Merge ~mwhudson/ubuntu/+source/cryptsetup:merge into ubuntu/+source/cryptsetup:debian/sid
- Git
- lp:~mwhudson/ubuntu/+source/cryptsetup
- merge
- Merge into debian/sid
Status: | Needs review | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Proposed branch: | ~mwhudson/ubuntu/+source/cryptsetup:merge | ||||||||||||
Merge into: | ubuntu/+source/cryptsetup:debian/sid | ||||||||||||
Diff against target: |
2287 lines (+1775/-33) 11 files modified
debian/changelog (+1603/-0) debian/control (+4/-3) debian/cryptsetup-initramfs.install (+1/-0) debian/functions (+11/-1) debian/initramfs/cryptroot-unlock (+12/-6) debian/initramfs/hooks/cryptroot (+5/-3) debian/initramfs/scripts/local-block/cryptroot (+4/-0) debian/initramfs/scripts/local-bottom/cryptroot (+23/-0) debian/initramfs/scripts/local-top/cryptroot (+56/-20) debian/patches/decrease_memlock_ulimit.patch (+55/-0) debian/patches/series (+1/-0) |
||||||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Guilherme G. Piccoli (community) | Approve | ||
git-ubuntu developers | Pending | ||
Review via email: mp+393521@code.launchpad.net |
Commit message
Description of the change
Guilherme G. Piccoli (gpiccoli) wrote : | # |
Thanks Michael, I've reviewed the MD/retry logic and the FTBFS fix, it's all fine / correctly backported!
Cheers,
Guilherme
Unmerged commits
- 730d330... by Michael Hudson-Doyle
-
update-maintainer
- 540f02c... by Michael Hudson-Doyle
-
reconstruct-
changelog - 434ed6d... by Michael Hudson-Doyle
-
merge-changelogs
- 71abcb1... by Michael Hudson-Doyle
-
- debian/rules:
- fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
without systemd knows how to ship cryptsetup.conf - 5adf727... by Michael Hudson-Doyle
-
- included in Debian:
- debian/cryptsetup- bin.install:
- Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
it was installed from ./scripts/crypsetup. conf. - df18e43... by Michael Hudson-Doyle
-
* Dropped changes:
- Included in new upstream version:
- SECURITY UPDATE: Out-of-bounds write
- debian/patches/ CVE-2020- 14382-* .patch: check segment gaps regardless of
heap space in lib/luks2/luks2_json_ metadata. c.
- CVE-2020-14382 - f307b13... by Michael Hudson-Doyle
-
- Introduce retry logic for external invocations after mdadm (LP: #1879980)
- Currently, if an encrypted rootfs is configured on top of a MD RAID1
array and such array gets degraded (e.g., a member is removed/failed)
the cryptsetup scripts cannot mount the rootfs, and the boot fails.
We fix that issue here by allowing the cryptroot script to be re-run
by initramfs-tools/local- block stage, as mdadm can activate degraded
arrays at that stage.
There is an initramfs-tools counter-part for this fix, but alone the
cryptsetup portion is harmless.
- d/cryptsetup-initramfs. install: ship the new local-bottom script.
- d/functions: declare variables for local-top|block|bottom scripts
(flag that local-block is running and external invocation counter.)
- d/i/s/local-block/cryptroot : set flag that local-block is running.
- d/i/s/local-bottom/ cryptroot: clean up the flag and counter files.
- d/i/s/local-top/cryptroot: change the logic from just waiting 180
seconds to waiting 5 seconds first, then allowing initramfs-tools
to run mdadm (to activate degraded arrays) and call back at least
30 times/seconds more. - 951dc07... by Michael Hudson-Doyle
-
- debian/
patches/ decrease_ memlock_ ulimit. patch
Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
tests/luks2-validatio n.test, tests/compat-test, tests/tcrypt- compat- test.
- Thanks Guilherme G. Piccoli. - 8a58330... by Michael Hudson-Doyle
-
- Fix warning and error when running on ZFS on root: (LP: #1830110)
- d/functions: Return an empty devno for ZFS devices as they don't have
major:minor device numbers.
- d/initramfs/hooks/cryptroot : Ignore and don't print an error message when
devices don't have a devno.
Submitted to debian upstream as bug #902449. - 3adacbd... by Michael Hudson-Doyle
-
- Fix cryptroot-unlock for busybox compatibility.
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 96d015b..0a4dfba 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,54 @@ |
6 | +cryptsetup (2:2.3.4-1ubuntu1) hirsute; urgency=medium |
7 | + |
8 | + * Merge with Debian unstable. Remaining changes: |
9 | + - debian/control: |
10 | + + Recommend plymouth. |
11 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
12 | + - Fix cryptroot-unlock for busybox compatibility. |
13 | + - Fix warning and error when running on ZFS on root: (LP #1830110) |
14 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
15 | + major:minor device numbers. |
16 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when |
17 | + devices don't have a devno. |
18 | + Submitted to debian upstream as bug #902449. |
19 | + - debian/patches/decrease_memlock_ulimit.patch |
20 | + Fixed FTBFS due a restrict environment in the new Bionic Builder (LP #1891473) |
21 | + tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test. |
22 | + - Thanks Guilherme G. Piccoli. |
23 | + - Introduce retry logic for external invocations after mdadm (LP #1879980) |
24 | + - Currently, if an encrypted rootfs is configured on top of a MD RAID1 |
25 | + array and such array gets degraded (e.g., a member is removed/failed) |
26 | + the cryptsetup scripts cannot mount the rootfs, and the boot fails. |
27 | + We fix that issue here by allowing the cryptroot script to be re-run |
28 | + by initramfs-tools/local-block stage, as mdadm can activate degraded |
29 | + arrays at that stage. |
30 | + There is an initramfs-tools counter-part for this fix, but alone the |
31 | + cryptsetup portion is harmless. |
32 | + - d/cryptsetup-initramfs.install: ship the new local-bottom script. |
33 | + - d/functions: declare variables for local-top|block|bottom scripts |
34 | + (flag that local-block is running and external invocation counter.) |
35 | + - d/i/s/local-block/cryptroot: set flag that local-block is running. |
36 | + - d/i/s/local-bottom/cryptroot: clean up the flag and counter files. |
37 | + - d/i/s/local-top/cryptroot: change the logic from just waiting 180 |
38 | + seconds to waiting 5 seconds first, then allowing initramfs-tools |
39 | + to run mdadm (to activate degraded arrays) and call back at least |
40 | + 30 times/seconds more. |
41 | + * Dropped changes: |
42 | + - Included in new upstream version: |
43 | + - SECURITY UPDATE: Out-of-bounds write |
44 | + - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of |
45 | + heap space in lib/luks2/luks2_json_metadata.c. |
46 | + - CVE-2020-14382 |
47 | + - included in Debian: |
48 | + - debian/cryptsetup-bin.install: |
49 | + - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where |
50 | + it was installed from ./scripts/crypsetup.conf. |
51 | + - debian/rules: |
52 | + - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even |
53 | + without systemd knows how to ship cryptsetup.conf |
54 | + |
55 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 10 Nov 2020 10:37:25 +1300 |
56 | + |
57 | cryptsetup (2:2.3.4-1) unstable; urgency=high |
58 | |
59 | * New upstream bugfix release, including fix for CVE-2020-14382: |
60 | @@ -21,6 +72,80 @@ cryptsetup (2:2.3.3-2) unstable; urgency=medium |
61 | |
62 | -- Guilhem Moulin <guilhem@debian.org> Wed, 12 Aug 2020 00:22:59 +0200 |
63 | |
64 | +cryptsetup (2:2.3.3-1ubuntu6) groovy; urgency=medium |
65 | + |
66 | + * Introduce retry logic for external invocations after mdadm (LP: #1879980) |
67 | + - Currently, if an encrypted rootfs is configured on top of a MD RAID1 |
68 | + array and such array gets degraded (e.g., a member is removed/failed) |
69 | + the cryptsetup scripts cannot mount the rootfs, and the boot fails. |
70 | + We fix that issue here by allowing the cryptroot script to be re-run |
71 | + by initramfs-tools/local-block stage, as mdadm can activate degraded |
72 | + arrays at that stage. |
73 | + There is an initramfs-tools counter-part for this fix, but alone the |
74 | + cryptsetup portion is harmless. |
75 | + - d/cryptsetup-initramfs.install: ship the new local-bottom script. |
76 | + - d/functions: declare variables for local-top|block|bottom scripts |
77 | + (flag that local-block is running and external invocation counter.) |
78 | + - d/i/s/local-block/cryptroot: set flag that local-block is running. |
79 | + - d/i/s/local-bottom/cryptroot: clean up the flag and counter files. |
80 | + - d/i/s/local-top/cryptroot: change the logic from just waiting 180 |
81 | + seconds to waiting 5 seconds first, then allowing initramfs-tools |
82 | + to run mdadm (to activate degraded arrays) and call back at least |
83 | + 30 times/seconds more. |
84 | + |
85 | + -- Guilherme G. Piccoli <gpiccoli@canonical.com> Wed, 16 Sep 2020 17:35:59 -0300 |
86 | + |
87 | +cryptsetup (2:2.3.3-1ubuntu5) groovy; urgency=medium |
88 | + |
89 | + * SECURITY UPDATE: Out-of-bounds write |
90 | + - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of |
91 | + heap space in lib/luks2/luks2_json_metadata.c. |
92 | + - CVE-2020-14382 |
93 | + * debian/patches/decrease_memlock_ulimit.patch |
94 | + Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473) |
95 | + tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test. |
96 | + - Thanks Guilherme G. Piccoli. |
97 | + |
98 | + -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Wed, 09 Sep 2020 09:29:17 -0300 |
99 | + |
100 | +cryptsetup (2:2.3.3-1ubuntu4) groovy; urgency=medium |
101 | + |
102 | + * No change rebuild against new json-c ABI. |
103 | + |
104 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 28 Jul 2020 17:42:50 +0100 |
105 | + |
106 | +cryptsetup (2:2.3.3-1ubuntu3) groovy; urgency=medium |
107 | + |
108 | + * debian/rules: |
109 | + - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even |
110 | + without systemd knows how to ship cryptsetup.conf |
111 | + |
112 | + -- Didier Roche <didrocks@ubuntu.com> Thu, 18 Jun 2020 11:44:50 +0200 |
113 | + |
114 | +cryptsetup (2:2.3.3-1ubuntu2) groovy; urgency=medium |
115 | + |
116 | + * debian/cryptsetup-bin.install: |
117 | + - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where |
118 | + it was installed from ./scripts/crypsetup.conf. |
119 | + * Fix warning and error when running on ZFS on root: (LP: #1830110) |
120 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
121 | + major:minor device numbers. |
122 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when |
123 | + devices don't have a devno. |
124 | + Submitted to debian upstream as bug #902449. |
125 | + |
126 | + -- Didier Roche <didrocks@ubuntu.com> Thu, 18 Jun 2020 10:12:10 +0200 |
127 | + |
128 | +cryptsetup (2:2.3.3-1ubuntu1) groovy; urgency=low |
129 | + |
130 | + * Merge from Debian unstable. Remaining changes: |
131 | + - debian/control: |
132 | + + Recommend plymouth. |
133 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
134 | + - Fix cryptroot-unlock for busybox compatibility. |
135 | + |
136 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 09 Jun 2020 10:40:32 -0700 |
137 | + |
138 | cryptsetup (2:2.3.3-1) unstable; urgency=medium |
139 | |
140 | [ Guilhem Moulin ] |
141 | @@ -49,6 +174,16 @@ cryptsetup (2:2.3.2-1) unstable; urgency=medium |
142 | |
143 | -- Guilhem Moulin <guilhem@debian.org> Wed, 06 May 2020 16:22:01 +0200 |
144 | |
145 | +cryptsetup (2:2.3.1-1ubuntu1) groovy; urgency=low |
146 | + |
147 | + * Merge from Debian unstable. Remaining changes: |
148 | + - debian/control: |
149 | + + Recommend plymouth. |
150 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
151 | + - Fix cryptroot-unlock for busybox compatibility. |
152 | + |
153 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 01 May 2020 07:07:58 -0700 |
154 | + |
155 | cryptsetup (2:2.3.1-1) unstable; urgency=medium |
156 | |
157 | * New upstream release. |
158 | @@ -84,6 +219,23 @@ cryptsetup (2:2.3.0-1) unstable; urgency=low |
159 | |
160 | -- Guilhem Moulin <guilhem@debian.org> Wed, 04 Mar 2020 00:48:19 +0100 |
161 | |
162 | +cryptsetup (2:2.2.2-3ubuntu2) focal; urgency=medium |
163 | + |
164 | + * Depend on cryptsetup from cryptsetup-initramfs instead of the dummy |
165 | + cryptsetup-run package. LP: #1864360. |
166 | + |
167 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 27 Feb 2020 00:16:14 -0600 |
168 | + |
169 | +cryptsetup (2:2.2.2-3ubuntu1) focal; urgency=medium |
170 | + |
171 | + * Merge from Debian unstable. Remaining changes: |
172 | + - debian/control: |
173 | + + Recommend plymouth. |
174 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
175 | + - Fix cryptroot-unlock for busybox compatibility. |
176 | + |
177 | + -- Matthias Klose <doko@ubuntu.com> Mon, 10 Feb 2020 09:20:12 +0100 |
178 | + |
179 | cryptsetup (2:2.2.2-3) unstable; urgency=high |
180 | |
181 | * initramfs hook: Workaround fix for the libgcc_s's source location. |
182 | @@ -92,6 +244,16 @@ cryptsetup (2:2.2.2-3) unstable; urgency=high |
183 | |
184 | -- Guilhem Moulin <guilhem@debian.org> Tue, 04 Feb 2020 14:11:12 +0100 |
185 | |
186 | +cryptsetup (2:2.2.2-2ubuntu1) focal; urgency=low |
187 | + |
188 | + * Merge from Debian unstable. Remaining changes: |
189 | + - debian/control: |
190 | + + Recommend plymouth. |
191 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
192 | + - Fix cryptroot-unlock for busybox compatibility. |
193 | + |
194 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 01 Feb 2020 22:11:22 -0800 |
195 | + |
196 | cryptsetup (2:2.2.2-2) unstable; urgency=medium |
197 | |
198 | [ Guilhem Moulin ] |
199 | @@ -109,6 +271,16 @@ cryptsetup (2:2.2.2-2) unstable; urgency=medium |
200 | |
201 | -- Guilhem Moulin <guilhem@debian.org> Sat, 18 Jan 2020 20:53:19 +0100 |
202 | |
203 | +cryptsetup (2:2.2.2-1ubuntu1) focal; urgency=low |
204 | + |
205 | + * Merge from Debian unstable. Remaining changes: |
206 | + - debian/control: |
207 | + + Recommend plymouth. |
208 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
209 | + - Fix cryptroot-unlock for busybox compatibility. |
210 | + |
211 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 11 Nov 2019 22:07:44 -0800 |
212 | + |
213 | cryptsetup (2:2.2.2-1) unstable; urgency=medium |
214 | |
215 | * New upstream bugfix release. |
216 | @@ -119,6 +291,16 @@ cryptsetup (2:2.2.2-1) unstable; urgency=medium |
217 | |
218 | -- Guilhem Moulin <guilhem@debian.org> Fri, 01 Nov 2019 19:32:36 +0100 |
219 | |
220 | +cryptsetup (2:2.2.1-1ubuntu1) focal; urgency=low |
221 | + |
222 | + * Merge from Debian unstable. Remaining changes: |
223 | + - debian/control: |
224 | + + Recommend plymouth. |
225 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
226 | + - Fix cryptroot-unlock for busybox compatibility. |
227 | + |
228 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 18 Oct 2019 15:14:29 -0700 |
229 | + |
230 | cryptsetup (2:2.2.1-1) unstable; urgency=medium |
231 | |
232 | * New upstream bugfix release. |
233 | @@ -126,6 +308,16 @@ cryptsetup (2:2.2.1-1) unstable; urgency=medium |
234 | |
235 | -- Guilhem Moulin <guilhem@debian.org> Fri, 06 Sep 2019 13:28:55 +0200 |
236 | |
237 | +cryptsetup (2:2.2.0-3ubuntu1) eoan; urgency=low |
238 | + |
239 | + * Merge from Debian unstable. Remaining changes: |
240 | + - debian/control: |
241 | + + Recommend plymouth. |
242 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
243 | + - Fix cryptroot-unlock for busybox compatibility. |
244 | + |
245 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 28 Aug 2019 16:13:22 -0700 |
246 | + |
247 | cryptsetup (2:2.2.0-3) unstable; urgency=medium |
248 | |
249 | * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on |
250 | @@ -133,6 +325,16 @@ cryptsetup (2:2.2.0-3) unstable; urgency=medium |
251 | |
252 | -- Guilhem Moulin <guilhem@debian.org> Mon, 26 Aug 2019 12:53:45 +0200 |
253 | |
254 | +cryptsetup (2:2.2.0-2ubuntu1) eoan; urgency=low |
255 | + |
256 | + * Merge from Debian unstable. Remaining changes: |
257 | + - debian/control: |
258 | + + Recommend plymouth. |
259 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
260 | + - Fix cryptroot-unlock for busybox compatibility. |
261 | + |
262 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Aug 2019 12:25:55 -0700 |
263 | + |
264 | cryptsetup (2:2.2.0-2) unstable; urgency=medium |
265 | |
266 | * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy |
267 | @@ -144,6 +346,25 @@ cryptsetup (2:2.2.0-2) unstable; urgency=medium |
268 | |
269 | -- Guilhem Moulin <guilhem@debian.org> Wed, 21 Aug 2019 22:45:12 +0200 |
270 | |
271 | +cryptsetup (2:2.2.0-1ubuntu2) eoan; urgency=medium |
272 | + |
273 | + * debian/initramfs/cryptroot-unlock: canonicalize executable paths. |
274 | + Thanks to Paride Legovini <paride.legovini@canonical.com> for the patch. |
275 | + LP: #1840752. |
276 | + |
277 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 20 Aug 2019 15:34:10 -0700 |
278 | + |
279 | +cryptsetup (2:2.2.0-1ubuntu1) eoan; urgency=low |
280 | + |
281 | + * Merge from Debian unstable. Remaining changes: |
282 | + - debian/control: |
283 | + + Recommend plymouth. |
284 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
285 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
286 | + compatibility. |
287 | + |
288 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 20 Aug 2019 14:21:34 +0200 |
289 | + |
290 | cryptsetup (2:2.2.0-1) unstable; urgency=medium |
291 | |
292 | * New upstream release 2.2.0. Highlights include: |
293 | @@ -221,6 +442,23 @@ cryptsetup (2:2.1.0-6) unstable; urgency=low |
294 | |
295 | -- Guilhem Moulin <guilhem@debian.org> Sat, 20 Jul 2019 22:15:04 -0300 |
296 | |
297 | +cryptsetup (2:2.1.0-5ubuntu2) eoan; urgency=medium |
298 | + |
299 | + * Rebuild against new libjson-c4. |
300 | + |
301 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 29 Jun 2019 13:48:37 +0200 |
302 | + |
303 | +cryptsetup (2:2.1.0-5ubuntu1) eoan; urgency=low |
304 | + |
305 | + * Merge from Debian unstable. Remaining changes: |
306 | + - debian/control: |
307 | + + Recommend plymouth. |
308 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
309 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
310 | + compatibility. |
311 | + |
312 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 14 Jun 2019 14:09:31 -0700 |
313 | + |
314 | cryptsetup (2:2.1.0-5) unstable; urgency=medium |
315 | |
316 | [ Jonas Meurer ] |
317 | @@ -233,6 +471,17 @@ cryptsetup (2:2.1.0-5) unstable; urgency=medium |
318 | |
319 | -- Guilhem Moulin <guilhem@debian.org> Mon, 10 Jun 2019 14:51:15 +0200 |
320 | |
321 | +cryptsetup (2:2.1.0-4ubuntu1) eoan; urgency=low |
322 | + |
323 | + * Merge from Debian unstable. Remaining changes: |
324 | + - debian/control: |
325 | + + Recommend plymouth. |
326 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
327 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
328 | + compatibility. |
329 | + |
330 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 28 May 2019 18:32:08 -0700 |
331 | + |
332 | cryptsetup (2:2.1.0-4) unstable; urgency=medium |
333 | |
334 | [Guilhem Moulin] |
335 | @@ -252,6 +501,26 @@ cryptsetup (2:2.1.0-4) unstable; urgency=medium |
336 | |
337 | -- Guilhem Moulin <guilhem@debian.org> Tue, 28 May 2019 17:04:16 +0200 |
338 | |
339 | +cryptsetup (2:2.1.0-3ubuntu2) eoan; urgency=medium |
340 | + |
341 | + * Depend on busybox-initramfs, which is the implementation we actually use |
342 | + for the initramfs and is guaranteed to always be present, instead of |
343 | + busybox-static. |
344 | + |
345 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 09 May 2019 14:47:04 -0700 |
346 | + |
347 | +cryptsetup (2:2.1.0-3ubuntu1) eoan; urgency=low |
348 | + |
349 | + * Merge from Debian unstable. Remaining changes: |
350 | + - debian/control: |
351 | + + Recommend plymouth. |
352 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
353 | + is the one we ship in main as part of the ubuntu-standard task. |
354 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
355 | + compatibility. LP: #1651818 |
356 | + |
357 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 03 May 2019 16:22:03 -0700 |
358 | + |
359 | cryptsetup (2:2.1.0-3) unstable; urgency=medium |
360 | |
361 | * d/scripts/decrypt_opensc: Fix standard output poisoning. Thanks to Nils |
362 | @@ -275,6 +544,19 @@ cryptsetup (2:2.1.0-2) unstable; urgency=medium |
363 | |
364 | -- Guilhem Moulin <guilhem@debian.org> Thu, 28 Feb 2019 22:32:43 +0100 |
365 | |
366 | +cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium |
367 | + |
368 | + * Merge from Debian unstable. LP: #1815484 |
369 | + * Remaining changes: |
370 | + - debian/control: |
371 | + + Recommend plymouth. |
372 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
373 | + is the one we ship in main as part of the ubuntu-standard task. |
374 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
375 | + compatibility. LP: #1651818 |
376 | + |
377 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 13 Feb 2019 21:28:23 +0000 |
378 | + |
379 | cryptsetup (2:2.1.0-1) unstable; urgency=medium |
380 | |
381 | * New upstream release. Highlights include: |
382 | @@ -317,6 +599,20 @@ cryptsetup (2:2.1.0-1) unstable; urgency=medium |
383 | |
384 | -- Guilhem Moulin <guilhem@debian.org> Sat, 09 Feb 2019 00:40:17 +0100 |
385 | |
386 | +cryptsetup (2:2.0.6-1ubuntu1) disco; urgency=medium |
387 | + |
388 | + * Merge from Debian unstable. |
389 | + * Remaining changes: |
390 | + - debian/control: |
391 | + + Recommend plymouth. |
392 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
393 | + is the one we ship in main as part of the ubuntu-standard task. |
394 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
395 | + compatibility. LP: #1651818 |
396 | + * Dropped delta sector_size support, merged in Debian. |
397 | + |
398 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 05 Feb 2019 13:43:25 +0000 |
399 | + |
400 | cryptsetup (2:2.0.6-1) unstable; urgency=medium |
401 | |
402 | * New upstream bugfix release. Highlights include: |
403 | @@ -381,6 +677,27 @@ cryptsetup (2:2.0.4-3) unstable; urgency=medium |
404 | |
405 | -- Guilhem Moulin <guilhem@debian.org> Mon, 22 Oct 2018 17:45:35 +0200 |
406 | |
407 | +cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium |
408 | + |
409 | + * Implement support for --sector-size cryptsetup plain mode option in |
410 | + crypttab. Matching support is also proposed to systemd-cryptsetup as |
411 | + well. LP: #1776626 |
412 | + |
413 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 31 Aug 2018 17:00:07 +0100 |
414 | + |
415 | +cryptsetup (2:2.0.4-2ubuntu1) cosmic; urgency=low |
416 | + |
417 | + * Merge from Debian unstable. LP: #1785610. |
418 | + * Remaining changes: |
419 | + - debian/control: |
420 | + + Recommend plymouth. |
421 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
422 | + is the one we ship in main as part of the ubuntu-standard task. |
423 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
424 | + compatibility. LP: #1651818 |
425 | + |
426 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 22 Aug 2018 22:51:47 +0100 |
427 | + |
428 | cryptsetup (2:2.0.4-2) unstable; urgency=medium |
429 | |
430 | * debian/cryptsetup-initramfs.preinst: Don't try to overwrite |
431 | @@ -413,6 +730,28 @@ cryptsetup (2:2.0.3-7) unstable; urgency=medium |
432 | |
433 | -- Guilhem Moulin <guilhem@debian.org> Mon, 30 Jul 2018 16:32:07 +0800 |
434 | |
435 | +cryptsetup (2:2.0.3-6ubuntu1) cosmic; urgency=low |
436 | + |
437 | + * Merge from Debian unstable. LP: #1781912. |
438 | + * Remaining changes: |
439 | + - debian/control: |
440 | + + Recommend plymouth. |
441 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
442 | + is the one we ship in main as part of the ubuntu-standard task. |
443 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
444 | + compatibility. LP: #1651818 |
445 | + * Dropped changes, included in Debian: |
446 | + - Drop explicit libgcrypt20 dependency from libcryptsetup4. |
447 | + - Drop the CRYPTSETUP variable warning from the initramfs hook, as |
448 | + overlayroot package ships a dropin in conf-hooks.d triggering false |
449 | + warnings. |
450 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
451 | + - Drop c99 std, as the default is now higher than that |
452 | + * Dropped changes, no longer needed: |
453 | + - Add maintscript to drop removed upstart system jobs. |
454 | + |
455 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 16 Jul 2018 08:27:58 -0400 |
456 | + |
457 | cryptsetup (2:2.0.3-6) unstable; urgency=medium |
458 | |
459 | * debian/TODO.md: Remove mention of parent device detection for mdadm |
460 | @@ -697,6 +1036,45 @@ cryptsetup (2:2.0.3-1) unstable; urgency=medium |
461 | |
462 | -- Jonas Meurer <jonas@freesources.org> Fri, 15 Jun 2018 15:32:16 +0200 |
463 | |
464 | +cryptsetup (2:2.0.2-1ubuntu3) cosmic; urgency=medium |
465 | + |
466 | + * No-change rebuild against libargon2-1 |
467 | + |
468 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 10 Jul 2018 17:01:23 +0000 |
469 | + |
470 | +cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium |
471 | + |
472 | + * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
473 | + compatibility. LP: #1651818 |
474 | + |
475 | + -- Dimitri John Ledkov đŸŒˆ <xnox@ubuntu.com> Thu, 21 Jun 2018 16:38:31 +0100 |
476 | + |
477 | +cryptsetup (2:2.0.2-1ubuntu1) bionic; urgency=low |
478 | + |
479 | + * Merge from Debian unstable. |
480 | + - bugfix upstream release, which solves problems with luks2 format |
481 | + disks not unlocking. LP: #1755322. |
482 | + * Remaining changes: |
483 | + - debian/control: |
484 | + + Depend on plymouth. |
485 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
486 | + is the one we ship in main as part of the ubuntu-standard task. |
487 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
488 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
489 | + - Drop c99 std, as the default is now higher than that |
490 | + - Drop upstart system jobs. |
491 | + - Add maintscript to drop removed upstart system jobs. |
492 | + - debian has its own now, but we have different version numbers. |
493 | + this delta can be dropped after 18.04 release. |
494 | + - Drop the CRYPTSETUP variable warning from the initramfs hook, as |
495 | + overlayroot package ships a dropin in conf-hooks.d triggering false |
496 | + warnings. |
497 | + * Dropped changes: |
498 | + - debian/cryptdisks{,-udev}.maintscript: drop, there is no package named |
499 | + 'cryptdisks' or 'cryptdisks-udev'. |
500 | + |
501 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 06 Apr 2018 10:23:53 -0700 |
502 | + |
503 | cryptsetup (2:2.0.2-1) unstable; urgency=low |
504 | |
505 | * New upstream release 2.0.2 |
506 | @@ -726,6 +1104,40 @@ cryptsetup (2:2.0.1-1) unstable; urgency=low |
507 | |
508 | -- Guilhem Moulin <guilhem@debian.org> Sun, 11 Feb 2018 00:02:05 +0100 |
509 | |
510 | +cryptsetup (2:2.0.1-0ubuntu2) bionic; urgency=medium |
511 | + |
512 | + * Drop the CRYPTSETUP variable warning from the initramfs hook, as |
513 | + overlayroot package ships a dropin in conf-hooks.d triggering false |
514 | + warnings. |
515 | + |
516 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 22 Feb 2018 14:49:16 +0000 |
517 | + |
518 | +cryptsetup (2:2.0.1-0ubuntu1) bionic; urgency=medium |
519 | + |
520 | + * Merge from Debian unstable. Remaining changes: |
521 | + - debian/control: |
522 | + + Depend on plymouth. |
523 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
524 | + is the one we ship in main as part of the ubuntu-standard task. |
525 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
526 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
527 | + - Drop c99 std, as the default is now higher than that |
528 | + - Drop upstart system jobs. |
529 | + - Add maintscript to drop removed upstart system jobs. |
530 | + - debian has its own now, but we have different version numbers |
531 | + * New upstream release |
532 | + * Cherry-pick Guilhem Moulin's changes below from Debian git |
533 | + |
534 | + [ Guilhem Moulin ] |
535 | + * New upstream release 2.0.1: |
536 | + - Use /run/cryptsetup as default for cryptsetup locking dir. |
537 | + - Add missing symbols for new functions to debian/libcryptsetup12.symbols. |
538 | + * debian/copyright: update copyright years. |
539 | + * debian/patches: backport upstream's 8728ba08 to fix opening of loop-AES |
540 | + devices using --key-file=-. (Closes: #888162.) |
541 | + |
542 | + -- Julian Andres Klode <juliank@ubuntu.com> Mon, 29 Jan 2018 13:48:55 +0100 |
543 | + |
544 | cryptsetup (2:2.0.0-1) unstable; urgency=low |
545 | |
546 | [ Guilhem Moulin ] |
547 | @@ -775,6 +1187,26 @@ cryptsetup (2:2.0.0~rc0-1) experimental; urgency=low |
548 | |
549 | -- Guilhem Moulin <guilhem@debian.org> Tue, 03 Oct 2017 03:37:36 +0200 |
550 | |
551 | +cryptsetup (2:1.7.5-1ubuntu1) bionic; urgency=low |
552 | + |
553 | + * Merge from Debian unstable. Remaining changes: |
554 | + - debian/control: |
555 | + + Depend on plymouth. |
556 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
557 | + is the one we ship in main as part of the ubuntu-standard task. |
558 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
559 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
560 | + - Drop c99 std, as the default is now higher than that |
561 | + - Drop upstart system jobs. |
562 | + - Add maintscript to drop removed upstart system jobs. |
563 | + * Merged upstream: |
564 | + - d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat |
565 | + with recent FIPS enabled kernels. |
566 | + * Merged in Debian: |
567 | + - Use DEB_VERSION from dpkg/default.mk for pod2man release variable |
568 | + |
569 | + -- Julian Andres Klode <juliank@ubuntu.com> Wed, 17 Jan 2018 21:39:10 +0100 |
570 | + |
571 | cryptsetup (2:1.7.5-1) unstable; urgency=low |
572 | |
573 | * New upstream release 1.7.5. |
574 | @@ -797,6 +1229,25 @@ cryptsetup (2:1.7.5-1) unstable; urgency=low |
575 | |
576 | -- Guilhem Moulin <guilhem@debian.org> Thu, 14 Sep 2017 13:00:23 +0200 |
577 | |
578 | +cryptsetup (2:1.7.3-4ubuntu1) artful; urgency=low |
579 | + |
580 | + * New upstream release, merge from Debian unstable. Remaining |
581 | + Ubuntu changes: |
582 | + - debian/control: |
583 | + + Depend on plymouth. |
584 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
585 | + is the one we ship in main as part of the ubuntu-standard task. |
586 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
587 | + * d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat |
588 | + with recent FIPS enabled kernels. |
589 | + * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
590 | + * Drop c99 std, as the default is now higher than that |
591 | + * Use DEB_VERSION from dpkg/default.mk for pod2man release variable |
592 | + * Drop upstart system jobs. |
593 | + * Add maintscript to drop removed upstart system jobs. |
594 | + |
595 | + -- Andy Whitcroft <apw@ubuntu.com> Thu, 10 Aug 2017 14:07:29 +0100 |
596 | + |
597 | cryptsetup (2:1.7.3-4) unstable; urgency=high |
598 | |
599 | [ Guilhem Moulin ] |
600 | @@ -1009,6 +1460,40 @@ cryptsetup (2:1.7.2-1) unstable; urgency=medium |
601 | |
602 | -- Jonas Meurer <mejo@debian.org> Wed, 05 Oct 2016 20:53:09 +0200 |
603 | |
604 | +cryptsetup (2:1.7.2-0ubuntu4) artful; urgency=medium |
605 | + |
606 | + * Add maintscript to drop removed upstart system jobs. |
607 | + |
608 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 21 Aug 2017 11:36:04 +0100 |
609 | + |
610 | +cryptsetup (2:1.7.2-0ubuntu3) artful; urgency=medium |
611 | + |
612 | + * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCe |
613 | + * Drop c99 std, as the default is now higher than that |
614 | + * Use DEB_VERSION from dpkg/default.mk for pod2man release variable |
615 | + |
616 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 19 Aug 2017 21:46:19 +0100 |
617 | + |
618 | +cryptsetup (2:1.7.2-0ubuntu2) artful; urgency=medium |
619 | + |
620 | + * Drop upstart system jobs. |
621 | + |
622 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 19 Aug 2017 20:57:17 +0100 |
623 | + |
624 | +cryptsetup (2:1.7.2-0ubuntu1) yakkety; urgency=medium |
625 | + |
626 | + * New upstream release, merge from Debian unstable (LP: #1548137). Remaining |
627 | + Ubuntu changes: |
628 | + - debian/control: |
629 | + + Bump initramfs-tools Suggests to Depends: so system is not |
630 | + potentially rendered unbootable. |
631 | + + Depend on plymouth. |
632 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
633 | + is the one we ship in main as part of the ubuntu-standard task. |
634 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
635 | + |
636 | + -- Unit 193 <unit193@ubuntu.com> Wed, 22 Jun 2016 16:30:01 -0400 |
637 | + |
638 | cryptsetup (2:1.7.0-2) unstable; urgency=medium |
639 | |
640 | [ Guilhem Moulin ] |
641 | @@ -1083,6 +1568,35 @@ cryptsetup (2:1.7.0-1) unstable; urgency=medium |
642 | |
643 | -- Jonas Meurer <mejo@debian.org> Thu, 07 Jan 2016 02:22:33 +0100 |
644 | |
645 | +cryptsetup (2:1.6.6-5ubuntu2) wily; urgency=medium |
646 | + |
647 | + * Fix stupid typo in Recommends "busybox | busybox-static" inversion. |
648 | + Fixes binary moves for busybox into main. |
649 | + |
650 | + -- Andy Whitcroft <apw@ubuntu.com> Fri, 21 Aug 2015 08:56:34 +0100 |
651 | + |
652 | +cryptsetup (2:1.6.6-5ubuntu1) wily; urgency=low |
653 | + |
654 | + * Merge from Debian unstable. Remaining changes: |
655 | + - debian/control: |
656 | + + Bump initramfs-tools Suggests to Depends: so system is not |
657 | + potentially rendered unbootable. |
658 | + + Depend on plymouth. |
659 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
660 | + is the one we ship in main as part of the ubuntu-standard task. |
661 | + + Drop explicit libgcrypt11 dependency from libcryptsetup4. |
662 | + * Dropped changes, now in Debian: |
663 | + - Remove hardcoded paths to udevadm. |
664 | + - debian/initramfs/cryptroot-hook: |
665 | + + Do not unconditionally include cryptsetup utils in the initramfs. |
666 | + + Do not include any modules or utils in the initramfs, unless |
667 | + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in |
668 | + the initramfs.conf configuration file. |
669 | + - debian/cryptsetup.maintscripts: |
670 | + + Migrate upstart jobs to new names. |
671 | + |
672 | + -- Andy Whitcroft <apw@ubuntu.com> Tue, 07 Jul 2015 16:58:45 +0100 |
673 | + |
674 | cryptsetup (2:1.6.6-5) unstable; urgency=high |
675 | |
676 | * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart |
677 | @@ -1235,6 +1749,71 @@ cryptsetup (2:1.6.4-1) unstable; urgency=low |
678 | |
679 | -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:14:55 +0200 |
680 | |
681 | +cryptsetup (2:1.6.1-1ubuntu7) vivid; urgency=medium |
682 | + |
683 | + * Drop explicit libgcrypt11 dependency from libcryptsetup4. |
684 | + |
685 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 27 Mar 2015 18:24:38 -0600 |
686 | + |
687 | +cryptsetup (2:1.6.1-1ubuntu6) vivid; urgency=medium |
688 | + |
689 | + * No-change rebuild for the libgcrypt20 transition. |
690 | + |
691 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 27 Mar 2015 06:16:08 -0600 |
692 | + |
693 | +cryptsetup (2:1.6.1-1ubuntu5) vivid; urgency=medium |
694 | + |
695 | + * ./debian/scripts/luksformat: Drop luksFormat -s and --ciper options. They |
696 | + aren't necessary any more, and aes-cbc-essiv:sha256 is obsolete. This will |
697 | + now use aes-xts-plain64 by default. (LP: #1414719) |
698 | + |
699 | + -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 27 Feb 2015 09:37:05 +0100 |
700 | + |
701 | +cryptsetup (2:1.6.1-1ubuntu4) vivid; urgency=medium |
702 | + |
703 | + * No change rebuild to get debug symbols for all architectures. |
704 | + |
705 | + -- Brian Murray <brian@ubuntu.com> Wed, 03 Dec 2014 08:03:31 -0800 |
706 | + |
707 | +cryptsetup (2:1.6.1-1ubuntu3) utopic; urgency=high |
708 | + |
709 | + * No change rebuild against new dh_installinit, to call update-rc.d at |
710 | + postinst. |
711 | + |
712 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:39:30 +0100 |
713 | + |
714 | +cryptsetup (2:1.6.1-1ubuntu2) utopic; urgency=medium |
715 | + |
716 | + * debian/askpass.c: |
717 | + - Fix bug (LP: #1301086) where askpass fails to restore terminal |
718 | + settings. |
719 | + |
720 | + -- Robert Barabas <dc@0xdc.org> Fri, 18 Apr 2014 14:08:51 -0400 |
721 | + |
722 | +cryptsetup (2:1.6.1-1ubuntu1) trusty; urgency=low |
723 | + |
724 | + * Merge from debian unstable, remaining changes: |
725 | + - debian/control: |
726 | + + Bump initramfs-tools Suggests to Depends: so system is not |
727 | + potentially rendered unbootable. |
728 | + + Depend on plymouth. |
729 | + |
730 | + - Invert the "busybox | busybox-static" Recommends, as the latter is |
731 | + the one we ship in main as part of the ubuntu-standard task. |
732 | + |
733 | + - Remove hardcoded paths to udevadm (LP: #1184066). |
734 | + |
735 | + - debian/initramfs/cryptroot-hook: |
736 | + + Do not unconditionally include cryptsetup utils in the initramfs. |
737 | + + Do not include any modules or utils in the initramfs, unless |
738 | + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in |
739 | + the initramfs.conf configuration file. |
740 | + |
741 | + - debian/cryptsetup.maintscripts: |
742 | + + Migrate upstart jobs to new names. |
743 | + |
744 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Fri, 01 Nov 2013 16:48:57 +0000 |
745 | + |
746 | cryptsetup (2:1.6.1-1) unstable; urgency=low |
747 | |
748 | [ Milan Broz ] |
749 | @@ -1276,6 +1855,50 @@ cryptsetup (2:1.6.1-1) unstable; urgency=low |
750 | |
751 | -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:10:41 +0200 |
752 | |
753 | +cryptsetup (2:1.4.3-4ubuntu4) saucy; urgency=low |
754 | + |
755 | + * debian/initramfs/cryptroot-hook: |
756 | + - Do not unconditionally include cryptsetup utils in the initramfs. |
757 | + - Do not include any modules or utils in the initramfs, unless |
758 | + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in |
759 | + the initramfs.conf configuration file. |
760 | + |
761 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Mon, 10 Jun 2013 16:25:46 +0100 |
762 | + |
763 | +cryptsetup (2:1.4.3-4ubuntu3) saucy; urgency=low |
764 | + |
765 | + * Remove hardcoded paths to udevadm (LP: #1184066). |
766 | + |
767 | + -- Colin Watson <cjwatson@ubuntu.com> Tue, 28 May 2013 11:27:27 +0100 |
768 | + |
769 | +cryptsetup (2:1.4.3-4ubuntu2) raring; urgency=low |
770 | + |
771 | + * Invert the "busybox | busybox-static" Recommends, as the latter |
772 | + is the one we ship in main as part of the ubuntu-standard task. |
773 | + |
774 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 16 Nov 2012 01:14:35 -0700 |
775 | + |
776 | +cryptsetup (2:1.4.3-4ubuntu1) raring; urgency=low |
777 | + |
778 | + * Merge from debian unstable, remaining changes: |
779 | + - debian/control: |
780 | + + Bump initramfs-tools Suggests to Depends: so system is not |
781 | + potentially rendered unbootable. |
782 | + + Depend on plymouth. |
783 | + |
784 | + - init/upstart jobs: |
785 | + + Rename cryptddisks{,-early}.upstart jobs to |
786 | + cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs |
787 | + for now. |
788 | + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
789 | + script a no-op, this should be handled entirely by the upstart job; |
790 | + and fix the LSB header to not declare this should be started in |
791 | + runlevel 'S'. |
792 | + + Do not install start symlinks for init scripts |
793 | + + NB! shutdown is still handled by the SystemV init scripts |
794 | + |
795 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Tue, 13 Nov 2012 11:17:57 +0000 |
796 | + |
797 | cryptsetup (2:1.4.3-4) unstable; urgency=medium |
798 | |
799 | * change recommends for busybox to busybox | busybox-static. Thanks to |
800 | @@ -1308,6 +1931,50 @@ cryptsetup (2:1.4.3-3) unstable; urgency=medium |
801 | |
802 | -- Jonas Meurer <mejo@debian.org> Thu, 01 Nov 2012 15:34:09 +0100 |
803 | |
804 | +cryptsetup (2:1.4.3-2ubuntu1) quantal; urgency=low |
805 | + |
806 | + * Merge from debian unstable (LP: #1015753), remaining changes: |
807 | + - debian/control: |
808 | + + Bump initramfs-tools Suggests to Depends: so system is not |
809 | + potentially rendered unbootable. |
810 | + + Depend on plymouth. |
811 | + |
812 | + - init/upstart jobs: |
813 | + + Add debian/cryptdisks-{enable,udev}.upstart for bootup. |
814 | + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
815 | + script a no-op, this should be handled entirely by the upstart job; |
816 | + and fix the LSB header to not declare this should be started in |
817 | + runlevel 'S'. |
818 | + + Do not install start symlinks for init scripts |
819 | + + NB! shutdown is still handled by the SystemV init scripts |
820 | + |
821 | + * Rename cryptddisks{,-early}.upstart jobs back to |
822 | + cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs |
823 | + for now. |
824 | + |
825 | + * Dropped Changes, included in Debian: |
826 | + - debian/control: |
827 | + + Split up package in cryptsetup and cryptsetup-bin. (LP: #343363). |
828 | + |
829 | + - debian/cryptdisks.functions: |
830 | + + Do not overwrite existing filesystems when creating swap (LP: #474258). |
831 | + + Add aesni module when we have hardware encryption. |
832 | + + Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/874774 |
833 | + + Suppress "Starting init crypto disks" message in "init" phase, to |
834 | + avoid writing over fsck progress text. |
835 | + + new function, crypttab_start_one_disk, to look for the named source |
836 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
837 | + if configured to do so |
838 | + + handle the case where crypttab contains a name for the source |
839 | + device that is not the kernel's preferred name for it (as is the case |
840 | + for LVs). |
841 | + |
842 | + - debian/initramfs/cryptroot-hook: |
843 | + + Quiet warnings from find on arches that don't have all the |
844 | + kernel/{arch,crypto} bits we're testing for. |
845 | + |
846 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Tue, 21 Aug 2012 11:57:28 +0100 |
847 | + |
848 | cryptsetup (2:1.4.3-2) unstable; urgency=medium |
849 | |
850 | * fix the shared library symbols magic: so far, the symbols file for |
851 | @@ -1383,6 +2050,64 @@ cryptsetup (2:1.4.1-3) unstable; urgency=low |
852 | |
853 | -- Jonas Meurer <mejo@debian.org> Wed, 11 Apr 2012 23:55:35 +0200 |
854 | |
855 | +cryptsetup (2:1.4.1-2ubuntu4) precise; urgency=low |
856 | + |
857 | + * Our swap creation can trigger udev change events, which means udev may be |
858 | + holding the device open at the time we try to call 'dmsetup rename' and |
859 | + cause the /subsequent/ events to be missed because of dmsetup creating |
860 | + device nodes by hand. So call 'udevadm settle' before 'dmsetup rename', |
861 | + to ensure blkid is out of the way first. This should ensure swap |
862 | + partitions are found by mountall in a non-racy manner. LP: #874774. |
863 | + |
864 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 13 Apr 2012 20:23:21 -0700 |
865 | + |
866 | +cryptsetup (2:1.4.1-2ubuntu3) precise; urgency=low |
867 | + |
868 | + * Start cryptdisks-enable upstart job on 'or container', to let us |
869 | + simplify the udevtrigger job. |
870 | + |
871 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 04 Apr 2012 17:02:00 -0700 |
872 | + |
873 | +cryptsetup (2:1.4.1-2ubuntu2) precise; urgency=low |
874 | + |
875 | + * Split up package in cryptsetup and cryptsetup-bin. (LP: #343363). |
876 | + * Do not overwrite existing filesystems when creating swap (LP: #474258). |
877 | + * Add aesni module when we have hardware encryption. |
878 | + |
879 | + -- Jean-Louis Dupond <jean-louis@dupond.be> Mon, 12 Mar 2012 10:14:30 +0100 |
880 | + |
881 | +cryptsetup (2:1.4.1-2ubuntu1) precise; urgency=low |
882 | + |
883 | + [ Jean-Louis Dupond ] |
884 | + * Merge from debian unstable (LP: #776264), remaining changes: |
885 | + - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message |
886 | + in "init" phase, to avoid writing over fsck progress text. |
887 | + - debian/cryptroot-hook: Quiet warnings from find on arches that |
888 | + don't have all the kernel/{arch,crypto} bits we're testing for. |
889 | + - debian/control: |
890 | + + Bump initramfs-tools Suggests to Depends: so system is not |
891 | + potentially rendered unbootable. |
892 | + + Depend on plymouth. |
893 | + - Add debian/cryptdisks-{enable,udev}.upstart. |
894 | + - debian/cryptdisks.functions: |
895 | + + new function, crypttab_start_one_disk, to look for the named source |
896 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
897 | + if configured to do so |
898 | + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
899 | + script a no-op, this should be handled entirely by the upstart job; |
900 | + and fix the LSB header to not declare this should be started in |
901 | + runlevel 'S' |
902 | + - debian/rules: |
903 | + + Do not install start symlinks for init scripts, and |
904 | + install debian/cryptdisks-{enable,udev}.upstart scripts. |
905 | + |
906 | + [ Steve Langasek ] |
907 | + * debian/cryptdisks.functions: handle the case where crypttab contains a |
908 | + name for the source device that is not the kernel's preferred name for |
909 | + it (as is the case for LVs). |
910 | + |
911 | + -- Jean-Louis Dupond <jean-louis@dupond.be> Thu, 08 Mar 2012 07:32:40 +0100 |
912 | + |
913 | cryptsetup (2:1.4.1-2) unstable; urgency=low |
914 | |
915 | * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182) |
916 | @@ -1592,6 +2317,56 @@ cryptsetup (2:1.2.0-1) experimental; urgency=low |
917 | |
918 | -- Jonas Meurer <mejo@debian.org> Sun, 16 Jan 2011 01:01:03 +0100 |
919 | |
920 | +cryptsetup (2:1.1.3-4ubuntu3) precise; urgency=low |
921 | + |
922 | + [ Pali Rohar ] |
923 | + * debian/cryptdisks.functions: Suppress "Starting init crypto disks" message |
924 | + in "init" phase, to avoid writing over fsck progress text. |
925 | + |
926 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 26 Oct 2011 09:16:15 +0200 |
927 | + |
928 | +cryptsetup (2:1.1.3-4ubuntu2) oneiric; urgency=low |
929 | + |
930 | + * debian/cryptroot-hook: Quiet warnings from find on arches that |
931 | + don't have all the kernel/{arch,crypto} bits we're testing for. |
932 | + |
933 | + -- Adam Conrad <adconrad@ubuntu.com> Sat, 01 Oct 2011 00:33:00 -0600 |
934 | + |
935 | +cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low |
936 | + |
937 | + * Merge from debian unstable (LP: #682177), remaining changes: |
938 | + - debian/control: |
939 | + + Bump initramfs-tools Suggests to Depends: so system is not |
940 | + potentially rendered unbootable. |
941 | + + Depend on plymouth. |
942 | + - Add debian/cryptdisks-{enable,udev}.upstart. |
943 | + - debian/cryptdisks.functions: |
944 | + + new function, crypttab_start_one_disk, to look for the named source |
945 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
946 | + if configured to do so |
947 | + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure |
948 | + we only ever have one of these running at a time; otherwise multiple |
949 | + invocations could steal each other's input and/or write over each |
950 | + other's output |
951 | + + when called by cryptdisks-enable, check that we don't already have a |
952 | + corresponding cryptdisks-udev job running (probably waiting for a |
953 | + passphrase); if there is, wait until it's finished before continuing. |
954 | + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
955 | + script a no-op, this should be handled entirely by the upstart job; |
956 | + and fix the LSB header to not declare this should be started in |
957 | + runlevel 'S' |
958 | + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on |
959 | + upgrade. |
960 | + - debian/rules: |
961 | + + Do not install start symlinks for init scripts, and |
962 | + install debian/cryptdisks-{enable,udev}.upstart scripts. |
963 | + + link dynamically against libgcrypt and libgpg-error. |
964 | + - Add debian/cryptsetup.apport: Apport package hook. Install in |
965 | + debian/rules and create dir in debian/cryptsetup.dirs. |
966 | + - debian/cryptsetup.postrm: call update-initramfs on package removal. |
967 | + |
968 | + -- Lorenzo De Liso <blackz@ubuntu.com> Sat, 27 Nov 2010 17:37:43 +0100 |
969 | + |
970 | cryptsetup (2:1.1.3-4) unstable; urgency=high |
971 | |
972 | * bump standards-version to 3.9.1, no changes required |
973 | @@ -1697,6 +2472,69 @@ cryptsetup (2:1.1.3-1) unstable; urgency=low |
974 | |
975 | -- Jonas Meurer <mejo@debian.org> Sat, 10 Jul 2010 14:32:40 +0200 |
976 | |
977 | +cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low |
978 | + |
979 | + * Merge from Debian unstable (LP: #594365). Remaining changes: |
980 | + - debian/control: |
981 | + + Bump initramfs-tools Suggests to Depends: so system is not |
982 | + potentially rendered unbootable. |
983 | + + Depend on plymouth. |
984 | + - Add debian/cryptdisks-{enable,udev}.upstart. |
985 | + - debian/cryptdisks.functions: |
986 | + + new function, crypttab_start_one_disk, to look for the named source |
987 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
988 | + if configured to do so |
989 | + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure |
990 | + we only ever have one of these running at a time; otherwise multiple |
991 | + invocations could steal each other's input and/or write over each |
992 | + other's output |
993 | + + initially create the device under a temporary name and rename it only |
994 | + at the end using 'dmsetup rename', to ensure that upstart/mountall |
995 | + doesn't see our device before it's ready to go. |
996 | + + do_tmp should mount under /var/run/cryptsetup for changing the |
997 | + permissions of the filesystem root, not directly on /tmp, since |
998 | + mounting on /tmp a) is racy, b) confuses mountall something fierce. |
999 | + + when called by cryptdisks-enable, check that we don't already have a |
1000 | + corresponding cryptdisks-udev job running (probably waiting for a |
1001 | + passphrase); if there is, wait until it's finished before continuing. |
1002 | + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1003 | + script a no-op, this should be handled entirely by the upstart job; |
1004 | + and fix the LSB header to not declare this should be started in |
1005 | + runlevel 'S' |
1006 | + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on |
1007 | + upgrade. |
1008 | + - debian/rules: Do not install start symlinks for init scripts, and |
1009 | + install debian/cryptdisks-{enable,udev}.upstart scripts. |
1010 | + - Add debian/cryptsetup.apport: Apport package hook. Install in |
1011 | + debian/rules and create dir in debian/cryptsetup.dirs. |
1012 | + - debian/rules: link dynamically against libgcrypt and libgpg-error. |
1013 | + - debian/cryptsetup.postrm: call update-initramfs on package removal. |
1014 | + * Dropped changes, merged/superseded in Debian: |
1015 | + - Add ext4 support to passdev. |
1016 | + - cryptroot-hook: don't call copy_modules_dir with empty arguments when |
1017 | + archcrypto isn't found |
1018 | + - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into |
1019 | + the initramfs. |
1020 | + - change interaction to use plymouth directly if present, and if not, to |
1021 | + fall back to /lib/cryptsetup/askpass as before |
1022 | + - cryptdisks.functions: replace 'echo -e' bashism with 'printf'. |
1023 | + - debian/initramfs/cryptroot-script: if plymouth is present in the |
1024 | + initramfs, use this directly, bypassing the cryptsetup askpass script |
1025 | + - debian/initramfs/cryptroot-hook: Properly anchor our regexps when |
1026 | + grepping /etc/crypttab so that we don't incorrectly match device names |
1027 | + that are substrings of one another. |
1028 | + - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot |
1029 | + file descriptor to subprocesses. |
1030 | + - Fix grammar error in debian/initramfs/cryptroot-script |
1031 | + ("setup" -> "set up") |
1032 | + - debian/initramfs/cryptroot-script: Fix this to work with current |
1033 | + initramfs-tools: |
1034 | + + Source /scripts/functions after checking for prerequisites. |
1035 | + + prereqs(): Do not assume we are running within initramfs, and |
1036 | + calculate relative path correctly. |
1037 | + |
1038 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 14 Jun 2010 21:47:28 -0700 |
1039 | + |
1040 | cryptsetup (2:1.1.2-1) unstable; urgency=low |
1041 | |
1042 | * new upstream release, changes include: |
1043 | @@ -1814,6 +2652,171 @@ cryptsetup (2:1.1.0-1) unstable; urgency=low |
1044 | |
1045 | -- Jonas Meurer <mejo@debian.org> Mon, 08 Mar 2010 14:15:35 +0100 |
1046 | |
1047 | +cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low |
1048 | + |
1049 | + [ David Stansby ] |
1050 | + * Fix grammar error in debian/initramfs/cryptroot-script |
1051 | + ("setup" -> "set up") (LP: #578896) |
1052 | + |
1053 | + -- James Westby <james.westby@ubuntu.com> Mon, 17 May 2010 13:33:40 +0100 |
1054 | + |
1055 | +cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low |
1056 | + |
1057 | + * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot |
1058 | + file descriptor to subprocesses. |
1059 | + |
1060 | + -- Colin Watson <cjwatson@ubuntu.com> Mon, 29 Mar 2010 22:18:36 +0100 |
1061 | + |
1062 | +cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low |
1063 | + |
1064 | + * debian/initramfs/cryptroot-hook: Properly anchor our regexps when |
1065 | + grepping /etc/crypttab so that we don't incorrectly match device names |
1066 | + that are substrings of one another. |
1067 | + * debian/cryptdisks-{enable,udev}.conf, debian/control: drop |
1068 | + 'console output' and add a hard dependency on plymouth instead of |
1069 | + watershed, to avoid spitting extra messages to the console. |
1070 | + |
1071 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 18 Feb 2010 06:19:19 -0800 |
1072 | + |
1073 | +cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low |
1074 | + |
1075 | + * Set FRAMEBUFFER=y in the file that we actually ship. |
1076 | + * debian/cryptsetup.postrm: call update-initramfs on package removal. |
1077 | + LP: #468228. |
1078 | + |
1079 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 25 Jan 2010 03:07:52 -0800 |
1080 | + |
1081 | +cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low |
1082 | + |
1083 | + * cryptdisks.functions: replace 'echo -e' bashism with 'printf'. |
1084 | + * cryptdisks.functions: when called by cryptdisks-enable, check that we |
1085 | + don't already have a corresponding cryptdisks-udev job running (probably |
1086 | + waiting for a passphrase); if there is, wait until it's finished before |
1087 | + continuing. |
1088 | + |
1089 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 21 Jan 2010 14:57:21 +0000 |
1090 | + |
1091 | +cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low |
1092 | + |
1093 | + * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the |
1094 | + initramfs. |
1095 | + * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the |
1096 | + invocation of plymouth, so that we actually get proper passphrase prompts |
1097 | + (once bug #496765 is fixed). |
1098 | + |
1099 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 16 Jan 2010 02:32:41 -0800 |
1100 | + |
1101 | +cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low |
1102 | + |
1103 | + * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for |
1104 | + changing the permissions of the filesystem root, not directly on /tmp, |
1105 | + since mounting on /tmp a) is racy, b) confuses mountall something fierce. |
1106 | + LP: #475936. |
1107 | + |
1108 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 22 Dec 2009 20:24:28 +0000 |
1109 | + |
1110 | +cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low |
1111 | + |
1112 | + * Depend on watershed. |
1113 | + |
1114 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 22 Dec 2009 01:37:36 +0000 |
1115 | + |
1116 | +cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low |
1117 | + |
1118 | + [ Steve Langasek ] |
1119 | + * Fix the LSB header in the init scripts, now that we don't install to |
1120 | + rcS.d. |
1121 | + |
1122 | + [ Martin Pitt ] |
1123 | + * debian/initramfs/cryptroot-script: Fix this to work with current |
1124 | + initramfs-tools: |
1125 | + - Source /scripts/functions after checking for prerequisites. |
1126 | + - prereqs(): Do not assume we are running within initramfs, and calculate |
1127 | + relative path correctly. |
1128 | + |
1129 | + -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 18 Dec 2009 17:07:07 +0100 |
1130 | + |
1131 | +cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low |
1132 | + |
1133 | + * Rename the upstart job introduced in the previous upload to |
1134 | + cryptdisks-udev and restore the previous version of the job as |
1135 | + cryptdisks-enable, to run at the end of udev coldplugging as before; |
1136 | + this isn't entirely race-free, but should nevertheless give us the |
1137 | + two passes needed to cover devices that are decrypted using keys stored |
1138 | + on other encrypted disks. LP: #443980. |
1139 | + |
1140 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 16 Dec 2009 06:41:30 +0000 |
1141 | + |
1142 | +cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low |
1143 | + |
1144 | + [ Steve Langasek ] |
1145 | + * debian/initramfs/cryptroot-script: if plymouth is present in the |
1146 | + initramfs, use this directly, bypassing the cryptsetup askpass script; |
1147 | + but keep support for these other frontends around on a transitional |
1148 | + basis. |
1149 | + * debian/cryptdisks.functions: |
1150 | + - change interaction to use plymouth directly if present, and if not, to |
1151 | + fall back to /lib/cryptsetup/askpass as before |
1152 | + - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure |
1153 | + we only ever have one of these running at a time; otherwise multiple |
1154 | + invocations could steal each other's input and/or write over each |
1155 | + other's output |
1156 | + - new function, crypttab_start_one_disk, to look for the named source |
1157 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1158 | + if configured to do so |
1159 | + * debian/cryptdisks-enable.upstart: run the upstart job once for each block |
1160 | + device, using the new crypttab_start_one_disk function, triggered by udev; |
1161 | + this doesn't eliminate the possibility of a race with gdm when the |
1162 | + decrypted volume isn't a 'bootwait' mount point (since gdm kills |
1163 | + plymouth), but it does eliminate the race between udev and cryptsetup. |
1164 | + LP: #454898. |
1165 | + * debian/cryptdisks-enable.upstart: check that the package is installed |
1166 | + and exit gracefully if it's not. LP: #435814 |
1167 | + * debian/cryptdisk.functions: initially create the device under a temporary |
1168 | + name and rename it only at the end using 'dmsetup rename', to ensure that |
1169 | + upstart/mountall doesn't see our device before it's ready to go. |
1170 | + LP: #475936. |
1171 | + |
1172 | + [ Colin Watson ] |
1173 | + * Add ext4 support to passdev. |
1174 | + |
1175 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 15 Dec 2009 18:05:45 -0800 |
1176 | + |
1177 | +cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low |
1178 | + |
1179 | + * cryptroot-hook: Use if [ -n … ] instead of if ! test -z …. |
1180 | + |
1181 | + -- LoĂ¯c Minier <loic.minier@ubuntu.com> Sat, 12 Dec 2009 11:32:52 +0100 |
1182 | + |
1183 | +cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low |
1184 | + |
1185 | + * cryptroot-hook: dont call copy_modules_dir with empty arguments when |
1186 | + archcrypto isnt found (LP: #495161) |
1187 | + |
1188 | + -- Oliver Grawert <ogra@ubuntu.com> Fri, 11 Dec 2009 14:39:00 +0100 |
1189 | + |
1190 | +cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low |
1191 | + |
1192 | + * Merge with Debian testing. Remaining Ubuntu changes: |
1193 | + - debian/rules: cryptsetup is linked dynamically against libgcrypt and |
1194 | + libgpg-error. |
1195 | + - Upstart migration: |
1196 | + + Add debian/cryptdisks-enable.upstart. |
1197 | + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1198 | + script a no-op, this should be handled entirely by the upstart job. |
1199 | + (LP #473615) |
1200 | + + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on |
1201 | + upgrade. |
1202 | + + debian/rules: Do not install start symlinks for those two, and install |
1203 | + debian/cryptdisks-enable.upstart scripts. |
1204 | + - Add debian/cryptsetup.apport: Apport package hook. Install in |
1205 | + debian/rules, and create dir in debian/cryptsetup.dirs. |
1206 | + - Start usplash in initramfs, since we need it for fancy passphrase input: |
1207 | + + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y |
1208 | + + debian/control: Bump initramfs-tools Suggests to Depends:. |
1209 | + |
1210 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 11 Nov 2009 15:04:27 +0100 |
1211 | + |
1212 | cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low |
1213 | |
1214 | * new upstream release candidate (1.1.0-rc2), highlights include: |
1215 | @@ -1987,6 +2990,80 @@ cryptsetup (2:1.0.7~rc1-1) unstable; urgency=low |
1216 | |
1217 | -- Jonas Meurer <mejo@debian.org> Sat, 04 Jul 2009 15:52:06 +0200 |
1218 | |
1219 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low |
1220 | + |
1221 | + [ Steve Langasek ] |
1222 | + * Make the 'start' action of the init script a no-op, this should be |
1223 | + handled entirely by the upstart job now; and remove any symlinks from |
1224 | + /etc/rcS.d on upgrade. LP: #473615. |
1225 | + |
1226 | + [ Reinhard Tartler ] |
1227 | + * Add an apport hook |
1228 | + * import the blkid and un_blkid from debian, LP: #446517 |
1229 | + * also use this script by default (setting in /etc/default/cryptdisks) |
1230 | + |
1231 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 04 Nov 2009 12:06:47 +0000 |
1232 | + |
1233 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low |
1234 | + |
1235 | + * Reupload previous version, siretart had left changes in bzr which |
1236 | + weren't documented in the changelog and caused FTBFS. |
1237 | + |
1238 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 14 Oct 2009 13:57:59 +0100 |
1239 | + |
1240 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low |
1241 | + |
1242 | + [ Steve Langasek ] |
1243 | + * Move the Debian Vcs- fields aside. |
1244 | + |
1245 | + [ Scott James Remnant ] |
1246 | + * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy, |
1247 | + cryptsetup should not need a controlling terminal, just a terminal |
1248 | + is fine. May fix LP: #439138. |
1249 | + |
1250 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 14 Oct 2009 04:52:16 +0100 |
1251 | + |
1252 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low |
1253 | + |
1254 | + * debian/cryptdisks-enable.upstart: Things that often help include |
1255 | + not setting stdin/out to /dev/null, so you can actually type the |
1256 | + passphrase. I am an idiot. LP: #430496. |
1257 | + |
1258 | + -- Scott James Remnant <scott@ubuntu.com> Thu, 17 Sep 2009 17:58:01 +0100 |
1259 | + |
1260 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low |
1261 | + |
1262 | + * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted |
1263 | + disks once we've finished probing for udev devices, so that mountall |
1264 | + can use them. LP: #430496. |
1265 | + |
1266 | + -- Scott James Remnant <scott@ubuntu.com> Thu, 17 Sep 2009 00:04:00 +0100 |
1267 | + |
1268 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low |
1269 | + |
1270 | + * debian/initramfs/cryptroot-conf: declare that we want usplash included |
1271 | + in the initramfs whenever this package is installed. LP: #427356. |
1272 | + |
1273 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 15 Sep 2009 08:43:15 -0700 |
1274 | + |
1275 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low |
1276 | + |
1277 | + * Merge from debian unstable, remaining changes: |
1278 | + - Ubuntu specific: |
1279 | + + debian/rules: link dynamically for better security supportability and |
1280 | + smaller packages. |
1281 | + + debian/control: Depend on initramfs-tools so system is not potentially |
1282 | + rendered unbootable. |
1283 | + - debian/initramfs/cryptroot-script wait for encrypted device to appear, |
1284 | + report with log_*_msg (debian bug 488271). |
1285 | + - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL |
1286 | + correlation between fstab and crypttab (debian bug 522041). |
1287 | + - debian/askpass.c, debian/initramfs/cryptroot-script: using newline |
1288 | + escape in passphrase prompt to avoid line-wrapping (debian bug 528133). |
1289 | + * Drop 04_fix_udevsettle_call.patch: fixed upstream differently. |
1290 | + |
1291 | + -- Kees Cook <kees@ubuntu.com> Sun, 10 May 2009 17:29:32 -0700 |
1292 | + |
1293 | cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low |
1294 | |
1295 | * New upstream svn snapshot. Highlights include: |
1296 | @@ -2028,6 +3105,67 @@ cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low |
1297 | |
1298 | -- Jonas Meurer <mejo@debian.org> Mon, 06 Apr 2009 08:49:14 +0200 |
1299 | |
1300 | +cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low |
1301 | + |
1302 | + * debian/control: Depend on initramfs-tools so system is not potentially |
1303 | + rendered unbootable (LP: #358654). |
1304 | + |
1305 | + -- Kees Cook <kees@ubuntu.com> Thu, 09 Apr 2009 12:29:31 -0700 |
1306 | + |
1307 | +cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low |
1308 | + |
1309 | + * debian/initramfs/cryptroot-script: we don't require vol_id to understand |
1310 | + the encrypted device, but we should check the device is fully up first |
1311 | + before continuing by calling udevadm settle. LP: #291752. |
1312 | + |
1313 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 07 Mar 2009 21:39:14 -0800 |
1314 | + |
1315 | +cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low |
1316 | + |
1317 | + * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation |
1318 | + between fstab and crypttab (LP: #287879). |
1319 | + |
1320 | + -- TJ <ubuntu@tjworld.net> Mon, 16 Feb 2009 23:00:00 +0000 |
1321 | + |
1322 | +cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low |
1323 | + |
1324 | + * debian/askpass.c: also handle newline escape code in console prompt. |
1325 | + |
1326 | + -- Kees Cook <kees@ubuntu.com> Sun, 15 Feb 2009 08:57:05 -0800 |
1327 | + |
1328 | +cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low |
1329 | + |
1330 | + [ https://launchpad.net/~svenkata ] |
1331 | + * debian/checks/un_vol_id: dynamically build the "unknown volume type" |
1332 | + string, to allow for encrypted swap, LP: #316607 |
1333 | + |
1334 | + -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 12 Feb 2009 16:57:30 -0600 |
1335 | + |
1336 | +cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low |
1337 | + |
1338 | + * debian/askpass.c: handle newline escape code in password prompt. |
1339 | + * debian/initramfs/cryptroot-script: add newline to split cryptroot |
1340 | + password prompt onto two lines for readability (LP: #326900). |
1341 | + |
1342 | + -- Kees Cook <kees@ubuntu.com> Sun, 08 Feb 2009 07:26:01 -0800 |
1343 | + |
1344 | +cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low |
1345 | + |
1346 | + * Merge from debian unstable, remaining changes: |
1347 | + - debian/initramfs/cryptroot-script: |
1348 | + - must source /scripts/functions to get the log_*_msg() functions. |
1349 | + - wait for encrypted device to show up (LP 164044, 291752). |
1350 | + - disable error message 'failed to setup lvm device' (LP 151532). |
1351 | + - debian/rules: |
1352 | + - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is |
1353 | + in Debian unstable). |
1354 | + - link dynamically (LP 62751). |
1355 | + - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle. |
1356 | + * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's |
1357 | + version is higher now. |
1358 | + |
1359 | + -- Kees Cook <kees@ubuntu.com> Tue, 06 Jan 2009 13:00:16 -0800 |
1360 | + |
1361 | cryptsetup (2:1.0.6-7) unstable; urgency=medium |
1362 | |
1363 | * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE |
1364 | @@ -2072,6 +3210,38 @@ cryptsetup (2:1.0.6-7) unstable; urgency=medium |
1365 | |
1366 | -- Jonas Meurer <mejo@debian.org> Wed, 17 Dec 2008 21:25:45 +0100 |
1367 | |
1368 | +cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low |
1369 | + |
1370 | + * debian/initramfs/cryptroot-script: do not require that vol_id |
1371 | + can parse the encrypted device as valid (LP: #291752). |
1372 | + |
1373 | + -- Kees Cook <kees@ubuntu.com> Fri, 31 Oct 2008 13:10:06 -0700 |
1374 | + |
1375 | +cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low |
1376 | + |
1377 | + * Fixes for (LP: #272301) |
1378 | + * debian/initramfs/cryptroot-script: must source /scripts/functions to get |
1379 | + the log_*_msg() functions |
1380 | + * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle |
1381 | + |
1382 | + -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 19 Sep 2008 18:03:28 -0500 |
1383 | + |
1384 | +cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low |
1385 | + |
1386 | + * drop almost all ubuntu specific changes from the cryptsetup package, |
1387 | + because they have been merged in debian. Thanks a lot! |
1388 | + * merge from debian, remaining changes: |
1389 | + - remove versioned build-depency on libdevmapper-dev, we are using a |
1390 | + rather sophisticated loop for making sure the root filesystem appears. |
1391 | + * debian/rules: fix location of ltmain.sh |
1392 | + * don't exit usplash anymore in the init script. LP: #110970, #139363 |
1393 | + * Disable error message 'failed to setup lvm device'. It is harmless, and |
1394 | + caused by the fact that the udev rules provided by lvm2 are setting up |
1395 | + the lvm on their own. In debian the scripts here are responsible for this |
1396 | + but obviously fail in ubuntu. LP: #151532 |
1397 | + |
1398 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 30 Aug 2008 17:52:16 +0200 |
1399 | + |
1400 | cryptsetup (2:1.0.6-6) unstable; urgency=high |
1401 | |
1402 | * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles |
1403 | @@ -2173,6 +3343,79 @@ cryptsetup (2:1.0.6-3) unstable; urgency=low |
1404 | |
1405 | -- Jonas Meurer <mejo@debian.org> Mon, 07 Jul 2008 00:30:07 +0200 |
1406 | |
1407 | +cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low |
1408 | + |
1409 | + * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally |
1410 | + dropped in version 2:1.0.6-2ubuntu6. |
1411 | + |
1412 | + -- Reinhard Tartler <siretart@tauware.de> Fri, 20 Jun 2008 15:15:54 +0200 |
1413 | + |
1414 | +cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low |
1415 | + |
1416 | + [ Kjell Braden ] |
1417 | + * load scripts/functions for log_{begin,end}_msg |
1418 | + * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device |
1419 | + * debian/initramfs/cryptroot-hook: copy binaries to the right directory |
1420 | + |
1421 | + [ Reinhard Tartler ] |
1422 | + * remove versioned build-depency on libdevmapper-dev, we are using a |
1423 | + rather sophisticated loop for making sure the root filesystem appears. |
1424 | + |
1425 | + -- Reinhard Tartler <siretart@tauware.de> Wed, 18 Jun 2008 00:26:43 +0200 |
1426 | + |
1427 | +cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low |
1428 | + |
1429 | + * Okay, I give up. include preprocessed manpages and adapt |
1430 | + debian/rules to easily produce those. |
1431 | + ATTENTION: on subsequent uploads, make sure that the manpages are |
1432 | + available and up-to-date. |
1433 | + |
1434 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 13:33:07 +0200 |
1435 | + |
1436 | +cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low |
1437 | + |
1438 | + * also use local dtd in debian/doc/variables.xml.in. |
1439 | + |
1440 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 12:55:42 +0200 |
1441 | + |
1442 | +cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low |
1443 | + |
1444 | + * try harder to fix FTBFS. |
1445 | + |
1446 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 11:42:54 +0200 |
1447 | + |
1448 | +cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low |
1449 | + |
1450 | + * build docbook documentation using local dtds instead of trying to |
1451 | + download them at buildtime. Fixes FTBFS. |
1452 | + |
1453 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 11:12:28 +0200 |
1454 | + |
1455 | +cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low |
1456 | + |
1457 | + * Merge new debian version. Remaining changes: |
1458 | + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
1459 | + bzr on launchpad. |
1460 | + - debian/rules: cryptsetup is linked dynamically against libgcrypt and |
1461 | + libgpg-error. |
1462 | + - cryptdisks.functions: stop usplash on user input. LP #62751 |
1463 | + - Parse comments in lines not starting with '#', LP #185380 |
1464 | + - If the encrypted source device hasn't shown up yet, give it a |
1465 | + little while to deal with removable devices. LP #164044 |
1466 | + * Depend on race-free version of libdevmapper, thus making udevsettle |
1467 | + call from cryptsetup binary unnecessary. Dropping patch |
1468 | + debian/patches/06_run_udevsettle.patch |
1469 | + * remove patch from LP #73862, loading optimized modules has been solved |
1470 | + in debian in another way. |
1471 | + * cryptdisk.functions: remove spurious call to load_optimized_module. |
1472 | + LP: #239946 |
1473 | + * bugfix: make regex work if keyfile has extended attributes. LP: #231339. |
1474 | + * remove patch in cryptdisks.functions for rexecing the script itself for |
1475 | + ensuring that a tty is always available. (See LP #58794.) According to |
1476 | + Scott, this is not necessary anymore. |
1477 | + |
1478 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 14 Jun 2008 23:28:51 +0200 |
1479 | + |
1480 | cryptsetup (2:1.0.6-2) unstable; urgency=low |
1481 | |
1482 | [ Jonas Meurer ] |
1483 | @@ -2198,6 +3441,54 @@ cryptsetup (2:1.0.6-2) unstable; urgency=low |
1484 | |
1485 | -- David Härdeman <david@hardeman.nu> Mon, 26 May 2008 08:12:32 +0200 |
1486 | |
1487 | +cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low |
1488 | + |
1489 | + [ Kjell Braden ] |
1490 | + * Fix configuration parsing (LP: #239808) |
1491 | + |
1492 | + [ Reinhard Tartler ] |
1493 | + * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723) |
1494 | + |
1495 | + -- Reinhard Tartler <siretart@tauware.de> Fri, 13 Jun 2008 21:26:17 +0200 |
1496 | + |
1497 | +cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low |
1498 | + |
1499 | + * Parse comments in lines not starting with '#', LP: #185380 |
1500 | + * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough |
1501 | + for the cryptdevice to appear. Reimplement the busy waiting loop found |
1502 | + while waiting for the root file system. Patch based on work by SwĂ¢mi |
1503 | + Petaramesh. LP: #164044 |
1504 | + * debian/crypdisks.functions: call 'env' with full path. LP: #178829. |
1505 | + |
1506 | + -- Reinhard Tartler <siretart@tauware.de> Mon, 26 May 2008 22:12:32 +0200 |
1507 | + |
1508 | +cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low |
1509 | + |
1510 | + * Simplify the patch in debian/cryptdisks.functions that stops usplash |
1511 | + before asking for a passphrase. |
1512 | + |
1513 | + -- Reinhard Tartler <siretart@tauware.de> Mon, 26 May 2008 20:18:14 +0200 |
1514 | + |
1515 | +cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low |
1516 | + |
1517 | + * Merge new debian version. Remaining changes: |
1518 | + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
1519 | + - stop usplash on user input. LP #62751 |
1520 | + - debian/cryptdisks.functions: Always output and read from the console. |
1521 | + LP #58794. |
1522 | + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
1523 | + bzr on launchpad. |
1524 | + - debian/initramfs/cryptroot-hook: LP #73862 |
1525 | + Added patch to install aes optimized cypher module |
1526 | + - try to load optimized cypher module in cryptsetup.functions as well, |
1527 | + because cryptroot-hook is only executed when we really have a |
1528 | + cryptoroot. |
1529 | + * other ubuntu changes have been merged into debian. Please report bugs |
1530 | + if you believe some patches have been dropped. |
1531 | + * removed 07_typos_fix.patch, has been reviewed and applied upstream. |
1532 | + |
1533 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 25 May 2008 22:52:30 +0200 |
1534 | + |
1535 | cryptsetup (2:1.0.6-1) unstable; urgency=low |
1536 | |
1537 | [ Jonas Meurer ] |
1538 | @@ -2329,6 +3620,138 @@ cryptsetup (2:1.0.6~pre1-1) unstable; urgency=low |
1539 | |
1540 | -- Jonas Meurer <mejo@debian.org> Thu, 06 Dec 2007 15:56:05 +0100 |
1541 | |
1542 | +cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low |
1543 | + |
1544 | + * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181) |
1545 | + |
1546 | + -- Bruno Barrera Yever <bbyever@gmail.com> Mon, 07 Apr 2008 18:43:05 -0500 |
1547 | + |
1548 | +cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low |
1549 | + |
1550 | + * debian/initramfs/cryptroot-script: Do show the disk name after all, since |
1551 | + some people use multiple encrypted partitions as LVM PVs. (LP: #201413) |
1552 | + |
1553 | + -- Martin Pitt <martin.pitt@ubuntu.com> Sun, 06 Apr 2008 11:54:41 -0600 |
1554 | + |
1555 | +cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low |
1556 | + |
1557 | + * debian/initramfs/cryptroot-script: Do not mention the name of the |
1558 | + encrypted device. It is just technobabble anyway (sda4_crypt), and there |
1559 | + is just one root partition ever, so it is not needed to tell apart |
1560 | + different partitions. From a security POV, someone who can change your |
1561 | + initramfs to boot a different root partition can just as well change the |
1562 | + strings, too. (LP: #201413) |
1563 | + |
1564 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 02 Apr 2008 15:51:53 +0200 |
1565 | + |
1566 | +cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low |
1567 | + |
1568 | + * debian/scripts/luksformat: Use 256 bit key size by default. |
1569 | + (LP: #78508) |
1570 | + * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for |
1571 | + luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508) |
1572 | + |
1573 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 27 Feb 2008 17:43:46 +0100 |
1574 | + |
1575 | +cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low |
1576 | + |
1577 | + * Fix -x calls and access() call. |
1578 | + |
1579 | + -- Scott James Remnant <scott@ubuntu.com> Fri, 14 Dec 2007 16:54:53 +0000 |
1580 | + |
1581 | +cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low |
1582 | + |
1583 | + * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle |
1584 | + * debian/patches/06_call_udevsettle.dpatch: likewise |
1585 | + |
1586 | + -- Scott James Remnant <scott@ubuntu.com> Fri, 14 Dec 2007 16:11:36 +0000 |
1587 | + |
1588 | +cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low |
1589 | + |
1590 | + * Make cryptsetup understand devices specified by UUID=... or LABEL= |
1591 | + in crypttab. (LP: #153597) |
1592 | + |
1593 | + -- Andrea Colangelo <warp10@libero.it> Mon, 29 Oct 2007 18:22:51 +0100 |
1594 | + |
1595 | +cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low |
1596 | + |
1597 | + * reenable additional udevsettle calls in cryptroot hook from |
1598 | + https://launchpad.net/bugs/85640, LP: #132373. |
1599 | + * change maintainer to ubuntu-core-dev. |
1600 | + * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control. |
1601 | + |
1602 | + -- Reinhard Tartler <siretart@tauware.de> Thu, 08 Nov 2007 23:52:19 +0100 |
1603 | + |
1604 | +cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low |
1605 | + |
1606 | + * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last |
1607 | + upload. Sorry, pitti. |
1608 | + * convert patch to lib/libdevmapper.c to a dpatch. |
1609 | + |
1610 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 04 Nov 2007 21:42:43 +0100 |
1611 | + |
1612 | +cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low |
1613 | + |
1614 | + * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation |
1615 | + events are being processed by calling /sbin/udevsettle. Patch based on |
1616 | + OpenSUSE bug #285478, LP: #132373. |
1617 | + * Based on the change above, the patch from LP #85640 is no longer needed. |
1618 | + dropping the relevant parts. |
1619 | + * Fix debian/rules to not fail to build if autom4te.cache is left behind |
1620 | + from a previous incomplete build. |
1621 | + |
1622 | + -- Reinhard Tartler <siretart@tauware.de> Fri, 02 Nov 2007 20:53:31 +0100 |
1623 | + |
1624 | +cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low |
1625 | + |
1626 | + * debian/initramfs/cryptroot-script: |
1627 | + - If the supplied password worked, remove the prompt from usplash again, |
1628 | + so that the user has some visual feedback that everything is alright. |
1629 | + (LP: #151305) |
1630 | + - Do not show the UUID device node of the outer physical device. It is |
1631 | + scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not |
1632 | + improve security at all: If attackers can tamper with your initramfs, |
1633 | + they can also change the prompt, and if the UUID of the physical device |
1634 | + changes, then booting will not even get that far. Now it is a much more |
1635 | + friendly "Enter passphrase for sda5_crypt:" which is still technical, |
1636 | + but it's necessary to point out which device will be unlocked in case |
1637 | + there are several. |
1638 | + |
1639 | + -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 11 Oct 2007 19:51:58 +0200 |
1640 | + |
1641 | +cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low |
1642 | + |
1643 | + * Merge new debian version. Remaining changes: |
1644 | + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
1645 | + This will break systems where /usr is a separate encrypted filesystem |
1646 | + but not have other bad consequences (in particular, systems with |
1647 | + encrypted root are still fine). The upsides include better |
1648 | + security supportability and smaller packages. |
1649 | + - libcryptsetup.so et al removed from the binary packages. They have |
1650 | + no stable ABI and are not suitable for use by other packages, and |
1651 | + were in violation of library policies etc. They're not needed since |
1652 | + the cryptsetup executable statically contains the relevant parts of |
1653 | + libcryptsetup. |
1654 | + - cryptdisks.functions: remove #!/bin/bash as it isn't a script |
1655 | + by itself; it's only sourced by other scripts. This gets rid |
1656 | + of the lintian warning `script-not-executable' for this file. |
1657 | + - stop usplash on user input. LP #62751 |
1658 | + - Always output and read from the console. LP #58794. |
1659 | + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
1660 | + bzr on launchpad. |
1661 | + - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate |
1662 | + libnsl linkage; |
1663 | + - debian/initramfs/cryptroot-hook: (LP: #73862) |
1664 | + Added patch to install aes optimized cypher module |
1665 | + - try to load optimized cypher module in cryptsetup.functions as well, |
1666 | + because cryptroot-hook is only executed when we really have a |
1667 | + cryptoroot. |
1668 | + - apply patch from pitti for allowing UUIDs in /etc/crypttab. |
1669 | + This allowes crypted PVs! LP: #144390. |
1670 | + - remove README.ubuntu, since it contains old and obsolete information. |
1671 | + |
1672 | + -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Oct 2007 21:31:28 +0200 |
1673 | + |
1674 | cryptsetup (2:1.0.5-2) unstable; urgency=low |
1675 | |
1676 | [ Jonas Meurer ] |
1677 | @@ -2377,6 +3800,68 @@ cryptsetup (2:1.0.5-2) unstable; urgency=low |
1678 | |
1679 | -- Jonas Meurer <mejo@debian.org> Mon, 24 Sep 2007 15:42:06 +0200 |
1680 | |
1681 | +cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low |
1682 | + |
1683 | + * apply patch from pitti for allowing UUIDs in /etc/crypttab. |
1684 | + This allowes crypted PVs! LP: #144390. |
1685 | + * remove README.ubuntu, since it contains old and obsolete information. |
1686 | + |
1687 | + -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Oct 2007 19:59:24 +0200 |
1688 | + |
1689 | +cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low |
1690 | + |
1691 | + [ Stephan Hermann ] |
1692 | + * debian/initramfs/cryptroot-hook: (LP: #73862) |
1693 | + - Added patch to install aes optimized cypher module |
1694 | + |
1695 | + [ Reinhard Tartler ] |
1696 | + * re-applying old patch to new package version |
1697 | + * try to load optimized cypher module in cryptsetup.functions as well, |
1698 | + because cryptroot-hook is only executed when we really have a |
1699 | + cryptoroot. |
1700 | + |
1701 | + -- Reinhard Tartler <siretart@tauware.de> Thu, 27 Sep 2007 19:38:48 +0200 |
1702 | + |
1703 | +cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low |
1704 | + |
1705 | + * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate |
1706 | + libnsl linkage; should finally produce a usable cryptsetup binary for |
1707 | + the udeb. |
1708 | + |
1709 | + -- Colin Watson <cjwatson@ubuntu.com> Wed, 19 Sep 2007 15:28:52 +0100 |
1710 | + |
1711 | +cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low |
1712 | + |
1713 | + * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for |
1714 | + proper udeb dependencies. |
1715 | + |
1716 | + -- Colin Watson <cjwatson@ubuntu.com> Wed, 19 Sep 2007 01:37:02 +0100 |
1717 | + |
1718 | +cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low |
1719 | + |
1720 | + * Merge new debian version. Remaining changes: |
1721 | + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
1722 | + This will break systems where /usr is a separate encrypted filesystem |
1723 | + but not have other bad consequences (in particular, systems with |
1724 | + encrypted root are still fine). The upsides include better |
1725 | + security supportability and smaller packages. |
1726 | + - libcryptsetup.so et al removed from the binary packages. They have |
1727 | + no stable ABI and are not suitable for use by other packages, and |
1728 | + were in violation of library policies etc. They're not needed since |
1729 | + the cryptsetup executable statically contains the relevant parts of |
1730 | + libcryptsetup. |
1731 | + - cryptdisks.functions: remove #!/bin/bash as it isn't a script |
1732 | + by itself; it's only sourced by other scripts. This gets rid |
1733 | + of the lintian warning `script-not-executable' for this file. |
1734 | + - stop usplash on user input. LP #62751 |
1735 | + - Always output and read from the console. LP #58794. |
1736 | + * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
1737 | + bzr on launchpad. |
1738 | + * UVF exception request granted by Scott Kitterman and Chuck Short |
1739 | + LP: #138295 |
1740 | + |
1741 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 08 Sep 2007 19:04:54 +0200 |
1742 | + |
1743 | cryptsetup (2:1.0.5-1) unstable; urgency=low |
1744 | |
1745 | [ Jonas Meurer ] |
1746 | @@ -2397,6 +3882,66 @@ cryptsetup (2:1.0.5-1) unstable; urgency=low |
1747 | |
1748 | -- Jonas Meurer <mejo@debian.org> Fri, 27 Jul 2007 04:59:33 +0200 |
1749 | |
1750 | +cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low |
1751 | + |
1752 | + * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu |
1753 | + |
1754 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 08 Sep 2007 18:43:56 +0200 |
1755 | + |
1756 | +cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low |
1757 | + |
1758 | + * cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
1759 | + This will break systems where /usr is a separate encrypted filesystem |
1760 | + but not have other bad consequences (in particular, systems with |
1761 | + encrypted root are still fine). The upsides include better |
1762 | + security supportability and smaller packages. |
1763 | + * libcryptsetup.so et al removed from the binary packages. They have |
1764 | + no stable ABI and are not suitable for use by other packages, and |
1765 | + were in violation of library policies etc. They're not needed since |
1766 | + the cryptsetup executable statically contains the relevant parts of |
1767 | + libcryptsetup. |
1768 | + * cryptdisks.functions: remove #!/bin/bash as it isn't a script |
1769 | + by itself; it's only sourced by other scripts. This gets rid |
1770 | + of the lintian warning `script-not-executable' for this file. |
1771 | + |
1772 | + -- Ian Jackson <iwj@ubuntu.com> Fri, 31 Aug 2007 12:05:33 +0100 |
1773 | + |
1774 | +cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low |
1775 | + |
1776 | + * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions |
1777 | + (LP: #115617) |
1778 | + |
1779 | + -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 17:04:05 +0200 |
1780 | + |
1781 | +cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low |
1782 | + |
1783 | + * make luksformat check if filesystem is already mounted to prevent a |
1784 | + strange error message. thanks to mvo for the patch (LP: #116633) |
1785 | + * remove file debian/initramfs-cryptroot-script from source. it is not |
1786 | + installed anywhere, and a leftover from the last merge. |
1787 | + * add missing hunk of cryptsetup.functions compared to debian package. |
1788 | + * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to |
1789 | + debian/initramfs/cryptroot-script, since stgraber's patch has been |
1790 | + lost in the last merge. (LP: #85640) |
1791 | + |
1792 | + -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 15:02:57 +0200 |
1793 | + |
1794 | +cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low |
1795 | + |
1796 | + * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405) |
1797 | + |
1798 | + -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 13:31:39 +0200 |
1799 | + |
1800 | +cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low |
1801 | + |
1802 | + * Merge from Debian unstable. Remaining Ubuntu changes: |
1803 | + - stop usplash on user input. Ubuntu: #62751 |
1804 | + - Always output and read from the console. Ubuntu: #58794. |
1805 | + - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) |
1806 | + * Modify Maintainer value to match Debian-Maintainer-Field Spec |
1807 | + |
1808 | + -- Andrea Veri <bluekuja@ubuntu.com> Sun, 6 May 2007 22:33:25 +0200 |
1809 | + |
1810 | cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low |
1811 | |
1812 | * New upstream svn snapshot with several bugfixes |
1813 | @@ -2449,6 +3994,20 @@ cryptsetup (2:1.0.4+svn26-2) unstable; urgency=low |
1814 | |
1815 | -- Jonas Meurer <mejo@debian.org> Sat, 28 Apr 2007 20:45:50 +0200 |
1816 | |
1817 | +cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low |
1818 | + |
1819 | + * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) |
1820 | + |
1821 | + -- Stéphane Graber <stgraber@ubuntu.com> Thu, 14 Apr 2007 10:03:41 +0200 |
1822 | + |
1823 | +cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low |
1824 | + |
1825 | + * merge debian changes. Remaining ubuntu changes: |
1826 | + - stop usplash on user input. Ubuntu: #62751 |
1827 | + - Always output and read from the console. Ubuntu: #58794. |
1828 | + |
1829 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 3 Feb 2007 21:30:03 +0100 |
1830 | + |
1831 | cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high |
1832 | |
1833 | [ Jonas Meurer ] |
1834 | @@ -2498,6 +4057,28 @@ cryptsetup (2:1.0.4+svn16-1) unstable; urgency=medium |
1835 | |
1836 | -- Jonas Meurer <mejo@debian.org> Tue, 28 Nov 2006 18:17:12 +0100 |
1837 | |
1838 | +cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low |
1839 | + |
1840 | + * fix and improve initramfs hook: terminate usplash if running, since |
1841 | + adequate secure text input is not possible with usplash ATM |
1842 | + * usplash support: Terminate usplash before asking a password. |
1843 | + Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751 |
1844 | + |
1845 | + -- Reinhard Tartler <siretart@tauware.de> Wed, 24 Jan 2007 22:43:28 +0100 |
1846 | + |
1847 | +cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low |
1848 | + |
1849 | + * merge debian changes, remaining patches: |
1850 | + - Always output and read from the console. Ubuntu: #58794. |
1851 | + * other changes have been merged or do noy apply anymore |
1852 | + * read password via usplash if available in initramfs for rootfs. based on a patch from |
1853 | + Swen ThĂ¼mmler (Thanks for that!) Ubuntu #62751 |
1854 | + * read password from initscript via usplash if running. should fix the |
1855 | + rest of Ubuntu #62751. Only problem with that patch: It asks only once |
1856 | + for the password! improvements welcome! |
1857 | + |
1858 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 19 Nov 2006 20:04:19 +0100 |
1859 | + |
1860 | cryptsetup (2:1.0.4-8) unstable; urgency=high |
1861 | |
1862 | [ Jonas Meurer ] |
1863 | @@ -2655,6 +4236,27 @@ cryptsetup (2:1.0.4~rc2-1) unstable; urgency=low |
1864 | |
1865 | -- Jonas Meurer <mejo@debian.org> Mon, 4 Sep 2006 03:55:35 +0200 |
1866 | |
1867 | +cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low |
1868 | + |
1869 | + * Always output and read from the console. Ubuntu: #58794. |
1870 | + |
1871 | + -- Scott James Remnant <scott@ubuntu.com> Thu, 21 Sep 2006 03:05:18 +0100 |
1872 | + |
1873 | +cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low |
1874 | + |
1875 | + * Load the dm-crypt module on startup. Ubuntu: #53475. |
1876 | + |
1877 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 23 Aug 2006 11:53:49 +0200 |
1878 | + |
1879 | +cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low |
1880 | + |
1881 | + * Sync with Debian: |
1882 | + Remaining Ubuntu Changes |
1883 | + + debian/cryptdisks.functions: |
1884 | + - Tell usplash to quit if we ask for a passphrase |
1885 | + |
1886 | + -- Sebastian Dröge <slomo@ubuntu.com> Tue, 11 Jul 2006 20:03:27 +0200 |
1887 | + |
1888 | cryptsetup (2:1.0.3-3) unstable; urgency=low |
1889 | |
1890 | [ Jonas Meurer ] |
1891 | @@ -3074,3 +4676,4 @@ cryptsetup-luks (0.992-1) unstable; urgency=low |
1892 | * "integrated LUKS" support (very messy hack) |
1893 | |
1894 | -- Michael Gebetsroither <michael.geb@gmx.at> Thu, 10 Feb 2005 18:16:21 +0100 |
1895 | + |
1896 | diff --git a/debian/control b/debian/control |
1897 | index 3ea0be1..7d73f5f 100644 |
1898 | --- a/debian/control |
1899 | +++ b/debian/control |
1900 | @@ -1,7 +1,8 @@ |
1901 | Source: cryptsetup |
1902 | Section: admin |
1903 | Priority: optional |
1904 | -Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net> |
1905 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
1906 | +XSBC-Original-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net> |
1907 | Uploaders: Jonas Meurer <jonas@freesources.org>, |
1908 | Guilhem Moulin <guilhem@debian.org> |
1909 | Rules-Requires-Root: no |
1910 | @@ -76,11 +77,11 @@ Description: disk encryption support - command line tools |
1911 | |
1912 | Package: cryptsetup-initramfs |
1913 | Architecture: all |
1914 | -Depends: busybox | busybox-static, |
1915 | +Depends: busybox-initramfs, |
1916 | cryptsetup (>= ${source:Version}), |
1917 | initramfs-tools (>= 0.129) | linux-initramfs-tool, |
1918 | ${misc:Depends} |
1919 | -Recommends: console-setup, kbd |
1920 | +Recommends: console-setup, kbd, plymouth |
1921 | Breaks: cryptsetup (<< 2:2.0.3-1) |
1922 | Replaces: cryptsetup (<< 2:2.0.3-1) |
1923 | Description: disk encryption support - initramfs integration |
1924 | diff --git a/debian/cryptsetup-initramfs.install b/debian/cryptsetup-initramfs.install |
1925 | index 026ea37..6780893 100644 |
1926 | --- a/debian/cryptsetup-initramfs.install |
1927 | +++ b/debian/cryptsetup-initramfs.install |
1928 | @@ -5,5 +5,6 @@ debian/initramfs/hooks/* /usr/share/initramfs-tools/h |
1929 | debian/initramfs/scripts/local-block/cryptroot /usr/share/initramfs-tools/scripts/local-block/ |
1930 | debian/initramfs/scripts/local-bottom/cryptgnupg-sc /usr/share/initramfs-tools/scripts/local-bottom/ |
1931 | debian/initramfs/scripts/local-bottom/cryptopensc /usr/share/initramfs-tools/scripts/local-bottom/ |
1932 | +debian/initramfs/scripts/local-bottom/cryptroot /usr/share/initramfs-tools/scripts/local-bottom/ |
1933 | debian/initramfs/scripts/local-top/cryptopensc /usr/share/initramfs-tools/scripts/local-top/ |
1934 | debian/initramfs/scripts/local-top/cryptroot /usr/share/initramfs-tools/scripts/local-top/ |
1935 | diff --git a/debian/functions b/debian/functions |
1936 | index 3eaf1a4..3189939 100644 |
1937 | --- a/debian/functions |
1938 | +++ b/debian/functions |
1939 | @@ -9,6 +9,8 @@ else |
1940 | TABFILE="${TABFILE-/etc/crypttab}" |
1941 | fi |
1942 | export DM_DEFAULT_NAME_MANGLING_MODE=hex # for dmsetup(8) |
1943 | +export CRYPTR_LOCAL_BLOCK="/run/cryptroot.local-block" |
1944 | +export CRYPTR_CNT_FILE="/run/cryptroot.initrd.cnt" |
1945 | |
1946 | # Logging helpers. Send the argument list to plymouth(1), or fold it |
1947 | # and print it to the standard error. |
1948 | @@ -587,6 +589,7 @@ _resolve_device() { |
1949 | # Print the major:minor device ID(s) holding the file system currently |
1950 | # mounted currenty mounted on $mountpoint. |
1951 | # Return 0 on success, 1 on error (if $mountpoint is not a mountpoint). |
1952 | +# devno will be empty if the filesystem must be excluded. |
1953 | get_mnt_devno() { |
1954 | local wantmount="$1" devnos="" uuid dev IFS |
1955 | local spec mountpoint fstype _ DEV MAJ MIN |
1956 | @@ -600,8 +603,15 @@ get_mnt_devno() { |
1957 | # take the last mountpoint if used several times (shadowed) |
1958 | unset -v devnos |
1959 | spec="$(printf '%b' "$spec")" |
1960 | - _resolve_device "$spec" || continue # _resolve_device() already warns on error |
1961 | fstype="$(printf '%b' "$fstype")" |
1962 | + if [ "$fstype" = "zfs" ]; then |
1963 | + # Ignore ZFS entries as they don't have a major/minor and won't |
1964 | + # be imported when local-top cryptroot script will ran. |
1965 | + # Returns success with empty devno |
1966 | + printf '' |
1967 | + return 0 |
1968 | + fi |
1969 | + _resolve_device "$spec" || continue # _resolve_device() already warns on error |
1970 | if [ "$fstype" = "btrfs" ]; then |
1971 | # btrfs can span over multiple devices |
1972 | if uuid="$(_device_uuid "$DEV")"; then |
1973 | diff --git a/debian/initramfs/cryptroot-unlock b/debian/initramfs/cryptroot-unlock |
1974 | index d31b6f4..960e3a8 100644 |
1975 | --- a/debian/initramfs/cryptroot-unlock |
1976 | +++ b/debian/initramfs/cryptroot-unlock |
1977 | @@ -40,8 +40,14 @@ fi |
1978 | pgrep_exe() { |
1979 | local exe pid |
1980 | exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0 |
1981 | - ps -eo pid= | while read pid; do |
1982 | - [ "$(readlink -f "/proc/$pid/exe")" != "$exe" ] || printf '%d\n' "$pid" |
1983 | + ps | awk '{print $1, $5}' | while read LINE; do |
1984 | + set $LINE |
1985 | + local pid=$1 |
1986 | + local cmd=$(readlink -f -- "$2") |
1987 | + if [ "$cmd" == "$exe" ]; then |
1988 | + echo $pid |
1989 | + break |
1990 | + fi |
1991 | done |
1992 | } |
1993 | |
1994 | @@ -101,7 +107,7 @@ wait_for_prompt() { |
1995 | break |
1996 | fi |
1997 | |
1998 | - usleep 100000 |
1999 | + sleep 0.1 |
2000 | timer=$(( $timer - 1 )) |
2001 | if [ $timer -le 0 ]; then |
2002 | echo "Error: Timeout reached while waiting for askpass." >&2 |
2003 | @@ -112,7 +118,7 @@ wait_for_prompt() { |
2004 | # find the cryptsetup process with same $CRYPTTAB_NAME |
2005 | local o v |
2006 | for o in NAME TRIED OPTION_tries; do |
2007 | - if v="$(grep -z -m1 "^CRYPTTAB_$o=" "/proc/$pid/environ")"; then |
2008 | + if v="$(tr '\0' '\n' < "/proc/$pid/environ" | grep -m1 "^CRYPTTAB_$o=")"; then |
2009 | eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}" |
2010 | else |
2011 | eval unset -v "CRYPTTAB_$o" |
2012 | @@ -128,7 +134,7 @@ wait_for_prompt() { |
2013 | fi |
2014 | |
2015 | for pid in $(pgrep_exe "/sbin/cryptsetup"); do |
2016 | - if grep -Fxqz "CRYPTTAB_NAME=$CRYPTTAB_NAME" "/proc/$pid/environ"; then |
2017 | + if tr '\0' '\n' < "/proc/$pid/environ" | grep -Fxq "CRYPTTAB_NAME=$CRYPTTAB_NAME"; then |
2018 | PID=$pid |
2019 | BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break |
2020 | return 0 |
2021 | @@ -148,7 +154,7 @@ wait_for_prompt() { |
2022 | wait_for_answer() { |
2023 | local timer=$(( 10 * $TIMEOUT )) b |
2024 | while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do |
2025 | - usleep 100000 |
2026 | + sleep 0.1 |
2027 | timer=$(( $timer - 1 )) |
2028 | if [ $timer -le 0 ]; then |
2029 | echo "Error: Timeout reached while waiting for PID $PID." >&2 |
2030 | diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot |
2031 | index 7d88148..67dc6dd 100644 |
2032 | --- a/debian/initramfs/hooks/cryptroot |
2033 | +++ b/debian/initramfs/hooks/cryptroot |
2034 | @@ -179,16 +179,18 @@ generate_initrd_crypttab() { |
2035 | |
2036 | { |
2037 | if devnos="$(get_mnt_devno /)"; then |
2038 | - usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos |
2039 | + if [ -n "$devnos" ]; then |
2040 | + usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos |
2041 | + fi |
2042 | else |
2043 | cryptsetup_message "WARNING: Couldn't determine root device" |
2044 | fi |
2045 | |
2046 | - if devnos="$(get_resume_devno)"; then |
2047 | + if devnos="$(get_resume_devno)" && [ -n "$devnos" ]; then |
2048 | usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos |
2049 | fi |
2050 | |
2051 | - if devnos="$(get_mnt_devno /usr)"; then |
2052 | + if devnos="$(get_mnt_devno /usr)" && [ -n "$devnos" ]; then |
2053 | usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos |
2054 | fi |
2055 | |
2056 | diff --git a/debian/initramfs/scripts/local-block/cryptroot b/debian/initramfs/scripts/local-block/cryptroot |
2057 | index 8a9b4c0..8719fb6 100644 |
2058 | --- a/debian/initramfs/scripts/local-block/cryptroot |
2059 | +++ b/debian/initramfs/scripts/local-block/cryptroot |
2060 | @@ -15,6 +15,10 @@ prereqs) |
2061 | ;; |
2062 | esac |
2063 | |
2064 | +[ -f /lib/cryptsetup/functions ] || return 0 |
2065 | +. /lib/cryptsetup/functions |
2066 | + |
2067 | if [ -x /scripts/local-top/cryptroot ]; then |
2068 | + touch ${CRYPTR_LOCAL_BLOCK} |
2069 | exec /scripts/local-top/cryptroot |
2070 | fi |
2071 | diff --git a/debian/initramfs/scripts/local-bottom/cryptroot b/debian/initramfs/scripts/local-bottom/cryptroot |
2072 | new file mode 100644 |
2073 | index 0000000..4f44d38 |
2074 | --- /dev/null |
2075 | +++ b/debian/initramfs/scripts/local-bottom/cryptroot |
2076 | @@ -0,0 +1,23 @@ |
2077 | +#!/bin/sh |
2078 | +set +x |
2079 | +PREREQ="" |
2080 | + |
2081 | +prereqs() |
2082 | +{ |
2083 | + echo "$PREREQ" |
2084 | +} |
2085 | + |
2086 | +case $1 in |
2087 | +prereqs) |
2088 | + prereqs |
2089 | + exit 0 |
2090 | + ;; |
2091 | +esac |
2092 | + |
2093 | +# If we reached this stage, we do have a rootfs mounted |
2094 | +# so let's clean-up cryptroot setup mess... |
2095 | +[ -f /lib/cryptsetup/functions ] || return 0 |
2096 | +. /lib/cryptsetup/functions |
2097 | + |
2098 | +rm -f ${CRYPTR_LOCAL_BLOCK} |
2099 | +rm -f ${CRYPTR_CNT_FILE} |
2100 | diff --git a/debian/initramfs/scripts/local-top/cryptroot b/debian/initramfs/scripts/local-top/cryptroot |
2101 | index 4f36259..5a9ea60 100644 |
2102 | --- a/debian/initramfs/scripts/local-top/cryptroot |
2103 | +++ b/debian/initramfs/scripts/local-top/cryptroot |
2104 | @@ -31,8 +31,8 @@ esac |
2105 | |
2106 | |
2107 | # wait_for_source() |
2108 | -# Wait for encrypted $CRYPTTAB_SOURCE for up to 180s. Set |
2109 | -# $CRYPTTAB_SOURCE to its normalized device name when it shows up; |
2110 | +# Wait for encrypted $CRYPTTAB_SOURCE . Set $CRYPTTAB_SOURCE |
2111 | +# to its normalized device name when it shows up; |
2112 | # return 1 if timeout. |
2113 | wait_for_source() { |
2114 | wait_for_udev 10 |
2115 | @@ -42,17 +42,27 @@ wait_for_source() { |
2116 | return 0 |
2117 | fi |
2118 | |
2119 | - # The lines below has been taken from |
2120 | - # /usr/share/initramfs-tools/scripts/local's local_device_setup(), |
2121 | - # as suggested per https://launchpad.net/bugs/164044 |
2122 | - |
2123 | # If the source device hasn't shown up yet, give it a little while |
2124 | # to allow for asynchronous device discovery (e.g. USB). |
2125 | + # |
2126 | + # We also need to take into account RAID or other devices that may |
2127 | + # only be available on local-block stage. So, wait 5 seconds upfront, |
2128 | + # in local-top; if that fails, end execution relying on local-block |
2129 | + # invocations. Allow $ROOTDELAY/3 invocations with 1s sleep times (with |
2130 | + # a minimum of 30 invocations), and if after that we still fail, then it's |
2131 | + # really time to give-up. Variable $initrd_cnt tracks the re-invocations. |
2132 | + # |
2133 | + # Part of the lines below has been taken from initramfs-tools |
2134 | + # scripts/local's local_device_setup(), as suggested per |
2135 | + # https://launchpad.net/bugs/164044 . |
2136 | + |
2137 | + local slumber=1 |
2138 | + if [ ! -f "${CRYPTR_LOCAL_BLOCK}" ]; then # we are running on local-top |
2139 | + slumber=5 |
2140 | + fi |
2141 | |
2142 | cryptsetup_message "Waiting for encrypted source device $CRYPTTAB_SOURCE..." |
2143 | |
2144 | - # Default delay is 180s, cf. initramfs-tools(8) |
2145 | - local slumber="${ROOTDELAY:-180}" |
2146 | while [ $slumber -gt 0 ]; do |
2147 | sleep 1 |
2148 | |
2149 | @@ -75,7 +85,23 @@ wait_for_source() { |
2150 | # Set up a crypttab(5) mapping defined by $CRYPTTAB_NAME, |
2151 | # $CRYPTTAB_SOURCE, $CRYPTTAB_KEY, $CRYPTTAB_OPTIONS. |
2152 | setup_mapping() { |
2153 | - local dev |
2154 | + local dev initrd_cnt |
2155 | + |
2156 | + # We control here the number of re-invocations of this script from |
2157 | + # local-block - the heuristic is $ROOTDELAY/3, with a minimum of 30. |
2158 | + # This number is somewhat dictated by mdadm, we want to run more times |
2159 | + # than that script, to allow decrypting volumes on top of arrays. |
2160 | + |
2161 | + if [ -f "${CRYPTR_CNT_FILE}" ]; then |
2162 | + initrd_cnt=$(cat ${CRYPTR_CNT_FILE}) |
2163 | + else |
2164 | + initrd_cnt=${ROOTDELAY:-90} |
2165 | + initrd_cnt=$((initrd_cnt/3)) |
2166 | + if [ "${initrd_cnt}" -lt 30 ]; then |
2167 | + initrd_cnt=30 |
2168 | + fi |
2169 | + echo ${initrd_cnt} > "${CRYPTR_CNT_FILE}" |
2170 | + fi |
2171 | |
2172 | # The same target can be specified multiple times |
2173 | # e.g. root and resume lvs-on-lvm-on-crypto |
2174 | @@ -86,17 +112,23 @@ setup_mapping() { |
2175 | crypttab_parse_options --export --missing-path=fail || return 1 |
2176 | |
2177 | if ! wait_for_source; then |
2178 | - # we've given up |
2179 | - if [ -n "$panic" ]; then |
2180 | - panic "ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME." |
2181 | - else |
2182 | - # let the user fix matters if they can |
2183 | - echo " ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME." |
2184 | - echo " Check cryptopts=source= bootarg: cat /proc/cmdline" |
2185 | - echo " or missing modules, devices: cat /proc/modules; ls /dev" |
2186 | - panic "Dropping to a shell." |
2187 | - fi |
2188 | - return 1 # can't continue because environment is lost |
2189 | + if [ ${initrd_cnt} -le 0 ]; then |
2190 | + # we've given up |
2191 | + if [ -n "$panic" ]; then |
2192 | + panic "ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME." |
2193 | + else |
2194 | + # let the user fix matters if they can |
2195 | + echo " ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME." |
2196 | + echo " Check cryptopts=source= bootarg: cat /proc/cmdline" |
2197 | + echo " or missing modules, devices: cat /proc/modules; ls /dev" |
2198 | + panic "Dropping to a shell." |
2199 | + fi |
2200 | + return 1 # can't continue because environment is lost |
2201 | + else |
2202 | + initrd_cnt=$((initrd_cnt - 1)) |
2203 | + echo ${initrd_cnt} > "${CRYPTR_CNT_FILE}" |
2204 | + return 0 # allow some attempts on local-block stage |
2205 | + fi |
2206 | fi |
2207 | |
2208 | # our `cryptroot-unlock` script searches for cryptsetup processes |
2209 | @@ -169,6 +201,10 @@ setup_mapping() { |
2210 | done |
2211 | |
2212 | cryptsetup_message "ERROR: $CRYPTTAB_NAME: maximum number of tries exceeded" |
2213 | + |
2214 | + if [ -f "${CRYPTR_CNT_FILE}" ]; then |
2215 | + echo 0 > "${CRYPTR_CNT_FILE}" |
2216 | + fi |
2217 | exit 1 |
2218 | } |
2219 | |
2220 | diff --git a/debian/patches/decrease_memlock_ulimit.patch b/debian/patches/decrease_memlock_ulimit.patch |
2221 | new file mode 100644 |
2222 | index 0000000..be9b6ab |
2223 | --- /dev/null |
2224 | +++ b/debian/patches/decrease_memlock_ulimit.patch |
2225 | @@ -0,0 +1,55 @@ |
2226 | +Description: Decrease memlock limit to mimic Xenial builder behavior. |
2227 | + This approach prevents cryptsetup to FTBFS, since the PPA builders were |
2228 | + upgraded to Bionic, which has a bigger memlock limit (but not enough). |
2229 | + With this quirk, cryptsetup won't mlock() its memory allocationss, hence |
2230 | + it behaves exactly as the Xenial builders. Meanwhile, we pursue the |
2231 | + proper fix (systemd patch to bump memlock to a higher limit on Bionic). |
2232 | +Author: Guilherme G. Piccoli <gpiccoli@canonical.com> |
2233 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1891473 |
2234 | +Last-Update: 2020-09-09 |
2235 | + |
2236 | +Index: cryptsetup-2.3.3/tests/compat-test |
2237 | +=================================================================== |
2238 | +--- cryptsetup-2.3.3.orig/tests/compat-test |
2239 | ++++ cryptsetup-2.3.3/tests/compat-test |
2240 | +@@ -45,6 +45,10 @@ TEST_UUID="12345678-1234-1234-1234-12345 |
2241 | + LOOPDEV=$(losetup -f 2>/dev/null) |
2242 | + [ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) |
2243 | + |
2244 | ++# Circumvent test failure due to Bionic builder; we need to decrease |
2245 | ++# the memlock limit here to mimic Xenial builder (see LP #1891473). |
2246 | ++ulimit -l 0 |
2247 | ++ |
2248 | + function remove_mapping() |
2249 | + { |
2250 | + [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 >/dev/null 2>&1 |
2251 | +Index: cryptsetup-2.3.3/tests/luks2-validation-test |
2252 | +=================================================================== |
2253 | +--- cryptsetup-2.3.3.orig/tests/luks2-validation-test |
2254 | ++++ cryptsetup-2.3.3/tests/luks2-validation-test |
2255 | +@@ -21,6 +21,10 @@ FAILS=0 |
2256 | + |
2257 | + [ -z "$srcdir" ] && srcdir="." |
2258 | + |
2259 | ++# Circumvent test failure due to Bionic builder; we need to decrease |
2260 | ++# the memlock limit here to mimic Xenial builder (see LP #1891473). |
2261 | ++ulimit -l 0 |
2262 | ++ |
2263 | + function remove_mapping() |
2264 | + { |
2265 | + rm -rf $IMG $TST_IMGS >/dev/null 2>&1 |
2266 | +Index: cryptsetup-2.3.3/tests/tcrypt-compat-test |
2267 | +=================================================================== |
2268 | +--- cryptsetup-2.3.3.orig/tests/tcrypt-compat-test |
2269 | ++++ cryptsetup-2.3.3/tests/tcrypt-compat-test |
2270 | +@@ -13,6 +13,10 @@ PIM=1234 |
2271 | + |
2272 | + [ -z "$srcdir" ] && srcdir="." |
2273 | + |
2274 | ++# Circumvent test failure due to Bionic builder; we need to decrease |
2275 | ++# the memlock limit here to mimic Xenial builder (see LP #1891473). |
2276 | ++ulimit -l 0 |
2277 | ++ |
2278 | + function remove_mapping() |
2279 | + { |
2280 | + [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP |
2281 | diff --git a/debian/patches/series b/debian/patches/series |
2282 | new file mode 100644 |
2283 | index 0000000..270d874 |
2284 | --- /dev/null |
2285 | +++ b/debian/patches/series |
2286 | @@ -0,0 +1 @@ |
2287 | +decrease_memlock_ulimit.patch |
diff of debian dir against current ubuntu is https:/ /paste. ubuntu. com/p/QXFm3Q8SB t/