Created by James Westby on 2009-06-16 and last modified on 2015-01-22
Get this branch:
bzr branch lp:debian/cryptsetup
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

38. By Jonas Meurer <email address hidden> on 2015-01-22

* debian/cryptdisks.functions: fix the precheck for ubuntu+upstart
  before invoking 'status cryptdisks-udev'. (closes: #773456)
* debian/cryptdisks.functions: fix the insufficient grep regex for
  detecting a running cryptdisks-udev (upstart) init script.

37. By Jonas Meurer <email address hidden> on 2014-12-17

[ Simon McVittie ]
* debian/initramfs/cryptroot-script: decrypt /usr as well as / so that
  split-/usr will work with initramfs-tools (>= 0.118). (closes: #767832)

[ Jonas Meurer ]
* debian/cryptdisks.funcctions: check for cryptdisks-udev initscript before
  actually invoking 'status' on it. It's only useful in ubuntu+upstart
  environment anyway. (closes: #764564)
* debian/askpas.c: fix systemd_read() to really strip trailing newline from
  input. Thanks to Quentin Lefebvre for report and patch. (closes: #768407)

36. By Jonas Meurer <email address hidden> on 2014-10-07

debian/initramfs/cryptroot-script: fix environment variable $CRYPTTAB_TRIED
to hold the number of actual tries instead of the number of maximum tries.
Thanks to Luc Maisonobe for debugging and the patch. (closes: #758788)

35. By Jonas Meurer <email address hidden> on 2014-08-20

* rename 'luksheader' option in crypttab to 'header', as it may be used for
  different encryption modes later as well.
* add support for detached LUKS header to initramfs scripts. Thanks to Pablo
  Santiago for the hint and DiagonalArg from Launchpad for patch suggestions.
  (closes: #716652)
* fix support for truecrypt devices in initramfs scripts. Thanks to Lukas
  Wunner for the patch. (closes: #748286)
* use blkid instead of fstype everywhere in cryptroot initramfs scripts.
  Thanks to Pablo Santiago for the hint.
* debian/initramfs/cryptroot-hook: add support for 'initramfs' option to
  crypttab. Thanks to Hugh Davenport for the patch. (closes: #697162)
* debian/initramfs/cryptroot-script: add support for multiple btrfs root
  devices. This should fix the WARNING at mkinitramfs for unencrypted
  btrfs root device(s) as well. Thanks to Jon Severinsson and Gerald Turner
  for patches. (closes: #682751, #762268)
* debian/initramfs/cryptroot-script: skip missing device in initramfs after
  dropping to the panic/emergency shell instead of looping in the panic
  shell. Thanks to Cédric Barboiron for the patch. (closes: #762573)
* debian/initramfs/cryptroot-script: for LVM devices, don't set ROOT to
  $NEWROOT in /etc/param.conf in case that /etc/param.conf already has ROOT
  set. This is the case for flash-kernel devices. Thanks to Brandon Parker
  for bugreport and patch. (closes: #759720)
* debian/initramfs/cryptroot-script: in slumber loop, retry vg_activate
  every ten seconds. Fixes LVM on USB in cases that the USB device didn't
  come up fast enough. (closes: #762032)
* fix package version number in debian/NEWS.
* bump standards-version to 3.9.6, no changes needed.

34. By Jonas Meurer <email address hidden> on 2014-03-04

* new upsream version 1.6.6.
* add versioned dependency on cryptsetup-bin to cryptsetup. (closes: #747670)
* change versioned build-depends on automake to >= 1.12 to reflect upstream
  requirements. Thanks to Joel Johnson. (closes: #740688)
* build and link against libgcrypt20 (>= 1.6.1). Add note about whirlpool
  bug in older libgcrypt releases and how to deal with it to debian/NEWS.
* add systemd support to askpass. Thanks to David Härdeman for the patch.
  (closes: #742600, #755074)
* fix initramfs cryptroot hook to not include modules unconditionally. Thanks
  to Dmitrijs Ledkovs for bugreport and patch. (closes: #714104)
* fix decrypt_keyctl script to ask again in case of wrong passphrase. Thanks
  to Dmitriy Matrosov for bugreport and patch. (closes: #748368)
* incorporate changes from ubuntu package:
  - don't hardcode paths to udevadm and udevsettle.
  - restore terminal settings in askpass.c. (closes: #714942)
  - migrate upstart jobs to new names.

33. By Jonas Meurer <email address hidden> on 2014-03-03

really fix plain device opening in initramfs cryptroot script this time.
Thanks again to Dirk Griesbach for the patch. (closes: #740592)

32. By Jonas Meurer <email address hidden> on 2014-03-02

* fix plain device opening, broken by switch to new unified open command
  in 1.6.4-1. Thanks to Dirk Griesbach for the patch. (closes: #740592)
* update italian debconf translations, thanks to Italian l10n team and
  Francesca Ciceri. (closes: #740557)
* remove trailing whitespaces from text files.
* some minor packaging fixes thanks to lintian checks:
  - fix VCS-* fields in debian/control to use canoncial URIs.
  - remove empty directory from libcryptsetup4 package.
  - add lintian-override for init.d-script-not-included-in-package.

31. By Jonas Meurer <email address hidden> on 2014-03-02

fix libcryptsetup.so symlink. Thanks to Michael Biebl. (closes: #740484)

30. By Jonas Meurer <email address hidden> on 2013-06-28

* new upstream version 1.6.4.
  - minor fixes in cryptsetup manpage. (closes: #725131)
  - by default verify new passphrase in luksChangeKey and luksAddKey
    commands (closes: #728302)
  - cryptsetup releases are released on kernel.org since 1.6.4. Change
    debian/watch accordingly.
* use compiled defaults for cypher, keysize and hash in luksformat script
* improvements to docs (thanks to Christoph Anton Mitterer):
  - small improvement to explanation for CRYPTTAB_TRIED environment variable
    in crypttab manpage
  - update cipher, size and hash settings in examples (closes: #714331)
  - replace '/dev/hdX' devices with '/dev/sdX' in examples
  - full path to keyscripts in /lib/cryptsetup/scripts not needed in examples
* update init and initramfs scripts to use new open syntax (closes: #714395)
* add scripts/local-block/cryptroot in order to support event based block
  device handling. Thanks to Goswin von Brederlow (closes: #678692)
* add support for TCRYPT device handling to cryptdisks init and cryptroot
  initramfs scripts. (closes: #722509)
* improve passphrase prompt in cryptroot initramfs script. Thanks to Joachim
  Breitner. (closes: #728080)
* add support for detached luks header to cryptdisks init script. Thanks to
  Ximin Luo. (closes: #716652)
* enhance docs about remote unlocking feature. Thanks to Karl O. Pinc.
  (closes: #715487, #714952)
* update README.keyctl docs: since linux kernel 2.6.38, dm-crypt is not
  single-threaded any longer. (closes: #714806)
* don't sleep between retries in cryptroot initramfs script. (closes: #715525)
* add multi-arch support. Thanks to Shawn Landden. (closes: #696008, #732099)
* suggest keyutils. Thanks to Nikolaus Rath. (closes: #734133, #735496)
* fix initramfs/cryptroot-hook to support more than one lvm source devices.
  Thanks to Jens Reinsberger for the patch. (closes: #659688, #737686)
* bump standards-version to 3.9.5, no changes needed.
* override lintian false positives for init scripts:
  - init.d-script-does-not-implement-optional-option status
  - init.d-script-does-not-source-init-functions

29. By Jonas Meurer <email address hidden> on 2013-06-28

[ Milan Broz ]
* new upstream version. (closes: #704827, 707997)
  - default LUKS encryption mode is XTS (aes-xts-plain64) (closes: #714331)
  - adds native support for Truecrypt and compatible on-disk format
  - adds benchmark command
  - adds cryptsetup-reencrypt, a tool to offline reencrypt LUKS device
  - adds veritysetup, a tool for dm-verity block device verification module
* install docs/examples into docs at cryptsetup-dev package.
* fix compilation warnings in askpass.c.

[ Steve Langasek ]
* fix upstart jobs to not cause boot hangs when actually used in
  conjunction with startpar. (closes: #694499, #677712).
* in connection with the above, make the cryptdisks-early job explicitly
  wait for 'umountfs' on shutdown just like cryptdisks does; otherwise,
  the teardown of the cryptdisks upstart job may cause the cryptdisks-early
  init script run before we're done unmounting filesystems.

[ Jonas Meurer ]
* minor wording fixes to README.initramfs, suggested by intrigeri and Adam
  D. Barrett.
* add bash-completion script for cryptdisks_{start,stop}. Thanks to Claudius
  Hubig for providing a patch. (closes: #700777)
* support specifying key-slot in crypttab. Thanks to Kevin Locke for the
  patch. (closes: #704470)
* remove evms support code from cryptroot initramfs script. (closes: #713918)
* fix location of keyscripts in initramfs documentation. (closes: #697446)
* fix a typo in decrypt_ssl script that prevented stdout from beeing
  redirected to /dev/null. (closes: #700285)
* give full path to blkid in crytproot initramfs script. (closes: #697155)
* export number of previous tries from cryptroot and cryptdisks to
  keyscript. Thanks to Laurens Blankers for the idea. Opens the possibility
  to fallback after a given number of tries for keyscripts. (closes: #438481,
  #471729, #697455)
* improve check for cpu hardware encryption support in initramfs cryptroot
  hook. (closes: #714326)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.