Merge ~vpa1977/ubuntu/+source/cryptsetup:merge-lp2004423-lunar into ubuntu/+source/cryptsetup:debian/sid
- Git
- lp:~vpa1977/ubuntu/+source/cryptsetup
- merge-lp2004423-lunar
- Merge into debian/sid
Status: | Merged |
---|---|
Merge reported by: | Vladimir Petko |
Merged at revision: | bde91aa4f4b7b1eb3978bdf83d5b58e5df2155ca |
Proposed branch: | ~vpa1977/ubuntu/+source/cryptsetup:merge-lp2004423-lunar |
Merge into: | ubuntu/+source/cryptsetup:debian/sid |
Diff against target: |
2624 lines (+2003/-27) 15 files modified
debian/changelog (+1826/-0) debian/control (+7/-5) debian/functions (+9/-1) debian/initramfs/cryptroot-unlock (+12/-6) debian/initramfs/hooks/cryptroot (+5/-3) debian/patches/decrease_memlock_ulimit.patch (+49/-0) debian/patches/series (+1/-0) debian/rules (+2/-0) debian/tests/control (+3/-2) debian/tests/cryptroot-lvm.d/mock (+7/-2) debian/tests/cryptroot-nested.d/config (+7/-0) debian/tests/cryptroot-sysvinit.d/config (+7/-2) debian/tests/initramfs-hook (+16/-2) debian/tests/utils/cryptroot-common (+27/-3) debian/tests/utils/mock.pm (+25/-1) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Canonical Server Core Reviewers | Pending | ||
Canonical Server | Pending | ||
git-ubuntu import | Pending | ||
Review via email:
|
This proposal supersedes a proposal from 2023-02-13.
Commit message
Description of the change
* Merge with Debian unstable (LP: #2004423). Remaining changes:
- debian/control:
+ Recommend plymouth.
+ Depend on busybox-initramfs instead of busybox | busybox-static.
+ Move cryptsetup-
+ Do not build cryptsetup-suspend binary package on i386.
- Fix cryptroot-unlock for busybox compatibility.
- Fix warning and error when running on ZFS on root
- d/functions: Return an empty devno for ZFS devices as they don't have
major:minor device numbers.
- d/initramfs/
when devices don't have a devno.
- debian/
Fixed FTBFS due to a restricted build environment
- Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522)
+ debian/
times out or fails
+ debian/
names for Ubuntu
+ debian/
+ debian/
workaround for LP1831747 by adding a e2fsprogs dependency
+ debian/
allow blowfish test use 64Mb of provisioned space (drop --size)
+ debian/
PPA: ppa:vpa1977/
Tests:
- Installation: see comments
- Upgrade: see comments
- Removal: see comments
Package Test Results:
autopkgtest [16:57:03]: @@@@@@@
hint-testsuite-
hint-testsuite-
upstream-testsuite PASS
ssh-test-plugin PASS
cryptdisks.init PASS
initramfs-hook PASS
cryptroot-lvm PASS
cryptroot-legacy PASS
cryptroot-md PASS
cryptroot-nested PASS
cryptroot-sysvinit PASS
qemu-system-x86_64: terminating on signal 15 from pid 1553342 (/usr/bin/pyt)
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Vladimir Petko (vpa1977) wrote : | # |
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Vladimir Petko (vpa1977) wrote : | # |
Upgrade:
~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
libabsl20210324 libbpf0 libflac8 libfwupdplugin7 libgssdp-1.2-0
libgupnp-1.2-1 libldap-2.5-0 liblerc3 libperl5.34 libpoppler123
libprotobuf23 libpython3.10 libqpdf28 libreoffice-
libreoffice-
librygel-
perl-modules-5.34
Use 'sudo apt autoremove' to remove them.
The following packages will be upgraded:
cryptsetup cryptsetup-bin cryptsetup-
4 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 997 kB of archives.
After this operation, 1,802 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 https:/
Get:2 https:/
Get:3 https:/
Get:4 https:/
Fetched 997 kB in 8s (119 kB/s)
Preconfiguring packages ...
(Reading database ... 162966 files and directories currently installed.)
Preparing to unpack .../cryptsetup-
Unpacking cryptsetup-
..
Preparing to unpack .../libcryptset
Unpacking libcryptsetup12
...
Preparing to unpack .../cryptsetup-
Unpacking cryptsetup-bin (2:2.6.
Preparing to unpack .../cryptsetup_
Unpacking cryptsetup (2:2.6.
Setting up libcryptsetup12
Setting up cryptsetup-bin (2:2.6.
Setting up cryptsetup (2:2.6.
Setting up cryptsetup-
update-initramfs: deferring update (trigger activated)
Processing triggers for libc-bin (2.36-0ubuntu4) ...
Processing triggers for man-db (2.11.2-1) ...
Processing triggers for initramfs-tools (0.142ubuntu1) ...
update-initramfs: Generating /boot/initrd.
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Vladimir Petko (vpa1977) wrote : | # |
Removal:
~$ sudo apt remove cryptsetup
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
libabsl20210324 libbpf0 libflac8 libfwupdplugin7 libgssdp-1.2-0
libgupnp-1.2-1 libldap-2.5-0 liblerc3 libperl5.34 libpoppler123
libprotobuf23 libpython3.10 libqpdf28 libreoffice-
libreoffice-
librygel-
perl-modules-5.34
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
cryptsetup cryptsetup-
0 upgraded, 0 newly installed, 2 to remove and 0 not upgraded.
After this operation, 542 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 162991 files and directories currently installed.)
Removing cryptsetup-
update-initramfs: deferring update (trigger activated)
Removing cryptsetup (2:2.6.
Processing triggers for man-db (2.11.2-1) ...
Processing triggers for initramfs-tools (0.142ubuntu1) ...
update-initramfs: Generating /boot/initrd.
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 14b3906..4881fc8 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,34 @@ |
6 | +cryptsetup (2:2.6.1-1ubuntu1) lunar; urgency=medium |
7 | + |
8 | + * Merge with Debian unstable (LP: #2004423). Remaining changes: |
9 | + - debian/control: |
10 | + + Recommend plymouth. |
11 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
12 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
13 | + + Do not build cryptsetup-suspend binary package on i386. |
14 | + - Fix cryptroot-unlock for busybox compatibility. |
15 | + - Fix warning and error when running on ZFS on root |
16 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
17 | + major:minor device numbers. |
18 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
19 | + when devices don't have a devno. |
20 | + - debian/patches/decrease_memlock_ulimit.patch |
21 | + Fixed FTBFS due to a restricted build environment |
22 | + - Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522) |
23 | + + debian/tests/utils/mock.pm: return from consume() function if select() |
24 | + times out or fails |
25 | + + debian/tests/utils/cryptroot-common: fix apt source and kernel package |
26 | + names for Ubuntu |
27 | + + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu |
28 | + cryptroot-sysvinit package test |
29 | + + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add |
30 | + workaround for LP1831747 by adding a e2fsprogs dependency |
31 | + + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and |
32 | + allow blowfish test use 64Mb of provisioned space (drop --size) |
33 | + + debian/tests/control: disable cryptdisks test |
34 | + |
35 | + -- Vladimir Petko <vladimir.petko@canonical.com> Mon, 13 Feb 2023 15:57:18 +1300 |
36 | + |
37 | cryptsetup (2:2.6.1-1) unstable; urgency=medium |
38 | |
39 | * New upstream bugfix release. |
40 | @@ -47,6 +78,54 @@ cryptsetup (2:2.6.0~rc0-1) experimental; urgency=medium |
41 | |
42 | -- Guilhem Moulin <guilhem@debian.org> Sat, 19 Nov 2022 17:30:40 +0100 |
43 | |
44 | +cryptsetup (2:2.5.0-6ubuntu3) lunar; urgency=medium |
45 | + |
46 | + * Fix cryptroot-lvm autopkgtest on Ubuntu. (LP: #1983522) |
47 | + - debian/tests/control: enable cryptroot-lvm |
48 | + - debian/tests/utils/mock.pm: return from consume() function if select() |
49 | + times out or fails |
50 | + |
51 | + -- Vladimir Petko <vladimir.petko@canonical.com> Fri, 02 Dec 2022 15:53:42 +1300 |
52 | + |
53 | +cryptsetup (2:2.5.0-6ubuntu2) lunar; urgency=medium |
54 | + |
55 | + * Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522) |
56 | + - debian/tests/utils/cryptroot-common: fix apt source and kernel package |
57 | + names for Ubuntu |
58 | + - debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu |
59 | + cryptroot-sysvinit package test |
60 | + - debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add |
61 | + workaround for LP1831747 by adding a e2fsprogs dependency |
62 | + - debian/tests/control: disable cryptdisks, cryptroot-lvm due to CI |
63 | + failures and update comments |
64 | + - debian/tests/utils/mock.pm: fix cryptoroot-lvm test adding retries to the |
65 | + suspend operation and consuming the console buffer before making |
66 | + assertions. It still hangs in CI and requires further work. |
67 | + - debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and |
68 | + allow blowfish test use 64Mb of provisioned space (drop --size) |
69 | + |
70 | + -- Vladimir Petko <vladimir.petko@canonical.com> Fri, 02 Dec 2022 14:14:42 +1300 |
71 | + |
72 | +cryptsetup (2:2.5.0-6ubuntu1) lunar; urgency=low |
73 | + |
74 | + * Merge from Debian unstable. Remaining changes: |
75 | + - debian/control: |
76 | + + Recommend plymouth. |
77 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
78 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
79 | + + Do not build cryptsetup-suspend binary package on i386. |
80 | + - Fix cryptroot-unlock for busybox compatibility. |
81 | + - Fix warning and error when running on ZFS on root |
82 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
83 | + major:minor device numbers. |
84 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
85 | + when devices don't have a devno. |
86 | + - debian/patches/decrease_memlock_ulimit.patch |
87 | + Fixed FTBFS due to a restricted build environment |
88 | + - Disable failing Debian-tailored cryptroot-* autopkgtests |
89 | + |
90 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 07 Nov 2022 08:36:38 -0800 |
91 | + |
92 | cryptsetup (2:2.5.0-6) unstable; urgency=medium |
93 | |
94 | * d/t/cryptroot-*: Mask systemd-firstboot.service. |
95 | @@ -142,6 +221,26 @@ cryptsetup (2:2.5.0-3) unstable; urgency=low |
96 | |
97 | -- Guilhem Moulin <guilhem@debian.org> Sun, 18 Sep 2022 23:01:46 +0200 |
98 | |
99 | +cryptsetup (2:2.5.0-2ubuntu1) kinetic; urgency=medium |
100 | + |
101 | + * Merge from Debian unstable. Remaining changes: |
102 | + - debian/control: |
103 | + + Recommend plymouth. |
104 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
105 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
106 | + + Do not build cryptsetup-suspend binary package on i386. |
107 | + - Fix cryptroot-unlock for busybox compatibility. |
108 | + - Fix warning and error when running on ZFS on root: (LP: #1830110) |
109 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
110 | + major:minor device numbers. |
111 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
112 | + when devices don't have a devno. |
113 | + - debian/patches/decrease_memlock_ulimit.patch |
114 | + Fixed FTBFS due to a restricted build environment |
115 | + * Disable failing Debian-tailored cryptroot-* autopkgtests, see bug #1983522 |
116 | + |
117 | + -- Benjamin Drung <bdrung@ubuntu.com> Wed, 24 Aug 2022 00:56:28 +0200 |
118 | + |
119 | cryptsetup (2:2.5.0-2) unstable; urgency=low |
120 | |
121 | [ Matthias Klose ] |
122 | @@ -200,6 +299,29 @@ cryptsetup (2:2.5.0-2) unstable; urgency=low |
123 | |
124 | -- Guilhem Moulin <guilhem@debian.org> Tue, 09 Aug 2022 01:40:50 +0200 |
125 | |
126 | +cryptsetup (2:2.5.0-1ubuntu1) kinetic; urgency=medium |
127 | + |
128 | + * Merge from Debian unstable. Remaining changes: |
129 | + - debian/control: |
130 | + + Recommend plymouth. |
131 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
132 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
133 | + + Do not build cryptsetup-suspend binary package on i386. |
134 | + - Fix cryptroot-unlock for busybox compatibility. |
135 | + - Fix warning and error when running on ZFS on root: (LP: #1830110) |
136 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
137 | + major:minor device numbers. |
138 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
139 | + when devices don't have a devno. |
140 | + - debian/patches/decrease_memlock_ulimit.patch |
141 | + Fixed FTBFS due to a restricted build environment |
142 | + - Stop building the udeb on request. |
143 | + * d/initramfs/hooks/cryptroot: Include OpenSSL legacy.so for ripemd160 and |
144 | + whirlpool hash algorithms (LP: #1979159) |
145 | + * Disable failing Debian-tailored cryptroot-* autopkgtests, see bug #1983522 |
146 | + |
147 | + -- Benjamin Drung <bdrung@ubuntu.com> Thu, 04 Aug 2022 12:30:02 +0200 |
148 | + |
149 | cryptsetup (2:2.5.0-1) unstable; urgency=medium |
150 | |
151 | * New upstream release. (Closes: #1000634, #1011128) |
152 | @@ -278,6 +400,26 @@ cryptsetup (2:2.5.0~rc1-1) experimental; urgency=low |
153 | |
154 | -- Guilhem Moulin <guilhem@debian.org> Fri, 15 Jul 2022 01:49:59 +0200 |
155 | |
156 | +cryptsetup (2:2.4.3-1ubuntu1) jammy; urgency=low |
157 | + |
158 | + * Merge from Debian unstable (LP: #1959427). Remaining changes: |
159 | + - debian/control: |
160 | + + Recommend plymouth. |
161 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
162 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
163 | + + Do not build cryptsetup-suspend binary package on i386. |
164 | + - Fix cryptroot-unlock for busybox compatibility. |
165 | + - Fix warning and error when running on ZFS on root: (LP: #1830110) |
166 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
167 | + major:minor device numbers. |
168 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
169 | + when devices don't have a devno. |
170 | + - debian/patches/decrease_memlock_ulimit.patch |
171 | + Fixed FTBFS due to a restricted build environment |
172 | + - Stop building the udeb on request. |
173 | + |
174 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 28 Jan 2022 12:14:06 -0800 |
175 | + |
176 | cryptsetup (2:2.4.3-1) unstable; urgency=high |
177 | |
178 | [ Guilhem Moulin ] |
179 | @@ -291,6 +433,64 @@ cryptsetup (2:2.4.3-1) unstable; urgency=high |
180 | |
181 | -- Guilhem Moulin <guilhem@debian.org> Thu, 13 Jan 2022 19:07:05 +0100 |
182 | |
183 | +cryptsetup (2:2.4.2-1ubuntu4) jammy; urgency=medium |
184 | + |
185 | + * Move cryptsetup-initramfs back to cryptsetup's Recommends (from Suggests). |
186 | + |
187 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 09 Dec 2021 12:53:00 +1300 |
188 | + |
189 | +cryptsetup (2:2.4.2-1ubuntu3) jammy; urgency=medium |
190 | + |
191 | + * Fix build on i386. |
192 | + |
193 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 07 Dec 2021 13:17:48 +1300 |
194 | + |
195 | +cryptsetup (2:2.4.2-1ubuntu2) jammy; urgency=medium |
196 | + |
197 | + * Do not build new cryptsetup-suspend binary package on i386. |
198 | + |
199 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 07 Dec 2021 11:47:55 +1300 |
200 | + |
201 | +cryptsetup (2:2.4.2-1ubuntu1) jammy; urgency=medium |
202 | + |
203 | + * Merge from Debian unstable. Remaining changes: |
204 | + - debian/control: |
205 | + + Recommend plymouth. |
206 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
207 | + - Fix cryptroot-unlock for busybox compatibility. |
208 | + - Fix warning and error when running on ZFS on root: (LP: #1830110) |
209 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
210 | + major:minor device numbers. |
211 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when |
212 | + devices don't have a devno. |
213 | + Submitted to debian upstream as bug #902449. |
214 | + - debian/patches/decrease_memlock_ulimit.patch |
215 | + Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473) |
216 | + tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test. |
217 | + - Thanks Guilherme G. Piccoli. |
218 | + - Stop building the udeb on request. |
219 | + * Dropped change, included in Debian: |
220 | + - Introduce retry logic for external invocations after mdadm (LP: #1879980) |
221 | + - Currently, if an encrypted rootfs is configured on top of a MD RAID1 |
222 | + array and such array gets degraded (e.g., a member is removed/failed) |
223 | + the cryptsetup scripts cannot mount the rootfs, and the boot fails. |
224 | + We fix that issue here by allowing the cryptroot script to be re-run |
225 | + by initramfs-tools/local-block stage, as mdadm can activate degraded |
226 | + arrays at that stage. |
227 | + There is an initramfs-tools counter-part for this fix, but alone the |
228 | + cryptsetup portion is harmless. |
229 | + - d/cryptsetup-initramfs.install: ship the new local-bottom script. |
230 | + - d/functions: declare variables for local-top|block|bottom scripts |
231 | + (flag that local-block is running and external invocation counter.) |
232 | + - d/i/s/local-block/cryptroot: set flag that local-block is running. |
233 | + - d/i/s/local-bottom/cryptroot: clean up the flag and counter files. |
234 | + - d/i/s/local-top/cryptroot: change the logic from just waiting 180 |
235 | + seconds to waiting 5 seconds first, then allowing initramfs-tools |
236 | + to run mdadm (to activate degraded arrays) and call back at least |
237 | + 30 times/seconds more. |
238 | + |
239 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 02 Dec 2021 11:58:05 +1300 |
240 | + |
241 | cryptsetup (2:2.4.2-1) unstable; urgency=high |
242 | |
243 | * New upstream bugfix release 2.4.2. |
244 | @@ -409,6 +609,18 @@ cryptsetup (2:2.3.6-1+exp1) experimental; urgency=medium |
245 | |
246 | -- Guilhem Moulin <guilhem@debian.org> Fri, 28 May 2021 22:54:20 +0200 |
247 | |
248 | +cryptsetup (2:2.3.6-0ubuntu2) jammy; urgency=medium |
249 | + |
250 | + * No-change rebuild against openssl3 |
251 | + |
252 | + -- Simon Chopin <simon.chopin@canonical.com> Thu, 25 Nov 2021 14:22:07 +0200 |
253 | + |
254 | +cryptsetup (2:2.3.6-0ubuntu1) impish; urgency=medium |
255 | + |
256 | + * New upstream release. |
257 | + |
258 | + -- Matthieu Clemenceau <matthieu.clemenceau@canonical.com> Fri, 20 Aug 2021 11:32:12 +1200 |
259 | + |
260 | cryptsetup (2:2.3.5-1+exp1) experimental; urgency=medium |
261 | |
262 | * Upload to experimental. |
263 | @@ -481,6 +693,69 @@ cryptsetup (2:2.3.4-1+exp1) experimental; urgency=medium |
264 | |
265 | -- Guilhem Moulin <guilhem@debian.org> Fri, 04 Sep 2020 00:55:41 +0200 |
266 | |
267 | +cryptsetup (2:2.3.4-1ubuntu3) hirsute; urgency=medium |
268 | + |
269 | + * Stop building the udeb on request. |
270 | + |
271 | + -- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 12:10:36 +0100 |
272 | + |
273 | +cryptsetup (2:2.3.4-1ubuntu2) hirsute; urgency=medium |
274 | + |
275 | + * No-change rebuild to drop the udeb package. |
276 | + |
277 | + -- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:30:38 +0100 |
278 | + |
279 | +cryptsetup (2:2.3.4-1ubuntu1) hirsute; urgency=medium |
280 | + |
281 | + * Merge with Debian unstable. Remaining changes: |
282 | + - debian/control: |
283 | + + Recommend plymouth. |
284 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
285 | + - Fix cryptroot-unlock for busybox compatibility. |
286 | + - Fix warning and error when running on ZFS on root: (LP #1830110) |
287 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
288 | + major:minor device numbers. |
289 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when |
290 | + devices don't have a devno. |
291 | + Submitted to debian upstream as bug #902449. |
292 | + - debian/patches/decrease_memlock_ulimit.patch |
293 | + Fixed FTBFS due a restrict environment in the new Bionic Builder (LP #1891473) |
294 | + tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test. |
295 | + - Thanks Guilherme G. Piccoli. |
296 | + - Introduce retry logic for external invocations after mdadm (LP #1879980) |
297 | + - Currently, if an encrypted rootfs is configured on top of a MD RAID1 |
298 | + array and such array gets degraded (e.g., a member is removed/failed) |
299 | + the cryptsetup scripts cannot mount the rootfs, and the boot fails. |
300 | + We fix that issue here by allowing the cryptroot script to be re-run |
301 | + by initramfs-tools/local-block stage, as mdadm can activate degraded |
302 | + arrays at that stage. |
303 | + There is an initramfs-tools counter-part for this fix, but alone the |
304 | + cryptsetup portion is harmless. |
305 | + - d/cryptsetup-initramfs.install: ship the new local-bottom script. |
306 | + - d/functions: declare variables for local-top|block|bottom scripts |
307 | + (flag that local-block is running and external invocation counter.) |
308 | + - d/i/s/local-block/cryptroot: set flag that local-block is running. |
309 | + - d/i/s/local-bottom/cryptroot: clean up the flag and counter files. |
310 | + - d/i/s/local-top/cryptroot: change the logic from just waiting 180 |
311 | + seconds to waiting 5 seconds first, then allowing initramfs-tools |
312 | + to run mdadm (to activate degraded arrays) and call back at least |
313 | + 30 times/seconds more. |
314 | + * Dropped changes: |
315 | + - Included in new upstream version: |
316 | + - SECURITY UPDATE: Out-of-bounds write |
317 | + - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of |
318 | + heap space in lib/luks2/luks2_json_metadata.c. |
319 | + - CVE-2020-14382 |
320 | + - included in Debian: |
321 | + - debian/cryptsetup-bin.install: |
322 | + - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where |
323 | + it was installed from ./scripts/crypsetup.conf. |
324 | + - debian/rules: |
325 | + - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even |
326 | + without systemd knows how to ship cryptsetup.conf |
327 | + |
328 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 10 Nov 2020 10:37:25 +1300 |
329 | + |
330 | cryptsetup (2:2.3.4-1) unstable; urgency=high |
331 | |
332 | * New upstream bugfix release, including fix for CVE-2020-14382: |
333 | @@ -548,6 +823,80 @@ cryptsetup (2:2.3.3-2) unstable; urgency=medium |
334 | |
335 | -- Guilhem Moulin <guilhem@debian.org> Wed, 12 Aug 2020 00:22:59 +0200 |
336 | |
337 | +cryptsetup (2:2.3.3-1ubuntu6) groovy; urgency=medium |
338 | + |
339 | + * Introduce retry logic for external invocations after mdadm (LP: #1879980) |
340 | + - Currently, if an encrypted rootfs is configured on top of a MD RAID1 |
341 | + array and such array gets degraded (e.g., a member is removed/failed) |
342 | + the cryptsetup scripts cannot mount the rootfs, and the boot fails. |
343 | + We fix that issue here by allowing the cryptroot script to be re-run |
344 | + by initramfs-tools/local-block stage, as mdadm can activate degraded |
345 | + arrays at that stage. |
346 | + There is an initramfs-tools counter-part for this fix, but alone the |
347 | + cryptsetup portion is harmless. |
348 | + - d/cryptsetup-initramfs.install: ship the new local-bottom script. |
349 | + - d/functions: declare variables for local-top|block|bottom scripts |
350 | + (flag that local-block is running and external invocation counter.) |
351 | + - d/i/s/local-block/cryptroot: set flag that local-block is running. |
352 | + - d/i/s/local-bottom/cryptroot: clean up the flag and counter files. |
353 | + - d/i/s/local-top/cryptroot: change the logic from just waiting 180 |
354 | + seconds to waiting 5 seconds first, then allowing initramfs-tools |
355 | + to run mdadm (to activate degraded arrays) and call back at least |
356 | + 30 times/seconds more. |
357 | + |
358 | + -- Guilherme G. Piccoli <gpiccoli@canonical.com> Wed, 16 Sep 2020 17:35:59 -0300 |
359 | + |
360 | +cryptsetup (2:2.3.3-1ubuntu5) groovy; urgency=medium |
361 | + |
362 | + * SECURITY UPDATE: Out-of-bounds write |
363 | + - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of |
364 | + heap space in lib/luks2/luks2_json_metadata.c. |
365 | + - CVE-2020-14382 |
366 | + * debian/patches/decrease_memlock_ulimit.patch |
367 | + Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473) |
368 | + tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test. |
369 | + - Thanks Guilherme G. Piccoli. |
370 | + |
371 | + -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Wed, 09 Sep 2020 09:29:17 -0300 |
372 | + |
373 | +cryptsetup (2:2.3.3-1ubuntu4) groovy; urgency=medium |
374 | + |
375 | + * No change rebuild against new json-c ABI. |
376 | + |
377 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 28 Jul 2020 17:42:50 +0100 |
378 | + |
379 | +cryptsetup (2:2.3.3-1ubuntu3) groovy; urgency=medium |
380 | + |
381 | + * debian/rules: |
382 | + - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even |
383 | + without systemd knows how to ship cryptsetup.conf |
384 | + |
385 | + -- Didier Roche <didrocks@ubuntu.com> Thu, 18 Jun 2020 11:44:50 +0200 |
386 | + |
387 | +cryptsetup (2:2.3.3-1ubuntu2) groovy; urgency=medium |
388 | + |
389 | + * debian/cryptsetup-bin.install: |
390 | + - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where |
391 | + it was installed from ./scripts/crypsetup.conf. |
392 | + * Fix warning and error when running on ZFS on root: (LP: #1830110) |
393 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
394 | + major:minor device numbers. |
395 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when |
396 | + devices don't have a devno. |
397 | + Submitted to debian upstream as bug #902449. |
398 | + |
399 | + -- Didier Roche <didrocks@ubuntu.com> Thu, 18 Jun 2020 10:12:10 +0200 |
400 | + |
401 | +cryptsetup (2:2.3.3-1ubuntu1) groovy; urgency=low |
402 | + |
403 | + * Merge from Debian unstable. Remaining changes: |
404 | + - debian/control: |
405 | + + Recommend plymouth. |
406 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
407 | + - Fix cryptroot-unlock for busybox compatibility. |
408 | + |
409 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 09 Jun 2020 10:40:32 -0700 |
410 | + |
411 | cryptsetup (2:2.3.3-1) unstable; urgency=medium |
412 | |
413 | [ Guilhem Moulin ] |
414 | @@ -576,6 +925,16 @@ cryptsetup (2:2.3.2-1) unstable; urgency=medium |
415 | |
416 | -- Guilhem Moulin <guilhem@debian.org> Wed, 06 May 2020 16:22:01 +0200 |
417 | |
418 | +cryptsetup (2:2.3.1-1ubuntu1) groovy; urgency=low |
419 | + |
420 | + * Merge from Debian unstable. Remaining changes: |
421 | + - debian/control: |
422 | + + Recommend plymouth. |
423 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
424 | + - Fix cryptroot-unlock for busybox compatibility. |
425 | + |
426 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 01 May 2020 07:07:58 -0700 |
427 | + |
428 | cryptsetup (2:2.3.1-1) unstable; urgency=medium |
429 | |
430 | * New upstream release. |
431 | @@ -611,6 +970,23 @@ cryptsetup (2:2.3.0-1) unstable; urgency=low |
432 | |
433 | -- Guilhem Moulin <guilhem@debian.org> Wed, 04 Mar 2020 00:48:19 +0100 |
434 | |
435 | +cryptsetup (2:2.2.2-3ubuntu2) focal; urgency=medium |
436 | + |
437 | + * Depend on cryptsetup from cryptsetup-initramfs instead of the dummy |
438 | + cryptsetup-run package. LP: #1864360. |
439 | + |
440 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 27 Feb 2020 00:16:14 -0600 |
441 | + |
442 | +cryptsetup (2:2.2.2-3ubuntu1) focal; urgency=medium |
443 | + |
444 | + * Merge from Debian unstable. Remaining changes: |
445 | + - debian/control: |
446 | + + Recommend plymouth. |
447 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
448 | + - Fix cryptroot-unlock for busybox compatibility. |
449 | + |
450 | + -- Matthias Klose <doko@ubuntu.com> Mon, 10 Feb 2020 09:20:12 +0100 |
451 | + |
452 | cryptsetup (2:2.2.2-3) unstable; urgency=high |
453 | |
454 | * initramfs hook: Workaround fix for the libgcc_s's source location. |
455 | @@ -619,6 +995,16 @@ cryptsetup (2:2.2.2-3) unstable; urgency=high |
456 | |
457 | -- Guilhem Moulin <guilhem@debian.org> Tue, 04 Feb 2020 14:11:12 +0100 |
458 | |
459 | +cryptsetup (2:2.2.2-2ubuntu1) focal; urgency=low |
460 | + |
461 | + * Merge from Debian unstable. Remaining changes: |
462 | + - debian/control: |
463 | + + Recommend plymouth. |
464 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
465 | + - Fix cryptroot-unlock for busybox compatibility. |
466 | + |
467 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 01 Feb 2020 22:11:22 -0800 |
468 | + |
469 | cryptsetup (2:2.2.2-2) unstable; urgency=medium |
470 | |
471 | [ Guilhem Moulin ] |
472 | @@ -636,6 +1022,16 @@ cryptsetup (2:2.2.2-2) unstable; urgency=medium |
473 | |
474 | -- Guilhem Moulin <guilhem@debian.org> Sat, 18 Jan 2020 20:53:19 +0100 |
475 | |
476 | +cryptsetup (2:2.2.2-1ubuntu1) focal; urgency=low |
477 | + |
478 | + * Merge from Debian unstable. Remaining changes: |
479 | + - debian/control: |
480 | + + Recommend plymouth. |
481 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
482 | + - Fix cryptroot-unlock for busybox compatibility. |
483 | + |
484 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 11 Nov 2019 22:07:44 -0800 |
485 | + |
486 | cryptsetup (2:2.2.2-1) unstable; urgency=medium |
487 | |
488 | * New upstream bugfix release. |
489 | @@ -646,6 +1042,16 @@ cryptsetup (2:2.2.2-1) unstable; urgency=medium |
490 | |
491 | -- Guilhem Moulin <guilhem@debian.org> Fri, 01 Nov 2019 19:32:36 +0100 |
492 | |
493 | +cryptsetup (2:2.2.1-1ubuntu1) focal; urgency=low |
494 | + |
495 | + * Merge from Debian unstable. Remaining changes: |
496 | + - debian/control: |
497 | + + Recommend plymouth. |
498 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
499 | + - Fix cryptroot-unlock for busybox compatibility. |
500 | + |
501 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 18 Oct 2019 15:14:29 -0700 |
502 | + |
503 | cryptsetup (2:2.2.1-1) unstable; urgency=medium |
504 | |
505 | * New upstream bugfix release. |
506 | @@ -653,6 +1059,16 @@ cryptsetup (2:2.2.1-1) unstable; urgency=medium |
507 | |
508 | -- Guilhem Moulin <guilhem@debian.org> Fri, 06 Sep 2019 13:28:55 +0200 |
509 | |
510 | +cryptsetup (2:2.2.0-3ubuntu1) eoan; urgency=low |
511 | + |
512 | + * Merge from Debian unstable. Remaining changes: |
513 | + - debian/control: |
514 | + + Recommend plymouth. |
515 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
516 | + - Fix cryptroot-unlock for busybox compatibility. |
517 | + |
518 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 28 Aug 2019 16:13:22 -0700 |
519 | + |
520 | cryptsetup (2:2.2.0-3) unstable; urgency=medium |
521 | |
522 | * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on |
523 | @@ -660,6 +1076,16 @@ cryptsetup (2:2.2.0-3) unstable; urgency=medium |
524 | |
525 | -- Guilhem Moulin <guilhem@debian.org> Mon, 26 Aug 2019 12:53:45 +0200 |
526 | |
527 | +cryptsetup (2:2.2.0-2ubuntu1) eoan; urgency=low |
528 | + |
529 | + * Merge from Debian unstable. Remaining changes: |
530 | + - debian/control: |
531 | + + Recommend plymouth. |
532 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
533 | + - Fix cryptroot-unlock for busybox compatibility. |
534 | + |
535 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Aug 2019 12:25:55 -0700 |
536 | + |
537 | cryptsetup (2:2.2.0-2) unstable; urgency=medium |
538 | |
539 | * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy |
540 | @@ -671,6 +1097,25 @@ cryptsetup (2:2.2.0-2) unstable; urgency=medium |
541 | |
542 | -- Guilhem Moulin <guilhem@debian.org> Wed, 21 Aug 2019 22:45:12 +0200 |
543 | |
544 | +cryptsetup (2:2.2.0-1ubuntu2) eoan; urgency=medium |
545 | + |
546 | + * debian/initramfs/cryptroot-unlock: canonicalize executable paths. |
547 | + Thanks to Paride Legovini <paride.legovini@canonical.com> for the patch. |
548 | + LP: #1840752. |
549 | + |
550 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 20 Aug 2019 15:34:10 -0700 |
551 | + |
552 | +cryptsetup (2:2.2.0-1ubuntu1) eoan; urgency=low |
553 | + |
554 | + * Merge from Debian unstable. Remaining changes: |
555 | + - debian/control: |
556 | + + Recommend plymouth. |
557 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
558 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
559 | + compatibility. |
560 | + |
561 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 20 Aug 2019 14:21:34 +0200 |
562 | + |
563 | cryptsetup (2:2.2.0-1) unstable; urgency=medium |
564 | |
565 | * New upstream release 2.2.0. Highlights include: |
566 | @@ -748,6 +1193,23 @@ cryptsetup (2:2.1.0-6) unstable; urgency=low |
567 | |
568 | -- Guilhem Moulin <guilhem@debian.org> Sat, 20 Jul 2019 22:15:04 -0300 |
569 | |
570 | +cryptsetup (2:2.1.0-5ubuntu2) eoan; urgency=medium |
571 | + |
572 | + * Rebuild against new libjson-c4. |
573 | + |
574 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 29 Jun 2019 13:48:37 +0200 |
575 | + |
576 | +cryptsetup (2:2.1.0-5ubuntu1) eoan; urgency=low |
577 | + |
578 | + * Merge from Debian unstable. Remaining changes: |
579 | + - debian/control: |
580 | + + Recommend plymouth. |
581 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
582 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
583 | + compatibility. |
584 | + |
585 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 14 Jun 2019 14:09:31 -0700 |
586 | + |
587 | cryptsetup (2:2.1.0-5) unstable; urgency=medium |
588 | |
589 | [ Jonas Meurer ] |
590 | @@ -760,6 +1222,17 @@ cryptsetup (2:2.1.0-5) unstable; urgency=medium |
591 | |
592 | -- Guilhem Moulin <guilhem@debian.org> Mon, 10 Jun 2019 14:51:15 +0200 |
593 | |
594 | +cryptsetup (2:2.1.0-4ubuntu1) eoan; urgency=low |
595 | + |
596 | + * Merge from Debian unstable. Remaining changes: |
597 | + - debian/control: |
598 | + + Recommend plymouth. |
599 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
600 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
601 | + compatibility. |
602 | + |
603 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 28 May 2019 18:32:08 -0700 |
604 | + |
605 | cryptsetup (2:2.1.0-4) unstable; urgency=medium |
606 | |
607 | [Guilhem Moulin] |
608 | @@ -779,6 +1252,26 @@ cryptsetup (2:2.1.0-4) unstable; urgency=medium |
609 | |
610 | -- Guilhem Moulin <guilhem@debian.org> Tue, 28 May 2019 17:04:16 +0200 |
611 | |
612 | +cryptsetup (2:2.1.0-3ubuntu2) eoan; urgency=medium |
613 | + |
614 | + * Depend on busybox-initramfs, which is the implementation we actually use |
615 | + for the initramfs and is guaranteed to always be present, instead of |
616 | + busybox-static. |
617 | + |
618 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 09 May 2019 14:47:04 -0700 |
619 | + |
620 | +cryptsetup (2:2.1.0-3ubuntu1) eoan; urgency=low |
621 | + |
622 | + * Merge from Debian unstable. Remaining changes: |
623 | + - debian/control: |
624 | + + Recommend plymouth. |
625 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
626 | + is the one we ship in main as part of the ubuntu-standard task. |
627 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
628 | + compatibility. LP: #1651818 |
629 | + |
630 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 03 May 2019 16:22:03 -0700 |
631 | + |
632 | cryptsetup (2:2.1.0-3) unstable; urgency=medium |
633 | |
634 | * d/scripts/decrypt_opensc: Fix standard output poisoning. Thanks to Nils |
635 | @@ -802,6 +1295,19 @@ cryptsetup (2:2.1.0-2) unstable; urgency=medium |
636 | |
637 | -- Guilhem Moulin <guilhem@debian.org> Thu, 28 Feb 2019 22:32:43 +0100 |
638 | |
639 | +cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium |
640 | + |
641 | + * Merge from Debian unstable. LP: #1815484 |
642 | + * Remaining changes: |
643 | + - debian/control: |
644 | + + Recommend plymouth. |
645 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
646 | + is the one we ship in main as part of the ubuntu-standard task. |
647 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
648 | + compatibility. LP: #1651818 |
649 | + |
650 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 13 Feb 2019 21:28:23 +0000 |
651 | + |
652 | cryptsetup (2:2.1.0-1) unstable; urgency=medium |
653 | |
654 | * New upstream release. Highlights include: |
655 | @@ -844,6 +1350,20 @@ cryptsetup (2:2.1.0-1) unstable; urgency=medium |
656 | |
657 | -- Guilhem Moulin <guilhem@debian.org> Sat, 09 Feb 2019 00:40:17 +0100 |
658 | |
659 | +cryptsetup (2:2.0.6-1ubuntu1) disco; urgency=medium |
660 | + |
661 | + * Merge from Debian unstable. |
662 | + * Remaining changes: |
663 | + - debian/control: |
664 | + + Recommend plymouth. |
665 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
666 | + is the one we ship in main as part of the ubuntu-standard task. |
667 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
668 | + compatibility. LP: #1651818 |
669 | + * Dropped delta sector_size support, merged in Debian. |
670 | + |
671 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 05 Feb 2019 13:43:25 +0000 |
672 | + |
673 | cryptsetup (2:2.0.6-1) unstable; urgency=medium |
674 | |
675 | * New upstream bugfix release. Highlights include: |
676 | @@ -908,6 +1428,27 @@ cryptsetup (2:2.0.4-3) unstable; urgency=medium |
677 | |
678 | -- Guilhem Moulin <guilhem@debian.org> Mon, 22 Oct 2018 17:45:35 +0200 |
679 | |
680 | +cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium |
681 | + |
682 | + * Implement support for --sector-size cryptsetup plain mode option in |
683 | + crypttab. Matching support is also proposed to systemd-cryptsetup as |
684 | + well. LP: #1776626 |
685 | + |
686 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 31 Aug 2018 17:00:07 +0100 |
687 | + |
688 | +cryptsetup (2:2.0.4-2ubuntu1) cosmic; urgency=low |
689 | + |
690 | + * Merge from Debian unstable. LP: #1785610. |
691 | + * Remaining changes: |
692 | + - debian/control: |
693 | + + Recommend plymouth. |
694 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
695 | + is the one we ship in main as part of the ubuntu-standard task. |
696 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
697 | + compatibility. LP: #1651818 |
698 | + |
699 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 22 Aug 2018 22:51:47 +0100 |
700 | + |
701 | cryptsetup (2:2.0.4-2) unstable; urgency=medium |
702 | |
703 | * debian/cryptsetup-initramfs.preinst: Don't try to overwrite |
704 | @@ -940,6 +1481,28 @@ cryptsetup (2:2.0.3-7) unstable; urgency=medium |
705 | |
706 | -- Guilhem Moulin <guilhem@debian.org> Mon, 30 Jul 2018 16:32:07 +0800 |
707 | |
708 | +cryptsetup (2:2.0.3-6ubuntu1) cosmic; urgency=low |
709 | + |
710 | + * Merge from Debian unstable. LP: #1781912. |
711 | + * Remaining changes: |
712 | + - debian/control: |
713 | + + Recommend plymouth. |
714 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
715 | + is the one we ship in main as part of the ubuntu-standard task. |
716 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
717 | + compatibility. LP: #1651818 |
718 | + * Dropped changes, included in Debian: |
719 | + - Drop explicit libgcrypt20 dependency from libcryptsetup4. |
720 | + - Drop the CRYPTSETUP variable warning from the initramfs hook, as |
721 | + overlayroot package ships a dropin in conf-hooks.d triggering false |
722 | + warnings. |
723 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
724 | + - Drop c99 std, as the default is now higher than that |
725 | + * Dropped changes, no longer needed: |
726 | + - Add maintscript to drop removed upstart system jobs. |
727 | + |
728 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 16 Jul 2018 08:27:58 -0400 |
729 | + |
730 | cryptsetup (2:2.0.3-6) unstable; urgency=medium |
731 | |
732 | * debian/TODO.md: Remove mention of parent device detection for mdadm |
733 | @@ -1224,6 +1787,45 @@ cryptsetup (2:2.0.3-1) unstable; urgency=medium |
734 | |
735 | -- Jonas Meurer <jonas@freesources.org> Fri, 15 Jun 2018 15:32:16 +0200 |
736 | |
737 | +cryptsetup (2:2.0.2-1ubuntu3) cosmic; urgency=medium |
738 | + |
739 | + * No-change rebuild against libargon2-1 |
740 | + |
741 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 10 Jul 2018 17:01:23 +0000 |
742 | + |
743 | +cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium |
744 | + |
745 | + * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
746 | + compatibility. LP: #1651818 |
747 | + |
748 | + -- Dimitri John Ledkov 🌈 <xnox@ubuntu.com> Thu, 21 Jun 2018 16:38:31 +0100 |
749 | + |
750 | +cryptsetup (2:2.0.2-1ubuntu1) bionic; urgency=low |
751 | + |
752 | + * Merge from Debian unstable. |
753 | + - bugfix upstream release, which solves problems with luks2 format |
754 | + disks not unlocking. LP: #1755322. |
755 | + * Remaining changes: |
756 | + - debian/control: |
757 | + + Depend on plymouth. |
758 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
759 | + is the one we ship in main as part of the ubuntu-standard task. |
760 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
761 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
762 | + - Drop c99 std, as the default is now higher than that |
763 | + - Drop upstart system jobs. |
764 | + - Add maintscript to drop removed upstart system jobs. |
765 | + - debian has its own now, but we have different version numbers. |
766 | + this delta can be dropped after 18.04 release. |
767 | + - Drop the CRYPTSETUP variable warning from the initramfs hook, as |
768 | + overlayroot package ships a dropin in conf-hooks.d triggering false |
769 | + warnings. |
770 | + * Dropped changes: |
771 | + - debian/cryptdisks{,-udev}.maintscript: drop, there is no package named |
772 | + 'cryptdisks' or 'cryptdisks-udev'. |
773 | + |
774 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 06 Apr 2018 10:23:53 -0700 |
775 | + |
776 | cryptsetup (2:2.0.2-1) unstable; urgency=low |
777 | |
778 | * New upstream release 2.0.2 |
779 | @@ -1253,6 +1855,40 @@ cryptsetup (2:2.0.1-1) unstable; urgency=low |
780 | |
781 | -- Guilhem Moulin <guilhem@debian.org> Sun, 11 Feb 2018 00:02:05 +0100 |
782 | |
783 | +cryptsetup (2:2.0.1-0ubuntu2) bionic; urgency=medium |
784 | + |
785 | + * Drop the CRYPTSETUP variable warning from the initramfs hook, as |
786 | + overlayroot package ships a dropin in conf-hooks.d triggering false |
787 | + warnings. |
788 | + |
789 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 22 Feb 2018 14:49:16 +0000 |
790 | + |
791 | +cryptsetup (2:2.0.1-0ubuntu1) bionic; urgency=medium |
792 | + |
793 | + * Merge from Debian unstable. Remaining changes: |
794 | + - debian/control: |
795 | + + Depend on plymouth. |
796 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
797 | + is the one we ship in main as part of the ubuntu-standard task. |
798 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
799 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
800 | + - Drop c99 std, as the default is now higher than that |
801 | + - Drop upstart system jobs. |
802 | + - Add maintscript to drop removed upstart system jobs. |
803 | + - debian has its own now, but we have different version numbers |
804 | + * New upstream release |
805 | + * Cherry-pick Guilhem Moulin's changes below from Debian git |
806 | + |
807 | + [ Guilhem Moulin ] |
808 | + * New upstream release 2.0.1: |
809 | + - Use /run/cryptsetup as default for cryptsetup locking dir. |
810 | + - Add missing symbols for new functions to debian/libcryptsetup12.symbols. |
811 | + * debian/copyright: update copyright years. |
812 | + * debian/patches: backport upstream's 8728ba08 to fix opening of loop-AES |
813 | + devices using --key-file=-. (Closes: #888162.) |
814 | + |
815 | + -- Julian Andres Klode <juliank@ubuntu.com> Mon, 29 Jan 2018 13:48:55 +0100 |
816 | + |
817 | cryptsetup (2:2.0.0-1) unstable; urgency=low |
818 | |
819 | [ Guilhem Moulin ] |
820 | @@ -1302,6 +1938,26 @@ cryptsetup (2:2.0.0~rc0-1) experimental; urgency=low |
821 | |
822 | -- Guilhem Moulin <guilhem@debian.org> Tue, 03 Oct 2017 03:37:36 +0200 |
823 | |
824 | +cryptsetup (2:1.7.5-1ubuntu1) bionic; urgency=low |
825 | + |
826 | + * Merge from Debian unstable. Remaining changes: |
827 | + - debian/control: |
828 | + + Depend on plymouth. |
829 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
830 | + is the one we ship in main as part of the ubuntu-standard task. |
831 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
832 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
833 | + - Drop c99 std, as the default is now higher than that |
834 | + - Drop upstart system jobs. |
835 | + - Add maintscript to drop removed upstart system jobs. |
836 | + * Merged upstream: |
837 | + - d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat |
838 | + with recent FIPS enabled kernels. |
839 | + * Merged in Debian: |
840 | + - Use DEB_VERSION from dpkg/default.mk for pod2man release variable |
841 | + |
842 | + -- Julian Andres Klode <juliank@ubuntu.com> Wed, 17 Jan 2018 21:39:10 +0100 |
843 | + |
844 | cryptsetup (2:1.7.5-1) unstable; urgency=low |
845 | |
846 | * New upstream release 1.7.5. |
847 | @@ -1324,6 +1980,25 @@ cryptsetup (2:1.7.5-1) unstable; urgency=low |
848 | |
849 | -- Guilhem Moulin <guilhem@debian.org> Thu, 14 Sep 2017 13:00:23 +0200 |
850 | |
851 | +cryptsetup (2:1.7.3-4ubuntu1) artful; urgency=low |
852 | + |
853 | + * New upstream release, merge from Debian unstable. Remaining |
854 | + Ubuntu changes: |
855 | + - debian/control: |
856 | + + Depend on plymouth. |
857 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
858 | + is the one we ship in main as part of the ubuntu-standard task. |
859 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
860 | + * d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat |
861 | + with recent FIPS enabled kernels. |
862 | + * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
863 | + * Drop c99 std, as the default is now higher than that |
864 | + * Use DEB_VERSION from dpkg/default.mk for pod2man release variable |
865 | + * Drop upstart system jobs. |
866 | + * Add maintscript to drop removed upstart system jobs. |
867 | + |
868 | + -- Andy Whitcroft <apw@ubuntu.com> Thu, 10 Aug 2017 14:07:29 +0100 |
869 | + |
870 | cryptsetup (2:1.7.3-4) unstable; urgency=high |
871 | |
872 | [ Guilhem Moulin ] |
873 | @@ -1536,6 +2211,40 @@ cryptsetup (2:1.7.2-1) unstable; urgency=medium |
874 | |
875 | -- Jonas Meurer <mejo@debian.org> Wed, 05 Oct 2016 20:53:09 +0200 |
876 | |
877 | +cryptsetup (2:1.7.2-0ubuntu4) artful; urgency=medium |
878 | + |
879 | + * Add maintscript to drop removed upstart system jobs. |
880 | + |
881 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 21 Aug 2017 11:36:04 +0100 |
882 | + |
883 | +cryptsetup (2:1.7.2-0ubuntu3) artful; urgency=medium |
884 | + |
885 | + * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCe |
886 | + * Drop c99 std, as the default is now higher than that |
887 | + * Use DEB_VERSION from dpkg/default.mk for pod2man release variable |
888 | + |
889 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 19 Aug 2017 21:46:19 +0100 |
890 | + |
891 | +cryptsetup (2:1.7.2-0ubuntu2) artful; urgency=medium |
892 | + |
893 | + * Drop upstart system jobs. |
894 | + |
895 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 19 Aug 2017 20:57:17 +0100 |
896 | + |
897 | +cryptsetup (2:1.7.2-0ubuntu1) yakkety; urgency=medium |
898 | + |
899 | + * New upstream release, merge from Debian unstable (LP: #1548137). Remaining |
900 | + Ubuntu changes: |
901 | + - debian/control: |
902 | + + Bump initramfs-tools Suggests to Depends: so system is not |
903 | + potentially rendered unbootable. |
904 | + + Depend on plymouth. |
905 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
906 | + is the one we ship in main as part of the ubuntu-standard task. |
907 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
908 | + |
909 | + -- Unit 193 <unit193@ubuntu.com> Wed, 22 Jun 2016 16:30:01 -0400 |
910 | + |
911 | cryptsetup (2:1.7.0-2) unstable; urgency=medium |
912 | |
913 | [ Guilhem Moulin ] |
914 | @@ -1610,6 +2319,35 @@ cryptsetup (2:1.7.0-1) unstable; urgency=medium |
915 | |
916 | -- Jonas Meurer <mejo@debian.org> Thu, 07 Jan 2016 02:22:33 +0100 |
917 | |
918 | +cryptsetup (2:1.6.6-5ubuntu2) wily; urgency=medium |
919 | + |
920 | + * Fix stupid typo in Recommends "busybox | busybox-static" inversion. |
921 | + Fixes binary moves for busybox into main. |
922 | + |
923 | + -- Andy Whitcroft <apw@ubuntu.com> Fri, 21 Aug 2015 08:56:34 +0100 |
924 | + |
925 | +cryptsetup (2:1.6.6-5ubuntu1) wily; urgency=low |
926 | + |
927 | + * Merge from Debian unstable. Remaining changes: |
928 | + - debian/control: |
929 | + + Bump initramfs-tools Suggests to Depends: so system is not |
930 | + potentially rendered unbootable. |
931 | + + Depend on plymouth. |
932 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
933 | + is the one we ship in main as part of the ubuntu-standard task. |
934 | + + Drop explicit libgcrypt11 dependency from libcryptsetup4. |
935 | + * Dropped changes, now in Debian: |
936 | + - Remove hardcoded paths to udevadm. |
937 | + - debian/initramfs/cryptroot-hook: |
938 | + + Do not unconditionally include cryptsetup utils in the initramfs. |
939 | + + Do not include any modules or utils in the initramfs, unless |
940 | + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in |
941 | + the initramfs.conf configuration file. |
942 | + - debian/cryptsetup.maintscripts: |
943 | + + Migrate upstart jobs to new names. |
944 | + |
945 | + -- Andy Whitcroft <apw@ubuntu.com> Tue, 07 Jul 2015 16:58:45 +0100 |
946 | + |
947 | cryptsetup (2:1.6.6-5) unstable; urgency=high |
948 | |
949 | * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart |
950 | @@ -1762,6 +2500,71 @@ cryptsetup (2:1.6.4-1) unstable; urgency=low |
951 | |
952 | -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:14:55 +0200 |
953 | |
954 | +cryptsetup (2:1.6.1-1ubuntu7) vivid; urgency=medium |
955 | + |
956 | + * Drop explicit libgcrypt11 dependency from libcryptsetup4. |
957 | + |
958 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 27 Mar 2015 18:24:38 -0600 |
959 | + |
960 | +cryptsetup (2:1.6.1-1ubuntu6) vivid; urgency=medium |
961 | + |
962 | + * No-change rebuild for the libgcrypt20 transition. |
963 | + |
964 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 27 Mar 2015 06:16:08 -0600 |
965 | + |
966 | +cryptsetup (2:1.6.1-1ubuntu5) vivid; urgency=medium |
967 | + |
968 | + * ./debian/scripts/luksformat: Drop luksFormat -s and --ciper options. They |
969 | + aren't necessary any more, and aes-cbc-essiv:sha256 is obsolete. This will |
970 | + now use aes-xts-plain64 by default. (LP: #1414719) |
971 | + |
972 | + -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 27 Feb 2015 09:37:05 +0100 |
973 | + |
974 | +cryptsetup (2:1.6.1-1ubuntu4) vivid; urgency=medium |
975 | + |
976 | + * No change rebuild to get debug symbols for all architectures. |
977 | + |
978 | + -- Brian Murray <brian@ubuntu.com> Wed, 03 Dec 2014 08:03:31 -0800 |
979 | + |
980 | +cryptsetup (2:1.6.1-1ubuntu3) utopic; urgency=high |
981 | + |
982 | + * No change rebuild against new dh_installinit, to call update-rc.d at |
983 | + postinst. |
984 | + |
985 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:39:30 +0100 |
986 | + |
987 | +cryptsetup (2:1.6.1-1ubuntu2) utopic; urgency=medium |
988 | + |
989 | + * debian/askpass.c: |
990 | + - Fix bug (LP: #1301086) where askpass fails to restore terminal |
991 | + settings. |
992 | + |
993 | + -- Robert Barabas <dc@0xdc.org> Fri, 18 Apr 2014 14:08:51 -0400 |
994 | + |
995 | +cryptsetup (2:1.6.1-1ubuntu1) trusty; urgency=low |
996 | + |
997 | + * Merge from debian unstable, remaining changes: |
998 | + - debian/control: |
999 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1000 | + potentially rendered unbootable. |
1001 | + + Depend on plymouth. |
1002 | + |
1003 | + - Invert the "busybox | busybox-static" Recommends, as the latter is |
1004 | + the one we ship in main as part of the ubuntu-standard task. |
1005 | + |
1006 | + - Remove hardcoded paths to udevadm (LP: #1184066). |
1007 | + |
1008 | + - debian/initramfs/cryptroot-hook: |
1009 | + + Do not unconditionally include cryptsetup utils in the initramfs. |
1010 | + + Do not include any modules or utils in the initramfs, unless |
1011 | + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in |
1012 | + the initramfs.conf configuration file. |
1013 | + |
1014 | + - debian/cryptsetup.maintscripts: |
1015 | + + Migrate upstart jobs to new names. |
1016 | + |
1017 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Fri, 01 Nov 2013 16:48:57 +0000 |
1018 | + |
1019 | cryptsetup (2:1.6.1-1) unstable; urgency=low |
1020 | |
1021 | [ Milan Broz ] |
1022 | @@ -1803,6 +2606,50 @@ cryptsetup (2:1.6.1-1) unstable; urgency=low |
1023 | |
1024 | -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:10:41 +0200 |
1025 | |
1026 | +cryptsetup (2:1.4.3-4ubuntu4) saucy; urgency=low |
1027 | + |
1028 | + * debian/initramfs/cryptroot-hook: |
1029 | + - Do not unconditionally include cryptsetup utils in the initramfs. |
1030 | + - Do not include any modules or utils in the initramfs, unless |
1031 | + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in |
1032 | + the initramfs.conf configuration file. |
1033 | + |
1034 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Mon, 10 Jun 2013 16:25:46 +0100 |
1035 | + |
1036 | +cryptsetup (2:1.4.3-4ubuntu3) saucy; urgency=low |
1037 | + |
1038 | + * Remove hardcoded paths to udevadm (LP: #1184066). |
1039 | + |
1040 | + -- Colin Watson <cjwatson@ubuntu.com> Tue, 28 May 2013 11:27:27 +0100 |
1041 | + |
1042 | +cryptsetup (2:1.4.3-4ubuntu2) raring; urgency=low |
1043 | + |
1044 | + * Invert the "busybox | busybox-static" Recommends, as the latter |
1045 | + is the one we ship in main as part of the ubuntu-standard task. |
1046 | + |
1047 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 16 Nov 2012 01:14:35 -0700 |
1048 | + |
1049 | +cryptsetup (2:1.4.3-4ubuntu1) raring; urgency=low |
1050 | + |
1051 | + * Merge from debian unstable, remaining changes: |
1052 | + - debian/control: |
1053 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1054 | + potentially rendered unbootable. |
1055 | + + Depend on plymouth. |
1056 | + |
1057 | + - init/upstart jobs: |
1058 | + + Rename cryptddisks{,-early}.upstart jobs to |
1059 | + cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs |
1060 | + for now. |
1061 | + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1062 | + script a no-op, this should be handled entirely by the upstart job; |
1063 | + and fix the LSB header to not declare this should be started in |
1064 | + runlevel 'S'. |
1065 | + + Do not install start symlinks for init scripts |
1066 | + + NB! shutdown is still handled by the SystemV init scripts |
1067 | + |
1068 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Tue, 13 Nov 2012 11:17:57 +0000 |
1069 | + |
1070 | cryptsetup (2:1.4.3-4) unstable; urgency=medium |
1071 | |
1072 | * change recommends for busybox to busybox | busybox-static. Thanks to |
1073 | @@ -1835,6 +2682,50 @@ cryptsetup (2:1.4.3-3) unstable; urgency=medium |
1074 | |
1075 | -- Jonas Meurer <mejo@debian.org> Thu, 01 Nov 2012 15:34:09 +0100 |
1076 | |
1077 | +cryptsetup (2:1.4.3-2ubuntu1) quantal; urgency=low |
1078 | + |
1079 | + * Merge from debian unstable (LP: #1015753), remaining changes: |
1080 | + - debian/control: |
1081 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1082 | + potentially rendered unbootable. |
1083 | + + Depend on plymouth. |
1084 | + |
1085 | + - init/upstart jobs: |
1086 | + + Add debian/cryptdisks-{enable,udev}.upstart for bootup. |
1087 | + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1088 | + script a no-op, this should be handled entirely by the upstart job; |
1089 | + and fix the LSB header to not declare this should be started in |
1090 | + runlevel 'S'. |
1091 | + + Do not install start symlinks for init scripts |
1092 | + + NB! shutdown is still handled by the SystemV init scripts |
1093 | + |
1094 | + * Rename cryptddisks{,-early}.upstart jobs back to |
1095 | + cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs |
1096 | + for now. |
1097 | + |
1098 | + * Dropped Changes, included in Debian: |
1099 | + - debian/control: |
1100 | + + Split up package in cryptsetup and cryptsetup-bin. (LP: #343363). |
1101 | + |
1102 | + - debian/cryptdisks.functions: |
1103 | + + Do not overwrite existing filesystems when creating swap (LP: #474258). |
1104 | + + Add aesni module when we have hardware encryption. |
1105 | + + Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/874774 |
1106 | + + Suppress "Starting init crypto disks" message in "init" phase, to |
1107 | + avoid writing over fsck progress text. |
1108 | + + new function, crypttab_start_one_disk, to look for the named source |
1109 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1110 | + if configured to do so |
1111 | + + handle the case where crypttab contains a name for the source |
1112 | + device that is not the kernel's preferred name for it (as is the case |
1113 | + for LVs). |
1114 | + |
1115 | + - debian/initramfs/cryptroot-hook: |
1116 | + + Quiet warnings from find on arches that don't have all the |
1117 | + kernel/{arch,crypto} bits we're testing for. |
1118 | + |
1119 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Tue, 21 Aug 2012 11:57:28 +0100 |
1120 | + |
1121 | cryptsetup (2:1.4.3-2) unstable; urgency=medium |
1122 | |
1123 | * fix the shared library symbols magic: so far, the symbols file for |
1124 | @@ -1910,6 +2801,64 @@ cryptsetup (2:1.4.1-3) unstable; urgency=low |
1125 | |
1126 | -- Jonas Meurer <mejo@debian.org> Wed, 11 Apr 2012 23:55:35 +0200 |
1127 | |
1128 | +cryptsetup (2:1.4.1-2ubuntu4) precise; urgency=low |
1129 | + |
1130 | + * Our swap creation can trigger udev change events, which means udev may be |
1131 | + holding the device open at the time we try to call 'dmsetup rename' and |
1132 | + cause the /subsequent/ events to be missed because of dmsetup creating |
1133 | + device nodes by hand. So call 'udevadm settle' before 'dmsetup rename', |
1134 | + to ensure blkid is out of the way first. This should ensure swap |
1135 | + partitions are found by mountall in a non-racy manner. LP: #874774. |
1136 | + |
1137 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 13 Apr 2012 20:23:21 -0700 |
1138 | + |
1139 | +cryptsetup (2:1.4.1-2ubuntu3) precise; urgency=low |
1140 | + |
1141 | + * Start cryptdisks-enable upstart job on 'or container', to let us |
1142 | + simplify the udevtrigger job. |
1143 | + |
1144 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 04 Apr 2012 17:02:00 -0700 |
1145 | + |
1146 | +cryptsetup (2:1.4.1-2ubuntu2) precise; urgency=low |
1147 | + |
1148 | + * Split up package in cryptsetup and cryptsetup-bin. (LP: #343363). |
1149 | + * Do not overwrite existing filesystems when creating swap (LP: #474258). |
1150 | + * Add aesni module when we have hardware encryption. |
1151 | + |
1152 | + -- Jean-Louis Dupond <jean-louis@dupond.be> Mon, 12 Mar 2012 10:14:30 +0100 |
1153 | + |
1154 | +cryptsetup (2:1.4.1-2ubuntu1) precise; urgency=low |
1155 | + |
1156 | + [ Jean-Louis Dupond ] |
1157 | + * Merge from debian unstable (LP: #776264), remaining changes: |
1158 | + - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message |
1159 | + in "init" phase, to avoid writing over fsck progress text. |
1160 | + - debian/cryptroot-hook: Quiet warnings from find on arches that |
1161 | + don't have all the kernel/{arch,crypto} bits we're testing for. |
1162 | + - debian/control: |
1163 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1164 | + potentially rendered unbootable. |
1165 | + + Depend on plymouth. |
1166 | + - Add debian/cryptdisks-{enable,udev}.upstart. |
1167 | + - debian/cryptdisks.functions: |
1168 | + + new function, crypttab_start_one_disk, to look for the named source |
1169 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1170 | + if configured to do so |
1171 | + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1172 | + script a no-op, this should be handled entirely by the upstart job; |
1173 | + and fix the LSB header to not declare this should be started in |
1174 | + runlevel 'S' |
1175 | + - debian/rules: |
1176 | + + Do not install start symlinks for init scripts, and |
1177 | + install debian/cryptdisks-{enable,udev}.upstart scripts. |
1178 | + |
1179 | + [ Steve Langasek ] |
1180 | + * debian/cryptdisks.functions: handle the case where crypttab contains a |
1181 | + name for the source device that is not the kernel's preferred name for |
1182 | + it (as is the case for LVs). |
1183 | + |
1184 | + -- Jean-Louis Dupond <jean-louis@dupond.be> Thu, 08 Mar 2012 07:32:40 +0100 |
1185 | + |
1186 | cryptsetup (2:1.4.1-2) unstable; urgency=low |
1187 | |
1188 | * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182) |
1189 | @@ -2119,6 +3068,56 @@ cryptsetup (2:1.2.0-1) experimental; urgency=low |
1190 | |
1191 | -- Jonas Meurer <mejo@debian.org> Sun, 16 Jan 2011 01:01:03 +0100 |
1192 | |
1193 | +cryptsetup (2:1.1.3-4ubuntu3) precise; urgency=low |
1194 | + |
1195 | + [ Pali Rohar ] |
1196 | + * debian/cryptdisks.functions: Suppress "Starting init crypto disks" message |
1197 | + in "init" phase, to avoid writing over fsck progress text. |
1198 | + |
1199 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 26 Oct 2011 09:16:15 +0200 |
1200 | + |
1201 | +cryptsetup (2:1.1.3-4ubuntu2) oneiric; urgency=low |
1202 | + |
1203 | + * debian/cryptroot-hook: Quiet warnings from find on arches that |
1204 | + don't have all the kernel/{arch,crypto} bits we're testing for. |
1205 | + |
1206 | + -- Adam Conrad <adconrad@ubuntu.com> Sat, 01 Oct 2011 00:33:00 -0600 |
1207 | + |
1208 | +cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low |
1209 | + |
1210 | + * Merge from debian unstable (LP: #682177), remaining changes: |
1211 | + - debian/control: |
1212 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1213 | + potentially rendered unbootable. |
1214 | + + Depend on plymouth. |
1215 | + - Add debian/cryptdisks-{enable,udev}.upstart. |
1216 | + - debian/cryptdisks.functions: |
1217 | + + new function, crypttab_start_one_disk, to look for the named source |
1218 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1219 | + if configured to do so |
1220 | + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure |
1221 | + we only ever have one of these running at a time; otherwise multiple |
1222 | + invocations could steal each other's input and/or write over each |
1223 | + other's output |
1224 | + + when called by cryptdisks-enable, check that we don't already have a |
1225 | + corresponding cryptdisks-udev job running (probably waiting for a |
1226 | + passphrase); if there is, wait until it's finished before continuing. |
1227 | + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1228 | + script a no-op, this should be handled entirely by the upstart job; |
1229 | + and fix the LSB header to not declare this should be started in |
1230 | + runlevel 'S' |
1231 | + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on |
1232 | + upgrade. |
1233 | + - debian/rules: |
1234 | + + Do not install start symlinks for init scripts, and |
1235 | + install debian/cryptdisks-{enable,udev}.upstart scripts. |
1236 | + + link dynamically against libgcrypt and libgpg-error. |
1237 | + - Add debian/cryptsetup.apport: Apport package hook. Install in |
1238 | + debian/rules and create dir in debian/cryptsetup.dirs. |
1239 | + - debian/cryptsetup.postrm: call update-initramfs on package removal. |
1240 | + |
1241 | + -- Lorenzo De Liso <blackz@ubuntu.com> Sat, 27 Nov 2010 17:37:43 +0100 |
1242 | + |
1243 | cryptsetup (2:1.1.3-4) unstable; urgency=high |
1244 | |
1245 | * bump standards-version to 3.9.1, no changes required |
1246 | @@ -2224,6 +3223,69 @@ cryptsetup (2:1.1.3-1) unstable; urgency=low |
1247 | |
1248 | -- Jonas Meurer <mejo@debian.org> Sat, 10 Jul 2010 14:32:40 +0200 |
1249 | |
1250 | +cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low |
1251 | + |
1252 | + * Merge from Debian unstable (LP: #594365). Remaining changes: |
1253 | + - debian/control: |
1254 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1255 | + potentially rendered unbootable. |
1256 | + + Depend on plymouth. |
1257 | + - Add debian/cryptdisks-{enable,udev}.upstart. |
1258 | + - debian/cryptdisks.functions: |
1259 | + + new function, crypttab_start_one_disk, to look for the named source |
1260 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1261 | + if configured to do so |
1262 | + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure |
1263 | + we only ever have one of these running at a time; otherwise multiple |
1264 | + invocations could steal each other's input and/or write over each |
1265 | + other's output |
1266 | + + initially create the device under a temporary name and rename it only |
1267 | + at the end using 'dmsetup rename', to ensure that upstart/mountall |
1268 | + doesn't see our device before it's ready to go. |
1269 | + + do_tmp should mount under /var/run/cryptsetup for changing the |
1270 | + permissions of the filesystem root, not directly on /tmp, since |
1271 | + mounting on /tmp a) is racy, b) confuses mountall something fierce. |
1272 | + + when called by cryptdisks-enable, check that we don't already have a |
1273 | + corresponding cryptdisks-udev job running (probably waiting for a |
1274 | + passphrase); if there is, wait until it's finished before continuing. |
1275 | + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1276 | + script a no-op, this should be handled entirely by the upstart job; |
1277 | + and fix the LSB header to not declare this should be started in |
1278 | + runlevel 'S' |
1279 | + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on |
1280 | + upgrade. |
1281 | + - debian/rules: Do not install start symlinks for init scripts, and |
1282 | + install debian/cryptdisks-{enable,udev}.upstart scripts. |
1283 | + - Add debian/cryptsetup.apport: Apport package hook. Install in |
1284 | + debian/rules and create dir in debian/cryptsetup.dirs. |
1285 | + - debian/rules: link dynamically against libgcrypt and libgpg-error. |
1286 | + - debian/cryptsetup.postrm: call update-initramfs on package removal. |
1287 | + * Dropped changes, merged/superseded in Debian: |
1288 | + - Add ext4 support to passdev. |
1289 | + - cryptroot-hook: don't call copy_modules_dir with empty arguments when |
1290 | + archcrypto isn't found |
1291 | + - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into |
1292 | + the initramfs. |
1293 | + - change interaction to use plymouth directly if present, and if not, to |
1294 | + fall back to /lib/cryptsetup/askpass as before |
1295 | + - cryptdisks.functions: replace 'echo -e' bashism with 'printf'. |
1296 | + - debian/initramfs/cryptroot-script: if plymouth is present in the |
1297 | + initramfs, use this directly, bypassing the cryptsetup askpass script |
1298 | + - debian/initramfs/cryptroot-hook: Properly anchor our regexps when |
1299 | + grepping /etc/crypttab so that we don't incorrectly match device names |
1300 | + that are substrings of one another. |
1301 | + - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot |
1302 | + file descriptor to subprocesses. |
1303 | + - Fix grammar error in debian/initramfs/cryptroot-script |
1304 | + ("setup" -> "set up") |
1305 | + - debian/initramfs/cryptroot-script: Fix this to work with current |
1306 | + initramfs-tools: |
1307 | + + Source /scripts/functions after checking for prerequisites. |
1308 | + + prereqs(): Do not assume we are running within initramfs, and |
1309 | + calculate relative path correctly. |
1310 | + |
1311 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 14 Jun 2010 21:47:28 -0700 |
1312 | + |
1313 | cryptsetup (2:1.1.2-1) unstable; urgency=low |
1314 | |
1315 | * new upstream release, changes include: |
1316 | @@ -2341,6 +3403,171 @@ cryptsetup (2:1.1.0-1) unstable; urgency=low |
1317 | |
1318 | -- Jonas Meurer <mejo@debian.org> Mon, 08 Mar 2010 14:15:35 +0100 |
1319 | |
1320 | +cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low |
1321 | + |
1322 | + [ David Stansby ] |
1323 | + * Fix grammar error in debian/initramfs/cryptroot-script |
1324 | + ("setup" -> "set up") (LP: #578896) |
1325 | + |
1326 | + -- James Westby <james.westby@ubuntu.com> Mon, 17 May 2010 13:33:40 +0100 |
1327 | + |
1328 | +cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low |
1329 | + |
1330 | + * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot |
1331 | + file descriptor to subprocesses. |
1332 | + |
1333 | + -- Colin Watson <cjwatson@ubuntu.com> Mon, 29 Mar 2010 22:18:36 +0100 |
1334 | + |
1335 | +cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low |
1336 | + |
1337 | + * debian/initramfs/cryptroot-hook: Properly anchor our regexps when |
1338 | + grepping /etc/crypttab so that we don't incorrectly match device names |
1339 | + that are substrings of one another. |
1340 | + * debian/cryptdisks-{enable,udev}.conf, debian/control: drop |
1341 | + 'console output' and add a hard dependency on plymouth instead of |
1342 | + watershed, to avoid spitting extra messages to the console. |
1343 | + |
1344 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 18 Feb 2010 06:19:19 -0800 |
1345 | + |
1346 | +cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low |
1347 | + |
1348 | + * Set FRAMEBUFFER=y in the file that we actually ship. |
1349 | + * debian/cryptsetup.postrm: call update-initramfs on package removal. |
1350 | + LP: #468228. |
1351 | + |
1352 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 25 Jan 2010 03:07:52 -0800 |
1353 | + |
1354 | +cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low |
1355 | + |
1356 | + * cryptdisks.functions: replace 'echo -e' bashism with 'printf'. |
1357 | + * cryptdisks.functions: when called by cryptdisks-enable, check that we |
1358 | + don't already have a corresponding cryptdisks-udev job running (probably |
1359 | + waiting for a passphrase); if there is, wait until it's finished before |
1360 | + continuing. |
1361 | + |
1362 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 21 Jan 2010 14:57:21 +0000 |
1363 | + |
1364 | +cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low |
1365 | + |
1366 | + * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the |
1367 | + initramfs. |
1368 | + * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the |
1369 | + invocation of plymouth, so that we actually get proper passphrase prompts |
1370 | + (once bug #496765 is fixed). |
1371 | + |
1372 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 16 Jan 2010 02:32:41 -0800 |
1373 | + |
1374 | +cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low |
1375 | + |
1376 | + * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for |
1377 | + changing the permissions of the filesystem root, not directly on /tmp, |
1378 | + since mounting on /tmp a) is racy, b) confuses mountall something fierce. |
1379 | + LP: #475936. |
1380 | + |
1381 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 22 Dec 2009 20:24:28 +0000 |
1382 | + |
1383 | +cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low |
1384 | + |
1385 | + * Depend on watershed. |
1386 | + |
1387 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 22 Dec 2009 01:37:36 +0000 |
1388 | + |
1389 | +cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low |
1390 | + |
1391 | + [ Steve Langasek ] |
1392 | + * Fix the LSB header in the init scripts, now that we don't install to |
1393 | + rcS.d. |
1394 | + |
1395 | + [ Martin Pitt ] |
1396 | + * debian/initramfs/cryptroot-script: Fix this to work with current |
1397 | + initramfs-tools: |
1398 | + - Source /scripts/functions after checking for prerequisites. |
1399 | + - prereqs(): Do not assume we are running within initramfs, and calculate |
1400 | + relative path correctly. |
1401 | + |
1402 | + -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 18 Dec 2009 17:07:07 +0100 |
1403 | + |
1404 | +cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low |
1405 | + |
1406 | + * Rename the upstart job introduced in the previous upload to |
1407 | + cryptdisks-udev and restore the previous version of the job as |
1408 | + cryptdisks-enable, to run at the end of udev coldplugging as before; |
1409 | + this isn't entirely race-free, but should nevertheless give us the |
1410 | + two passes needed to cover devices that are decrypted using keys stored |
1411 | + on other encrypted disks. LP: #443980. |
1412 | + |
1413 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 16 Dec 2009 06:41:30 +0000 |
1414 | + |
1415 | +cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low |
1416 | + |
1417 | + [ Steve Langasek ] |
1418 | + * debian/initramfs/cryptroot-script: if plymouth is present in the |
1419 | + initramfs, use this directly, bypassing the cryptsetup askpass script; |
1420 | + but keep support for these other frontends around on a transitional |
1421 | + basis. |
1422 | + * debian/cryptdisks.functions: |
1423 | + - change interaction to use plymouth directly if present, and if not, to |
1424 | + fall back to /lib/cryptsetup/askpass as before |
1425 | + - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure |
1426 | + we only ever have one of these running at a time; otherwise multiple |
1427 | + invocations could steal each other's input and/or write over each |
1428 | + other's output |
1429 | + - new function, crypttab_start_one_disk, to look for the named source |
1430 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1431 | + if configured to do so |
1432 | + * debian/cryptdisks-enable.upstart: run the upstart job once for each block |
1433 | + device, using the new crypttab_start_one_disk function, triggered by udev; |
1434 | + this doesn't eliminate the possibility of a race with gdm when the |
1435 | + decrypted volume isn't a 'bootwait' mount point (since gdm kills |
1436 | + plymouth), but it does eliminate the race between udev and cryptsetup. |
1437 | + LP: #454898. |
1438 | + * debian/cryptdisks-enable.upstart: check that the package is installed |
1439 | + and exit gracefully if it's not. LP: #435814 |
1440 | + * debian/cryptdisk.functions: initially create the device under a temporary |
1441 | + name and rename it only at the end using 'dmsetup rename', to ensure that |
1442 | + upstart/mountall doesn't see our device before it's ready to go. |
1443 | + LP: #475936. |
1444 | + |
1445 | + [ Colin Watson ] |
1446 | + * Add ext4 support to passdev. |
1447 | + |
1448 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 15 Dec 2009 18:05:45 -0800 |
1449 | + |
1450 | +cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low |
1451 | + |
1452 | + * cryptroot-hook: Use if [ -n … ] instead of if ! test -z …. |
1453 | + |
1454 | + -- Loïc Minier <loic.minier@ubuntu.com> Sat, 12 Dec 2009 11:32:52 +0100 |
1455 | + |
1456 | +cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low |
1457 | + |
1458 | + * cryptroot-hook: dont call copy_modules_dir with empty arguments when |
1459 | + archcrypto isnt found (LP: #495161) |
1460 | + |
1461 | + -- Oliver Grawert <ogra@ubuntu.com> Fri, 11 Dec 2009 14:39:00 +0100 |
1462 | + |
1463 | +cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low |
1464 | + |
1465 | + * Merge with Debian testing. Remaining Ubuntu changes: |
1466 | + - debian/rules: cryptsetup is linked dynamically against libgcrypt and |
1467 | + libgpg-error. |
1468 | + - Upstart migration: |
1469 | + + Add debian/cryptdisks-enable.upstart. |
1470 | + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1471 | + script a no-op, this should be handled entirely by the upstart job. |
1472 | + (LP #473615) |
1473 | + + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on |
1474 | + upgrade. |
1475 | + + debian/rules: Do not install start symlinks for those two, and install |
1476 | + debian/cryptdisks-enable.upstart scripts. |
1477 | + - Add debian/cryptsetup.apport: Apport package hook. Install in |
1478 | + debian/rules, and create dir in debian/cryptsetup.dirs. |
1479 | + - Start usplash in initramfs, since we need it for fancy passphrase input: |
1480 | + + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y |
1481 | + + debian/control: Bump initramfs-tools Suggests to Depends:. |
1482 | + |
1483 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 11 Nov 2009 15:04:27 +0100 |
1484 | + |
1485 | cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low |
1486 | |
1487 | * new upstream release candidate (1.1.0-rc2), highlights include: |
1488 | @@ -2514,6 +3741,80 @@ cryptsetup (2:1.0.7~rc1-1) unstable; urgency=low |
1489 | |
1490 | -- Jonas Meurer <mejo@debian.org> Sat, 04 Jul 2009 15:52:06 +0200 |
1491 | |
1492 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low |
1493 | + |
1494 | + [ Steve Langasek ] |
1495 | + * Make the 'start' action of the init script a no-op, this should be |
1496 | + handled entirely by the upstart job now; and remove any symlinks from |
1497 | + /etc/rcS.d on upgrade. LP: #473615. |
1498 | + |
1499 | + [ Reinhard Tartler ] |
1500 | + * Add an apport hook |
1501 | + * import the blkid and un_blkid from debian, LP: #446517 |
1502 | + * also use this script by default (setting in /etc/default/cryptdisks) |
1503 | + |
1504 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 04 Nov 2009 12:06:47 +0000 |
1505 | + |
1506 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low |
1507 | + |
1508 | + * Reupload previous version, siretart had left changes in bzr which |
1509 | + weren't documented in the changelog and caused FTBFS. |
1510 | + |
1511 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 14 Oct 2009 13:57:59 +0100 |
1512 | + |
1513 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low |
1514 | + |
1515 | + [ Steve Langasek ] |
1516 | + * Move the Debian Vcs- fields aside. |
1517 | + |
1518 | + [ Scott James Remnant ] |
1519 | + * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy, |
1520 | + cryptsetup should not need a controlling terminal, just a terminal |
1521 | + is fine. May fix LP: #439138. |
1522 | + |
1523 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 14 Oct 2009 04:52:16 +0100 |
1524 | + |
1525 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low |
1526 | + |
1527 | + * debian/cryptdisks-enable.upstart: Things that often help include |
1528 | + not setting stdin/out to /dev/null, so you can actually type the |
1529 | + passphrase. I am an idiot. LP: #430496. |
1530 | + |
1531 | + -- Scott James Remnant <scott@ubuntu.com> Thu, 17 Sep 2009 17:58:01 +0100 |
1532 | + |
1533 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low |
1534 | + |
1535 | + * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted |
1536 | + disks once we've finished probing for udev devices, so that mountall |
1537 | + can use them. LP: #430496. |
1538 | + |
1539 | + -- Scott James Remnant <scott@ubuntu.com> Thu, 17 Sep 2009 00:04:00 +0100 |
1540 | + |
1541 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low |
1542 | + |
1543 | + * debian/initramfs/cryptroot-conf: declare that we want usplash included |
1544 | + in the initramfs whenever this package is installed. LP: #427356. |
1545 | + |
1546 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 15 Sep 2009 08:43:15 -0700 |
1547 | + |
1548 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low |
1549 | + |
1550 | + * Merge from debian unstable, remaining changes: |
1551 | + - Ubuntu specific: |
1552 | + + debian/rules: link dynamically for better security supportability and |
1553 | + smaller packages. |
1554 | + + debian/control: Depend on initramfs-tools so system is not potentially |
1555 | + rendered unbootable. |
1556 | + - debian/initramfs/cryptroot-script wait for encrypted device to appear, |
1557 | + report with log_*_msg (debian bug 488271). |
1558 | + - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL |
1559 | + correlation between fstab and crypttab (debian bug 522041). |
1560 | + - debian/askpass.c, debian/initramfs/cryptroot-script: using newline |
1561 | + escape in passphrase prompt to avoid line-wrapping (debian bug 528133). |
1562 | + * Drop 04_fix_udevsettle_call.patch: fixed upstream differently. |
1563 | + |
1564 | + -- Kees Cook <kees@ubuntu.com> Sun, 10 May 2009 17:29:32 -0700 |
1565 | + |
1566 | cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low |
1567 | |
1568 | * New upstream svn snapshot. Highlights include: |
1569 | @@ -2555,6 +3856,67 @@ cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low |
1570 | |
1571 | -- Jonas Meurer <mejo@debian.org> Mon, 06 Apr 2009 08:49:14 +0200 |
1572 | |
1573 | +cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low |
1574 | + |
1575 | + * debian/control: Depend on initramfs-tools so system is not potentially |
1576 | + rendered unbootable (LP: #358654). |
1577 | + |
1578 | + -- Kees Cook <kees@ubuntu.com> Thu, 09 Apr 2009 12:29:31 -0700 |
1579 | + |
1580 | +cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low |
1581 | + |
1582 | + * debian/initramfs/cryptroot-script: we don't require vol_id to understand |
1583 | + the encrypted device, but we should check the device is fully up first |
1584 | + before continuing by calling udevadm settle. LP: #291752. |
1585 | + |
1586 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 07 Mar 2009 21:39:14 -0800 |
1587 | + |
1588 | +cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low |
1589 | + |
1590 | + * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation |
1591 | + between fstab and crypttab (LP: #287879). |
1592 | + |
1593 | + -- TJ <ubuntu@tjworld.net> Mon, 16 Feb 2009 23:00:00 +0000 |
1594 | + |
1595 | +cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low |
1596 | + |
1597 | + * debian/askpass.c: also handle newline escape code in console prompt. |
1598 | + |
1599 | + -- Kees Cook <kees@ubuntu.com> Sun, 15 Feb 2009 08:57:05 -0800 |
1600 | + |
1601 | +cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low |
1602 | + |
1603 | + [ https://launchpad.net/~svenkata ] |
1604 | + * debian/checks/un_vol_id: dynamically build the "unknown volume type" |
1605 | + string, to allow for encrypted swap, LP: #316607 |
1606 | + |
1607 | + -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 12 Feb 2009 16:57:30 -0600 |
1608 | + |
1609 | +cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low |
1610 | + |
1611 | + * debian/askpass.c: handle newline escape code in password prompt. |
1612 | + * debian/initramfs/cryptroot-script: add newline to split cryptroot |
1613 | + password prompt onto two lines for readability (LP: #326900). |
1614 | + |
1615 | + -- Kees Cook <kees@ubuntu.com> Sun, 08 Feb 2009 07:26:01 -0800 |
1616 | + |
1617 | +cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low |
1618 | + |
1619 | + * Merge from debian unstable, remaining changes: |
1620 | + - debian/initramfs/cryptroot-script: |
1621 | + - must source /scripts/functions to get the log_*_msg() functions. |
1622 | + - wait for encrypted device to show up (LP 164044, 291752). |
1623 | + - disable error message 'failed to setup lvm device' (LP 151532). |
1624 | + - debian/rules: |
1625 | + - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is |
1626 | + in Debian unstable). |
1627 | + - link dynamically (LP 62751). |
1628 | + - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle. |
1629 | + * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's |
1630 | + version is higher now. |
1631 | + |
1632 | + -- Kees Cook <kees@ubuntu.com> Tue, 06 Jan 2009 13:00:16 -0800 |
1633 | + |
1634 | cryptsetup (2:1.0.6-7) unstable; urgency=medium |
1635 | |
1636 | * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE |
1637 | @@ -2599,6 +3961,38 @@ cryptsetup (2:1.0.6-7) unstable; urgency=medium |
1638 | |
1639 | -- Jonas Meurer <mejo@debian.org> Wed, 17 Dec 2008 21:25:45 +0100 |
1640 | |
1641 | +cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low |
1642 | + |
1643 | + * debian/initramfs/cryptroot-script: do not require that vol_id |
1644 | + can parse the encrypted device as valid (LP: #291752). |
1645 | + |
1646 | + -- Kees Cook <kees@ubuntu.com> Fri, 31 Oct 2008 13:10:06 -0700 |
1647 | + |
1648 | +cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low |
1649 | + |
1650 | + * Fixes for (LP: #272301) |
1651 | + * debian/initramfs/cryptroot-script: must source /scripts/functions to get |
1652 | + the log_*_msg() functions |
1653 | + * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle |
1654 | + |
1655 | + -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 19 Sep 2008 18:03:28 -0500 |
1656 | + |
1657 | +cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low |
1658 | + |
1659 | + * drop almost all ubuntu specific changes from the cryptsetup package, |
1660 | + because they have been merged in debian. Thanks a lot! |
1661 | + * merge from debian, remaining changes: |
1662 | + - remove versioned build-depency on libdevmapper-dev, we are using a |
1663 | + rather sophisticated loop for making sure the root filesystem appears. |
1664 | + * debian/rules: fix location of ltmain.sh |
1665 | + * don't exit usplash anymore in the init script. LP: #110970, #139363 |
1666 | + * Disable error message 'failed to setup lvm device'. It is harmless, and |
1667 | + caused by the fact that the udev rules provided by lvm2 are setting up |
1668 | + the lvm on their own. In debian the scripts here are responsible for this |
1669 | + but obviously fail in ubuntu. LP: #151532 |
1670 | + |
1671 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 30 Aug 2008 17:52:16 +0200 |
1672 | + |
1673 | cryptsetup (2:1.0.6-6) unstable; urgency=high |
1674 | |
1675 | * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles |
1676 | @@ -2700,6 +4094,79 @@ cryptsetup (2:1.0.6-3) unstable; urgency=low |
1677 | |
1678 | -- Jonas Meurer <mejo@debian.org> Mon, 07 Jul 2008 00:30:07 +0200 |
1679 | |
1680 | +cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low |
1681 | + |
1682 | + * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally |
1683 | + dropped in version 2:1.0.6-2ubuntu6. |
1684 | + |
1685 | + -- Reinhard Tartler <siretart@tauware.de> Fri, 20 Jun 2008 15:15:54 +0200 |
1686 | + |
1687 | +cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low |
1688 | + |
1689 | + [ Kjell Braden ] |
1690 | + * load scripts/functions for log_{begin,end}_msg |
1691 | + * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device |
1692 | + * debian/initramfs/cryptroot-hook: copy binaries to the right directory |
1693 | + |
1694 | + [ Reinhard Tartler ] |
1695 | + * remove versioned build-depency on libdevmapper-dev, we are using a |
1696 | + rather sophisticated loop for making sure the root filesystem appears. |
1697 | + |
1698 | + -- Reinhard Tartler <siretart@tauware.de> Wed, 18 Jun 2008 00:26:43 +0200 |
1699 | + |
1700 | +cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low |
1701 | + |
1702 | + * Okay, I give up. include preprocessed manpages and adapt |
1703 | + debian/rules to easily produce those. |
1704 | + ATTENTION: on subsequent uploads, make sure that the manpages are |
1705 | + available and up-to-date. |
1706 | + |
1707 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 13:33:07 +0200 |
1708 | + |
1709 | +cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low |
1710 | + |
1711 | + * also use local dtd in debian/doc/variables.xml.in. |
1712 | + |
1713 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 12:55:42 +0200 |
1714 | + |
1715 | +cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low |
1716 | + |
1717 | + * try harder to fix FTBFS. |
1718 | + |
1719 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 11:42:54 +0200 |
1720 | + |
1721 | +cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low |
1722 | + |
1723 | + * build docbook documentation using local dtds instead of trying to |
1724 | + download them at buildtime. Fixes FTBFS. |
1725 | + |
1726 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 11:12:28 +0200 |
1727 | + |
1728 | +cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low |
1729 | + |
1730 | + * Merge new debian version. Remaining changes: |
1731 | + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
1732 | + bzr on launchpad. |
1733 | + - debian/rules: cryptsetup is linked dynamically against libgcrypt and |
1734 | + libgpg-error. |
1735 | + - cryptdisks.functions: stop usplash on user input. LP #62751 |
1736 | + - Parse comments in lines not starting with '#', LP #185380 |
1737 | + - If the encrypted source device hasn't shown up yet, give it a |
1738 | + little while to deal with removable devices. LP #164044 |
1739 | + * Depend on race-free version of libdevmapper, thus making udevsettle |
1740 | + call from cryptsetup binary unnecessary. Dropping patch |
1741 | + debian/patches/06_run_udevsettle.patch |
1742 | + * remove patch from LP #73862, loading optimized modules has been solved |
1743 | + in debian in another way. |
1744 | + * cryptdisk.functions: remove spurious call to load_optimized_module. |
1745 | + LP: #239946 |
1746 | + * bugfix: make regex work if keyfile has extended attributes. LP: #231339. |
1747 | + * remove patch in cryptdisks.functions for rexecing the script itself for |
1748 | + ensuring that a tty is always available. (See LP #58794.) According to |
1749 | + Scott, this is not necessary anymore. |
1750 | + |
1751 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 14 Jun 2008 23:28:51 +0200 |
1752 | + |
1753 | cryptsetup (2:1.0.6-2) unstable; urgency=low |
1754 | |
1755 | [ Jonas Meurer ] |
1756 | @@ -2725,6 +4192,54 @@ cryptsetup (2:1.0.6-2) unstable; urgency=low |
1757 | |
1758 | -- David Härdeman <david@hardeman.nu> Mon, 26 May 2008 08:12:32 +0200 |
1759 | |
1760 | +cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low |
1761 | + |
1762 | + [ Kjell Braden ] |
1763 | + * Fix configuration parsing (LP: #239808) |
1764 | + |
1765 | + [ Reinhard Tartler ] |
1766 | + * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723) |
1767 | + |
1768 | + -- Reinhard Tartler <siretart@tauware.de> Fri, 13 Jun 2008 21:26:17 +0200 |
1769 | + |
1770 | +cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low |
1771 | + |
1772 | + * Parse comments in lines not starting with '#', LP: #185380 |
1773 | + * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough |
1774 | + for the cryptdevice to appear. Reimplement the busy waiting loop found |
1775 | + while waiting for the root file system. Patch based on work by Swâmi |
1776 | + Petaramesh. LP: #164044 |
1777 | + * debian/crypdisks.functions: call 'env' with full path. LP: #178829. |
1778 | + |
1779 | + -- Reinhard Tartler <siretart@tauware.de> Mon, 26 May 2008 22:12:32 +0200 |
1780 | + |
1781 | +cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low |
1782 | + |
1783 | + * Simplify the patch in debian/cryptdisks.functions that stops usplash |
1784 | + before asking for a passphrase. |
1785 | + |
1786 | + -- Reinhard Tartler <siretart@tauware.de> Mon, 26 May 2008 20:18:14 +0200 |
1787 | + |
1788 | +cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low |
1789 | + |
1790 | + * Merge new debian version. Remaining changes: |
1791 | + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
1792 | + - stop usplash on user input. LP #62751 |
1793 | + - debian/cryptdisks.functions: Always output and read from the console. |
1794 | + LP #58794. |
1795 | + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
1796 | + bzr on launchpad. |
1797 | + - debian/initramfs/cryptroot-hook: LP #73862 |
1798 | + Added patch to install aes optimized cypher module |
1799 | + - try to load optimized cypher module in cryptsetup.functions as well, |
1800 | + because cryptroot-hook is only executed when we really have a |
1801 | + cryptoroot. |
1802 | + * other ubuntu changes have been merged into debian. Please report bugs |
1803 | + if you believe some patches have been dropped. |
1804 | + * removed 07_typos_fix.patch, has been reviewed and applied upstream. |
1805 | + |
1806 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 25 May 2008 22:52:30 +0200 |
1807 | + |
1808 | cryptsetup (2:1.0.6-1) unstable; urgency=low |
1809 | |
1810 | [ Jonas Meurer ] |
1811 | @@ -2856,6 +4371,138 @@ cryptsetup (2:1.0.6~pre1-1) unstable; urgency=low |
1812 | |
1813 | -- Jonas Meurer <mejo@debian.org> Thu, 06 Dec 2007 15:56:05 +0100 |
1814 | |
1815 | +cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low |
1816 | + |
1817 | + * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181) |
1818 | + |
1819 | + -- Bruno Barrera Yever <bbyever@gmail.com> Mon, 07 Apr 2008 18:43:05 -0500 |
1820 | + |
1821 | +cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low |
1822 | + |
1823 | + * debian/initramfs/cryptroot-script: Do show the disk name after all, since |
1824 | + some people use multiple encrypted partitions as LVM PVs. (LP: #201413) |
1825 | + |
1826 | + -- Martin Pitt <martin.pitt@ubuntu.com> Sun, 06 Apr 2008 11:54:41 -0600 |
1827 | + |
1828 | +cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low |
1829 | + |
1830 | + * debian/initramfs/cryptroot-script: Do not mention the name of the |
1831 | + encrypted device. It is just technobabble anyway (sda4_crypt), and there |
1832 | + is just one root partition ever, so it is not needed to tell apart |
1833 | + different partitions. From a security POV, someone who can change your |
1834 | + initramfs to boot a different root partition can just as well change the |
1835 | + strings, too. (LP: #201413) |
1836 | + |
1837 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 02 Apr 2008 15:51:53 +0200 |
1838 | + |
1839 | +cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low |
1840 | + |
1841 | + * debian/scripts/luksformat: Use 256 bit key size by default. |
1842 | + (LP: #78508) |
1843 | + * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for |
1844 | + luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508) |
1845 | + |
1846 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 27 Feb 2008 17:43:46 +0100 |
1847 | + |
1848 | +cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low |
1849 | + |
1850 | + * Fix -x calls and access() call. |
1851 | + |
1852 | + -- Scott James Remnant <scott@ubuntu.com> Fri, 14 Dec 2007 16:54:53 +0000 |
1853 | + |
1854 | +cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low |
1855 | + |
1856 | + * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle |
1857 | + * debian/patches/06_call_udevsettle.dpatch: likewise |
1858 | + |
1859 | + -- Scott James Remnant <scott@ubuntu.com> Fri, 14 Dec 2007 16:11:36 +0000 |
1860 | + |
1861 | +cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low |
1862 | + |
1863 | + * Make cryptsetup understand devices specified by UUID=... or LABEL= |
1864 | + in crypttab. (LP: #153597) |
1865 | + |
1866 | + -- Andrea Colangelo <warp10@libero.it> Mon, 29 Oct 2007 18:22:51 +0100 |
1867 | + |
1868 | +cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low |
1869 | + |
1870 | + * reenable additional udevsettle calls in cryptroot hook from |
1871 | + https://launchpad.net/bugs/85640, LP: #132373. |
1872 | + * change maintainer to ubuntu-core-dev. |
1873 | + * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control. |
1874 | + |
1875 | + -- Reinhard Tartler <siretart@tauware.de> Thu, 08 Nov 2007 23:52:19 +0100 |
1876 | + |
1877 | +cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low |
1878 | + |
1879 | + * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last |
1880 | + upload. Sorry, pitti. |
1881 | + * convert patch to lib/libdevmapper.c to a dpatch. |
1882 | + |
1883 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 04 Nov 2007 21:42:43 +0100 |
1884 | + |
1885 | +cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low |
1886 | + |
1887 | + * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation |
1888 | + events are being processed by calling /sbin/udevsettle. Patch based on |
1889 | + OpenSUSE bug #285478, LP: #132373. |
1890 | + * Based on the change above, the patch from LP #85640 is no longer needed. |
1891 | + dropping the relevant parts. |
1892 | + * Fix debian/rules to not fail to build if autom4te.cache is left behind |
1893 | + from a previous incomplete build. |
1894 | + |
1895 | + -- Reinhard Tartler <siretart@tauware.de> Fri, 02 Nov 2007 20:53:31 +0100 |
1896 | + |
1897 | +cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low |
1898 | + |
1899 | + * debian/initramfs/cryptroot-script: |
1900 | + - If the supplied password worked, remove the prompt from usplash again, |
1901 | + so that the user has some visual feedback that everything is alright. |
1902 | + (LP: #151305) |
1903 | + - Do not show the UUID device node of the outer physical device. It is |
1904 | + scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not |
1905 | + improve security at all: If attackers can tamper with your initramfs, |
1906 | + they can also change the prompt, and if the UUID of the physical device |
1907 | + changes, then booting will not even get that far. Now it is a much more |
1908 | + friendly "Enter passphrase for sda5_crypt:" which is still technical, |
1909 | + but it's necessary to point out which device will be unlocked in case |
1910 | + there are several. |
1911 | + |
1912 | + -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 11 Oct 2007 19:51:58 +0200 |
1913 | + |
1914 | +cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low |
1915 | + |
1916 | + * Merge new debian version. Remaining changes: |
1917 | + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
1918 | + This will break systems where /usr is a separate encrypted filesystem |
1919 | + but not have other bad consequences (in particular, systems with |
1920 | + encrypted root are still fine). The upsides include better |
1921 | + security supportability and smaller packages. |
1922 | + - libcryptsetup.so et al removed from the binary packages. They have |
1923 | + no stable ABI and are not suitable for use by other packages, and |
1924 | + were in violation of library policies etc. They're not needed since |
1925 | + the cryptsetup executable statically contains the relevant parts of |
1926 | + libcryptsetup. |
1927 | + - cryptdisks.functions: remove #!/bin/bash as it isn't a script |
1928 | + by itself; it's only sourced by other scripts. This gets rid |
1929 | + of the lintian warning `script-not-executable' for this file. |
1930 | + - stop usplash on user input. LP #62751 |
1931 | + - Always output and read from the console. LP #58794. |
1932 | + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
1933 | + bzr on launchpad. |
1934 | + - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate |
1935 | + libnsl linkage; |
1936 | + - debian/initramfs/cryptroot-hook: (LP: #73862) |
1937 | + Added patch to install aes optimized cypher module |
1938 | + - try to load optimized cypher module in cryptsetup.functions as well, |
1939 | + because cryptroot-hook is only executed when we really have a |
1940 | + cryptoroot. |
1941 | + - apply patch from pitti for allowing UUIDs in /etc/crypttab. |
1942 | + This allowes crypted PVs! LP: #144390. |
1943 | + - remove README.ubuntu, since it contains old and obsolete information. |
1944 | + |
1945 | + -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Oct 2007 21:31:28 +0200 |
1946 | + |
1947 | cryptsetup (2:1.0.5-2) unstable; urgency=low |
1948 | |
1949 | [ Jonas Meurer ] |
1950 | @@ -2904,6 +4551,68 @@ cryptsetup (2:1.0.5-2) unstable; urgency=low |
1951 | |
1952 | -- Jonas Meurer <mejo@debian.org> Mon, 24 Sep 2007 15:42:06 +0200 |
1953 | |
1954 | +cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low |
1955 | + |
1956 | + * apply patch from pitti for allowing UUIDs in /etc/crypttab. |
1957 | + This allowes crypted PVs! LP: #144390. |
1958 | + * remove README.ubuntu, since it contains old and obsolete information. |
1959 | + |
1960 | + -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Oct 2007 19:59:24 +0200 |
1961 | + |
1962 | +cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low |
1963 | + |
1964 | + [ Stephan Hermann ] |
1965 | + * debian/initramfs/cryptroot-hook: (LP: #73862) |
1966 | + - Added patch to install aes optimized cypher module |
1967 | + |
1968 | + [ Reinhard Tartler ] |
1969 | + * re-applying old patch to new package version |
1970 | + * try to load optimized cypher module in cryptsetup.functions as well, |
1971 | + because cryptroot-hook is only executed when we really have a |
1972 | + cryptoroot. |
1973 | + |
1974 | + -- Reinhard Tartler <siretart@tauware.de> Thu, 27 Sep 2007 19:38:48 +0200 |
1975 | + |
1976 | +cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low |
1977 | + |
1978 | + * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate |
1979 | + libnsl linkage; should finally produce a usable cryptsetup binary for |
1980 | + the udeb. |
1981 | + |
1982 | + -- Colin Watson <cjwatson@ubuntu.com> Wed, 19 Sep 2007 15:28:52 +0100 |
1983 | + |
1984 | +cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low |
1985 | + |
1986 | + * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for |
1987 | + proper udeb dependencies. |
1988 | + |
1989 | + -- Colin Watson <cjwatson@ubuntu.com> Wed, 19 Sep 2007 01:37:02 +0100 |
1990 | + |
1991 | +cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low |
1992 | + |
1993 | + * Merge new debian version. Remaining changes: |
1994 | + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
1995 | + This will break systems where /usr is a separate encrypted filesystem |
1996 | + but not have other bad consequences (in particular, systems with |
1997 | + encrypted root are still fine). The upsides include better |
1998 | + security supportability and smaller packages. |
1999 | + - libcryptsetup.so et al removed from the binary packages. They have |
2000 | + no stable ABI and are not suitable for use by other packages, and |
2001 | + were in violation of library policies etc. They're not needed since |
2002 | + the cryptsetup executable statically contains the relevant parts of |
2003 | + libcryptsetup. |
2004 | + - cryptdisks.functions: remove #!/bin/bash as it isn't a script |
2005 | + by itself; it's only sourced by other scripts. This gets rid |
2006 | + of the lintian warning `script-not-executable' for this file. |
2007 | + - stop usplash on user input. LP #62751 |
2008 | + - Always output and read from the console. LP #58794. |
2009 | + * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
2010 | + bzr on launchpad. |
2011 | + * UVF exception request granted by Scott Kitterman and Chuck Short |
2012 | + LP: #138295 |
2013 | + |
2014 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 08 Sep 2007 19:04:54 +0200 |
2015 | + |
2016 | cryptsetup (2:1.0.5-1) unstable; urgency=low |
2017 | |
2018 | [ Jonas Meurer ] |
2019 | @@ -2924,6 +4633,66 @@ cryptsetup (2:1.0.5-1) unstable; urgency=low |
2020 | |
2021 | -- Jonas Meurer <mejo@debian.org> Fri, 27 Jul 2007 04:59:33 +0200 |
2022 | |
2023 | +cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low |
2024 | + |
2025 | + * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu |
2026 | + |
2027 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 08 Sep 2007 18:43:56 +0200 |
2028 | + |
2029 | +cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low |
2030 | + |
2031 | + * cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
2032 | + This will break systems where /usr is a separate encrypted filesystem |
2033 | + but not have other bad consequences (in particular, systems with |
2034 | + encrypted root are still fine). The upsides include better |
2035 | + security supportability and smaller packages. |
2036 | + * libcryptsetup.so et al removed from the binary packages. They have |
2037 | + no stable ABI and are not suitable for use by other packages, and |
2038 | + were in violation of library policies etc. They're not needed since |
2039 | + the cryptsetup executable statically contains the relevant parts of |
2040 | + libcryptsetup. |
2041 | + * cryptdisks.functions: remove #!/bin/bash as it isn't a script |
2042 | + by itself; it's only sourced by other scripts. This gets rid |
2043 | + of the lintian warning `script-not-executable' for this file. |
2044 | + |
2045 | + -- Ian Jackson <iwj@ubuntu.com> Fri, 31 Aug 2007 12:05:33 +0100 |
2046 | + |
2047 | +cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low |
2048 | + |
2049 | + * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions |
2050 | + (LP: #115617) |
2051 | + |
2052 | + -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 17:04:05 +0200 |
2053 | + |
2054 | +cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low |
2055 | + |
2056 | + * make luksformat check if filesystem is already mounted to prevent a |
2057 | + strange error message. thanks to mvo for the patch (LP: #116633) |
2058 | + * remove file debian/initramfs-cryptroot-script from source. it is not |
2059 | + installed anywhere, and a leftover from the last merge. |
2060 | + * add missing hunk of cryptsetup.functions compared to debian package. |
2061 | + * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to |
2062 | + debian/initramfs/cryptroot-script, since stgraber's patch has been |
2063 | + lost in the last merge. (LP: #85640) |
2064 | + |
2065 | + -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 15:02:57 +0200 |
2066 | + |
2067 | +cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low |
2068 | + |
2069 | + * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405) |
2070 | + |
2071 | + -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 13:31:39 +0200 |
2072 | + |
2073 | +cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low |
2074 | + |
2075 | + * Merge from Debian unstable. Remaining Ubuntu changes: |
2076 | + - stop usplash on user input. Ubuntu: #62751 |
2077 | + - Always output and read from the console. Ubuntu: #58794. |
2078 | + - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) |
2079 | + * Modify Maintainer value to match Debian-Maintainer-Field Spec |
2080 | + |
2081 | + -- Andrea Veri <bluekuja@ubuntu.com> Sun, 6 May 2007 22:33:25 +0200 |
2082 | + |
2083 | cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low |
2084 | |
2085 | * New upstream svn snapshot with several bugfixes |
2086 | @@ -2976,6 +4745,20 @@ cryptsetup (2:1.0.4+svn26-2) unstable; urgency=low |
2087 | |
2088 | -- Jonas Meurer <mejo@debian.org> Sat, 28 Apr 2007 20:45:50 +0200 |
2089 | |
2090 | +cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low |
2091 | + |
2092 | + * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) |
2093 | + |
2094 | + -- Stéphane Graber <stgraber@ubuntu.com> Thu, 14 Apr 2007 10:03:41 +0200 |
2095 | + |
2096 | +cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low |
2097 | + |
2098 | + * merge debian changes. Remaining ubuntu changes: |
2099 | + - stop usplash on user input. Ubuntu: #62751 |
2100 | + - Always output and read from the console. Ubuntu: #58794. |
2101 | + |
2102 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 3 Feb 2007 21:30:03 +0100 |
2103 | + |
2104 | cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high |
2105 | |
2106 | [ Jonas Meurer ] |
2107 | @@ -3025,6 +4808,28 @@ cryptsetup (2:1.0.4+svn16-1) unstable; urgency=medium |
2108 | |
2109 | -- Jonas Meurer <mejo@debian.org> Tue, 28 Nov 2006 18:17:12 +0100 |
2110 | |
2111 | +cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low |
2112 | + |
2113 | + * fix and improve initramfs hook: terminate usplash if running, since |
2114 | + adequate secure text input is not possible with usplash ATM |
2115 | + * usplash support: Terminate usplash before asking a password. |
2116 | + Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751 |
2117 | + |
2118 | + -- Reinhard Tartler <siretart@tauware.de> Wed, 24 Jan 2007 22:43:28 +0100 |
2119 | + |
2120 | +cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low |
2121 | + |
2122 | + * merge debian changes, remaining patches: |
2123 | + - Always output and read from the console. Ubuntu: #58794. |
2124 | + * other changes have been merged or do noy apply anymore |
2125 | + * read password via usplash if available in initramfs for rootfs. based on a patch from |
2126 | + Swen Thümmler (Thanks for that!) Ubuntu #62751 |
2127 | + * read password from initscript via usplash if running. should fix the |
2128 | + rest of Ubuntu #62751. Only problem with that patch: It asks only once |
2129 | + for the password! improvements welcome! |
2130 | + |
2131 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 19 Nov 2006 20:04:19 +0100 |
2132 | + |
2133 | cryptsetup (2:1.0.4-8) unstable; urgency=high |
2134 | |
2135 | [ Jonas Meurer ] |
2136 | @@ -3182,6 +4987,27 @@ cryptsetup (2:1.0.4~rc2-1) unstable; urgency=low |
2137 | |
2138 | -- Jonas Meurer <mejo@debian.org> Mon, 4 Sep 2006 03:55:35 +0200 |
2139 | |
2140 | +cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low |
2141 | + |
2142 | + * Always output and read from the console. Ubuntu: #58794. |
2143 | + |
2144 | + -- Scott James Remnant <scott@ubuntu.com> Thu, 21 Sep 2006 03:05:18 +0100 |
2145 | + |
2146 | +cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low |
2147 | + |
2148 | + * Load the dm-crypt module on startup. Ubuntu: #53475. |
2149 | + |
2150 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 23 Aug 2006 11:53:49 +0200 |
2151 | + |
2152 | +cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low |
2153 | + |
2154 | + * Sync with Debian: |
2155 | + Remaining Ubuntu Changes |
2156 | + + debian/cryptdisks.functions: |
2157 | + - Tell usplash to quit if we ask for a passphrase |
2158 | + |
2159 | + -- Sebastian Dröge <slomo@ubuntu.com> Tue, 11 Jul 2006 20:03:27 +0200 |
2160 | + |
2161 | cryptsetup (2:1.0.3-3) unstable; urgency=low |
2162 | |
2163 | [ Jonas Meurer ] |
2164 | diff --git a/debian/control b/debian/control |
2165 | index b53fcda..d218d7a 100644 |
2166 | --- a/debian/control |
2167 | +++ b/debian/control |
2168 | @@ -1,7 +1,8 @@ |
2169 | Source: cryptsetup |
2170 | Section: admin |
2171 | Priority: optional |
2172 | -Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net> |
2173 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
2174 | +XSBC-Original-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net> |
2175 | Uploaders: Jonas Meurer <jonas@freesources.org>, |
2176 | Guilhem Moulin <guilhem@debian.org> |
2177 | Rules-Requires-Root: no |
2178 | @@ -43,7 +44,8 @@ Depends: cryptsetup-bin (>= 2:1.6.0), |
2179 | dmsetup, |
2180 | ${misc:Depends}, |
2181 | ${shlibs:Depends} |
2182 | -Suggests: cryptsetup-initramfs, dosfstools, keyutils, liblocale-gettext-perl |
2183 | +Recommends: cryptsetup-initramfs |
2184 | +Suggests: dosfstools, keyutils, liblocale-gettext-perl |
2185 | Replaces: cryptsetup-run (<< 2:2.1.0-6) |
2186 | Breaks: cryptsetup-run (<< 2:2.1.0-6) |
2187 | Description: disk encryption support - startup scripts |
2188 | @@ -94,11 +96,11 @@ Description: disk encryption support - experimental SSH token handler |
2189 | |
2190 | Package: cryptsetup-initramfs |
2191 | Architecture: all |
2192 | -Depends: busybox | busybox-static, |
2193 | +Depends: busybox-initramfs, |
2194 | cryptsetup (>= ${source:Version}), |
2195 | initramfs-tools (>= 0.137) | linux-initramfs-tool, |
2196 | ${misc:Depends} |
2197 | -Recommends: console-setup, kbd |
2198 | +Recommends: console-setup, kbd, plymouth |
2199 | Breaks: cryptsetup (<< 2:2.0.3-1) |
2200 | Replaces: cryptsetup (<< 2:2.0.3-1) |
2201 | Conflicts: lvm2 (<< 2.03.15-1) |
2202 | @@ -111,7 +113,7 @@ Description: disk encryption support - initramfs integration |
2203 | This package provides initramfs integration for cryptsetup. |
2204 | |
2205 | Package: cryptsetup-suspend |
2206 | -Architecture: linux-any |
2207 | +Architecture: amd64 arm64 armhf ppc64el riscv64 s390x |
2208 | Multi-Arch: foreign |
2209 | Depends: cryptsetup-initramfs (>= ${source:Version}), |
2210 | initramfs-tools-core, |
2211 | diff --git a/debian/functions b/debian/functions |
2212 | index 917abad..73f5f2a 100644 |
2213 | --- a/debian/functions |
2214 | +++ b/debian/functions |
2215 | @@ -603,6 +603,7 @@ _resolve_device() { |
2216 | # Print the major:minor device ID(s) holding the file system currently |
2217 | # mounted currenty mounted on $mountpoint. |
2218 | # Return 0 on success, 1 on error (if $mountpoint is not a mountpoint). |
2219 | +# devno will be empty if the filesystem must be excluded. |
2220 | get_mnt_devno() { |
2221 | local wantmount="$1" devnos="" uuid dev IFS |
2222 | local spec mountpoint fstype _ DEV MAJ MIN |
2223 | @@ -616,8 +617,15 @@ get_mnt_devno() { |
2224 | # take the last mountpoint if used several times (shadowed) |
2225 | unset -v devnos |
2226 | spec="$(printf '%b' "$spec")" |
2227 | - _resolve_device "$spec" || continue # _resolve_device() already warns on error |
2228 | fstype="$(printf '%b' "$fstype")" |
2229 | + if [ "$fstype" = "zfs" ]; then |
2230 | + # Ignore ZFS entries as they don't have a major/minor and won't |
2231 | + # be imported when local-top cryptroot script will ran. |
2232 | + # Returns success with empty devno |
2233 | + printf '' |
2234 | + return 0 |
2235 | + fi |
2236 | + _resolve_device "$spec" || continue # _resolve_device() already warns on error |
2237 | if [ "$fstype" = "btrfs" ]; then |
2238 | # btrfs can span over multiple devices |
2239 | if uuid="$(_device_uuid "$DEV")"; then |
2240 | diff --git a/debian/initramfs/cryptroot-unlock b/debian/initramfs/cryptroot-unlock |
2241 | index dbc2ad0..0e91701 100644 |
2242 | --- a/debian/initramfs/cryptroot-unlock |
2243 | +++ b/debian/initramfs/cryptroot-unlock |
2244 | @@ -40,8 +40,14 @@ fi |
2245 | pgrep_exe() { |
2246 | local exe pid |
2247 | exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0 |
2248 | - ps -eo pid= | while read pid; do |
2249 | - [ "$(readlink -f "/proc/$pid/exe")" != "$exe" ] || printf '%d\n' "$pid" |
2250 | + ps | awk '{print $1, $5}' | while read LINE; do |
2251 | + set $LINE |
2252 | + local pid=$1 |
2253 | + local cmd=$(readlink -f -- "$2") |
2254 | + if [ "$cmd" == "$exe" ]; then |
2255 | + echo $pid |
2256 | + break |
2257 | + fi |
2258 | done |
2259 | } |
2260 | |
2261 | @@ -101,7 +107,7 @@ wait_for_prompt() { |
2262 | break |
2263 | fi |
2264 | |
2265 | - usleep 100000 |
2266 | + sleep 0.1 |
2267 | timer=$(( $timer - 1 )) |
2268 | if [ $timer -le 0 ]; then |
2269 | echo "Error: Timeout reached while waiting for askpass." >&2 |
2270 | @@ -112,7 +118,7 @@ wait_for_prompt() { |
2271 | # find the cryptsetup process with same $CRYPTTAB_NAME |
2272 | local o v |
2273 | for o in NAME TRIED OPTION_tries; do |
2274 | - if v="$(grep -z -m1 "^CRYPTTAB_$o=" "/proc/$pid/environ")"; then |
2275 | + if v="$(tr '\0' '\n' < "/proc/$pid/environ" | grep -m1 "^CRYPTTAB_$o=")"; then |
2276 | eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}" |
2277 | else |
2278 | eval unset -v "CRYPTTAB_$o" |
2279 | @@ -128,7 +134,7 @@ wait_for_prompt() { |
2280 | fi |
2281 | |
2282 | for pid in $(pgrep_exe "/sbin/cryptsetup"); do |
2283 | - if grep -Fxqz "CRYPTTAB_NAME=$CRYPTTAB_NAME" "/proc/$pid/environ"; then |
2284 | + if tr '\0' '\n' < "/proc/$pid/environ" | grep -Fxq "CRYPTTAB_NAME=$CRYPTTAB_NAME"; then |
2285 | PID=$pid |
2286 | BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break |
2287 | return 0 |
2288 | @@ -148,7 +154,7 @@ wait_for_prompt() { |
2289 | wait_for_answer() { |
2290 | local timer=$(( 10 * $TIMEOUT )) b |
2291 | while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do |
2292 | - usleep 100000 |
2293 | + sleep 0.1 |
2294 | timer=$(( $timer - 1 )) |
2295 | if [ $timer -le 0 ]; then |
2296 | echo "Error: Timeout reached while waiting for PID $PID." >&2 |
2297 | diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot |
2298 | index defd244..c1a4bb1 100644 |
2299 | --- a/debian/initramfs/hooks/cryptroot |
2300 | +++ b/debian/initramfs/hooks/cryptroot |
2301 | @@ -178,16 +178,18 @@ generate_initrd_crypttab() { |
2302 | |
2303 | { |
2304 | if devnos="$(get_mnt_devno /)"; then |
2305 | - usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos |
2306 | + if [ -n "$devnos" ]; then |
2307 | + usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos |
2308 | + fi |
2309 | else |
2310 | cryptsetup_message "WARNING: Couldn't determine root device" |
2311 | fi |
2312 | |
2313 | - if devnos="$(get_resume_devno)"; then |
2314 | + if devnos="$(get_resume_devno)" && [ -n "$devnos" ]; then |
2315 | usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos |
2316 | fi |
2317 | |
2318 | - if devnos="$(get_mnt_devno /usr)"; then |
2319 | + if devnos="$(get_mnt_devno /usr)" && [ -n "$devnos" ]; then |
2320 | usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos |
2321 | fi |
2322 | |
2323 | diff --git a/debian/patches/decrease_memlock_ulimit.patch b/debian/patches/decrease_memlock_ulimit.patch |
2324 | new file mode 100644 |
2325 | index 0000000..a9fd0d1 |
2326 | --- /dev/null |
2327 | +++ b/debian/patches/decrease_memlock_ulimit.patch |
2328 | @@ -0,0 +1,49 @@ |
2329 | +Description: Decrease memlock limit to mimic Xenial builder behavior. |
2330 | + This approach prevents cryptsetup to FTBFS, since the PPA builders were |
2331 | + upgraded to Bionic, which has a bigger memlock limit (but not enough). |
2332 | + With this quirk, cryptsetup won't mlock() its memory allocationss, hence |
2333 | + it behaves exactly as the Xenial builders. Meanwhile, we pursue the |
2334 | + proper fix (systemd patch to bump memlock to a higher limit on Bionic). |
2335 | +Author: Guilherme G. Piccoli <gpiccoli@canonical.com> |
2336 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1891473 |
2337 | +Last-Update: 2020-09-09 |
2338 | + |
2339 | +--- a/tests/compat-test |
2340 | ++++ b/tests/compat-test |
2341 | +@@ -47,6 +47,10 @@ |
2342 | + LOOPDEV=$(losetup -f 2>/dev/null) |
2343 | + FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) |
2344 | + |
2345 | ++# Circumvent test failure due to Bionic builder; we need to decrease |
2346 | ++# the memlock limit here to mimic Xenial builder (see LP #1891473). |
2347 | ++ulimit -l 0 |
2348 | ++ |
2349 | + function remove_mapping() |
2350 | + { |
2351 | + [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 >/dev/null 2>&1 |
2352 | +--- a/tests/luks2-validation-test |
2353 | ++++ b/tests/luks2-validation-test |
2354 | +@@ -21,6 +21,10 @@ |
2355 | + |
2356 | + [ -z "$srcdir" ] && srcdir="." |
2357 | + |
2358 | ++# Circumvent test failure due to Bionic builder; we need to decrease |
2359 | ++# the memlock limit here to mimic Xenial builder (see LP #1891473). |
2360 | ++ulimit -l 0 |
2361 | ++ |
2362 | + function remove_mapping() |
2363 | + { |
2364 | + rm -rf $IMG $TST_IMGS >/dev/null 2>&1 |
2365 | +--- a/tests/tcrypt-compat-test |
2366 | ++++ b/tests/tcrypt-compat-test |
2367 | +@@ -16,6 +16,10 @@ |
2368 | + |
2369 | + [ -z "$srcdir" ] && srcdir="." |
2370 | + |
2371 | ++# Circumvent test failure due to Bionic builder; we need to decrease |
2372 | ++# the memlock limit here to mimic Xenial builder (see LP #1891473). |
2373 | ++ulimit -l 0 |
2374 | ++ |
2375 | + function remove_mapping() |
2376 | + { |
2377 | + [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP |
2378 | diff --git a/debian/patches/series b/debian/patches/series |
2379 | new file mode 100644 |
2380 | index 0000000..270d874 |
2381 | --- /dev/null |
2382 | +++ b/debian/patches/series |
2383 | @@ -0,0 +1 @@ |
2384 | +decrease_memlock_ulimit.patch |
2385 | diff --git a/debian/rules b/debian/rules |
2386 | index 757085c..08074b4 100755 |
2387 | --- a/debian/rules |
2388 | +++ b/debian/rules |
2389 | @@ -87,8 +87,10 @@ override_dh_bugfiles: |
2390 | execute_after_dh_fixperms-arch: |
2391 | chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/* |
2392 | chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_* |
2393 | +ifneq ($(DEB_HOST_ARCH),i386) |
2394 | chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper |
2395 | chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown |
2396 | +endif |
2397 | ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES))) |
2398 | chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/* |
2399 | chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_* |
2400 | diff --git a/debian/tests/control b/debian/tests/control |
2401 | index 52752a3..0b7e9be 100644 |
2402 | --- a/debian/tests/control |
2403 | +++ b/debian/tests/control |
2404 | @@ -42,8 +42,9 @@ Depends: cryptsetup-bin, |
2405 | sshpass |
2406 | Restrictions: needs-root, isolation-machine |
2407 | |
2408 | - |
2409 | -Tests: cryptdisks, cryptdisks.init |
2410 | +# cryptdisks test is disabled - it fails to open /dev/tty in CI |
2411 | +#Tests: cryptdisks, cryptdisks.init |
2412 | +Tests: cryptdisks.init |
2413 | Depends: cryptsetup, xxd |
2414 | Restrictions: allow-stderr, needs-root, isolation-machine |
2415 | |
2416 | diff --git a/debian/tests/cryptroot-lvm.d/mock b/debian/tests/cryptroot-lvm.d/mock |
2417 | index f57e42f..f777763 100755 |
2418 | --- a/debian/tests/cryptroot-lvm.d/mock |
2419 | +++ b/debian/tests/cryptroot-lvm.d/mock |
2420 | @@ -36,8 +36,13 @@ else { |
2421 | expect($SERIAL => qr/(?:^|\s)?PM: suspend exit\r\n/m); |
2422 | unlock_disk("topsecret"); |
2423 | |
2424 | - # consume PS1 to make sure we're at a shell prompt |
2425 | - expect($CONSOLE => qr/\A $PS1 \z/aamsx); |
2426 | + # suspend() leaves clutter in the console due to the retries |
2427 | + # that prevents test from succeeding. |
2428 | + consume($CONSOLE); |
2429 | + |
2430 | + # ensure that shell is available |
2431 | + shell(q{echo ready}, rv => 0); |
2432 | + |
2433 | my $out = shell(q{dmsetup info -c --noheadings -omangled_name,suspended --separator ' '}); |
2434 | die if grep !/[:[:blank:]]Active$/i, split(/\r?\n/, $out); |
2435 | |
2436 | diff --git a/debian/tests/cryptroot-nested.d/config b/debian/tests/cryptroot-nested.d/config |
2437 | index 995200c..fcfba32 100644 |
2438 | --- a/debian/tests/cryptroot-nested.d/config |
2439 | +++ b/debian/tests/cryptroot-nested.d/config |
2440 | @@ -1,6 +1,13 @@ |
2441 | PKGS_EXTRA+=( btrfs-progs lvm2 mdadm ) |
2442 | PKGS_EXTRA+=( cryptsetup-initramfs ) |
2443 | |
2444 | +# "$DISTRIBUTOR_ID" is defined in ../utils/cryptroot-common |
2445 | +# Workaround for LP1831747 https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1831747 |
2446 | +# Add implicit dependency of cryptsetup-initramfs |
2447 | +if [ "$DISTRIBUTOR_ID" = "ubuntu" ]; then |
2448 | + PKGS_EXTRA+=( e2fsprogs ) |
2449 | +fi |
2450 | + |
2451 | # /dev/mapper/testvg-lv1_crypt and /dev/vdc are both 1G and used in RAID1 mode |
2452 | DRIVE_SIZES=( "1G" "264M" "1G" "512M" ) |
2453 | |
2454 | diff --git a/debian/tests/cryptroot-sysvinit.d/config b/debian/tests/cryptroot-sysvinit.d/config |
2455 | index f6b7392..1d41c24 100644 |
2456 | --- a/debian/tests/cryptroot-sysvinit.d/config |
2457 | +++ b/debian/tests/cryptroot-sysvinit.d/config |
2458 | @@ -1,5 +1,10 @@ |
2459 | PKGS_EXTRA+=( e2fsprogs ) # for fsck.ext4 |
2460 | PKGS_EXTRA+=( cryptsetup-initramfs cryptsetup ) |
2461 | -PKG_INIT="sysvinit-core" |
2462 | - |
2463 | +# "$DISTRIBUTOR_ID" is defined in ../utils/cryptroot-common |
2464 | +case "$DISTRIBUTOR_ID" in |
2465 | + debian) PKG_INIT="sysvinit-core";; |
2466 | + ubuntu) PKG_INIT="systemd-sysv";; |
2467 | + *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't determine default init package" >&2; |
2468 | + exit 1;; |
2469 | +esac |
2470 | # vim: set filetype=bash : |
2471 | diff --git a/debian/tests/initramfs-hook b/debian/tests/initramfs-hook |
2472 | index 3e174fe..de9293a 100755 |
2473 | --- a/debian/tests/initramfs-hook |
2474 | +++ b/debian/tests/initramfs-hook |
2475 | @@ -63,6 +63,20 @@ mkinitramfs() { |
2476 | # `mkinitramfs -k` would be better but we can't set $DESTDIR in advance |
2477 | cleanup_initrd_dir |
2478 | command unmkinitramfs "$INITRD_IMG" "$INITRD_DIR" |
2479 | + |
2480 | + # find subdirectory with the root file system relative to the cryptsetup location |
2481 | + CRYPTSETUP_PATH=sbin/cryptsetup |
2482 | + ROOTFS_DIR=`find "$INITRD_DIR" -name cryptsetup | grep "/usr/$CRYPTSETUP_PATH" | sed -e "s|/usr/$CRYPTSETUP_PATH||"` |
2483 | + |
2484 | + if [[ -z "$ROOTFS_DIR" ]]; then |
2485 | + ROOTFS_DIR=`find "$INITRD_DIR" -name cryptsetup | grep "/$CRYPTSETUP_PATH" | sed -e "s|/$CRYPTSETUP_PATH||"` |
2486 | + fi |
2487 | + |
2488 | + if [[ ! -z "$ROOTFS_DIR" ]] && [[ "$ROOTFS_DIR" != "$INITRD_DIR" ]] && [[ -d "$ROOTFS_DIR" ]]; then |
2489 | + echo move root filesystem from "$ROOTFS_DIR" to "$INITRD_DIR" |
2490 | + mv "$ROOTFS_DIR"/* "$INITRD_DIR" |
2491 | + fi |
2492 | + |
2493 | for d in dev proc sys; do |
2494 | mkdir -p "$INITRD_DIR/$d" |
2495 | mount --bind "/$d" "$INITRD_DIR/$d" |
2496 | @@ -190,9 +204,9 @@ cryptsetup close test3_crypt |
2497 | # plain, blowfish + ripemd160 (ignored due to keyfile) |
2498 | disk_setup |
2499 | head -c32 /dev/urandom >"$TMPDIR/keyfile" |
2500 | -cryptsetup open --type=plain --cipher="blowfish" --key-file="$TMPDIR/keyfile" --size=256 --hash="ripemd160" "$CRYPT_DEV" test3_crypt |
2501 | +cryptsetup open --type=plain --cipher="blowfish" --key-file="$TMPDIR/keyfile" --hash="ripemd160" "$CRYPT_DEV" test3_crypt |
2502 | mkfs.ext2 -m0 /dev/mapper/test3_crypt |
2503 | -echo "test3_crypt $CRYPT_DEV $TMPDIR/keyfile plain,cipher=blowfish,hash=ripemd160,size=256,initramfs" >/etc/crypttab |
2504 | +echo "test3_crypt $CRYPT_DEV $TMPDIR/keyfile plain,cipher=blowfish,hash=ripemd160,initramfs" >/etc/crypttab |
2505 | mkinitramfs |
2506 | legacy_so="$(find "$INITRD_DIR" -type f -path "*/ossl-modules/legacy.so")" |
2507 | test -z "$legacy_so" || exit 1 # don't need legacy.so here |
2508 | diff --git a/debian/tests/utils/cryptroot-common b/debian/tests/utils/cryptroot-common |
2509 | index a7df37f..8cedda0 100755 |
2510 | --- a/debian/tests/utils/cryptroot-common |
2511 | +++ b/debian/tests/utils/cryptroot-common |
2512 | @@ -81,6 +81,7 @@ load_os_release() { |
2513 | } |
2514 | case "${DISTRIBUTOR_ID:="$(load_os_release && printf "%s" "${ID,,[A-Z]}")"}" in |
2515 | debian) APT_REPO_ORIGIN="Debian"; APT_REPO_URI="http://deb.debian.org/debian";; |
2516 | + ubuntu) APT_REPO_ORIGIN="Ubuntu"; APT_REPO_URI="http://archive.ubuntu.com/ubuntu";; |
2517 | # suitable values for derivative can be added here |
2518 | *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract APT origin" >&2; |
2519 | exit 1;; |
2520 | @@ -164,6 +165,12 @@ case "$BOOT" in |
2521 | efi) PKG_BOOTLOADER="grub-efi";; |
2522 | *) echo "ERROR unknown boot method '$BOOT'" >&2; exit 1;; |
2523 | esac |
2524 | + |
2525 | +if [ "$DISTRIBUTOR_ID" = "ubuntu" ]; then |
2526 | + echo "Overriding kernel arch to generic" |
2527 | + KERNEL_ARCH="generic" |
2528 | +fi |
2529 | + |
2530 | PKG_KERNEL="linux-image-$KERNEL_ARCH" |
2531 | PKG_INIT="systemd-sysv" # default pid1 |
2532 | MERGED_USR="" # use default layout for the target version |
2533 | @@ -301,6 +308,12 @@ setup_apt() { |
2534 | esac >"$TEMPDIR/apt/sources.list" |
2535 | fi |
2536 | |
2537 | + # ubuntu CI populates sources.list.d with PPA source, append them to the list |
2538 | + if [ "$DISTRIBUTOR_ID" = "ubuntu" -a -d /etc/apt/sources.list.d ]; then |
2539 | + echo "Append contents of /etc/apt/sources.list.d to $TEMPDIR/apt/sources.list" |
2540 | + find /etc/apt/sources.list.d -type f | xargs cat >> "$TEMPDIR/apt/sources.list" |
2541 | + fi |
2542 | + |
2543 | local apt_repo |
2544 | for apt_repo in "${EXTRA_REPOS[@]}"; do |
2545 | printf "%s\\n" "$apt_repo" >>"$TEMPDIR/apt/sources.list" |
2546 | @@ -416,9 +429,20 @@ extract_kernel() { |
2547 | fi |
2548 | |
2549 | mkdir "$destdir" |
2550 | - dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \ |
2551 | - "./boot/vmlinuz-$KERNEL_VERSION" \ |
2552 | - "./lib/modules/$KERNEL_VERSION" |
2553 | + if [ "$DISTRIBUTOR_ID" == "debian" ]; then |
2554 | + dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \ |
2555 | + "./boot/vmlinuz-$KERNEL_VERSION" \ |
2556 | + "./lib/modules/$KERNEL_VERSION" |
2557 | + elif [ "$DISTRIBUTOR_ID" == "ubuntu" ]; then |
2558 | + dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \ |
2559 | + "./boot/vmlinuz-$KERNEL_VERSION"; MODULES_DEB="$(echo $KERNEL_DEB | sed s/-image-/-modules-/)"; \ |
2560 | + dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$MODULES_DEB" | tar -C "$destdir" -xf- \ |
2561 | + "./lib/modules/$KERNEL_VERSION" |
2562 | + else |
2563 | + echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract kernel" >&2 |
2564 | + exit 1 |
2565 | + fi |
2566 | + |
2567 | ln -T -- "$destdir/boot/vmlinuz-$KERNEL_VERSION" "$TEMPDIR/vmlinuz-$KERNEL_VERSION" |
2568 | } |
2569 | |
2570 | diff --git a/debian/tests/utils/mock.pm b/debian/tests/utils/mock.pm |
2571 | index 10db3e6..2425d87 100644 |
2572 | --- a/debian/tests/utils/mock.pm |
2573 | +++ b/debian/tests/utils/mock.pm |
2574 | @@ -97,6 +97,26 @@ sub expect(;$$) { |
2575 | #print STDERR "INFO done reading\n"; |
2576 | } |
2577 | |
2578 | +sub consume($) { |
2579 | + my $chan = shift; |
2580 | + my $buffer = defined $chan ? \$BUFFER{$chan} : undef; |
2581 | + if (! defined $buffer) { |
2582 | + return; |
2583 | + } |
2584 | + |
2585 | + while(unpack("b*", $RBITS) != 0) { |
2586 | + my $rout = $RBITS; |
2587 | + if (select($rout, undef, undef, 1) == -1) { |
2588 | + return; |
2589 | + } |
2590 | + read_data($rout); |
2591 | + if (length($$buffer) == 0) { |
2592 | + return; |
2593 | + } |
2594 | + $$buffer = ""; |
2595 | + } |
2596 | +} |
2597 | + |
2598 | sub write_data($$%) { |
2599 | my $chan = shift; |
2600 | my $data = shift; |
2601 | @@ -167,11 +187,13 @@ BEGIN { |
2602 | hibernate |
2603 | poweroff |
2604 | expect |
2605 | + consume |
2606 | /; |
2607 | } |
2608 | |
2609 | *expect = \&CryptrootTest::Utils::expect; |
2610 | *write_data = \&CryptrootTest::Utils::write_data; |
2611 | +*consume = \&CryptrootTest::Utils::consume; |
2612 | |
2613 | sub unlock_disk($) { |
2614 | my $passphrase = shift; |
2615 | @@ -228,7 +250,9 @@ sub shell($%) { |
2616 | |
2617 | # enter S3 sleep state (suspend to ram aka standby) |
2618 | sub suspend() { |
2619 | - write_data($CONSOLE => q{systemctl suspend}); |
2620 | + # there is a race condition that causes suspend to fail. |
2621 | + # retry until success. Note, this may leave clutter in the console |
2622 | + write_data($CONSOLE => q{until systemctl suspend; do sleep 1; done}); |
2623 | # while the command is asynchronous the system might suspend before |
2624 | # we have a chance to read the next $PS1 |
2625 |
Install:
~$ sudo apt install cryptsetup initramfs libcryptsetup12 initramfs /ppa.launchpadc ontent. net/vpa1977/ cryptsetup- merge/ubuntu lunar/main amd64 libcryptsetup12 amd64 2:2.6.1- 1ubuntu1~ ppa2 [242 kB] /ppa.launchpadc ontent. net/vpa1977/ cryptsetup- merge/ubuntu lunar/main amd64 cryptsetup-bin amd64 2:2.6.1- 1ubuntu1~ ppa2 [501 kB] /ppa.launchpadc ontent. net/vpa1977/ cryptsetup- merge/ubuntu lunar/main amd64 cryptsetup amd64 2:2.6.1- 1ubuntu1~ ppa2 [217 kB] /ppa.launchpadc ontent. net/vpa1977/ cryptsetup- merge/ubuntu lunar/main amd64 cryptsetup- initramfs all 2:2.6.1- 1ubuntu1~ ppa2 [38.0 kB] up12_2% 3a2.6.1- 1ubuntu1~ ppa2_amd64. deb ... :amd64 (2:2.6. 1-1ubuntu1~ ppa2) over (2:2.5.0-6ubuntu1) bin_2%3a2. 6.1-1ubuntu1~ ppa2_amd64. deb ... 1-1ubuntu1~ ppa2) ... 2%3a2.6. 1-1ubuntu1~ ppa2_amd64. deb ... 1-1ubuntu1~ ppa2) ... initramfs. initramfs_ 2%3a2.6. 1-1ubuntu1~ ppa2_all. deb ... initramfs (2:2.6. 1-1ubuntu1~ ppa2) ... :amd64 (2:2.6. 1-1ubuntu1~ ppa2) ... 1-1ubuntu1~ ppa2) ... 1-1ubuntu1~ ppa2) ... initramfs (2:2.6. 1-1ubuntu1~ ppa2) ... img-5.19. 0-21-generic
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
cryptsetup-bin cryptsetup-
Suggested packages:
keyutils
The following NEW packages will be installed:
cryptsetup cryptsetup-bin cryptsetup-
The following packages will be upgraded:
libcryptsetup12
1 upgraded, 3 newly installed, 0 to remove and 845 not upgraded.
Need to get 997 kB of archives.
After this operation, 2,922 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 https:/
Get:2 https:/
Get:3 https:/
Get:4 https:/
Fetched 997 kB in 9s (113 kB/s)
Preconfiguring packages ...
(Reading database ... 160529 files and directories currently installed.)
Preparing to unpack .../libcryptset
Unpacking libcryptsetup12
...
Selecting previously unselected package cryptsetup-bin.
Preparing to unpack .../cryptsetup-
Unpacking cryptsetup-bin (2:2.6.
Selecting previously unselected package cryptsetup.
Preparing to unpack .../cryptsetup_
Unpacking cryptsetup (2:2.6.
Selecting previously unselected package cryptsetup-
Preparing to unpack .../cryptsetup-
Unpacking cryptsetup-
Setting up libcryptsetup12
Setting up cryptsetup-bin (2:2.6.
Setting up cryptsetup (2:2.6.
Setting up cryptsetup-
update-initramfs: deferring update (trigger activated)
Processing triggers for libc-bin (2.36-0ubuntu4) ...
Processing triggers for man-db (2.11.1-1) ...
Processing triggers for initramfs-tools (0.140ubuntu17) ...
update-initramfs: Generating /boot/initrd.