Merge ~mwhudson/ubuntu/+source/cryptsetup:merge into ubuntu/+source/cryptsetup:debian/sid

Proposed by Michael Hudson-Doyle
Status: Needs review
Proposed branch: ~mwhudson/ubuntu/+source/cryptsetup:merge
Merge into: ubuntu/+source/cryptsetup:debian/sid
Diff against target: 2287 lines (+1775/-33)
11 files modified
debian/changelog (+1603/-0)
debian/control (+4/-3)
debian/cryptsetup-initramfs.install (+1/-0)
debian/functions (+11/-1)
debian/initramfs/cryptroot-unlock (+12/-6)
debian/initramfs/hooks/cryptroot (+5/-3)
debian/initramfs/scripts/local-block/cryptroot (+4/-0)
debian/initramfs/scripts/local-bottom/cryptroot (+23/-0)
debian/initramfs/scripts/local-top/cryptroot (+56/-20)
debian/patches/decrease_memlock_ulimit.patch (+55/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Guilherme G. Piccoli (community) Approve
git-ubuntu developers Pending
Review via email: mp+393521@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

diff of debian dir against current ubuntu is https://paste.ubuntu.com/p/QXFm3Q8SBt/

Revision history for this message
Guilherme G. Piccoli (gpiccoli) wrote :

Thanks Michael, I've reviewed the MD/retry logic and the FTBFS fix, it's all fine / correctly backported!

Cheers,

Guilherme

review: Approve

Unmerged commits

730d330... by Michael Hudson-Doyle

update-maintainer

540f02c... by Michael Hudson-Doyle

reconstruct-changelog

434ed6d... by Michael Hudson-Doyle

merge-changelogs

71abcb1... by Michael Hudson-Doyle

      - debian/rules:
        - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
          without systemd knows how to ship cryptsetup.conf

5adf727... by Michael Hudson-Doyle

    - included in Debian:
      - debian/cryptsetup-bin.install:
        - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
          it was installed from ./scripts/crypsetup.conf.

df18e43... by Michael Hudson-Doyle

  * Dropped changes:
    - Included in new upstream version:
      - SECURITY UPDATE: Out-of-bounds write
        - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
          heap space in lib/luks2/luks2_json_metadata.c.
        - CVE-2020-14382

f307b13... by Michael Hudson-Doyle

    - Introduce retry logic for external invocations after mdadm (LP: #1879980)
      - Currently, if an encrypted rootfs is configured on top of a MD RAID1
        array and such array gets degraded (e.g., a member is removed/failed)
        the cryptsetup scripts cannot mount the rootfs, and the boot fails.
        We fix that issue here by allowing the cryptroot script to be re-run
        by initramfs-tools/local-block stage, as mdadm can activate degraded
        arrays at that stage.
        There is an initramfs-tools counter-part for this fix, but alone the
        cryptsetup portion is harmless.
      - d/cryptsetup-initramfs.install: ship the new local-bottom script.
      - d/functions: declare variables for local-top|block|bottom scripts
        (flag that local-block is running and external invocation counter.)
      - d/i/s/local-block/cryptroot: set flag that local-block is running.
      - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
      - d/i/s/local-top/cryptroot: change the logic from just waiting 180
        seconds to waiting 5 seconds first, then allowing initramfs-tools
        to run mdadm (to activate degraded arrays) and call back at least
        30 times/seconds more.

951dc07... by Michael Hudson-Doyle

    - debian/patches/decrease_memlock_ulimit.patch
      Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
      tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
      - Thanks Guilherme G. Piccoli.

8a58330... by Michael Hudson-Doyle

    - Fix warning and error when running on ZFS on root: (LP: #1830110)
      - d/functions: Return an empty devno for ZFS devices as they don't have
        major:minor device numbers.
      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
        devices don't have a devno.
      Submitted to debian upstream as bug #902449.

3adacbd... by Michael Hudson-Doyle

    - Fix cryptroot-unlock for busybox compatibility.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 96d015b..0a4dfba 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,54 @@
1cryptsetup (2:2.3.4-1ubuntu1) hirsute; urgency=medium
2
3 * Merge with Debian unstable. Remaining changes:
4 - debian/control:
5 + Recommend plymouth.
6 + Depend on busybox-initramfs instead of busybox | busybox-static.
7 - Fix cryptroot-unlock for busybox compatibility.
8 - Fix warning and error when running on ZFS on root: (LP #1830110)
9 - d/functions: Return an empty devno for ZFS devices as they don't have
10 major:minor device numbers.
11 - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
12 devices don't have a devno.
13 Submitted to debian upstream as bug #902449.
14 - debian/patches/decrease_memlock_ulimit.patch
15 Fixed FTBFS due a restrict environment in the new Bionic Builder (LP #1891473)
16 tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
17 - Thanks Guilherme G. Piccoli.
18 - Introduce retry logic for external invocations after mdadm (LP #1879980)
19 - Currently, if an encrypted rootfs is configured on top of a MD RAID1
20 array and such array gets degraded (e.g., a member is removed/failed)
21 the cryptsetup scripts cannot mount the rootfs, and the boot fails.
22 We fix that issue here by allowing the cryptroot script to be re-run
23 by initramfs-tools/local-block stage, as mdadm can activate degraded
24 arrays at that stage.
25 There is an initramfs-tools counter-part for this fix, but alone the
26 cryptsetup portion is harmless.
27 - d/cryptsetup-initramfs.install: ship the new local-bottom script.
28 - d/functions: declare variables for local-top|block|bottom scripts
29 (flag that local-block is running and external invocation counter.)
30 - d/i/s/local-block/cryptroot: set flag that local-block is running.
31 - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
32 - d/i/s/local-top/cryptroot: change the logic from just waiting 180
33 seconds to waiting 5 seconds first, then allowing initramfs-tools
34 to run mdadm (to activate degraded arrays) and call back at least
35 30 times/seconds more.
36 * Dropped changes:
37 - Included in new upstream version:
38 - SECURITY UPDATE: Out-of-bounds write
39 - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
40 heap space in lib/luks2/luks2_json_metadata.c.
41 - CVE-2020-14382
42 - included in Debian:
43 - debian/cryptsetup-bin.install:
44 - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
45 it was installed from ./scripts/crypsetup.conf.
46 - debian/rules:
47 - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
48 without systemd knows how to ship cryptsetup.conf
49
50 -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 10 Nov 2020 10:37:25 +1300
51
1cryptsetup (2:2.3.4-1) unstable; urgency=high52cryptsetup (2:2.3.4-1) unstable; urgency=high
253
3 * New upstream bugfix release, including fix for CVE-2020-14382:54 * New upstream bugfix release, including fix for CVE-2020-14382:
@@ -21,6 +72,80 @@ cryptsetup (2:2.3.3-2) unstable; urgency=medium
2172
22 -- Guilhem Moulin <guilhem@debian.org> Wed, 12 Aug 2020 00:22:59 +020073 -- Guilhem Moulin <guilhem@debian.org> Wed, 12 Aug 2020 00:22:59 +0200
2374
75cryptsetup (2:2.3.3-1ubuntu6) groovy; urgency=medium
76
77 * Introduce retry logic for external invocations after mdadm (LP: #1879980)
78 - Currently, if an encrypted rootfs is configured on top of a MD RAID1
79 array and such array gets degraded (e.g., a member is removed/failed)
80 the cryptsetup scripts cannot mount the rootfs, and the boot fails.
81 We fix that issue here by allowing the cryptroot script to be re-run
82 by initramfs-tools/local-block stage, as mdadm can activate degraded
83 arrays at that stage.
84 There is an initramfs-tools counter-part for this fix, but alone the
85 cryptsetup portion is harmless.
86 - d/cryptsetup-initramfs.install: ship the new local-bottom script.
87 - d/functions: declare variables for local-top|block|bottom scripts
88 (flag that local-block is running and external invocation counter.)
89 - d/i/s/local-block/cryptroot: set flag that local-block is running.
90 - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
91 - d/i/s/local-top/cryptroot: change the logic from just waiting 180
92 seconds to waiting 5 seconds first, then allowing initramfs-tools
93 to run mdadm (to activate degraded arrays) and call back at least
94 30 times/seconds more.
95
96 -- Guilherme G. Piccoli <gpiccoli@canonical.com> Wed, 16 Sep 2020 17:35:59 -0300
97
98cryptsetup (2:2.3.3-1ubuntu5) groovy; urgency=medium
99
100 * SECURITY UPDATE: Out-of-bounds write
101 - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
102 heap space in lib/luks2/luks2_json_metadata.c.
103 - CVE-2020-14382
104 * debian/patches/decrease_memlock_ulimit.patch
105 Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
106 tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
107 - Thanks Guilherme G. Piccoli.
108
109 -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Wed, 09 Sep 2020 09:29:17 -0300
110
111cryptsetup (2:2.3.3-1ubuntu4) groovy; urgency=medium
112
113 * No change rebuild against new json-c ABI.
114
115 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 28 Jul 2020 17:42:50 +0100
116
117cryptsetup (2:2.3.3-1ubuntu3) groovy; urgency=medium
118
119 * debian/rules:
120 - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
121 without systemd knows how to ship cryptsetup.conf
122
123 -- Didier Roche <didrocks@ubuntu.com> Thu, 18 Jun 2020 11:44:50 +0200
124
125cryptsetup (2:2.3.3-1ubuntu2) groovy; urgency=medium
126
127 * debian/cryptsetup-bin.install:
128 - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
129 it was installed from ./scripts/crypsetup.conf.
130 * Fix warning and error when running on ZFS on root: (LP: #1830110)
131 - d/functions: Return an empty devno for ZFS devices as they don't have
132 major:minor device numbers.
133 - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
134 devices don't have a devno.
135 Submitted to debian upstream as bug #902449.
136
137 -- Didier Roche <didrocks@ubuntu.com> Thu, 18 Jun 2020 10:12:10 +0200
138
139cryptsetup (2:2.3.3-1ubuntu1) groovy; urgency=low
140
141 * Merge from Debian unstable. Remaining changes:
142 - debian/control:
143 + Recommend plymouth.
144 + Depend on busybox-initramfs instead of busybox | busybox-static.
145 - Fix cryptroot-unlock for busybox compatibility.
146
147 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 09 Jun 2020 10:40:32 -0700
148
24cryptsetup (2:2.3.3-1) unstable; urgency=medium149cryptsetup (2:2.3.3-1) unstable; urgency=medium
25150
26 [ Guilhem Moulin ]151 [ Guilhem Moulin ]
@@ -49,6 +174,16 @@ cryptsetup (2:2.3.2-1) unstable; urgency=medium
49174
50 -- Guilhem Moulin <guilhem@debian.org> Wed, 06 May 2020 16:22:01 +0200175 -- Guilhem Moulin <guilhem@debian.org> Wed, 06 May 2020 16:22:01 +0200
51176
177cryptsetup (2:2.3.1-1ubuntu1) groovy; urgency=low
178
179 * Merge from Debian unstable. Remaining changes:
180 - debian/control:
181 + Recommend plymouth.
182 + Depend on busybox-initramfs instead of busybox | busybox-static.
183 - Fix cryptroot-unlock for busybox compatibility.
184
185 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 01 May 2020 07:07:58 -0700
186
52cryptsetup (2:2.3.1-1) unstable; urgency=medium187cryptsetup (2:2.3.1-1) unstable; urgency=medium
53188
54 * New upstream release.189 * New upstream release.
@@ -84,6 +219,23 @@ cryptsetup (2:2.3.0-1) unstable; urgency=low
84219
85 -- Guilhem Moulin <guilhem@debian.org> Wed, 04 Mar 2020 00:48:19 +0100220 -- Guilhem Moulin <guilhem@debian.org> Wed, 04 Mar 2020 00:48:19 +0100
86221
222cryptsetup (2:2.2.2-3ubuntu2) focal; urgency=medium
223
224 * Depend on cryptsetup from cryptsetup-initramfs instead of the dummy
225 cryptsetup-run package. LP: #1864360.
226
227 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 27 Feb 2020 00:16:14 -0600
228
229cryptsetup (2:2.2.2-3ubuntu1) focal; urgency=medium
230
231 * Merge from Debian unstable. Remaining changes:
232 - debian/control:
233 + Recommend plymouth.
234 + Depend on busybox-initramfs instead of busybox | busybox-static.
235 - Fix cryptroot-unlock for busybox compatibility.
236
237 -- Matthias Klose <doko@ubuntu.com> Mon, 10 Feb 2020 09:20:12 +0100
238
87cryptsetup (2:2.2.2-3) unstable; urgency=high239cryptsetup (2:2.2.2-3) unstable; urgency=high
88240
89 * initramfs hook: Workaround fix for the libgcc_s's source location.241 * initramfs hook: Workaround fix for the libgcc_s's source location.
@@ -92,6 +244,16 @@ cryptsetup (2:2.2.2-3) unstable; urgency=high
92244
93 -- Guilhem Moulin <guilhem@debian.org> Tue, 04 Feb 2020 14:11:12 +0100245 -- Guilhem Moulin <guilhem@debian.org> Tue, 04 Feb 2020 14:11:12 +0100
94246
247cryptsetup (2:2.2.2-2ubuntu1) focal; urgency=low
248
249 * Merge from Debian unstable. Remaining changes:
250 - debian/control:
251 + Recommend plymouth.
252 + Depend on busybox-initramfs instead of busybox | busybox-static.
253 - Fix cryptroot-unlock for busybox compatibility.
254
255 -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 01 Feb 2020 22:11:22 -0800
256
95cryptsetup (2:2.2.2-2) unstable; urgency=medium257cryptsetup (2:2.2.2-2) unstable; urgency=medium
96258
97 [ Guilhem Moulin ]259 [ Guilhem Moulin ]
@@ -109,6 +271,16 @@ cryptsetup (2:2.2.2-2) unstable; urgency=medium
109271
110 -- Guilhem Moulin <guilhem@debian.org> Sat, 18 Jan 2020 20:53:19 +0100272 -- Guilhem Moulin <guilhem@debian.org> Sat, 18 Jan 2020 20:53:19 +0100
111273
274cryptsetup (2:2.2.2-1ubuntu1) focal; urgency=low
275
276 * Merge from Debian unstable. Remaining changes:
277 - debian/control:
278 + Recommend plymouth.
279 + Depend on busybox-initramfs instead of busybox | busybox-static.
280 - Fix cryptroot-unlock for busybox compatibility.
281
282 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 11 Nov 2019 22:07:44 -0800
283
112cryptsetup (2:2.2.2-1) unstable; urgency=medium284cryptsetup (2:2.2.2-1) unstable; urgency=medium
113285
114 * New upstream bugfix release.286 * New upstream bugfix release.
@@ -119,6 +291,16 @@ cryptsetup (2:2.2.2-1) unstable; urgency=medium
119291
120 -- Guilhem Moulin <guilhem@debian.org> Fri, 01 Nov 2019 19:32:36 +0100292 -- Guilhem Moulin <guilhem@debian.org> Fri, 01 Nov 2019 19:32:36 +0100
121293
294cryptsetup (2:2.2.1-1ubuntu1) focal; urgency=low
295
296 * Merge from Debian unstable. Remaining changes:
297 - debian/control:
298 + Recommend plymouth.
299 + Depend on busybox-initramfs instead of busybox | busybox-static.
300 - Fix cryptroot-unlock for busybox compatibility.
301
302 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 18 Oct 2019 15:14:29 -0700
303
122cryptsetup (2:2.2.1-1) unstable; urgency=medium304cryptsetup (2:2.2.1-1) unstable; urgency=medium
123305
124 * New upstream bugfix release.306 * New upstream bugfix release.
@@ -126,6 +308,16 @@ cryptsetup (2:2.2.1-1) unstable; urgency=medium
126308
127 -- Guilhem Moulin <guilhem@debian.org> Fri, 06 Sep 2019 13:28:55 +0200309 -- Guilhem Moulin <guilhem@debian.org> Fri, 06 Sep 2019 13:28:55 +0200
128310
311cryptsetup (2:2.2.0-3ubuntu1) eoan; urgency=low
312
313 * Merge from Debian unstable. Remaining changes:
314 - debian/control:
315 + Recommend plymouth.
316 + Depend on busybox-initramfs instead of busybox | busybox-static.
317 - Fix cryptroot-unlock for busybox compatibility.
318
319 -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 28 Aug 2019 16:13:22 -0700
320
129cryptsetup (2:2.2.0-3) unstable; urgency=medium321cryptsetup (2:2.2.0-3) unstable; urgency=medium
130322
131 * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on323 * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on
@@ -133,6 +325,16 @@ cryptsetup (2:2.2.0-3) unstable; urgency=medium
133325
134 -- Guilhem Moulin <guilhem@debian.org> Mon, 26 Aug 2019 12:53:45 +0200326 -- Guilhem Moulin <guilhem@debian.org> Mon, 26 Aug 2019 12:53:45 +0200
135327
328cryptsetup (2:2.2.0-2ubuntu1) eoan; urgency=low
329
330 * Merge from Debian unstable. Remaining changes:
331 - debian/control:
332 + Recommend plymouth.
333 + Depend on busybox-initramfs instead of busybox | busybox-static.
334 - Fix cryptroot-unlock for busybox compatibility.
335
336 -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Aug 2019 12:25:55 -0700
337
136cryptsetup (2:2.2.0-2) unstable; urgency=medium338cryptsetup (2:2.2.0-2) unstable; urgency=medium
137339
138 * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy340 * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy
@@ -144,6 +346,25 @@ cryptsetup (2:2.2.0-2) unstable; urgency=medium
144346
145 -- Guilhem Moulin <guilhem@debian.org> Wed, 21 Aug 2019 22:45:12 +0200347 -- Guilhem Moulin <guilhem@debian.org> Wed, 21 Aug 2019 22:45:12 +0200
146348
349cryptsetup (2:2.2.0-1ubuntu2) eoan; urgency=medium
350
351 * debian/initramfs/cryptroot-unlock: canonicalize executable paths.
352 Thanks to Paride Legovini <paride.legovini@canonical.com> for the patch.
353 LP: #1840752.
354
355 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 20 Aug 2019 15:34:10 -0700
356
357cryptsetup (2:2.2.0-1ubuntu1) eoan; urgency=low
358
359 * Merge from Debian unstable. Remaining changes:
360 - debian/control:
361 + Recommend plymouth.
362 + Depend on busybox-initramfs instead of busybox | busybox-static.
363 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
364 compatibility.
365
366 -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 20 Aug 2019 14:21:34 +0200
367
147cryptsetup (2:2.2.0-1) unstable; urgency=medium368cryptsetup (2:2.2.0-1) unstable; urgency=medium
148369
149 * New upstream release 2.2.0. Highlights include:370 * New upstream release 2.2.0. Highlights include:
@@ -221,6 +442,23 @@ cryptsetup (2:2.1.0-6) unstable; urgency=low
221442
222 -- Guilhem Moulin <guilhem@debian.org> Sat, 20 Jul 2019 22:15:04 -0300443 -- Guilhem Moulin <guilhem@debian.org> Sat, 20 Jul 2019 22:15:04 -0300
223444
445cryptsetup (2:2.1.0-5ubuntu2) eoan; urgency=medium
446
447 * Rebuild against new libjson-c4.
448
449 -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 29 Jun 2019 13:48:37 +0200
450
451cryptsetup (2:2.1.0-5ubuntu1) eoan; urgency=low
452
453 * Merge from Debian unstable. Remaining changes:
454 - debian/control:
455 + Recommend plymouth.
456 + Depend on busybox-initramfs instead of busybox | busybox-static.
457 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
458 compatibility.
459
460 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 14 Jun 2019 14:09:31 -0700
461
224cryptsetup (2:2.1.0-5) unstable; urgency=medium462cryptsetup (2:2.1.0-5) unstable; urgency=medium
225463
226 [ Jonas Meurer ]464 [ Jonas Meurer ]
@@ -233,6 +471,17 @@ cryptsetup (2:2.1.0-5) unstable; urgency=medium
233471
234 -- Guilhem Moulin <guilhem@debian.org> Mon, 10 Jun 2019 14:51:15 +0200472 -- Guilhem Moulin <guilhem@debian.org> Mon, 10 Jun 2019 14:51:15 +0200
235473
474cryptsetup (2:2.1.0-4ubuntu1) eoan; urgency=low
475
476 * Merge from Debian unstable. Remaining changes:
477 - debian/control:
478 + Recommend plymouth.
479 + Depend on busybox-initramfs instead of busybox | busybox-static.
480 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
481 compatibility.
482
483 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 28 May 2019 18:32:08 -0700
484
236cryptsetup (2:2.1.0-4) unstable; urgency=medium485cryptsetup (2:2.1.0-4) unstable; urgency=medium
237486
238 [Guilhem Moulin]487 [Guilhem Moulin]
@@ -252,6 +501,26 @@ cryptsetup (2:2.1.0-4) unstable; urgency=medium
252501
253 -- Guilhem Moulin <guilhem@debian.org> Tue, 28 May 2019 17:04:16 +0200502 -- Guilhem Moulin <guilhem@debian.org> Tue, 28 May 2019 17:04:16 +0200
254503
504cryptsetup (2:2.1.0-3ubuntu2) eoan; urgency=medium
505
506 * Depend on busybox-initramfs, which is the implementation we actually use
507 for the initramfs and is guaranteed to always be present, instead of
508 busybox-static.
509
510 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 09 May 2019 14:47:04 -0700
511
512cryptsetup (2:2.1.0-3ubuntu1) eoan; urgency=low
513
514 * Merge from Debian unstable. Remaining changes:
515 - debian/control:
516 + Recommend plymouth.
517 + Invert the "busybox | busybox-static" Recommends, as the latter
518 is the one we ship in main as part of the ubuntu-standard task.
519 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
520 compatibility. LP: #1651818
521
522 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 03 May 2019 16:22:03 -0700
523
255cryptsetup (2:2.1.0-3) unstable; urgency=medium524cryptsetup (2:2.1.0-3) unstable; urgency=medium
256525
257 * d/scripts/decrypt_opensc: Fix standard output poisoning. Thanks to Nils526 * d/scripts/decrypt_opensc: Fix standard output poisoning. Thanks to Nils
@@ -275,6 +544,19 @@ cryptsetup (2:2.1.0-2) unstable; urgency=medium
275544
276 -- Guilhem Moulin <guilhem@debian.org> Thu, 28 Feb 2019 22:32:43 +0100545 -- Guilhem Moulin <guilhem@debian.org> Thu, 28 Feb 2019 22:32:43 +0100
277546
547cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium
548
549 * Merge from Debian unstable. LP: #1815484
550 * Remaining changes:
551 - debian/control:
552 + Recommend plymouth.
553 + Invert the "busybox | busybox-static" Recommends, as the latter
554 is the one we ship in main as part of the ubuntu-standard task.
555 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
556 compatibility. LP: #1651818
557
558 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 13 Feb 2019 21:28:23 +0000
559
278cryptsetup (2:2.1.0-1) unstable; urgency=medium560cryptsetup (2:2.1.0-1) unstable; urgency=medium
279561
280 * New upstream release. Highlights include:562 * New upstream release. Highlights include:
@@ -317,6 +599,20 @@ cryptsetup (2:2.1.0-1) unstable; urgency=medium
317599
318 -- Guilhem Moulin <guilhem@debian.org> Sat, 09 Feb 2019 00:40:17 +0100600 -- Guilhem Moulin <guilhem@debian.org> Sat, 09 Feb 2019 00:40:17 +0100
319601
602cryptsetup (2:2.0.6-1ubuntu1) disco; urgency=medium
603
604 * Merge from Debian unstable.
605 * Remaining changes:
606 - debian/control:
607 + Recommend plymouth.
608 + Invert the "busybox | busybox-static" Recommends, as the latter
609 is the one we ship in main as part of the ubuntu-standard task.
610 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
611 compatibility. LP: #1651818
612 * Dropped delta sector_size support, merged in Debian.
613
614 -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 05 Feb 2019 13:43:25 +0000
615
320cryptsetup (2:2.0.6-1) unstable; urgency=medium616cryptsetup (2:2.0.6-1) unstable; urgency=medium
321617
322 * New upstream bugfix release. Highlights include:618 * New upstream bugfix release. Highlights include:
@@ -381,6 +677,27 @@ cryptsetup (2:2.0.4-3) unstable; urgency=medium
381677
382 -- Guilhem Moulin <guilhem@debian.org> Mon, 22 Oct 2018 17:45:35 +0200678 -- Guilhem Moulin <guilhem@debian.org> Mon, 22 Oct 2018 17:45:35 +0200
383679
680cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium
681
682 * Implement support for --sector-size cryptsetup plain mode option in
683 crypttab. Matching support is also proposed to systemd-cryptsetup as
684 well. LP: #1776626
685
686 -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 31 Aug 2018 17:00:07 +0100
687
688cryptsetup (2:2.0.4-2ubuntu1) cosmic; urgency=low
689
690 * Merge from Debian unstable. LP: #1785610.
691 * Remaining changes:
692 - debian/control:
693 + Recommend plymouth.
694 + Invert the "busybox | busybox-static" Recommends, as the latter
695 is the one we ship in main as part of the ubuntu-standard task.
696 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
697 compatibility. LP: #1651818
698
699 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 22 Aug 2018 22:51:47 +0100
700
384cryptsetup (2:2.0.4-2) unstable; urgency=medium701cryptsetup (2:2.0.4-2) unstable; urgency=medium
385702
386 * debian/cryptsetup-initramfs.preinst: Don't try to overwrite703 * debian/cryptsetup-initramfs.preinst: Don't try to overwrite
@@ -413,6 +730,28 @@ cryptsetup (2:2.0.3-7) unstable; urgency=medium
413730
414 -- Guilhem Moulin <guilhem@debian.org> Mon, 30 Jul 2018 16:32:07 +0800731 -- Guilhem Moulin <guilhem@debian.org> Mon, 30 Jul 2018 16:32:07 +0800
415732
733cryptsetup (2:2.0.3-6ubuntu1) cosmic; urgency=low
734
735 * Merge from Debian unstable. LP: #1781912.
736 * Remaining changes:
737 - debian/control:
738 + Recommend plymouth.
739 + Invert the "busybox | busybox-static" Recommends, as the latter
740 is the one we ship in main as part of the ubuntu-standard task.
741 - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
742 compatibility. LP: #1651818
743 * Dropped changes, included in Debian:
744 - Drop explicit libgcrypt20 dependency from libcryptsetup4.
745 - Drop the CRYPTSETUP variable warning from the initramfs hook, as
746 overlayroot package ships a dropin in conf-hooks.d triggering false
747 warnings.
748 - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
749 - Drop c99 std, as the default is now higher than that
750 * Dropped changes, no longer needed:
751 - Add maintscript to drop removed upstart system jobs.
752
753 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 16 Jul 2018 08:27:58 -0400
754
416cryptsetup (2:2.0.3-6) unstable; urgency=medium755cryptsetup (2:2.0.3-6) unstable; urgency=medium
417756
418 * debian/TODO.md: Remove mention of parent device detection for mdadm757 * debian/TODO.md: Remove mention of parent device detection for mdadm
@@ -697,6 +1036,45 @@ cryptsetup (2:2.0.3-1) unstable; urgency=medium
6971036
698 -- Jonas Meurer <jonas@freesources.org> Fri, 15 Jun 2018 15:32:16 +02001037 -- Jonas Meurer <jonas@freesources.org> Fri, 15 Jun 2018 15:32:16 +0200
6991038
1039cryptsetup (2:2.0.2-1ubuntu3) cosmic; urgency=medium
1040
1041 * No-change rebuild against libargon2-1
1042
1043 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 10 Jul 2018 17:01:23 +0000
1044
1045cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium
1046
1047 * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
1048 compatibility. LP: #1651818
1049
1050 -- Dimitri John Ledkov 🌈 <xnox@ubuntu.com> Thu, 21 Jun 2018 16:38:31 +0100
1051
1052cryptsetup (2:2.0.2-1ubuntu1) bionic; urgency=low
1053
1054 * Merge from Debian unstable.
1055 - bugfix upstream release, which solves problems with luks2 format
1056 disks not unlocking. LP: #1755322.
1057 * Remaining changes:
1058 - debian/control:
1059 + Depend on plymouth.
1060 + Invert the "busybox | busybox-static" Recommends, as the latter
1061 is the one we ship in main as part of the ubuntu-standard task.
1062 + Drop explicit libgcrypt20 dependency from libcryptsetup4.
1063 - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
1064 - Drop c99 std, as the default is now higher than that
1065 - Drop upstart system jobs.
1066 - Add maintscript to drop removed upstart system jobs.
1067 - debian has its own now, but we have different version numbers.
1068 this delta can be dropped after 18.04 release.
1069 - Drop the CRYPTSETUP variable warning from the initramfs hook, as
1070 overlayroot package ships a dropin in conf-hooks.d triggering false
1071 warnings.
1072 * Dropped changes:
1073 - debian/cryptdisks{,-udev}.maintscript: drop, there is no package named
1074 'cryptdisks' or 'cryptdisks-udev'.
1075
1076 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 06 Apr 2018 10:23:53 -0700
1077
700cryptsetup (2:2.0.2-1) unstable; urgency=low1078cryptsetup (2:2.0.2-1) unstable; urgency=low
7011079
702 * New upstream release 2.0.21080 * New upstream release 2.0.2
@@ -726,6 +1104,40 @@ cryptsetup (2:2.0.1-1) unstable; urgency=low
7261104
727 -- Guilhem Moulin <guilhem@debian.org> Sun, 11 Feb 2018 00:02:05 +01001105 -- Guilhem Moulin <guilhem@debian.org> Sun, 11 Feb 2018 00:02:05 +0100
7281106
1107cryptsetup (2:2.0.1-0ubuntu2) bionic; urgency=medium
1108
1109 * Drop the CRYPTSETUP variable warning from the initramfs hook, as
1110 overlayroot package ships a dropin in conf-hooks.d triggering false
1111 warnings.
1112
1113 -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 22 Feb 2018 14:49:16 +0000
1114
1115cryptsetup (2:2.0.1-0ubuntu1) bionic; urgency=medium
1116
1117 * Merge from Debian unstable. Remaining changes:
1118 - debian/control:
1119 + Depend on plymouth.
1120 + Invert the "busybox | busybox-static" Recommends, as the latter
1121 is the one we ship in main as part of the ubuntu-standard task.
1122 + Drop explicit libgcrypt20 dependency from libcryptsetup4.
1123 - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
1124 - Drop c99 std, as the default is now higher than that
1125 - Drop upstart system jobs.
1126 - Add maintscript to drop removed upstart system jobs.
1127 - debian has its own now, but we have different version numbers
1128 * New upstream release
1129 * Cherry-pick Guilhem Moulin's changes below from Debian git
1130
1131 [ Guilhem Moulin ]
1132 * New upstream release 2.0.1:
1133 - Use /run/cryptsetup as default for cryptsetup locking dir.
1134 - Add missing symbols for new functions to debian/libcryptsetup12.symbols.
1135 * debian/copyright: update copyright years.
1136 * debian/patches: backport upstream's 8728ba08 to fix opening of loop-AES
1137 devices using --key-file=-. (Closes: #888162.)
1138
1139 -- Julian Andres Klode <juliank@ubuntu.com> Mon, 29 Jan 2018 13:48:55 +0100
1140
729cryptsetup (2:2.0.0-1) unstable; urgency=low1141cryptsetup (2:2.0.0-1) unstable; urgency=low
7301142
731 [ Guilhem Moulin ]1143 [ Guilhem Moulin ]
@@ -775,6 +1187,26 @@ cryptsetup (2:2.0.0~rc0-1) experimental; urgency=low
7751187
776 -- Guilhem Moulin <guilhem@debian.org> Tue, 03 Oct 2017 03:37:36 +02001188 -- Guilhem Moulin <guilhem@debian.org> Tue, 03 Oct 2017 03:37:36 +0200
7771189
1190cryptsetup (2:1.7.5-1ubuntu1) bionic; urgency=low
1191
1192 * Merge from Debian unstable. Remaining changes:
1193 - debian/control:
1194 + Depend on plymouth.
1195 + Invert the "busybox | busybox-static" Recommends, as the latter
1196 is the one we ship in main as part of the ubuntu-standard task.
1197 + Drop explicit libgcrypt20 dependency from libcryptsetup4.
1198 - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
1199 - Drop c99 std, as the default is now higher than that
1200 - Drop upstart system jobs.
1201 - Add maintscript to drop removed upstart system jobs.
1202 * Merged upstream:
1203 - d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat
1204 with recent FIPS enabled kernels.
1205 * Merged in Debian:
1206 - Use DEB_VERSION from dpkg/default.mk for pod2man release variable
1207
1208 -- Julian Andres Klode <juliank@ubuntu.com> Wed, 17 Jan 2018 21:39:10 +0100
1209
778cryptsetup (2:1.7.5-1) unstable; urgency=low1210cryptsetup (2:1.7.5-1) unstable; urgency=low
7791211
780 * New upstream release 1.7.5.1212 * New upstream release 1.7.5.
@@ -797,6 +1229,25 @@ cryptsetup (2:1.7.5-1) unstable; urgency=low
7971229
798 -- Guilhem Moulin <guilhem@debian.org> Thu, 14 Sep 2017 13:00:23 +02001230 -- Guilhem Moulin <guilhem@debian.org> Thu, 14 Sep 2017 13:00:23 +0200
7991231
1232cryptsetup (2:1.7.3-4ubuntu1) artful; urgency=low
1233
1234 * New upstream release, merge from Debian unstable. Remaining
1235 Ubuntu changes:
1236 - debian/control:
1237 + Depend on plymouth.
1238 + Invert the "busybox | busybox-static" Recommends, as the latter
1239 is the one we ship in main as part of the ubuntu-standard task.
1240 + Drop explicit libgcrypt20 dependency from libcryptsetup4.
1241 * d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat
1242 with recent FIPS enabled kernels.
1243 * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
1244 * Drop c99 std, as the default is now higher than that
1245 * Use DEB_VERSION from dpkg/default.mk for pod2man release variable
1246 * Drop upstart system jobs.
1247 * Add maintscript to drop removed upstart system jobs.
1248
1249 -- Andy Whitcroft <apw@ubuntu.com> Thu, 10 Aug 2017 14:07:29 +0100
1250
800cryptsetup (2:1.7.3-4) unstable; urgency=high1251cryptsetup (2:1.7.3-4) unstable; urgency=high
8011252
802 [ Guilhem Moulin ]1253 [ Guilhem Moulin ]
@@ -1009,6 +1460,40 @@ cryptsetup (2:1.7.2-1) unstable; urgency=medium
10091460
1010 -- Jonas Meurer <mejo@debian.org> Wed, 05 Oct 2016 20:53:09 +02001461 -- Jonas Meurer <mejo@debian.org> Wed, 05 Oct 2016 20:53:09 +0200
10111462
1463cryptsetup (2:1.7.2-0ubuntu4) artful; urgency=medium
1464
1465 * Add maintscript to drop removed upstart system jobs.
1466
1467 -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 21 Aug 2017 11:36:04 +0100
1468
1469cryptsetup (2:1.7.2-0ubuntu3) artful; urgency=medium
1470
1471 * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCe
1472 * Drop c99 std, as the default is now higher than that
1473 * Use DEB_VERSION from dpkg/default.mk for pod2man release variable
1474
1475 -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 19 Aug 2017 21:46:19 +0100
1476
1477cryptsetup (2:1.7.2-0ubuntu2) artful; urgency=medium
1478
1479 * Drop upstart system jobs.
1480
1481 -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 19 Aug 2017 20:57:17 +0100
1482
1483cryptsetup (2:1.7.2-0ubuntu1) yakkety; urgency=medium
1484
1485 * New upstream release, merge from Debian unstable (LP: #1548137). Remaining
1486 Ubuntu changes:
1487 - debian/control:
1488 + Bump initramfs-tools Suggests to Depends: so system is not
1489 potentially rendered unbootable.
1490 + Depend on plymouth.
1491 + Invert the "busybox | busybox-static" Recommends, as the latter
1492 is the one we ship in main as part of the ubuntu-standard task.
1493 + Drop explicit libgcrypt20 dependency from libcryptsetup4.
1494
1495 -- Unit 193 <unit193@ubuntu.com> Wed, 22 Jun 2016 16:30:01 -0400
1496
1012cryptsetup (2:1.7.0-2) unstable; urgency=medium1497cryptsetup (2:1.7.0-2) unstable; urgency=medium
10131498
1014 [ Guilhem Moulin ]1499 [ Guilhem Moulin ]
@@ -1083,6 +1568,35 @@ cryptsetup (2:1.7.0-1) unstable; urgency=medium
10831568
1084 -- Jonas Meurer <mejo@debian.org> Thu, 07 Jan 2016 02:22:33 +01001569 -- Jonas Meurer <mejo@debian.org> Thu, 07 Jan 2016 02:22:33 +0100
10851570
1571cryptsetup (2:1.6.6-5ubuntu2) wily; urgency=medium
1572
1573 * Fix stupid typo in Recommends "busybox | busybox-static" inversion.
1574 Fixes binary moves for busybox into main.
1575
1576 -- Andy Whitcroft <apw@ubuntu.com> Fri, 21 Aug 2015 08:56:34 +0100
1577
1578cryptsetup (2:1.6.6-5ubuntu1) wily; urgency=low
1579
1580 * Merge from Debian unstable. Remaining changes:
1581 - debian/control:
1582 + Bump initramfs-tools Suggests to Depends: so system is not
1583 potentially rendered unbootable.
1584 + Depend on plymouth.
1585 + Invert the "busybox | busybox-static" Recommends, as the latter
1586 is the one we ship in main as part of the ubuntu-standard task.
1587 + Drop explicit libgcrypt11 dependency from libcryptsetup4.
1588 * Dropped changes, now in Debian:
1589 - Remove hardcoded paths to udevadm.
1590 - debian/initramfs/cryptroot-hook:
1591 + Do not unconditionally include cryptsetup utils in the initramfs.
1592 + Do not include any modules or utils in the initramfs, unless
1593 rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
1594 the initramfs.conf configuration file.
1595 - debian/cryptsetup.maintscripts:
1596 + Migrate upstart jobs to new names.
1597
1598 -- Andy Whitcroft <apw@ubuntu.com> Tue, 07 Jul 2015 16:58:45 +0100
1599
1086cryptsetup (2:1.6.6-5) unstable; urgency=high1600cryptsetup (2:1.6.6-5) unstable; urgency=high
10871601
1088 * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart1602 * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart
@@ -1235,6 +1749,71 @@ cryptsetup (2:1.6.4-1) unstable; urgency=low
12351749
1236 -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:14:55 +02001750 -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:14:55 +0200
12371751
1752cryptsetup (2:1.6.1-1ubuntu7) vivid; urgency=medium
1753
1754 * Drop explicit libgcrypt11 dependency from libcryptsetup4.
1755
1756 -- Adam Conrad <adconrad@ubuntu.com> Fri, 27 Mar 2015 18:24:38 -0600
1757
1758cryptsetup (2:1.6.1-1ubuntu6) vivid; urgency=medium
1759
1760 * No-change rebuild for the libgcrypt20 transition.
1761
1762 -- Adam Conrad <adconrad@ubuntu.com> Fri, 27 Mar 2015 06:16:08 -0600
1763
1764cryptsetup (2:1.6.1-1ubuntu5) vivid; urgency=medium
1765
1766 * ./debian/scripts/luksformat: Drop luksFormat -s and --ciper options. They
1767 aren't necessary any more, and aes-cbc-essiv:sha256 is obsolete. This will
1768 now use aes-xts-plain64 by default. (LP: #1414719)
1769
1770 -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 27 Feb 2015 09:37:05 +0100
1771
1772cryptsetup (2:1.6.1-1ubuntu4) vivid; urgency=medium
1773
1774 * No change rebuild to get debug symbols for all architectures.
1775
1776 -- Brian Murray <brian@ubuntu.com> Wed, 03 Dec 2014 08:03:31 -0800
1777
1778cryptsetup (2:1.6.1-1ubuntu3) utopic; urgency=high
1779
1780 * No change rebuild against new dh_installinit, to call update-rc.d at
1781 postinst.
1782
1783 -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:39:30 +0100
1784
1785cryptsetup (2:1.6.1-1ubuntu2) utopic; urgency=medium
1786
1787 * debian/askpass.c:
1788 - Fix bug (LP: #1301086) where askpass fails to restore terminal
1789 settings.
1790
1791 -- Robert Barabas <dc@0xdc.org> Fri, 18 Apr 2014 14:08:51 -0400
1792
1793cryptsetup (2:1.6.1-1ubuntu1) trusty; urgency=low
1794
1795 * Merge from debian unstable, remaining changes:
1796 - debian/control:
1797 + Bump initramfs-tools Suggests to Depends: so system is not
1798 potentially rendered unbootable.
1799 + Depend on plymouth.
1800
1801 - Invert the "busybox | busybox-static" Recommends, as the latter is
1802 the one we ship in main as part of the ubuntu-standard task.
1803
1804 - Remove hardcoded paths to udevadm (LP: #1184066).
1805
1806 - debian/initramfs/cryptroot-hook:
1807 + Do not unconditionally include cryptsetup utils in the initramfs.
1808 + Do not include any modules or utils in the initramfs, unless
1809 rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
1810 the initramfs.conf configuration file.
1811
1812 - debian/cryptsetup.maintscripts:
1813 + Migrate upstart jobs to new names.
1814
1815 -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Fri, 01 Nov 2013 16:48:57 +0000
1816
1238cryptsetup (2:1.6.1-1) unstable; urgency=low1817cryptsetup (2:1.6.1-1) unstable; urgency=low
12391818
1240 [ Milan Broz ]1819 [ Milan Broz ]
@@ -1276,6 +1855,50 @@ cryptsetup (2:1.6.1-1) unstable; urgency=low
12761855
1277 -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:10:41 +02001856 -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:10:41 +0200
12781857
1858cryptsetup (2:1.4.3-4ubuntu4) saucy; urgency=low
1859
1860 * debian/initramfs/cryptroot-hook:
1861 - Do not unconditionally include cryptsetup utils in the initramfs.
1862 - Do not include any modules or utils in the initramfs, unless
1863 rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
1864 the initramfs.conf configuration file.
1865
1866 -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Mon, 10 Jun 2013 16:25:46 +0100
1867
1868cryptsetup (2:1.4.3-4ubuntu3) saucy; urgency=low
1869
1870 * Remove hardcoded paths to udevadm (LP: #1184066).
1871
1872 -- Colin Watson <cjwatson@ubuntu.com> Tue, 28 May 2013 11:27:27 +0100
1873
1874cryptsetup (2:1.4.3-4ubuntu2) raring; urgency=low
1875
1876 * Invert the "busybox | busybox-static" Recommends, as the latter
1877 is the one we ship in main as part of the ubuntu-standard task.
1878
1879 -- Adam Conrad <adconrad@ubuntu.com> Fri, 16 Nov 2012 01:14:35 -0700
1880
1881cryptsetup (2:1.4.3-4ubuntu1) raring; urgency=low
1882
1883 * Merge from debian unstable, remaining changes:
1884 - debian/control:
1885 + Bump initramfs-tools Suggests to Depends: so system is not
1886 potentially rendered unbootable.
1887 + Depend on plymouth.
1888
1889 - init/upstart jobs:
1890 + Rename cryptddisks{,-early}.upstart jobs to
1891 cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
1892 for now.
1893 + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
1894 script a no-op, this should be handled entirely by the upstart job;
1895 and fix the LSB header to not declare this should be started in
1896 runlevel 'S'.
1897 + Do not install start symlinks for init scripts
1898 + NB! shutdown is still handled by the SystemV init scripts
1899
1900 -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Tue, 13 Nov 2012 11:17:57 +0000
1901
1279cryptsetup (2:1.4.3-4) unstable; urgency=medium1902cryptsetup (2:1.4.3-4) unstable; urgency=medium
12801903
1281 * change recommends for busybox to busybox | busybox-static. Thanks to1904 * change recommends for busybox to busybox | busybox-static. Thanks to
@@ -1308,6 +1931,50 @@ cryptsetup (2:1.4.3-3) unstable; urgency=medium
13081931
1309 -- Jonas Meurer <mejo@debian.org> Thu, 01 Nov 2012 15:34:09 +01001932 -- Jonas Meurer <mejo@debian.org> Thu, 01 Nov 2012 15:34:09 +0100
13101933
1934cryptsetup (2:1.4.3-2ubuntu1) quantal; urgency=low
1935
1936 * Merge from debian unstable (LP: #1015753), remaining changes:
1937 - debian/control:
1938 + Bump initramfs-tools Suggests to Depends: so system is not
1939 potentially rendered unbootable.
1940 + Depend on plymouth.
1941
1942 - init/upstart jobs:
1943 + Add debian/cryptdisks-{enable,udev}.upstart for bootup.
1944 + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
1945 script a no-op, this should be handled entirely by the upstart job;
1946 and fix the LSB header to not declare this should be started in
1947 runlevel 'S'.
1948 + Do not install start symlinks for init scripts
1949 + NB! shutdown is still handled by the SystemV init scripts
1950
1951 * Rename cryptddisks{,-early}.upstart jobs back to
1952 cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
1953 for now.
1954
1955 * Dropped Changes, included in Debian:
1956 - debian/control:
1957 + Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
1958
1959 - debian/cryptdisks.functions:
1960 + Do not overwrite existing filesystems when creating swap (LP: #474258).
1961 + Add aesni module when we have hardware encryption.
1962 + Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/874774
1963 + Suppress "Starting init crypto disks" message in "init" phase, to
1964 avoid writing over fsck progress text.
1965 + new function, crypttab_start_one_disk, to look for the named source
1966 device in /etc/crypttab (by device name, UUID, or label) and start it
1967 if configured to do so
1968 + handle the case where crypttab contains a name for the source
1969 device that is not the kernel's preferred name for it (as is the case
1970 for LVs).
1971
1972 - debian/initramfs/cryptroot-hook:
1973 + Quiet warnings from find on arches that don't have all the
1974 kernel/{arch,crypto} bits we're testing for.
1975
1976 -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Tue, 21 Aug 2012 11:57:28 +0100
1977
1311cryptsetup (2:1.4.3-2) unstable; urgency=medium1978cryptsetup (2:1.4.3-2) unstable; urgency=medium
13121979
1313 * fix the shared library symbols magic: so far, the symbols file for1980 * fix the shared library symbols magic: so far, the symbols file for
@@ -1383,6 +2050,64 @@ cryptsetup (2:1.4.1-3) unstable; urgency=low
13832050
1384 -- Jonas Meurer <mejo@debian.org> Wed, 11 Apr 2012 23:55:35 +02002051 -- Jonas Meurer <mejo@debian.org> Wed, 11 Apr 2012 23:55:35 +0200
13852052
2053cryptsetup (2:1.4.1-2ubuntu4) precise; urgency=low
2054
2055 * Our swap creation can trigger udev change events, which means udev may be
2056 holding the device open at the time we try to call 'dmsetup rename' and
2057 cause the /subsequent/ events to be missed because of dmsetup creating
2058 device nodes by hand. So call 'udevadm settle' before 'dmsetup rename',
2059 to ensure blkid is out of the way first. This should ensure swap
2060 partitions are found by mountall in a non-racy manner. LP: #874774.
2061
2062 -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 13 Apr 2012 20:23:21 -0700
2063
2064cryptsetup (2:1.4.1-2ubuntu3) precise; urgency=low
2065
2066 * Start cryptdisks-enable upstart job on 'or container', to let us
2067 simplify the udevtrigger job.
2068
2069 -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 04 Apr 2012 17:02:00 -0700
2070
2071cryptsetup (2:1.4.1-2ubuntu2) precise; urgency=low
2072
2073 * Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
2074 * Do not overwrite existing filesystems when creating swap (LP: #474258).
2075 * Add aesni module when we have hardware encryption.
2076
2077 -- Jean-Louis Dupond <jean-louis@dupond.be> Mon, 12 Mar 2012 10:14:30 +0100
2078
2079cryptsetup (2:1.4.1-2ubuntu1) precise; urgency=low
2080
2081 [ Jean-Louis Dupond ]
2082 * Merge from debian unstable (LP: #776264), remaining changes:
2083 - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
2084 in "init" phase, to avoid writing over fsck progress text.
2085 - debian/cryptroot-hook: Quiet warnings from find on arches that
2086 don't have all the kernel/{arch,crypto} bits we're testing for.
2087 - debian/control:
2088 + Bump initramfs-tools Suggests to Depends: so system is not
2089 potentially rendered unbootable.
2090 + Depend on plymouth.
2091 - Add debian/cryptdisks-{enable,udev}.upstart.
2092 - debian/cryptdisks.functions:
2093 + new function, crypttab_start_one_disk, to look for the named source
2094 device in /etc/crypttab (by device name, UUID, or label) and start it
2095 if configured to do so
2096 - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
2097 script a no-op, this should be handled entirely by the upstart job;
2098 and fix the LSB header to not declare this should be started in
2099 runlevel 'S'
2100 - debian/rules:
2101 + Do not install start symlinks for init scripts, and
2102 install debian/cryptdisks-{enable,udev}.upstart scripts.
2103
2104 [ Steve Langasek ]
2105 * debian/cryptdisks.functions: handle the case where crypttab contains a
2106 name for the source device that is not the kernel's preferred name for
2107 it (as is the case for LVs).
2108
2109 -- Jean-Louis Dupond <jean-louis@dupond.be> Thu, 08 Mar 2012 07:32:40 +0100
2110
1386cryptsetup (2:1.4.1-2) unstable; urgency=low2111cryptsetup (2:1.4.1-2) unstable; urgency=low
13872112
1388 * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182)2113 * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182)
@@ -1592,6 +2317,56 @@ cryptsetup (2:1.2.0-1) experimental; urgency=low
15922317
1593 -- Jonas Meurer <mejo@debian.org> Sun, 16 Jan 2011 01:01:03 +01002318 -- Jonas Meurer <mejo@debian.org> Sun, 16 Jan 2011 01:01:03 +0100
15942319
2320cryptsetup (2:1.1.3-4ubuntu3) precise; urgency=low
2321
2322 [ Pali Rohar ]
2323 * debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
2324 in "init" phase, to avoid writing over fsck progress text.
2325
2326 -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 26 Oct 2011 09:16:15 +0200
2327
2328cryptsetup (2:1.1.3-4ubuntu2) oneiric; urgency=low
2329
2330 * debian/cryptroot-hook: Quiet warnings from find on arches that
2331 don't have all the kernel/{arch,crypto} bits we're testing for.
2332
2333 -- Adam Conrad <adconrad@ubuntu.com> Sat, 01 Oct 2011 00:33:00 -0600
2334
2335cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low
2336
2337 * Merge from debian unstable (LP: #682177), remaining changes:
2338 - debian/control:
2339 + Bump initramfs-tools Suggests to Depends: so system is not
2340 potentially rendered unbootable.
2341 + Depend on plymouth.
2342 - Add debian/cryptdisks-{enable,udev}.upstart.
2343 - debian/cryptdisks.functions:
2344 + new function, crypttab_start_one_disk, to look for the named source
2345 device in /etc/crypttab (by device name, UUID, or label) and start it
2346 if configured to do so
2347 + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
2348 we only ever have one of these running at a time; otherwise multiple
2349 invocations could steal each other's input and/or write over each
2350 other's output
2351 + when called by cryptdisks-enable, check that we don't already have a
2352 corresponding cryptdisks-udev job running (probably waiting for a
2353 passphrase); if there is, wait until it's finished before continuing.
2354 - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
2355 script a no-op, this should be handled entirely by the upstart job;
2356 and fix the LSB header to not declare this should be started in
2357 runlevel 'S'
2358 - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
2359 upgrade.
2360 - debian/rules:
2361 + Do not install start symlinks for init scripts, and
2362 install debian/cryptdisks-{enable,udev}.upstart scripts.
2363 + link dynamically against libgcrypt and libgpg-error.
2364 - Add debian/cryptsetup.apport: Apport package hook. Install in
2365 debian/rules and create dir in debian/cryptsetup.dirs.
2366 - debian/cryptsetup.postrm: call update-initramfs on package removal.
2367
2368 -- Lorenzo De Liso <blackz@ubuntu.com> Sat, 27 Nov 2010 17:37:43 +0100
2369
1595cryptsetup (2:1.1.3-4) unstable; urgency=high2370cryptsetup (2:1.1.3-4) unstable; urgency=high
15962371
1597 * bump standards-version to 3.9.1, no changes required2372 * bump standards-version to 3.9.1, no changes required
@@ -1697,6 +2472,69 @@ cryptsetup (2:1.1.3-1) unstable; urgency=low
16972472
1698 -- Jonas Meurer <mejo@debian.org> Sat, 10 Jul 2010 14:32:40 +02002473 -- Jonas Meurer <mejo@debian.org> Sat, 10 Jul 2010 14:32:40 +0200
16992474
2475cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low
2476
2477 * Merge from Debian unstable (LP: #594365). Remaining changes:
2478 - debian/control:
2479 + Bump initramfs-tools Suggests to Depends: so system is not
2480 potentially rendered unbootable.
2481 + Depend on plymouth.
2482 - Add debian/cryptdisks-{enable,udev}.upstart.
2483 - debian/cryptdisks.functions:
2484 + new function, crypttab_start_one_disk, to look for the named source
2485 device in /etc/crypttab (by device name, UUID, or label) and start it
2486 if configured to do so
2487 + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
2488 we only ever have one of these running at a time; otherwise multiple
2489 invocations could steal each other's input and/or write over each
2490 other's output
2491 + initially create the device under a temporary name and rename it only
2492 at the end using 'dmsetup rename', to ensure that upstart/mountall
2493 doesn't see our device before it's ready to go.
2494 + do_tmp should mount under /var/run/cryptsetup for changing the
2495 permissions of the filesystem root, not directly on /tmp, since
2496 mounting on /tmp a) is racy, b) confuses mountall something fierce.
2497 + when called by cryptdisks-enable, check that we don't already have a
2498 corresponding cryptdisks-udev job running (probably waiting for a
2499 passphrase); if there is, wait until it's finished before continuing.
2500 - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
2501 script a no-op, this should be handled entirely by the upstart job;
2502 and fix the LSB header to not declare this should be started in
2503 runlevel 'S'
2504 - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
2505 upgrade.
2506 - debian/rules: Do not install start symlinks for init scripts, and
2507 install debian/cryptdisks-{enable,udev}.upstart scripts.
2508 - Add debian/cryptsetup.apport: Apport package hook. Install in
2509 debian/rules and create dir in debian/cryptsetup.dirs.
2510 - debian/rules: link dynamically against libgcrypt and libgpg-error.
2511 - debian/cryptsetup.postrm: call update-initramfs on package removal.
2512 * Dropped changes, merged/superseded in Debian:
2513 - Add ext4 support to passdev.
2514 - cryptroot-hook: don't call copy_modules_dir with empty arguments when
2515 archcrypto isn't found
2516 - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into
2517 the initramfs.
2518 - change interaction to use plymouth directly if present, and if not, to
2519 fall back to /lib/cryptsetup/askpass as before
2520 - cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
2521 - debian/initramfs/cryptroot-script: if plymouth is present in the
2522 initramfs, use this directly, bypassing the cryptsetup askpass script
2523 - debian/initramfs/cryptroot-hook: Properly anchor our regexps when
2524 grepping /etc/crypttab so that we don't incorrectly match device names
2525 that are substrings of one another.
2526 - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
2527 file descriptor to subprocesses.
2528 - Fix grammar error in debian/initramfs/cryptroot-script
2529 ("setup" -> "set up")
2530 - debian/initramfs/cryptroot-script: Fix this to work with current
2531 initramfs-tools:
2532 + Source /scripts/functions after checking for prerequisites.
2533 + prereqs(): Do not assume we are running within initramfs, and
2534 calculate relative path correctly.
2535
2536 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 14 Jun 2010 21:47:28 -0700
2537
1700cryptsetup (2:1.1.2-1) unstable; urgency=low2538cryptsetup (2:1.1.2-1) unstable; urgency=low
17012539
1702 * new upstream release, changes include:2540 * new upstream release, changes include:
@@ -1814,6 +2652,171 @@ cryptsetup (2:1.1.0-1) unstable; urgency=low
18142652
1815 -- Jonas Meurer <mejo@debian.org> Mon, 08 Mar 2010 14:15:35 +01002653 -- Jonas Meurer <mejo@debian.org> Mon, 08 Mar 2010 14:15:35 +0100
18162654
2655cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low
2656
2657 [ David Stansby ]
2658 * Fix grammar error in debian/initramfs/cryptroot-script
2659 ("setup" -> "set up") (LP: #578896)
2660
2661 -- James Westby <james.westby@ubuntu.com> Mon, 17 May 2010 13:33:40 +0100
2662
2663cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low
2664
2665 * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
2666 file descriptor to subprocesses.
2667
2668 -- Colin Watson <cjwatson@ubuntu.com> Mon, 29 Mar 2010 22:18:36 +0100
2669
2670cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low
2671
2672 * debian/initramfs/cryptroot-hook: Properly anchor our regexps when
2673 grepping /etc/crypttab so that we don't incorrectly match device names
2674 that are substrings of one another.
2675 * debian/cryptdisks-{enable,udev}.conf, debian/control: drop
2676 'console output' and add a hard dependency on plymouth instead of
2677 watershed, to avoid spitting extra messages to the console.
2678
2679 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 18 Feb 2010 06:19:19 -0800
2680
2681cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low
2682
2683 * Set FRAMEBUFFER=y in the file that we actually ship.
2684 * debian/cryptsetup.postrm: call update-initramfs on package removal.
2685 LP: #468228.
2686
2687 -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 25 Jan 2010 03:07:52 -0800
2688
2689cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low
2690
2691 * cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
2692 * cryptdisks.functions: when called by cryptdisks-enable, check that we
2693 don't already have a corresponding cryptdisks-udev job running (probably
2694 waiting for a passphrase); if there is, wait until it's finished before
2695 continuing.
2696
2697 -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 21 Jan 2010 14:57:21 +0000
2698
2699cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low
2700
2701 * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the
2702 initramfs.
2703 * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the
2704 invocation of plymouth, so that we actually get proper passphrase prompts
2705 (once bug #496765 is fixed).
2706
2707 -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 16 Jan 2010 02:32:41 -0800
2708
2709cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low
2710
2711 * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for
2712 changing the permissions of the filesystem root, not directly on /tmp,
2713 since mounting on /tmp a) is racy, b) confuses mountall something fierce.
2714 LP: #475936.
2715
2716 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 22 Dec 2009 20:24:28 +0000
2717
2718cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low
2719
2720 * Depend on watershed.
2721
2722 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 22 Dec 2009 01:37:36 +0000
2723
2724cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low
2725
2726 [ Steve Langasek ]
2727 * Fix the LSB header in the init scripts, now that we don't install to
2728 rcS.d.
2729
2730 [ Martin Pitt ]
2731 * debian/initramfs/cryptroot-script: Fix this to work with current
2732 initramfs-tools:
2733 - Source /scripts/functions after checking for prerequisites.
2734 - prereqs(): Do not assume we are running within initramfs, and calculate
2735 relative path correctly.
2736
2737 -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 18 Dec 2009 17:07:07 +0100
2738
2739cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low
2740
2741 * Rename the upstart job introduced in the previous upload to
2742 cryptdisks-udev and restore the previous version of the job as
2743 cryptdisks-enable, to run at the end of udev coldplugging as before;
2744 this isn't entirely race-free, but should nevertheless give us the
2745 two passes needed to cover devices that are decrypted using keys stored
2746 on other encrypted disks. LP: #443980.
2747
2748 -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 16 Dec 2009 06:41:30 +0000
2749
2750cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low
2751
2752 [ Steve Langasek ]
2753 * debian/initramfs/cryptroot-script: if plymouth is present in the
2754 initramfs, use this directly, bypassing the cryptsetup askpass script;
2755 but keep support for these other frontends around on a transitional
2756 basis.
2757 * debian/cryptdisks.functions:
2758 - change interaction to use plymouth directly if present, and if not, to
2759 fall back to /lib/cryptsetup/askpass as before
2760 - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
2761 we only ever have one of these running at a time; otherwise multiple
2762 invocations could steal each other's input and/or write over each
2763 other's output
2764 - new function, crypttab_start_one_disk, to look for the named source
2765 device in /etc/crypttab (by device name, UUID, or label) and start it
2766 if configured to do so
2767 * debian/cryptdisks-enable.upstart: run the upstart job once for each block
2768 device, using the new crypttab_start_one_disk function, triggered by udev;
2769 this doesn't eliminate the possibility of a race with gdm when the
2770 decrypted volume isn't a 'bootwait' mount point (since gdm kills
2771 plymouth), but it does eliminate the race between udev and cryptsetup.
2772 LP: #454898.
2773 * debian/cryptdisks-enable.upstart: check that the package is installed
2774 and exit gracefully if it's not. LP: #435814
2775 * debian/cryptdisk.functions: initially create the device under a temporary
2776 name and rename it only at the end using 'dmsetup rename', to ensure that
2777 upstart/mountall doesn't see our device before it's ready to go.
2778 LP: #475936.
2779
2780 [ Colin Watson ]
2781 * Add ext4 support to passdev.
2782
2783 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 15 Dec 2009 18:05:45 -0800
2784
2785cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low
2786
2787 * cryptroot-hook: Use if [ -n … ] instead of if ! test -z ….
2788
2789 -- Loïc Minier <loic.minier@ubuntu.com> Sat, 12 Dec 2009 11:32:52 +0100
2790
2791cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low
2792
2793 * cryptroot-hook: dont call copy_modules_dir with empty arguments when
2794 archcrypto isnt found (LP: #495161)
2795
2796 -- Oliver Grawert <ogra@ubuntu.com> Fri, 11 Dec 2009 14:39:00 +0100
2797
2798cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low
2799
2800 * Merge with Debian testing. Remaining Ubuntu changes:
2801 - debian/rules: cryptsetup is linked dynamically against libgcrypt and
2802 libgpg-error.
2803 - Upstart migration:
2804 + Add debian/cryptdisks-enable.upstart.
2805 + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
2806 script a no-op, this should be handled entirely by the upstart job.
2807 (LP #473615)
2808 + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
2809 upgrade.
2810 + debian/rules: Do not install start symlinks for those two, and install
2811 debian/cryptdisks-enable.upstart scripts.
2812 - Add debian/cryptsetup.apport: Apport package hook. Install in
2813 debian/rules, and create dir in debian/cryptsetup.dirs.
2814 - Start usplash in initramfs, since we need it for fancy passphrase input:
2815 + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y
2816 + debian/control: Bump initramfs-tools Suggests to Depends:.
2817
2818 -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 11 Nov 2009 15:04:27 +0100
2819
1817cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low2820cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low
18182821
1819 * new upstream release candidate (1.1.0-rc2), highlights include:2822 * new upstream release candidate (1.1.0-rc2), highlights include:
@@ -1987,6 +2990,80 @@ cryptsetup (2:1.0.7~rc1-1) unstable; urgency=low
19872990
1988 -- Jonas Meurer <mejo@debian.org> Sat, 04 Jul 2009 15:52:06 +02002991 -- Jonas Meurer <mejo@debian.org> Sat, 04 Jul 2009 15:52:06 +0200
19892992
2993cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low
2994
2995 [ Steve Langasek ]
2996 * Make the 'start' action of the init script a no-op, this should be
2997 handled entirely by the upstart job now; and remove any symlinks from
2998 /etc/rcS.d on upgrade. LP: #473615.
2999
3000 [ Reinhard Tartler ]
3001 * Add an apport hook
3002 * import the blkid and un_blkid from debian, LP: #446517
3003 * also use this script by default (setting in /etc/default/cryptdisks)
3004
3005 -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 04 Nov 2009 12:06:47 +0000
3006
3007cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low
3008
3009 * Reupload previous version, siretart had left changes in bzr which
3010 weren't documented in the changelog and caused FTBFS.
3011
3012 -- Scott James Remnant <scott@ubuntu.com> Wed, 14 Oct 2009 13:57:59 +0100
3013
3014cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low
3015
3016 [ Steve Langasek ]
3017 * Move the Debian Vcs- fields aside.
3018
3019 [ Scott James Remnant ]
3020 * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy,
3021 cryptsetup should not need a controlling terminal, just a terminal
3022 is fine. May fix LP: #439138.
3023
3024 -- Scott James Remnant <scott@ubuntu.com> Wed, 14 Oct 2009 04:52:16 +0100
3025
3026cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low
3027
3028 * debian/cryptdisks-enable.upstart: Things that often help include
3029 not setting stdin/out to /dev/null, so you can actually type the
3030 passphrase. I am an idiot. LP: #430496.
3031
3032 -- Scott James Remnant <scott@ubuntu.com> Thu, 17 Sep 2009 17:58:01 +0100
3033
3034cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low
3035
3036 * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted
3037 disks once we've finished probing for udev devices, so that mountall
3038 can use them. LP: #430496.
3039
3040 -- Scott James Remnant <scott@ubuntu.com> Thu, 17 Sep 2009 00:04:00 +0100
3041
3042cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low
3043
3044 * debian/initramfs/cryptroot-conf: declare that we want usplash included
3045 in the initramfs whenever this package is installed. LP: #427356.
3046
3047 -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 15 Sep 2009 08:43:15 -0700
3048
3049cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low
3050
3051 * Merge from debian unstable, remaining changes:
3052 - Ubuntu specific:
3053 + debian/rules: link dynamically for better security supportability and
3054 smaller packages.
3055 + debian/control: Depend on initramfs-tools so system is not potentially
3056 rendered unbootable.
3057 - debian/initramfs/cryptroot-script wait for encrypted device to appear,
3058 report with log_*_msg (debian bug 488271).
3059 - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL
3060 correlation between fstab and crypttab (debian bug 522041).
3061 - debian/askpass.c, debian/initramfs/cryptroot-script: using newline
3062 escape in passphrase prompt to avoid line-wrapping (debian bug 528133).
3063 * Drop 04_fix_udevsettle_call.patch: fixed upstream differently.
3064
3065 -- Kees Cook <kees@ubuntu.com> Sun, 10 May 2009 17:29:32 -0700
3066
1990cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low3067cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
19913068
1992 * New upstream svn snapshot. Highlights include:3069 * New upstream svn snapshot. Highlights include:
@@ -2028,6 +3105,67 @@ cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
20283105
2029 -- Jonas Meurer <mejo@debian.org> Mon, 06 Apr 2009 08:49:14 +02003106 -- Jonas Meurer <mejo@debian.org> Mon, 06 Apr 2009 08:49:14 +0200
20303107
3108cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low
3109
3110 * debian/control: Depend on initramfs-tools so system is not potentially
3111 rendered unbootable (LP: #358654).
3112
3113 -- Kees Cook <kees@ubuntu.com> Thu, 09 Apr 2009 12:29:31 -0700
3114
3115cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low
3116
3117 * debian/initramfs/cryptroot-script: we don't require vol_id to understand
3118 the encrypted device, but we should check the device is fully up first
3119 before continuing by calling udevadm settle. LP: #291752.
3120
3121 -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 07 Mar 2009 21:39:14 -0800
3122
3123cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low
3124
3125 * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation
3126 between fstab and crypttab (LP: #287879).
3127
3128 -- TJ <ubuntu@tjworld.net> Mon, 16 Feb 2009 23:00:00 +0000
3129
3130cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low
3131
3132 * debian/askpass.c: also handle newline escape code in console prompt.
3133
3134 -- Kees Cook <kees@ubuntu.com> Sun, 15 Feb 2009 08:57:05 -0800
3135
3136cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low
3137
3138 [ https://launchpad.net/~svenkata ]
3139 * debian/checks/un_vol_id: dynamically build the "unknown volume type"
3140 string, to allow for encrypted swap, LP: #316607
3141
3142 -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 12 Feb 2009 16:57:30 -0600
3143
3144cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low
3145
3146 * debian/askpass.c: handle newline escape code in password prompt.
3147 * debian/initramfs/cryptroot-script: add newline to split cryptroot
3148 password prompt onto two lines for readability (LP: #326900).
3149
3150 -- Kees Cook <kees@ubuntu.com> Sun, 08 Feb 2009 07:26:01 -0800
3151
3152cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low
3153
3154 * Merge from debian unstable, remaining changes:
3155 - debian/initramfs/cryptroot-script:
3156 - must source /scripts/functions to get the log_*_msg() functions.
3157 - wait for encrypted device to show up (LP 164044, 291752).
3158 - disable error message 'failed to setup lvm device' (LP 151532).
3159 - debian/rules:
3160 - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is
3161 in Debian unstable).
3162 - link dynamically (LP 62751).
3163 - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle.
3164 * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's
3165 version is higher now.
3166
3167 -- Kees Cook <kees@ubuntu.com> Tue, 06 Jan 2009 13:00:16 -0800
3168
2031cryptsetup (2:1.0.6-7) unstable; urgency=medium3169cryptsetup (2:1.0.6-7) unstable; urgency=medium
20323170
2033 * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE3171 * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE
@@ -2072,6 +3210,38 @@ cryptsetup (2:1.0.6-7) unstable; urgency=medium
20723210
2073 -- Jonas Meurer <mejo@debian.org> Wed, 17 Dec 2008 21:25:45 +01003211 -- Jonas Meurer <mejo@debian.org> Wed, 17 Dec 2008 21:25:45 +0100
20743212
3213cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low
3214
3215 * debian/initramfs/cryptroot-script: do not require that vol_id
3216 can parse the encrypted device as valid (LP: #291752).
3217
3218 -- Kees Cook <kees@ubuntu.com> Fri, 31 Oct 2008 13:10:06 -0700
3219
3220cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low
3221
3222 * Fixes for (LP: #272301)
3223 * debian/initramfs/cryptroot-script: must source /scripts/functions to get
3224 the log_*_msg() functions
3225 * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle
3226
3227 -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 19 Sep 2008 18:03:28 -0500
3228
3229cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low
3230
3231 * drop almost all ubuntu specific changes from the cryptsetup package,
3232 because they have been merged in debian. Thanks a lot!
3233 * merge from debian, remaining changes:
3234 - remove versioned build-depency on libdevmapper-dev, we are using a
3235 rather sophisticated loop for making sure the root filesystem appears.
3236 * debian/rules: fix location of ltmain.sh
3237 * don't exit usplash anymore in the init script. LP: #110970, #139363
3238 * Disable error message 'failed to setup lvm device'. It is harmless, and
3239 caused by the fact that the udev rules provided by lvm2 are setting up
3240 the lvm on their own. In debian the scripts here are responsible for this
3241 but obviously fail in ubuntu. LP: #151532
3242
3243 -- Reinhard Tartler <siretart@tauware.de> Sat, 30 Aug 2008 17:52:16 +0200
3244
2075cryptsetup (2:1.0.6-6) unstable; urgency=high3245cryptsetup (2:1.0.6-6) unstable; urgency=high
20763246
2077 * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles3247 * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles
@@ -2173,6 +3343,79 @@ cryptsetup (2:1.0.6-3) unstable; urgency=low
21733343
2174 -- Jonas Meurer <mejo@debian.org> Mon, 07 Jul 2008 00:30:07 +02003344 -- Jonas Meurer <mejo@debian.org> Mon, 07 Jul 2008 00:30:07 +0200
21753345
3346cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low
3347
3348 * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally
3349 dropped in version 2:1.0.6-2ubuntu6.
3350
3351 -- Reinhard Tartler <siretart@tauware.de> Fri, 20 Jun 2008 15:15:54 +0200
3352
3353cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low
3354
3355 [ Kjell Braden ]
3356 * load scripts/functions for log_{begin,end}_msg
3357 * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device
3358 * debian/initramfs/cryptroot-hook: copy binaries to the right directory
3359
3360 [ Reinhard Tartler ]
3361 * remove versioned build-depency on libdevmapper-dev, we are using a
3362 rather sophisticated loop for making sure the root filesystem appears.
3363
3364 -- Reinhard Tartler <siretart@tauware.de> Wed, 18 Jun 2008 00:26:43 +0200
3365
3366cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low
3367
3368 * Okay, I give up. include preprocessed manpages and adapt
3369 debian/rules to easily produce those.
3370 ATTENTION: on subsequent uploads, make sure that the manpages are
3371 available and up-to-date.
3372
3373 -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 13:33:07 +0200
3374
3375cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low
3376
3377 * also use local dtd in debian/doc/variables.xml.in.
3378
3379 -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 12:55:42 +0200
3380
3381cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low
3382
3383 * try harder to fix FTBFS.
3384
3385 -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 11:42:54 +0200
3386
3387cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low
3388
3389 * build docbook documentation using local dtds instead of trying to
3390 download them at buildtime. Fixes FTBFS.
3391
3392 -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 11:12:28 +0200
3393
3394cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low
3395
3396 * Merge new debian version. Remaining changes:
3397 - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
3398 bzr on launchpad.
3399 - debian/rules: cryptsetup is linked dynamically against libgcrypt and
3400 libgpg-error.
3401 - cryptdisks.functions: stop usplash on user input. LP #62751
3402 - Parse comments in lines not starting with '#', LP #185380
3403 - If the encrypted source device hasn't shown up yet, give it a
3404 little while to deal with removable devices. LP #164044
3405 * Depend on race-free version of libdevmapper, thus making udevsettle
3406 call from cryptsetup binary unnecessary. Dropping patch
3407 debian/patches/06_run_udevsettle.patch
3408 * remove patch from LP #73862, loading optimized modules has been solved
3409 in debian in another way.
3410 * cryptdisk.functions: remove spurious call to load_optimized_module.
3411 LP: #239946
3412 * bugfix: make regex work if keyfile has extended attributes. LP: #231339.
3413 * remove patch in cryptdisks.functions for rexecing the script itself for
3414 ensuring that a tty is always available. (See LP #58794.) According to
3415 Scott, this is not necessary anymore.
3416
3417 -- Reinhard Tartler <siretart@tauware.de> Sat, 14 Jun 2008 23:28:51 +0200
3418
2176cryptsetup (2:1.0.6-2) unstable; urgency=low3419cryptsetup (2:1.0.6-2) unstable; urgency=low
21773420
2178 [ Jonas Meurer ]3421 [ Jonas Meurer ]
@@ -2198,6 +3441,54 @@ cryptsetup (2:1.0.6-2) unstable; urgency=low
21983441
2199 -- David Härdeman <david@hardeman.nu> Mon, 26 May 2008 08:12:32 +02003442 -- David Härdeman <david@hardeman.nu> Mon, 26 May 2008 08:12:32 +0200
22003443
3444cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low
3445
3446 [ Kjell Braden ]
3447 * Fix configuration parsing (LP: #239808)
3448
3449 [ Reinhard Tartler ]
3450 * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723)
3451
3452 -- Reinhard Tartler <siretart@tauware.de> Fri, 13 Jun 2008 21:26:17 +0200
3453
3454cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low
3455
3456 * Parse comments in lines not starting with '#', LP: #185380
3457 * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough
3458 for the cryptdevice to appear. Reimplement the busy waiting loop found
3459 while waiting for the root file system. Patch based on work by Swâmi
3460 Petaramesh. LP: #164044
3461 * debian/crypdisks.functions: call 'env' with full path. LP: #178829.
3462
3463 -- Reinhard Tartler <siretart@tauware.de> Mon, 26 May 2008 22:12:32 +0200
3464
3465cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low
3466
3467 * Simplify the patch in debian/cryptdisks.functions that stops usplash
3468 before asking for a passphrase.
3469
3470 -- Reinhard Tartler <siretart@tauware.de> Mon, 26 May 2008 20:18:14 +0200
3471
3472cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low
3473
3474 * Merge new debian version. Remaining changes:
3475 - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
3476 - stop usplash on user input. LP #62751
3477 - debian/cryptdisks.functions: Always output and read from the console.
3478 LP #58794.
3479 - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
3480 bzr on launchpad.
3481 - debian/initramfs/cryptroot-hook: LP #73862
3482 Added patch to install aes optimized cypher module
3483 - try to load optimized cypher module in cryptsetup.functions as well,
3484 because cryptroot-hook is only executed when we really have a
3485 cryptoroot.
3486 * other ubuntu changes have been merged into debian. Please report bugs
3487 if you believe some patches have been dropped.
3488 * removed 07_typos_fix.patch, has been reviewed and applied upstream.
3489
3490 -- Reinhard Tartler <siretart@tauware.de> Sun, 25 May 2008 22:52:30 +0200
3491
2201cryptsetup (2:1.0.6-1) unstable; urgency=low3492cryptsetup (2:1.0.6-1) unstable; urgency=low
22023493
2203 [ Jonas Meurer ]3494 [ Jonas Meurer ]
@@ -2329,6 +3620,138 @@ cryptsetup (2:1.0.6~pre1-1) unstable; urgency=low
23293620
2330 -- Jonas Meurer <mejo@debian.org> Thu, 06 Dec 2007 15:56:05 +01003621 -- Jonas Meurer <mejo@debian.org> Thu, 06 Dec 2007 15:56:05 +0100
23313622
3623cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low
3624
3625 * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181)
3626
3627 -- Bruno Barrera Yever <bbyever@gmail.com> Mon, 07 Apr 2008 18:43:05 -0500
3628
3629cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low
3630
3631 * debian/initramfs/cryptroot-script: Do show the disk name after all, since
3632 some people use multiple encrypted partitions as LVM PVs. (LP: #201413)
3633
3634 -- Martin Pitt <martin.pitt@ubuntu.com> Sun, 06 Apr 2008 11:54:41 -0600
3635
3636cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low
3637
3638 * debian/initramfs/cryptroot-script: Do not mention the name of the
3639 encrypted device. It is just technobabble anyway (sda4_crypt), and there
3640 is just one root partition ever, so it is not needed to tell apart
3641 different partitions. From a security POV, someone who can change your
3642 initramfs to boot a different root partition can just as well change the
3643 strings, too. (LP: #201413)
3644
3645 -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 02 Apr 2008 15:51:53 +0200
3646
3647cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low
3648
3649 * debian/scripts/luksformat: Use 256 bit key size by default.
3650 (LP: #78508)
3651 * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for
3652 luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508)
3653
3654 -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 27 Feb 2008 17:43:46 +0100
3655
3656cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low
3657
3658 * Fix -x calls and access() call.
3659
3660 -- Scott James Remnant <scott@ubuntu.com> Fri, 14 Dec 2007 16:54:53 +0000
3661
3662cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low
3663
3664 * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle
3665 * debian/patches/06_call_udevsettle.dpatch: likewise
3666
3667 -- Scott James Remnant <scott@ubuntu.com> Fri, 14 Dec 2007 16:11:36 +0000
3668
3669cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low
3670
3671 * Make cryptsetup understand devices specified by UUID=... or LABEL=
3672 in crypttab. (LP: #153597)
3673
3674 -- Andrea Colangelo <warp10@libero.it> Mon, 29 Oct 2007 18:22:51 +0100
3675
3676cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low
3677
3678 * reenable additional udevsettle calls in cryptroot hook from
3679 https://launchpad.net/bugs/85640, LP: #132373.
3680 * change maintainer to ubuntu-core-dev.
3681 * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control.
3682
3683 -- Reinhard Tartler <siretart@tauware.de> Thu, 08 Nov 2007 23:52:19 +0100
3684
3685cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low
3686
3687 * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last
3688 upload. Sorry, pitti.
3689 * convert patch to lib/libdevmapper.c to a dpatch.
3690
3691 -- Reinhard Tartler <siretart@tauware.de> Sun, 04 Nov 2007 21:42:43 +0100
3692
3693cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low
3694
3695 * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation
3696 events are being processed by calling /sbin/udevsettle. Patch based on
3697 OpenSUSE bug #285478, LP: #132373.
3698 * Based on the change above, the patch from LP #85640 is no longer needed.
3699 dropping the relevant parts.
3700 * Fix debian/rules to not fail to build if autom4te.cache is left behind
3701 from a previous incomplete build.
3702
3703 -- Reinhard Tartler <siretart@tauware.de> Fri, 02 Nov 2007 20:53:31 +0100
3704
3705cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low
3706
3707 * debian/initramfs/cryptroot-script:
3708 - If the supplied password worked, remove the prompt from usplash again,
3709 so that the user has some visual feedback that everything is alright.
3710 (LP: #151305)
3711 - Do not show the UUID device node of the outer physical device. It is
3712 scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not
3713 improve security at all: If attackers can tamper with your initramfs,
3714 they can also change the prompt, and if the UUID of the physical device
3715 changes, then booting will not even get that far. Now it is a much more
3716 friendly "Enter passphrase for sda5_crypt:" which is still technical,
3717 but it's necessary to point out which device will be unlocked in case
3718 there are several.
3719
3720 -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 11 Oct 2007 19:51:58 +0200
3721
3722cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low
3723
3724 * Merge new debian version. Remaining changes:
3725 - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
3726 This will break systems where /usr is a separate encrypted filesystem
3727 but not have other bad consequences (in particular, systems with
3728 encrypted root are still fine). The upsides include better
3729 security supportability and smaller packages.
3730 - libcryptsetup.so et al removed from the binary packages. They have
3731 no stable ABI and are not suitable for use by other packages, and
3732 were in violation of library policies etc. They're not needed since
3733 the cryptsetup executable statically contains the relevant parts of
3734 libcryptsetup.
3735 - cryptdisks.functions: remove #!/bin/bash as it isn't a script
3736 by itself; it's only sourced by other scripts. This gets rid
3737 of the lintian warning `script-not-executable' for this file.
3738 - stop usplash on user input. LP #62751
3739 - Always output and read from the console. LP #58794.
3740 - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
3741 bzr on launchpad.
3742 - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
3743 libnsl linkage;
3744 - debian/initramfs/cryptroot-hook: (LP: #73862)
3745 Added patch to install aes optimized cypher module
3746 - try to load optimized cypher module in cryptsetup.functions as well,
3747 because cryptroot-hook is only executed when we really have a
3748 cryptoroot.
3749 - apply patch from pitti for allowing UUIDs in /etc/crypttab.
3750 This allowes crypted PVs! LP: #144390.
3751 - remove README.ubuntu, since it contains old and obsolete information.
3752
3753 -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Oct 2007 21:31:28 +0200
3754
2332cryptsetup (2:1.0.5-2) unstable; urgency=low3755cryptsetup (2:1.0.5-2) unstable; urgency=low
23333756
2334 [ Jonas Meurer ]3757 [ Jonas Meurer ]
@@ -2377,6 +3800,68 @@ cryptsetup (2:1.0.5-2) unstable; urgency=low
23773800
2378 -- Jonas Meurer <mejo@debian.org> Mon, 24 Sep 2007 15:42:06 +02003801 -- Jonas Meurer <mejo@debian.org> Mon, 24 Sep 2007 15:42:06 +0200
23793802
3803cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low
3804
3805 * apply patch from pitti for allowing UUIDs in /etc/crypttab.
3806 This allowes crypted PVs! LP: #144390.
3807 * remove README.ubuntu, since it contains old and obsolete information.
3808
3809 -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Oct 2007 19:59:24 +0200
3810
3811cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low
3812
3813 [ Stephan Hermann ]
3814 * debian/initramfs/cryptroot-hook: (LP: #73862)
3815 - Added patch to install aes optimized cypher module
3816
3817 [ Reinhard Tartler ]
3818 * re-applying old patch to new package version
3819 * try to load optimized cypher module in cryptsetup.functions as well,
3820 because cryptroot-hook is only executed when we really have a
3821 cryptoroot.
3822
3823 -- Reinhard Tartler <siretart@tauware.de> Thu, 27 Sep 2007 19:38:48 +0200
3824
3825cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low
3826
3827 * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
3828 libnsl linkage; should finally produce a usable cryptsetup binary for
3829 the udeb.
3830
3831 -- Colin Watson <cjwatson@ubuntu.com> Wed, 19 Sep 2007 15:28:52 +0100
3832
3833cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low
3834
3835 * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for
3836 proper udeb dependencies.
3837
3838 -- Colin Watson <cjwatson@ubuntu.com> Wed, 19 Sep 2007 01:37:02 +0100
3839
3840cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low
3841
3842 * Merge new debian version. Remaining changes:
3843 - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
3844 This will break systems where /usr is a separate encrypted filesystem
3845 but not have other bad consequences (in particular, systems with
3846 encrypted root are still fine). The upsides include better
3847 security supportability and smaller packages.
3848 - libcryptsetup.so et al removed from the binary packages. They have
3849 no stable ABI and are not suitable for use by other packages, and
3850 were in violation of library policies etc. They're not needed since
3851 the cryptsetup executable statically contains the relevant parts of
3852 libcryptsetup.
3853 - cryptdisks.functions: remove #!/bin/bash as it isn't a script
3854 by itself; it's only sourced by other scripts. This gets rid
3855 of the lintian warning `script-not-executable' for this file.
3856 - stop usplash on user input. LP #62751
3857 - Always output and read from the console. LP #58794.
3858 * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
3859 bzr on launchpad.
3860 * UVF exception request granted by Scott Kitterman and Chuck Short
3861 LP: #138295
3862
3863 -- Reinhard Tartler <siretart@tauware.de> Sat, 08 Sep 2007 19:04:54 +0200
3864
2380cryptsetup (2:1.0.5-1) unstable; urgency=low3865cryptsetup (2:1.0.5-1) unstable; urgency=low
23813866
2382 [ Jonas Meurer ]3867 [ Jonas Meurer ]
@@ -2397,6 +3882,66 @@ cryptsetup (2:1.0.5-1) unstable; urgency=low
23973882
2398 -- Jonas Meurer <mejo@debian.org> Fri, 27 Jul 2007 04:59:33 +02003883 -- Jonas Meurer <mejo@debian.org> Fri, 27 Jul 2007 04:59:33 +0200
23993884
3885cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low
3886
3887 * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu
3888
3889 -- Reinhard Tartler <siretart@tauware.de> Sat, 08 Sep 2007 18:43:56 +0200
3890
3891cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low
3892
3893 * cryptsetup is linked dynamically against libgcrypt and libgpg-error.
3894 This will break systems where /usr is a separate encrypted filesystem
3895 but not have other bad consequences (in particular, systems with
3896 encrypted root are still fine). The upsides include better
3897 security supportability and smaller packages.
3898 * libcryptsetup.so et al removed from the binary packages. They have
3899 no stable ABI and are not suitable for use by other packages, and
3900 were in violation of library policies etc. They're not needed since
3901 the cryptsetup executable statically contains the relevant parts of
3902 libcryptsetup.
3903 * cryptdisks.functions: remove #!/bin/bash as it isn't a script
3904 by itself; it's only sourced by other scripts. This gets rid
3905 of the lintian warning `script-not-executable' for this file.
3906
3907 -- Ian Jackson <iwj@ubuntu.com> Fri, 31 Aug 2007 12:05:33 +0100
3908
3909cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low
3910
3911 * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions
3912 (LP: #115617)
3913
3914 -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 17:04:05 +0200
3915
3916cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low
3917
3918 * make luksformat check if filesystem is already mounted to prevent a
3919 strange error message. thanks to mvo for the patch (LP: #116633)
3920 * remove file debian/initramfs-cryptroot-script from source. it is not
3921 installed anywhere, and a leftover from the last merge.
3922 * add missing hunk of cryptsetup.functions compared to debian package.
3923 * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to
3924 debian/initramfs/cryptroot-script, since stgraber's patch has been
3925 lost in the last merge. (LP: #85640)
3926
3927 -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 15:02:57 +0200
3928
3929cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low
3930
3931 * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405)
3932
3933 -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 13:31:39 +0200
3934
3935cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low
3936
3937 * Merge from Debian unstable. Remaining Ubuntu changes:
3938 - stop usplash on user input. Ubuntu: #62751
3939 - Always output and read from the console. Ubuntu: #58794.
3940 - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
3941 * Modify Maintainer value to match Debian-Maintainer-Field Spec
3942
3943 -- Andrea Veri <bluekuja@ubuntu.com> Sun, 6 May 2007 22:33:25 +0200
3944
2400cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low3945cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low
24013946
2402 * New upstream svn snapshot with several bugfixes3947 * New upstream svn snapshot with several bugfixes
@@ -2449,6 +3994,20 @@ cryptsetup (2:1.0.4+svn26-2) unstable; urgency=low
24493994
2450 -- Jonas Meurer <mejo@debian.org> Sat, 28 Apr 2007 20:45:50 +02003995 -- Jonas Meurer <mejo@debian.org> Sat, 28 Apr 2007 20:45:50 +0200
24513996
3997cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low
3998
3999 * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
4000
4001 -- Stéphane Graber <stgraber@ubuntu.com> Thu, 14 Apr 2007 10:03:41 +0200
4002
4003cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low
4004
4005 * merge debian changes. Remaining ubuntu changes:
4006 - stop usplash on user input. Ubuntu: #62751
4007 - Always output and read from the console. Ubuntu: #58794.
4008
4009 -- Reinhard Tartler <siretart@tauware.de> Sat, 3 Feb 2007 21:30:03 +0100
4010
2452cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high4011cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high
24534012
2454 [ Jonas Meurer ]4013 [ Jonas Meurer ]
@@ -2498,6 +4057,28 @@ cryptsetup (2:1.0.4+svn16-1) unstable; urgency=medium
24984057
2499 -- Jonas Meurer <mejo@debian.org> Tue, 28 Nov 2006 18:17:12 +01004058 -- Jonas Meurer <mejo@debian.org> Tue, 28 Nov 2006 18:17:12 +0100
25004059
4060cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low
4061
4062 * fix and improve initramfs hook: terminate usplash if running, since
4063 adequate secure text input is not possible with usplash ATM
4064 * usplash support: Terminate usplash before asking a password.
4065 Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751
4066
4067 -- Reinhard Tartler <siretart@tauware.de> Wed, 24 Jan 2007 22:43:28 +0100
4068
4069cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low
4070
4071 * merge debian changes, remaining patches:
4072 - Always output and read from the console. Ubuntu: #58794.
4073 * other changes have been merged or do noy apply anymore
4074 * read password via usplash if available in initramfs for rootfs. based on a patch from
4075 Swen Thümmler (Thanks for that!) Ubuntu #62751
4076 * read password from initscript via usplash if running. should fix the
4077 rest of Ubuntu #62751. Only problem with that patch: It asks only once
4078 for the password! improvements welcome!
4079
4080 -- Reinhard Tartler <siretart@tauware.de> Sun, 19 Nov 2006 20:04:19 +0100
4081
2501cryptsetup (2:1.0.4-8) unstable; urgency=high4082cryptsetup (2:1.0.4-8) unstable; urgency=high
25024083
2503 [ Jonas Meurer ]4084 [ Jonas Meurer ]
@@ -2655,6 +4236,27 @@ cryptsetup (2:1.0.4~rc2-1) unstable; urgency=low
26554236
2656 -- Jonas Meurer <mejo@debian.org> Mon, 4 Sep 2006 03:55:35 +02004237 -- Jonas Meurer <mejo@debian.org> Mon, 4 Sep 2006 03:55:35 +0200
26574238
4239cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low
4240
4241 * Always output and read from the console. Ubuntu: #58794.
4242
4243 -- Scott James Remnant <scott@ubuntu.com> Thu, 21 Sep 2006 03:05:18 +0100
4244
4245cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low
4246
4247 * Load the dm-crypt module on startup. Ubuntu: #53475.
4248
4249 -- Scott James Remnant <scott@ubuntu.com> Wed, 23 Aug 2006 11:53:49 +0200
4250
4251cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low
4252
4253 * Sync with Debian:
4254 Remaining Ubuntu Changes
4255 + debian/cryptdisks.functions:
4256 - Tell usplash to quit if we ask for a passphrase
4257
4258 -- Sebastian Dröge <slomo@ubuntu.com> Tue, 11 Jul 2006 20:03:27 +0200
4259
2658cryptsetup (2:1.0.3-3) unstable; urgency=low4260cryptsetup (2:1.0.3-3) unstable; urgency=low
26594261
2660 [ Jonas Meurer ]4262 [ Jonas Meurer ]
@@ -3074,3 +4676,4 @@ cryptsetup-luks (0.992-1) unstable; urgency=low
3074 * "integrated LUKS" support (very messy hack)4676 * "integrated LUKS" support (very messy hack)
30754677
3076 -- Michael Gebetsroither <michael.geb@gmx.at> Thu, 10 Feb 2005 18:16:21 +01004678 -- Michael Gebetsroither <michael.geb@gmx.at> Thu, 10 Feb 2005 18:16:21 +0100
4679
diff --git a/debian/control b/debian/control
index 3ea0be1..7d73f5f 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: cryptsetup1Source: cryptsetup
2Section: admin2Section: admin
3Priority: optional3Priority: optional
4Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>
5Uploaders: Jonas Meurer <jonas@freesources.org>,6Uploaders: Jonas Meurer <jonas@freesources.org>,
6 Guilhem Moulin <guilhem@debian.org>7 Guilhem Moulin <guilhem@debian.org>
7Rules-Requires-Root: no8Rules-Requires-Root: no
@@ -76,11 +77,11 @@ Description: disk encryption support - command line tools
7677
77Package: cryptsetup-initramfs78Package: cryptsetup-initramfs
78Architecture: all79Architecture: all
79Depends: busybox | busybox-static,80Depends: busybox-initramfs,
80 cryptsetup (>= ${source:Version}),81 cryptsetup (>= ${source:Version}),
81 initramfs-tools (>= 0.129) | linux-initramfs-tool,82 initramfs-tools (>= 0.129) | linux-initramfs-tool,
82 ${misc:Depends}83 ${misc:Depends}
83Recommends: console-setup, kbd84Recommends: console-setup, kbd, plymouth
84Breaks: cryptsetup (<< 2:2.0.3-1)85Breaks: cryptsetup (<< 2:2.0.3-1)
85Replaces: cryptsetup (<< 2:2.0.3-1)86Replaces: cryptsetup (<< 2:2.0.3-1)
86Description: disk encryption support - initramfs integration87Description: disk encryption support - initramfs integration
diff --git a/debian/cryptsetup-initramfs.install b/debian/cryptsetup-initramfs.install
index 026ea37..6780893 100644
--- a/debian/cryptsetup-initramfs.install
+++ b/debian/cryptsetup-initramfs.install
@@ -5,5 +5,6 @@ debian/initramfs/hooks/* /usr/share/initramfs-tools/h
5debian/initramfs/scripts/local-block/cryptroot /usr/share/initramfs-tools/scripts/local-block/5debian/initramfs/scripts/local-block/cryptroot /usr/share/initramfs-tools/scripts/local-block/
6debian/initramfs/scripts/local-bottom/cryptgnupg-sc /usr/share/initramfs-tools/scripts/local-bottom/6debian/initramfs/scripts/local-bottom/cryptgnupg-sc /usr/share/initramfs-tools/scripts/local-bottom/
7debian/initramfs/scripts/local-bottom/cryptopensc /usr/share/initramfs-tools/scripts/local-bottom/7debian/initramfs/scripts/local-bottom/cryptopensc /usr/share/initramfs-tools/scripts/local-bottom/
8debian/initramfs/scripts/local-bottom/cryptroot /usr/share/initramfs-tools/scripts/local-bottom/
8debian/initramfs/scripts/local-top/cryptopensc /usr/share/initramfs-tools/scripts/local-top/9debian/initramfs/scripts/local-top/cryptopensc /usr/share/initramfs-tools/scripts/local-top/
9debian/initramfs/scripts/local-top/cryptroot /usr/share/initramfs-tools/scripts/local-top/10debian/initramfs/scripts/local-top/cryptroot /usr/share/initramfs-tools/scripts/local-top/
diff --git a/debian/functions b/debian/functions
index 3eaf1a4..3189939 100644
--- a/debian/functions
+++ b/debian/functions
@@ -9,6 +9,8 @@ else
9 TABFILE="${TABFILE-/etc/crypttab}"9 TABFILE="${TABFILE-/etc/crypttab}"
10fi10fi
11export DM_DEFAULT_NAME_MANGLING_MODE=hex # for dmsetup(8)11export DM_DEFAULT_NAME_MANGLING_MODE=hex # for dmsetup(8)
12export CRYPTR_LOCAL_BLOCK="/run/cryptroot.local-block"
13export CRYPTR_CNT_FILE="/run/cryptroot.initrd.cnt"
1214
13# Logging helpers. Send the argument list to plymouth(1), or fold it15# Logging helpers. Send the argument list to plymouth(1), or fold it
14# and print it to the standard error.16# and print it to the standard error.
@@ -587,6 +589,7 @@ _resolve_device() {
587# Print the major:minor device ID(s) holding the file system currently589# Print the major:minor device ID(s) holding the file system currently
588# mounted currenty mounted on $mountpoint.590# mounted currenty mounted on $mountpoint.
589# Return 0 on success, 1 on error (if $mountpoint is not a mountpoint).591# Return 0 on success, 1 on error (if $mountpoint is not a mountpoint).
592# devno will be empty if the filesystem must be excluded.
590get_mnt_devno() {593get_mnt_devno() {
591 local wantmount="$1" devnos="" uuid dev IFS594 local wantmount="$1" devnos="" uuid dev IFS
592 local spec mountpoint fstype _ DEV MAJ MIN595 local spec mountpoint fstype _ DEV MAJ MIN
@@ -600,8 +603,15 @@ get_mnt_devno() {
600 # take the last mountpoint if used several times (shadowed)603 # take the last mountpoint if used several times (shadowed)
601 unset -v devnos604 unset -v devnos
602 spec="$(printf '%b' "$spec")"605 spec="$(printf '%b' "$spec")"
603 _resolve_device "$spec" || continue # _resolve_device() already warns on error
604 fstype="$(printf '%b' "$fstype")"606 fstype="$(printf '%b' "$fstype")"
607 if [ "$fstype" = "zfs" ]; then
608 # Ignore ZFS entries as they don't have a major/minor and won't
609 # be imported when local-top cryptroot script will ran.
610 # Returns success with empty devno
611 printf ''
612 return 0
613 fi
614 _resolve_device "$spec" || continue # _resolve_device() already warns on error
605 if [ "$fstype" = "btrfs" ]; then615 if [ "$fstype" = "btrfs" ]; then
606 # btrfs can span over multiple devices616 # btrfs can span over multiple devices
607 if uuid="$(_device_uuid "$DEV")"; then617 if uuid="$(_device_uuid "$DEV")"; then
diff --git a/debian/initramfs/cryptroot-unlock b/debian/initramfs/cryptroot-unlock
index d31b6f4..960e3a8 100644
--- a/debian/initramfs/cryptroot-unlock
+++ b/debian/initramfs/cryptroot-unlock
@@ -40,8 +40,14 @@ fi
40pgrep_exe() {40pgrep_exe() {
41 local exe pid41 local exe pid
42 exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 042 exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0
43 ps -eo pid= | while read pid; do43 ps | awk '{print $1, $5}' | while read LINE; do
44 [ "$(readlink -f "/proc/$pid/exe")" != "$exe" ] || printf '%d\n' "$pid"44 set $LINE
45 local pid=$1
46 local cmd=$(readlink -f -- "$2")
47 if [ "$cmd" == "$exe" ]; then
48 echo $pid
49 break
50 fi
45 done51 done
46}52}
4753
@@ -101,7 +107,7 @@ wait_for_prompt() {
101 break107 break
102 fi108 fi
103109
104 usleep 100000110 sleep 0.1
105 timer=$(( $timer - 1 ))111 timer=$(( $timer - 1 ))
106 if [ $timer -le 0 ]; then112 if [ $timer -le 0 ]; then
107 echo "Error: Timeout reached while waiting for askpass." >&2113 echo "Error: Timeout reached while waiting for askpass." >&2
@@ -112,7 +118,7 @@ wait_for_prompt() {
112 # find the cryptsetup process with same $CRYPTTAB_NAME118 # find the cryptsetup process with same $CRYPTTAB_NAME
113 local o v119 local o v
114 for o in NAME TRIED OPTION_tries; do120 for o in NAME TRIED OPTION_tries; do
115 if v="$(grep -z -m1 "^CRYPTTAB_$o=" "/proc/$pid/environ")"; then121 if v="$(tr '\0' '\n' < "/proc/$pid/environ" | grep -m1 "^CRYPTTAB_$o=")"; then
116 eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}"122 eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}"
117 else123 else
118 eval unset -v "CRYPTTAB_$o"124 eval unset -v "CRYPTTAB_$o"
@@ -128,7 +134,7 @@ wait_for_prompt() {
128 fi134 fi
129135
130 for pid in $(pgrep_exe "/sbin/cryptsetup"); do136 for pid in $(pgrep_exe "/sbin/cryptsetup"); do
131 if grep -Fxqz "CRYPTTAB_NAME=$CRYPTTAB_NAME" "/proc/$pid/environ"; then137 if tr '\0' '\n' < "/proc/$pid/environ" | grep -Fxq "CRYPTTAB_NAME=$CRYPTTAB_NAME"; then
132 PID=$pid138 PID=$pid
133 BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break139 BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break
134 return 0140 return 0
@@ -148,7 +154,7 @@ wait_for_prompt() {
148wait_for_answer() {154wait_for_answer() {
149 local timer=$(( 10 * $TIMEOUT )) b155 local timer=$(( 10 * $TIMEOUT )) b
150 while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do156 while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do
151 usleep 100000157 sleep 0.1
152 timer=$(( $timer - 1 ))158 timer=$(( $timer - 1 ))
153 if [ $timer -le 0 ]; then159 if [ $timer -le 0 ]; then
154 echo "Error: Timeout reached while waiting for PID $PID." >&2160 echo "Error: Timeout reached while waiting for PID $PID." >&2
diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot
index 7d88148..67dc6dd 100644
--- a/debian/initramfs/hooks/cryptroot
+++ b/debian/initramfs/hooks/cryptroot
@@ -179,16 +179,18 @@ generate_initrd_crypttab() {
179179
180 {180 {
181 if devnos="$(get_mnt_devno /)"; then181 if devnos="$(get_mnt_devno /)"; then
182 usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos182 if [ -n "$devnos" ]; then
183 usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos
184 fi
183 else185 else
184 cryptsetup_message "WARNING: Couldn't determine root device"186 cryptsetup_message "WARNING: Couldn't determine root device"
185 fi187 fi
186188
187 if devnos="$(get_resume_devno)"; then189 if devnos="$(get_resume_devno)" && [ -n "$devnos" ]; then
188 usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos190 usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos
189 fi191 fi
190192
191 if devnos="$(get_mnt_devno /usr)"; then193 if devnos="$(get_mnt_devno /usr)" && [ -n "$devnos" ]; then
192 usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos194 usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos
193 fi195 fi
194196
diff --git a/debian/initramfs/scripts/local-block/cryptroot b/debian/initramfs/scripts/local-block/cryptroot
index 8a9b4c0..8719fb6 100644
--- a/debian/initramfs/scripts/local-block/cryptroot
+++ b/debian/initramfs/scripts/local-block/cryptroot
@@ -15,6 +15,10 @@ prereqs)
15 ;;15 ;;
16esac16esac
1717
18[ -f /lib/cryptsetup/functions ] || return 0
19. /lib/cryptsetup/functions
20
18if [ -x /scripts/local-top/cryptroot ]; then21if [ -x /scripts/local-top/cryptroot ]; then
22 touch ${CRYPTR_LOCAL_BLOCK}
19 exec /scripts/local-top/cryptroot23 exec /scripts/local-top/cryptroot
20fi24fi
diff --git a/debian/initramfs/scripts/local-bottom/cryptroot b/debian/initramfs/scripts/local-bottom/cryptroot
21new file mode 10064425new file mode 100644
index 0000000..4f44d38
--- /dev/null
+++ b/debian/initramfs/scripts/local-bottom/cryptroot
@@ -0,0 +1,23 @@
1#!/bin/sh
2set +x
3PREREQ=""
4
5prereqs()
6{
7 echo "$PREREQ"
8}
9
10case $1 in
11prereqs)
12 prereqs
13 exit 0
14 ;;
15esac
16
17# If we reached this stage, we do have a rootfs mounted
18# so let's clean-up cryptroot setup mess...
19[ -f /lib/cryptsetup/functions ] || return 0
20. /lib/cryptsetup/functions
21
22rm -f ${CRYPTR_LOCAL_BLOCK}
23rm -f ${CRYPTR_CNT_FILE}
diff --git a/debian/initramfs/scripts/local-top/cryptroot b/debian/initramfs/scripts/local-top/cryptroot
index 4f36259..5a9ea60 100644
--- a/debian/initramfs/scripts/local-top/cryptroot
+++ b/debian/initramfs/scripts/local-top/cryptroot
@@ -31,8 +31,8 @@ esac
3131
3232
33# wait_for_source()33# wait_for_source()
34# Wait for encrypted $CRYPTTAB_SOURCE for up to 180s. Set34# Wait for encrypted $CRYPTTAB_SOURCE . Set $CRYPTTAB_SOURCE
35# $CRYPTTAB_SOURCE to its normalized device name when it shows up;35# to its normalized device name when it shows up;
36# return 1 if timeout.36# return 1 if timeout.
37wait_for_source() {37wait_for_source() {
38 wait_for_udev 1038 wait_for_udev 10
@@ -42,17 +42,27 @@ wait_for_source() {
42 return 042 return 0
43 fi43 fi
4444
45 # The lines below has been taken from
46 # /usr/share/initramfs-tools/scripts/local's local_device_setup(),
47 # as suggested per https://launchpad.net/bugs/164044
48
49 # If the source device hasn't shown up yet, give it a little while45 # If the source device hasn't shown up yet, give it a little while
50 # to allow for asynchronous device discovery (e.g. USB).46 # to allow for asynchronous device discovery (e.g. USB).
47 #
48 # We also need to take into account RAID or other devices that may
49 # only be available on local-block stage. So, wait 5 seconds upfront,
50 # in local-top; if that fails, end execution relying on local-block
51 # invocations. Allow $ROOTDELAY/3 invocations with 1s sleep times (with
52 # a minimum of 30 invocations), and if after that we still fail, then it's
53 # really time to give-up. Variable $initrd_cnt tracks the re-invocations.
54 #
55 # Part of the lines below has been taken from initramfs-tools
56 # scripts/local's local_device_setup(), as suggested per
57 # https://launchpad.net/bugs/164044 .
58
59 local slumber=1
60 if [ ! -f "${CRYPTR_LOCAL_BLOCK}" ]; then # we are running on local-top
61 slumber=5
62 fi
5163
52 cryptsetup_message "Waiting for encrypted source device $CRYPTTAB_SOURCE..."64 cryptsetup_message "Waiting for encrypted source device $CRYPTTAB_SOURCE..."
5365
54 # Default delay is 180s, cf. initramfs-tools(8)
55 local slumber="${ROOTDELAY:-180}"
56 while [ $slumber -gt 0 ]; do66 while [ $slumber -gt 0 ]; do
57 sleep 167 sleep 1
5868
@@ -75,7 +85,23 @@ wait_for_source() {
75# Set up a crypttab(5) mapping defined by $CRYPTTAB_NAME,85# Set up a crypttab(5) mapping defined by $CRYPTTAB_NAME,
76# $CRYPTTAB_SOURCE, $CRYPTTAB_KEY, $CRYPTTAB_OPTIONS.86# $CRYPTTAB_SOURCE, $CRYPTTAB_KEY, $CRYPTTAB_OPTIONS.
77setup_mapping() {87setup_mapping() {
78 local dev88 local dev initrd_cnt
89
90 # We control here the number of re-invocations of this script from
91 # local-block - the heuristic is $ROOTDELAY/3, with a minimum of 30.
92 # This number is somewhat dictated by mdadm, we want to run more times
93 # than that script, to allow decrypting volumes on top of arrays.
94
95 if [ -f "${CRYPTR_CNT_FILE}" ]; then
96 initrd_cnt=$(cat ${CRYPTR_CNT_FILE})
97 else
98 initrd_cnt=${ROOTDELAY:-90}
99 initrd_cnt=$((initrd_cnt/3))
100 if [ "${initrd_cnt}" -lt 30 ]; then
101 initrd_cnt=30
102 fi
103 echo ${initrd_cnt} > "${CRYPTR_CNT_FILE}"
104 fi
79105
80 # The same target can be specified multiple times106 # The same target can be specified multiple times
81 # e.g. root and resume lvs-on-lvm-on-crypto107 # e.g. root and resume lvs-on-lvm-on-crypto
@@ -86,17 +112,23 @@ setup_mapping() {
86 crypttab_parse_options --export --missing-path=fail || return 1112 crypttab_parse_options --export --missing-path=fail || return 1
87113
88 if ! wait_for_source; then114 if ! wait_for_source; then
89 # we've given up115 if [ ${initrd_cnt} -le 0 ]; then
90 if [ -n "$panic" ]; then116 # we've given up
91 panic "ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME."117 if [ -n "$panic" ]; then
92 else118 panic "ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME."
93 # let the user fix matters if they can119 else
94 echo " ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME."120 # let the user fix matters if they can
95 echo " Check cryptopts=source= bootarg: cat /proc/cmdline"121 echo " ALERT! encrypted source device $CRYPTTAB_SOURCE does not exist, can't unlock $CRYPTTAB_NAME."
96 echo " or missing modules, devices: cat /proc/modules; ls /dev"122 echo " Check cryptopts=source= bootarg: cat /proc/cmdline"
97 panic "Dropping to a shell."123 echo " or missing modules, devices: cat /proc/modules; ls /dev"
98 fi124 panic "Dropping to a shell."
99 return 1 # can't continue because environment is lost125 fi
126 return 1 # can't continue because environment is lost
127 else
128 initrd_cnt=$((initrd_cnt - 1))
129 echo ${initrd_cnt} > "${CRYPTR_CNT_FILE}"
130 return 0 # allow some attempts on local-block stage
131 fi
100 fi132 fi
101133
102 # our `cryptroot-unlock` script searches for cryptsetup processes134 # our `cryptroot-unlock` script searches for cryptsetup processes
@@ -169,6 +201,10 @@ setup_mapping() {
169 done201 done
170202
171 cryptsetup_message "ERROR: $CRYPTTAB_NAME: maximum number of tries exceeded"203 cryptsetup_message "ERROR: $CRYPTTAB_NAME: maximum number of tries exceeded"
204
205 if [ -f "${CRYPTR_CNT_FILE}" ]; then
206 echo 0 > "${CRYPTR_CNT_FILE}"
207 fi
172 exit 1208 exit 1
173}209}
174210
diff --git a/debian/patches/decrease_memlock_ulimit.patch b/debian/patches/decrease_memlock_ulimit.patch
175new file mode 100644211new file mode 100644
index 0000000..be9b6ab
--- /dev/null
+++ b/debian/patches/decrease_memlock_ulimit.patch
@@ -0,0 +1,55 @@
1Description: Decrease memlock limit to mimic Xenial builder behavior.
2 This approach prevents cryptsetup to FTBFS, since the PPA builders were
3 upgraded to Bionic, which has a bigger memlock limit (but not enough).
4 With this quirk, cryptsetup won't mlock() its memory allocationss, hence
5 it behaves exactly as the Xenial builders. Meanwhile, we pursue the
6 proper fix (systemd patch to bump memlock to a higher limit on Bionic).
7Author: Guilherme G. Piccoli <gpiccoli@canonical.com>
8Bug-Ubuntu: https://bugs.launchpad.net/bugs/1891473
9Last-Update: 2020-09-09
10
11Index: cryptsetup-2.3.3/tests/compat-test
12===================================================================
13--- cryptsetup-2.3.3.orig/tests/compat-test
14+++ cryptsetup-2.3.3/tests/compat-test
15@@ -45,6 +45,10 @@ TEST_UUID="12345678-1234-1234-1234-12345
16 LOOPDEV=$(losetup -f 2>/dev/null)
17 [ -f /etc/system-fips ] && FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
18
19+# Circumvent test failure due to Bionic builder; we need to decrease
20+# the memlock limit here to mimic Xenial builder (see LP #1891473).
21+ulimit -l 0
22+
23 function remove_mapping()
24 {
25 [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 >/dev/null 2>&1
26Index: cryptsetup-2.3.3/tests/luks2-validation-test
27===================================================================
28--- cryptsetup-2.3.3.orig/tests/luks2-validation-test
29+++ cryptsetup-2.3.3/tests/luks2-validation-test
30@@ -21,6 +21,10 @@ FAILS=0
31
32 [ -z "$srcdir" ] && srcdir="."
33
34+# Circumvent test failure due to Bionic builder; we need to decrease
35+# the memlock limit here to mimic Xenial builder (see LP #1891473).
36+ulimit -l 0
37+
38 function remove_mapping()
39 {
40 rm -rf $IMG $TST_IMGS >/dev/null 2>&1
41Index: cryptsetup-2.3.3/tests/tcrypt-compat-test
42===================================================================
43--- cryptsetup-2.3.3.orig/tests/tcrypt-compat-test
44+++ cryptsetup-2.3.3/tests/tcrypt-compat-test
45@@ -13,6 +13,10 @@ PIM=1234
46
47 [ -z "$srcdir" ] && srcdir="."
48
49+# Circumvent test failure due to Bionic builder; we need to decrease
50+# the memlock limit here to mimic Xenial builder (see LP #1891473).
51+ulimit -l 0
52+
53 function remove_mapping()
54 {
55 [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
diff --git a/debian/patches/series b/debian/patches/series
0new file mode 10064456new file mode 100644
index 0000000..270d874
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
1decrease_memlock_ulimit.patch

Subscribers

People subscribed via source and target branches