Merge ~mwhudson/ubuntu/+source/cryptsetup:merge into ubuntu/+source/cryptsetup:debian/sid

Proposed by Michael Hudson-Doyle
Status: Needs review
Proposed branch: ~mwhudson/ubuntu/+source/cryptsetup:merge
Merge into: ubuntu/+source/cryptsetup:debian/sid
Diff against target: 2287 lines (+1775/-33)
11 files modified
debian/changelog (+1603/-0)
debian/control (+4/-3)
debian/cryptsetup-initramfs.install (+1/-0)
debian/functions (+11/-1)
debian/initramfs/cryptroot-unlock (+12/-6)
debian/initramfs/hooks/cryptroot (+5/-3)
debian/initramfs/scripts/local-block/cryptroot (+4/-0)
debian/initramfs/scripts/local-bottom/cryptroot (+23/-0)
debian/initramfs/scripts/local-top/cryptroot (+56/-20)
debian/patches/decrease_memlock_ulimit.patch (+55/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Guilherme G. Piccoli (community) Approve
git-ubuntu developers Pending
Review via email: mp+393521@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

diff of debian dir against current ubuntu is https://paste.ubuntu.com/p/QXFm3Q8SBt/

Revision history for this message
Guilherme G. Piccoli (gpiccoli) wrote :

Thanks Michael, I've reviewed the MD/retry logic and the FTBFS fix, it's all fine / correctly backported!

Cheers,

Guilherme

review: Approve

Unmerged commits

730d330... by Michael Hudson-Doyle

update-maintainer

540f02c... by Michael Hudson-Doyle

reconstruct-changelog

434ed6d... by Michael Hudson-Doyle

merge-changelogs

71abcb1... by Michael Hudson-Doyle

      - debian/rules:
        - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
          without systemd knows how to ship cryptsetup.conf

5adf727... by Michael Hudson-Doyle

    - included in Debian:
      - debian/cryptsetup-bin.install:
        - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
          it was installed from ./scripts/crypsetup.conf.

df18e43... by Michael Hudson-Doyle

  * Dropped changes:
    - Included in new upstream version:
      - SECURITY UPDATE: Out-of-bounds write
        - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
          heap space in lib/luks2/luks2_json_metadata.c.
        - CVE-2020-14382

f307b13... by Michael Hudson-Doyle

    - Introduce retry logic for external invocations after mdadm (LP: #1879980)
      - Currently, if an encrypted rootfs is configured on top of a MD RAID1
        array and such array gets degraded (e.g., a member is removed/failed)
        the cryptsetup scripts cannot mount the rootfs, and the boot fails.
        We fix that issue here by allowing the cryptroot script to be re-run
        by initramfs-tools/local-block stage, as mdadm can activate degraded
        arrays at that stage.
        There is an initramfs-tools counter-part for this fix, but alone the
        cryptsetup portion is harmless.
      - d/cryptsetup-initramfs.install: ship the new local-bottom script.
      - d/functions: declare variables for local-top|block|bottom scripts
        (flag that local-block is running and external invocation counter.)
      - d/i/s/local-block/cryptroot: set flag that local-block is running.
      - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
      - d/i/s/local-top/cryptroot: change the logic from just waiting 180
        seconds to waiting 5 seconds first, then allowing initramfs-tools
        to run mdadm (to activate degraded arrays) and call back at least
        30 times/seconds more.

951dc07... by Michael Hudson-Doyle

    - debian/patches/decrease_memlock_ulimit.patch
      Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
      tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
      - Thanks Guilherme G. Piccoli.

8a58330... by Michael Hudson-Doyle

    - Fix warning and error when running on ZFS on root: (LP: #1830110)
      - d/functions: Return an empty devno for ZFS devices as they don't have
        major:minor device numbers.
      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
        devices don't have a devno.
      Submitted to debian upstream as bug #902449.

3adacbd... by Michael Hudson-Doyle

    - Fix cryptroot-unlock for busybox compatibility.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 96d015b..0a4dfba 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,54 @@
6+cryptsetup (2:2.3.4-1ubuntu1) hirsute; urgency=medium
7+
8+ * Merge with Debian unstable. Remaining changes:
9+ - debian/control:
10+ + Recommend plymouth.
11+ + Depend on busybox-initramfs instead of busybox | busybox-static.
12+ - Fix cryptroot-unlock for busybox compatibility.
13+ - Fix warning and error when running on ZFS on root: (LP #1830110)
14+ - d/functions: Return an empty devno for ZFS devices as they don't have
15+ major:minor device numbers.
16+ - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
17+ devices don't have a devno.
18+ Submitted to debian upstream as bug #902449.
19+ - debian/patches/decrease_memlock_ulimit.patch
20+ Fixed FTBFS due a restrict environment in the new Bionic Builder (LP #1891473)
21+ tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
22+ - Thanks Guilherme G. Piccoli.
23+ - Introduce retry logic for external invocations after mdadm (LP #1879980)
24+ - Currently, if an encrypted rootfs is configured on top of a MD RAID1
25+ array and such array gets degraded (e.g., a member is removed/failed)
26+ the cryptsetup scripts cannot mount the rootfs, and the boot fails.
27+ We fix that issue here by allowing the cryptroot script to be re-run
28+ by initramfs-tools/local-block stage, as mdadm can activate degraded
29+ arrays at that stage.
30+ There is an initramfs-tools counter-part for this fix, but alone the
31+ cryptsetup portion is harmless.
32+ - d/cryptsetup-initramfs.install: ship the new local-bottom script.
33+ - d/functions: declare variables for local-top|block|bottom scripts
34+ (flag that local-block is running and external invocation counter.)
35+ - d/i/s/local-block/cryptroot: set flag that local-block is running.
36+ - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
37+ - d/i/s/local-top/cryptroot: change the logic from just waiting 180
38+ seconds to waiting 5 seconds first, then allowing initramfs-tools
39+ to run mdadm (to activate degraded arrays) and call back at least
40+ 30 times/seconds more.
41+ * Dropped changes:
42+ - Included in new upstream version:
43+ - SECURITY UPDATE: Out-of-bounds write
44+ - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
45+ heap space in lib/luks2/luks2_json_metadata.c.
46+ - CVE-2020-14382
47+ - included in Debian:
48+ - debian/cryptsetup-bin.install:
49+ - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
50+ it was installed from ./scripts/crypsetup.conf.
51+ - debian/rules:
52+ - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
53+ without systemd knows how to ship cryptsetup.conf
54+
55+ -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 10 Nov 2020 10:37:25 +1300
56+
57 cryptsetup (2:2.3.4-1) unstable; urgency=high
58
59 * New upstream bugfix release, including fix for CVE-2020-14382:
60@@ -21,6 +72,80 @@ cryptsetup (2:2.3.3-2) unstable; urgency=medium
61
62 -- Guilhem Moulin <guilhem@debian.org> Wed, 12 Aug 2020 00:22:59 +0200
63
64+cryptsetup (2:2.3.3-1ubuntu6) groovy; urgency=medium
65+
66+ * Introduce retry logic for external invocations after mdadm (LP: #1879980)
67+ - Currently, if an encrypted rootfs is configured on top of a MD RAID1
68+ array and such array gets degraded (e.g., a member is removed/failed)
69+ the cryptsetup scripts cannot mount the rootfs, and the boot fails.
70+ We fix that issue here by allowing the cryptroot script to be re-run
71+ by initramfs-tools/local-block stage, as mdadm can activate degraded
72+ arrays at that stage.
73+ There is an initramfs-tools counter-part for this fix, but alone the
74+ cryptsetup portion is harmless.
75+ - d/cryptsetup-initramfs.install: ship the new local-bottom script.
76+ - d/functions: declare variables for local-top|block|bottom scripts
77+ (flag that local-block is running and external invocation counter.)
78+ - d/i/s/local-block/cryptroot: set flag that local-block is running.
79+ - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
80+ - d/i/s/local-top/cryptroot: change the logic from just waiting 180
81+ seconds to waiting 5 seconds first, then allowing initramfs-tools
82+ to run mdadm (to activate degraded arrays) and call back at least
83+ 30 times/seconds more.
84+
85+ -- Guilherme G. Piccoli <gpiccoli@canonical.com> Wed, 16 Sep 2020 17:35:59 -0300
86+
87+cryptsetup (2:2.3.3-1ubuntu5) groovy; urgency=medium
88+
89+ * SECURITY UPDATE: Out-of-bounds write
90+ - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
91+ heap space in lib/luks2/luks2_json_metadata.c.
92+ - CVE-2020-14382
93+ * debian/patches/decrease_memlock_ulimit.patch
94+ Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
95+ tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
96+ - Thanks Guilherme G. Piccoli.
97+
98+ -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Wed, 09 Sep 2020 09:29:17 -0300
99+
100+cryptsetup (2:2.3.3-1ubuntu4) groovy; urgency=medium
101+
102+ * No change rebuild against new json-c ABI.
103+
104+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 28 Jul 2020 17:42:50 +0100
105+
106+cryptsetup (2:2.3.3-1ubuntu3) groovy; urgency=medium
107+
108+ * debian/rules:
109+ - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
110+ without systemd knows how to ship cryptsetup.conf
111+
112+ -- Didier Roche <didrocks@ubuntu.com> Thu, 18 Jun 2020 11:44:50 +0200
113+
114+cryptsetup (2:2.3.3-1ubuntu2) groovy; urgency=medium
115+
116+ * debian/cryptsetup-bin.install:
117+ - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
118+ it was installed from ./scripts/crypsetup.conf.
119+ * Fix warning and error when running on ZFS on root: (LP: #1830110)
120+ - d/functions: Return an empty devno for ZFS devices as they don't have
121+ major:minor device numbers.
122+ - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
123+ devices don't have a devno.
124+ Submitted to debian upstream as bug #902449.
125+
126+ -- Didier Roche <didrocks@ubuntu.com> Thu, 18 Jun 2020 10:12:10 +0200
127+
128+cryptsetup (2:2.3.3-1ubuntu1) groovy; urgency=low
129+
130+ * Merge from Debian unstable. Remaining changes:
131+ - debian/control:
132+ + Recommend plymouth.
133+ + Depend on busybox-initramfs instead of busybox | busybox-static.
134+ - Fix cryptroot-unlock for busybox compatibility.
135+
136+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 09 Jun 2020 10:40:32 -0700
137+
138 cryptsetup (2:2.3.3-1) unstable; urgency=medium
139
140 [ Guilhem Moulin ]
141@@ -49,6 +174,16 @@ cryptsetup (2:2.3.2-1) unstable; urgency=medium
142
143 -- Guilhem Moulin <guilhem@debian.org> Wed, 06 May 2020 16:22:01 +0200
144
145+cryptsetup (2:2.3.1-1ubuntu1) groovy; urgency=low
146+
147+ * Merge from Debian unstable. Remaining changes:
148+ - debian/control:
149+ + Recommend plymouth.
150+ + Depend on busybox-initramfs instead of busybox | busybox-static.
151+ - Fix cryptroot-unlock for busybox compatibility.
152+
153+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 01 May 2020 07:07:58 -0700
154+
155 cryptsetup (2:2.3.1-1) unstable; urgency=medium
156
157 * New upstream release.
158@@ -84,6 +219,23 @@ cryptsetup (2:2.3.0-1) unstable; urgency=low
159
160 -- Guilhem Moulin <guilhem@debian.org> Wed, 04 Mar 2020 00:48:19 +0100
161
162+cryptsetup (2:2.2.2-3ubuntu2) focal; urgency=medium
163+
164+ * Depend on cryptsetup from cryptsetup-initramfs instead of the dummy
165+ cryptsetup-run package. LP: #1864360.
166+
167+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 27 Feb 2020 00:16:14 -0600
168+
169+cryptsetup (2:2.2.2-3ubuntu1) focal; urgency=medium
170+
171+ * Merge from Debian unstable. Remaining changes:
172+ - debian/control:
173+ + Recommend plymouth.
174+ + Depend on busybox-initramfs instead of busybox | busybox-static.
175+ - Fix cryptroot-unlock for busybox compatibility.
176+
177+ -- Matthias Klose <doko@ubuntu.com> Mon, 10 Feb 2020 09:20:12 +0100
178+
179 cryptsetup (2:2.2.2-3) unstable; urgency=high
180
181 * initramfs hook: Workaround fix for the libgcc_s's source location.
182@@ -92,6 +244,16 @@ cryptsetup (2:2.2.2-3) unstable; urgency=high
183
184 -- Guilhem Moulin <guilhem@debian.org> Tue, 04 Feb 2020 14:11:12 +0100
185
186+cryptsetup (2:2.2.2-2ubuntu1) focal; urgency=low
187+
188+ * Merge from Debian unstable. Remaining changes:
189+ - debian/control:
190+ + Recommend plymouth.
191+ + Depend on busybox-initramfs instead of busybox | busybox-static.
192+ - Fix cryptroot-unlock for busybox compatibility.
193+
194+ -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 01 Feb 2020 22:11:22 -0800
195+
196 cryptsetup (2:2.2.2-2) unstable; urgency=medium
197
198 [ Guilhem Moulin ]
199@@ -109,6 +271,16 @@ cryptsetup (2:2.2.2-2) unstable; urgency=medium
200
201 -- Guilhem Moulin <guilhem@debian.org> Sat, 18 Jan 2020 20:53:19 +0100
202
203+cryptsetup (2:2.2.2-1ubuntu1) focal; urgency=low
204+
205+ * Merge from Debian unstable. Remaining changes:
206+ - debian/control:
207+ + Recommend plymouth.
208+ + Depend on busybox-initramfs instead of busybox | busybox-static.
209+ - Fix cryptroot-unlock for busybox compatibility.
210+
211+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 11 Nov 2019 22:07:44 -0800
212+
213 cryptsetup (2:2.2.2-1) unstable; urgency=medium
214
215 * New upstream bugfix release.
216@@ -119,6 +291,16 @@ cryptsetup (2:2.2.2-1) unstable; urgency=medium
217
218 -- Guilhem Moulin <guilhem@debian.org> Fri, 01 Nov 2019 19:32:36 +0100
219
220+cryptsetup (2:2.2.1-1ubuntu1) focal; urgency=low
221+
222+ * Merge from Debian unstable. Remaining changes:
223+ - debian/control:
224+ + Recommend plymouth.
225+ + Depend on busybox-initramfs instead of busybox | busybox-static.
226+ - Fix cryptroot-unlock for busybox compatibility.
227+
228+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 18 Oct 2019 15:14:29 -0700
229+
230 cryptsetup (2:2.2.1-1) unstable; urgency=medium
231
232 * New upstream bugfix release.
233@@ -126,6 +308,16 @@ cryptsetup (2:2.2.1-1) unstable; urgency=medium
234
235 -- Guilhem Moulin <guilhem@debian.org> Fri, 06 Sep 2019 13:28:55 +0200
236
237+cryptsetup (2:2.2.0-3ubuntu1) eoan; urgency=low
238+
239+ * Merge from Debian unstable. Remaining changes:
240+ - debian/control:
241+ + Recommend plymouth.
242+ + Depend on busybox-initramfs instead of busybox | busybox-static.
243+ - Fix cryptroot-unlock for busybox compatibility.
244+
245+ -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 28 Aug 2019 16:13:22 -0700
246+
247 cryptsetup (2:2.2.0-3) unstable; urgency=medium
248
249 * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on
250@@ -133,6 +325,16 @@ cryptsetup (2:2.2.0-3) unstable; urgency=medium
251
252 -- Guilhem Moulin <guilhem@debian.org> Mon, 26 Aug 2019 12:53:45 +0200
253
254+cryptsetup (2:2.2.0-2ubuntu1) eoan; urgency=low
255+
256+ * Merge from Debian unstable. Remaining changes:
257+ - debian/control:
258+ + Recommend plymouth.
259+ + Depend on busybox-initramfs instead of busybox | busybox-static.
260+ - Fix cryptroot-unlock for busybox compatibility.
261+
262+ -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Aug 2019 12:25:55 -0700
263+
264 cryptsetup (2:2.2.0-2) unstable; urgency=medium
265
266 * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy
267@@ -144,6 +346,25 @@ cryptsetup (2:2.2.0-2) unstable; urgency=medium
268
269 -- Guilhem Moulin <guilhem@debian.org> Wed, 21 Aug 2019 22:45:12 +0200
270
271+cryptsetup (2:2.2.0-1ubuntu2) eoan; urgency=medium
272+
273+ * debian/initramfs/cryptroot-unlock: canonicalize executable paths.
274+ Thanks to Paride Legovini <paride.legovini@canonical.com> for the patch.
275+ LP: #1840752.
276+
277+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 20 Aug 2019 15:34:10 -0700
278+
279+cryptsetup (2:2.2.0-1ubuntu1) eoan; urgency=low
280+
281+ * Merge from Debian unstable. Remaining changes:
282+ - debian/control:
283+ + Recommend plymouth.
284+ + Depend on busybox-initramfs instead of busybox | busybox-static.
285+ - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
286+ compatibility.
287+
288+ -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 20 Aug 2019 14:21:34 +0200
289+
290 cryptsetup (2:2.2.0-1) unstable; urgency=medium
291
292 * New upstream release 2.2.0. Highlights include:
293@@ -221,6 +442,23 @@ cryptsetup (2:2.1.0-6) unstable; urgency=low
294
295 -- Guilhem Moulin <guilhem@debian.org> Sat, 20 Jul 2019 22:15:04 -0300
296
297+cryptsetup (2:2.1.0-5ubuntu2) eoan; urgency=medium
298+
299+ * Rebuild against new libjson-c4.
300+
301+ -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 29 Jun 2019 13:48:37 +0200
302+
303+cryptsetup (2:2.1.0-5ubuntu1) eoan; urgency=low
304+
305+ * Merge from Debian unstable. Remaining changes:
306+ - debian/control:
307+ + Recommend plymouth.
308+ + Depend on busybox-initramfs instead of busybox | busybox-static.
309+ - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
310+ compatibility.
311+
312+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 14 Jun 2019 14:09:31 -0700
313+
314 cryptsetup (2:2.1.0-5) unstable; urgency=medium
315
316 [ Jonas Meurer ]
317@@ -233,6 +471,17 @@ cryptsetup (2:2.1.0-5) unstable; urgency=medium
318
319 -- Guilhem Moulin <guilhem@debian.org> Mon, 10 Jun 2019 14:51:15 +0200
320
321+cryptsetup (2:2.1.0-4ubuntu1) eoan; urgency=low
322+
323+ * Merge from Debian unstable. Remaining changes:
324+ - debian/control:
325+ + Recommend plymouth.
326+ + Depend on busybox-initramfs instead of busybox | busybox-static.
327+ - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
328+ compatibility.
329+
330+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 28 May 2019 18:32:08 -0700
331+
332 cryptsetup (2:2.1.0-4) unstable; urgency=medium
333
334 [Guilhem Moulin]
335@@ -252,6 +501,26 @@ cryptsetup (2:2.1.0-4) unstable; urgency=medium
336
337 -- Guilhem Moulin <guilhem@debian.org> Tue, 28 May 2019 17:04:16 +0200
338
339+cryptsetup (2:2.1.0-3ubuntu2) eoan; urgency=medium
340+
341+ * Depend on busybox-initramfs, which is the implementation we actually use
342+ for the initramfs and is guaranteed to always be present, instead of
343+ busybox-static.
344+
345+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 09 May 2019 14:47:04 -0700
346+
347+cryptsetup (2:2.1.0-3ubuntu1) eoan; urgency=low
348+
349+ * Merge from Debian unstable. Remaining changes:
350+ - debian/control:
351+ + Recommend plymouth.
352+ + Invert the "busybox | busybox-static" Recommends, as the latter
353+ is the one we ship in main as part of the ubuntu-standard task.
354+ - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
355+ compatibility. LP: #1651818
356+
357+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 03 May 2019 16:22:03 -0700
358+
359 cryptsetup (2:2.1.0-3) unstable; urgency=medium
360
361 * d/scripts/decrypt_opensc: Fix standard output poisoning. Thanks to Nils
362@@ -275,6 +544,19 @@ cryptsetup (2:2.1.0-2) unstable; urgency=medium
363
364 -- Guilhem Moulin <guilhem@debian.org> Thu, 28 Feb 2019 22:32:43 +0100
365
366+cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium
367+
368+ * Merge from Debian unstable. LP: #1815484
369+ * Remaining changes:
370+ - debian/control:
371+ + Recommend plymouth.
372+ + Invert the "busybox | busybox-static" Recommends, as the latter
373+ is the one we ship in main as part of the ubuntu-standard task.
374+ - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
375+ compatibility. LP: #1651818
376+
377+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 13 Feb 2019 21:28:23 +0000
378+
379 cryptsetup (2:2.1.0-1) unstable; urgency=medium
380
381 * New upstream release. Highlights include:
382@@ -317,6 +599,20 @@ cryptsetup (2:2.1.0-1) unstable; urgency=medium
383
384 -- Guilhem Moulin <guilhem@debian.org> Sat, 09 Feb 2019 00:40:17 +0100
385
386+cryptsetup (2:2.0.6-1ubuntu1) disco; urgency=medium
387+
388+ * Merge from Debian unstable.
389+ * Remaining changes:
390+ - debian/control:
391+ + Recommend plymouth.
392+ + Invert the "busybox | busybox-static" Recommends, as the latter
393+ is the one we ship in main as part of the ubuntu-standard task.
394+ - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
395+ compatibility. LP: #1651818
396+ * Dropped delta sector_size support, merged in Debian.
397+
398+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 05 Feb 2019 13:43:25 +0000
399+
400 cryptsetup (2:2.0.6-1) unstable; urgency=medium
401
402 * New upstream bugfix release. Highlights include:
403@@ -381,6 +677,27 @@ cryptsetup (2:2.0.4-3) unstable; urgency=medium
404
405 -- Guilhem Moulin <guilhem@debian.org> Mon, 22 Oct 2018 17:45:35 +0200
406
407+cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium
408+
409+ * Implement support for --sector-size cryptsetup plain mode option in
410+ crypttab. Matching support is also proposed to systemd-cryptsetup as
411+ well. LP: #1776626
412+
413+ -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 31 Aug 2018 17:00:07 +0100
414+
415+cryptsetup (2:2.0.4-2ubuntu1) cosmic; urgency=low
416+
417+ * Merge from Debian unstable. LP: #1785610.
418+ * Remaining changes:
419+ - debian/control:
420+ + Recommend plymouth.
421+ + Invert the "busybox | busybox-static" Recommends, as the latter
422+ is the one we ship in main as part of the ubuntu-standard task.
423+ - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
424+ compatibility. LP: #1651818
425+
426+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 22 Aug 2018 22:51:47 +0100
427+
428 cryptsetup (2:2.0.4-2) unstable; urgency=medium
429
430 * debian/cryptsetup-initramfs.preinst: Don't try to overwrite
431@@ -413,6 +730,28 @@ cryptsetup (2:2.0.3-7) unstable; urgency=medium
432
433 -- Guilhem Moulin <guilhem@debian.org> Mon, 30 Jul 2018 16:32:07 +0800
434
435+cryptsetup (2:2.0.3-6ubuntu1) cosmic; urgency=low
436+
437+ * Merge from Debian unstable. LP: #1781912.
438+ * Remaining changes:
439+ - debian/control:
440+ + Recommend plymouth.
441+ + Invert the "busybox | busybox-static" Recommends, as the latter
442+ is the one we ship in main as part of the ubuntu-standard task.
443+ - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
444+ compatibility. LP: #1651818
445+ * Dropped changes, included in Debian:
446+ - Drop explicit libgcrypt20 dependency from libcryptsetup4.
447+ - Drop the CRYPTSETUP variable warning from the initramfs hook, as
448+ overlayroot package ships a dropin in conf-hooks.d triggering false
449+ warnings.
450+ - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
451+ - Drop c99 std, as the default is now higher than that
452+ * Dropped changes, no longer needed:
453+ - Add maintscript to drop removed upstart system jobs.
454+
455+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 16 Jul 2018 08:27:58 -0400
456+
457 cryptsetup (2:2.0.3-6) unstable; urgency=medium
458
459 * debian/TODO.md: Remove mention of parent device detection for mdadm
460@@ -697,6 +1036,45 @@ cryptsetup (2:2.0.3-1) unstable; urgency=medium
461
462 -- Jonas Meurer <jonas@freesources.org> Fri, 15 Jun 2018 15:32:16 +0200
463
464+cryptsetup (2:2.0.2-1ubuntu3) cosmic; urgency=medium
465+
466+ * No-change rebuild against libargon2-1
467+
468+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 10 Jul 2018 17:01:23 +0000
469+
470+cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium
471+
472+ * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
473+ compatibility. LP: #1651818
474+
475+ -- Dimitri John Ledkov đŸŒˆ <xnox@ubuntu.com> Thu, 21 Jun 2018 16:38:31 +0100
476+
477+cryptsetup (2:2.0.2-1ubuntu1) bionic; urgency=low
478+
479+ * Merge from Debian unstable.
480+ - bugfix upstream release, which solves problems with luks2 format
481+ disks not unlocking. LP: #1755322.
482+ * Remaining changes:
483+ - debian/control:
484+ + Depend on plymouth.
485+ + Invert the "busybox | busybox-static" Recommends, as the latter
486+ is the one we ship in main as part of the ubuntu-standard task.
487+ + Drop explicit libgcrypt20 dependency from libcryptsetup4.
488+ - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
489+ - Drop c99 std, as the default is now higher than that
490+ - Drop upstart system jobs.
491+ - Add maintscript to drop removed upstart system jobs.
492+ - debian has its own now, but we have different version numbers.
493+ this delta can be dropped after 18.04 release.
494+ - Drop the CRYPTSETUP variable warning from the initramfs hook, as
495+ overlayroot package ships a dropin in conf-hooks.d triggering false
496+ warnings.
497+ * Dropped changes:
498+ - debian/cryptdisks{,-udev}.maintscript: drop, there is no package named
499+ 'cryptdisks' or 'cryptdisks-udev'.
500+
501+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 06 Apr 2018 10:23:53 -0700
502+
503 cryptsetup (2:2.0.2-1) unstable; urgency=low
504
505 * New upstream release 2.0.2
506@@ -726,6 +1104,40 @@ cryptsetup (2:2.0.1-1) unstable; urgency=low
507
508 -- Guilhem Moulin <guilhem@debian.org> Sun, 11 Feb 2018 00:02:05 +0100
509
510+cryptsetup (2:2.0.1-0ubuntu2) bionic; urgency=medium
511+
512+ * Drop the CRYPTSETUP variable warning from the initramfs hook, as
513+ overlayroot package ships a dropin in conf-hooks.d triggering false
514+ warnings.
515+
516+ -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 22 Feb 2018 14:49:16 +0000
517+
518+cryptsetup (2:2.0.1-0ubuntu1) bionic; urgency=medium
519+
520+ * Merge from Debian unstable. Remaining changes:
521+ - debian/control:
522+ + Depend on plymouth.
523+ + Invert the "busybox | busybox-static" Recommends, as the latter
524+ is the one we ship in main as part of the ubuntu-standard task.
525+ + Drop explicit libgcrypt20 dependency from libcryptsetup4.
526+ - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
527+ - Drop c99 std, as the default is now higher than that
528+ - Drop upstart system jobs.
529+ - Add maintscript to drop removed upstart system jobs.
530+ - debian has its own now, but we have different version numbers
531+ * New upstream release
532+ * Cherry-pick Guilhem Moulin's changes below from Debian git
533+
534+ [ Guilhem Moulin ]
535+ * New upstream release 2.0.1:
536+ - Use /run/cryptsetup as default for cryptsetup locking dir.
537+ - Add missing symbols for new functions to debian/libcryptsetup12.symbols.
538+ * debian/copyright: update copyright years.
539+ * debian/patches: backport upstream's 8728ba08 to fix opening of loop-AES
540+ devices using --key-file=-. (Closes: #888162.)
541+
542+ -- Julian Andres Klode <juliank@ubuntu.com> Mon, 29 Jan 2018 13:48:55 +0100
543+
544 cryptsetup (2:2.0.0-1) unstable; urgency=low
545
546 [ Guilhem Moulin ]
547@@ -775,6 +1187,26 @@ cryptsetup (2:2.0.0~rc0-1) experimental; urgency=low
548
549 -- Guilhem Moulin <guilhem@debian.org> Tue, 03 Oct 2017 03:37:36 +0200
550
551+cryptsetup (2:1.7.5-1ubuntu1) bionic; urgency=low
552+
553+ * Merge from Debian unstable. Remaining changes:
554+ - debian/control:
555+ + Depend on plymouth.
556+ + Invert the "busybox | busybox-static" Recommends, as the latter
557+ is the one we ship in main as part of the ubuntu-standard task.
558+ + Drop explicit libgcrypt20 dependency from libcryptsetup4.
559+ - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
560+ - Drop c99 std, as the default is now higher than that
561+ - Drop upstart system jobs.
562+ - Add maintscript to drop removed upstart system jobs.
563+ * Merged upstream:
564+ - d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat
565+ with recent FIPS enabled kernels.
566+ * Merged in Debian:
567+ - Use DEB_VERSION from dpkg/default.mk for pod2man release variable
568+
569+ -- Julian Andres Klode <juliank@ubuntu.com> Wed, 17 Jan 2018 21:39:10 +0100
570+
571 cryptsetup (2:1.7.5-1) unstable; urgency=low
572
573 * New upstream release 1.7.5.
574@@ -797,6 +1229,25 @@ cryptsetup (2:1.7.5-1) unstable; urgency=low
575
576 -- Guilhem Moulin <guilhem@debian.org> Thu, 14 Sep 2017 13:00:23 +0200
577
578+cryptsetup (2:1.7.3-4ubuntu1) artful; urgency=low
579+
580+ * New upstream release, merge from Debian unstable. Remaining
581+ Ubuntu changes:
582+ - debian/control:
583+ + Depend on plymouth.
584+ + Invert the "busybox | busybox-static" Recommends, as the latter
585+ is the one we ship in main as part of the ubuntu-standard task.
586+ + Drop explicit libgcrypt20 dependency from libcryptsetup4.
587+ * d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat
588+ with recent FIPS enabled kernels.
589+ * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
590+ * Drop c99 std, as the default is now higher than that
591+ * Use DEB_VERSION from dpkg/default.mk for pod2man release variable
592+ * Drop upstart system jobs.
593+ * Add maintscript to drop removed upstart system jobs.
594+
595+ -- Andy Whitcroft <apw@ubuntu.com> Thu, 10 Aug 2017 14:07:29 +0100
596+
597 cryptsetup (2:1.7.3-4) unstable; urgency=high
598
599 [ Guilhem Moulin ]
600@@ -1009,6 +1460,40 @@ cryptsetup (2:1.7.2-1) unstable; urgency=medium
601
602 -- Jonas Meurer <mejo@debian.org> Wed, 05 Oct 2016 20:53:09 +0200
603
604+cryptsetup (2:1.7.2-0ubuntu4) artful; urgency=medium
605+
606+ * Add maintscript to drop removed upstart system jobs.
607+
608+ -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 21 Aug 2017 11:36:04 +0100
609+
610+cryptsetup (2:1.7.2-0ubuntu3) artful; urgency=medium
611+
612+ * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCe
613+ * Drop c99 std, as the default is now higher than that
614+ * Use DEB_VERSION from dpkg/default.mk for pod2man release variable
615+
616+ -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 19 Aug 2017 21:46:19 +0100
617+
618+cryptsetup (2:1.7.2-0ubuntu2) artful; urgency=medium
619+
620+ * Drop upstart system jobs.
621+
622+ -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 19 Aug 2017 20:57:17 +0100
623+
624+cryptsetup (2:1.7.2-0ubuntu1) yakkety; urgency=medium
625+
626+ * New upstream release, merge from Debian unstable (LP: #1548137). Remaining
627+ Ubuntu changes:
628+ - debian/control:
629+ + Bump initramfs-tools Suggests to Depends: so system is not
630+ potentially rendered unbootable.
631+ + Depend on plymouth.
632+ + Invert the "busybox | busybox-static" Recommends, as the latter
633+ is the one we ship in main as part of the ubuntu-standard task.
634+ + Drop explicit libgcrypt20 dependency from libcryptsetup4.
635+
636+ -- Unit 193 <unit193@ubuntu.com> Wed, 22 Jun 2016 16:30:01 -0400
637+
638 cryptsetup (2:1.7.0-2) unstable; urgency=medium
639
640 [ Guilhem Moulin ]
641@@ -1083,6 +1568,35 @@ cryptsetup (2:1.7.0-1) unstable; urgency=medium
642
643 -- Jonas Meurer <mejo@debian.org> Thu, 07 Jan 2016 02:22:33 +0100
644
645+cryptsetup (2:1.6.6-5ubuntu2) wily; urgency=medium
646+
647+ * Fix stupid typo in Recommends "busybox | busybox-static" inversion.
648+ Fixes binary moves for busybox into main.
649+
650+ -- Andy Whitcroft <apw@ubuntu.com> Fri, 21 Aug 2015 08:56:34 +0100
651+
652+cryptsetup (2:1.6.6-5ubuntu1) wily; urgency=low
653+
654+ * Merge from Debian unstable. Remaining changes:
655+ - debian/control:
656+ + Bump initramfs-tools Suggests to Depends: so system is not
657+ potentially rendered unbootable.
658+ + Depend on plymouth.
659+ + Invert the "busybox | busybox-static" Recommends, as the latter
660+ is the one we ship in main as part of the ubuntu-standard task.
661+ + Drop explicit libgcrypt11 dependency from libcryptsetup4.
662+ * Dropped changes, now in Debian:
663+ - Remove hardcoded paths to udevadm.
664+ - debian/initramfs/cryptroot-hook:
665+ + Do not unconditionally include cryptsetup utils in the initramfs.
666+ + Do not include any modules or utils in the initramfs, unless
667+ rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
668+ the initramfs.conf configuration file.
669+ - debian/cryptsetup.maintscripts:
670+ + Migrate upstart jobs to new names.
671+
672+ -- Andy Whitcroft <apw@ubuntu.com> Tue, 07 Jul 2015 16:58:45 +0100
673+
674 cryptsetup (2:1.6.6-5) unstable; urgency=high
675
676 * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart
677@@ -1235,6 +1749,71 @@ cryptsetup (2:1.6.4-1) unstable; urgency=low
678
679 -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:14:55 +0200
680
681+cryptsetup (2:1.6.1-1ubuntu7) vivid; urgency=medium
682+
683+ * Drop explicit libgcrypt11 dependency from libcryptsetup4.
684+
685+ -- Adam Conrad <adconrad@ubuntu.com> Fri, 27 Mar 2015 18:24:38 -0600
686+
687+cryptsetup (2:1.6.1-1ubuntu6) vivid; urgency=medium
688+
689+ * No-change rebuild for the libgcrypt20 transition.
690+
691+ -- Adam Conrad <adconrad@ubuntu.com> Fri, 27 Mar 2015 06:16:08 -0600
692+
693+cryptsetup (2:1.6.1-1ubuntu5) vivid; urgency=medium
694+
695+ * ./debian/scripts/luksformat: Drop luksFormat -s and --ciper options. They
696+ aren't necessary any more, and aes-cbc-essiv:sha256 is obsolete. This will
697+ now use aes-xts-plain64 by default. (LP: #1414719)
698+
699+ -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 27 Feb 2015 09:37:05 +0100
700+
701+cryptsetup (2:1.6.1-1ubuntu4) vivid; urgency=medium
702+
703+ * No change rebuild to get debug symbols for all architectures.
704+
705+ -- Brian Murray <brian@ubuntu.com> Wed, 03 Dec 2014 08:03:31 -0800
706+
707+cryptsetup (2:1.6.1-1ubuntu3) utopic; urgency=high
708+
709+ * No change rebuild against new dh_installinit, to call update-rc.d at
710+ postinst.
711+
712+ -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:39:30 +0100
713+
714+cryptsetup (2:1.6.1-1ubuntu2) utopic; urgency=medium
715+
716+ * debian/askpass.c:
717+ - Fix bug (LP: #1301086) where askpass fails to restore terminal
718+ settings.
719+
720+ -- Robert Barabas <dc@0xdc.org> Fri, 18 Apr 2014 14:08:51 -0400
721+
722+cryptsetup (2:1.6.1-1ubuntu1) trusty; urgency=low
723+
724+ * Merge from debian unstable, remaining changes:
725+ - debian/control:
726+ + Bump initramfs-tools Suggests to Depends: so system is not
727+ potentially rendered unbootable.
728+ + Depend on plymouth.
729+
730+ - Invert the "busybox | busybox-static" Recommends, as the latter is
731+ the one we ship in main as part of the ubuntu-standard task.
732+
733+ - Remove hardcoded paths to udevadm (LP: #1184066).
734+
735+ - debian/initramfs/cryptroot-hook:
736+ + Do not unconditionally include cryptsetup utils in the initramfs.
737+ + Do not include any modules or utils in the initramfs, unless
738+ rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
739+ the initramfs.conf configuration file.
740+
741+ - debian/cryptsetup.maintscripts:
742+ + Migrate upstart jobs to new names.
743+
744+ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Fri, 01 Nov 2013 16:48:57 +0000
745+
746 cryptsetup (2:1.6.1-1) unstable; urgency=low
747
748 [ Milan Broz ]
749@@ -1276,6 +1855,50 @@ cryptsetup (2:1.6.1-1) unstable; urgency=low
750
751 -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:10:41 +0200
752
753+cryptsetup (2:1.4.3-4ubuntu4) saucy; urgency=low
754+
755+ * debian/initramfs/cryptroot-hook:
756+ - Do not unconditionally include cryptsetup utils in the initramfs.
757+ - Do not include any modules or utils in the initramfs, unless
758+ rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
759+ the initramfs.conf configuration file.
760+
761+ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Mon, 10 Jun 2013 16:25:46 +0100
762+
763+cryptsetup (2:1.4.3-4ubuntu3) saucy; urgency=low
764+
765+ * Remove hardcoded paths to udevadm (LP: #1184066).
766+
767+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 28 May 2013 11:27:27 +0100
768+
769+cryptsetup (2:1.4.3-4ubuntu2) raring; urgency=low
770+
771+ * Invert the "busybox | busybox-static" Recommends, as the latter
772+ is the one we ship in main as part of the ubuntu-standard task.
773+
774+ -- Adam Conrad <adconrad@ubuntu.com> Fri, 16 Nov 2012 01:14:35 -0700
775+
776+cryptsetup (2:1.4.3-4ubuntu1) raring; urgency=low
777+
778+ * Merge from debian unstable, remaining changes:
779+ - debian/control:
780+ + Bump initramfs-tools Suggests to Depends: so system is not
781+ potentially rendered unbootable.
782+ + Depend on plymouth.
783+
784+ - init/upstart jobs:
785+ + Rename cryptddisks{,-early}.upstart jobs to
786+ cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
787+ for now.
788+ + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
789+ script a no-op, this should be handled entirely by the upstart job;
790+ and fix the LSB header to not declare this should be started in
791+ runlevel 'S'.
792+ + Do not install start symlinks for init scripts
793+ + NB! shutdown is still handled by the SystemV init scripts
794+
795+ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Tue, 13 Nov 2012 11:17:57 +0000
796+
797 cryptsetup (2:1.4.3-4) unstable; urgency=medium
798
799 * change recommends for busybox to busybox | busybox-static. Thanks to
800@@ -1308,6 +1931,50 @@ cryptsetup (2:1.4.3-3) unstable; urgency=medium
801
802 -- Jonas Meurer <mejo@debian.org> Thu, 01 Nov 2012 15:34:09 +0100
803
804+cryptsetup (2:1.4.3-2ubuntu1) quantal; urgency=low
805+
806+ * Merge from debian unstable (LP: #1015753), remaining changes:
807+ - debian/control:
808+ + Bump initramfs-tools Suggests to Depends: so system is not
809+ potentially rendered unbootable.
810+ + Depend on plymouth.
811+
812+ - init/upstart jobs:
813+ + Add debian/cryptdisks-{enable,udev}.upstart for bootup.
814+ + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
815+ script a no-op, this should be handled entirely by the upstart job;
816+ and fix the LSB header to not declare this should be started in
817+ runlevel 'S'.
818+ + Do not install start symlinks for init scripts
819+ + NB! shutdown is still handled by the SystemV init scripts
820+
821+ * Rename cryptddisks{,-early}.upstart jobs back to
822+ cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
823+ for now.
824+
825+ * Dropped Changes, included in Debian:
826+ - debian/control:
827+ + Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
828+
829+ - debian/cryptdisks.functions:
830+ + Do not overwrite existing filesystems when creating swap (LP: #474258).
831+ + Add aesni module when we have hardware encryption.
832+ + Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/874774
833+ + Suppress "Starting init crypto disks" message in "init" phase, to
834+ avoid writing over fsck progress text.
835+ + new function, crypttab_start_one_disk, to look for the named source
836+ device in /etc/crypttab (by device name, UUID, or label) and start it
837+ if configured to do so
838+ + handle the case where crypttab contains a name for the source
839+ device that is not the kernel's preferred name for it (as is the case
840+ for LVs).
841+
842+ - debian/initramfs/cryptroot-hook:
843+ + Quiet warnings from find on arches that don't have all the
844+ kernel/{arch,crypto} bits we're testing for.
845+
846+ -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Tue, 21 Aug 2012 11:57:28 +0100
847+
848 cryptsetup (2:1.4.3-2) unstable; urgency=medium
849
850 * fix the shared library symbols magic: so far, the symbols file for
851@@ -1383,6 +2050,64 @@ cryptsetup (2:1.4.1-3) unstable; urgency=low
852
853 -- Jonas Meurer <mejo@debian.org> Wed, 11 Apr 2012 23:55:35 +0200
854
855+cryptsetup (2:1.4.1-2ubuntu4) precise; urgency=low
856+
857+ * Our swap creation can trigger udev change events, which means udev may be
858+ holding the device open at the time we try to call 'dmsetup rename' and
859+ cause the /subsequent/ events to be missed because of dmsetup creating
860+ device nodes by hand. So call 'udevadm settle' before 'dmsetup rename',
861+ to ensure blkid is out of the way first. This should ensure swap
862+ partitions are found by mountall in a non-racy manner. LP: #874774.
863+
864+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 13 Apr 2012 20:23:21 -0700
865+
866+cryptsetup (2:1.4.1-2ubuntu3) precise; urgency=low
867+
868+ * Start cryptdisks-enable upstart job on 'or container', to let us
869+ simplify the udevtrigger job.
870+
871+ -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 04 Apr 2012 17:02:00 -0700
872+
873+cryptsetup (2:1.4.1-2ubuntu2) precise; urgency=low
874+
875+ * Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
876+ * Do not overwrite existing filesystems when creating swap (LP: #474258).
877+ * Add aesni module when we have hardware encryption.
878+
879+ -- Jean-Louis Dupond <jean-louis@dupond.be> Mon, 12 Mar 2012 10:14:30 +0100
880+
881+cryptsetup (2:1.4.1-2ubuntu1) precise; urgency=low
882+
883+ [ Jean-Louis Dupond ]
884+ * Merge from debian unstable (LP: #776264), remaining changes:
885+ - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
886+ in "init" phase, to avoid writing over fsck progress text.
887+ - debian/cryptroot-hook: Quiet warnings from find on arches that
888+ don't have all the kernel/{arch,crypto} bits we're testing for.
889+ - debian/control:
890+ + Bump initramfs-tools Suggests to Depends: so system is not
891+ potentially rendered unbootable.
892+ + Depend on plymouth.
893+ - Add debian/cryptdisks-{enable,udev}.upstart.
894+ - debian/cryptdisks.functions:
895+ + new function, crypttab_start_one_disk, to look for the named source
896+ device in /etc/crypttab (by device name, UUID, or label) and start it
897+ if configured to do so
898+ - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
899+ script a no-op, this should be handled entirely by the upstart job;
900+ and fix the LSB header to not declare this should be started in
901+ runlevel 'S'
902+ - debian/rules:
903+ + Do not install start symlinks for init scripts, and
904+ install debian/cryptdisks-{enable,udev}.upstart scripts.
905+
906+ [ Steve Langasek ]
907+ * debian/cryptdisks.functions: handle the case where crypttab contains a
908+ name for the source device that is not the kernel's preferred name for
909+ it (as is the case for LVs).
910+
911+ -- Jean-Louis Dupond <jean-louis@dupond.be> Thu, 08 Mar 2012 07:32:40 +0100
912+
913 cryptsetup (2:1.4.1-2) unstable; urgency=low
914
915 * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182)
916@@ -1592,6 +2317,56 @@ cryptsetup (2:1.2.0-1) experimental; urgency=low
917
918 -- Jonas Meurer <mejo@debian.org> Sun, 16 Jan 2011 01:01:03 +0100
919
920+cryptsetup (2:1.1.3-4ubuntu3) precise; urgency=low
921+
922+ [ Pali Rohar ]
923+ * debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
924+ in "init" phase, to avoid writing over fsck progress text.
925+
926+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 26 Oct 2011 09:16:15 +0200
927+
928+cryptsetup (2:1.1.3-4ubuntu2) oneiric; urgency=low
929+
930+ * debian/cryptroot-hook: Quiet warnings from find on arches that
931+ don't have all the kernel/{arch,crypto} bits we're testing for.
932+
933+ -- Adam Conrad <adconrad@ubuntu.com> Sat, 01 Oct 2011 00:33:00 -0600
934+
935+cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low
936+
937+ * Merge from debian unstable (LP: #682177), remaining changes:
938+ - debian/control:
939+ + Bump initramfs-tools Suggests to Depends: so system is not
940+ potentially rendered unbootable.
941+ + Depend on plymouth.
942+ - Add debian/cryptdisks-{enable,udev}.upstart.
943+ - debian/cryptdisks.functions:
944+ + new function, crypttab_start_one_disk, to look for the named source
945+ device in /etc/crypttab (by device name, UUID, or label) and start it
946+ if configured to do so
947+ + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
948+ we only ever have one of these running at a time; otherwise multiple
949+ invocations could steal each other's input and/or write over each
950+ other's output
951+ + when called by cryptdisks-enable, check that we don't already have a
952+ corresponding cryptdisks-udev job running (probably waiting for a
953+ passphrase); if there is, wait until it's finished before continuing.
954+ - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
955+ script a no-op, this should be handled entirely by the upstart job;
956+ and fix the LSB header to not declare this should be started in
957+ runlevel 'S'
958+ - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
959+ upgrade.
960+ - debian/rules:
961+ + Do not install start symlinks for init scripts, and
962+ install debian/cryptdisks-{enable,udev}.upstart scripts.
963+ + link dynamically against libgcrypt and libgpg-error.
964+ - Add debian/cryptsetup.apport: Apport package hook. Install in
965+ debian/rules and create dir in debian/cryptsetup.dirs.
966+ - debian/cryptsetup.postrm: call update-initramfs on package removal.
967+
968+ -- Lorenzo De Liso <blackz@ubuntu.com> Sat, 27 Nov 2010 17:37:43 +0100
969+
970 cryptsetup (2:1.1.3-4) unstable; urgency=high
971
972 * bump standards-version to 3.9.1, no changes required
973@@ -1697,6 +2472,69 @@ cryptsetup (2:1.1.3-1) unstable; urgency=low
974
975 -- Jonas Meurer <mejo@debian.org> Sat, 10 Jul 2010 14:32:40 +0200
976
977+cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low
978+
979+ * Merge from Debian unstable (LP: #594365). Remaining changes:
980+ - debian/control:
981+ + Bump initramfs-tools Suggests to Depends: so system is not
982+ potentially rendered unbootable.
983+ + Depend on plymouth.
984+ - Add debian/cryptdisks-{enable,udev}.upstart.
985+ - debian/cryptdisks.functions:
986+ + new function, crypttab_start_one_disk, to look for the named source
987+ device in /etc/crypttab (by device name, UUID, or label) and start it
988+ if configured to do so
989+ + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
990+ we only ever have one of these running at a time; otherwise multiple
991+ invocations could steal each other's input and/or write over each
992+ other's output
993+ + initially create the device under a temporary name and rename it only
994+ at the end using 'dmsetup rename', to ensure that upstart/mountall
995+ doesn't see our device before it's ready to go.
996+ + do_tmp should mount under /var/run/cryptsetup for changing the
997+ permissions of the filesystem root, not directly on /tmp, since
998+ mounting on /tmp a) is racy, b) confuses mountall something fierce.
999+ + when called by cryptdisks-enable, check that we don't already have a
1000+ corresponding cryptdisks-udev job running (probably waiting for a
1001+ passphrase); if there is, wait until it's finished before continuing.
1002+ - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
1003+ script a no-op, this should be handled entirely by the upstart job;
1004+ and fix the LSB header to not declare this should be started in
1005+ runlevel 'S'
1006+ - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
1007+ upgrade.
1008+ - debian/rules: Do not install start symlinks for init scripts, and
1009+ install debian/cryptdisks-{enable,udev}.upstart scripts.
1010+ - Add debian/cryptsetup.apport: Apport package hook. Install in
1011+ debian/rules and create dir in debian/cryptsetup.dirs.
1012+ - debian/rules: link dynamically against libgcrypt and libgpg-error.
1013+ - debian/cryptsetup.postrm: call update-initramfs on package removal.
1014+ * Dropped changes, merged/superseded in Debian:
1015+ - Add ext4 support to passdev.
1016+ - cryptroot-hook: don't call copy_modules_dir with empty arguments when
1017+ archcrypto isn't found
1018+ - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into
1019+ the initramfs.
1020+ - change interaction to use plymouth directly if present, and if not, to
1021+ fall back to /lib/cryptsetup/askpass as before
1022+ - cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
1023+ - debian/initramfs/cryptroot-script: if plymouth is present in the
1024+ initramfs, use this directly, bypassing the cryptsetup askpass script
1025+ - debian/initramfs/cryptroot-hook: Properly anchor our regexps when
1026+ grepping /etc/crypttab so that we don't incorrectly match device names
1027+ that are substrings of one another.
1028+ - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
1029+ file descriptor to subprocesses.
1030+ - Fix grammar error in debian/initramfs/cryptroot-script
1031+ ("setup" -> "set up")
1032+ - debian/initramfs/cryptroot-script: Fix this to work with current
1033+ initramfs-tools:
1034+ + Source /scripts/functions after checking for prerequisites.
1035+ + prereqs(): Do not assume we are running within initramfs, and
1036+ calculate relative path correctly.
1037+
1038+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 14 Jun 2010 21:47:28 -0700
1039+
1040 cryptsetup (2:1.1.2-1) unstable; urgency=low
1041
1042 * new upstream release, changes include:
1043@@ -1814,6 +2652,171 @@ cryptsetup (2:1.1.0-1) unstable; urgency=low
1044
1045 -- Jonas Meurer <mejo@debian.org> Mon, 08 Mar 2010 14:15:35 +0100
1046
1047+cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low
1048+
1049+ [ David Stansby ]
1050+ * Fix grammar error in debian/initramfs/cryptroot-script
1051+ ("setup" -> "set up") (LP: #578896)
1052+
1053+ -- James Westby <james.westby@ubuntu.com> Mon, 17 May 2010 13:33:40 +0100
1054+
1055+cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low
1056+
1057+ * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
1058+ file descriptor to subprocesses.
1059+
1060+ -- Colin Watson <cjwatson@ubuntu.com> Mon, 29 Mar 2010 22:18:36 +0100
1061+
1062+cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low
1063+
1064+ * debian/initramfs/cryptroot-hook: Properly anchor our regexps when
1065+ grepping /etc/crypttab so that we don't incorrectly match device names
1066+ that are substrings of one another.
1067+ * debian/cryptdisks-{enable,udev}.conf, debian/control: drop
1068+ 'console output' and add a hard dependency on plymouth instead of
1069+ watershed, to avoid spitting extra messages to the console.
1070+
1071+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 18 Feb 2010 06:19:19 -0800
1072+
1073+cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low
1074+
1075+ * Set FRAMEBUFFER=y in the file that we actually ship.
1076+ * debian/cryptsetup.postrm: call update-initramfs on package removal.
1077+ LP: #468228.
1078+
1079+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 25 Jan 2010 03:07:52 -0800
1080+
1081+cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low
1082+
1083+ * cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
1084+ * cryptdisks.functions: when called by cryptdisks-enable, check that we
1085+ don't already have a corresponding cryptdisks-udev job running (probably
1086+ waiting for a passphrase); if there is, wait until it's finished before
1087+ continuing.
1088+
1089+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 21 Jan 2010 14:57:21 +0000
1090+
1091+cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low
1092+
1093+ * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the
1094+ initramfs.
1095+ * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the
1096+ invocation of plymouth, so that we actually get proper passphrase prompts
1097+ (once bug #496765 is fixed).
1098+
1099+ -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 16 Jan 2010 02:32:41 -0800
1100+
1101+cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low
1102+
1103+ * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for
1104+ changing the permissions of the filesystem root, not directly on /tmp,
1105+ since mounting on /tmp a) is racy, b) confuses mountall something fierce.
1106+ LP: #475936.
1107+
1108+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 22 Dec 2009 20:24:28 +0000
1109+
1110+cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low
1111+
1112+ * Depend on watershed.
1113+
1114+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 22 Dec 2009 01:37:36 +0000
1115+
1116+cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low
1117+
1118+ [ Steve Langasek ]
1119+ * Fix the LSB header in the init scripts, now that we don't install to
1120+ rcS.d.
1121+
1122+ [ Martin Pitt ]
1123+ * debian/initramfs/cryptroot-script: Fix this to work with current
1124+ initramfs-tools:
1125+ - Source /scripts/functions after checking for prerequisites.
1126+ - prereqs(): Do not assume we are running within initramfs, and calculate
1127+ relative path correctly.
1128+
1129+ -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 18 Dec 2009 17:07:07 +0100
1130+
1131+cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low
1132+
1133+ * Rename the upstart job introduced in the previous upload to
1134+ cryptdisks-udev and restore the previous version of the job as
1135+ cryptdisks-enable, to run at the end of udev coldplugging as before;
1136+ this isn't entirely race-free, but should nevertheless give us the
1137+ two passes needed to cover devices that are decrypted using keys stored
1138+ on other encrypted disks. LP: #443980.
1139+
1140+ -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 16 Dec 2009 06:41:30 +0000
1141+
1142+cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low
1143+
1144+ [ Steve Langasek ]
1145+ * debian/initramfs/cryptroot-script: if plymouth is present in the
1146+ initramfs, use this directly, bypassing the cryptsetup askpass script;
1147+ but keep support for these other frontends around on a transitional
1148+ basis.
1149+ * debian/cryptdisks.functions:
1150+ - change interaction to use plymouth directly if present, and if not, to
1151+ fall back to /lib/cryptsetup/askpass as before
1152+ - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
1153+ we only ever have one of these running at a time; otherwise multiple
1154+ invocations could steal each other's input and/or write over each
1155+ other's output
1156+ - new function, crypttab_start_one_disk, to look for the named source
1157+ device in /etc/crypttab (by device name, UUID, or label) and start it
1158+ if configured to do so
1159+ * debian/cryptdisks-enable.upstart: run the upstart job once for each block
1160+ device, using the new crypttab_start_one_disk function, triggered by udev;
1161+ this doesn't eliminate the possibility of a race with gdm when the
1162+ decrypted volume isn't a 'bootwait' mount point (since gdm kills
1163+ plymouth), but it does eliminate the race between udev and cryptsetup.
1164+ LP: #454898.
1165+ * debian/cryptdisks-enable.upstart: check that the package is installed
1166+ and exit gracefully if it's not. LP: #435814
1167+ * debian/cryptdisk.functions: initially create the device under a temporary
1168+ name and rename it only at the end using 'dmsetup rename', to ensure that
1169+ upstart/mountall doesn't see our device before it's ready to go.
1170+ LP: #475936.
1171+
1172+ [ Colin Watson ]
1173+ * Add ext4 support to passdev.
1174+
1175+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 15 Dec 2009 18:05:45 -0800
1176+
1177+cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low
1178+
1179+ * cryptroot-hook: Use if [ -n … ] instead of if ! test -z ….
1180+
1181+ -- LoĂ¯c Minier <loic.minier@ubuntu.com> Sat, 12 Dec 2009 11:32:52 +0100
1182+
1183+cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low
1184+
1185+ * cryptroot-hook: dont call copy_modules_dir with empty arguments when
1186+ archcrypto isnt found (LP: #495161)
1187+
1188+ -- Oliver Grawert <ogra@ubuntu.com> Fri, 11 Dec 2009 14:39:00 +0100
1189+
1190+cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low
1191+
1192+ * Merge with Debian testing. Remaining Ubuntu changes:
1193+ - debian/rules: cryptsetup is linked dynamically against libgcrypt and
1194+ libgpg-error.
1195+ - Upstart migration:
1196+ + Add debian/cryptdisks-enable.upstart.
1197+ + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
1198+ script a no-op, this should be handled entirely by the upstart job.
1199+ (LP #473615)
1200+ + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
1201+ upgrade.
1202+ + debian/rules: Do not install start symlinks for those two, and install
1203+ debian/cryptdisks-enable.upstart scripts.
1204+ - Add debian/cryptsetup.apport: Apport package hook. Install in
1205+ debian/rules, and create dir in debian/cryptsetup.dirs.
1206+ - Start usplash in initramfs, since we need it for fancy passphrase input:
1207+ + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y
1208+ + debian/control: Bump initramfs-tools Suggests to Depends:.
1209+
1210+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 11 Nov 2009 15:04:27 +0100
1211+
1212 cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low
1213
1214 * new upstream release candidate (1.1.0-rc2), highlights include:
1215@@ -1987,6 +2990,80 @@ cryptsetup (2:1.0.7~rc1-1) unstable; urgency=low
1216
1217 -- Jonas Meurer <mejo@debian.org> Sat, 04 Jul 2009 15:52:06 +0200
1218
1219+cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low
1220+
1221+ [ Steve Langasek ]
1222+ * Make the 'start' action of the init script a no-op, this should be
1223+ handled entirely by the upstart job now; and remove any symlinks from
1224+ /etc/rcS.d on upgrade. LP: #473615.
1225+
1226+ [ Reinhard Tartler ]
1227+ * Add an apport hook
1228+ * import the blkid and un_blkid from debian, LP: #446517
1229+ * also use this script by default (setting in /etc/default/cryptdisks)
1230+
1231+ -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 04 Nov 2009 12:06:47 +0000
1232+
1233+cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low
1234+
1235+ * Reupload previous version, siretart had left changes in bzr which
1236+ weren't documented in the changelog and caused FTBFS.
1237+
1238+ -- Scott James Remnant <scott@ubuntu.com> Wed, 14 Oct 2009 13:57:59 +0100
1239+
1240+cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low
1241+
1242+ [ Steve Langasek ]
1243+ * Move the Debian Vcs- fields aside.
1244+
1245+ [ Scott James Remnant ]
1246+ * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy,
1247+ cryptsetup should not need a controlling terminal, just a terminal
1248+ is fine. May fix LP: #439138.
1249+
1250+ -- Scott James Remnant <scott@ubuntu.com> Wed, 14 Oct 2009 04:52:16 +0100
1251+
1252+cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low
1253+
1254+ * debian/cryptdisks-enable.upstart: Things that often help include
1255+ not setting stdin/out to /dev/null, so you can actually type the
1256+ passphrase. I am an idiot. LP: #430496.
1257+
1258+ -- Scott James Remnant <scott@ubuntu.com> Thu, 17 Sep 2009 17:58:01 +0100
1259+
1260+cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low
1261+
1262+ * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted
1263+ disks once we've finished probing for udev devices, so that mountall
1264+ can use them. LP: #430496.
1265+
1266+ -- Scott James Remnant <scott@ubuntu.com> Thu, 17 Sep 2009 00:04:00 +0100
1267+
1268+cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low
1269+
1270+ * debian/initramfs/cryptroot-conf: declare that we want usplash included
1271+ in the initramfs whenever this package is installed. LP: #427356.
1272+
1273+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 15 Sep 2009 08:43:15 -0700
1274+
1275+cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low
1276+
1277+ * Merge from debian unstable, remaining changes:
1278+ - Ubuntu specific:
1279+ + debian/rules: link dynamically for better security supportability and
1280+ smaller packages.
1281+ + debian/control: Depend on initramfs-tools so system is not potentially
1282+ rendered unbootable.
1283+ - debian/initramfs/cryptroot-script wait for encrypted device to appear,
1284+ report with log_*_msg (debian bug 488271).
1285+ - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL
1286+ correlation between fstab and crypttab (debian bug 522041).
1287+ - debian/askpass.c, debian/initramfs/cryptroot-script: using newline
1288+ escape in passphrase prompt to avoid line-wrapping (debian bug 528133).
1289+ * Drop 04_fix_udevsettle_call.patch: fixed upstream differently.
1290+
1291+ -- Kees Cook <kees@ubuntu.com> Sun, 10 May 2009 17:29:32 -0700
1292+
1293 cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
1294
1295 * New upstream svn snapshot. Highlights include:
1296@@ -2028,6 +3105,67 @@ cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
1297
1298 -- Jonas Meurer <mejo@debian.org> Mon, 06 Apr 2009 08:49:14 +0200
1299
1300+cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low
1301+
1302+ * debian/control: Depend on initramfs-tools so system is not potentially
1303+ rendered unbootable (LP: #358654).
1304+
1305+ -- Kees Cook <kees@ubuntu.com> Thu, 09 Apr 2009 12:29:31 -0700
1306+
1307+cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low
1308+
1309+ * debian/initramfs/cryptroot-script: we don't require vol_id to understand
1310+ the encrypted device, but we should check the device is fully up first
1311+ before continuing by calling udevadm settle. LP: #291752.
1312+
1313+ -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 07 Mar 2009 21:39:14 -0800
1314+
1315+cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low
1316+
1317+ * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation
1318+ between fstab and crypttab (LP: #287879).
1319+
1320+ -- TJ <ubuntu@tjworld.net> Mon, 16 Feb 2009 23:00:00 +0000
1321+
1322+cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low
1323+
1324+ * debian/askpass.c: also handle newline escape code in console prompt.
1325+
1326+ -- Kees Cook <kees@ubuntu.com> Sun, 15 Feb 2009 08:57:05 -0800
1327+
1328+cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low
1329+
1330+ [ https://launchpad.net/~svenkata ]
1331+ * debian/checks/un_vol_id: dynamically build the "unknown volume type"
1332+ string, to allow for encrypted swap, LP: #316607
1333+
1334+ -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 12 Feb 2009 16:57:30 -0600
1335+
1336+cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low
1337+
1338+ * debian/askpass.c: handle newline escape code in password prompt.
1339+ * debian/initramfs/cryptroot-script: add newline to split cryptroot
1340+ password prompt onto two lines for readability (LP: #326900).
1341+
1342+ -- Kees Cook <kees@ubuntu.com> Sun, 08 Feb 2009 07:26:01 -0800
1343+
1344+cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low
1345+
1346+ * Merge from debian unstable, remaining changes:
1347+ - debian/initramfs/cryptroot-script:
1348+ - must source /scripts/functions to get the log_*_msg() functions.
1349+ - wait for encrypted device to show up (LP 164044, 291752).
1350+ - disable error message 'failed to setup lvm device' (LP 151532).
1351+ - debian/rules:
1352+ - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is
1353+ in Debian unstable).
1354+ - link dynamically (LP 62751).
1355+ - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle.
1356+ * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's
1357+ version is higher now.
1358+
1359+ -- Kees Cook <kees@ubuntu.com> Tue, 06 Jan 2009 13:00:16 -0800
1360+
1361 cryptsetup (2:1.0.6-7) unstable; urgency=medium
1362
1363 * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE
1364@@ -2072,6 +3210,38 @@ cryptsetup (2:1.0.6-7) unstable; urgency=medium
1365
1366 -- Jonas Meurer <mejo@debian.org> Wed, 17 Dec 2008 21:25:45 +0100
1367
1368+cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low
1369+
1370+ * debian/initramfs/cryptroot-script: do not require that vol_id
1371+ can parse the encrypted device as valid (LP: #291752).
1372+
1373+ -- Kees Cook <kees@ubuntu.com> Fri, 31 Oct 2008 13:10:06 -0700
1374+
1375+cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low
1376+
1377+ * Fixes for (LP: #272301)
1378+ * debian/initramfs/cryptroot-script: must source /scripts/functions to get
1379+ the log_*_msg() functions
1380+ * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle
1381+
1382+ -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 19 Sep 2008 18:03:28 -0500
1383+
1384+cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low
1385+
1386+ * drop almost all ubuntu specific changes from the cryptsetup package,
1387+ because they have been merged in debian. Thanks a lot!
1388+ * merge from debian, remaining changes:
1389+ - remove versioned build-depency on libdevmapper-dev, we are using a
1390+ rather sophisticated loop for making sure the root filesystem appears.
1391+ * debian/rules: fix location of ltmain.sh
1392+ * don't exit usplash anymore in the init script. LP: #110970, #139363
1393+ * Disable error message 'failed to setup lvm device'. It is harmless, and
1394+ caused by the fact that the udev rules provided by lvm2 are setting up
1395+ the lvm on their own. In debian the scripts here are responsible for this
1396+ but obviously fail in ubuntu. LP: #151532
1397+
1398+ -- Reinhard Tartler <siretart@tauware.de> Sat, 30 Aug 2008 17:52:16 +0200
1399+
1400 cryptsetup (2:1.0.6-6) unstable; urgency=high
1401
1402 * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles
1403@@ -2173,6 +3343,79 @@ cryptsetup (2:1.0.6-3) unstable; urgency=low
1404
1405 -- Jonas Meurer <mejo@debian.org> Mon, 07 Jul 2008 00:30:07 +0200
1406
1407+cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low
1408+
1409+ * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally
1410+ dropped in version 2:1.0.6-2ubuntu6.
1411+
1412+ -- Reinhard Tartler <siretart@tauware.de> Fri, 20 Jun 2008 15:15:54 +0200
1413+
1414+cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low
1415+
1416+ [ Kjell Braden ]
1417+ * load scripts/functions for log_{begin,end}_msg
1418+ * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device
1419+ * debian/initramfs/cryptroot-hook: copy binaries to the right directory
1420+
1421+ [ Reinhard Tartler ]
1422+ * remove versioned build-depency on libdevmapper-dev, we are using a
1423+ rather sophisticated loop for making sure the root filesystem appears.
1424+
1425+ -- Reinhard Tartler <siretart@tauware.de> Wed, 18 Jun 2008 00:26:43 +0200
1426+
1427+cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low
1428+
1429+ * Okay, I give up. include preprocessed manpages and adapt
1430+ debian/rules to easily produce those.
1431+ ATTENTION: on subsequent uploads, make sure that the manpages are
1432+ available and up-to-date.
1433+
1434+ -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 13:33:07 +0200
1435+
1436+cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low
1437+
1438+ * also use local dtd in debian/doc/variables.xml.in.
1439+
1440+ -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 12:55:42 +0200
1441+
1442+cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low
1443+
1444+ * try harder to fix FTBFS.
1445+
1446+ -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 11:42:54 +0200
1447+
1448+cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low
1449+
1450+ * build docbook documentation using local dtds instead of trying to
1451+ download them at buildtime. Fixes FTBFS.
1452+
1453+ -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 11:12:28 +0200
1454+
1455+cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low
1456+
1457+ * Merge new debian version. Remaining changes:
1458+ - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
1459+ bzr on launchpad.
1460+ - debian/rules: cryptsetup is linked dynamically against libgcrypt and
1461+ libgpg-error.
1462+ - cryptdisks.functions: stop usplash on user input. LP #62751
1463+ - Parse comments in lines not starting with '#', LP #185380
1464+ - If the encrypted source device hasn't shown up yet, give it a
1465+ little while to deal with removable devices. LP #164044
1466+ * Depend on race-free version of libdevmapper, thus making udevsettle
1467+ call from cryptsetup binary unnecessary. Dropping patch
1468+ debian/patches/06_run_udevsettle.patch
1469+ * remove patch from LP #73862, loading optimized modules has been solved
1470+ in debian in another way.
1471+ * cryptdisk.functions: remove spurious call to load_optimized_module.
1472+ LP: #239946
1473+ * bugfix: make regex work if keyfile has extended attributes. LP: #231339.
1474+ * remove patch in cryptdisks.functions for rexecing the script itself for
1475+ ensuring that a tty is always available. (See LP #58794.) According to
1476+ Scott, this is not necessary anymore.
1477+
1478+ -- Reinhard Tartler <siretart@tauware.de> Sat, 14 Jun 2008 23:28:51 +0200
1479+
1480 cryptsetup (2:1.0.6-2) unstable; urgency=low
1481
1482 [ Jonas Meurer ]
1483@@ -2198,6 +3441,54 @@ cryptsetup (2:1.0.6-2) unstable; urgency=low
1484
1485 -- David Härdeman <david@hardeman.nu> Mon, 26 May 2008 08:12:32 +0200
1486
1487+cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low
1488+
1489+ [ Kjell Braden ]
1490+ * Fix configuration parsing (LP: #239808)
1491+
1492+ [ Reinhard Tartler ]
1493+ * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723)
1494+
1495+ -- Reinhard Tartler <siretart@tauware.de> Fri, 13 Jun 2008 21:26:17 +0200
1496+
1497+cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low
1498+
1499+ * Parse comments in lines not starting with '#', LP: #185380
1500+ * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough
1501+ for the cryptdevice to appear. Reimplement the busy waiting loop found
1502+ while waiting for the root file system. Patch based on work by SwĂ¢mi
1503+ Petaramesh. LP: #164044
1504+ * debian/crypdisks.functions: call 'env' with full path. LP: #178829.
1505+
1506+ -- Reinhard Tartler <siretart@tauware.de> Mon, 26 May 2008 22:12:32 +0200
1507+
1508+cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low
1509+
1510+ * Simplify the patch in debian/cryptdisks.functions that stops usplash
1511+ before asking for a passphrase.
1512+
1513+ -- Reinhard Tartler <siretart@tauware.de> Mon, 26 May 2008 20:18:14 +0200
1514+
1515+cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low
1516+
1517+ * Merge new debian version. Remaining changes:
1518+ - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
1519+ - stop usplash on user input. LP #62751
1520+ - debian/cryptdisks.functions: Always output and read from the console.
1521+ LP #58794.
1522+ - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
1523+ bzr on launchpad.
1524+ - debian/initramfs/cryptroot-hook: LP #73862
1525+ Added patch to install aes optimized cypher module
1526+ - try to load optimized cypher module in cryptsetup.functions as well,
1527+ because cryptroot-hook is only executed when we really have a
1528+ cryptoroot.
1529+ * other ubuntu changes have been merged into debian. Please report bugs
1530+ if you believe some patches have been dropped.
1531+ * removed 07_typos_fix.patch, has been reviewed and applied upstream.
1532+
1533+ -- Reinhard Tartler <siretart@tauware.de> Sun, 25 May 2008 22:52:30 +0200
1534+
1535 cryptsetup (2:1.0.6-1) unstable; urgency=low
1536
1537 [ Jonas Meurer ]
1538@@ -2329,6 +3620,138 @@ cryptsetup (2:1.0.6~pre1-1) unstable; urgency=low
1539
1540 -- Jonas Meurer <mejo@debian.org> Thu, 06 Dec 2007 15:56:05 +0100
1541
1542+cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low
1543+
1544+ * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181)
1545+
1546+ -- Bruno Barrera Yever <bbyever@gmail.com> Mon, 07 Apr 2008 18:43:05 -0500
1547+
1548+cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low
1549+
1550+ * debian/initramfs/cryptroot-script: Do show the disk name after all, since
1551+ some people use multiple encrypted partitions as LVM PVs. (LP: #201413)
1552+
1553+ -- Martin Pitt <martin.pitt@ubuntu.com> Sun, 06 Apr 2008 11:54:41 -0600
1554+
1555+cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low
1556+
1557+ * debian/initramfs/cryptroot-script: Do not mention the name of the
1558+ encrypted device. It is just technobabble anyway (sda4_crypt), and there
1559+ is just one root partition ever, so it is not needed to tell apart
1560+ different partitions. From a security POV, someone who can change your
1561+ initramfs to boot a different root partition can just as well change the
1562+ strings, too. (LP: #201413)
1563+
1564+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 02 Apr 2008 15:51:53 +0200
1565+
1566+cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low
1567+
1568+ * debian/scripts/luksformat: Use 256 bit key size by default.
1569+ (LP: #78508)
1570+ * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for
1571+ luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508)
1572+
1573+ -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 27 Feb 2008 17:43:46 +0100
1574+
1575+cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low
1576+
1577+ * Fix -x calls and access() call.
1578+
1579+ -- Scott James Remnant <scott@ubuntu.com> Fri, 14 Dec 2007 16:54:53 +0000
1580+
1581+cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low
1582+
1583+ * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle
1584+ * debian/patches/06_call_udevsettle.dpatch: likewise
1585+
1586+ -- Scott James Remnant <scott@ubuntu.com> Fri, 14 Dec 2007 16:11:36 +0000
1587+
1588+cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low
1589+
1590+ * Make cryptsetup understand devices specified by UUID=... or LABEL=
1591+ in crypttab. (LP: #153597)
1592+
1593+ -- Andrea Colangelo <warp10@libero.it> Mon, 29 Oct 2007 18:22:51 +0100
1594+
1595+cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low
1596+
1597+ * reenable additional udevsettle calls in cryptroot hook from
1598+ https://launchpad.net/bugs/85640, LP: #132373.
1599+ * change maintainer to ubuntu-core-dev.
1600+ * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control.
1601+
1602+ -- Reinhard Tartler <siretart@tauware.de> Thu, 08 Nov 2007 23:52:19 +0100
1603+
1604+cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low
1605+
1606+ * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last
1607+ upload. Sorry, pitti.
1608+ * convert patch to lib/libdevmapper.c to a dpatch.
1609+
1610+ -- Reinhard Tartler <siretart@tauware.de> Sun, 04 Nov 2007 21:42:43 +0100
1611+
1612+cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low
1613+
1614+ * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation
1615+ events are being processed by calling /sbin/udevsettle. Patch based on
1616+ OpenSUSE bug #285478, LP: #132373.
1617+ * Based on the change above, the patch from LP #85640 is no longer needed.
1618+ dropping the relevant parts.
1619+ * Fix debian/rules to not fail to build if autom4te.cache is left behind
1620+ from a previous incomplete build.
1621+
1622+ -- Reinhard Tartler <siretart@tauware.de> Fri, 02 Nov 2007 20:53:31 +0100
1623+
1624+cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low
1625+
1626+ * debian/initramfs/cryptroot-script:
1627+ - If the supplied password worked, remove the prompt from usplash again,
1628+ so that the user has some visual feedback that everything is alright.
1629+ (LP: #151305)
1630+ - Do not show the UUID device node of the outer physical device. It is
1631+ scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not
1632+ improve security at all: If attackers can tamper with your initramfs,
1633+ they can also change the prompt, and if the UUID of the physical device
1634+ changes, then booting will not even get that far. Now it is a much more
1635+ friendly "Enter passphrase for sda5_crypt:" which is still technical,
1636+ but it's necessary to point out which device will be unlocked in case
1637+ there are several.
1638+
1639+ -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 11 Oct 2007 19:51:58 +0200
1640+
1641+cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low
1642+
1643+ * Merge new debian version. Remaining changes:
1644+ - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
1645+ This will break systems where /usr is a separate encrypted filesystem
1646+ but not have other bad consequences (in particular, systems with
1647+ encrypted root are still fine). The upsides include better
1648+ security supportability and smaller packages.
1649+ - libcryptsetup.so et al removed from the binary packages. They have
1650+ no stable ABI and are not suitable for use by other packages, and
1651+ were in violation of library policies etc. They're not needed since
1652+ the cryptsetup executable statically contains the relevant parts of
1653+ libcryptsetup.
1654+ - cryptdisks.functions: remove #!/bin/bash as it isn't a script
1655+ by itself; it's only sourced by other scripts. This gets rid
1656+ of the lintian warning `script-not-executable' for this file.
1657+ - stop usplash on user input. LP #62751
1658+ - Always output and read from the console. LP #58794.
1659+ - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
1660+ bzr on launchpad.
1661+ - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
1662+ libnsl linkage;
1663+ - debian/initramfs/cryptroot-hook: (LP: #73862)
1664+ Added patch to install aes optimized cypher module
1665+ - try to load optimized cypher module in cryptsetup.functions as well,
1666+ because cryptroot-hook is only executed when we really have a
1667+ cryptoroot.
1668+ - apply patch from pitti for allowing UUIDs in /etc/crypttab.
1669+ This allowes crypted PVs! LP: #144390.
1670+ - remove README.ubuntu, since it contains old and obsolete information.
1671+
1672+ -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Oct 2007 21:31:28 +0200
1673+
1674 cryptsetup (2:1.0.5-2) unstable; urgency=low
1675
1676 [ Jonas Meurer ]
1677@@ -2377,6 +3800,68 @@ cryptsetup (2:1.0.5-2) unstable; urgency=low
1678
1679 -- Jonas Meurer <mejo@debian.org> Mon, 24 Sep 2007 15:42:06 +0200
1680
1681+cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low
1682+
1683+ * apply patch from pitti for allowing UUIDs in /etc/crypttab.
1684+ This allowes crypted PVs! LP: #144390.
1685+ * remove README.ubuntu, since it contains old and obsolete information.
1686+
1687+ -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Oct 2007 19:59:24 +0200
1688+
1689+cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low
1690+
1691+ [ Stephan Hermann ]
1692+ * debian/initramfs/cryptroot-hook: (LP: #73862)
1693+ - Added patch to install aes optimized cypher module
1694+
1695+ [ Reinhard Tartler ]
1696+ * re-applying old patch to new package version
1697+ * try to load optimized cypher module in cryptsetup.functions as well,
1698+ because cryptroot-hook is only executed when we really have a
1699+ cryptoroot.
1700+
1701+ -- Reinhard Tartler <siretart@tauware.de> Thu, 27 Sep 2007 19:38:48 +0200
1702+
1703+cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low
1704+
1705+ * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
1706+ libnsl linkage; should finally produce a usable cryptsetup binary for
1707+ the udeb.
1708+
1709+ -- Colin Watson <cjwatson@ubuntu.com> Wed, 19 Sep 2007 15:28:52 +0100
1710+
1711+cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low
1712+
1713+ * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for
1714+ proper udeb dependencies.
1715+
1716+ -- Colin Watson <cjwatson@ubuntu.com> Wed, 19 Sep 2007 01:37:02 +0100
1717+
1718+cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low
1719+
1720+ * Merge new debian version. Remaining changes:
1721+ - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
1722+ This will break systems where /usr is a separate encrypted filesystem
1723+ but not have other bad consequences (in particular, systems with
1724+ encrypted root are still fine). The upsides include better
1725+ security supportability and smaller packages.
1726+ - libcryptsetup.so et al removed from the binary packages. They have
1727+ no stable ABI and are not suitable for use by other packages, and
1728+ were in violation of library policies etc. They're not needed since
1729+ the cryptsetup executable statically contains the relevant parts of
1730+ libcryptsetup.
1731+ - cryptdisks.functions: remove #!/bin/bash as it isn't a script
1732+ by itself; it's only sourced by other scripts. This gets rid
1733+ of the lintian warning `script-not-executable' for this file.
1734+ - stop usplash on user input. LP #62751
1735+ - Always output and read from the console. LP #58794.
1736+ * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
1737+ bzr on launchpad.
1738+ * UVF exception request granted by Scott Kitterman and Chuck Short
1739+ LP: #138295
1740+
1741+ -- Reinhard Tartler <siretart@tauware.de> Sat, 08 Sep 2007 19:04:54 +0200
1742+
1743 cryptsetup (2:1.0.5-1) unstable; urgency=low
1744
1745 [ Jonas Meurer ]
1746@@ -2397,6 +3882,66 @@ cryptsetup (2:1.0.5-1) unstable; urgency=low
1747
1748 -- Jonas Meurer <mejo@debian.org> Fri, 27 Jul 2007 04:59:33 +0200
1749
1750+cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low
1751+
1752+ * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu
1753+
1754+ -- Reinhard Tartler <siretart@tauware.de> Sat, 08 Sep 2007 18:43:56 +0200
1755+
1756+cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low
1757+
1758+ * cryptsetup is linked dynamically against libgcrypt and libgpg-error.
1759+ This will break systems where /usr is a separate encrypted filesystem
1760+ but not have other bad consequences (in particular, systems with
1761+ encrypted root are still fine). The upsides include better
1762+ security supportability and smaller packages.
1763+ * libcryptsetup.so et al removed from the binary packages. They have
1764+ no stable ABI and are not suitable for use by other packages, and
1765+ were in violation of library policies etc. They're not needed since
1766+ the cryptsetup executable statically contains the relevant parts of
1767+ libcryptsetup.
1768+ * cryptdisks.functions: remove #!/bin/bash as it isn't a script
1769+ by itself; it's only sourced by other scripts. This gets rid
1770+ of the lintian warning `script-not-executable' for this file.
1771+
1772+ -- Ian Jackson <iwj@ubuntu.com> Fri, 31 Aug 2007 12:05:33 +0100
1773+
1774+cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low
1775+
1776+ * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions
1777+ (LP: #115617)
1778+
1779+ -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 17:04:05 +0200
1780+
1781+cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low
1782+
1783+ * make luksformat check if filesystem is already mounted to prevent a
1784+ strange error message. thanks to mvo for the patch (LP: #116633)
1785+ * remove file debian/initramfs-cryptroot-script from source. it is not
1786+ installed anywhere, and a leftover from the last merge.
1787+ * add missing hunk of cryptsetup.functions compared to debian package.
1788+ * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to
1789+ debian/initramfs/cryptroot-script, since stgraber's patch has been
1790+ lost in the last merge. (LP: #85640)
1791+
1792+ -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 15:02:57 +0200
1793+
1794+cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low
1795+
1796+ * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405)
1797+
1798+ -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 13:31:39 +0200
1799+
1800+cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low
1801+
1802+ * Merge from Debian unstable. Remaining Ubuntu changes:
1803+ - stop usplash on user input. Ubuntu: #62751
1804+ - Always output and read from the console. Ubuntu: #58794.
1805+ - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
1806+ * Modify Maintainer value to match Debian-Maintainer-Field Spec
1807+
1808+ -- Andrea Veri <bluekuja@ubuntu.com> Sun, 6 May 2007 22:33:25 +0200
1809+
1810 cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low
1811
1812 * New upstream svn snapshot with several bugfixes
1813@@ -2449,6 +3994,20 @@ cryptsetup (2:1.0.4+svn26-2) unstable; urgency=low
1814
1815 -- Jonas Meurer <mejo@debian.org> Sat, 28 Apr 2007 20:45:50 +0200
1816
1817+cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low
1818+
1819+ * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
1820+
1821+ -- Stéphane Graber <stgraber@ubuntu.com> Thu, 14 Apr 2007 10:03:41 +0200
1822+
1823+cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low
1824+
1825+ * merge debian changes. Remaining ubuntu changes:
1826+ - stop usplash on user input. Ubuntu: #62751
1827+ - Always output and read from the console. Ubuntu: #58794.
1828+
1829+ -- Reinhard Tartler <siretart@tauware.de> Sat, 3 Feb 2007 21:30:03 +0100
1830+
1831 cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high
1832
1833 [ Jonas Meurer ]
1834@@ -2498,6 +4057,28 @@ cryptsetup (2:1.0.4+svn16-1) unstable; urgency=medium
1835
1836 -- Jonas Meurer <mejo@debian.org> Tue, 28 Nov 2006 18:17:12 +0100
1837
1838+cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low
1839+
1840+ * fix and improve initramfs hook: terminate usplash if running, since
1841+ adequate secure text input is not possible with usplash ATM
1842+ * usplash support: Terminate usplash before asking a password.
1843+ Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751
1844+
1845+ -- Reinhard Tartler <siretart@tauware.de> Wed, 24 Jan 2007 22:43:28 +0100
1846+
1847+cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low
1848+
1849+ * merge debian changes, remaining patches:
1850+ - Always output and read from the console. Ubuntu: #58794.
1851+ * other changes have been merged or do noy apply anymore
1852+ * read password via usplash if available in initramfs for rootfs. based on a patch from
1853+ Swen ThĂ¼mmler (Thanks for that!) Ubuntu #62751
1854+ * read password from initscript via usplash if running. should fix the
1855+ rest of Ubuntu #62751. Only problem with that patch: It asks only once
1856+ for the password! improvements welcome!
1857+
1858+ -- Reinhard Tartler <siretart@tauware.de> Sun, 19 Nov 2006 20:04:19 +0100
1859+
1860 cryptsetup (2:1.0.4-8) unstable; urgency=high
1861
1862 [ Jonas Meurer ]
1863@@ -2655,6 +4236,27 @@ cryptsetup (2:1.0.4~rc2-1) unstable; urgency=low
1864
1865 -- Jonas Meurer <mejo@debian.org> Mon, 4 Sep 2006 03:55:35 +0200
1866
1867+cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low
1868+
1869+ * Always output and read from the console. Ubuntu: #58794.
1870+
1871+ -- Scott James Remnant <scott@ubuntu.com> Thu, 21 Sep 2006 03:05:18 +0100
1872+
1873+cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low
1874+
1875+ * Load the dm-crypt module on startup. Ubuntu: #53475.
1876+
1877+ -- Scott James Remnant <scott@ubuntu.com> Wed, 23 Aug 2006 11:53:49 +0200
1878+
1879+cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low
1880+
1881+ * Sync with Debian:
1882+ Remaining Ubuntu Changes
1883+ + debian/cryptdisks.functions:
1884+ - Tell usplash to quit if we ask for a passphrase
1885+
1886+ -- Sebastian Dröge <slomo@ubuntu.com> Tue, 11 Jul 2006 20:03:27 +0200
1887+
1888 cryptsetup (2:1.0.3-3) unstable; urgency=low
1889
1890 [ Jonas Meurer ]
1891@@ -3074,3 +4676,4 @@ cryptsetup-luks (0.992-1) unstable; urgency=low
1892 * "integrated LUKS" support (very messy hack)
1893
1894 -- Michael Gebetsroither <michael.geb@gmx.at> Thu, 10 Feb 2005 18:16:21 +0100
1895+
1896diff --git a/debian/control b/debian/control
1897index 3ea0be1..7d73f5f 100644
1898--- a/debian/control
1899+++ b/debian/control
1900@@ -1,7 +1,8 @@
1901 Source: cryptsetup
1902 Section: admin
1903 Priority: optional
1904-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>
1905+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
1906+XSBC-Original-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>
1907 Uploaders: Jonas Meurer <jonas@freesources.org>,
1908 Guilhem Moulin <guilhem@debian.org>
1909 Rules-Requires-Root: no
1910@@ -76,11 +77,11 @@ Description: disk encryption support - command line tools
1911
1912 Package: cryptsetup-initramfs
1913 Architecture: all
1914-Depends: busybox | busybox-static,
1915+Depends: busybox-initramfs,
1916 cryptsetup (>= ${source:Version}),
1917 initramfs-tools (>= 0.129) | linux-initramfs-tool,
1918 ${misc:Depends}
1919-Recommends: console-setup, kbd
1920+Recommends: console-setup, kbd, plymouth
1921 Breaks: cryptsetup (<< 2:2.0.3-1)
1922 Replaces: cryptsetup (<< 2:2.0.3-1)
1923 Description: disk encryption support - initramfs integration
1924diff --git a/debian/cryptsetup-initramfs.install b/debian/cryptsetup-initramfs.install
1925index 026ea37..6780893 100644
1926--- a/debian/cryptsetup-initramfs.install
1927+++ b/debian/cryptsetup-initramfs.install
1928@@ -5,5 +5,6 @@ debian/initramfs/hooks/* /usr/share/initramfs-tools/h
1929 debian/initramfs/scripts/local-block/cryptroot /usr/share/initramfs-tools/scripts/local-block/
1930 debian/initramfs/scripts/local-bottom/cryptgnupg-sc /usr/share/initramfs-tools/scripts/local-bottom/
1931 debian/initramfs/scripts/local-bottom/cryptopensc /usr/share/initramfs-tools/scripts/local-bottom/
1932+debian/initramfs/scripts/local-bottom/cryptroot /usr/share/initramfs-tools/scripts/local-bottom/
1933 debian/initramfs/scripts/local-top/cryptopensc /usr/share/initramfs-tools/scripts/local-top/
1934 debian/initramfs/scripts/local-top/cryptroot /usr/share/initramfs-tools/scripts/local-top/
1935diff --git a/debian/functions b/debian/functions
1936index 3eaf1a4..3189939 100644
1937--- a/debian/functions
1938+++ b/debian/functions
1939@@ -9,6 +9,8 @@ else
1940 TABFILE="${TABFILE-/etc/crypttab}"
1941 fi
1942 export DM_DEFAULT_NAME_MANGLING_MODE=hex # for dmsetup(8)
1943+export CRYPTR_LOCAL_BLOCK="/run/cryptroot.local-block"
1944+export CRYPTR_CNT_FILE="/run/cryptroot.initrd.cnt"
1945
1946 # Logging helpers. Send the argument list to plymouth(1), or fold it
1947 # and print it to the standard error.
1948@@ -587,6 +589,7 @@ _resolve_device() {
1949 # Print the major:minor device ID(s) holding the file system currently
1950 # mounted currenty mounted on $mountpoint.
1951 # Return 0 on success, 1 on error (if $mountpoint is not a mountpoint).
1952+# devno will be empty if the filesystem must be excluded.
1953 get_mnt_devno() {
1954 local wantmount="$1" devnos="" uuid dev IFS
1955 local spec mountpoint fstype _ DEV MAJ MIN
1956@@ -600,8 +603,15 @@ get_mnt_devno() {
1957 # take the last mountpoint if used several times (shadowed)
1958 unset -v devnos
1959 spec="$(printf '%b' "$spec")"
1960- _resolve_device "$spec" || continue # _resolve_device() already warns on error
1961 fstype="$(printf '%b' "$fstype")"
1962+ if [ "$fstype" = "zfs" ]; then
1963+ # Ignore ZFS entries as they don't have a major/minor and won't
1964+ # be imported when local-top cryptroot script will ran.
1965+ # Returns success with empty devno
1966+ printf ''
1967+ return 0
1968+ fi
1969+ _resolve_device "$spec" || continue # _resolve_device() already warns on error
1970 if [ "$fstype" = "btrfs" ]; then
1971 # btrfs can span over multiple devices
1972 if uuid="$(_device_uuid "$DEV")"; then
1973diff --git a/debian/initramfs/cryptroot-unlock b/debian/initramfs/cryptroot-unlock
1974index d31b6f4..960e3a8 100644
1975--- a/debian/initramfs/cryptroot-unlock
1976+++ b/debian/initramfs/cryptroot-unlock
1977@@ -40,8 +40,14 @@ fi
1978 pgrep_exe() {
1979 local exe pid
1980 exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0
1981- ps -eo pid= | while read pid; do
1982- [ "$(readlink -f "/proc/$pid/exe")" != "$exe" ] || printf '%d\n' "$pid"
1983+ ps | awk '{print $1, $5}' | while read LINE; do
1984+ set $LINE
1985+ local pid=$1
1986+ local cmd=$(readlink -f -- "$2")
1987+ if [ "$cmd" == "$exe" ]; then
1988+ echo $pid
1989+ break
1990+ fi
1991 done
1992 }
1993
1994@@ -101,7 +107,7 @@ wait_for_prompt() {
1995 break
1996 fi
1997
1998- usleep 100000
1999+ sleep 0.1
2000 timer=$(( $timer - 1 ))
2001 if [ $timer -le 0 ]; then
2002 echo "Error: Timeout reached while waiting for askpass." >&2
2003@@ -112,7 +118,7 @@ wait_for_prompt() {
2004 # find the cryptsetup process with same $CRYPTTAB_NAME
2005 local o v
2006 for o in NAME TRIED OPTION_tries; do
2007- if v="$(grep -z -m1 "^CRYPTTAB_$o=" "/proc/$pid/environ")"; then
2008+ if v="$(tr '\0' '\n' < "/proc/$pid/environ" | grep -m1 "^CRYPTTAB_$o=")"; then
2009 eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}"
2010 else
2011 eval unset -v "CRYPTTAB_$o"
2012@@ -128,7 +134,7 @@ wait_for_prompt() {
2013 fi
2014
2015 for pid in $(pgrep_exe "/sbin/cryptsetup"); do
2016- if grep -Fxqz "CRYPTTAB_NAME=$CRYPTTAB_NAME" "/proc/$pid/environ"; then
2017+ if tr '\0' '\n' < "/proc/$pid/environ" | grep -Fxq "CRYPTTAB_NAME=$CRYPTTAB_NAME"; then
2018 PID=$pid
2019 BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break
2020 return 0
2021@@ -148,7 +154,7 @@ wait_for_prompt() {
2022 wait_for_answer() {
2023 local timer=$(( 10 * $TIMEOUT )) b
2024 while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do
2025- usleep 100000
2026+ sleep 0.1
2027 timer=$(( $timer - 1 ))
2028 if [ $timer -le 0 ]; then
2029 echo "Error: Timeout reached while waiting for PID $PID." >&2
2030diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot
2031index 7d88148..67dc6dd 100644
2032--- a/debian/initramfs/hooks/cryptroot
2033+++ b/debian/initramfs/hooks/cryptroot
2034@@ -179,16 +179,18 @@ generate_initrd_crypttab() {
2035
2036 {
2037 if devnos="$(get_mnt_devno /)"; then
2038- usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos
2039+ if [ -n "$devnos" ]; then
2040+ usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos
2041+ fi
2042 else
2043 cryptsetup_message "WARNING: Couldn't determine root device"
2044 fi
2045
2046- if devnos="$(get_resume_devno)"; then
2047+ if devnos="$(get_resume_devno)" && [ -n "$devnos" ]; then
2048 usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos
2049 fi
2050
2051- if devnos="$(get_mnt_devno /usr)"; then
2052+ if devnos="$(get_mnt_devno /usr)" && [ -n "$devnos" ]; then
2053 usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos
2054 fi
2055
2056diff --git a/debian/initramfs/scripts/local-block/cryptroot b/debian/initramfs/scripts/local-block/cryptroot
2057index 8a9b4c0..8719fb6 100644
2058--- a/debian/initramfs/scripts/local-block/cryptroot
2059+++ b/debian/initramfs/scripts/local-block/cryptroot
2060@@ -15,6 +15,10 @@ prereqs)
2061 ;;
2062 esac
2063
2064+[ -f /lib/cryptsetup/functions ] || return 0
2065+. /lib/cryptsetup/functions
2066+
2067 if [ -x /scripts/local-top/cryptroot ]; then
2068+ touch ${CRYPTR_LOCAL_BLOCK}
2069 exec /scripts/local-top/cryptroot
2070 fi
2071diff --git a/debian/initramfs/scripts/local-bottom/cryptroot b/debian/initramfs/scripts/local-bottom/cryptroot
2072new file mode 100644
2073index 0000000..4f44d38
2074--- /dev/null
2075+++ b/debian/initramfs/scripts/local-bottom/cryptroot
2076@@ -0,0 +1,23 @@
2077+#!/bin/sh
2078+set +x
2079+PREREQ=""
2080+
2081+prereqs()
2082+{
2083+ echo "$PREREQ"
2084+}
2085+
2086+case $1 in
2087+prereqs)
2088+ prereqs
2089+ exit 0
2090+ ;;
2091+esac
2092+
2093+# If we reached this stage, we do have a rootfs mounted
2094+# so let's clean-up cryptroot setup mess...
2095+[ -f /lib/cryptsetup/functions ] || return 0
2096+. /lib/cryptsetup/functions
2097+
2098+rm -f ${CRYPTR_LOCAL_BLOCK}
2099+rm -f ${CRYPTR_CNT_FILE}
2100diff --git a/debian/initramfs/scripts/local-top/cryptroot b/debian/initramfs/scripts/local-top/cryptroot
2101index 4f36259..5a9ea60 100644
2102--- a/debian/initramfs/scripts/local-top/cryptroot
2103+++ b/debian/initramfs/scripts/local-top/cryptroot
2104@@ -31,8 +31,8 @@ esac
2105
2106
2107 # wait_for_source()
2108-# Wait for encrypted $CRYPTTAB_SOURCE for up to 180s. Set
2109-# $CRYPTTAB_SOURCE to its normalized device name when it shows up;
2110+# Wait for encrypted $CRYPTTAB_SOURCE . Set $CRYPTTAB_SOURCE
2111+# to its normalized device name when it shows up;
2112 # return 1 if timeout.
2113 wait_for_source() {
2114 wait_for_udev 10
2115@@ -42,17 +42,27 @@ wait_for_source() {
2116 return 0
2117 fi
2118
2119- # The lines below has been taken from
2120- # /usr/share/initramfs-tools/scripts/local's local_device_setup(),
2121- # as suggested per https://launchpad.net/bugs/164044
2122-
2123 # If the source device hasn't shown up yet, give it a little while
2124 # to allow for asynchronous device discovery (e.g. USB).
2125+ #
2126+ # We also need to take into account RAID or other devices that may
2127+ # only be available on local-block stage. So, wait 5 seconds upfront,
2128+ # in local-top; if that fails, end execution relying on local-block
2129+ # invocations. Allow $ROOTDELAY/3 invocations with 1s sleep times (with
2130+ # a minimum of 30 invocations), and if after that we still fail, then it's
2131+ # really time to give-up. Variable $initrd_cnt tracks the re-invocations.
2132+ #
2133+ # Part of the lines below has been taken from initramfs-tools
2134+ # scripts/local's local_device_setup(), as suggested per
2135+ # https://launchpad.net/bugs/164044 .
2136+
2137+ local slumber=1
2138+ if [ ! -f "${CRYPTR_LOCAL_BLOCK}" ]; then # we are running on local-top
2139+ slumber=5
2140+ fi
2141
2142 cryptsetup_message "Waiting for encrypted source device $CRYPTTAB_SOURCE..."
2143
2144- # Default delay is 180s, cf. initramfs-tools(8)
2145- local slumber="${ROOTDELAY:-180}"
2146 while [ $slumber -gt 0 ]; do
2147 sleep 1
2148
2149@@ -75,7 +85,23 @@ wait_for_source() {
2150 # Set up a crypttab(5) mapping defined by $CRYPTTAB_NAME,
2151 # $CRYPTTAB_SOURCE, $CRYPTTAB_KEY, $CRYPTTAB_OPTIONS.
2152 setup_mapping() {
2153- local dev
2154+ local dev initrd_cnt
2155+
2156+ # We control here the number of re-invocations of this script from
2157+ # local-block - the heuristic is $ROOTDELAY/3, with a minimum of 30.
2158+ # This number is somewhat dictated by mdadm, we want to run more times
2159+ # than that script, to allow decrypting volumes on top of arrays.
2160+
2161+ if [ -f "${CRYPTR_CNT_FILE}" ]; then
2162+ initrd_cnt=$(cat ${CRYPTR_CNT_FILE})
2163+ else
2164+ initrd_cnt=${ROOTDELAY:-90}
2165+ initrd_cnt=$((initrd_cnt/3))
2166+ if [ "${initrd_cnt}" -lt 30 ]; then
2167+ initrd_cnt=30
2168+ fi
2169+ echo ${initrd_cnt} > "${CRYPTR_CNT_FILE}"
2170+ fi
2171
2172 # The same target can be specified multiple times
2173 # e.g. root and resume lvs-on-lvm-on-crypto
2174@@ -86,17 +112,23 @@ setup_mapping() {
2175 crypttab_parse_options --export --missing-path=fail || return 1
2176
2177 if ! wait_for_source; then
2178- # we've given up
2179- if [ -n "$panic" ]; then
2180- panic "ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME."
2181- else
2182- # let the user fix matters if they can
2183- echo " ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME."
2184- echo " Check cryptopts=source= bootarg: cat /proc/cmdline"
2185- echo " or missing modules, devices: cat /proc/modules; ls /dev"
2186- panic "Dropping to a shell."
2187- fi
2188- return 1 # can't continue because environment is lost
2189+ if [ ${initrd_cnt} -le 0 ]; then
2190+ # we've given up
2191+ if [ -n "$panic" ]; then
2192+ panic "ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME."
2193+ else
2194+ # let the user fix matters if they can
2195+ echo " ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME."
2196+ echo " Check cryptopts=source= bootarg: cat /proc/cmdline"
2197+ echo " or missing modules, devices: cat /proc/modules; ls /dev"
2198+ panic "Dropping to a shell."
2199+ fi
2200+ return 1 # can't continue because environment is lost
2201+ else
2202+ initrd_cnt=$((initrd_cnt - 1))
2203+ echo ${initrd_cnt} > "${CRYPTR_CNT_FILE}"
2204+ return 0 # allow some attempts on local-block stage
2205+ fi
2206 fi
2207
2208 # our `cryptroot-unlock` script searches for cryptsetup processes
2209@@ -169,6 +201,10 @@ setup_mapping() {
2210 done
2211
2212 cryptsetup_message "ERROR: $CRYPTTAB_NAME: maximum number of tries exceeded"
2213+
2214+ if [ -f "${CRYPTR_CNT_FILE}" ]; then
2215+ echo 0 > "${CRYPTR_CNT_FILE}"
2216+ fi
2217 exit 1
2218 }
2219
2220diff --git a/debian/patches/decrease_memlock_ulimit.patch b/debian/patches/decrease_memlock_ulimit.patch
2221new file mode 100644
2222index 0000000..be9b6ab
2223--- /dev/null
2224+++ b/debian/patches/decrease_memlock_ulimit.patch
2225@@ -0,0 +1,55 @@
2226+Description: Decrease memlock limit to mimic Xenial builder behavior.
2227+ This approach prevents cryptsetup to FTBFS, since the PPA builders were
2228+ upgraded to Bionic, which has a bigger memlock limit (but not enough).
2229+ With this quirk, cryptsetup won't mlock() its memory allocationss, hence
2230+ it behaves exactly as the Xenial builders. Meanwhile, we pursue the
2231+ proper fix (systemd patch to bump memlock to a higher limit on Bionic).
2232+Author: Guilherme G. Piccoli <gpiccoli@canonical.com>
2233+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1891473
2234+Last-Update: 2020-09-09
2235+
2236+Index: cryptsetup-2.3.3/tests/compat-test
2237+===================================================================
2238+--- cryptsetup-2.3.3.orig/tests/compat-test
2239++++ cryptsetup-2.3.3/tests/compat-test
2240+@@ -45,6 +45,10 @@ TEST_UUID="12345678-1234-1234-1234-12345
2241+ LOOPDEV=$(losetup -f 2>/dev/null)
2242+ [ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
2243+
2244++# Circumvent test failure due to Bionic builder; we need to decrease
2245++# the memlock limit here to mimic Xenial builder (see LP #1891473).
2246++ulimit -l 0
2247++
2248+ function remove_mapping()
2249+ {
2250+ [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 >/dev/null 2>&1
2251+Index: cryptsetup-2.3.3/tests/luks2-validation-test
2252+===================================================================
2253+--- cryptsetup-2.3.3.orig/tests/luks2-validation-test
2254++++ cryptsetup-2.3.3/tests/luks2-validation-test
2255+@@ -21,6 +21,10 @@ FAILS=0
2256+
2257+ [ -z "$srcdir" ] && srcdir="."
2258+
2259++# Circumvent test failure due to Bionic builder; we need to decrease
2260++# the memlock limit here to mimic Xenial builder (see LP #1891473).
2261++ulimit -l 0
2262++
2263+ function remove_mapping()
2264+ {
2265+ rm -rf $IMG $TST_IMGS >/dev/null 2>&1
2266+Index: cryptsetup-2.3.3/tests/tcrypt-compat-test
2267+===================================================================
2268+--- cryptsetup-2.3.3.orig/tests/tcrypt-compat-test
2269++++ cryptsetup-2.3.3/tests/tcrypt-compat-test
2270+@@ -13,6 +13,10 @@ PIM=1234
2271+
2272+ [ -z "$srcdir" ] && srcdir="."
2273+
2274++# Circumvent test failure due to Bionic builder; we need to decrease
2275++# the memlock limit here to mimic Xenial builder (see LP #1891473).
2276++ulimit -l 0
2277++
2278+ function remove_mapping()
2279+ {
2280+ [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
2281diff --git a/debian/patches/series b/debian/patches/series
2282new file mode 100644
2283index 0000000..270d874
2284--- /dev/null
2285+++ b/debian/patches/series
2286@@ -0,0 +1 @@
2287+decrease_memlock_ulimit.patch

Subscribers

People subscribed via source and target branches