Merge ~vpa1977/ubuntu/+source/cryptsetup:merge-lp2019292-mantic into ubuntu/+source/cryptsetup:debian/sid
- Git
- lp:~vpa1977/ubuntu/+source/cryptsetup
- merge-lp2019292-mantic
- Merge into debian/sid
Status: | Needs review | ||||||||
---|---|---|---|---|---|---|---|---|---|
Proposed branch: | ~vpa1977/ubuntu/+source/cryptsetup:merge-lp2019292-mantic | ||||||||
Merge into: | ubuntu/+source/cryptsetup:debian/sid | ||||||||
Diff against target: |
2664 lines (+2034/-27) 15 files modified
debian/changelog (+1857/-0) debian/control (+7/-5) debian/functions (+9/-1) debian/initramfs/cryptroot-unlock (+12/-6) debian/initramfs/hooks/cryptroot (+5/-3) debian/patches/decrease_memlock_ulimit.patch (+49/-0) debian/patches/series (+1/-0) debian/rules (+2/-0) debian/tests/control (+3/-2) debian/tests/cryptroot-lvm.d/mock (+7/-2) debian/tests/cryptroot-nested.d/config (+7/-0) debian/tests/cryptroot-sysvinit.d/config (+7/-2) debian/tests/initramfs-hook (+16/-2) debian/tests/utils/cryptroot-common (+27/-3) debian/tests/utils/mock.pm (+25/-1) |
||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Steve Langasek (community) | Approve | ||
git-ubuntu import | Pending | ||
Review via email: mp+442802@code.launchpad.net |
Commit message
Description of the change
Summary of changes:
- merge cryptsetup 2:2.6.1-4 from debian/unstable
- retain full Ubuntu delta
PPA: ppa:vpa1977/
Testing:
- autopkgtests pass:
$autopkgtest --setup-
...
upstream-testsuite PASS
ssh-test-plugin PASS
cryptdisks.init PASS
initramfs-hook PASS
cryptroot-lvm PASS
cryptroot-legacy PASS
cryptroot-md PASS
cryptroot-nested PASS
cryptroot-sysvinit PASS
qemu-system-x86_64: terminating on signal 15 from pid 150782 (/usr/bin/python3)
- autopkgtest with proposed pass:
$ autopkgtest --apt-pocket=
...
upstream-testsuite PASS
ssh-test-plugin PASS
cryptdisks.init PASS
initramfs-hook PASS
cryptroot-lvm PASS
cryptroot-legacy PASS
cryptroot-md PASS
cryptroot-nested PASS
cryptroot-sysvinit PASS
qemu-system-x86_64: terminating on signal 15 from pid 173159 (/usr/bin/python3)
$
- upgrade succeeds (see comment)
[1] https:/
Steve Langasek (vorlon) wrote : | # |
wrong merge target
Steve Langasek (vorlon) wrote : | # |
clarified that debian/sid as target is intentional.
Unmerged commits
- 1b5cf90... by Vladimir Petko
-
debian/changelog
fix changelog
- 0ab6c7a... by Vladimir Petko
-
update-maintainer
- dc9397e... by Vladimir Petko
-
reconstruct-
changelog - dfe682f... by Vladimir Petko
-
merge-changelogs
- 4958e3e... by Vladimir Petko
-
Fix cryptroot-unlock for busybox compatibility.
- 0c04e8e... by Vladimir Petko
-
Fix warning and error when running on ZFS on root
- d/functions: Return an empty devno for ZFS devices as they don't have
major:minor device numbers.
- d/initramfs/hooks/cryptroot : Ignore and don't print an error message
when devices don't have a devno. - 6e83dc3... by Vladimir Petko
-
debian/control:
+ Recommend plymouth.
+ Depend on busybox-initramfs instead of busybox | busybox-static.
+ Move cryptsetup-initramfs back to cryptsetup's Recommends.
+ Do not build cryptsetup-suspend binary package on i386. - 78a51ac... by Vladimir Petko
-
- Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522)
+ debian/tests/utils/ mock.pm: return from consume() function if select()
times out or fails
+ debian/tests/utils/ cryptroot- common: fix apt source and kernel package
names for Ubuntu
+ debian/tests/cryptroot -sysvinit. d: use systemd-sysv init for Ubuntu
cryptroot- sysvinit package test
+ debian/tests/cryptroot -nested. d: fix cryptsetup-nested test, add
workaround for LP1831747 by adding a e2fsprogs dependency
+ debian/tests/initramfs -hook: fix test's initramfs layout for Ubuntu and
allow blowfish test use 64Mb of provisioned space (drop --size)
+ debian/tests/control: disable cryptdisks test - 14fac8c... by Vladimir Petko
-
Fixed FTBFS due to a restricted build environment
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index f8452c3..21a48c1 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,34 @@ |
6 | +cryptsetup (2:2.6.1-4ubuntu1) mantic; urgency=medium |
7 | + |
8 | + * Merge with Debian unstable (LP: #2019292). Remaining changes: |
9 | + - debian/control: |
10 | + + Recommend plymouth. |
11 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
12 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
13 | + + Do not build cryptsetup-suspend binary package on i386. |
14 | + - Fix cryptroot-unlock for busybox compatibility. |
15 | + - Fix warning and error when running on ZFS on root |
16 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
17 | + major:minor device numbers. |
18 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
19 | + when devices don't have a devno. |
20 | + - debian/patches/decrease_memlock_ulimit.patch |
21 | + Fixed FTBFS due to a restricted build environment |
22 | + - Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522) |
23 | + + debian/tests/utils/mock.pm: return from consume() function if select() |
24 | + times out or fails |
25 | + + debian/tests/utils/cryptroot-common: fix apt source and kernel package |
26 | + names for Ubuntu |
27 | + + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu |
28 | + cryptroot-sysvinit package test |
29 | + + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add |
30 | + workaround for LP1831747 by adding a e2fsprogs dependency |
31 | + + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and |
32 | + allow blowfish test use 64Mb of provisioned space (drop --size) |
33 | + + debian/tests/control: disable cryptdisks test |
34 | + |
35 | + -- Vladimir Petko <vladimir.petko@canonical.com> Mon, 15 May 2023 09:55:25 +1200 |
36 | + |
37 | cryptsetup (2:2.6.1-4) unstable; urgency=medium |
38 | |
39 | * Backport upstream MR !498, see #1028250: |
40 | @@ -32,6 +63,37 @@ cryptsetup (2:2.6.1-2) unstable; urgency=medium |
41 | |
42 | -- Guilhem Moulin <guilhem@debian.org> Thu, 02 Mar 2023 05:01:53 +0100 |
43 | |
44 | +cryptsetup (2:2.6.1-1ubuntu1) lunar; urgency=low |
45 | + |
46 | + * Merge with Debian unstable (LP: #2004423). Remaining changes: |
47 | + - debian/control: |
48 | + + Recommend plymouth. |
49 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
50 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
51 | + + Do not build cryptsetup-suspend binary package on i386. |
52 | + - Fix cryptroot-unlock for busybox compatibility. |
53 | + - Fix warning and error when running on ZFS on root |
54 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
55 | + major:minor device numbers. |
56 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
57 | + when devices don't have a devno. |
58 | + - debian/patches/decrease_memlock_ulimit.patch |
59 | + Fixed FTBFS due to a restricted build environment |
60 | + - Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522) |
61 | + + debian/tests/utils/mock.pm: return from consume() function if select() |
62 | + times out or fails |
63 | + + debian/tests/utils/cryptroot-common: fix apt source and kernel package |
64 | + names for Ubuntu |
65 | + + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu |
66 | + cryptroot-sysvinit package test |
67 | + + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add |
68 | + workaround for LP1831747 by adding a e2fsprogs dependency |
69 | + + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and |
70 | + allow blowfish test use 64Mb of provisioned space (drop --size) |
71 | + + debian/tests/control: disable cryptdisks test |
72 | + |
73 | + -- Vladimir Petko <vladimir.petko@canonical.com> Mon, 13 Feb 2023 15:57:18 +1300 |
74 | + |
75 | cryptsetup (2:2.6.1-1) unstable; urgency=medium |
76 | |
77 | * New upstream bugfix release. |
78 | @@ -81,6 +143,54 @@ cryptsetup (2:2.6.0~rc0-1) experimental; urgency=medium |
79 | |
80 | -- Guilhem Moulin <guilhem@debian.org> Sat, 19 Nov 2022 17:30:40 +0100 |
81 | |
82 | +cryptsetup (2:2.5.0-6ubuntu3) lunar; urgency=medium |
83 | + |
84 | + * Fix cryptroot-lvm autopkgtest on Ubuntu. (LP: #1983522) |
85 | + - debian/tests/control: enable cryptroot-lvm |
86 | + - debian/tests/utils/mock.pm: return from consume() function if select() |
87 | + times out or fails |
88 | + |
89 | + -- Vladimir Petko <vladimir.petko@canonical.com> Fri, 02 Dec 2022 15:53:42 +1300 |
90 | + |
91 | +cryptsetup (2:2.5.0-6ubuntu2) lunar; urgency=medium |
92 | + |
93 | + * Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522) |
94 | + - debian/tests/utils/cryptroot-common: fix apt source and kernel package |
95 | + names for Ubuntu |
96 | + - debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu |
97 | + cryptroot-sysvinit package test |
98 | + - debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add |
99 | + workaround for LP1831747 by adding a e2fsprogs dependency |
100 | + - debian/tests/control: disable cryptdisks, cryptroot-lvm due to CI |
101 | + failures and update comments |
102 | + - debian/tests/utils/mock.pm: fix cryptoroot-lvm test adding retries to the |
103 | + suspend operation and consuming the console buffer before making |
104 | + assertions. It still hangs in CI and requires further work. |
105 | + - debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and |
106 | + allow blowfish test use 64Mb of provisioned space (drop --size) |
107 | + |
108 | + -- Vladimir Petko <vladimir.petko@canonical.com> Fri, 02 Dec 2022 14:14:42 +1300 |
109 | + |
110 | +cryptsetup (2:2.5.0-6ubuntu1) lunar; urgency=low |
111 | + |
112 | + * Merge from Debian unstable. Remaining changes: |
113 | + - debian/control: |
114 | + + Recommend plymouth. |
115 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
116 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
117 | + + Do not build cryptsetup-suspend binary package on i386. |
118 | + - Fix cryptroot-unlock for busybox compatibility. |
119 | + - Fix warning and error when running on ZFS on root |
120 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
121 | + major:minor device numbers. |
122 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
123 | + when devices don't have a devno. |
124 | + - debian/patches/decrease_memlock_ulimit.patch |
125 | + Fixed FTBFS due to a restricted build environment |
126 | + - Disable failing Debian-tailored cryptroot-* autopkgtests |
127 | + |
128 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 07 Nov 2022 08:36:38 -0800 |
129 | + |
130 | cryptsetup (2:2.5.0-6) unstable; urgency=medium |
131 | |
132 | * d/t/cryptroot-*: Mask systemd-firstboot.service. |
133 | @@ -176,6 +286,26 @@ cryptsetup (2:2.5.0-3) unstable; urgency=low |
134 | |
135 | -- Guilhem Moulin <guilhem@debian.org> Sun, 18 Sep 2022 23:01:46 +0200 |
136 | |
137 | +cryptsetup (2:2.5.0-2ubuntu1) kinetic; urgency=medium |
138 | + |
139 | + * Merge from Debian unstable. Remaining changes: |
140 | + - debian/control: |
141 | + + Recommend plymouth. |
142 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
143 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
144 | + + Do not build cryptsetup-suspend binary package on i386. |
145 | + - Fix cryptroot-unlock for busybox compatibility. |
146 | + - Fix warning and error when running on ZFS on root: (LP: #1830110) |
147 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
148 | + major:minor device numbers. |
149 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
150 | + when devices don't have a devno. |
151 | + - debian/patches/decrease_memlock_ulimit.patch |
152 | + Fixed FTBFS due to a restricted build environment |
153 | + * Disable failing Debian-tailored cryptroot-* autopkgtests, see bug #1983522 |
154 | + |
155 | + -- Benjamin Drung <bdrung@ubuntu.com> Wed, 24 Aug 2022 00:56:28 +0200 |
156 | + |
157 | cryptsetup (2:2.5.0-2) unstable; urgency=low |
158 | |
159 | [ Matthias Klose ] |
160 | @@ -234,6 +364,29 @@ cryptsetup (2:2.5.0-2) unstable; urgency=low |
161 | |
162 | -- Guilhem Moulin <guilhem@debian.org> Tue, 09 Aug 2022 01:40:50 +0200 |
163 | |
164 | +cryptsetup (2:2.5.0-1ubuntu1) kinetic; urgency=medium |
165 | + |
166 | + * Merge from Debian unstable. Remaining changes: |
167 | + - debian/control: |
168 | + + Recommend plymouth. |
169 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
170 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
171 | + + Do not build cryptsetup-suspend binary package on i386. |
172 | + - Fix cryptroot-unlock for busybox compatibility. |
173 | + - Fix warning and error when running on ZFS on root: (LP: #1830110) |
174 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
175 | + major:minor device numbers. |
176 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
177 | + when devices don't have a devno. |
178 | + - debian/patches/decrease_memlock_ulimit.patch |
179 | + Fixed FTBFS due to a restricted build environment |
180 | + - Stop building the udeb on request. |
181 | + * d/initramfs/hooks/cryptroot: Include OpenSSL legacy.so for ripemd160 and |
182 | + whirlpool hash algorithms (LP: #1979159) |
183 | + * Disable failing Debian-tailored cryptroot-* autopkgtests, see bug #1983522 |
184 | + |
185 | + -- Benjamin Drung <bdrung@ubuntu.com> Thu, 04 Aug 2022 12:30:02 +0200 |
186 | + |
187 | cryptsetup (2:2.5.0-1) unstable; urgency=medium |
188 | |
189 | * New upstream release. (Closes: #1000634, #1011128) |
190 | @@ -312,6 +465,26 @@ cryptsetup (2:2.5.0~rc1-1) experimental; urgency=low |
191 | |
192 | -- Guilhem Moulin <guilhem@debian.org> Fri, 15 Jul 2022 01:49:59 +0200 |
193 | |
194 | +cryptsetup (2:2.4.3-1ubuntu1) jammy; urgency=low |
195 | + |
196 | + * Merge from Debian unstable (LP: #1959427). Remaining changes: |
197 | + - debian/control: |
198 | + + Recommend plymouth. |
199 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
200 | + + Move cryptsetup-initramfs back to cryptsetup's Recommends. |
201 | + + Do not build cryptsetup-suspend binary package on i386. |
202 | + - Fix cryptroot-unlock for busybox compatibility. |
203 | + - Fix warning and error when running on ZFS on root: (LP: #1830110) |
204 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
205 | + major:minor device numbers. |
206 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message |
207 | + when devices don't have a devno. |
208 | + - debian/patches/decrease_memlock_ulimit.patch |
209 | + Fixed FTBFS due to a restricted build environment |
210 | + - Stop building the udeb on request. |
211 | + |
212 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 28 Jan 2022 12:14:06 -0800 |
213 | + |
214 | cryptsetup (2:2.4.3-1) unstable; urgency=high |
215 | |
216 | [ Guilhem Moulin ] |
217 | @@ -325,6 +498,64 @@ cryptsetup (2:2.4.3-1) unstable; urgency=high |
218 | |
219 | -- Guilhem Moulin <guilhem@debian.org> Thu, 13 Jan 2022 19:07:05 +0100 |
220 | |
221 | +cryptsetup (2:2.4.2-1ubuntu4) jammy; urgency=medium |
222 | + |
223 | + * Move cryptsetup-initramfs back to cryptsetup's Recommends (from Suggests). |
224 | + |
225 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 09 Dec 2021 12:53:00 +1300 |
226 | + |
227 | +cryptsetup (2:2.4.2-1ubuntu3) jammy; urgency=medium |
228 | + |
229 | + * Fix build on i386. |
230 | + |
231 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 07 Dec 2021 13:17:48 +1300 |
232 | + |
233 | +cryptsetup (2:2.4.2-1ubuntu2) jammy; urgency=medium |
234 | + |
235 | + * Do not build new cryptsetup-suspend binary package on i386. |
236 | + |
237 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 07 Dec 2021 11:47:55 +1300 |
238 | + |
239 | +cryptsetup (2:2.4.2-1ubuntu1) jammy; urgency=medium |
240 | + |
241 | + * Merge from Debian unstable. Remaining changes: |
242 | + - debian/control: |
243 | + + Recommend plymouth. |
244 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
245 | + - Fix cryptroot-unlock for busybox compatibility. |
246 | + - Fix warning and error when running on ZFS on root: (LP: #1830110) |
247 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
248 | + major:minor device numbers. |
249 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when |
250 | + devices don't have a devno. |
251 | + Submitted to debian upstream as bug #902449. |
252 | + - debian/patches/decrease_memlock_ulimit.patch |
253 | + Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473) |
254 | + tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test. |
255 | + - Thanks Guilherme G. Piccoli. |
256 | + - Stop building the udeb on request. |
257 | + * Dropped change, included in Debian: |
258 | + - Introduce retry logic for external invocations after mdadm (LP: #1879980) |
259 | + - Currently, if an encrypted rootfs is configured on top of a MD RAID1 |
260 | + array and such array gets degraded (e.g., a member is removed/failed) |
261 | + the cryptsetup scripts cannot mount the rootfs, and the boot fails. |
262 | + We fix that issue here by allowing the cryptroot script to be re-run |
263 | + by initramfs-tools/local-block stage, as mdadm can activate degraded |
264 | + arrays at that stage. |
265 | + There is an initramfs-tools counter-part for this fix, but alone the |
266 | + cryptsetup portion is harmless. |
267 | + - d/cryptsetup-initramfs.install: ship the new local-bottom script. |
268 | + - d/functions: declare variables for local-top|block|bottom scripts |
269 | + (flag that local-block is running and external invocation counter.) |
270 | + - d/i/s/local-block/cryptroot: set flag that local-block is running. |
271 | + - d/i/s/local-bottom/cryptroot: clean up the flag and counter files. |
272 | + - d/i/s/local-top/cryptroot: change the logic from just waiting 180 |
273 | + seconds to waiting 5 seconds first, then allowing initramfs-tools |
274 | + to run mdadm (to activate degraded arrays) and call back at least |
275 | + 30 times/seconds more. |
276 | + |
277 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 02 Dec 2021 11:58:05 +1300 |
278 | + |
279 | cryptsetup (2:2.4.2-1) unstable; urgency=high |
280 | |
281 | * New upstream bugfix release 2.4.2. |
282 | @@ -443,6 +674,18 @@ cryptsetup (2:2.3.6-1+exp1) experimental; urgency=medium |
283 | |
284 | -- Guilhem Moulin <guilhem@debian.org> Fri, 28 May 2021 22:54:20 +0200 |
285 | |
286 | +cryptsetup (2:2.3.6-0ubuntu2) jammy; urgency=medium |
287 | + |
288 | + * No-change rebuild against openssl3 |
289 | + |
290 | + -- Simon Chopin <simon.chopin@canonical.com> Thu, 25 Nov 2021 14:22:07 +0200 |
291 | + |
292 | +cryptsetup (2:2.3.6-0ubuntu1) impish; urgency=medium |
293 | + |
294 | + * New upstream release. |
295 | + |
296 | + -- Matthieu Clemenceau <matthieu.clemenceau@canonical.com> Fri, 20 Aug 2021 11:32:12 +1200 |
297 | + |
298 | cryptsetup (2:2.3.5-1+exp1) experimental; urgency=medium |
299 | |
300 | * Upload to experimental. |
301 | @@ -515,6 +758,69 @@ cryptsetup (2:2.3.4-1+exp1) experimental; urgency=medium |
302 | |
303 | -- Guilhem Moulin <guilhem@debian.org> Fri, 04 Sep 2020 00:55:41 +0200 |
304 | |
305 | +cryptsetup (2:2.3.4-1ubuntu3) hirsute; urgency=medium |
306 | + |
307 | + * Stop building the udeb on request. |
308 | + |
309 | + -- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 12:10:36 +0100 |
310 | + |
311 | +cryptsetup (2:2.3.4-1ubuntu2) hirsute; urgency=medium |
312 | + |
313 | + * No-change rebuild to drop the udeb package. |
314 | + |
315 | + -- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:30:38 +0100 |
316 | + |
317 | +cryptsetup (2:2.3.4-1ubuntu1) hirsute; urgency=medium |
318 | + |
319 | + * Merge with Debian unstable. Remaining changes: |
320 | + - debian/control: |
321 | + + Recommend plymouth. |
322 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
323 | + - Fix cryptroot-unlock for busybox compatibility. |
324 | + - Fix warning and error when running on ZFS on root: (LP #1830110) |
325 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
326 | + major:minor device numbers. |
327 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when |
328 | + devices don't have a devno. |
329 | + Submitted to debian upstream as bug #902449. |
330 | + - debian/patches/decrease_memlock_ulimit.patch |
331 | + Fixed FTBFS due a restrict environment in the new Bionic Builder (LP #1891473) |
332 | + tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test. |
333 | + - Thanks Guilherme G. Piccoli. |
334 | + - Introduce retry logic for external invocations after mdadm (LP #1879980) |
335 | + - Currently, if an encrypted rootfs is configured on top of a MD RAID1 |
336 | + array and such array gets degraded (e.g., a member is removed/failed) |
337 | + the cryptsetup scripts cannot mount the rootfs, and the boot fails. |
338 | + We fix that issue here by allowing the cryptroot script to be re-run |
339 | + by initramfs-tools/local-block stage, as mdadm can activate degraded |
340 | + arrays at that stage. |
341 | + There is an initramfs-tools counter-part for this fix, but alone the |
342 | + cryptsetup portion is harmless. |
343 | + - d/cryptsetup-initramfs.install: ship the new local-bottom script. |
344 | + - d/functions: declare variables for local-top|block|bottom scripts |
345 | + (flag that local-block is running and external invocation counter.) |
346 | + - d/i/s/local-block/cryptroot: set flag that local-block is running. |
347 | + - d/i/s/local-bottom/cryptroot: clean up the flag and counter files. |
348 | + - d/i/s/local-top/cryptroot: change the logic from just waiting 180 |
349 | + seconds to waiting 5 seconds first, then allowing initramfs-tools |
350 | + to run mdadm (to activate degraded arrays) and call back at least |
351 | + 30 times/seconds more. |
352 | + * Dropped changes: |
353 | + - Included in new upstream version: |
354 | + - SECURITY UPDATE: Out-of-bounds write |
355 | + - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of |
356 | + heap space in lib/luks2/luks2_json_metadata.c. |
357 | + - CVE-2020-14382 |
358 | + - included in Debian: |
359 | + - debian/cryptsetup-bin.install: |
360 | + - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where |
361 | + it was installed from ./scripts/crypsetup.conf. |
362 | + - debian/rules: |
363 | + - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even |
364 | + without systemd knows how to ship cryptsetup.conf |
365 | + |
366 | + -- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Tue, 10 Nov 2020 10:37:25 +1300 |
367 | + |
368 | cryptsetup (2:2.3.4-1) unstable; urgency=high |
369 | |
370 | * New upstream bugfix release, including fix for CVE-2020-14382: |
371 | @@ -582,6 +888,80 @@ cryptsetup (2:2.3.3-2) unstable; urgency=medium |
372 | |
373 | -- Guilhem Moulin <guilhem@debian.org> Wed, 12 Aug 2020 00:22:59 +0200 |
374 | |
375 | +cryptsetup (2:2.3.3-1ubuntu6) groovy; urgency=medium |
376 | + |
377 | + * Introduce retry logic for external invocations after mdadm (LP: #1879980) |
378 | + - Currently, if an encrypted rootfs is configured on top of a MD RAID1 |
379 | + array and such array gets degraded (e.g., a member is removed/failed) |
380 | + the cryptsetup scripts cannot mount the rootfs, and the boot fails. |
381 | + We fix that issue here by allowing the cryptroot script to be re-run |
382 | + by initramfs-tools/local-block stage, as mdadm can activate degraded |
383 | + arrays at that stage. |
384 | + There is an initramfs-tools counter-part for this fix, but alone the |
385 | + cryptsetup portion is harmless. |
386 | + - d/cryptsetup-initramfs.install: ship the new local-bottom script. |
387 | + - d/functions: declare variables for local-top|block|bottom scripts |
388 | + (flag that local-block is running and external invocation counter.) |
389 | + - d/i/s/local-block/cryptroot: set flag that local-block is running. |
390 | + - d/i/s/local-bottom/cryptroot: clean up the flag and counter files. |
391 | + - d/i/s/local-top/cryptroot: change the logic from just waiting 180 |
392 | + seconds to waiting 5 seconds first, then allowing initramfs-tools |
393 | + to run mdadm (to activate degraded arrays) and call back at least |
394 | + 30 times/seconds more. |
395 | + |
396 | + -- Guilherme G. Piccoli <gpiccoli@canonical.com> Wed, 16 Sep 2020 17:35:59 -0300 |
397 | + |
398 | +cryptsetup (2:2.3.3-1ubuntu5) groovy; urgency=medium |
399 | + |
400 | + * SECURITY UPDATE: Out-of-bounds write |
401 | + - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of |
402 | + heap space in lib/luks2/luks2_json_metadata.c. |
403 | + - CVE-2020-14382 |
404 | + * debian/patches/decrease_memlock_ulimit.patch |
405 | + Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473) |
406 | + tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test. |
407 | + - Thanks Guilherme G. Piccoli. |
408 | + |
409 | + -- Leonidas S. Barbosa <leo.barbosa@canonical.com> Wed, 09 Sep 2020 09:29:17 -0300 |
410 | + |
411 | +cryptsetup (2:2.3.3-1ubuntu4) groovy; urgency=medium |
412 | + |
413 | + * No change rebuild against new json-c ABI. |
414 | + |
415 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 28 Jul 2020 17:42:50 +0100 |
416 | + |
417 | +cryptsetup (2:2.3.3-1ubuntu3) groovy; urgency=medium |
418 | + |
419 | + * debian/rules: |
420 | + - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even |
421 | + without systemd knows how to ship cryptsetup.conf |
422 | + |
423 | + -- Didier Roche <didrocks@ubuntu.com> Thu, 18 Jun 2020 11:44:50 +0200 |
424 | + |
425 | +cryptsetup (2:2.3.3-1ubuntu2) groovy; urgency=medium |
426 | + |
427 | + * debian/cryptsetup-bin.install: |
428 | + - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where |
429 | + it was installed from ./scripts/crypsetup.conf. |
430 | + * Fix warning and error when running on ZFS on root: (LP: #1830110) |
431 | + - d/functions: Return an empty devno for ZFS devices as they don't have |
432 | + major:minor device numbers. |
433 | + - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when |
434 | + devices don't have a devno. |
435 | + Submitted to debian upstream as bug #902449. |
436 | + |
437 | + -- Didier Roche <didrocks@ubuntu.com> Thu, 18 Jun 2020 10:12:10 +0200 |
438 | + |
439 | +cryptsetup (2:2.3.3-1ubuntu1) groovy; urgency=low |
440 | + |
441 | + * Merge from Debian unstable. Remaining changes: |
442 | + - debian/control: |
443 | + + Recommend plymouth. |
444 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
445 | + - Fix cryptroot-unlock for busybox compatibility. |
446 | + |
447 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 09 Jun 2020 10:40:32 -0700 |
448 | + |
449 | cryptsetup (2:2.3.3-1) unstable; urgency=medium |
450 | |
451 | [ Guilhem Moulin ] |
452 | @@ -610,6 +990,16 @@ cryptsetup (2:2.3.2-1) unstable; urgency=medium |
453 | |
454 | -- Guilhem Moulin <guilhem@debian.org> Wed, 06 May 2020 16:22:01 +0200 |
455 | |
456 | +cryptsetup (2:2.3.1-1ubuntu1) groovy; urgency=low |
457 | + |
458 | + * Merge from Debian unstable. Remaining changes: |
459 | + - debian/control: |
460 | + + Recommend plymouth. |
461 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
462 | + - Fix cryptroot-unlock for busybox compatibility. |
463 | + |
464 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 01 May 2020 07:07:58 -0700 |
465 | + |
466 | cryptsetup (2:2.3.1-1) unstable; urgency=medium |
467 | |
468 | * New upstream release. |
469 | @@ -645,6 +1035,23 @@ cryptsetup (2:2.3.0-1) unstable; urgency=low |
470 | |
471 | -- Guilhem Moulin <guilhem@debian.org> Wed, 04 Mar 2020 00:48:19 +0100 |
472 | |
473 | +cryptsetup (2:2.2.2-3ubuntu2) focal; urgency=medium |
474 | + |
475 | + * Depend on cryptsetup from cryptsetup-initramfs instead of the dummy |
476 | + cryptsetup-run package. LP: #1864360. |
477 | + |
478 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 27 Feb 2020 00:16:14 -0600 |
479 | + |
480 | +cryptsetup (2:2.2.2-3ubuntu1) focal; urgency=medium |
481 | + |
482 | + * Merge from Debian unstable. Remaining changes: |
483 | + - debian/control: |
484 | + + Recommend plymouth. |
485 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
486 | + - Fix cryptroot-unlock for busybox compatibility. |
487 | + |
488 | + -- Matthias Klose <doko@ubuntu.com> Mon, 10 Feb 2020 09:20:12 +0100 |
489 | + |
490 | cryptsetup (2:2.2.2-3) unstable; urgency=high |
491 | |
492 | * initramfs hook: Workaround fix for the libgcc_s's source location. |
493 | @@ -653,6 +1060,16 @@ cryptsetup (2:2.2.2-3) unstable; urgency=high |
494 | |
495 | -- Guilhem Moulin <guilhem@debian.org> Tue, 04 Feb 2020 14:11:12 +0100 |
496 | |
497 | +cryptsetup (2:2.2.2-2ubuntu1) focal; urgency=low |
498 | + |
499 | + * Merge from Debian unstable. Remaining changes: |
500 | + - debian/control: |
501 | + + Recommend plymouth. |
502 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
503 | + - Fix cryptroot-unlock for busybox compatibility. |
504 | + |
505 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 01 Feb 2020 22:11:22 -0800 |
506 | + |
507 | cryptsetup (2:2.2.2-2) unstable; urgency=medium |
508 | |
509 | [ Guilhem Moulin ] |
510 | @@ -670,6 +1087,16 @@ cryptsetup (2:2.2.2-2) unstable; urgency=medium |
511 | |
512 | -- Guilhem Moulin <guilhem@debian.org> Sat, 18 Jan 2020 20:53:19 +0100 |
513 | |
514 | +cryptsetup (2:2.2.2-1ubuntu1) focal; urgency=low |
515 | + |
516 | + * Merge from Debian unstable. Remaining changes: |
517 | + - debian/control: |
518 | + + Recommend plymouth. |
519 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
520 | + - Fix cryptroot-unlock for busybox compatibility. |
521 | + |
522 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 11 Nov 2019 22:07:44 -0800 |
523 | + |
524 | cryptsetup (2:2.2.2-1) unstable; urgency=medium |
525 | |
526 | * New upstream bugfix release. |
527 | @@ -680,6 +1107,16 @@ cryptsetup (2:2.2.2-1) unstable; urgency=medium |
528 | |
529 | -- Guilhem Moulin <guilhem@debian.org> Fri, 01 Nov 2019 19:32:36 +0100 |
530 | |
531 | +cryptsetup (2:2.2.1-1ubuntu1) focal; urgency=low |
532 | + |
533 | + * Merge from Debian unstable. Remaining changes: |
534 | + - debian/control: |
535 | + + Recommend plymouth. |
536 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
537 | + - Fix cryptroot-unlock for busybox compatibility. |
538 | + |
539 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 18 Oct 2019 15:14:29 -0700 |
540 | + |
541 | cryptsetup (2:2.2.1-1) unstable; urgency=medium |
542 | |
543 | * New upstream bugfix release. |
544 | @@ -687,6 +1124,16 @@ cryptsetup (2:2.2.1-1) unstable; urgency=medium |
545 | |
546 | -- Guilhem Moulin <guilhem@debian.org> Fri, 06 Sep 2019 13:28:55 +0200 |
547 | |
548 | +cryptsetup (2:2.2.0-3ubuntu1) eoan; urgency=low |
549 | + |
550 | + * Merge from Debian unstable. Remaining changes: |
551 | + - debian/control: |
552 | + + Recommend plymouth. |
553 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
554 | + - Fix cryptroot-unlock for busybox compatibility. |
555 | + |
556 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 28 Aug 2019 16:13:22 -0700 |
557 | + |
558 | cryptsetup (2:2.2.0-3) unstable; urgency=medium |
559 | |
560 | * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on |
561 | @@ -694,6 +1141,16 @@ cryptsetup (2:2.2.0-3) unstable; urgency=medium |
562 | |
563 | -- Guilhem Moulin <guilhem@debian.org> Mon, 26 Aug 2019 12:53:45 +0200 |
564 | |
565 | +cryptsetup (2:2.2.0-2ubuntu1) eoan; urgency=low |
566 | + |
567 | + * Merge from Debian unstable. Remaining changes: |
568 | + - debian/control: |
569 | + + Recommend plymouth. |
570 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
571 | + - Fix cryptroot-unlock for busybox compatibility. |
572 | + |
573 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sun, 25 Aug 2019 12:25:55 -0700 |
574 | + |
575 | cryptsetup (2:2.2.0-2) unstable; urgency=medium |
576 | |
577 | * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy |
578 | @@ -705,6 +1162,25 @@ cryptsetup (2:2.2.0-2) unstable; urgency=medium |
579 | |
580 | -- Guilhem Moulin <guilhem@debian.org> Wed, 21 Aug 2019 22:45:12 +0200 |
581 | |
582 | +cryptsetup (2:2.2.0-1ubuntu2) eoan; urgency=medium |
583 | + |
584 | + * debian/initramfs/cryptroot-unlock: canonicalize executable paths. |
585 | + Thanks to Paride Legovini <paride.legovini@canonical.com> for the patch. |
586 | + LP: #1840752. |
587 | + |
588 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 20 Aug 2019 15:34:10 -0700 |
589 | + |
590 | +cryptsetup (2:2.2.0-1ubuntu1) eoan; urgency=low |
591 | + |
592 | + * Merge from Debian unstable. Remaining changes: |
593 | + - debian/control: |
594 | + + Recommend plymouth. |
595 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
596 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
597 | + compatibility. |
598 | + |
599 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Tue, 20 Aug 2019 14:21:34 +0200 |
600 | + |
601 | cryptsetup (2:2.2.0-1) unstable; urgency=medium |
602 | |
603 | * New upstream release 2.2.0. Highlights include: |
604 | @@ -782,6 +1258,23 @@ cryptsetup (2:2.1.0-6) unstable; urgency=low |
605 | |
606 | -- Guilhem Moulin <guilhem@debian.org> Sat, 20 Jul 2019 22:15:04 -0300 |
607 | |
608 | +cryptsetup (2:2.1.0-5ubuntu2) eoan; urgency=medium |
609 | + |
610 | + * Rebuild against new libjson-c4. |
611 | + |
612 | + -- Gianfranco Costamagna <locutusofborg@debian.org> Sat, 29 Jun 2019 13:48:37 +0200 |
613 | + |
614 | +cryptsetup (2:2.1.0-5ubuntu1) eoan; urgency=low |
615 | + |
616 | + * Merge from Debian unstable. Remaining changes: |
617 | + - debian/control: |
618 | + + Recommend plymouth. |
619 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
620 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
621 | + compatibility. |
622 | + |
623 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 14 Jun 2019 14:09:31 -0700 |
624 | + |
625 | cryptsetup (2:2.1.0-5) unstable; urgency=medium |
626 | |
627 | [ Jonas Meurer ] |
628 | @@ -794,6 +1287,17 @@ cryptsetup (2:2.1.0-5) unstable; urgency=medium |
629 | |
630 | -- Guilhem Moulin <guilhem@debian.org> Mon, 10 Jun 2019 14:51:15 +0200 |
631 | |
632 | +cryptsetup (2:2.1.0-4ubuntu1) eoan; urgency=low |
633 | + |
634 | + * Merge from Debian unstable. Remaining changes: |
635 | + - debian/control: |
636 | + + Recommend plymouth. |
637 | + + Depend on busybox-initramfs instead of busybox | busybox-static. |
638 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
639 | + compatibility. |
640 | + |
641 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 28 May 2019 18:32:08 -0700 |
642 | + |
643 | cryptsetup (2:2.1.0-4) unstable; urgency=medium |
644 | |
645 | [Guilhem Moulin] |
646 | @@ -813,6 +1317,26 @@ cryptsetup (2:2.1.0-4) unstable; urgency=medium |
647 | |
648 | -- Guilhem Moulin <guilhem@debian.org> Tue, 28 May 2019 17:04:16 +0200 |
649 | |
650 | +cryptsetup (2:2.1.0-3ubuntu2) eoan; urgency=medium |
651 | + |
652 | + * Depend on busybox-initramfs, which is the implementation we actually use |
653 | + for the initramfs and is guaranteed to always be present, instead of |
654 | + busybox-static. |
655 | + |
656 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 09 May 2019 14:47:04 -0700 |
657 | + |
658 | +cryptsetup (2:2.1.0-3ubuntu1) eoan; urgency=low |
659 | + |
660 | + * Merge from Debian unstable. Remaining changes: |
661 | + - debian/control: |
662 | + + Recommend plymouth. |
663 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
664 | + is the one we ship in main as part of the ubuntu-standard task. |
665 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
666 | + compatibility. LP: #1651818 |
667 | + |
668 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 03 May 2019 16:22:03 -0700 |
669 | + |
670 | cryptsetup (2:2.1.0-3) unstable; urgency=medium |
671 | |
672 | * d/scripts/decrypt_opensc: Fix standard output poisoning. Thanks to Nils |
673 | @@ -836,6 +1360,19 @@ cryptsetup (2:2.1.0-2) unstable; urgency=medium |
674 | |
675 | -- Guilhem Moulin <guilhem@debian.org> Thu, 28 Feb 2019 22:32:43 +0100 |
676 | |
677 | +cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium |
678 | + |
679 | + * Merge from Debian unstable. LP: #1815484 |
680 | + * Remaining changes: |
681 | + - debian/control: |
682 | + + Recommend plymouth. |
683 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
684 | + is the one we ship in main as part of the ubuntu-standard task. |
685 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
686 | + compatibility. LP: #1651818 |
687 | + |
688 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 13 Feb 2019 21:28:23 +0000 |
689 | + |
690 | cryptsetup (2:2.1.0-1) unstable; urgency=medium |
691 | |
692 | * New upstream release. Highlights include: |
693 | @@ -878,6 +1415,20 @@ cryptsetup (2:2.1.0-1) unstable; urgency=medium |
694 | |
695 | -- Guilhem Moulin <guilhem@debian.org> Sat, 09 Feb 2019 00:40:17 +0100 |
696 | |
697 | +cryptsetup (2:2.0.6-1ubuntu1) disco; urgency=medium |
698 | + |
699 | + * Merge from Debian unstable. |
700 | + * Remaining changes: |
701 | + - debian/control: |
702 | + + Recommend plymouth. |
703 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
704 | + is the one we ship in main as part of the ubuntu-standard task. |
705 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
706 | + compatibility. LP: #1651818 |
707 | + * Dropped delta sector_size support, merged in Debian. |
708 | + |
709 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 05 Feb 2019 13:43:25 +0000 |
710 | + |
711 | cryptsetup (2:2.0.6-1) unstable; urgency=medium |
712 | |
713 | * New upstream bugfix release. Highlights include: |
714 | @@ -942,6 +1493,27 @@ cryptsetup (2:2.0.4-3) unstable; urgency=medium |
715 | |
716 | -- Guilhem Moulin <guilhem@debian.org> Mon, 22 Oct 2018 17:45:35 +0200 |
717 | |
718 | +cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium |
719 | + |
720 | + * Implement support for --sector-size cryptsetup plain mode option in |
721 | + crypttab. Matching support is also proposed to systemd-cryptsetup as |
722 | + well. LP: #1776626 |
723 | + |
724 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 31 Aug 2018 17:00:07 +0100 |
725 | + |
726 | +cryptsetup (2:2.0.4-2ubuntu1) cosmic; urgency=low |
727 | + |
728 | + * Merge from Debian unstable. LP: #1785610. |
729 | + * Remaining changes: |
730 | + - debian/control: |
731 | + + Recommend plymouth. |
732 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
733 | + is the one we ship in main as part of the ubuntu-standard task. |
734 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
735 | + compatibility. LP: #1651818 |
736 | + |
737 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 22 Aug 2018 22:51:47 +0100 |
738 | + |
739 | cryptsetup (2:2.0.4-2) unstable; urgency=medium |
740 | |
741 | * debian/cryptsetup-initramfs.preinst: Don't try to overwrite |
742 | @@ -974,6 +1546,28 @@ cryptsetup (2:2.0.3-7) unstable; urgency=medium |
743 | |
744 | -- Guilhem Moulin <guilhem@debian.org> Mon, 30 Jul 2018 16:32:07 +0800 |
745 | |
746 | +cryptsetup (2:2.0.3-6ubuntu1) cosmic; urgency=low |
747 | + |
748 | + * Merge from Debian unstable. LP: #1781912. |
749 | + * Remaining changes: |
750 | + - debian/control: |
751 | + + Recommend plymouth. |
752 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
753 | + is the one we ship in main as part of the ubuntu-standard task. |
754 | + - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
755 | + compatibility. LP: #1651818 |
756 | + * Dropped changes, included in Debian: |
757 | + - Drop explicit libgcrypt20 dependency from libcryptsetup4. |
758 | + - Drop the CRYPTSETUP variable warning from the initramfs hook, as |
759 | + overlayroot package ships a dropin in conf-hooks.d triggering false |
760 | + warnings. |
761 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
762 | + - Drop c99 std, as the default is now higher than that |
763 | + * Dropped changes, no longer needed: |
764 | + - Add maintscript to drop removed upstart system jobs. |
765 | + |
766 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 16 Jul 2018 08:27:58 -0400 |
767 | + |
768 | cryptsetup (2:2.0.3-6) unstable; urgency=medium |
769 | |
770 | * debian/TODO.md: Remove mention of parent device detection for mdadm |
771 | @@ -1258,6 +1852,45 @@ cryptsetup (2:2.0.3-1) unstable; urgency=medium |
772 | |
773 | -- Jonas Meurer <jonas@freesources.org> Fri, 15 Jun 2018 15:32:16 +0200 |
774 | |
775 | +cryptsetup (2:2.0.2-1ubuntu3) cosmic; urgency=medium |
776 | + |
777 | + * No-change rebuild against libargon2-1 |
778 | + |
779 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 10 Jul 2018 17:01:23 +0000 |
780 | + |
781 | +cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium |
782 | + |
783 | + * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox |
784 | + compatibility. LP: #1651818 |
785 | + |
786 | + -- Dimitri John Ledkov 🌈 <xnox@ubuntu.com> Thu, 21 Jun 2018 16:38:31 +0100 |
787 | + |
788 | +cryptsetup (2:2.0.2-1ubuntu1) bionic; urgency=low |
789 | + |
790 | + * Merge from Debian unstable. |
791 | + - bugfix upstream release, which solves problems with luks2 format |
792 | + disks not unlocking. LP: #1755322. |
793 | + * Remaining changes: |
794 | + - debian/control: |
795 | + + Depend on plymouth. |
796 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
797 | + is the one we ship in main as part of the ubuntu-standard task. |
798 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
799 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
800 | + - Drop c99 std, as the default is now higher than that |
801 | + - Drop upstart system jobs. |
802 | + - Add maintscript to drop removed upstart system jobs. |
803 | + - debian has its own now, but we have different version numbers. |
804 | + this delta can be dropped after 18.04 release. |
805 | + - Drop the CRYPTSETUP variable warning from the initramfs hook, as |
806 | + overlayroot package ships a dropin in conf-hooks.d triggering false |
807 | + warnings. |
808 | + * Dropped changes: |
809 | + - debian/cryptdisks{,-udev}.maintscript: drop, there is no package named |
810 | + 'cryptdisks' or 'cryptdisks-udev'. |
811 | + |
812 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 06 Apr 2018 10:23:53 -0700 |
813 | + |
814 | cryptsetup (2:2.0.2-1) unstable; urgency=low |
815 | |
816 | * New upstream release 2.0.2 |
817 | @@ -1287,6 +1920,40 @@ cryptsetup (2:2.0.1-1) unstable; urgency=low |
818 | |
819 | -- Guilhem Moulin <guilhem@debian.org> Sun, 11 Feb 2018 00:02:05 +0100 |
820 | |
821 | +cryptsetup (2:2.0.1-0ubuntu2) bionic; urgency=medium |
822 | + |
823 | + * Drop the CRYPTSETUP variable warning from the initramfs hook, as |
824 | + overlayroot package ships a dropin in conf-hooks.d triggering false |
825 | + warnings. |
826 | + |
827 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Thu, 22 Feb 2018 14:49:16 +0000 |
828 | + |
829 | +cryptsetup (2:2.0.1-0ubuntu1) bionic; urgency=medium |
830 | + |
831 | + * Merge from Debian unstable. Remaining changes: |
832 | + - debian/control: |
833 | + + Depend on plymouth. |
834 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
835 | + is the one we ship in main as part of the ubuntu-standard task. |
836 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
837 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
838 | + - Drop c99 std, as the default is now higher than that |
839 | + - Drop upstart system jobs. |
840 | + - Add maintscript to drop removed upstart system jobs. |
841 | + - debian has its own now, but we have different version numbers |
842 | + * New upstream release |
843 | + * Cherry-pick Guilhem Moulin's changes below from Debian git |
844 | + |
845 | + [ Guilhem Moulin ] |
846 | + * New upstream release 2.0.1: |
847 | + - Use /run/cryptsetup as default for cryptsetup locking dir. |
848 | + - Add missing symbols for new functions to debian/libcryptsetup12.symbols. |
849 | + * debian/copyright: update copyright years. |
850 | + * debian/patches: backport upstream's 8728ba08 to fix opening of loop-AES |
851 | + devices using --key-file=-. (Closes: #888162.) |
852 | + |
853 | + -- Julian Andres Klode <juliank@ubuntu.com> Mon, 29 Jan 2018 13:48:55 +0100 |
854 | + |
855 | cryptsetup (2:2.0.0-1) unstable; urgency=low |
856 | |
857 | [ Guilhem Moulin ] |
858 | @@ -1336,6 +2003,26 @@ cryptsetup (2:2.0.0~rc0-1) experimental; urgency=low |
859 | |
860 | -- Guilhem Moulin <guilhem@debian.org> Tue, 03 Oct 2017 03:37:36 +0200 |
861 | |
862 | +cryptsetup (2:1.7.5-1ubuntu1) bionic; urgency=low |
863 | + |
864 | + * Merge from Debian unstable. Remaining changes: |
865 | + - debian/control: |
866 | + + Depend on plymouth. |
867 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
868 | + is the one we ship in main as part of the ubuntu-standard task. |
869 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
870 | + - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
871 | + - Drop c99 std, as the default is now higher than that |
872 | + - Drop upstart system jobs. |
873 | + - Add maintscript to drop removed upstart system jobs. |
874 | + * Merged upstream: |
875 | + - d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat |
876 | + with recent FIPS enabled kernels. |
877 | + * Merged in Debian: |
878 | + - Use DEB_VERSION from dpkg/default.mk for pod2man release variable |
879 | + |
880 | + -- Julian Andres Klode <juliank@ubuntu.com> Wed, 17 Jan 2018 21:39:10 +0100 |
881 | + |
882 | cryptsetup (2:1.7.5-1) unstable; urgency=low |
883 | |
884 | * New upstream release 1.7.5. |
885 | @@ -1358,6 +2045,25 @@ cryptsetup (2:1.7.5-1) unstable; urgency=low |
886 | |
887 | -- Guilhem Moulin <guilhem@debian.org> Thu, 14 Sep 2017 13:00:23 +0200 |
888 | |
889 | +cryptsetup (2:1.7.3-4ubuntu1) artful; urgency=low |
890 | + |
891 | + * New upstream release, merge from Debian unstable. Remaining |
892 | + Ubuntu changes: |
893 | + - debian/control: |
894 | + + Depend on plymouth. |
895 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
896 | + is the one we ship in main as part of the ubuntu-standard task. |
897 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
898 | + * d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat |
899 | + with recent FIPS enabled kernels. |
900 | + * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE |
901 | + * Drop c99 std, as the default is now higher than that |
902 | + * Use DEB_VERSION from dpkg/default.mk for pod2man release variable |
903 | + * Drop upstart system jobs. |
904 | + * Add maintscript to drop removed upstart system jobs. |
905 | + |
906 | + -- Andy Whitcroft <apw@ubuntu.com> Thu, 10 Aug 2017 14:07:29 +0100 |
907 | + |
908 | cryptsetup (2:1.7.3-4) unstable; urgency=high |
909 | |
910 | [ Guilhem Moulin ] |
911 | @@ -1570,6 +2276,40 @@ cryptsetup (2:1.7.2-1) unstable; urgency=medium |
912 | |
913 | -- Jonas Meurer <mejo@debian.org> Wed, 05 Oct 2016 20:53:09 +0200 |
914 | |
915 | +cryptsetup (2:1.7.2-0ubuntu4) artful; urgency=medium |
916 | + |
917 | + * Add maintscript to drop removed upstart system jobs. |
918 | + |
919 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 21 Aug 2017 11:36:04 +0100 |
920 | + |
921 | +cryptsetup (2:1.7.2-0ubuntu3) artful; urgency=medium |
922 | + |
923 | + * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCe |
924 | + * Drop c99 std, as the default is now higher than that |
925 | + * Use DEB_VERSION from dpkg/default.mk for pod2man release variable |
926 | + |
927 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 19 Aug 2017 21:46:19 +0100 |
928 | + |
929 | +cryptsetup (2:1.7.2-0ubuntu2) artful; urgency=medium |
930 | + |
931 | + * Drop upstart system jobs. |
932 | + |
933 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Sat, 19 Aug 2017 20:57:17 +0100 |
934 | + |
935 | +cryptsetup (2:1.7.2-0ubuntu1) yakkety; urgency=medium |
936 | + |
937 | + * New upstream release, merge from Debian unstable (LP: #1548137). Remaining |
938 | + Ubuntu changes: |
939 | + - debian/control: |
940 | + + Bump initramfs-tools Suggests to Depends: so system is not |
941 | + potentially rendered unbootable. |
942 | + + Depend on plymouth. |
943 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
944 | + is the one we ship in main as part of the ubuntu-standard task. |
945 | + + Drop explicit libgcrypt20 dependency from libcryptsetup4. |
946 | + |
947 | + -- Unit 193 <unit193@ubuntu.com> Wed, 22 Jun 2016 16:30:01 -0400 |
948 | + |
949 | cryptsetup (2:1.7.0-2) unstable; urgency=medium |
950 | |
951 | [ Guilhem Moulin ] |
952 | @@ -1644,6 +2384,35 @@ cryptsetup (2:1.7.0-1) unstable; urgency=medium |
953 | |
954 | -- Jonas Meurer <mejo@debian.org> Thu, 07 Jan 2016 02:22:33 +0100 |
955 | |
956 | +cryptsetup (2:1.6.6-5ubuntu2) wily; urgency=medium |
957 | + |
958 | + * Fix stupid typo in Recommends "busybox | busybox-static" inversion. |
959 | + Fixes binary moves for busybox into main. |
960 | + |
961 | + -- Andy Whitcroft <apw@ubuntu.com> Fri, 21 Aug 2015 08:56:34 +0100 |
962 | + |
963 | +cryptsetup (2:1.6.6-5ubuntu1) wily; urgency=low |
964 | + |
965 | + * Merge from Debian unstable. Remaining changes: |
966 | + - debian/control: |
967 | + + Bump initramfs-tools Suggests to Depends: so system is not |
968 | + potentially rendered unbootable. |
969 | + + Depend on plymouth. |
970 | + + Invert the "busybox | busybox-static" Recommends, as the latter |
971 | + is the one we ship in main as part of the ubuntu-standard task. |
972 | + + Drop explicit libgcrypt11 dependency from libcryptsetup4. |
973 | + * Dropped changes, now in Debian: |
974 | + - Remove hardcoded paths to udevadm. |
975 | + - debian/initramfs/cryptroot-hook: |
976 | + + Do not unconditionally include cryptsetup utils in the initramfs. |
977 | + + Do not include any modules or utils in the initramfs, unless |
978 | + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in |
979 | + the initramfs.conf configuration file. |
980 | + - debian/cryptsetup.maintscripts: |
981 | + + Migrate upstart jobs to new names. |
982 | + |
983 | + -- Andy Whitcroft <apw@ubuntu.com> Tue, 07 Jul 2015 16:58:45 +0100 |
984 | + |
985 | cryptsetup (2:1.6.6-5) unstable; urgency=high |
986 | |
987 | * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart |
988 | @@ -1796,6 +2565,71 @@ cryptsetup (2:1.6.4-1) unstable; urgency=low |
989 | |
990 | -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:14:55 +0200 |
991 | |
992 | +cryptsetup (2:1.6.1-1ubuntu7) vivid; urgency=medium |
993 | + |
994 | + * Drop explicit libgcrypt11 dependency from libcryptsetup4. |
995 | + |
996 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 27 Mar 2015 18:24:38 -0600 |
997 | + |
998 | +cryptsetup (2:1.6.1-1ubuntu6) vivid; urgency=medium |
999 | + |
1000 | + * No-change rebuild for the libgcrypt20 transition. |
1001 | + |
1002 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 27 Mar 2015 06:16:08 -0600 |
1003 | + |
1004 | +cryptsetup (2:1.6.1-1ubuntu5) vivid; urgency=medium |
1005 | + |
1006 | + * ./debian/scripts/luksformat: Drop luksFormat -s and --ciper options. They |
1007 | + aren't necessary any more, and aes-cbc-essiv:sha256 is obsolete. This will |
1008 | + now use aes-xts-plain64 by default. (LP: #1414719) |
1009 | + |
1010 | + -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 27 Feb 2015 09:37:05 +0100 |
1011 | + |
1012 | +cryptsetup (2:1.6.1-1ubuntu4) vivid; urgency=medium |
1013 | + |
1014 | + * No change rebuild to get debug symbols for all architectures. |
1015 | + |
1016 | + -- Brian Murray <brian@ubuntu.com> Wed, 03 Dec 2014 08:03:31 -0800 |
1017 | + |
1018 | +cryptsetup (2:1.6.1-1ubuntu3) utopic; urgency=high |
1019 | + |
1020 | + * No change rebuild against new dh_installinit, to call update-rc.d at |
1021 | + postinst. |
1022 | + |
1023 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 28 May 2014 10:39:30 +0100 |
1024 | + |
1025 | +cryptsetup (2:1.6.1-1ubuntu2) utopic; urgency=medium |
1026 | + |
1027 | + * debian/askpass.c: |
1028 | + - Fix bug (LP: #1301086) where askpass fails to restore terminal |
1029 | + settings. |
1030 | + |
1031 | + -- Robert Barabas <dc@0xdc.org> Fri, 18 Apr 2014 14:08:51 -0400 |
1032 | + |
1033 | +cryptsetup (2:1.6.1-1ubuntu1) trusty; urgency=low |
1034 | + |
1035 | + * Merge from debian unstable, remaining changes: |
1036 | + - debian/control: |
1037 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1038 | + potentially rendered unbootable. |
1039 | + + Depend on plymouth. |
1040 | + |
1041 | + - Invert the "busybox | busybox-static" Recommends, as the latter is |
1042 | + the one we ship in main as part of the ubuntu-standard task. |
1043 | + |
1044 | + - Remove hardcoded paths to udevadm (LP: #1184066). |
1045 | + |
1046 | + - debian/initramfs/cryptroot-hook: |
1047 | + + Do not unconditionally include cryptsetup utils in the initramfs. |
1048 | + + Do not include any modules or utils in the initramfs, unless |
1049 | + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in |
1050 | + the initramfs.conf configuration file. |
1051 | + |
1052 | + - debian/cryptsetup.maintscripts: |
1053 | + + Migrate upstart jobs to new names. |
1054 | + |
1055 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Fri, 01 Nov 2013 16:48:57 +0000 |
1056 | + |
1057 | cryptsetup (2:1.6.1-1) unstable; urgency=low |
1058 | |
1059 | [ Milan Broz ] |
1060 | @@ -1837,6 +2671,50 @@ cryptsetup (2:1.6.1-1) unstable; urgency=low |
1061 | |
1062 | -- Jonas Meurer <mejo@debian.org> Fri, 28 Jun 2013 12:10:41 +0200 |
1063 | |
1064 | +cryptsetup (2:1.4.3-4ubuntu4) saucy; urgency=low |
1065 | + |
1066 | + * debian/initramfs/cryptroot-hook: |
1067 | + - Do not unconditionally include cryptsetup utils in the initramfs. |
1068 | + - Do not include any modules or utils in the initramfs, unless |
1069 | + rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in |
1070 | + the initramfs.conf configuration file. |
1071 | + |
1072 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Mon, 10 Jun 2013 16:25:46 +0100 |
1073 | + |
1074 | +cryptsetup (2:1.4.3-4ubuntu3) saucy; urgency=low |
1075 | + |
1076 | + * Remove hardcoded paths to udevadm (LP: #1184066). |
1077 | + |
1078 | + -- Colin Watson <cjwatson@ubuntu.com> Tue, 28 May 2013 11:27:27 +0100 |
1079 | + |
1080 | +cryptsetup (2:1.4.3-4ubuntu2) raring; urgency=low |
1081 | + |
1082 | + * Invert the "busybox | busybox-static" Recommends, as the latter |
1083 | + is the one we ship in main as part of the ubuntu-standard task. |
1084 | + |
1085 | + -- Adam Conrad <adconrad@ubuntu.com> Fri, 16 Nov 2012 01:14:35 -0700 |
1086 | + |
1087 | +cryptsetup (2:1.4.3-4ubuntu1) raring; urgency=low |
1088 | + |
1089 | + * Merge from debian unstable, remaining changes: |
1090 | + - debian/control: |
1091 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1092 | + potentially rendered unbootable. |
1093 | + + Depend on plymouth. |
1094 | + |
1095 | + - init/upstart jobs: |
1096 | + + Rename cryptddisks{,-early}.upstart jobs to |
1097 | + cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs |
1098 | + for now. |
1099 | + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1100 | + script a no-op, this should be handled entirely by the upstart job; |
1101 | + and fix the LSB header to not declare this should be started in |
1102 | + runlevel 'S'. |
1103 | + + Do not install start symlinks for init scripts |
1104 | + + NB! shutdown is still handled by the SystemV init scripts |
1105 | + |
1106 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Tue, 13 Nov 2012 11:17:57 +0000 |
1107 | + |
1108 | cryptsetup (2:1.4.3-4) unstable; urgency=medium |
1109 | |
1110 | * change recommends for busybox to busybox | busybox-static. Thanks to |
1111 | @@ -1869,6 +2747,50 @@ cryptsetup (2:1.4.3-3) unstable; urgency=medium |
1112 | |
1113 | -- Jonas Meurer <mejo@debian.org> Thu, 01 Nov 2012 15:34:09 +0100 |
1114 | |
1115 | +cryptsetup (2:1.4.3-2ubuntu1) quantal; urgency=low |
1116 | + |
1117 | + * Merge from debian unstable (LP: #1015753), remaining changes: |
1118 | + - debian/control: |
1119 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1120 | + potentially rendered unbootable. |
1121 | + + Depend on plymouth. |
1122 | + |
1123 | + - init/upstart jobs: |
1124 | + + Add debian/cryptdisks-{enable,udev}.upstart for bootup. |
1125 | + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1126 | + script a no-op, this should be handled entirely by the upstart job; |
1127 | + and fix the LSB header to not declare this should be started in |
1128 | + runlevel 'S'. |
1129 | + + Do not install start symlinks for init scripts |
1130 | + + NB! shutdown is still handled by the SystemV init scripts |
1131 | + |
1132 | + * Rename cryptddisks{,-early}.upstart jobs back to |
1133 | + cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs |
1134 | + for now. |
1135 | + |
1136 | + * Dropped Changes, included in Debian: |
1137 | + - debian/control: |
1138 | + + Split up package in cryptsetup and cryptsetup-bin. (LP: #343363). |
1139 | + |
1140 | + - debian/cryptdisks.functions: |
1141 | + + Do not overwrite existing filesystems when creating swap (LP: #474258). |
1142 | + + Add aesni module when we have hardware encryption. |
1143 | + + Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/874774 |
1144 | + + Suppress "Starting init crypto disks" message in "init" phase, to |
1145 | + avoid writing over fsck progress text. |
1146 | + + new function, crypttab_start_one_disk, to look for the named source |
1147 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1148 | + if configured to do so |
1149 | + + handle the case where crypttab contains a name for the source |
1150 | + device that is not the kernel's preferred name for it (as is the case |
1151 | + for LVs). |
1152 | + |
1153 | + - debian/initramfs/cryptroot-hook: |
1154 | + + Quiet warnings from find on arches that don't have all the |
1155 | + kernel/{arch,crypto} bits we're testing for. |
1156 | + |
1157 | + -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com> Tue, 21 Aug 2012 11:57:28 +0100 |
1158 | + |
1159 | cryptsetup (2:1.4.3-2) unstable; urgency=medium |
1160 | |
1161 | * fix the shared library symbols magic: so far, the symbols file for |
1162 | @@ -1944,6 +2866,64 @@ cryptsetup (2:1.4.1-3) unstable; urgency=low |
1163 | |
1164 | -- Jonas Meurer <mejo@debian.org> Wed, 11 Apr 2012 23:55:35 +0200 |
1165 | |
1166 | +cryptsetup (2:1.4.1-2ubuntu4) precise; urgency=low |
1167 | + |
1168 | + * Our swap creation can trigger udev change events, which means udev may be |
1169 | + holding the device open at the time we try to call 'dmsetup rename' and |
1170 | + cause the /subsequent/ events to be missed because of dmsetup creating |
1171 | + device nodes by hand. So call 'udevadm settle' before 'dmsetup rename', |
1172 | + to ensure blkid is out of the way first. This should ensure swap |
1173 | + partitions are found by mountall in a non-racy manner. LP: #874774. |
1174 | + |
1175 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 13 Apr 2012 20:23:21 -0700 |
1176 | + |
1177 | +cryptsetup (2:1.4.1-2ubuntu3) precise; urgency=low |
1178 | + |
1179 | + * Start cryptdisks-enable upstart job on 'or container', to let us |
1180 | + simplify the udevtrigger job. |
1181 | + |
1182 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 04 Apr 2012 17:02:00 -0700 |
1183 | + |
1184 | +cryptsetup (2:1.4.1-2ubuntu2) precise; urgency=low |
1185 | + |
1186 | + * Split up package in cryptsetup and cryptsetup-bin. (LP: #343363). |
1187 | + * Do not overwrite existing filesystems when creating swap (LP: #474258). |
1188 | + * Add aesni module when we have hardware encryption. |
1189 | + |
1190 | + -- Jean-Louis Dupond <jean-louis@dupond.be> Mon, 12 Mar 2012 10:14:30 +0100 |
1191 | + |
1192 | +cryptsetup (2:1.4.1-2ubuntu1) precise; urgency=low |
1193 | + |
1194 | + [ Jean-Louis Dupond ] |
1195 | + * Merge from debian unstable (LP: #776264), remaining changes: |
1196 | + - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message |
1197 | + in "init" phase, to avoid writing over fsck progress text. |
1198 | + - debian/cryptroot-hook: Quiet warnings from find on arches that |
1199 | + don't have all the kernel/{arch,crypto} bits we're testing for. |
1200 | + - debian/control: |
1201 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1202 | + potentially rendered unbootable. |
1203 | + + Depend on plymouth. |
1204 | + - Add debian/cryptdisks-{enable,udev}.upstart. |
1205 | + - debian/cryptdisks.functions: |
1206 | + + new function, crypttab_start_one_disk, to look for the named source |
1207 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1208 | + if configured to do so |
1209 | + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1210 | + script a no-op, this should be handled entirely by the upstart job; |
1211 | + and fix the LSB header to not declare this should be started in |
1212 | + runlevel 'S' |
1213 | + - debian/rules: |
1214 | + + Do not install start symlinks for init scripts, and |
1215 | + install debian/cryptdisks-{enable,udev}.upstart scripts. |
1216 | + |
1217 | + [ Steve Langasek ] |
1218 | + * debian/cryptdisks.functions: handle the case where crypttab contains a |
1219 | + name for the source device that is not the kernel's preferred name for |
1220 | + it (as is the case for LVs). |
1221 | + |
1222 | + -- Jean-Louis Dupond <jean-louis@dupond.be> Thu, 08 Mar 2012 07:32:40 +0100 |
1223 | + |
1224 | cryptsetup (2:1.4.1-2) unstable; urgency=low |
1225 | |
1226 | * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182) |
1227 | @@ -2153,6 +3133,56 @@ cryptsetup (2:1.2.0-1) experimental; urgency=low |
1228 | |
1229 | -- Jonas Meurer <mejo@debian.org> Sun, 16 Jan 2011 01:01:03 +0100 |
1230 | |
1231 | +cryptsetup (2:1.1.3-4ubuntu3) precise; urgency=low |
1232 | + |
1233 | + [ Pali Rohar ] |
1234 | + * debian/cryptdisks.functions: Suppress "Starting init crypto disks" message |
1235 | + in "init" phase, to avoid writing over fsck progress text. |
1236 | + |
1237 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 26 Oct 2011 09:16:15 +0200 |
1238 | + |
1239 | +cryptsetup (2:1.1.3-4ubuntu2) oneiric; urgency=low |
1240 | + |
1241 | + * debian/cryptroot-hook: Quiet warnings from find on arches that |
1242 | + don't have all the kernel/{arch,crypto} bits we're testing for. |
1243 | + |
1244 | + -- Adam Conrad <adconrad@ubuntu.com> Sat, 01 Oct 2011 00:33:00 -0600 |
1245 | + |
1246 | +cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low |
1247 | + |
1248 | + * Merge from debian unstable (LP: #682177), remaining changes: |
1249 | + - debian/control: |
1250 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1251 | + potentially rendered unbootable. |
1252 | + + Depend on plymouth. |
1253 | + - Add debian/cryptdisks-{enable,udev}.upstart. |
1254 | + - debian/cryptdisks.functions: |
1255 | + + new function, crypttab_start_one_disk, to look for the named source |
1256 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1257 | + if configured to do so |
1258 | + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure |
1259 | + we only ever have one of these running at a time; otherwise multiple |
1260 | + invocations could steal each other's input and/or write over each |
1261 | + other's output |
1262 | + + when called by cryptdisks-enable, check that we don't already have a |
1263 | + corresponding cryptdisks-udev job running (probably waiting for a |
1264 | + passphrase); if there is, wait until it's finished before continuing. |
1265 | + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1266 | + script a no-op, this should be handled entirely by the upstart job; |
1267 | + and fix the LSB header to not declare this should be started in |
1268 | + runlevel 'S' |
1269 | + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on |
1270 | + upgrade. |
1271 | + - debian/rules: |
1272 | + + Do not install start symlinks for init scripts, and |
1273 | + install debian/cryptdisks-{enable,udev}.upstart scripts. |
1274 | + + link dynamically against libgcrypt and libgpg-error. |
1275 | + - Add debian/cryptsetup.apport: Apport package hook. Install in |
1276 | + debian/rules and create dir in debian/cryptsetup.dirs. |
1277 | + - debian/cryptsetup.postrm: call update-initramfs on package removal. |
1278 | + |
1279 | + -- Lorenzo De Liso <blackz@ubuntu.com> Sat, 27 Nov 2010 17:37:43 +0100 |
1280 | + |
1281 | cryptsetup (2:1.1.3-4) unstable; urgency=high |
1282 | |
1283 | * bump standards-version to 3.9.1, no changes required |
1284 | @@ -2258,6 +3288,69 @@ cryptsetup (2:1.1.3-1) unstable; urgency=low |
1285 | |
1286 | -- Jonas Meurer <mejo@debian.org> Sat, 10 Jul 2010 14:32:40 +0200 |
1287 | |
1288 | +cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low |
1289 | + |
1290 | + * Merge from Debian unstable (LP: #594365). Remaining changes: |
1291 | + - debian/control: |
1292 | + + Bump initramfs-tools Suggests to Depends: so system is not |
1293 | + potentially rendered unbootable. |
1294 | + + Depend on plymouth. |
1295 | + - Add debian/cryptdisks-{enable,udev}.upstart. |
1296 | + - debian/cryptdisks.functions: |
1297 | + + new function, crypttab_start_one_disk, to look for the named source |
1298 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1299 | + if configured to do so |
1300 | + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure |
1301 | + we only ever have one of these running at a time; otherwise multiple |
1302 | + invocations could steal each other's input and/or write over each |
1303 | + other's output |
1304 | + + initially create the device under a temporary name and rename it only |
1305 | + at the end using 'dmsetup rename', to ensure that upstart/mountall |
1306 | + doesn't see our device before it's ready to go. |
1307 | + + do_tmp should mount under /var/run/cryptsetup for changing the |
1308 | + permissions of the filesystem root, not directly on /tmp, since |
1309 | + mounting on /tmp a) is racy, b) confuses mountall something fierce. |
1310 | + + when called by cryptdisks-enable, check that we don't already have a |
1311 | + corresponding cryptdisks-udev job running (probably waiting for a |
1312 | + passphrase); if there is, wait until it's finished before continuing. |
1313 | + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1314 | + script a no-op, this should be handled entirely by the upstart job; |
1315 | + and fix the LSB header to not declare this should be started in |
1316 | + runlevel 'S' |
1317 | + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on |
1318 | + upgrade. |
1319 | + - debian/rules: Do not install start symlinks for init scripts, and |
1320 | + install debian/cryptdisks-{enable,udev}.upstart scripts. |
1321 | + - Add debian/cryptsetup.apport: Apport package hook. Install in |
1322 | + debian/rules and create dir in debian/cryptsetup.dirs. |
1323 | + - debian/rules: link dynamically against libgcrypt and libgpg-error. |
1324 | + - debian/cryptsetup.postrm: call update-initramfs on package removal. |
1325 | + * Dropped changes, merged/superseded in Debian: |
1326 | + - Add ext4 support to passdev. |
1327 | + - cryptroot-hook: don't call copy_modules_dir with empty arguments when |
1328 | + archcrypto isn't found |
1329 | + - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into |
1330 | + the initramfs. |
1331 | + - change interaction to use plymouth directly if present, and if not, to |
1332 | + fall back to /lib/cryptsetup/askpass as before |
1333 | + - cryptdisks.functions: replace 'echo -e' bashism with 'printf'. |
1334 | + - debian/initramfs/cryptroot-script: if plymouth is present in the |
1335 | + initramfs, use this directly, bypassing the cryptsetup askpass script |
1336 | + - debian/initramfs/cryptroot-hook: Properly anchor our regexps when |
1337 | + grepping /etc/crypttab so that we don't incorrectly match device names |
1338 | + that are substrings of one another. |
1339 | + - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot |
1340 | + file descriptor to subprocesses. |
1341 | + - Fix grammar error in debian/initramfs/cryptroot-script |
1342 | + ("setup" -> "set up") |
1343 | + - debian/initramfs/cryptroot-script: Fix this to work with current |
1344 | + initramfs-tools: |
1345 | + + Source /scripts/functions after checking for prerequisites. |
1346 | + + prereqs(): Do not assume we are running within initramfs, and |
1347 | + calculate relative path correctly. |
1348 | + |
1349 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 14 Jun 2010 21:47:28 -0700 |
1350 | + |
1351 | cryptsetup (2:1.1.2-1) unstable; urgency=low |
1352 | |
1353 | * new upstream release, changes include: |
1354 | @@ -2375,6 +3468,171 @@ cryptsetup (2:1.1.0-1) unstable; urgency=low |
1355 | |
1356 | -- Jonas Meurer <mejo@debian.org> Mon, 08 Mar 2010 14:15:35 +0100 |
1357 | |
1358 | +cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low |
1359 | + |
1360 | + [ David Stansby ] |
1361 | + * Fix grammar error in debian/initramfs/cryptroot-script |
1362 | + ("setup" -> "set up") (LP: #578896) |
1363 | + |
1364 | + -- James Westby <james.westby@ubuntu.com> Mon, 17 May 2010 13:33:40 +0100 |
1365 | + |
1366 | +cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low |
1367 | + |
1368 | + * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot |
1369 | + file descriptor to subprocesses. |
1370 | + |
1371 | + -- Colin Watson <cjwatson@ubuntu.com> Mon, 29 Mar 2010 22:18:36 +0100 |
1372 | + |
1373 | +cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low |
1374 | + |
1375 | + * debian/initramfs/cryptroot-hook: Properly anchor our regexps when |
1376 | + grepping /etc/crypttab so that we don't incorrectly match device names |
1377 | + that are substrings of one another. |
1378 | + * debian/cryptdisks-{enable,udev}.conf, debian/control: drop |
1379 | + 'console output' and add a hard dependency on plymouth instead of |
1380 | + watershed, to avoid spitting extra messages to the console. |
1381 | + |
1382 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 18 Feb 2010 06:19:19 -0800 |
1383 | + |
1384 | +cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low |
1385 | + |
1386 | + * Set FRAMEBUFFER=y in the file that we actually ship. |
1387 | + * debian/cryptsetup.postrm: call update-initramfs on package removal. |
1388 | + LP: #468228. |
1389 | + |
1390 | + -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 25 Jan 2010 03:07:52 -0800 |
1391 | + |
1392 | +cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low |
1393 | + |
1394 | + * cryptdisks.functions: replace 'echo -e' bashism with 'printf'. |
1395 | + * cryptdisks.functions: when called by cryptdisks-enable, check that we |
1396 | + don't already have a corresponding cryptdisks-udev job running (probably |
1397 | + waiting for a passphrase); if there is, wait until it's finished before |
1398 | + continuing. |
1399 | + |
1400 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 21 Jan 2010 14:57:21 +0000 |
1401 | + |
1402 | +cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low |
1403 | + |
1404 | + * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the |
1405 | + initramfs. |
1406 | + * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the |
1407 | + invocation of plymouth, so that we actually get proper passphrase prompts |
1408 | + (once bug #496765 is fixed). |
1409 | + |
1410 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 16 Jan 2010 02:32:41 -0800 |
1411 | + |
1412 | +cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low |
1413 | + |
1414 | + * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for |
1415 | + changing the permissions of the filesystem root, not directly on /tmp, |
1416 | + since mounting on /tmp a) is racy, b) confuses mountall something fierce. |
1417 | + LP: #475936. |
1418 | + |
1419 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 22 Dec 2009 20:24:28 +0000 |
1420 | + |
1421 | +cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low |
1422 | + |
1423 | + * Depend on watershed. |
1424 | + |
1425 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 22 Dec 2009 01:37:36 +0000 |
1426 | + |
1427 | +cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low |
1428 | + |
1429 | + [ Steve Langasek ] |
1430 | + * Fix the LSB header in the init scripts, now that we don't install to |
1431 | + rcS.d. |
1432 | + |
1433 | + [ Martin Pitt ] |
1434 | + * debian/initramfs/cryptroot-script: Fix this to work with current |
1435 | + initramfs-tools: |
1436 | + - Source /scripts/functions after checking for prerequisites. |
1437 | + - prereqs(): Do not assume we are running within initramfs, and calculate |
1438 | + relative path correctly. |
1439 | + |
1440 | + -- Martin Pitt <martin.pitt@ubuntu.com> Fri, 18 Dec 2009 17:07:07 +0100 |
1441 | + |
1442 | +cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low |
1443 | + |
1444 | + * Rename the upstart job introduced in the previous upload to |
1445 | + cryptdisks-udev and restore the previous version of the job as |
1446 | + cryptdisks-enable, to run at the end of udev coldplugging as before; |
1447 | + this isn't entirely race-free, but should nevertheless give us the |
1448 | + two passes needed to cover devices that are decrypted using keys stored |
1449 | + on other encrypted disks. LP: #443980. |
1450 | + |
1451 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 16 Dec 2009 06:41:30 +0000 |
1452 | + |
1453 | +cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low |
1454 | + |
1455 | + [ Steve Langasek ] |
1456 | + * debian/initramfs/cryptroot-script: if plymouth is present in the |
1457 | + initramfs, use this directly, bypassing the cryptsetup askpass script; |
1458 | + but keep support for these other frontends around on a transitional |
1459 | + basis. |
1460 | + * debian/cryptdisks.functions: |
1461 | + - change interaction to use plymouth directly if present, and if not, to |
1462 | + fall back to /lib/cryptsetup/askpass as before |
1463 | + - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure |
1464 | + we only ever have one of these running at a time; otherwise multiple |
1465 | + invocations could steal each other's input and/or write over each |
1466 | + other's output |
1467 | + - new function, crypttab_start_one_disk, to look for the named source |
1468 | + device in /etc/crypttab (by device name, UUID, or label) and start it |
1469 | + if configured to do so |
1470 | + * debian/cryptdisks-enable.upstart: run the upstart job once for each block |
1471 | + device, using the new crypttab_start_one_disk function, triggered by udev; |
1472 | + this doesn't eliminate the possibility of a race with gdm when the |
1473 | + decrypted volume isn't a 'bootwait' mount point (since gdm kills |
1474 | + plymouth), but it does eliminate the race between udev and cryptsetup. |
1475 | + LP: #454898. |
1476 | + * debian/cryptdisks-enable.upstart: check that the package is installed |
1477 | + and exit gracefully if it's not. LP: #435814 |
1478 | + * debian/cryptdisk.functions: initially create the device under a temporary |
1479 | + name and rename it only at the end using 'dmsetup rename', to ensure that |
1480 | + upstart/mountall doesn't see our device before it's ready to go. |
1481 | + LP: #475936. |
1482 | + |
1483 | + [ Colin Watson ] |
1484 | + * Add ext4 support to passdev. |
1485 | + |
1486 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 15 Dec 2009 18:05:45 -0800 |
1487 | + |
1488 | +cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low |
1489 | + |
1490 | + * cryptroot-hook: Use if [ -n … ] instead of if ! test -z …. |
1491 | + |
1492 | + -- Loïc Minier <loic.minier@ubuntu.com> Sat, 12 Dec 2009 11:32:52 +0100 |
1493 | + |
1494 | +cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low |
1495 | + |
1496 | + * cryptroot-hook: dont call copy_modules_dir with empty arguments when |
1497 | + archcrypto isnt found (LP: #495161) |
1498 | + |
1499 | + -- Oliver Grawert <ogra@ubuntu.com> Fri, 11 Dec 2009 14:39:00 +0100 |
1500 | + |
1501 | +cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low |
1502 | + |
1503 | + * Merge with Debian testing. Remaining Ubuntu changes: |
1504 | + - debian/rules: cryptsetup is linked dynamically against libgcrypt and |
1505 | + libgpg-error. |
1506 | + - Upstart migration: |
1507 | + + Add debian/cryptdisks-enable.upstart. |
1508 | + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init |
1509 | + script a no-op, this should be handled entirely by the upstart job. |
1510 | + (LP #473615) |
1511 | + + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on |
1512 | + upgrade. |
1513 | + + debian/rules: Do not install start symlinks for those two, and install |
1514 | + debian/cryptdisks-enable.upstart scripts. |
1515 | + - Add debian/cryptsetup.apport: Apport package hook. Install in |
1516 | + debian/rules, and create dir in debian/cryptsetup.dirs. |
1517 | + - Start usplash in initramfs, since we need it for fancy passphrase input: |
1518 | + + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y |
1519 | + + debian/control: Bump initramfs-tools Suggests to Depends:. |
1520 | + |
1521 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 11 Nov 2009 15:04:27 +0100 |
1522 | + |
1523 | cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low |
1524 | |
1525 | * new upstream release candidate (1.1.0-rc2), highlights include: |
1526 | @@ -2548,6 +3806,80 @@ cryptsetup (2:1.0.7~rc1-1) unstable; urgency=low |
1527 | |
1528 | -- Jonas Meurer <mejo@debian.org> Sat, 04 Jul 2009 15:52:06 +0200 |
1529 | |
1530 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low |
1531 | + |
1532 | + [ Steve Langasek ] |
1533 | + * Make the 'start' action of the init script a no-op, this should be |
1534 | + handled entirely by the upstart job now; and remove any symlinks from |
1535 | + /etc/rcS.d on upgrade. LP: #473615. |
1536 | + |
1537 | + [ Reinhard Tartler ] |
1538 | + * Add an apport hook |
1539 | + * import the blkid and un_blkid from debian, LP: #446517 |
1540 | + * also use this script by default (setting in /etc/default/cryptdisks) |
1541 | + |
1542 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 04 Nov 2009 12:06:47 +0000 |
1543 | + |
1544 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low |
1545 | + |
1546 | + * Reupload previous version, siretart had left changes in bzr which |
1547 | + weren't documented in the changelog and caused FTBFS. |
1548 | + |
1549 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 14 Oct 2009 13:57:59 +0100 |
1550 | + |
1551 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low |
1552 | + |
1553 | + [ Steve Langasek ] |
1554 | + * Move the Debian Vcs- fields aside. |
1555 | + |
1556 | + [ Scott James Remnant ] |
1557 | + * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy, |
1558 | + cryptsetup should not need a controlling terminal, just a terminal |
1559 | + is fine. May fix LP: #439138. |
1560 | + |
1561 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 14 Oct 2009 04:52:16 +0100 |
1562 | + |
1563 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low |
1564 | + |
1565 | + * debian/cryptdisks-enable.upstart: Things that often help include |
1566 | + not setting stdin/out to /dev/null, so you can actually type the |
1567 | + passphrase. I am an idiot. LP: #430496. |
1568 | + |
1569 | + -- Scott James Remnant <scott@ubuntu.com> Thu, 17 Sep 2009 17:58:01 +0100 |
1570 | + |
1571 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low |
1572 | + |
1573 | + * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted |
1574 | + disks once we've finished probing for udev devices, so that mountall |
1575 | + can use them. LP: #430496. |
1576 | + |
1577 | + -- Scott James Remnant <scott@ubuntu.com> Thu, 17 Sep 2009 00:04:00 +0100 |
1578 | + |
1579 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low |
1580 | + |
1581 | + * debian/initramfs/cryptroot-conf: declare that we want usplash included |
1582 | + in the initramfs whenever this package is installed. LP: #427356. |
1583 | + |
1584 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 15 Sep 2009 08:43:15 -0700 |
1585 | + |
1586 | +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low |
1587 | + |
1588 | + * Merge from debian unstable, remaining changes: |
1589 | + - Ubuntu specific: |
1590 | + + debian/rules: link dynamically for better security supportability and |
1591 | + smaller packages. |
1592 | + + debian/control: Depend on initramfs-tools so system is not potentially |
1593 | + rendered unbootable. |
1594 | + - debian/initramfs/cryptroot-script wait for encrypted device to appear, |
1595 | + report with log_*_msg (debian bug 488271). |
1596 | + - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL |
1597 | + correlation between fstab and crypttab (debian bug 522041). |
1598 | + - debian/askpass.c, debian/initramfs/cryptroot-script: using newline |
1599 | + escape in passphrase prompt to avoid line-wrapping (debian bug 528133). |
1600 | + * Drop 04_fix_udevsettle_call.patch: fixed upstream differently. |
1601 | + |
1602 | + -- Kees Cook <kees@ubuntu.com> Sun, 10 May 2009 17:29:32 -0700 |
1603 | + |
1604 | cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low |
1605 | |
1606 | * New upstream svn snapshot. Highlights include: |
1607 | @@ -2589,6 +3921,67 @@ cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low |
1608 | |
1609 | -- Jonas Meurer <mejo@debian.org> Mon, 06 Apr 2009 08:49:14 +0200 |
1610 | |
1611 | +cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low |
1612 | + |
1613 | + * debian/control: Depend on initramfs-tools so system is not potentially |
1614 | + rendered unbootable (LP: #358654). |
1615 | + |
1616 | + -- Kees Cook <kees@ubuntu.com> Thu, 09 Apr 2009 12:29:31 -0700 |
1617 | + |
1618 | +cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low |
1619 | + |
1620 | + * debian/initramfs/cryptroot-script: we don't require vol_id to understand |
1621 | + the encrypted device, but we should check the device is fully up first |
1622 | + before continuing by calling udevadm settle. LP: #291752. |
1623 | + |
1624 | + -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 07 Mar 2009 21:39:14 -0800 |
1625 | + |
1626 | +cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low |
1627 | + |
1628 | + * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation |
1629 | + between fstab and crypttab (LP: #287879). |
1630 | + |
1631 | + -- TJ <ubuntu@tjworld.net> Mon, 16 Feb 2009 23:00:00 +0000 |
1632 | + |
1633 | +cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low |
1634 | + |
1635 | + * debian/askpass.c: also handle newline escape code in console prompt. |
1636 | + |
1637 | + -- Kees Cook <kees@ubuntu.com> Sun, 15 Feb 2009 08:57:05 -0800 |
1638 | + |
1639 | +cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low |
1640 | + |
1641 | + [ https://launchpad.net/~svenkata ] |
1642 | + * debian/checks/un_vol_id: dynamically build the "unknown volume type" |
1643 | + string, to allow for encrypted swap, LP: #316607 |
1644 | + |
1645 | + -- Dustin Kirkland <kirkland@ubuntu.com> Thu, 12 Feb 2009 16:57:30 -0600 |
1646 | + |
1647 | +cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low |
1648 | + |
1649 | + * debian/askpass.c: handle newline escape code in password prompt. |
1650 | + * debian/initramfs/cryptroot-script: add newline to split cryptroot |
1651 | + password prompt onto two lines for readability (LP: #326900). |
1652 | + |
1653 | + -- Kees Cook <kees@ubuntu.com> Sun, 08 Feb 2009 07:26:01 -0800 |
1654 | + |
1655 | +cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low |
1656 | + |
1657 | + * Merge from debian unstable, remaining changes: |
1658 | + - debian/initramfs/cryptroot-script: |
1659 | + - must source /scripts/functions to get the log_*_msg() functions. |
1660 | + - wait for encrypted device to show up (LP 164044, 291752). |
1661 | + - disable error message 'failed to setup lvm device' (LP 151532). |
1662 | + - debian/rules: |
1663 | + - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is |
1664 | + in Debian unstable). |
1665 | + - link dynamically (LP 62751). |
1666 | + - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle. |
1667 | + * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's |
1668 | + version is higher now. |
1669 | + |
1670 | + -- Kees Cook <kees@ubuntu.com> Tue, 06 Jan 2009 13:00:16 -0800 |
1671 | + |
1672 | cryptsetup (2:1.0.6-7) unstable; urgency=medium |
1673 | |
1674 | * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE |
1675 | @@ -2633,6 +4026,38 @@ cryptsetup (2:1.0.6-7) unstable; urgency=medium |
1676 | |
1677 | -- Jonas Meurer <mejo@debian.org> Wed, 17 Dec 2008 21:25:45 +0100 |
1678 | |
1679 | +cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low |
1680 | + |
1681 | + * debian/initramfs/cryptroot-script: do not require that vol_id |
1682 | + can parse the encrypted device as valid (LP: #291752). |
1683 | + |
1684 | + -- Kees Cook <kees@ubuntu.com> Fri, 31 Oct 2008 13:10:06 -0700 |
1685 | + |
1686 | +cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low |
1687 | + |
1688 | + * Fixes for (LP: #272301) |
1689 | + * debian/initramfs/cryptroot-script: must source /scripts/functions to get |
1690 | + the log_*_msg() functions |
1691 | + * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle |
1692 | + |
1693 | + -- Dustin Kirkland <kirkland@ubuntu.com> Fri, 19 Sep 2008 18:03:28 -0500 |
1694 | + |
1695 | +cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low |
1696 | + |
1697 | + * drop almost all ubuntu specific changes from the cryptsetup package, |
1698 | + because they have been merged in debian. Thanks a lot! |
1699 | + * merge from debian, remaining changes: |
1700 | + - remove versioned build-depency on libdevmapper-dev, we are using a |
1701 | + rather sophisticated loop for making sure the root filesystem appears. |
1702 | + * debian/rules: fix location of ltmain.sh |
1703 | + * don't exit usplash anymore in the init script. LP: #110970, #139363 |
1704 | + * Disable error message 'failed to setup lvm device'. It is harmless, and |
1705 | + caused by the fact that the udev rules provided by lvm2 are setting up |
1706 | + the lvm on their own. In debian the scripts here are responsible for this |
1707 | + but obviously fail in ubuntu. LP: #151532 |
1708 | + |
1709 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 30 Aug 2008 17:52:16 +0200 |
1710 | + |
1711 | cryptsetup (2:1.0.6-6) unstable; urgency=high |
1712 | |
1713 | * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles |
1714 | @@ -2734,6 +4159,79 @@ cryptsetup (2:1.0.6-3) unstable; urgency=low |
1715 | |
1716 | -- Jonas Meurer <mejo@debian.org> Mon, 07 Jul 2008 00:30:07 +0200 |
1717 | |
1718 | +cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low |
1719 | + |
1720 | + * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally |
1721 | + dropped in version 2:1.0.6-2ubuntu6. |
1722 | + |
1723 | + -- Reinhard Tartler <siretart@tauware.de> Fri, 20 Jun 2008 15:15:54 +0200 |
1724 | + |
1725 | +cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low |
1726 | + |
1727 | + [ Kjell Braden ] |
1728 | + * load scripts/functions for log_{begin,end}_msg |
1729 | + * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device |
1730 | + * debian/initramfs/cryptroot-hook: copy binaries to the right directory |
1731 | + |
1732 | + [ Reinhard Tartler ] |
1733 | + * remove versioned build-depency on libdevmapper-dev, we are using a |
1734 | + rather sophisticated loop for making sure the root filesystem appears. |
1735 | + |
1736 | + -- Reinhard Tartler <siretart@tauware.de> Wed, 18 Jun 2008 00:26:43 +0200 |
1737 | + |
1738 | +cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low |
1739 | + |
1740 | + * Okay, I give up. include preprocessed manpages and adapt |
1741 | + debian/rules to easily produce those. |
1742 | + ATTENTION: on subsequent uploads, make sure that the manpages are |
1743 | + available and up-to-date. |
1744 | + |
1745 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 13:33:07 +0200 |
1746 | + |
1747 | +cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low |
1748 | + |
1749 | + * also use local dtd in debian/doc/variables.xml.in. |
1750 | + |
1751 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 12:55:42 +0200 |
1752 | + |
1753 | +cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low |
1754 | + |
1755 | + * try harder to fix FTBFS. |
1756 | + |
1757 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 11:42:54 +0200 |
1758 | + |
1759 | +cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low |
1760 | + |
1761 | + * build docbook documentation using local dtds instead of trying to |
1762 | + download them at buildtime. Fixes FTBFS. |
1763 | + |
1764 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 15 Jun 2008 11:12:28 +0200 |
1765 | + |
1766 | +cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low |
1767 | + |
1768 | + * Merge new debian version. Remaining changes: |
1769 | + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
1770 | + bzr on launchpad. |
1771 | + - debian/rules: cryptsetup is linked dynamically against libgcrypt and |
1772 | + libgpg-error. |
1773 | + - cryptdisks.functions: stop usplash on user input. LP #62751 |
1774 | + - Parse comments in lines not starting with '#', LP #185380 |
1775 | + - If the encrypted source device hasn't shown up yet, give it a |
1776 | + little while to deal with removable devices. LP #164044 |
1777 | + * Depend on race-free version of libdevmapper, thus making udevsettle |
1778 | + call from cryptsetup binary unnecessary. Dropping patch |
1779 | + debian/patches/06_run_udevsettle.patch |
1780 | + * remove patch from LP #73862, loading optimized modules has been solved |
1781 | + in debian in another way. |
1782 | + * cryptdisk.functions: remove spurious call to load_optimized_module. |
1783 | + LP: #239946 |
1784 | + * bugfix: make regex work if keyfile has extended attributes. LP: #231339. |
1785 | + * remove patch in cryptdisks.functions for rexecing the script itself for |
1786 | + ensuring that a tty is always available. (See LP #58794.) According to |
1787 | + Scott, this is not necessary anymore. |
1788 | + |
1789 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 14 Jun 2008 23:28:51 +0200 |
1790 | + |
1791 | cryptsetup (2:1.0.6-2) unstable; urgency=low |
1792 | |
1793 | [ Jonas Meurer ] |
1794 | @@ -2759,6 +4257,54 @@ cryptsetup (2:1.0.6-2) unstable; urgency=low |
1795 | |
1796 | -- David Härdeman <david@hardeman.nu> Mon, 26 May 2008 08:12:32 +0200 |
1797 | |
1798 | +cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low |
1799 | + |
1800 | + [ Kjell Braden ] |
1801 | + * Fix configuration parsing (LP: #239808) |
1802 | + |
1803 | + [ Reinhard Tartler ] |
1804 | + * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723) |
1805 | + |
1806 | + -- Reinhard Tartler <siretart@tauware.de> Fri, 13 Jun 2008 21:26:17 +0200 |
1807 | + |
1808 | +cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low |
1809 | + |
1810 | + * Parse comments in lines not starting with '#', LP: #185380 |
1811 | + * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough |
1812 | + for the cryptdevice to appear. Reimplement the busy waiting loop found |
1813 | + while waiting for the root file system. Patch based on work by Swâmi |
1814 | + Petaramesh. LP: #164044 |
1815 | + * debian/crypdisks.functions: call 'env' with full path. LP: #178829. |
1816 | + |
1817 | + -- Reinhard Tartler <siretart@tauware.de> Mon, 26 May 2008 22:12:32 +0200 |
1818 | + |
1819 | +cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low |
1820 | + |
1821 | + * Simplify the patch in debian/cryptdisks.functions that stops usplash |
1822 | + before asking for a passphrase. |
1823 | + |
1824 | + -- Reinhard Tartler <siretart@tauware.de> Mon, 26 May 2008 20:18:14 +0200 |
1825 | + |
1826 | +cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low |
1827 | + |
1828 | + * Merge new debian version. Remaining changes: |
1829 | + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
1830 | + - stop usplash on user input. LP #62751 |
1831 | + - debian/cryptdisks.functions: Always output and read from the console. |
1832 | + LP #58794. |
1833 | + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
1834 | + bzr on launchpad. |
1835 | + - debian/initramfs/cryptroot-hook: LP #73862 |
1836 | + Added patch to install aes optimized cypher module |
1837 | + - try to load optimized cypher module in cryptsetup.functions as well, |
1838 | + because cryptroot-hook is only executed when we really have a |
1839 | + cryptoroot. |
1840 | + * other ubuntu changes have been merged into debian. Please report bugs |
1841 | + if you believe some patches have been dropped. |
1842 | + * removed 07_typos_fix.patch, has been reviewed and applied upstream. |
1843 | + |
1844 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 25 May 2008 22:52:30 +0200 |
1845 | + |
1846 | cryptsetup (2:1.0.6-1) unstable; urgency=low |
1847 | |
1848 | [ Jonas Meurer ] |
1849 | @@ -2890,6 +4436,138 @@ cryptsetup (2:1.0.6~pre1-1) unstable; urgency=low |
1850 | |
1851 | -- Jonas Meurer <mejo@debian.org> Thu, 06 Dec 2007 15:56:05 +0100 |
1852 | |
1853 | +cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low |
1854 | + |
1855 | + * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181) |
1856 | + |
1857 | + -- Bruno Barrera Yever <bbyever@gmail.com> Mon, 07 Apr 2008 18:43:05 -0500 |
1858 | + |
1859 | +cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low |
1860 | + |
1861 | + * debian/initramfs/cryptroot-script: Do show the disk name after all, since |
1862 | + some people use multiple encrypted partitions as LVM PVs. (LP: #201413) |
1863 | + |
1864 | + -- Martin Pitt <martin.pitt@ubuntu.com> Sun, 06 Apr 2008 11:54:41 -0600 |
1865 | + |
1866 | +cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low |
1867 | + |
1868 | + * debian/initramfs/cryptroot-script: Do not mention the name of the |
1869 | + encrypted device. It is just technobabble anyway (sda4_crypt), and there |
1870 | + is just one root partition ever, so it is not needed to tell apart |
1871 | + different partitions. From a security POV, someone who can change your |
1872 | + initramfs to boot a different root partition can just as well change the |
1873 | + strings, too. (LP: #201413) |
1874 | + |
1875 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 02 Apr 2008 15:51:53 +0200 |
1876 | + |
1877 | +cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low |
1878 | + |
1879 | + * debian/scripts/luksformat: Use 256 bit key size by default. |
1880 | + (LP: #78508) |
1881 | + * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for |
1882 | + luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508) |
1883 | + |
1884 | + -- Martin Pitt <martin.pitt@ubuntu.com> Wed, 27 Feb 2008 17:43:46 +0100 |
1885 | + |
1886 | +cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low |
1887 | + |
1888 | + * Fix -x calls and access() call. |
1889 | + |
1890 | + -- Scott James Remnant <scott@ubuntu.com> Fri, 14 Dec 2007 16:54:53 +0000 |
1891 | + |
1892 | +cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low |
1893 | + |
1894 | + * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle |
1895 | + * debian/patches/06_call_udevsettle.dpatch: likewise |
1896 | + |
1897 | + -- Scott James Remnant <scott@ubuntu.com> Fri, 14 Dec 2007 16:11:36 +0000 |
1898 | + |
1899 | +cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low |
1900 | + |
1901 | + * Make cryptsetup understand devices specified by UUID=... or LABEL= |
1902 | + in crypttab. (LP: #153597) |
1903 | + |
1904 | + -- Andrea Colangelo <warp10@libero.it> Mon, 29 Oct 2007 18:22:51 +0100 |
1905 | + |
1906 | +cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low |
1907 | + |
1908 | + * reenable additional udevsettle calls in cryptroot hook from |
1909 | + https://launchpad.net/bugs/85640, LP: #132373. |
1910 | + * change maintainer to ubuntu-core-dev. |
1911 | + * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control. |
1912 | + |
1913 | + -- Reinhard Tartler <siretart@tauware.de> Thu, 08 Nov 2007 23:52:19 +0100 |
1914 | + |
1915 | +cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low |
1916 | + |
1917 | + * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last |
1918 | + upload. Sorry, pitti. |
1919 | + * convert patch to lib/libdevmapper.c to a dpatch. |
1920 | + |
1921 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 04 Nov 2007 21:42:43 +0100 |
1922 | + |
1923 | +cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low |
1924 | + |
1925 | + * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation |
1926 | + events are being processed by calling /sbin/udevsettle. Patch based on |
1927 | + OpenSUSE bug #285478, LP: #132373. |
1928 | + * Based on the change above, the patch from LP #85640 is no longer needed. |
1929 | + dropping the relevant parts. |
1930 | + * Fix debian/rules to not fail to build if autom4te.cache is left behind |
1931 | + from a previous incomplete build. |
1932 | + |
1933 | + -- Reinhard Tartler <siretart@tauware.de> Fri, 02 Nov 2007 20:53:31 +0100 |
1934 | + |
1935 | +cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low |
1936 | + |
1937 | + * debian/initramfs/cryptroot-script: |
1938 | + - If the supplied password worked, remove the prompt from usplash again, |
1939 | + so that the user has some visual feedback that everything is alright. |
1940 | + (LP: #151305) |
1941 | + - Do not show the UUID device node of the outer physical device. It is |
1942 | + scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not |
1943 | + improve security at all: If attackers can tamper with your initramfs, |
1944 | + they can also change the prompt, and if the UUID of the physical device |
1945 | + changes, then booting will not even get that far. Now it is a much more |
1946 | + friendly "Enter passphrase for sda5_crypt:" which is still technical, |
1947 | + but it's necessary to point out which device will be unlocked in case |
1948 | + there are several. |
1949 | + |
1950 | + -- Martin Pitt <martin.pitt@ubuntu.com> Thu, 11 Oct 2007 19:51:58 +0200 |
1951 | + |
1952 | +cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low |
1953 | + |
1954 | + * Merge new debian version. Remaining changes: |
1955 | + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
1956 | + This will break systems where /usr is a separate encrypted filesystem |
1957 | + but not have other bad consequences (in particular, systems with |
1958 | + encrypted root are still fine). The upsides include better |
1959 | + security supportability and smaller packages. |
1960 | + - libcryptsetup.so et al removed from the binary packages. They have |
1961 | + no stable ABI and are not suitable for use by other packages, and |
1962 | + were in violation of library policies etc. They're not needed since |
1963 | + the cryptsetup executable statically contains the relevant parts of |
1964 | + libcryptsetup. |
1965 | + - cryptdisks.functions: remove #!/bin/bash as it isn't a script |
1966 | + by itself; it's only sourced by other scripts. This gets rid |
1967 | + of the lintian warning `script-not-executable' for this file. |
1968 | + - stop usplash on user input. LP #62751 |
1969 | + - Always output and read from the console. LP #58794. |
1970 | + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
1971 | + bzr on launchpad. |
1972 | + - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate |
1973 | + libnsl linkage; |
1974 | + - debian/initramfs/cryptroot-hook: (LP: #73862) |
1975 | + Added patch to install aes optimized cypher module |
1976 | + - try to load optimized cypher module in cryptsetup.functions as well, |
1977 | + because cryptroot-hook is only executed when we really have a |
1978 | + cryptoroot. |
1979 | + - apply patch from pitti for allowing UUIDs in /etc/crypttab. |
1980 | + This allowes crypted PVs! LP: #144390. |
1981 | + - remove README.ubuntu, since it contains old and obsolete information. |
1982 | + |
1983 | + -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Oct 2007 21:31:28 +0200 |
1984 | + |
1985 | cryptsetup (2:1.0.5-2) unstable; urgency=low |
1986 | |
1987 | [ Jonas Meurer ] |
1988 | @@ -2938,6 +4616,68 @@ cryptsetup (2:1.0.5-2) unstable; urgency=low |
1989 | |
1990 | -- Jonas Meurer <mejo@debian.org> Mon, 24 Sep 2007 15:42:06 +0200 |
1991 | |
1992 | +cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low |
1993 | + |
1994 | + * apply patch from pitti for allowing UUIDs in /etc/crypttab. |
1995 | + This allowes crypted PVs! LP: #144390. |
1996 | + * remove README.ubuntu, since it contains old and obsolete information. |
1997 | + |
1998 | + -- Reinhard Tartler <siretart@tauware.de> Tue, 02 Oct 2007 19:59:24 +0200 |
1999 | + |
2000 | +cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low |
2001 | + |
2002 | + [ Stephan Hermann ] |
2003 | + * debian/initramfs/cryptroot-hook: (LP: #73862) |
2004 | + - Added patch to install aes optimized cypher module |
2005 | + |
2006 | + [ Reinhard Tartler ] |
2007 | + * re-applying old patch to new package version |
2008 | + * try to load optimized cypher module in cryptsetup.functions as well, |
2009 | + because cryptroot-hook is only executed when we really have a |
2010 | + cryptoroot. |
2011 | + |
2012 | + -- Reinhard Tartler <siretart@tauware.de> Thu, 27 Sep 2007 19:38:48 +0200 |
2013 | + |
2014 | +cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low |
2015 | + |
2016 | + * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate |
2017 | + libnsl linkage; should finally produce a usable cryptsetup binary for |
2018 | + the udeb. |
2019 | + |
2020 | + -- Colin Watson <cjwatson@ubuntu.com> Wed, 19 Sep 2007 15:28:52 +0100 |
2021 | + |
2022 | +cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low |
2023 | + |
2024 | + * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for |
2025 | + proper udeb dependencies. |
2026 | + |
2027 | + -- Colin Watson <cjwatson@ubuntu.com> Wed, 19 Sep 2007 01:37:02 +0100 |
2028 | + |
2029 | +cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low |
2030 | + |
2031 | + * Merge new debian version. Remaining changes: |
2032 | + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
2033 | + This will break systems where /usr is a separate encrypted filesystem |
2034 | + but not have other bad consequences (in particular, systems with |
2035 | + encrypted root are still fine). The upsides include better |
2036 | + security supportability and smaller packages. |
2037 | + - libcryptsetup.so et al removed from the binary packages. They have |
2038 | + no stable ABI and are not suitable for use by other packages, and |
2039 | + were in violation of library policies etc. They're not needed since |
2040 | + the cryptsetup executable statically contains the relevant parts of |
2041 | + libcryptsetup. |
2042 | + - cryptdisks.functions: remove #!/bin/bash as it isn't a script |
2043 | + by itself; it's only sourced by other scripts. This gets rid |
2044 | + of the lintian warning `script-not-executable' for this file. |
2045 | + - stop usplash on user input. LP #62751 |
2046 | + - Always output and read from the console. LP #58794. |
2047 | + * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using |
2048 | + bzr on launchpad. |
2049 | + * UVF exception request granted by Scott Kitterman and Chuck Short |
2050 | + LP: #138295 |
2051 | + |
2052 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 08 Sep 2007 19:04:54 +0200 |
2053 | + |
2054 | cryptsetup (2:1.0.5-1) unstable; urgency=low |
2055 | |
2056 | [ Jonas Meurer ] |
2057 | @@ -2958,6 +4698,66 @@ cryptsetup (2:1.0.5-1) unstable; urgency=low |
2058 | |
2059 | -- Jonas Meurer <mejo@debian.org> Fri, 27 Jul 2007 04:59:33 +0200 |
2060 | |
2061 | +cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low |
2062 | + |
2063 | + * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu |
2064 | + |
2065 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 08 Sep 2007 18:43:56 +0200 |
2066 | + |
2067 | +cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low |
2068 | + |
2069 | + * cryptsetup is linked dynamically against libgcrypt and libgpg-error. |
2070 | + This will break systems where /usr is a separate encrypted filesystem |
2071 | + but not have other bad consequences (in particular, systems with |
2072 | + encrypted root are still fine). The upsides include better |
2073 | + security supportability and smaller packages. |
2074 | + * libcryptsetup.so et al removed from the binary packages. They have |
2075 | + no stable ABI and are not suitable for use by other packages, and |
2076 | + were in violation of library policies etc. They're not needed since |
2077 | + the cryptsetup executable statically contains the relevant parts of |
2078 | + libcryptsetup. |
2079 | + * cryptdisks.functions: remove #!/bin/bash as it isn't a script |
2080 | + by itself; it's only sourced by other scripts. This gets rid |
2081 | + of the lintian warning `script-not-executable' for this file. |
2082 | + |
2083 | + -- Ian Jackson <iwj@ubuntu.com> Fri, 31 Aug 2007 12:05:33 +0100 |
2084 | + |
2085 | +cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low |
2086 | + |
2087 | + * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions |
2088 | + (LP: #115617) |
2089 | + |
2090 | + -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 17:04:05 +0200 |
2091 | + |
2092 | +cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low |
2093 | + |
2094 | + * make luksformat check if filesystem is already mounted to prevent a |
2095 | + strange error message. thanks to mvo for the patch (LP: #116633) |
2096 | + * remove file debian/initramfs-cryptroot-script from source. it is not |
2097 | + installed anywhere, and a leftover from the last merge. |
2098 | + * add missing hunk of cryptsetup.functions compared to debian package. |
2099 | + * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to |
2100 | + debian/initramfs/cryptroot-script, since stgraber's patch has been |
2101 | + lost in the last merge. (LP: #85640) |
2102 | + |
2103 | + -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 15:02:57 +0200 |
2104 | + |
2105 | +cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low |
2106 | + |
2107 | + * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405) |
2108 | + |
2109 | + -- Reinhard Tartler <siretart@ubuntu.com> Tue, 29 May 2007 13:31:39 +0200 |
2110 | + |
2111 | +cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low |
2112 | + |
2113 | + * Merge from Debian unstable. Remaining Ubuntu changes: |
2114 | + - stop usplash on user input. Ubuntu: #62751 |
2115 | + - Always output and read from the console. Ubuntu: #58794. |
2116 | + - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) |
2117 | + * Modify Maintainer value to match Debian-Maintainer-Field Spec |
2118 | + |
2119 | + -- Andrea Veri <bluekuja@ubuntu.com> Sun, 6 May 2007 22:33:25 +0200 |
2120 | + |
2121 | cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low |
2122 | |
2123 | * New upstream svn snapshot with several bugfixes |
2124 | @@ -3010,6 +4810,20 @@ cryptsetup (2:1.0.4+svn26-2) unstable; urgency=low |
2125 | |
2126 | -- Jonas Meurer <mejo@debian.org> Sat, 28 Apr 2007 20:45:50 +0200 |
2127 | |
2128 | +cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low |
2129 | + |
2130 | + * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) |
2131 | + |
2132 | + -- Stéphane Graber <stgraber@ubuntu.com> Thu, 14 Apr 2007 10:03:41 +0200 |
2133 | + |
2134 | +cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low |
2135 | + |
2136 | + * merge debian changes. Remaining ubuntu changes: |
2137 | + - stop usplash on user input. Ubuntu: #62751 |
2138 | + - Always output and read from the console. Ubuntu: #58794. |
2139 | + |
2140 | + -- Reinhard Tartler <siretart@tauware.de> Sat, 3 Feb 2007 21:30:03 +0100 |
2141 | + |
2142 | cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high |
2143 | |
2144 | [ Jonas Meurer ] |
2145 | @@ -3059,6 +4873,28 @@ cryptsetup (2:1.0.4+svn16-1) unstable; urgency=medium |
2146 | |
2147 | -- Jonas Meurer <mejo@debian.org> Tue, 28 Nov 2006 18:17:12 +0100 |
2148 | |
2149 | +cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low |
2150 | + |
2151 | + * fix and improve initramfs hook: terminate usplash if running, since |
2152 | + adequate secure text input is not possible with usplash ATM |
2153 | + * usplash support: Terminate usplash before asking a password. |
2154 | + Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751 |
2155 | + |
2156 | + -- Reinhard Tartler <siretart@tauware.de> Wed, 24 Jan 2007 22:43:28 +0100 |
2157 | + |
2158 | +cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low |
2159 | + |
2160 | + * merge debian changes, remaining patches: |
2161 | + - Always output and read from the console. Ubuntu: #58794. |
2162 | + * other changes have been merged or do noy apply anymore |
2163 | + * read password via usplash if available in initramfs for rootfs. based on a patch from |
2164 | + Swen Thümmler (Thanks for that!) Ubuntu #62751 |
2165 | + * read password from initscript via usplash if running. should fix the |
2166 | + rest of Ubuntu #62751. Only problem with that patch: It asks only once |
2167 | + for the password! improvements welcome! |
2168 | + |
2169 | + -- Reinhard Tartler <siretart@tauware.de> Sun, 19 Nov 2006 20:04:19 +0100 |
2170 | + |
2171 | cryptsetup (2:1.0.4-8) unstable; urgency=high |
2172 | |
2173 | [ Jonas Meurer ] |
2174 | @@ -3216,6 +5052,27 @@ cryptsetup (2:1.0.4~rc2-1) unstable; urgency=low |
2175 | |
2176 | -- Jonas Meurer <mejo@debian.org> Mon, 4 Sep 2006 03:55:35 +0200 |
2177 | |
2178 | +cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low |
2179 | + |
2180 | + * Always output and read from the console. Ubuntu: #58794. |
2181 | + |
2182 | + -- Scott James Remnant <scott@ubuntu.com> Thu, 21 Sep 2006 03:05:18 +0100 |
2183 | + |
2184 | +cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low |
2185 | + |
2186 | + * Load the dm-crypt module on startup. Ubuntu: #53475. |
2187 | + |
2188 | + -- Scott James Remnant <scott@ubuntu.com> Wed, 23 Aug 2006 11:53:49 +0200 |
2189 | + |
2190 | +cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low |
2191 | + |
2192 | + * Sync with Debian: |
2193 | + Remaining Ubuntu Changes |
2194 | + + debian/cryptdisks.functions: |
2195 | + - Tell usplash to quit if we ask for a passphrase |
2196 | + |
2197 | + -- Sebastian Dröge <slomo@ubuntu.com> Tue, 11 Jul 2006 20:03:27 +0200 |
2198 | + |
2199 | cryptsetup (2:1.0.3-3) unstable; urgency=low |
2200 | |
2201 | [ Jonas Meurer ] |
2202 | diff --git a/debian/control b/debian/control |
2203 | index b53fcda..d218d7a 100644 |
2204 | --- a/debian/control |
2205 | +++ b/debian/control |
2206 | @@ -1,7 +1,8 @@ |
2207 | Source: cryptsetup |
2208 | Section: admin |
2209 | Priority: optional |
2210 | -Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net> |
2211 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
2212 | +XSBC-Original-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net> |
2213 | Uploaders: Jonas Meurer <jonas@freesources.org>, |
2214 | Guilhem Moulin <guilhem@debian.org> |
2215 | Rules-Requires-Root: no |
2216 | @@ -43,7 +44,8 @@ Depends: cryptsetup-bin (>= 2:1.6.0), |
2217 | dmsetup, |
2218 | ${misc:Depends}, |
2219 | ${shlibs:Depends} |
2220 | -Suggests: cryptsetup-initramfs, dosfstools, keyutils, liblocale-gettext-perl |
2221 | +Recommends: cryptsetup-initramfs |
2222 | +Suggests: dosfstools, keyutils, liblocale-gettext-perl |
2223 | Replaces: cryptsetup-run (<< 2:2.1.0-6) |
2224 | Breaks: cryptsetup-run (<< 2:2.1.0-6) |
2225 | Description: disk encryption support - startup scripts |
2226 | @@ -94,11 +96,11 @@ Description: disk encryption support - experimental SSH token handler |
2227 | |
2228 | Package: cryptsetup-initramfs |
2229 | Architecture: all |
2230 | -Depends: busybox | busybox-static, |
2231 | +Depends: busybox-initramfs, |
2232 | cryptsetup (>= ${source:Version}), |
2233 | initramfs-tools (>= 0.137) | linux-initramfs-tool, |
2234 | ${misc:Depends} |
2235 | -Recommends: console-setup, kbd |
2236 | +Recommends: console-setup, kbd, plymouth |
2237 | Breaks: cryptsetup (<< 2:2.0.3-1) |
2238 | Replaces: cryptsetup (<< 2:2.0.3-1) |
2239 | Conflicts: lvm2 (<< 2.03.15-1) |
2240 | @@ -111,7 +113,7 @@ Description: disk encryption support - initramfs integration |
2241 | This package provides initramfs integration for cryptsetup. |
2242 | |
2243 | Package: cryptsetup-suspend |
2244 | -Architecture: linux-any |
2245 | +Architecture: amd64 arm64 armhf ppc64el riscv64 s390x |
2246 | Multi-Arch: foreign |
2247 | Depends: cryptsetup-initramfs (>= ${source:Version}), |
2248 | initramfs-tools-core, |
2249 | diff --git a/debian/functions b/debian/functions |
2250 | index 917abad..73f5f2a 100644 |
2251 | --- a/debian/functions |
2252 | +++ b/debian/functions |
2253 | @@ -603,6 +603,7 @@ _resolve_device() { |
2254 | # Print the major:minor device ID(s) holding the file system currently |
2255 | # mounted currenty mounted on $mountpoint. |
2256 | # Return 0 on success, 1 on error (if $mountpoint is not a mountpoint). |
2257 | +# devno will be empty if the filesystem must be excluded. |
2258 | get_mnt_devno() { |
2259 | local wantmount="$1" devnos="" uuid dev IFS |
2260 | local spec mountpoint fstype _ DEV MAJ MIN |
2261 | @@ -616,8 +617,15 @@ get_mnt_devno() { |
2262 | # take the last mountpoint if used several times (shadowed) |
2263 | unset -v devnos |
2264 | spec="$(printf '%b' "$spec")" |
2265 | - _resolve_device "$spec" || continue # _resolve_device() already warns on error |
2266 | fstype="$(printf '%b' "$fstype")" |
2267 | + if [ "$fstype" = "zfs" ]; then |
2268 | + # Ignore ZFS entries as they don't have a major/minor and won't |
2269 | + # be imported when local-top cryptroot script will ran. |
2270 | + # Returns success with empty devno |
2271 | + printf '' |
2272 | + return 0 |
2273 | + fi |
2274 | + _resolve_device "$spec" || continue # _resolve_device() already warns on error |
2275 | if [ "$fstype" = "btrfs" ]; then |
2276 | # btrfs can span over multiple devices |
2277 | if uuid="$(_device_uuid "$DEV")"; then |
2278 | diff --git a/debian/initramfs/cryptroot-unlock b/debian/initramfs/cryptroot-unlock |
2279 | index dbc2ad0..0e91701 100644 |
2280 | --- a/debian/initramfs/cryptroot-unlock |
2281 | +++ b/debian/initramfs/cryptroot-unlock |
2282 | @@ -40,8 +40,14 @@ fi |
2283 | pgrep_exe() { |
2284 | local exe pid |
2285 | exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0 |
2286 | - ps -eo pid= | while read pid; do |
2287 | - [ "$(readlink -f "/proc/$pid/exe")" != "$exe" ] || printf '%d\n' "$pid" |
2288 | + ps | awk '{print $1, $5}' | while read LINE; do |
2289 | + set $LINE |
2290 | + local pid=$1 |
2291 | + local cmd=$(readlink -f -- "$2") |
2292 | + if [ "$cmd" == "$exe" ]; then |
2293 | + echo $pid |
2294 | + break |
2295 | + fi |
2296 | done |
2297 | } |
2298 | |
2299 | @@ -101,7 +107,7 @@ wait_for_prompt() { |
2300 | break |
2301 | fi |
2302 | |
2303 | - usleep 100000 |
2304 | + sleep 0.1 |
2305 | timer=$(( $timer - 1 )) |
2306 | if [ $timer -le 0 ]; then |
2307 | echo "Error: Timeout reached while waiting for askpass." >&2 |
2308 | @@ -112,7 +118,7 @@ wait_for_prompt() { |
2309 | # find the cryptsetup process with same $CRYPTTAB_NAME |
2310 | local o v |
2311 | for o in NAME TRIED OPTION_tries; do |
2312 | - if v="$(grep -z -m1 "^CRYPTTAB_$o=" "/proc/$pid/environ")"; then |
2313 | + if v="$(tr '\0' '\n' < "/proc/$pid/environ" | grep -m1 "^CRYPTTAB_$o=")"; then |
2314 | eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}" |
2315 | else |
2316 | eval unset -v "CRYPTTAB_$o" |
2317 | @@ -128,7 +134,7 @@ wait_for_prompt() { |
2318 | fi |
2319 | |
2320 | for pid in $(pgrep_exe "/sbin/cryptsetup"); do |
2321 | - if grep -Fxqz "CRYPTTAB_NAME=$CRYPTTAB_NAME" "/proc/$pid/environ"; then |
2322 | + if tr '\0' '\n' < "/proc/$pid/environ" | grep -Fxq "CRYPTTAB_NAME=$CRYPTTAB_NAME"; then |
2323 | PID=$pid |
2324 | BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break |
2325 | return 0 |
2326 | @@ -148,7 +154,7 @@ wait_for_prompt() { |
2327 | wait_for_answer() { |
2328 | local timer=$(( 10 * $TIMEOUT )) b |
2329 | while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do |
2330 | - usleep 100000 |
2331 | + sleep 0.1 |
2332 | timer=$(( $timer - 1 )) |
2333 | if [ $timer -le 0 ]; then |
2334 | echo "Error: Timeout reached while waiting for PID $PID." >&2 |
2335 | diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot |
2336 | index 3557786..eda5fdd 100644 |
2337 | --- a/debian/initramfs/hooks/cryptroot |
2338 | +++ b/debian/initramfs/hooks/cryptroot |
2339 | @@ -178,16 +178,18 @@ generate_initrd_crypttab() { |
2340 | |
2341 | { |
2342 | if devnos="$(get_mnt_devno /)"; then |
2343 | - usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos |
2344 | + if [ -n "$devnos" ]; then |
2345 | + usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos |
2346 | + fi |
2347 | else |
2348 | cryptsetup_message "WARNING: Couldn't determine root device" |
2349 | fi |
2350 | |
2351 | - if devnos="$(get_resume_devno)"; then |
2352 | + if devnos="$(get_resume_devno)" && [ -n "$devnos" ]; then |
2353 | usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos |
2354 | fi |
2355 | |
2356 | - if devnos="$(get_mnt_devno /usr)"; then |
2357 | + if devnos="$(get_mnt_devno /usr)" && [ -n "$devnos" ]; then |
2358 | usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos |
2359 | fi |
2360 | |
2361 | diff --git a/debian/patches/decrease_memlock_ulimit.patch b/debian/patches/decrease_memlock_ulimit.patch |
2362 | new file mode 100644 |
2363 | index 0000000..a9fd0d1 |
2364 | --- /dev/null |
2365 | +++ b/debian/patches/decrease_memlock_ulimit.patch |
2366 | @@ -0,0 +1,49 @@ |
2367 | +Description: Decrease memlock limit to mimic Xenial builder behavior. |
2368 | + This approach prevents cryptsetup to FTBFS, since the PPA builders were |
2369 | + upgraded to Bionic, which has a bigger memlock limit (but not enough). |
2370 | + With this quirk, cryptsetup won't mlock() its memory allocationss, hence |
2371 | + it behaves exactly as the Xenial builders. Meanwhile, we pursue the |
2372 | + proper fix (systemd patch to bump memlock to a higher limit on Bionic). |
2373 | +Author: Guilherme G. Piccoli <gpiccoli@canonical.com> |
2374 | +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1891473 |
2375 | +Last-Update: 2020-09-09 |
2376 | + |
2377 | +--- a/tests/compat-test |
2378 | ++++ b/tests/compat-test |
2379 | +@@ -47,6 +47,10 @@ |
2380 | + LOOPDEV=$(losetup -f 2>/dev/null) |
2381 | + FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null) |
2382 | + |
2383 | ++# Circumvent test failure due to Bionic builder; we need to decrease |
2384 | ++# the memlock limit here to mimic Xenial builder (see LP #1891473). |
2385 | ++ulimit -l 0 |
2386 | ++ |
2387 | + function remove_mapping() |
2388 | + { |
2389 | + [ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 >/dev/null 2>&1 |
2390 | +--- a/tests/luks2-validation-test |
2391 | ++++ b/tests/luks2-validation-test |
2392 | +@@ -21,6 +21,10 @@ |
2393 | + |
2394 | + [ -z "$srcdir" ] && srcdir="." |
2395 | + |
2396 | ++# Circumvent test failure due to Bionic builder; we need to decrease |
2397 | ++# the memlock limit here to mimic Xenial builder (see LP #1891473). |
2398 | ++ulimit -l 0 |
2399 | ++ |
2400 | + function remove_mapping() |
2401 | + { |
2402 | + rm -rf $IMG $TST_IMGS >/dev/null 2>&1 |
2403 | +--- a/tests/tcrypt-compat-test |
2404 | ++++ b/tests/tcrypt-compat-test |
2405 | +@@ -16,6 +16,10 @@ |
2406 | + |
2407 | + [ -z "$srcdir" ] && srcdir="." |
2408 | + |
2409 | ++# Circumvent test failure due to Bionic builder; we need to decrease |
2410 | ++# the memlock limit here to mimic Xenial builder (see LP #1891473). |
2411 | ++ulimit -l 0 |
2412 | ++ |
2413 | + function remove_mapping() |
2414 | + { |
2415 | + [ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP |
2416 | diff --git a/debian/patches/series b/debian/patches/series |
2417 | index f64f6f7..e19ab24 100644 |
2418 | --- a/debian/patches/series |
2419 | +++ b/debian/patches/series |
2420 | @@ -2,3 +2,4 @@ Try-to-avoid-OOM-killer-on-low-memory-systems-without-swa.patch |
2421 | Print-warning-when-keyslot-requires-more-memory-than-avai.patch |
2422 | Check-for-physical-memory-available-also-in-PBKDF-benchma.patch |
2423 | Use-only-half-of-detected-free-memory-on-systems-without-.patch |
2424 | +decrease_memlock_ulimit.patch |
2425 | diff --git a/debian/rules b/debian/rules |
2426 | index 757085c..08074b4 100755 |
2427 | --- a/debian/rules |
2428 | +++ b/debian/rules |
2429 | @@ -87,8 +87,10 @@ override_dh_bugfiles: |
2430 | execute_after_dh_fixperms-arch: |
2431 | chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/* |
2432 | chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_* |
2433 | +ifneq ($(DEB_HOST_ARCH),i386) |
2434 | chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper |
2435 | chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown |
2436 | +endif |
2437 | ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES))) |
2438 | chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/* |
2439 | chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_* |
2440 | diff --git a/debian/tests/control b/debian/tests/control |
2441 | index 52752a3..0b7e9be 100644 |
2442 | --- a/debian/tests/control |
2443 | +++ b/debian/tests/control |
2444 | @@ -42,8 +42,9 @@ Depends: cryptsetup-bin, |
2445 | sshpass |
2446 | Restrictions: needs-root, isolation-machine |
2447 | |
2448 | - |
2449 | -Tests: cryptdisks, cryptdisks.init |
2450 | +# cryptdisks test is disabled - it fails to open /dev/tty in CI |
2451 | +#Tests: cryptdisks, cryptdisks.init |
2452 | +Tests: cryptdisks.init |
2453 | Depends: cryptsetup, xxd |
2454 | Restrictions: allow-stderr, needs-root, isolation-machine |
2455 | |
2456 | diff --git a/debian/tests/cryptroot-lvm.d/mock b/debian/tests/cryptroot-lvm.d/mock |
2457 | index f57e42f..f777763 100755 |
2458 | --- a/debian/tests/cryptroot-lvm.d/mock |
2459 | +++ b/debian/tests/cryptroot-lvm.d/mock |
2460 | @@ -36,8 +36,13 @@ else { |
2461 | expect($SERIAL => qr/(?:^|\s)?PM: suspend exit\r\n/m); |
2462 | unlock_disk("topsecret"); |
2463 | |
2464 | - # consume PS1 to make sure we're at a shell prompt |
2465 | - expect($CONSOLE => qr/\A $PS1 \z/aamsx); |
2466 | + # suspend() leaves clutter in the console due to the retries |
2467 | + # that prevents test from succeeding. |
2468 | + consume($CONSOLE); |
2469 | + |
2470 | + # ensure that shell is available |
2471 | + shell(q{echo ready}, rv => 0); |
2472 | + |
2473 | my $out = shell(q{dmsetup info -c --noheadings -omangled_name,suspended --separator ' '}); |
2474 | die if grep !/[:[:blank:]]Active$/i, split(/\r?\n/, $out); |
2475 | |
2476 | diff --git a/debian/tests/cryptroot-nested.d/config b/debian/tests/cryptroot-nested.d/config |
2477 | index 995200c..fcfba32 100644 |
2478 | --- a/debian/tests/cryptroot-nested.d/config |
2479 | +++ b/debian/tests/cryptroot-nested.d/config |
2480 | @@ -1,6 +1,13 @@ |
2481 | PKGS_EXTRA+=( btrfs-progs lvm2 mdadm ) |
2482 | PKGS_EXTRA+=( cryptsetup-initramfs ) |
2483 | |
2484 | +# "$DISTRIBUTOR_ID" is defined in ../utils/cryptroot-common |
2485 | +# Workaround for LP1831747 https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1831747 |
2486 | +# Add implicit dependency of cryptsetup-initramfs |
2487 | +if [ "$DISTRIBUTOR_ID" = "ubuntu" ]; then |
2488 | + PKGS_EXTRA+=( e2fsprogs ) |
2489 | +fi |
2490 | + |
2491 | # /dev/mapper/testvg-lv1_crypt and /dev/vdc are both 1G and used in RAID1 mode |
2492 | DRIVE_SIZES=( "1G" "264M" "1G" "512M" ) |
2493 | |
2494 | diff --git a/debian/tests/cryptroot-sysvinit.d/config b/debian/tests/cryptroot-sysvinit.d/config |
2495 | index f6b7392..1d41c24 100644 |
2496 | --- a/debian/tests/cryptroot-sysvinit.d/config |
2497 | +++ b/debian/tests/cryptroot-sysvinit.d/config |
2498 | @@ -1,5 +1,10 @@ |
2499 | PKGS_EXTRA+=( e2fsprogs ) # for fsck.ext4 |
2500 | PKGS_EXTRA+=( cryptsetup-initramfs cryptsetup ) |
2501 | -PKG_INIT="sysvinit-core" |
2502 | - |
2503 | +# "$DISTRIBUTOR_ID" is defined in ../utils/cryptroot-common |
2504 | +case "$DISTRIBUTOR_ID" in |
2505 | + debian) PKG_INIT="sysvinit-core";; |
2506 | + ubuntu) PKG_INIT="systemd-sysv";; |
2507 | + *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't determine default init package" >&2; |
2508 | + exit 1;; |
2509 | +esac |
2510 | # vim: set filetype=bash : |
2511 | diff --git a/debian/tests/initramfs-hook b/debian/tests/initramfs-hook |
2512 | index 4171102..f58e6f5 100755 |
2513 | --- a/debian/tests/initramfs-hook |
2514 | +++ b/debian/tests/initramfs-hook |
2515 | @@ -63,6 +63,20 @@ mkinitramfs() { |
2516 | # `mkinitramfs -k` would be better but we can't set $DESTDIR in advance |
2517 | cleanup_initrd_dir |
2518 | command unmkinitramfs "$INITRD_IMG" "$INITRD_DIR" |
2519 | + |
2520 | + # find subdirectory with the root file system relative to the cryptsetup location |
2521 | + CRYPTSETUP_PATH=sbin/cryptsetup |
2522 | + ROOTFS_DIR=`find "$INITRD_DIR" -name cryptsetup | grep "/usr/$CRYPTSETUP_PATH" | sed -e "s|/usr/$CRYPTSETUP_PATH||"` |
2523 | + |
2524 | + if [[ -z "$ROOTFS_DIR" ]]; then |
2525 | + ROOTFS_DIR=`find "$INITRD_DIR" -name cryptsetup | grep "/$CRYPTSETUP_PATH" | sed -e "s|/$CRYPTSETUP_PATH||"` |
2526 | + fi |
2527 | + |
2528 | + if [[ ! -z "$ROOTFS_DIR" ]] && [[ "$ROOTFS_DIR" != "$INITRD_DIR" ]] && [[ -d "$ROOTFS_DIR" ]]; then |
2529 | + echo move root filesystem from "$ROOTFS_DIR" to "$INITRD_DIR" |
2530 | + mv "$ROOTFS_DIR"/* "$INITRD_DIR" |
2531 | + fi |
2532 | + |
2533 | for d in dev proc sys; do |
2534 | mkdir -p "$INITRD_DIR/$d" |
2535 | mount --bind "/$d" "$INITRD_DIR/$d" |
2536 | @@ -190,9 +204,9 @@ cryptsetup close test3_crypt |
2537 | # plain, blowfish + ripemd160 (ignored due to keyfile) |
2538 | disk_setup |
2539 | head -c32 /dev/urandom >"$TMPDIR/keyfile" |
2540 | -cryptsetup open --type=plain --cipher="blowfish" --key-file="$TMPDIR/keyfile" --size=256 --hash="ripemd160" "$CRYPT_DEV" test3_crypt |
2541 | +cryptsetup open --type=plain --cipher="blowfish" --key-file="$TMPDIR/keyfile" --hash="ripemd160" "$CRYPT_DEV" test3_crypt |
2542 | mkfs.ext2 -m0 /dev/mapper/test3_crypt |
2543 | -echo "test3_crypt $CRYPT_DEV $TMPDIR/keyfile plain,cipher=blowfish,hash=ripemd160,size=256,initramfs" >/etc/crypttab |
2544 | +echo "test3_crypt $CRYPT_DEV $TMPDIR/keyfile plain,cipher=blowfish,hash=ripemd160,initramfs" >/etc/crypttab |
2545 | mkinitramfs |
2546 | legacy_so="$(find "$INITRD_DIR" -xdev -type f -path "*/ossl-modules/legacy.so")" |
2547 | test -z "$legacy_so" || exit 1 # don't need legacy.so here |
2548 | diff --git a/debian/tests/utils/cryptroot-common b/debian/tests/utils/cryptroot-common |
2549 | index a7df37f..8cedda0 100755 |
2550 | --- a/debian/tests/utils/cryptroot-common |
2551 | +++ b/debian/tests/utils/cryptroot-common |
2552 | @@ -81,6 +81,7 @@ load_os_release() { |
2553 | } |
2554 | case "${DISTRIBUTOR_ID:="$(load_os_release && printf "%s" "${ID,,[A-Z]}")"}" in |
2555 | debian) APT_REPO_ORIGIN="Debian"; APT_REPO_URI="http://deb.debian.org/debian";; |
2556 | + ubuntu) APT_REPO_ORIGIN="Ubuntu"; APT_REPO_URI="http://archive.ubuntu.com/ubuntu";; |
2557 | # suitable values for derivative can be added here |
2558 | *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract APT origin" >&2; |
2559 | exit 1;; |
2560 | @@ -164,6 +165,12 @@ case "$BOOT" in |
2561 | efi) PKG_BOOTLOADER="grub-efi";; |
2562 | *) echo "ERROR unknown boot method '$BOOT'" >&2; exit 1;; |
2563 | esac |
2564 | + |
2565 | +if [ "$DISTRIBUTOR_ID" = "ubuntu" ]; then |
2566 | + echo "Overriding kernel arch to generic" |
2567 | + KERNEL_ARCH="generic" |
2568 | +fi |
2569 | + |
2570 | PKG_KERNEL="linux-image-$KERNEL_ARCH" |
2571 | PKG_INIT="systemd-sysv" # default pid1 |
2572 | MERGED_USR="" # use default layout for the target version |
2573 | @@ -301,6 +308,12 @@ setup_apt() { |
2574 | esac >"$TEMPDIR/apt/sources.list" |
2575 | fi |
2576 | |
2577 | + # ubuntu CI populates sources.list.d with PPA source, append them to the list |
2578 | + if [ "$DISTRIBUTOR_ID" = "ubuntu" -a -d /etc/apt/sources.list.d ]; then |
2579 | + echo "Append contents of /etc/apt/sources.list.d to $TEMPDIR/apt/sources.list" |
2580 | + find /etc/apt/sources.list.d -type f | xargs cat >> "$TEMPDIR/apt/sources.list" |
2581 | + fi |
2582 | + |
2583 | local apt_repo |
2584 | for apt_repo in "${EXTRA_REPOS[@]}"; do |
2585 | printf "%s\\n" "$apt_repo" >>"$TEMPDIR/apt/sources.list" |
2586 | @@ -416,9 +429,20 @@ extract_kernel() { |
2587 | fi |
2588 | |
2589 | mkdir "$destdir" |
2590 | - dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \ |
2591 | - "./boot/vmlinuz-$KERNEL_VERSION" \ |
2592 | - "./lib/modules/$KERNEL_VERSION" |
2593 | + if [ "$DISTRIBUTOR_ID" == "debian" ]; then |
2594 | + dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \ |
2595 | + "./boot/vmlinuz-$KERNEL_VERSION" \ |
2596 | + "./lib/modules/$KERNEL_VERSION" |
2597 | + elif [ "$DISTRIBUTOR_ID" == "ubuntu" ]; then |
2598 | + dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \ |
2599 | + "./boot/vmlinuz-$KERNEL_VERSION"; MODULES_DEB="$(echo $KERNEL_DEB | sed s/-image-/-modules-/)"; \ |
2600 | + dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$MODULES_DEB" | tar -C "$destdir" -xf- \ |
2601 | + "./lib/modules/$KERNEL_VERSION" |
2602 | + else |
2603 | + echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract kernel" >&2 |
2604 | + exit 1 |
2605 | + fi |
2606 | + |
2607 | ln -T -- "$destdir/boot/vmlinuz-$KERNEL_VERSION" "$TEMPDIR/vmlinuz-$KERNEL_VERSION" |
2608 | } |
2609 | |
2610 | diff --git a/debian/tests/utils/mock.pm b/debian/tests/utils/mock.pm |
2611 | index 10db3e6..2425d87 100644 |
2612 | --- a/debian/tests/utils/mock.pm |
2613 | +++ b/debian/tests/utils/mock.pm |
2614 | @@ -97,6 +97,26 @@ sub expect(;$$) { |
2615 | #print STDERR "INFO done reading\n"; |
2616 | } |
2617 | |
2618 | +sub consume($) { |
2619 | + my $chan = shift; |
2620 | + my $buffer = defined $chan ? \$BUFFER{$chan} : undef; |
2621 | + if (! defined $buffer) { |
2622 | + return; |
2623 | + } |
2624 | + |
2625 | + while(unpack("b*", $RBITS) != 0) { |
2626 | + my $rout = $RBITS; |
2627 | + if (select($rout, undef, undef, 1) == -1) { |
2628 | + return; |
2629 | + } |
2630 | + read_data($rout); |
2631 | + if (length($$buffer) == 0) { |
2632 | + return; |
2633 | + } |
2634 | + $$buffer = ""; |
2635 | + } |
2636 | +} |
2637 | + |
2638 | sub write_data($$%) { |
2639 | my $chan = shift; |
2640 | my $data = shift; |
2641 | @@ -167,11 +187,13 @@ BEGIN { |
2642 | hibernate |
2643 | poweroff |
2644 | expect |
2645 | + consume |
2646 | /; |
2647 | } |
2648 | |
2649 | *expect = \&CryptrootTest::Utils::expect; |
2650 | *write_data = \&CryptrootTest::Utils::write_data; |
2651 | +*consume = \&CryptrootTest::Utils::consume; |
2652 | |
2653 | sub unlock_disk($) { |
2654 | my $passphrase = shift; |
2655 | @@ -228,7 +250,9 @@ sub shell($%) { |
2656 | |
2657 | # enter S3 sleep state (suspend to ram aka standby) |
2658 | sub suspend() { |
2659 | - write_data($CONSOLE => q{systemctl suspend}); |
2660 | + # there is a race condition that causes suspend to fail. |
2661 | + # retry until success. Note, this may leave clutter in the console |
2662 | + write_data($CONSOLE => q{until systemctl suspend; do sleep 1; done}); |
2663 | # while the command is asynchronous the system might suspend before |
2664 | # we have a chance to read the next $PS1 |
2665 |
Upgrade succeeds:
$ sudo apt upgrade initramfs libcryptsetup12 /ppa.launchpadc ontent. net/vpa1977/ cryptsetup/ ubuntu mantic/main amd64 cryptsetup- initramfs all 2:2.6.1- 4ubuntu1~ ppa1 [38.8 kB] /ppa.launchpadc ontent. net/vpa1977/ cryptsetup/ ubuntu mantic/main amd64 libcryptsetup12 amd64 2:2.6.1- 4ubuntu1~ ppa1 [243 kB] /ppa.launchpadc ontent. net/vpa1977/ cryptsetup/ ubuntu mantic/main amd64 cryptsetup-bin amd64 2:2.6.1- 4ubuntu1~ ppa1 [502 kB] /ppa.launchpadc ontent. net/vpa1977/ cryptsetup/ ubuntu mantic/main amd64 cryptsetup amd64 2:2.6.1- 4ubuntu1~ ppa1 [218 kB] initramfs_ 2%3a2.6. 1-4ubuntu1~ ppa1_all. deb ... initramfs (2:2.6. 1-4ubuntu1~ ppa1) over (2:2.6.1-1ubuntu1) . up12_2% 3a2.6.1- 4ubuntu1~ ppa1_amd64. deb ... :amd64 (2:2.6. 1-4ubuntu1~ ppa1) over (2:2.6.1-1ubuntu1) bin_2%3a2. 6.1-4ubuntu1~ ppa1_amd64. deb ... 1-4ubuntu1~ ppa1) over (2:2.6.1-1ubuntu1) ... 2%3a2.6. 1-4ubuntu1~ ppa1_amd64. deb ... 1-4ubuntu1~ ppa1) over (2:2.6.1-1ubuntu1) ... :amd64 (2:2.6. 1-4ubuntu1~ ppa1) ... 1-4ubuntu1~ ppa1) ... 1-4ubuntu1~ ppa1) ... initramfs (2:2.6. 1-4ubuntu1~ ppa1) ... img-6.2. 0-21-generic
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
cryptsetup cryptsetup-bin cryptsetup-
4 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,001 kB of archives.
After this operation, 1,752 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 https:/
Get:2 https:/
Get:3 https:/
Get:4 https:/
Fetched 1,001 kB in 8s (127 kB/s)
Preconfiguring packages ...
(Reading database ... 204515 files and directories currently installed.)
Preparing to unpack .../cryptsetup-
Unpacking cryptsetup-
..
Preparing to unpack .../libcryptset
Unpacking libcryptsetup12
...
Preparing to unpack .../cryptsetup-
Unpacking cryptsetup-bin (2:2.6.
Preparing to unpack .../cryptsetup_
Unpacking cryptsetup (2:2.6.
Setting up libcryptsetup12
Setting up cryptsetup-bin (2:2.6.
Setting up cryptsetup (2:2.6.
Setting up cryptsetup-
update-initramfs: deferring update (trigger activated)
Processing triggers for libc-bin (2.37-0ubuntu2) ...
Processing triggers for man-db (2.11.2-2) ...
Processing triggers for initramfs-tools (0.142ubuntu2) ...
update-initramfs: Generating /boot/initrd.
$