console due to the retries
40 expect($CONSOLE => qr/\A $PS1 \z/aamsx);40 # that prevents test from succeeding.
41 consume($CONSOLE);
42
43 # ensure that shell is available
44 shell(q{echo ready}, rv => 0);
45
41 my $out = shell(q{dmsetup info -c --noheadings -omangled_name,suspended --separator ' '});46 my $out = shell(q{dmsetup info -c --noheadings -omangled_name,suspended --separator ' '});
42 die if grep !/[:[:blank:]]Active$/i, split(/\r?\n/, $out);47 die if grep !/[:[:blank:]]Active$/i, split(/\r?\n/, $out);
4348
diff --git a/debian/tests/cryptroot-nested.d/config b/debian/tests/cryptroot-nested.d/config
index 995200c..fcfba32 100644
--- a/debian/tests/cryptroot-nested.d/config
+++ b/debian/tests/cryptroot-nested.d/config
@@ -1,6 +1,13 @@
1PKGS_EXTRA+=( btrfs-progs lvm2 mdadm )1PKGS_EXTRA+=( btrfs-progs lvm2 mdadm )
2PKGS_EXTRA+=( cryptsetup-initramfs )2PKGS_EXTRA+=( cryptsetup-initramfs )
33
4# "$DISTRIBUTOR_ID" is defined in ../utils/cryptroot-common
5# Workaround for LP1831747 https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1831747
6# Add implicit dependency of cryptsetup-initramfs
7if [ "$DISTRIBUTOR_ID" = "ubuntu" ]; then
8 PKGS_EXTRA+=( e2fsprogs )
9fi
10
4# /dev/mapper/testvg-lv1_crypt and /dev/vdc are both 1G and used in RAID1 mode11# /dev/mapper/testvg-lv1_crypt and /dev/vdc are both 1G and used in RAID1 mode
5DRIVE_SIZES=( "1G" "264M" "1G" "512M" )12DRIVE_SIZES=( "1G" "264M" "1G" "512M" )
613
diff --git a/debian/tests/cryptroot-sysvinit.d/config b/debian/tests/cryptroot-sysvinit.d/config
index f6b7392..1d41c24 100644
--- a/debian/tests/cryptroot-sysvinit.d/config
+++ b/debian/tests/cryptroot-sysvinit.d/config
@@ -1,5 +1,10 @@
1PKGS_EXTRA+=( e2fsprogs ) # for fsck.ext41PKGS_EXTRA+=( e2fsprogs ) # for fsck.ext4
2PKGS_EXTRA+=( cryptsetup-initramfs cryptsetup )2PKGS_EXTRA+=( cryptsetup-initramfs cryptsetup )
3PKG_INIT="sysvinit-core"3# "$DISTRIBUTOR_ID" is defined in ../utils/cryptroot-common
44case "$DISTRIBUTOR_ID" in
5 debian) PKG_INIT="sysvinit-core";;
6 ubuntu) PKG_INIT="systemd-sysv";;
7 *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't determine default init package" >&2;
8 exit 1;;
9esac
5# vim: set filetype=bash :10# vim: set filetype=bash :
diff --git a/debian/tests/initramfs-hook b/debian/tests/initramfs-hook
index 4171102..f58e6f5 100755
--- a/debian/tests/initramfs-hook
+++ b/debian/tests/initramfs-hook
@@ -63,6 +63,20 @@ mkinitramfs() {
63 # `mkinitramfs -k` would be better but we can't set $DESTDIR in advance63 # `mkinitramfs -k` would be better but we can't set $DESTDIR in advance
64 cleanup_initrd_dir64 cleanup_initrd_dir
65 command unmkinitramfs "$INITRD_IMG" "$INITRD_DIR"65 command unmkinitramfs "$INITRD_IMG" "$INITRD_DIR"
66
67 # find subdirectory with the root file system relative to the cryptsetup location
68 CRYPTSETUP_PATH=sbin/cryptsetup
69 ROOTFS_DIR=`find "$INITRD_DIR" -name cryptsetup | grep "/usr/$CRYPTSETUP_PATH" | sed -e "s|/usr/$CRYPTSETUP_PATH||"`
70
71 if [[ -z "$ROOTFS_DIR" ]]; then
72 ROOTFS_DIR=`find "$INITRD_DIR" -name cryptsetup | grep "/$CRYPTSETUP_PATH" | sed -e "s|/$CRYPTSETUP_PATH||"`
73 fi
74
75 if [[ ! -z "$ROOTFS_DIR" ]] && [[ "$ROOTFS_DIR" != "$INITRD_DIR" ]] && [[ -d "$ROOTFS_DIR" ]]; then
76 echo move root filesystem from "$ROOTFS_DIR" to "$INITRD_DIR"
77 mv "$ROOTFS_DIR"/* "$INITRD_DIR"
78 fi
79
66 for d in dev proc sys; do80 for d in dev proc sys; do
67 mkdir -p "$INITRD_DIR/$d"81 mkdir -p "$INITRD_DIR/$d"
68 mount --bind "/$d" "$INITRD_DIR/$d"82 mount --bind "/$d" "$INITRD_DIR/$d"
@@ -190,9 +204,9 @@ cryptsetup close test3_crypt
190# plain, blowfish + ripemd160 (ignored due to keyfile)204# plain, blowfish + ripemd160 (ignored due to keyfile)
191disk_setup205disk_setup
192head -c32 /dev/urandom >"$TMPDIR/keyfile"206head -c32 /dev/urandom >"$TMPDIR/keyfile"
193cryptsetup open --type=plain --cipher="blowfish" --key-file="$TMPDIR/keyfile" --size=256 --hash="ripemd160" "$CRYPT_DEV" test3_crypt207cryptsetup open --type=plain --cipher="blowfish" --key-file="$TMPDIR/keyfile" --hash="ripemd160" "$CRYPT_DEV" test3_crypt
194mkfs.ext2 -m0 /dev/mapper/test3_crypt208mkfs.ext2 -m0 /dev/mapper/test3_crypt
195echo "test3_crypt $CRYPT_DEV $TMPDIR/keyfile plain,cipher=blowfish,hash=ripemd160,size=256,initramfs" >/etc/crypttab209echo "test3_crypt $CRYPT_DEV $TMPDIR/keyfile plain,cipher=blowfish,hash=ripemd160,initramfs" >/etc/crypttab
196mkinitramfs210mkinitramfs
197legacy_so="$(find "$INITRD_DIR" -xdev -type f -path "*/ossl-modules/legacy.so")"211legacy_so="$(find "$INITRD_DIR" -xdev -type f -path "*/ossl-modules/legacy.so")"
198test -z "$legacy_so" || exit 1 # don't need legacy.so here212test -z "$legacy_so" || exit 1 # don't need legacy.so here
diff --git a/debian/tests/utils/cryptroot-common b/debian/tests/utils/cryptroot-common
index a7df37f..8cedda0 100755
--- a/debian/tests/utils/cryptroot-common
+++ b/debian/tests/utils/cryptroot-common
@@ -81,6 +81,7 @@ load_os_release() {
81}81}
82case "${DISTRIBUTOR_ID:="$(load_os_release && printf "%s" "${ID,,[A-Z]}")"}" in82case "${DISTRIBUTOR_ID:="$(load_os_release && printf "%s" "${ID,,[A-Z]}")"}" in
83 debian) APT_REPO_ORIGIN="Debian"; APT_REPO_URI="http://deb.debian.org/debian";;83 debian) APT_REPO_ORIGIN="Debian"; APT_REPO_URI="http://deb.debian.org/debian";;
84 ubuntu) APT_REPO_ORIGIN="Ubuntu"; APT_REPO_URI="http://archive.ubuntu.com/ubuntu";;
84 # suitable values for derivative can be added here85 # suitable values for derivative can be added here
85 *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract APT origin" >&2;86 *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract APT origin" >&2;
86 exit 1;;87 exit 1;;
@@ -164,6 +165,12 @@ case "$BOOT" in
164 efi) PKG_BOOTLOADER="grub-efi";;165 efi) PKG_BOOTLOADER="grub-efi";;
165 *) echo "ERROR unknown boot method '$BOOT'" >&2; exit 1;;166 *) echo "ERROR unknown boot method '$BOOT'" >&2; exit 1;;
166esac167esac
168
169if [ "$DISTRIBUTOR_ID" = "ubuntu" ]; then
170 echo "Overriding kernel arch to generic"
171 KERNEL_ARCH="generic"
172fi
173
167PKG_KERNEL="linux-image-$KERNEL_ARCH"174PKG_KERNEL="linux-image-$KERNEL_ARCH"
168PKG_INIT="systemd-sysv" # default pid1175PKG_INIT="systemd-sysv" # default pid1
169MERGED_USR="" # use default layout for the target version176MERGED_USR="" # use default layout for the target version
@@ -301,6 +308,12 @@ setup_apt() {
301 esac >"$TEMPDIR/apt/sources.list"308 esac >"$TEMPDIR/apt/sources.list"
302 fi309 fi
303310
311 # ubuntu CI populates sources.list.d with PPA source, append them to the list
312 if [ "$DISTRIBUTOR_ID" = "ubuntu" -a -d /etc/apt/sources.list.d ]; then
313 echo "Append contents of /etc/apt/sources.list.d to $TEMPDIR/apt/sources.list"
314 find /etc/apt/sources.list.d -type f | xargs cat >> "$TEMPDIR/apt/sources.list"
315 fi
316
304 local apt_repo317 local apt_repo
305 for apt_repo in "${EXTRA_REPOS[@]}"; do318 for apt_repo in "${EXTRA_REPOS[@]}"; do
306 printf "%s\\n" "$apt_repo" >>"$TEMPDIR/apt/sources.list"319 printf "%s\\n" "$apt_repo" >>"$TEMPDIR/apt/sources.list"
@@ -416,9 +429,20 @@ extract_kernel() {
416 fi429 fi
417430
418 mkdir "$destdir"431 mkdir "$destdir"
419 dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \432 if [ "$DISTRIBUTOR_ID" == "debian" ]; then
420 "./boot/vmlinuz-$KERNEL_VERSION" \433 dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \
421 "./lib/modules/$KERNEL_VERSION"434 "./boot/vmlinuz-$KERNEL_VERSION" \
435 "./lib/modules/$KERNEL_VERSION"
436 elif [ "$DISTRIBUTOR_ID" == "ubuntu" ]; then
437 dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \
438 "./boot/vmlinuz-$KERNEL_VERSION"; MODULES_DEB="$(echo $KERNEL_DEB | sed s/-image-/-modules-/)"; \
439 dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$MODULES_DEB" | tar -C "$destdir" -xf- \
440 "./lib/modules/$KERNEL_VERSION"
441 else
442 echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract kernel" >&2
443 exit 1
444 fi
445
422 ln -T -- "$destdir/boot/vmlinuz-$KERNEL_VERSION" "$TEMPDIR/vmlinuz-$KERNEL_VERSION"446 ln -T -- "$destdir/boot/vmlinuz-$KERNEL_VERSION" "$TEMPDIR/vmlinuz-$KERNEL_VERSION"
423}447}
424448
diff --git a/debian/tests/utils/mkinitramfs b/debian/tests/utils/mkinitramfs
index 6bc70f4..84eeb4b 100755
--- a/debian/tests/utils/mkinitramfs
+++ b/debian/tests/utils/mkinitramfs
@@ -65,6 +65,8 @@ if [ "$BOOT" = "efi" ]; then
65 MODULES="$MODULES efivarfs nls_ascii nls_cp437 vfat"65 MODULES="$MODULES efivarfs nls_ascii nls_cp437 vfat"
66fi66fi
6767
68find "$EXTRACT_DIR" -name '*.zst' -exec zstd -d {} \;
69
68depmod -ab "$EXTRACT_DIR" "$KERNEL_VERSION"70depmod -ab "$EXTRACT_DIR" "$KERNEL_VERSION"
69for kmod in virtio_console virtio_blk virtio_pci virtio_rng \71for kmod in virtio_console virtio_blk virtio_pci virtio_rng \
70 "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/arch/*/crypto/*.ko* \72 "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/arch/*/crypto/*.ko* \
diff --git a/debian/tests/utils/mock.pm b/debian/tests/utils/mock.pm
index 10db3e6..2425d87 100644
--- a/debian/tests/utils/mock.pm
+++ b/debian/tests/utils/mock.pm
@@ -97,6 +97,26 @@ sub expect(;$$) {
97 #print STDERR "INFO done reading\n";97 #print STDERR "INFO done reading\n";
98}98}
9999
100sub consume($) {
101 my $chan = shift;
102 my $buffer = defined $chan ? \$BUFFER{$chan} : undef;
103 if (! defined $buffer) {
104 return;
105 }
106
107 while(unpack("b*", $RBITS) != 0) {
108 my $rout = $RBITS;
109 if (select($rout, undef, undef, 1) == -1) {
110 return;
111 }
112 read_data($rout);
113 if (length($$buffer) == 0) {
114 return;
115 }
116 $$buffer = "";
117 }
118}
119
100sub write_data($$%) {120sub write_data($$%) {
101 my $chan = shift;121 my $chan = shift;
102 my $data = shift;122 my $data = shift;
@@ -167,11 +187,13 @@ BEGIN {
167 hibernate187 hibernate
168 poweroff188 poweroff
169 expect189 expect
190 consume
170 /;191 /;
171}192}
172193
173*expect = \&CryptrootTest::Utils::expect;194*expect = \&CryptrootTest::Utils::expect;
174*write_data = \&CryptrootTest::Utils::write_data;195*write_data = \&CryptrootTest::Utils::write_data;
196*consume = \&CryptrootTest::Utils::consume;
175197
176sub unlock_disk($) {198sub unlock_disk($) {
177 my $passphrase = shift;199 my $passphrase = shift;
@@ -228,7 +250,9 @@ sub shell($%) {
228250
229# enter S3 sleep state (suspend to ram aka standby)251# enter S3 sleep state (suspend to ram aka standby)
230sub suspend() {252sub suspend() {
231 write_data($CONSOLE => q{systemctl suspend});253 # there is a race condition that causes suspend to fail.
254 # retry until success. Note, this may leave clutter in the console
255 write_data($CONSOLE => q{until systemctl suspend; do sleep 1; done});
232 # while the command is asynchronous the system might suspend before256 # while the command is asynchronous the system might suspend before
233 # we have a chance to read the next $PS1257 # we have a chance to read the next $PS1
234258

Subscribers

People subscribed via source and target branches