1
diff --git a/debian/changelog b/debian/changelog
2
index f8452c3..21a48c1 100644
3
--- a/debian/changelog
4
+++ b/debian/changelog
5
@@ -1,3 +1,34 @@
6
1
cryptsetup (2:2.6.1-4ubuntu1) mantic; urgency=medium
7
2
8
3
  * Merge with Debian unstable (LP: #2019292). Remaining changes:
9
4
    - debian/control:
10
5
      + Recommend plymouth.
11
6
      + Depend on busybox-initramfs instead of busybox | busybox-static.
12
7
      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
13
8
      + Do not build cryptsetup-suspend binary package on i386.
14
9
    - Fix cryptroot-unlock for busybox compatibility.
15
10
    - Fix warning and error when running on ZFS on root
16
11
      - d/functions: Return an empty devno for ZFS devices as they don't have
17
12
        major:minor device numbers.
18
13
      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
19
14
        when devices don't have a devno.
20
15
    - debian/patches/decrease_memlock_ulimit.patch
21
16
      Fixed FTBFS due to a restricted build environment
22
17
    - Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522)
23
18
      + debian/tests/utils/mock.pm: return from consume() function if select()
24
19
        times out or fails
25
20
      + debian/tests/utils/cryptroot-common: fix apt source and kernel package
26
21
        names for Ubuntu
27
22
      + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu
28
23
        cryptroot-sysvinit package test
29
24
      + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add
30
25
        workaround for LP1831747 by adding a e2fsprogs dependency
31
26
      + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and
32
27
        allow blowfish test use 64Mb of provisioned space (drop --size)
33
28
      + debian/tests/control: disable cryptdisks test
34
29
35
30
 -- Vladimir Petko <vladimir.petko@canonical.com>  Mon, 15 May 2023 09:55:25 +1200
36
31
37
1
cryptsetup (2:2.6.1-4) unstable; urgency=medium
32
cryptsetup (2:2.6.1-4) unstable; urgency=medium
38
2
33
39
3
  * Backport upstream MR !498, see #1028250:
34
  * Backport upstream MR !498, see #1028250:
40
@@ -32,6 +63,37 @@ cryptsetup (2:2.6.1-2) unstable; urgency=medium
41
32
63
42
33
 -- Guilhem Moulin <guilhem@debian.org>  Thu, 02 Mar 2023 05:01:53 +0100
64
 -- Guilhem Moulin <guilhem@debian.org>  Thu, 02 Mar 2023 05:01:53 +0100
43
34
65
44
66
cryptsetup (2:2.6.1-1ubuntu1) lunar; urgency=low
45
67
46
68
  * Merge with Debian unstable (LP: #2004423). Remaining changes:
47
69
    - debian/control:
48
70
      + Recommend plymouth.
49
71
      + Depend on busybox-initramfs instead of busybox | busybox-static.
50
72
      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
51
73
      + Do not build cryptsetup-suspend binary package on i386.
52
74
    - Fix cryptroot-unlock for busybox compatibility.
53
75
    - Fix warning and error when running on ZFS on root
54
76
      - d/functions: Return an empty devno for ZFS devices as they don't have
55
77
        major:minor device numbers.
56
78
      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
57
79
        when devices don't have a devno.
58
80
    - debian/patches/decrease_memlock_ulimit.patch
59
81
      Fixed FTBFS due to a restricted build environment
60
82
    - Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522)
61
83
      + debian/tests/utils/mock.pm: return from consume() function if select()
62
84
        times out or fails
63
85
      + debian/tests/utils/cryptroot-common: fix apt source and kernel package
64
86
        names for Ubuntu
65
87
      + debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu
66
88
        cryptroot-sysvinit package test
67
89
      + debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add
68
90
        workaround for LP1831747 by adding a e2fsprogs dependency
69
91
      + debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and
70
92
        allow blowfish test use 64Mb of provisioned space (drop --size)
71
93
      + debian/tests/control: disable cryptdisks test
72
94
73
95
 -- Vladimir Petko <vladimir.petko@canonical.com>  Mon, 13 Feb 2023 15:57:18 +1300
74
96
75
35
cryptsetup (2:2.6.1-1) unstable; urgency=medium
97
cryptsetup (2:2.6.1-1) unstable; urgency=medium
76
36
98
77
37
  * New upstream bugfix release.
99
  * New upstream bugfix release.
78
@@ -81,6 +143,54 @@ cryptsetup (2:2.6.0~rc0-1) experimental; urgency=medium
79
81
143
80
82
 -- Guilhem Moulin <guilhem@debian.org>  Sat, 19 Nov 2022 17:30:40 +0100
144
 -- Guilhem Moulin <guilhem@debian.org>  Sat, 19 Nov 2022 17:30:40 +0100
81
83
145
82
146
cryptsetup (2:2.5.0-6ubuntu3) lunar; urgency=medium
83
147
84
148
  * Fix cryptroot-lvm autopkgtest on Ubuntu. (LP: #1983522)
85
149
    - debian/tests/control: enable cryptroot-lvm
86
150
    - debian/tests/utils/mock.pm: return from consume() function if select()
87
151
      times out or fails
88
152
89
153
 -- Vladimir Petko <vladimir.petko@canonical.com>  Fri, 02 Dec 2022 15:53:42 +1300
90
154
91
155
cryptsetup (2:2.5.0-6ubuntu2) lunar; urgency=medium
92
156
93
157
  * Fix cryptroot-* autopkgtests on Ubuntu. (LP: #1983522)
94
158
    - debian/tests/utils/cryptroot-common: fix apt source and kernel package
95
159
      names for Ubuntu
96
160
    - debian/tests/cryptroot-sysvinit.d: use systemd-sysv init for Ubuntu
97
161
      cryptroot-sysvinit package test
98
162
    - debian/tests/cryptroot-nested.d: fix cryptsetup-nested test, add
99
163
      workaround for LP1831747 by adding a e2fsprogs dependency
100
164
    - debian/tests/control: disable cryptdisks, cryptroot-lvm due to CI
101
165
      failures and update comments
102
166
    - debian/tests/utils/mock.pm: fix cryptoroot-lvm test adding retries to the
103
167
      suspend operation and consuming the console buffer before making
104
168
      assertions. It still hangs in CI and requires further work.
105
169
    - debian/tests/initramfs-hook: fix test's initramfs layout for Ubuntu and
106
170
      allow blowfish test use 64Mb of provisioned space (drop --size)
107
171
108
172
 -- Vladimir Petko <vladimir.petko@canonical.com>  Fri, 02 Dec 2022 14:14:42 +1300
109
173
110
174
cryptsetup (2:2.5.0-6ubuntu1) lunar; urgency=low
111
175
112
176
  * Merge from Debian unstable. Remaining changes:
113
177
    - debian/control:
114
178
      + Recommend plymouth.
115
179
      + Depend on busybox-initramfs instead of busybox | busybox-static.
116
180
      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
117
181
      + Do not build cryptsetup-suspend binary package on i386.
118
182
    - Fix cryptroot-unlock for busybox compatibility.
119
183
    - Fix warning and error when running on ZFS on root
120
184
      - d/functions: Return an empty devno for ZFS devices as they don't have
121
185
        major:minor device numbers.
122
186
      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
123
187
        when devices don't have a devno.
124
188
    - debian/patches/decrease_memlock_ulimit.patch
125
189
      Fixed FTBFS due to a restricted build environment
126
190
    - Disable failing Debian-tailored cryptroot-* autopkgtests
127
191
128
192
 -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 07 Nov 2022 08:36:38 -0800
129
193
130
84
cryptsetup (2:2.5.0-6) unstable; urgency=medium
194
cryptsetup (2:2.5.0-6) unstable; urgency=medium
131
85
195
132
86
  * d/t/cryptroot-*: Mask systemd-firstboot.service.
196
  * d/t/cryptroot-*: Mask systemd-firstboot.service.
133
@@ -176,6 +286,26 @@ cryptsetup (2:2.5.0-3) unstable; urgency=low
134
176
286
135
177
 -- Guilhem Moulin <guilhem@debian.org>  Sun, 18 Sep 2022 23:01:46 +0200
287
 -- Guilhem Moulin <guilhem@debian.org>  Sun, 18 Sep 2022 23:01:46 +0200
136
178
288
137
289
cryptsetup (2:2.5.0-2ubuntu1) kinetic; urgency=medium
138
290
139
291
  * Merge from Debian unstable. Remaining changes:
140
292
    - debian/control:
141
293
      + Recommend plymouth.
142
294
      + Depend on busybox-initramfs instead of busybox | busybox-static.
143
295
      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
144
296
      + Do not build cryptsetup-suspend binary package on i386.
145
297
    - Fix cryptroot-unlock for busybox compatibility.
146
298
    - Fix warning and error when running on ZFS on root: (LP: #1830110)
147
299
      - d/functions: Return an empty devno for ZFS devices as they don't have
148
300
        major:minor device numbers.
149
301
      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
150
302
        when devices don't have a devno.
151
303
    - debian/patches/decrease_memlock_ulimit.patch
152
304
      Fixed FTBFS due to a restricted build environment
153
305
  * Disable failing Debian-tailored cryptroot-* autopkgtests, see bug #1983522
154
306
155
307
 -- Benjamin Drung <bdrung@ubuntu.com>  Wed, 24 Aug 2022 00:56:28 +0200
156
308
157
179
cryptsetup (2:2.5.0-2) unstable; urgency=low
309
cryptsetup (2:2.5.0-2) unstable; urgency=low
158
180
310
159
181
  [ Matthias Klose ]
311
  [ Matthias Klose ]
160
@@ -234,6 +364,29 @@ cryptsetup (2:2.5.0-2) unstable; urgency=low
161
234
364
162
235
 -- Guilhem Moulin <guilhem@debian.org>  Tue, 09 Aug 2022 01:40:50 +0200
365
 -- Guilhem Moulin <guilhem@debian.org>  Tue, 09 Aug 2022 01:40:50 +0200
163
236
366
164
367
cryptsetup (2:2.5.0-1ubuntu1) kinetic; urgency=medium
165
368
166
369
  * Merge from Debian unstable. Remaining changes:
167
370
    - debian/control:
168
371
      + Recommend plymouth.
169
372
      + Depend on busybox-initramfs instead of busybox | busybox-static.
170
373
      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
171
374
      + Do not build cryptsetup-suspend binary package on i386.
172
375
    - Fix cryptroot-unlock for busybox compatibility.
173
376
    - Fix warning and error when running on ZFS on root: (LP: #1830110)
174
377
      - d/functions: Return an empty devno for ZFS devices as they don't have
175
378
        major:minor device numbers.
176
379
      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
177
380
        when devices don't have a devno.
178
381
    - debian/patches/decrease_memlock_ulimit.patch
179
382
      Fixed FTBFS due to a restricted build environment
180
383
    - Stop building the udeb on request.
181
384
  * d/initramfs/hooks/cryptroot: Include OpenSSL legacy.so for ripemd160 and
182
385
    whirlpool hash algorithms (LP: #1979159)
183
386
  * Disable failing Debian-tailored cryptroot-* autopkgtests, see bug #1983522
184
387
185
388
 -- Benjamin Drung <bdrung@ubuntu.com>  Thu, 04 Aug 2022 12:30:02 +0200
186
389
187
237
cryptsetup (2:2.5.0-1) unstable; urgency=medium
390
cryptsetup (2:2.5.0-1) unstable; urgency=medium
188
238
391
189
239
  * New upstream release. (Closes: #1000634, #1011128)
392
  * New upstream release. (Closes: #1000634, #1011128)
190
@@ -312,6 +465,26 @@ cryptsetup (2:2.5.0~rc1-1) experimental; urgency=low
191
312
465
192
313
 -- Guilhem Moulin <guilhem@debian.org>  Fri, 15 Jul 2022 01:49:59 +0200
466
 -- Guilhem Moulin <guilhem@debian.org>  Fri, 15 Jul 2022 01:49:59 +0200
193
314
467
194
468
cryptsetup (2:2.4.3-1ubuntu1) jammy; urgency=low
195
469
196
470
  * Merge from Debian unstable (LP: #1959427). Remaining changes:
197
471
    - debian/control:
198
472
      + Recommend plymouth.
199
473
      + Depend on busybox-initramfs instead of busybox | busybox-static.
200
474
      + Move cryptsetup-initramfs back to cryptsetup's Recommends.
201
475
      + Do not build cryptsetup-suspend binary package on i386.
202
476
    - Fix cryptroot-unlock for busybox compatibility.
203
477
    - Fix warning and error when running on ZFS on root: (LP: #1830110)
204
478
      - d/functions: Return an empty devno for ZFS devices as they don't have
205
479
        major:minor device numbers.
206
480
      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message
207
481
        when devices don't have a devno.
208
482
    - debian/patches/decrease_memlock_ulimit.patch
209
483
      Fixed FTBFS due to a restricted build environment
210
484
    - Stop building the udeb on request.
211
485
212
486
 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 28 Jan 2022 12:14:06 -0800
213
487
214
315
cryptsetup (2:2.4.3-1) unstable; urgency=high
488
cryptsetup (2:2.4.3-1) unstable; urgency=high
215
316
489
216
317
  [ Guilhem Moulin ]
490
  [ Guilhem Moulin ]
217
@@ -325,6 +498,64 @@ cryptsetup (2:2.4.3-1) unstable; urgency=high
218
325
498
219
326
 -- Guilhem Moulin <guilhem@debian.org>  Thu, 13 Jan 2022 19:07:05 +0100
499
 -- Guilhem Moulin <guilhem@debian.org>  Thu, 13 Jan 2022 19:07:05 +0100
220
327
500
221
501
cryptsetup (2:2.4.2-1ubuntu4) jammy; urgency=medium
222
502
223
503
  * Move cryptsetup-initramfs back to cryptsetup's Recommends (from Suggests).
224
504
225
505
 -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Thu, 09 Dec 2021 12:53:00 +1300
226
506
227
507
cryptsetup (2:2.4.2-1ubuntu3) jammy; urgency=medium
228
508
229
509
  * Fix build on i386.
230
510
231
511
 -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Tue, 07 Dec 2021 13:17:48 +1300
232
512
233
513
cryptsetup (2:2.4.2-1ubuntu2) jammy; urgency=medium
234
514
235
515
  * Do not build new cryptsetup-suspend binary package on i386.
236
516
237
517
 -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Tue, 07 Dec 2021 11:47:55 +1300
238
518
239
519
cryptsetup (2:2.4.2-1ubuntu1) jammy; urgency=medium
240
520
241
521
  * Merge from Debian unstable. Remaining changes:
242
522
    - debian/control:
243
523
      + Recommend plymouth.
244
524
      + Depend on busybox-initramfs instead of busybox | busybox-static.
245
525
    - Fix cryptroot-unlock for busybox compatibility.
246
526
    - Fix warning and error when running on ZFS on root: (LP: #1830110)
247
527
      - d/functions: Return an empty devno for ZFS devices as they don't have
248
528
        major:minor device numbers.
249
529
      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
250
530
        devices don't have a devno.
251
531
      Submitted to debian upstream as bug #902449.
252
532
    - debian/patches/decrease_memlock_ulimit.patch
253
533
      Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
254
534
      tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
255
535
      - Thanks Guilherme G. Piccoli.
256
536
    - Stop building the udeb on request.
257
537
  * Dropped change, included in Debian:
258
538
    - Introduce retry logic for external invocations after mdadm (LP: #1879980)
259
539
      - Currently, if an encrypted rootfs is configured on top of a MD RAID1
260
540
        array and such array gets degraded (e.g., a member is removed/failed)
261
541
        the cryptsetup scripts cannot mount the rootfs, and the boot fails.
262
542
        We fix that issue here by allowing the cryptroot script to be re-run
263
543
        by initramfs-tools/local-block stage, as mdadm can activate degraded
264
544
        arrays at that stage.
265
545
        There is an initramfs-tools counter-part for this fix, but alone the
266
546
        cryptsetup portion is harmless.
267
547
      - d/cryptsetup-initramfs.install: ship the new local-bottom script.
268
548
      - d/functions: declare variables for local-top|block|bottom scripts
269
549
        (flag that local-block is running and external invocation counter.)
270
550
      - d/i/s/local-block/cryptroot: set flag that local-block is running.
271
551
      - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
272
552
      - d/i/s/local-top/cryptroot: change the logic from just waiting 180
273
553
        seconds to waiting 5 seconds first, then allowing initramfs-tools
274
554
        to run mdadm (to activate degraded arrays) and call back at least
275
555
        30 times/seconds more.
276
556
277
557
 -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Thu, 02 Dec 2021 11:58:05 +1300
278
558
279
328
cryptsetup (2:2.4.2-1) unstable; urgency=high
559
cryptsetup (2:2.4.2-1) unstable; urgency=high
280
329
560
281
330
  * New upstream bugfix release 2.4.2.
561
  * New upstream bugfix release 2.4.2.
282
@@ -443,6 +674,18 @@ cryptsetup (2:2.3.6-1+exp1) experimental; urgency=medium
283
443
674
284
444
 -- Guilhem Moulin <guilhem@debian.org>  Fri, 28 May 2021 22:54:20 +0200
675
 -- Guilhem Moulin <guilhem@debian.org>  Fri, 28 May 2021 22:54:20 +0200
285
445
676
286
677
cryptsetup (2:2.3.6-0ubuntu2) jammy; urgency=medium
287
678
288
679
  * No-change rebuild against openssl3
289
680
290
681
 -- Simon Chopin <simon.chopin@canonical.com>  Thu, 25 Nov 2021 14:22:07 +0200
291
682
292
683
cryptsetup (2:2.3.6-0ubuntu1) impish; urgency=medium
293
684
294
685
  * New upstream release.
295
686
296
687
 -- Matthieu Clemenceau <matthieu.clemenceau@canonical.com>  Fri, 20 Aug 2021 11:32:12 +1200
297
688
298
446
cryptsetup (2:2.3.5-1+exp1) experimental; urgency=medium
689
cryptsetup (2:2.3.5-1+exp1) experimental; urgency=medium
299
447
690
300
448
  * Upload to experimental.
691
  * Upload to experimental.
301
@@ -515,6 +758,69 @@ cryptsetup (2:2.3.4-1+exp1) experimental; urgency=medium
302
515
758
303
516
 -- Guilhem Moulin <guilhem@debian.org>  Fri, 04 Sep 2020 00:55:41 +0200
759
 -- Guilhem Moulin <guilhem@debian.org>  Fri, 04 Sep 2020 00:55:41 +0200
304
517
760
305
761
cryptsetup (2:2.3.4-1ubuntu3) hirsute; urgency=medium
306
762
307
763
  * Stop building the udeb on request.
308
764
309
765
 -- Matthias Klose <doko@ubuntu.com>  Mon, 22 Feb 2021 12:10:36 +0100
310
766
311
767
cryptsetup (2:2.3.4-1ubuntu2) hirsute; urgency=medium
312
768
313
769
  * No-change rebuild to drop the udeb package.
314
770
315
771
 -- Matthias Klose <doko@ubuntu.com>  Mon, 22 Feb 2021 10:30:38 +0100
316
772
317
773
cryptsetup (2:2.3.4-1ubuntu1) hirsute; urgency=medium
318
774
319
775
  * Merge with Debian unstable. Remaining changes:
320
776
    - debian/control:
321
777
      + Recommend plymouth.
322
778
      + Depend on busybox-initramfs instead of busybox | busybox-static.
323
779
    - Fix cryptroot-unlock for busybox compatibility.
324
780
    - Fix warning and error when running on ZFS on root: (LP #1830110)
325
781
      - d/functions: Return an empty devno for ZFS devices as they don't have
326
782
        major:minor device numbers.
327
783
      - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
328
784
        devices don't have a devno.
329
785
      Submitted to debian upstream as bug #902449.
330
786
    - debian/patches/decrease_memlock_ulimit.patch
331
787
      Fixed FTBFS due a restrict environment in the new Bionic Builder (LP #1891473)
332
788
      tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
333
789
      - Thanks Guilherme G. Piccoli.
334
790
    - Introduce retry logic for external invocations after mdadm (LP #1879980)
335
791
      - Currently, if an encrypted rootfs is configured on top of a MD RAID1
336
792
        array and such array gets degraded (e.g., a member is removed/failed)
337
793
        the cryptsetup scripts cannot mount the rootfs, and the boot fails.
338
794
        We fix that issue here by allowing the cryptroot script to be re-run
339
795
        by initramfs-tools/local-block stage, as mdadm can activate degraded
340
796
        arrays at that stage.
341
797
        There is an initramfs-tools counter-part for this fix, but alone the
342
798
        cryptsetup portion is harmless.
343
799
      - d/cryptsetup-initramfs.install: ship the new local-bottom script.
344
800
      - d/functions: declare variables for local-top|block|bottom scripts
345
801
        (flag that local-block is running and external invocation counter.)
346
802
      - d/i/s/local-block/cryptroot: set flag that local-block is running.
347
803
      - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
348
804
      - d/i/s/local-top/cryptroot: change the logic from just waiting 180
349
805
        seconds to waiting 5 seconds first, then allowing initramfs-tools
350
806
        to run mdadm (to activate degraded arrays) and call back at least
351
807
        30 times/seconds more.
352
808
  * Dropped changes:
353
809
    - Included in new upstream version:
354
810
      - SECURITY UPDATE: Out-of-bounds write
355
811
        - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
356
812
          heap space in lib/luks2/luks2_json_metadata.c.
357
813
        - CVE-2020-14382
358
814
    - included in Debian:
359
815
      - debian/cryptsetup-bin.install:
360
816
        - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
361
817
          it was installed from ./scripts/crypsetup.conf.
362
818
      - debian/rules:
363
819
        - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
364
820
          without systemd knows how to ship cryptsetup.conf
365
821
366
822
 -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Tue, 10 Nov 2020 10:37:25 +1300
367
823
368
518
cryptsetup (2:2.3.4-1) unstable; urgency=high
824
cryptsetup (2:2.3.4-1) unstable; urgency=high
369
519
825
370
520
  * New upstream bugfix release, including fix for CVE-2020-14382:
826
  * New upstream bugfix release, including fix for CVE-2020-14382:
371
@@ -582,6 +888,80 @@ cryptsetup (2:2.3.3-2) unstable; urgency=medium
372
582
888
373
583
 -- Guilhem Moulin <guilhem@debian.org>  Wed, 12 Aug 2020 00:22:59 +0200
889
 -- Guilhem Moulin <guilhem@debian.org>  Wed, 12 Aug 2020 00:22:59 +0200
374
584
890
375
891
cryptsetup (2:2.3.3-1ubuntu6) groovy; urgency=medium
376
892
377
893
  * Introduce retry logic for external invocations after mdadm (LP: #1879980)
378
894
    - Currently, if an encrypted rootfs is configured on top of a MD RAID1
379
895
      array and such array gets degraded (e.g., a member is removed/failed)
380
896
      the cryptsetup scripts cannot mount the rootfs, and the boot fails.
381
897
      We fix that issue here by allowing the cryptroot script to be re-run
382
898
      by initramfs-tools/local-block stage, as mdadm can activate degraded
383
899
      arrays at that stage.
384
900
      There is an initramfs-tools counter-part for this fix, but alone the
385
901
      cryptsetup portion is harmless.
386
902
    - d/cryptsetup-initramfs.install: ship the new local-bottom script.
387
903
    - d/functions: declare variables for local-top|block|bottom scripts
388
904
      (flag that local-block is running and external invocation counter.)
389
905
    - d/i/s/local-block/cryptroot: set flag that local-block is running.
390
906
    - d/i/s/local-bottom/cryptroot: clean up the flag and counter files.
391
907
    - d/i/s/local-top/cryptroot: change the logic from just waiting 180
392
908
      seconds to waiting 5 seconds first, then allowing initramfs-tools
393
909
      to run mdadm (to activate degraded arrays) and call back at least
394
910
      30 times/seconds more.
395
911
396
912
 -- Guilherme G. Piccoli <gpiccoli@canonical.com>  Wed, 16 Sep 2020 17:35:59 -0300
397
913
398
914
cryptsetup (2:2.3.3-1ubuntu5) groovy; urgency=medium
399
915
400
916
  * SECURITY UPDATE: Out-of-bounds write
401
917
    - debian/patches/CVE-2020-14382-*.patch: check segment gaps regardless of
402
918
      heap space in lib/luks2/luks2_json_metadata.c.
403
919
    - CVE-2020-14382
404
920
  * debian/patches/decrease_memlock_ulimit.patch
405
921
    Fixed FTBFS due a restrict environment in the new Bionic Builder (LP: #1891473)
406
922
    tests/luks2-validation.test, tests/compat-test, tests/tcrypt-compat-test.
407
923
    - Thanks Guilherme G. Piccoli.
408
924
409
925
 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 09 Sep 2020 09:29:17 -0300
410
926
411
927
cryptsetup (2:2.3.3-1ubuntu4) groovy; urgency=medium
412
928
413
929
  * No change rebuild against new json-c ABI.
414
930
415
931
 -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 28 Jul 2020 17:42:50 +0100
416
932
417
933
cryptsetup (2:2.3.3-1ubuntu3) groovy; urgency=medium
418
934
419
935
  * debian/rules:
420
936
    - fix FTBFS on riscv64 adding --with-tmpfilesdir to ensure all archs, even
421
937
      without systemd knows how to ship cryptsetup.conf
422
938
423
939
 -- Didier Roche <didrocks@ubuntu.com>  Thu, 18 Jun 2020 11:44:50 +0200
424
940
425
941
cryptsetup (2:2.3.3-1ubuntu2) groovy; urgency=medium
426
942
427
943
  * debian/cryptsetup-bin.install:
428
944
    - Fix FTBFS due to dh_missing detecting crypsetup.conf in debian/tmp where
429
945
      it was installed from ./scripts/crypsetup.conf.
430
946
  * Fix warning and error when running on ZFS on root: (LP: #1830110)
431
947
    -  d/functions: Return an empty devno for ZFS devices as they don't have
432
948
       major:minor device numbers.
433
949
    - d/initramfs/hooks/cryptroot: Ignore and don't print an error message when
434
950
       devices don't have a devno.
435
951
    Submitted to debian upstream as bug #902449.
436
952
437
953
 -- Didier Roche <didrocks@ubuntu.com>  Thu, 18 Jun 2020 10:12:10 +0200
438
954
439
955
cryptsetup (2:2.3.3-1ubuntu1) groovy; urgency=low
440
956
441
957
  * Merge from Debian unstable.  Remaining changes:
442
958
    - debian/control:
443
959
      + Recommend plymouth.
444
960
      + Depend on busybox-initramfs instead of busybox | busybox-static.
445
961
    - Fix cryptroot-unlock for busybox compatibility.
446
962
447
963
 -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 09 Jun 2020 10:40:32 -0700
448
964
449
585
cryptsetup (2:2.3.3-1) unstable; urgency=medium
965
cryptsetup (2:2.3.3-1) unstable; urgency=medium
450
586
966
451
587
  [ Guilhem Moulin ]
967
  [ Guilhem Moulin ]
452
@@ -610,6 +990,16 @@ cryptsetup (2:2.3.2-1) unstable; urgency=medium
453
610
990
454
611
 -- Guilhem Moulin <guilhem@debian.org>  Wed, 06 May 2020 16:22:01 +0200
991
 -- Guilhem Moulin <guilhem@debian.org>  Wed, 06 May 2020 16:22:01 +0200
455
612
992
456
993
cryptsetup (2:2.3.1-1ubuntu1) groovy; urgency=low
457
994
458
995
  * Merge from Debian unstable.  Remaining changes:
459
996
    - debian/control:
460
997
      + Recommend plymouth.
461
998
      + Depend on busybox-initramfs instead of busybox | busybox-static.
462
999
    - Fix cryptroot-unlock for busybox compatibility.
463
1000
464
1001
 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 01 May 2020 07:07:58 -0700
465
1002
466
613
cryptsetup (2:2.3.1-1) unstable; urgency=medium
1003
cryptsetup (2:2.3.1-1) unstable; urgency=medium
467
614
1004
468
615
  * New upstream release.
1005
  * New upstream release.
469
@@ -645,6 +1035,23 @@ cryptsetup (2:2.3.0-1) unstable; urgency=low
470
645
1035
471
646
 -- Guilhem Moulin <guilhem@debian.org>  Wed, 04 Mar 2020 00:48:19 +0100
1036
 -- Guilhem Moulin <guilhem@debian.org>  Wed, 04 Mar 2020 00:48:19 +0100
472
647
1037
473
1038
cryptsetup (2:2.2.2-3ubuntu2) focal; urgency=medium
474
1039
475
1040
  * Depend on cryptsetup from cryptsetup-initramfs instead of the dummy
476
1041
    cryptsetup-run package.  LP: #1864360.
477
1042
478
1043
 -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 27 Feb 2020 00:16:14 -0600
479
1044
480
1045
cryptsetup (2:2.2.2-3ubuntu1) focal; urgency=medium
481
1046
482
1047
  * Merge from Debian unstable.  Remaining changes:
483
1048
    - debian/control:
484
1049
      + Recommend plymouth.
485
1050
      + Depend on busybox-initramfs instead of busybox | busybox-static.
486
1051
    - Fix cryptroot-unlock for busybox compatibility.
487
1052
488
1053
 -- Matthias Klose <doko@ubuntu.com>  Mon, 10 Feb 2020 09:20:12 +0100
489
1054
490
648
cryptsetup (2:2.2.2-3) unstable; urgency=high
1055
cryptsetup (2:2.2.2-3) unstable; urgency=high
491
649
1056
492
650
  * initramfs hook: Workaround fix for the libgcc_s's source location.
1057
  * initramfs hook: Workaround fix for the libgcc_s's source location.
493
@@ -653,6 +1060,16 @@ cryptsetup (2:2.2.2-3) unstable; urgency=high
494
653
1060
495
654
 -- Guilhem Moulin <guilhem@debian.org>  Tue, 04 Feb 2020 14:11:12 +0100
1061
 -- Guilhem Moulin <guilhem@debian.org>  Tue, 04 Feb 2020 14:11:12 +0100
496
655
1062
497
1063
cryptsetup (2:2.2.2-2ubuntu1) focal; urgency=low
498
1064
499
1065
  * Merge from Debian unstable.  Remaining changes:
500
1066
    - debian/control:
501
1067
      + Recommend plymouth.
502
1068
      + Depend on busybox-initramfs instead of busybox | busybox-static.
503
1069
    - Fix cryptroot-unlock for busybox compatibility.
504
1070
505
1071
 -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 01 Feb 2020 22:11:22 -0800
506
1072
507
656
cryptsetup (2:2.2.2-2) unstable; urgency=medium
1073
cryptsetup (2:2.2.2-2) unstable; urgency=medium
508
657
1074
509
658
  [ Guilhem Moulin ]
1075
  [ Guilhem Moulin ]
510
@@ -670,6 +1087,16 @@ cryptsetup (2:2.2.2-2) unstable; urgency=medium
511
670
1087
512
671
 -- Guilhem Moulin <guilhem@debian.org>  Sat, 18 Jan 2020 20:53:19 +0100
1088
 -- Guilhem Moulin <guilhem@debian.org>  Sat, 18 Jan 2020 20:53:19 +0100
513
672
1089
514
1090
cryptsetup (2:2.2.2-1ubuntu1) focal; urgency=low
515
1091
516
1092
  * Merge from Debian unstable.  Remaining changes:
517
1093
    - debian/control:
518
1094
      + Recommend plymouth.
519
1095
      + Depend on busybox-initramfs instead of busybox | busybox-static.
520
1096
    - Fix cryptroot-unlock for busybox compatibility.
521
1097
522
1098
 -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 11 Nov 2019 22:07:44 -0800
523
1099
524
673
cryptsetup (2:2.2.2-1) unstable; urgency=medium
1100
cryptsetup (2:2.2.2-1) unstable; urgency=medium
525
674
1101
526
675
  * New upstream bugfix release.
1102
  * New upstream bugfix release.
527
@@ -680,6 +1107,16 @@ cryptsetup (2:2.2.2-1) unstable; urgency=medium
528
680
1107
529
681
 -- Guilhem Moulin <guilhem@debian.org>  Fri, 01 Nov 2019 19:32:36 +0100
1108
 -- Guilhem Moulin <guilhem@debian.org>  Fri, 01 Nov 2019 19:32:36 +0100
530
682
1109
531
1110
cryptsetup (2:2.2.1-1ubuntu1) focal; urgency=low
532
1111
533
1112
  * Merge from Debian unstable.  Remaining changes:
534
1113
    - debian/control:
535
1114
      + Recommend plymouth.
536
1115
      + Depend on busybox-initramfs instead of busybox | busybox-static.
537
1116
    - Fix cryptroot-unlock for busybox compatibility.
538
1117
539
1118
 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 18 Oct 2019 15:14:29 -0700
540
1119
541
683
cryptsetup (2:2.2.1-1) unstable; urgency=medium
1120
cryptsetup (2:2.2.1-1) unstable; urgency=medium
542
684
1121
543
685
  * New upstream bugfix release.
1122
  * New upstream bugfix release.
544
@@ -687,6 +1124,16 @@ cryptsetup (2:2.2.1-1) unstable; urgency=medium
545
687
1124
546
688
 -- Guilhem Moulin <guilhem@debian.org>  Fri, 06 Sep 2019 13:28:55 +0200
1125
 -- Guilhem Moulin <guilhem@debian.org>  Fri, 06 Sep 2019 13:28:55 +0200
547
689
1126
548
1127
cryptsetup (2:2.2.0-3ubuntu1) eoan; urgency=low
549
1128
550
1129
  * Merge from Debian unstable.  Remaining changes:
551
1130
    - debian/control:
552
1131
      + Recommend plymouth.
553
1132
      + Depend on busybox-initramfs instead of busybox | busybox-static.
554
1133
    - Fix cryptroot-unlock for busybox compatibility.
555
1134
556
1135
 -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 28 Aug 2019 16:13:22 -0700
557
1136
558
690
cryptsetup (2:2.2.0-3) unstable; urgency=medium
1137
cryptsetup (2:2.2.0-3) unstable; urgency=medium
559
691
1138
560
692
  * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on
1139
  * Cherry pick upstream commit 8f8f0b32: Fix mapped segments overflow on
561
@@ -694,6 +1141,16 @@ cryptsetup (2:2.2.0-3) unstable; urgency=medium
562
694
1141
563
695
 -- Guilhem Moulin <guilhem@debian.org>  Mon, 26 Aug 2019 12:53:45 +0200
1142
 -- Guilhem Moulin <guilhem@debian.org>  Mon, 26 Aug 2019 12:53:45 +0200
564
696
1143
565
1144
cryptsetup (2:2.2.0-2ubuntu1) eoan; urgency=low
566
1145
567
1146
  * Merge from Debian unstable.  Remaining changes:
568
1147
    - debian/control:
569
1148
      + Recommend plymouth.
570
1149
      + Depend on busybox-initramfs instead of busybox | busybox-static.
571
1150
    - Fix cryptroot-unlock for busybox compatibility.
572
1151
573
1152
 -- Steve Langasek <steve.langasek@ubuntu.com>  Sun, 25 Aug 2019 12:25:55 -0700
574
1153
575
697
cryptsetup (2:2.2.0-2) unstable; urgency=medium
1154
cryptsetup (2:2.2.0-2) unstable; urgency=medium
576
698
1155
577
699
  * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy
1156
  * debian/control: Add 'Multi-Arch: foreign' tag to the transitional dummy
578
@@ -705,6 +1162,25 @@ cryptsetup (2:2.2.0-2) unstable; urgency=medium
579
705
1162
580
706
 -- Guilhem Moulin <guilhem@debian.org>  Wed, 21 Aug 2019 22:45:12 +0200
1163
 -- Guilhem Moulin <guilhem@debian.org>  Wed, 21 Aug 2019 22:45:12 +0200
581
707
1164
582
1165
cryptsetup (2:2.2.0-1ubuntu2) eoan; urgency=medium
583
1166
584
1167
  * debian/initramfs/cryptroot-unlock: canonicalize executable paths.
585
1168
    Thanks to Paride Legovini <paride.legovini@canonical.com> for the patch.
586
1169
    LP: #1840752.
587
1170
588
1171
 -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 20 Aug 2019 15:34:10 -0700
589
1172
590
1173
cryptsetup (2:2.2.0-1ubuntu1) eoan; urgency=low
591
1174
592
1175
  * Merge from Debian unstable.  Remaining changes:
593
1176
    - debian/control:
594
1177
      + Recommend plymouth.
595
1178
      + Depend on busybox-initramfs instead of busybox | busybox-static.
596
1179
    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
597
1180
      compatibility.
598
1181
599
1182
 -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 20 Aug 2019 14:21:34 +0200
600
1183
601
708
cryptsetup (2:2.2.0-1) unstable; urgency=medium
1184
cryptsetup (2:2.2.0-1) unstable; urgency=medium
602
709
1185
603
710
  * New upstream release 2.2.0.  Highlights include:
1186
  * New upstream release 2.2.0.  Highlights include:
604
@@ -782,6 +1258,23 @@ cryptsetup (2:2.1.0-6) unstable; urgency=low
605
782
1258
606
783
 -- Guilhem Moulin <guilhem@debian.org>  Sat, 20 Jul 2019 22:15:04 -0300
1259
 -- Guilhem Moulin <guilhem@debian.org>  Sat, 20 Jul 2019 22:15:04 -0300
607
784
1260
608
1261
cryptsetup (2:2.1.0-5ubuntu2) eoan; urgency=medium
609
1262
610
1263
  * Rebuild against new libjson-c4.
611
1264
612
1265
 -- Gianfranco Costamagna <locutusofborg@debian.org>  Sat, 29 Jun 2019 13:48:37 +0200
613
1266
614
1267
cryptsetup (2:2.1.0-5ubuntu1) eoan; urgency=low
615
1268
616
1269
  * Merge from Debian unstable.  Remaining changes:
617
1270
    - debian/control:
618
1271
      + Recommend plymouth.
619
1272
      + Depend on busybox-initramfs instead of busybox | busybox-static.
620
1273
    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
621
1274
      compatibility.
622
1275
623
1276
 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 14 Jun 2019 14:09:31 -0700
624
1277
625
785
cryptsetup (2:2.1.0-5) unstable; urgency=medium
1278
cryptsetup (2:2.1.0-5) unstable; urgency=medium
626
786
1279
627
787
  [ Jonas Meurer ]
1280
  [ Jonas Meurer ]
628
@@ -794,6 +1287,17 @@ cryptsetup (2:2.1.0-5) unstable; urgency=medium
629
794
1287
630
795
 -- Guilhem Moulin <guilhem@debian.org>  Mon, 10 Jun 2019 14:51:15 +0200
1288
 -- Guilhem Moulin <guilhem@debian.org>  Mon, 10 Jun 2019 14:51:15 +0200
631
796
1289
632
1290
cryptsetup (2:2.1.0-4ubuntu1) eoan; urgency=low
633
1291
634
1292
  * Merge from Debian unstable.  Remaining changes:
635
1293
    - debian/control:
636
1294
      + Recommend plymouth.
637
1295
      + Depend on busybox-initramfs instead of busybox | busybox-static.
638
1296
    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
639
1297
      compatibility.
640
1298
641
1299
 -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 28 May 2019 18:32:08 -0700
642
1300
643
797
cryptsetup (2:2.1.0-4) unstable; urgency=medium
1301
cryptsetup (2:2.1.0-4) unstable; urgency=medium
644
798
1302
645
799
  [Guilhem Moulin]
1303
  [Guilhem Moulin]
646
@@ -813,6 +1317,26 @@ cryptsetup (2:2.1.0-4) unstable; urgency=medium
647
813
1317
648
814
 -- Guilhem Moulin <guilhem@debian.org>  Tue, 28 May 2019 17:04:16 +0200
1318
 -- Guilhem Moulin <guilhem@debian.org>  Tue, 28 May 2019 17:04:16 +0200
649
815
1319
650
1320
cryptsetup (2:2.1.0-3ubuntu2) eoan; urgency=medium
651
1321
652
1322
  * Depend on busybox-initramfs, which is the implementation we actually use
653
1323
    for the initramfs and is guaranteed to always be present, instead of
654
1324
    busybox-static.
655
1325
656
1326
 -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 09 May 2019 14:47:04 -0700
657
1327
658
1328
cryptsetup (2:2.1.0-3ubuntu1) eoan; urgency=low
659
1329
660
1330
  * Merge from Debian unstable.  Remaining changes:
661
1331
    - debian/control:
662
1332
      + Recommend plymouth.
663
1333
      + Invert the "busybox | busybox-static" Recommends, as the latter
664
1334
        is the one we ship in main as part of the ubuntu-standard task.
665
1335
    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
666
1336
      compatibility. LP: #1651818
667
1337
668
1338
 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 03 May 2019 16:22:03 -0700
669
1339
670
816
cryptsetup (2:2.1.0-3) unstable; urgency=medium
1340
cryptsetup (2:2.1.0-3) unstable; urgency=medium
671
817
1341
672
818
  * d/scripts/decrypt_opensc: Fix standard output poisoning.  Thanks to Nils
1342
  * d/scripts/decrypt_opensc: Fix standard output poisoning.  Thanks to Nils
673
@@ -836,6 +1360,19 @@ cryptsetup (2:2.1.0-2) unstable; urgency=medium
674
836
1360
675
837
 -- Guilhem Moulin <guilhem@debian.org>  Thu, 28 Feb 2019 22:32:43 +0100
1361
 -- Guilhem Moulin <guilhem@debian.org>  Thu, 28 Feb 2019 22:32:43 +0100
676
838
1362
677
1363
cryptsetup (2:2.1.0-1ubuntu1) disco; urgency=medium
678
1364
679
1365
  * Merge from Debian unstable. LP: #1815484
680
1366
  * Remaining changes:
681
1367
    - debian/control:
682
1368
      + Recommend plymouth.
683
1369
      + Invert the "busybox | busybox-static" Recommends, as the latter
684
1370
        is the one we ship in main as part of the ubuntu-standard task.
685
1371
    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
686
1372
      compatibility. LP: #1651818
687
1373
688
1374
 -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 13 Feb 2019 21:28:23 +0000
689
1375
690
839
cryptsetup (2:2.1.0-1) unstable; urgency=medium
1376
cryptsetup (2:2.1.0-1) unstable; urgency=medium
691
840
1377
692
841
  * New upstream release.  Highlights include:
1378
  * New upstream release.  Highlights include:
693
@@ -878,6 +1415,20 @@ cryptsetup (2:2.1.0-1) unstable; urgency=medium
694
878
1415
695
879
 -- Guilhem Moulin <guilhem@debian.org>  Sat, 09 Feb 2019 00:40:17 +0100
1416
 -- Guilhem Moulin <guilhem@debian.org>  Sat, 09 Feb 2019 00:40:17 +0100
696
880
1417
697
1418
cryptsetup (2:2.0.6-1ubuntu1) disco; urgency=medium
698
1419
699
1420
  * Merge from Debian unstable.
700
1421
  * Remaining changes:
701
1422
    - debian/control:
702
1423
      + Recommend plymouth.
703
1424
      + Invert the "busybox | busybox-static" Recommends, as the latter
704
1425
        is the one we ship in main as part of the ubuntu-standard task.
705
1426
    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
706
1427
      compatibility. LP: #1651818
707
1428
  * Dropped delta sector_size support, merged in Debian.
708
1429
709
1430
 -- Dimitri John Ledkov <xnox@ubuntu.com>  Tue, 05 Feb 2019 13:43:25 +0000
710
1431
711
881
cryptsetup (2:2.0.6-1) unstable; urgency=medium
1432
cryptsetup (2:2.0.6-1) unstable; urgency=medium
712
882
1433
713
883
  * New upstream bugfix release.  Highlights include:
1434
  * New upstream bugfix release.  Highlights include:
714
@@ -942,6 +1493,27 @@ cryptsetup (2:2.0.4-3) unstable; urgency=medium
715
942
1493
716
943
 -- Guilhem Moulin <guilhem@debian.org>  Mon, 22 Oct 2018 17:45:35 +0200
1494
 -- Guilhem Moulin <guilhem@debian.org>  Mon, 22 Oct 2018 17:45:35 +0200
717
944
1495
718
1496
cryptsetup (2:2.0.4-2ubuntu2) cosmic; urgency=medium
719
1497
720
1498
  * Implement support for --sector-size cryptsetup plain mode option in
721
1499
    crypttab. Matching support is also proposed to systemd-cryptsetup as
722
1500
    well. LP: #1776626
723
1501
724
1502
 -- Dimitri John Ledkov <xnox@ubuntu.com>  Fri, 31 Aug 2018 17:00:07 +0100
725
1503
726
1504
cryptsetup (2:2.0.4-2ubuntu1) cosmic; urgency=low
727
1505
728
1506
  * Merge from Debian unstable.  LP: #1785610.
729
1507
  * Remaining changes:
730
1508
    - debian/control:
731
1509
      + Recommend plymouth.
732
1510
      + Invert the "busybox | busybox-static" Recommends, as the latter
733
1511
        is the one we ship in main as part of the ubuntu-standard task.
734
1512
    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
735
1513
      compatibility. LP: #1651818
736
1514
737
1515
 -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 22 Aug 2018 22:51:47 +0100
738
1516
739
945
cryptsetup (2:2.0.4-2) unstable; urgency=medium
1517
cryptsetup (2:2.0.4-2) unstable; urgency=medium
740
946
1518
741
947
  * debian/cryptsetup-initramfs.preinst: Don't try to overwrite
1519
  * debian/cryptsetup-initramfs.preinst: Don't try to overwrite
742
@@ -974,6 +1546,28 @@ cryptsetup (2:2.0.3-7) unstable; urgency=medium
743
974
1546
744
975
 -- Guilhem Moulin <guilhem@debian.org>  Mon, 30 Jul 2018 16:32:07 +0800
1547
 -- Guilhem Moulin <guilhem@debian.org>  Mon, 30 Jul 2018 16:32:07 +0800
745
976
1548
746
1549
cryptsetup (2:2.0.3-6ubuntu1) cosmic; urgency=low
747
1550
748
1551
  * Merge from Debian unstable.  LP: #1781912.
749
1552
  * Remaining changes:
750
1553
    - debian/control:
751
1554
      + Recommend plymouth.
752
1555
      + Invert the "busybox | busybox-static" Recommends, as the latter
753
1556
        is the one we ship in main as part of the ubuntu-standard task.
754
1557
    - Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
755
1558
      compatibility. LP: #1651818
756
1559
  * Dropped changes, included in Debian:
757
1560
    - Drop explicit libgcrypt20 dependency from libcryptsetup4.
758
1561
    - Drop the CRYPTSETUP variable warning from the initramfs hook, as
759
1562
      overlayroot package ships a dropin in conf-hooks.d triggering false
760
1563
      warnings.
761
1564
    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
762
1565
    - Drop c99 std, as the default is now higher than that
763
1566
  * Dropped changes, no longer needed:
764
1567
    - Add maintscript to drop removed upstart system jobs.
765
1568
766
1569
 -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 16 Jul 2018 08:27:58 -0400
767
1570
768
977
cryptsetup (2:2.0.3-6) unstable; urgency=medium
1571
cryptsetup (2:2.0.3-6) unstable; urgency=medium
769
978
1572
770
979
  * debian/TODO.md: Remove mention of parent device detection for mdadm
1573
  * debian/TODO.md: Remove mention of parent device detection for mdadm
771
@@ -1258,6 +1852,45 @@ cryptsetup (2:2.0.3-1) unstable; urgency=medium
772
1258
1852
773
1259
 -- Jonas Meurer <jonas@freesources.org>  Fri, 15 Jun 2018 15:32:16 +0200
1853
 -- Jonas Meurer <jonas@freesources.org>  Fri, 15 Jun 2018 15:32:16 +0200
774
1260
1854
775
1855
cryptsetup (2:2.0.2-1ubuntu3) cosmic; urgency=medium
776
1856
777
1857
  * No-change rebuild against libargon2-1
778
1858
779
1859
 -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 10 Jul 2018 17:01:23 +0000
780
1860
781
1861
cryptsetup (2:2.0.2-1ubuntu2) cosmic; urgency=medium
782
1862
783
1863
  * Apply patch from Trent Nelson to fix cryptroot-unlock for busybox
784
1864
    compatibility. LP: #1651818
785
1865
786
1866
 -- Dimitri John Ledkov 🌈 <xnox@ubuntu.com>  Thu, 21 Jun 2018 16:38:31 +0100
787
1867
788
1868
cryptsetup (2:2.0.2-1ubuntu1) bionic; urgency=low
789
1869
790
1870
  * Merge from Debian unstable.
791
1871
    - bugfix upstream release, which solves problems with luks2 format
792
1872
      disks not unlocking.  LP: #1755322.
793
1873
  * Remaining changes:
794
1874
    - debian/control:
795
1875
      + Depend on plymouth.
796
1876
      + Invert the "busybox | busybox-static" Recommends, as the latter
797
1877
        is the one we ship in main as part of the ubuntu-standard task.
798
1878
      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
799
1879
    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
800
1880
    - Drop c99 std, as the default is now higher than that
801
1881
    - Drop upstart system jobs.
802
1882
    - Add maintscript to drop removed upstart system jobs.
803
1883
      - debian has its own now, but we have different version numbers.
804
1884
        this delta can be dropped after 18.04 release.
805
1885
    - Drop the CRYPTSETUP variable warning from the initramfs hook, as
806
1886
      overlayroot package ships a dropin in conf-hooks.d triggering false
807
1887
      warnings.
808
1888
  * Dropped changes:
809
1889
    - debian/cryptdisks{,-udev}.maintscript: drop, there is no package named
810
1890
      'cryptdisks' or 'cryptdisks-udev'.
811
1891
812
1892
 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 06 Apr 2018 10:23:53 -0700
813
1893
814
1261
cryptsetup (2:2.0.2-1) unstable; urgency=low
1894
cryptsetup (2:2.0.2-1) unstable; urgency=low
815
1262
1895
816
1263
  * New upstream release 2.0.2
1896
  * New upstream release 2.0.2
817
@@ -1287,6 +1920,40 @@ cryptsetup (2:2.0.1-1) unstable; urgency=low
818
1287
1920
819
1288
 -- Guilhem Moulin <guilhem@debian.org>  Sun, 11 Feb 2018 00:02:05 +0100
1921
 -- Guilhem Moulin <guilhem@debian.org>  Sun, 11 Feb 2018 00:02:05 +0100
820
1289
1922
821
1923
cryptsetup (2:2.0.1-0ubuntu2) bionic; urgency=medium
822
1924
823
1925
  * Drop the CRYPTSETUP variable warning from the initramfs hook, as
824
1926
    overlayroot package ships a dropin in conf-hooks.d triggering false
825
1927
    warnings.
826
1928
827
1929
 -- Dimitri John Ledkov <xnox@ubuntu.com>  Thu, 22 Feb 2018 14:49:16 +0000
828
1930
829
1931
cryptsetup (2:2.0.1-0ubuntu1) bionic; urgency=medium
830
1932
831
1933
  * Merge from Debian unstable.  Remaining changes:
832
1934
    - debian/control:
833
1935
      + Depend on plymouth.
834
1936
      + Invert the "busybox | busybox-static" Recommends, as the latter
835
1937
        is the one we ship in main as part of the ubuntu-standard task.
836
1938
      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
837
1939
    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
838
1940
    - Drop c99 std, as the default is now higher than that
839
1941
    - Drop upstart system jobs.
840
1942
    - Add maintscript to drop removed upstart system jobs.
841
1943
      - debian has its own now, but we have different version numbers
842
1944
  * New upstream release
843
1945
  * Cherry-pick Guilhem Moulin's changes below from Debian git
844
1946
845
1947
  [ Guilhem Moulin ]
846
1948
   * New upstream release 2.0.1:
847
1949
     - Use /run/cryptsetup as default for cryptsetup locking dir.
848
1950
     - Add missing symbols for new functions to debian/libcryptsetup12.symbols.
849
1951
  * debian/copyright: update copyright years.
850
1952
  * debian/patches: backport upstream's 8728ba08 to fix opening of loop-AES
851
1953
    devices using --key-file=-.  (Closes: #888162.)
852
1954
853
1955
 -- Julian Andres Klode <juliank@ubuntu.com>  Mon, 29 Jan 2018 13:48:55 +0100
854
1956
855
1290
cryptsetup (2:2.0.0-1) unstable; urgency=low
1957
cryptsetup (2:2.0.0-1) unstable; urgency=low
856
1291
1958
857
1292
  [ Guilhem Moulin ]
1959
  [ Guilhem Moulin ]
858
@@ -1336,6 +2003,26 @@ cryptsetup (2:2.0.0~rc0-1) experimental; urgency=low
859
1336
2003
860
1337
 -- Guilhem Moulin <guilhem@debian.org>  Tue, 03 Oct 2017 03:37:36 +0200
2004
 -- Guilhem Moulin <guilhem@debian.org>  Tue, 03 Oct 2017 03:37:36 +0200
861
1338
2005
862
2006
cryptsetup (2:1.7.5-1ubuntu1) bionic; urgency=low
863
2007
864
2008
  * Merge from Debian unstable.  Remaining changes:
865
2009
    - debian/control:
866
2010
      + Depend on plymouth.
867
2011
      + Invert the "busybox | busybox-static" Recommends, as the latter
868
2012
        is the one we ship in main as part of the ubuntu-standard task.
869
2013
      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
870
2014
    - Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
871
2015
    - Drop c99 std, as the default is now higher than that
872
2016
    - Drop upstart system jobs.
873
2017
    - Add maintscript to drop removed upstart system jobs.
874
2018
  * Merged upstream:
875
2019
    - d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat
876
2020
      with recent FIPS enabled kernels.
877
2021
  * Merged in Debian:
878
2022
    - Use DEB_VERSION from dpkg/default.mk for pod2man release variable
879
2023
880
2024
 -- Julian Andres Klode <juliank@ubuntu.com>  Wed, 17 Jan 2018 21:39:10 +0100
881
2025
882
1339
cryptsetup (2:1.7.5-1) unstable; urgency=low
2026
cryptsetup (2:1.7.5-1) unstable; urgency=low
883
1340
2027
884
1341
  * New upstream release 1.7.5.
2028
  * New upstream release 1.7.5.
885
@@ -1358,6 +2045,25 @@ cryptsetup (2:1.7.5-1) unstable; urgency=low
886
1358
2045
887
1359
 -- Guilhem Moulin <guilhem@debian.org>  Thu, 14 Sep 2017 13:00:23 +0200
2046
 -- Guilhem Moulin <guilhem@debian.org>  Thu, 14 Sep 2017 13:00:23 +0200
888
1360
2047
889
2048
cryptsetup (2:1.7.3-4ubuntu1) artful; urgency=low
890
2049
891
2050
  * New upstream release, merge from Debian unstable. Remaining
892
2051
    Ubuntu changes:
893
2052
    - debian/control:
894
2053
      + Depend on plymouth.
895
2054
      + Invert the "busybox | busybox-static" Recommends, as the latter
896
2055
        is the one we ship in main as part of the ubuntu-standard task.
897
2056
      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
898
2057
  * d/p/fips-fix-luksformat-with-recent-kernels -- fix luksFormat
899
2058
    with recent FIPS enabled kernels.
900
2059
  * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCE
901
2060
  * Drop c99 std, as the default is now higher than that
902
2061
  * Use DEB_VERSION from dpkg/default.mk for pod2man release variable
903
2062
  * Drop upstart system jobs.
904
2063
  * Add maintscript to drop removed upstart system jobs.
905
2064
906
2065
 -- Andy Whitcroft <apw@ubuntu.com>  Thu, 10 Aug 2017 14:07:29 +0100
907
2066
908
1361
cryptsetup (2:1.7.3-4) unstable; urgency=high
2067
cryptsetup (2:1.7.3-4) unstable; urgency=high
909
1362
2068
910
1363
  [ Guilhem Moulin ]
2069
  [ Guilhem Moulin ]
911
@@ -1570,6 +2276,40 @@ cryptsetup (2:1.7.2-1) unstable; urgency=medium
912
1570
2276
913
1571
 -- Jonas Meurer <mejo@debian.org>  Wed, 05 Oct 2016 20:53:09 +0200
2277
 -- Jonas Meurer <mejo@debian.org>  Wed, 05 Oct 2016 20:53:09 +0200
914
1572
2278
915
2279
cryptsetup (2:1.7.2-0ubuntu4) artful; urgency=medium
916
2280
917
2281
  * Add maintscript to drop removed upstart system jobs.
918
2282
919
2283
 -- Dimitri John Ledkov <xnox@ubuntu.com>  Mon, 21 Aug 2017 11:36:04 +0100
920
2284
921
2285
cryptsetup (2:1.7.2-0ubuntu3) artful; urgency=medium
922
2286
923
2287
  * Drop _BSD_SOURCE in favor of _DEFAULT_SOURCe
924
2288
  * Drop c99 std, as the default is now higher than that
925
2289
  * Use DEB_VERSION from dpkg/default.mk for pod2man release variable
926
2290
927
2291
 -- Dimitri John Ledkov <xnox@ubuntu.com>  Sat, 19 Aug 2017 21:46:19 +0100
928
2292
929
2293
cryptsetup (2:1.7.2-0ubuntu2) artful; urgency=medium
930
2294
931
2295
  * Drop upstart system jobs.
932
2296
933
2297
 -- Dimitri John Ledkov <xnox@ubuntu.com>  Sat, 19 Aug 2017 20:57:17 +0100
934
2298
935
2299
cryptsetup (2:1.7.2-0ubuntu1) yakkety; urgency=medium
936
2300
937
2301
  * New upstream release, merge from Debian unstable (LP: #1548137). Remaining
938
2302
    Ubuntu changes:
939
2303
    - debian/control:
940
2304
      + Bump initramfs-tools Suggests to Depends: so system is not
941
2305
        potentially rendered unbootable.
942
2306
      + Depend on plymouth.
943
2307
      + Invert the "busybox | busybox-static" Recommends, as the latter
944
2308
        is the one we ship in main as part of the ubuntu-standard task.
945
2309
      + Drop explicit libgcrypt20 dependency from libcryptsetup4.
946
2310
947
2311
 -- Unit 193 <unit193@ubuntu.com>  Wed, 22 Jun 2016 16:30:01 -0400
948
2312
949
1573
cryptsetup (2:1.7.0-2) unstable; urgency=medium
2313
cryptsetup (2:1.7.0-2) unstable; urgency=medium
950
1574
2314
951
1575
  [ Guilhem Moulin ]
2315
  [ Guilhem Moulin ]
952
@@ -1644,6 +2384,35 @@ cryptsetup (2:1.7.0-1) unstable; urgency=medium
953
1644
2384
954
1645
 -- Jonas Meurer <mejo@debian.org>  Thu, 07 Jan 2016 02:22:33 +0100
2385
 -- Jonas Meurer <mejo@debian.org>  Thu, 07 Jan 2016 02:22:33 +0100
955
1646
2386
956
2387
cryptsetup (2:1.6.6-5ubuntu2) wily; urgency=medium
957
2388
958
2389
  * Fix stupid typo in Recommends "busybox | busybox-static" inversion.
959
2390
    Fixes binary moves for busybox into main.
960
2391
961
2392
 -- Andy Whitcroft <apw@ubuntu.com>  Fri, 21 Aug 2015 08:56:34 +0100
962
2393
963
2394
cryptsetup (2:1.6.6-5ubuntu1) wily; urgency=low
964
2395
965
2396
  * Merge from Debian unstable.  Remaining changes:
966
2397
    - debian/control:
967
2398
      + Bump initramfs-tools Suggests to Depends: so system is not
968
2399
        potentially rendered unbootable.
969
2400
      + Depend on plymouth.
970
2401
      + Invert the "busybox | busybox-static" Recommends, as the latter
971
2402
        is the one we ship in main as part of the ubuntu-standard task.
972
2403
      + Drop explicit libgcrypt11 dependency from libcryptsetup4.
973
2404
  * Dropped changes, now in Debian:
974
2405
    - Remove hardcoded paths to udevadm.
975
2406
    - debian/initramfs/cryptroot-hook:
976
2407
      + Do not unconditionally include cryptsetup utils in the initramfs.
977
2408
      + Do not include any modules or utils in the initramfs, unless
978
2409
        rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
979
2410
        the initramfs.conf configuration file.
980
2411
    - debian/cryptsetup.maintscripts:
981
2412
      + Migrate upstart jobs to new names.
982
2413
983
2414
 -- Andy Whitcroft <apw@ubuntu.com>  Tue, 07 Jul 2015 16:58:45 +0100
984
2415
985
1647
cryptsetup (2:1.6.6-5) unstable; urgency=high
2416
cryptsetup (2:1.6.6-5) unstable; urgency=high
986
1648
2417
987
1649
  * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart
2418
  * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart
988
@@ -1796,6 +2565,71 @@ cryptsetup (2:1.6.4-1) unstable; urgency=low
989
1796
2565
990
1797
 -- Jonas Meurer <mejo@debian.org>  Fri, 28 Jun 2013 12:14:55 +0200
2566
 -- Jonas Meurer <mejo@debian.org>  Fri, 28 Jun 2013 12:14:55 +0200
991
1798
2567
992
2568
cryptsetup (2:1.6.1-1ubuntu7) vivid; urgency=medium
993
2569
994
2570
  * Drop explicit libgcrypt11 dependency from libcryptsetup4.
995
2571
996
2572
 -- Adam Conrad <adconrad@ubuntu.com>  Fri, 27 Mar 2015 18:24:38 -0600
997
2573
998
2574
cryptsetup (2:1.6.1-1ubuntu6) vivid; urgency=medium
999
2575
1000
2576
  * No-change rebuild for the libgcrypt20 transition.
1001
2577
1002
2578
 -- Adam Conrad <adconrad@ubuntu.com>  Fri, 27 Mar 2015 06:16:08 -0600
1003
2579
1004
2580
cryptsetup (2:1.6.1-1ubuntu5) vivid; urgency=medium
1005
2581
1006
2582
  * ./debian/scripts/luksformat: Drop luksFormat -s and --ciper options. They
1007
2583
    aren't necessary any more, and aes-cbc-essiv:sha256 is obsolete. This will
1008
2584
    now use aes-xts-plain64 by default. (LP: #1414719)
1009
2585
1010
2586
 -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 27 Feb 2015 09:37:05 +0100
1011
2587
1012
2588
cryptsetup (2:1.6.1-1ubuntu4) vivid; urgency=medium
1013
2589
1014
2590
  * No change rebuild to get debug symbols for all architectures.
1015
2591
1016
2592
 -- Brian Murray <brian@ubuntu.com>  Wed, 03 Dec 2014 08:03:31 -0800
1017
2593
1018
2594
cryptsetup (2:1.6.1-1ubuntu3) utopic; urgency=high
1019
2595
1020
2596
  * No change rebuild against new dh_installinit, to call update-rc.d at
1021
2597
    postinst.
1022
2598
1023
2599
 -- Dimitri John Ledkov <xnox@ubuntu.com>  Wed, 28 May 2014 10:39:30 +0100
1024
2600
1025
2601
cryptsetup (2:1.6.1-1ubuntu2) utopic; urgency=medium
1026
2602
1027
2603
  * debian/askpass.c:
1028
2604
    - Fix bug (LP: #1301086) where askpass fails to restore terminal
1029
2605
      settings.
1030
2606
1031
2607
 -- Robert Barabas <dc@0xdc.org>  Fri, 18 Apr 2014 14:08:51 -0400
1032
2608
1033
2609
cryptsetup (2:1.6.1-1ubuntu1) trusty; urgency=low
1034
2610
1035
2611
  * Merge from debian unstable, remaining changes:
1036
2612
    - debian/control:
1037
2613
      + Bump initramfs-tools Suggests to Depends: so system is not
1038
2614
        potentially rendered unbootable.
1039
2615
      + Depend on plymouth.
1040
2616
1041
2617
    - Invert the "busybox | busybox-static" Recommends, as the latter is
1042
2618
      the one we ship in main as part of the ubuntu-standard task.
1043
2619
1044
2620
    - Remove hardcoded paths to udevadm (LP: #1184066).
1045
2621
1046
2622
    - debian/initramfs/cryptroot-hook:
1047
2623
      + Do not unconditionally include cryptsetup utils in the initramfs.
1048
2624
      + Do not include any modules or utils in the initramfs, unless
1049
2625
        rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
1050
2626
        the initramfs.conf configuration file.
1051
2627
1052
2628
    - debian/cryptsetup.maintscripts:
1053
2629
      + Migrate upstart jobs to new names.
1054
2630
1055
2631
 -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Fri, 01 Nov 2013 16:48:57 +0000
1056
2632
1057
1799
cryptsetup (2:1.6.1-1) unstable; urgency=low
2633
cryptsetup (2:1.6.1-1) unstable; urgency=low
1058
1800
2634
1059
1801
  [ Milan Broz ]
2635
  [ Milan Broz ]
1060
@@ -1837,6 +2671,50 @@ cryptsetup (2:1.6.1-1) unstable; urgency=low
1061
1837
2671
1062
1838
 -- Jonas Meurer <mejo@debian.org>  Fri, 28 Jun 2013 12:10:41 +0200
2672
 -- Jonas Meurer <mejo@debian.org>  Fri, 28 Jun 2013 12:10:41 +0200
1063
1839
2673
1064
2674
cryptsetup (2:1.4.3-4ubuntu4) saucy; urgency=low
1065
2675
1066
2676
  * debian/initramfs/cryptroot-hook:
1067
2677
    - Do not unconditionally include cryptsetup utils in the initramfs.
1068
2678
    - Do not include any modules or utils in the initramfs, unless
1069
2679
      rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
1070
2680
      the initramfs.conf configuration file.
1071
2681
1072
2682
 -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Mon, 10 Jun 2013 16:25:46 +0100
1073
2683
1074
2684
cryptsetup (2:1.4.3-4ubuntu3) saucy; urgency=low
1075
2685
1076
2686
  * Remove hardcoded paths to udevadm (LP: #1184066).
1077
2687
1078
2688
 -- Colin Watson <cjwatson@ubuntu.com>  Tue, 28 May 2013 11:27:27 +0100
1079
2689
1080
2690
cryptsetup (2:1.4.3-4ubuntu2) raring; urgency=low
1081
2691
1082
2692
  * Invert the "busybox | busybox-static" Recommends, as the latter
1083
2693
    is the one we ship in main as part of the ubuntu-standard task.
1084
2694
1085
2695
 -- Adam Conrad <adconrad@ubuntu.com>  Fri, 16 Nov 2012 01:14:35 -0700
1086
2696
1087
2697
cryptsetup (2:1.4.3-4ubuntu1) raring; urgency=low
1088
2698
1089
2699
  * Merge from debian unstable, remaining changes:
1090
2700
    - debian/control:
1091
2701
      + Bump initramfs-tools Suggests to Depends: so system is not
1092
2702
        potentially rendered unbootable.
1093
2703
      + Depend on plymouth.
1094
2704
1095
2705
    - init/upstart jobs:
1096
2706
      + Rename cryptddisks{,-early}.upstart jobs to
1097
2707
        cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
1098
2708
        for now.
1099
2709
      + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
1100
2710
        script a no-op, this should be handled entirely by the upstart job;
1101
2711
        and fix the LSB header to not declare this should be started in
1102
2712
        runlevel 'S'.
1103
2713
      + Do not install start symlinks for init scripts
1104
2714
      + NB! shutdown is still handled by the SystemV init scripts
1105
2715
1106
2716
 -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Tue, 13 Nov 2012 11:17:57 +0000
1107
2717
1108
1840
cryptsetup (2:1.4.3-4) unstable; urgency=medium
2718
cryptsetup (2:1.4.3-4) unstable; urgency=medium
1109
1841
2719
1110
1842
  * change recommends for busybox to busybox | busybox-static. Thanks to
2720
  * change recommends for busybox to busybox | busybox-static. Thanks to
1111
@@ -1869,6 +2747,50 @@ cryptsetup (2:1.4.3-3) unstable; urgency=medium
1112
1869
2747
1113
1870
 -- Jonas Meurer <mejo@debian.org>  Thu, 01 Nov 2012 15:34:09 +0100
2748
 -- Jonas Meurer <mejo@debian.org>  Thu, 01 Nov 2012 15:34:09 +0100
1114
1871
2749
1115
2750
cryptsetup (2:1.4.3-2ubuntu1) quantal; urgency=low
1116
2751
1117
2752
  * Merge from debian unstable (LP: #1015753), remaining changes:
1118
2753
    - debian/control:
1119
2754
      + Bump initramfs-tools Suggests to Depends: so system is not
1120
2755
        potentially rendered unbootable.
1121
2756
      + Depend on plymouth.
1122
2757
1123
2758
    - init/upstart jobs:
1124
2759
      + Add debian/cryptdisks-{enable,udev}.upstart for bootup.
1125
2760
      + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
1126
2761
        script a no-op, this should be handled entirely by the upstart job;
1127
2762
        and fix the LSB header to not declare this should be started in
1128
2763
        runlevel 'S'.
1129
2764
      + Do not install start symlinks for init scripts
1130
2765
      + NB! shutdown is still handled by the SystemV init scripts
1131
2766
1132
2767
  * Rename cryptddisks{,-early}.upstart jobs back to
1133
2768
    cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs
1134
2769
    for now.
1135
2770
1136
2771
  * Dropped Changes, included in Debian:
1137
2772
    - debian/control:
1138
2773
      + Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
1139
2774
1140
2775
    - debian/cryptdisks.functions:
1141
2776
      + Do not overwrite existing filesystems when creating swap (LP: #474258).
1142
2777
      + Add aesni module when we have hardware encryption.
1143
2778
      + Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/874774
1144
2779
      + Suppress "Starting init crypto disks" message in "init" phase, to
1145
2780
        avoid writing over fsck progress text.
1146
2781
      + new function, crypttab_start_one_disk, to look for the named source
1147
2782
        device in /etc/crypttab (by device name, UUID, or label) and start it
1148
2783
        if configured to do so
1149
2784
      + handle the case where crypttab contains a name for the source
1150
2785
        device that is not the kernel's preferred name for it (as is the case
1151
2786
        for LVs).
1152
2787
1153
2788
    - debian/initramfs/cryptroot-hook:
1154
2789
      + Quiet warnings from find on arches that don't have all the
1155
2790
        kernel/{arch,crypto} bits we're testing for.
1156
2791
1157
2792
 -- Dmitrijs Ledkovs <dmitrij.ledkov@ubuntu.com>  Tue, 21 Aug 2012 11:57:28 +0100
1158
2793
1159
1872
cryptsetup (2:1.4.3-2) unstable; urgency=medium
2794
cryptsetup (2:1.4.3-2) unstable; urgency=medium
1160
1873
2795
1161
1874
  * fix the shared library symbols magic: so far, the symbols file for
2796
  * fix the shared library symbols magic: so far, the symbols file for
1162
@@ -1944,6 +2866,64 @@ cryptsetup (2:1.4.1-3) unstable; urgency=low
1163
1944
2866
1164
1945
 -- Jonas Meurer <mejo@debian.org>  Wed, 11 Apr 2012 23:55:35 +0200
2867
 -- Jonas Meurer <mejo@debian.org>  Wed, 11 Apr 2012 23:55:35 +0200
1165
1946
2868
1166
2869
cryptsetup (2:1.4.1-2ubuntu4) precise; urgency=low
1167
2870
1168
2871
  * Our swap creation can trigger udev change events, which means udev may be
1169
2872
    holding the device open at the time we try to call 'dmsetup rename' and
1170
2873
    cause the /subsequent/ events to be missed because of dmsetup creating
1171
2874
    device nodes by hand.  So call 'udevadm settle' before 'dmsetup rename',
1172
2875
    to ensure blkid is out of the way first.  This should ensure swap
1173
2876
    partitions are found by mountall in a non-racy manner.  LP: #874774.
1174
2877
1175
2878
 -- Steve Langasek <steve.langasek@ubuntu.com>  Fri, 13 Apr 2012 20:23:21 -0700
1176
2879
1177
2880
cryptsetup (2:1.4.1-2ubuntu3) precise; urgency=low
1178
2881
1179
2882
  * Start cryptdisks-enable upstart job on 'or container', to let us
1180
2883
    simplify the udevtrigger job.
1181
2884
1182
2885
 -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 04 Apr 2012 17:02:00 -0700
1183
2886
1184
2887
cryptsetup (2:1.4.1-2ubuntu2) precise; urgency=low
1185
2888
1186
2889
  * Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
1187
2890
  * Do not overwrite existing filesystems when creating swap (LP: #474258).
1188
2891
  * Add aesni module when we have hardware encryption.
1189
2892
1190
2893
 -- Jean-Louis Dupond <jean-louis@dupond.be>  Mon, 12 Mar 2012 10:14:30 +0100
1191
2894
1192
2895
cryptsetup (2:1.4.1-2ubuntu1) precise; urgency=low
1193
2896
1194
2897
  [ Jean-Louis Dupond ]
1195
2898
  * Merge from debian unstable (LP: #776264), remaining changes:
1196
2899
    - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
1197
2900
      in "init" phase, to avoid writing over fsck progress text.
1198
2901
    - debian/cryptroot-hook: Quiet warnings from find on arches that
1199
2902
      don't have all the kernel/{arch,crypto} bits we're testing for.
1200
2903
    - debian/control:
1201
2904
      + Bump initramfs-tools Suggests to Depends: so system is not
1202
2905
        potentially rendered unbootable.
1203
2906
      + Depend on plymouth.
1204
2907
    - Add debian/cryptdisks-{enable,udev}.upstart.
1205
2908
    - debian/cryptdisks.functions:
1206
2909
      + new function, crypttab_start_one_disk, to look for the named source
1207
2910
        device in /etc/crypttab (by device name, UUID, or label) and start it
1208
2911
        if configured to do so
1209
2912
    - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
1210
2913
      script a no-op, this should be handled entirely by the upstart job;
1211
2914
      and fix the LSB header to not declare this should be started in
1212
2915
      runlevel 'S'
1213
2916
    - debian/rules:
1214
2917
      + Do not install start symlinks for init scripts, and
1215
2918
        install debian/cryptdisks-{enable,udev}.upstart scripts.
1216
2919
1217
2920
  [ Steve Langasek ]
1218
2921
  * debian/cryptdisks.functions: handle the case where crypttab contains a
1219
2922
    name for the source device that is not the kernel's preferred name for
1220
2923
    it (as is the case for LVs).
1221
2924
1222
2925
 -- Jean-Louis Dupond <jean-louis@dupond.be>  Thu, 08 Mar 2012 07:32:40 +0100
1223
2926
1224
1947
cryptsetup (2:1.4.1-2) unstable; urgency=low
2927
cryptsetup (2:1.4.1-2) unstable; urgency=low
1225
1948
2928
1226
1949
  * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182)
2929
  * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182)
1227
@@ -2153,6 +3133,56 @@ cryptsetup (2:1.2.0-1) experimental; urgency=low
1228
2153
3133
1229
2154
 -- Jonas Meurer <mejo@debian.org>  Sun, 16 Jan 2011 01:01:03 +0100
3134
 -- Jonas Meurer <mejo@debian.org>  Sun, 16 Jan 2011 01:01:03 +0100
1230
2155
3135
1231
3136
cryptsetup (2:1.1.3-4ubuntu3) precise; urgency=low
1232
3137
1233
3138
  [ Pali Rohar ]
1234
3139
  * debian/cryptdisks.functions: Suppress "Starting init crypto disks" message
1235
3140
    in "init" phase, to avoid writing over fsck progress text.
1236
3141
1237
3142
 -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 26 Oct 2011 09:16:15 +0200
1238
3143
1239
3144
cryptsetup (2:1.1.3-4ubuntu2) oneiric; urgency=low
1240
3145
1241
3146
  * debian/cryptroot-hook: Quiet warnings from find on arches that
1242
3147
    don't have all the kernel/{arch,crypto} bits we're testing for.
1243
3148
1244
3149
 -- Adam Conrad <adconrad@ubuntu.com>  Sat, 01 Oct 2011 00:33:00 -0600
1245
3150
1246
3151
cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low
1247
3152
1248
3153
  * Merge from debian unstable (LP: #682177), remaining changes:
1249
3154
    - debian/control:
1250
3155
      + Bump initramfs-tools Suggests to Depends: so system is not
1251
3156
        potentially rendered unbootable.
1252
3157
      + Depend on plymouth.
1253
3158
    - Add debian/cryptdisks-{enable,udev}.upstart.
1254
3159
    - debian/cryptdisks.functions:
1255
3160
      + new function, crypttab_start_one_disk, to look for the named source
1256
3161
        device in /etc/crypttab (by device name, UUID, or label) and start it
1257
3162
        if configured to do so
1258
3163
      + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
1259
3164
        we only ever have one of these running at a time; otherwise multiple
1260
3165
        invocations could steal each other's input and/or write over each
1261
3166
        other's output
1262
3167
      + when called by cryptdisks-enable, check that we don't already have a
1263
3168
        corresponding cryptdisks-udev job running (probably waiting for a
1264
3169
        passphrase); if there is, wait until it's finished before continuing.
1265
3170
    - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
1266
3171
      script a no-op, this should be handled entirely by the upstart job;
1267
3172
      and fix the LSB header to not declare this should be started in
1268
3173
      runlevel 'S'
1269
3174
    - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
1270
3175
      upgrade.
1271
3176
    - debian/rules:
1272
3177
      + Do not install start symlinks for init scripts, and
1273
3178
        install debian/cryptdisks-{enable,udev}.upstart scripts.
1274
3179
      + link dynamically against libgcrypt and libgpg-error.
1275
3180
    - Add debian/cryptsetup.apport: Apport package hook. Install in
1276
3181
      debian/rules and create dir in debian/cryptsetup.dirs.
1277
3182
    - debian/cryptsetup.postrm: call update-initramfs on package removal.
1278
3183
1279
3184
 -- Lorenzo De Liso <blackz@ubuntu.com>  Sat, 27 Nov 2010 17:37:43 +0100
1280
3185
1281
2156
cryptsetup (2:1.1.3-4) unstable; urgency=high
3186
cryptsetup (2:1.1.3-4) unstable; urgency=high
1282
2157
3187
1283
2158
  * bump standards-version to 3.9.1, no changes required
3188
  * bump standards-version to 3.9.1, no changes required
1284
@@ -2258,6 +3288,69 @@ cryptsetup (2:1.1.3-1) unstable; urgency=low
1285
2258
3288
1286
2259
 -- Jonas Meurer <mejo@debian.org>  Sat, 10 Jul 2010 14:32:40 +0200
3289
 -- Jonas Meurer <mejo@debian.org>  Sat, 10 Jul 2010 14:32:40 +0200
1287
2260
3290
1288
3291
cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low
1289
3292
1290
3293
  * Merge from Debian unstable (LP: #594365).  Remaining changes:
1291
3294
    - debian/control:
1292
3295
      + Bump initramfs-tools Suggests to Depends: so system is not
1293
3296
        potentially rendered unbootable.
1294
3297
      + Depend on plymouth.
1295
3298
    - Add debian/cryptdisks-{enable,udev}.upstart.
1296
3299
    - debian/cryptdisks.functions:
1297
3300
      + new function, crypttab_start_one_disk, to look for the named source
1298
3301
        device in /etc/crypttab (by device name, UUID, or label) and start it
1299
3302
        if configured to do so
1300
3303
      + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
1301
3304
        we only ever have one of these running at a time; otherwise multiple
1302
3305
        invocations could steal each other's input and/or write over each
1303
3306
        other's output
1304
3307
      + initially create the device under a temporary name and rename it only
1305
3308
        at the end using 'dmsetup rename', to ensure that upstart/mountall
1306
3309
        doesn't see our device before it's ready to go.
1307
3310
      + do_tmp should mount under /var/run/cryptsetup for changing the
1308
3311
        permissions of the filesystem root, not directly on /tmp, since
1309
3312
        mounting on /tmp a) is racy, b) confuses mountall something fierce.
1310
3313
      + when called by cryptdisks-enable, check that we don't already have a
1311
3314
        corresponding cryptdisks-udev job running (probably waiting for a
1312
3315
        passphrase); if there is, wait until it's finished before continuing.
1313
3316
    - debian/cryptdisks{,-early}.init: Make the 'start' action of the init
1314
3317
      script a no-op, this should be handled entirely by the upstart job;
1315
3318
      and fix the LSB header to not declare this should be started in
1316
3319
      runlevel 'S'
1317
3320
    - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
1318
3321
      upgrade.
1319
3322
    - debian/rules: Do not install start symlinks for init scripts, and
1320
3323
      install debian/cryptdisks-{enable,udev}.upstart scripts.
1321
3324
    - Add debian/cryptsetup.apport: Apport package hook. Install in
1322
3325
      debian/rules and create dir in debian/cryptsetup.dirs.
1323
3326
    - debian/rules: link dynamically against libgcrypt and libgpg-error.
1324
3327
    - debian/cryptsetup.postrm: call update-initramfs on package removal.
1325
3328
  * Dropped changes, merged/superseded in Debian:
1326
3329
    - Add ext4 support to passdev.
1327
3330
    - cryptroot-hook: don't call copy_modules_dir with empty arguments when
1328
3331
      archcrypto isn't found
1329
3332
    - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into
1330
3333
      the initramfs.
1331
3334
    - change interaction to use plymouth directly if present, and if not, to
1332
3335
      fall back to /lib/cryptsetup/askpass as before
1333
3336
    - cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
1334
3337
    - debian/initramfs/cryptroot-script: if plymouth is present in the
1335
3338
      initramfs, use this directly, bypassing the cryptsetup askpass script
1336
3339
    - debian/initramfs/cryptroot-hook: Properly anchor our regexps when
1337
3340
      grepping /etc/crypttab so that we don't incorrectly match device names
1338
3341
      that are substrings of one another.
1339
3342
    - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
1340
3343
      file descriptor to subprocesses.
1341
3344
    - Fix grammar error in debian/initramfs/cryptroot-script
1342
3345
      ("setup" -> "set up")
1343
3346
    - debian/initramfs/cryptroot-script: Fix this to work with current
1344
3347
      initramfs-tools:
1345
3348
      + Source /scripts/functions after checking for prerequisites.
1346
3349
      + prereqs(): Do not assume we are running within initramfs, and
1347
3350
        calculate relative path correctly.
1348
3351
1349
3352
 -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 14 Jun 2010 21:47:28 -0700
1350
3353
1351
2261
cryptsetup (2:1.1.2-1) unstable; urgency=low
3354
cryptsetup (2:1.1.2-1) unstable; urgency=low
1352
2262
3355
1353
2263
  * new upstream release, changes include:
3356
  * new upstream release, changes include:
1354
@@ -2375,6 +3468,171 @@ cryptsetup (2:1.1.0-1) unstable; urgency=low
1355
2375
3468
1356
2376
 -- Jonas Meurer <mejo@debian.org>  Mon, 08 Mar 2010 14:15:35 +0100
3469
 -- Jonas Meurer <mejo@debian.org>  Mon, 08 Mar 2010 14:15:35 +0100
1357
2377
3470
1358
3471
cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low
1359
3472
1360
3473
  [ David Stansby ]
1361
3474
  * Fix grammar error in debian/initramfs/cryptroot-script
1362
3475
    ("setup" -> "set up") (LP: #578896)
1363
3476
1364
3477
 -- James Westby <james.westby@ubuntu.com>  Mon, 17 May 2010 13:33:40 +0100
1365
3478
1366
3479
cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low
1367
3480
1368
3481
  * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
1369
3482
    file descriptor to subprocesses.
1370
3483
1371
3484
 -- Colin Watson <cjwatson@ubuntu.com>  Mon, 29 Mar 2010 22:18:36 +0100
1372
3485
1373
3486
cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low
1374
3487
1375
3488
  * debian/initramfs/cryptroot-hook: Properly anchor our regexps when
1376
3489
    grepping /etc/crypttab so that we don't incorrectly match device names
1377
3490
    that are substrings of one another.
1378
3491
  * debian/cryptdisks-{enable,udev}.conf, debian/control: drop
1379
3492
    'console output' and add a hard dependency on plymouth instead of
1380
3493
    watershed, to avoid spitting extra messages to the console.
1381
3494
1382
3495
 -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 18 Feb 2010 06:19:19 -0800
1383
3496
1384
3497
cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low
1385
3498
1386
3499
  * Set FRAMEBUFFER=y in the file that we actually ship.
1387
3500
  * debian/cryptsetup.postrm: call update-initramfs on package removal.
1388
3501
    LP: #468228.
1389
3502
1390
3503
 -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 25 Jan 2010 03:07:52 -0800
1391
3504
1392
3505
cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low
1393
3506
1394
3507
  * cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
1395
3508
  * cryptdisks.functions: when called by cryptdisks-enable, check that we
1396
3509
    don't already have a corresponding cryptdisks-udev job running (probably
1397
3510
    waiting for a passphrase); if there is, wait until it's finished before
1398
3511
    continuing.
1399
3512
1400
3513
 -- Steve Langasek <steve.langasek@ubuntu.com>  Thu, 21 Jan 2010 14:57:21 +0000
1401
3514
1402
3515
cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low
1403
3516
1404
3517
  * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the
1405
3518
    initramfs.
1406
3519
  * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the
1407
3520
    invocation of plymouth, so that we actually get proper passphrase prompts
1408
3521
    (once bug #496765 is fixed).
1409
3522
1410
3523
 -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 16 Jan 2010 02:32:41 -0800
1411
3524
1412
3525
cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low
1413
3526
1414
3527
  * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for
1415
3528
    changing the permissions of the filesystem root, not directly on /tmp,
1416
3529
    since mounting on /tmp a) is racy, b) confuses mountall something fierce.
1417
3530
    LP: #475936.
1418
3531
1419
3532
 -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 22 Dec 2009 20:24:28 +0000
1420
3533
1421
3534
cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low
1422
3535
1423
3536
  * Depend on watershed.
1424
3537
1425
3538
 -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 22 Dec 2009 01:37:36 +0000
1426
3539
1427
3540
cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low
1428
3541
1429
3542
  [ Steve Langasek ]
1430
3543
  * Fix the LSB header in the init scripts, now that we don't install to
1431
3544
    rcS.d.
1432
3545
1433
3546
  [ Martin Pitt ]
1434
3547
  * debian/initramfs/cryptroot-script: Fix this to work with current
1435
3548
    initramfs-tools:
1436
3549
    - Source /scripts/functions after checking for prerequisites.
1437
3550
    - prereqs(): Do not assume we are running within initramfs, and calculate
1438
3551
      relative path correctly.
1439
3552
1440
3553
 -- Martin Pitt <martin.pitt@ubuntu.com>  Fri, 18 Dec 2009 17:07:07 +0100
1441
3554
1442
3555
cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low
1443
3556
1444
3557
  * Rename the upstart job introduced in the previous upload to
1445
3558
    cryptdisks-udev and restore the previous version of the job as
1446
3559
    cryptdisks-enable, to run at the end of udev coldplugging as before;
1447
3560
    this isn't entirely race-free, but should nevertheless give us the
1448
3561
    two passes needed to cover devices that are decrypted using keys stored
1449
3562
    on other encrypted disks.  LP: #443980.
1450
3563
1451
3564
 -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 16 Dec 2009 06:41:30 +0000
1452
3565
1453
3566
cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low
1454
3567
1455
3568
  [ Steve Langasek ]
1456
3569
  * debian/initramfs/cryptroot-script: if plymouth is present in the
1457
3570
    initramfs, use this directly, bypassing the cryptsetup askpass script;
1458
3571
    but keep support for these other frontends around on a transitional
1459
3572
    basis.
1460
3573
  * debian/cryptdisks.functions:
1461
3574
    - change interaction to use plymouth directly if present, and if not, to
1462
3575
      fall back to /lib/cryptsetup/askpass as before
1463
3576
    - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
1464
3577
      we only ever have one of these running at a time; otherwise multiple
1465
3578
      invocations could steal each other's input and/or write over each
1466
3579
      other's output
1467
3580
    - new function, crypttab_start_one_disk, to look for the named source
1468
3581
      device in /etc/crypttab (by device name, UUID, or label) and start it
1469
3582
      if configured to do so
1470
3583
  * debian/cryptdisks-enable.upstart: run the upstart job once for each block
1471
3584
    device, using the new crypttab_start_one_disk function, triggered by udev;
1472
3585
    this doesn't eliminate the possibility of a race with gdm when the
1473
3586
    decrypted volume isn't a 'bootwait' mount point (since gdm kills
1474
3587
    plymouth), but it does eliminate the race between udev and cryptsetup.
1475
3588
    LP: #454898.
1476
3589
  * debian/cryptdisks-enable.upstart: check that the package is installed
1477
3590
    and exit gracefully if it's not.  LP: #435814
1478
3591
  * debian/cryptdisk.functions: initially create the device under a temporary
1479
3592
    name and rename it only at the end using 'dmsetup rename', to ensure that
1480
3593
    upstart/mountall doesn't see our device before it's ready to go.
1481
3594
    LP: #475936.
1482
3595
1483
3596
  [ Colin Watson ]
1484
3597
  * Add ext4 support to passdev.
1485
3598
1486
3599
 -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 15 Dec 2009 18:05:45 -0800
1487
3600
1488
3601
cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low
1489
3602
1490
3603
  * cryptroot-hook: Use if [ -n … ] instead of if ! test -z ….
1491
3604
1492
3605
 -- Loïc Minier <loic.minier@ubuntu.com>  Sat, 12 Dec 2009 11:32:52 +0100
1493
3606
1494
3607
cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low
1495
3608
1496
3609
  * cryptroot-hook: dont call copy_modules_dir with empty arguments when
1497
3610
    archcrypto isnt found (LP: #495161)
1498
3611
1499
3612
 -- Oliver Grawert <ogra@ubuntu.com>  Fri, 11 Dec 2009 14:39:00 +0100
1500
3613
1501
3614
cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low
1502
3615
1503
3616
  * Merge with Debian testing. Remaining Ubuntu changes:
1504
3617
    - debian/rules: cryptsetup is linked dynamically against libgcrypt and
1505
3618
      libgpg-error.
1506
3619
    - Upstart migration:
1507
3620
      + Add debian/cryptdisks-enable.upstart.
1508
3621
      + debian/cryptdisks{,-early}.init: Make the 'start' action of the init
1509
3622
        script a no-op, this should be handled entirely by the upstart job.
1510
3623
        (LP #473615)
1511
3624
      + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
1512
3625
        upgrade.
1513
3626
      + debian/rules: Do not install start symlinks for those two, and install
1514
3627
        debian/cryptdisks-enable.upstart scripts.
1515
3628
    - Add debian/cryptsetup.apport: Apport package hook. Install in
1516
3629
      debian/rules, and create dir in debian/cryptsetup.dirs.
1517
3630
    - Start usplash in initramfs, since we need it for fancy passphrase input:
1518
3631
      + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y
1519
3632
      + debian/control: Bump initramfs-tools Suggests to Depends:.
1520
3633
1521
3634
 -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 11 Nov 2009 15:04:27 +0100
1522
3635
1523
2378
cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low
3636
cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low
1524
2379
3637
1525
2380
  * new upstream release candidate (1.1.0-rc2), highlights include:
3638
  * new upstream release candidate (1.1.0-rc2), highlights include:
1526
@@ -2548,6 +3806,80 @@ cryptsetup (2:1.0.7~rc1-1) unstable; urgency=low
1527
2548
3806
1528
2549
 -- Jonas Meurer <mejo@debian.org>  Sat, 04 Jul 2009 15:52:06 +0200
3807
 -- Jonas Meurer <mejo@debian.org>  Sat, 04 Jul 2009 15:52:06 +0200
1529
2550
3808
1530
3809
cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low
1531
3810
1532
3811
  [ Steve Langasek ]
1533
3812
  * Make the 'start' action of the init script a no-op, this should be
1534
3813
    handled entirely by the upstart job now; and remove any symlinks from
1535
3814
    /etc/rcS.d on upgrade.  LP: #473615.
1536
3815
1537
3816
  [ Reinhard Tartler ]
1538
3817
  * Add an apport hook
1539
3818
  * import the blkid and un_blkid from debian, LP: #446517
1540
3819
  * also use this script by default (setting in /etc/default/cryptdisks)
1541
3820
1542
3821
 -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 04 Nov 2009 12:06:47 +0000
1543
3822
1544
3823
cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low
1545
3824
1546
3825
  * Reupload previous version, siretart had left changes in bzr which
1547
3826
    weren't documented in the changelog and caused FTBFS.
1548
3827
1549
3828
 -- Scott James Remnant <scott@ubuntu.com>  Wed, 14 Oct 2009 13:57:59 +0100
1550
3829
1551
3830
cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low
1552
3831
1553
3832
  [ Steve Langasek ]
1554
3833
  * Move the Debian Vcs- fields aside.
1555
3834
1556
3835
  [ Scott James Remnant ]
1557
3836
  * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy,
1558
3837
    cryptsetup should not need a controlling terminal, just a terminal
1559
3838
    is fine.  May fix LP: #439138.
1560
3839
1561
3840
 -- Scott James Remnant <scott@ubuntu.com>  Wed, 14 Oct 2009 04:52:16 +0100
1562
3841
1563
3842
cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low
1564
3843
1565
3844
  * debian/cryptdisks-enable.upstart: Things that often help include
1566
3845
    not setting stdin/out to /dev/null, so you can actually type the
1567
3846
    passphrase.  I am an idiot.  LP: #430496.
1568
3847
1569
3848
 -- Scott James Remnant <scott@ubuntu.com>  Thu, 17 Sep 2009 17:58:01 +0100
1570
3849
1571
3850
cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low
1572
3851
1573
3852
  * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted
1574
3853
    disks once we've finished probing for udev devices, so that mountall
1575
3854
    can use them.  LP: #430496.
1576
3855
1577
3856
 -- Scott James Remnant <scott@ubuntu.com>  Thu, 17 Sep 2009 00:04:00 +0100
1578
3857
1579
3858
cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low
1580
3859
1581
3860
  * debian/initramfs/cryptroot-conf: declare that we want usplash included
1582
3861
    in the initramfs whenever this package is installed.  LP: #427356.
1583
3862
1584
3863
 -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 15 Sep 2009 08:43:15 -0700
1585
3864
1586
3865
cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low
1587
3866
1588
3867
  * Merge from debian unstable, remaining changes:
1589
3868
    - Ubuntu specific:
1590
3869
      + debian/rules: link dynamically for better security supportability and
1591
3870
        smaller packages.
1592
3871
      + debian/control: Depend on initramfs-tools so system is not potentially
1593
3872
        rendered unbootable.
1594
3873
    - debian/initramfs/cryptroot-script wait for encrypted device to appear,
1595
3874
      report with log_*_msg (debian bug 488271).
1596
3875
    - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL
1597
3876
      correlation between fstab and crypttab (debian bug 522041).
1598
3877
    - debian/askpass.c, debian/initramfs/cryptroot-script: using newline
1599
3878
      escape in passphrase prompt to avoid line-wrapping (debian bug 528133).
1600
3879
  * Drop 04_fix_udevsettle_call.patch: fixed upstream differently.
1601
3880
1602
3881
 -- Kees Cook <kees@ubuntu.com>  Sun, 10 May 2009 17:29:32 -0700
1603
3882
1604
2551
cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
3883
cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
1605
2552
3884
1606
2553
  * New upstream svn snapshot. Highlights include:
3885
  * New upstream svn snapshot. Highlights include:
1607
@@ -2589,6 +3921,67 @@ cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
1608
2589
3921
1609
2590
 -- Jonas Meurer <mejo@debian.org>  Mon, 06 Apr 2009 08:49:14 +0200
3922
 -- Jonas Meurer <mejo@debian.org>  Mon, 06 Apr 2009 08:49:14 +0200
1610
2591
3923
1611
3924
cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low
1612
3925
1613
3926
  * debian/control: Depend on initramfs-tools so system is not potentially
1614
3927
    rendered unbootable (LP: #358654).
1615
3928
1616
3929
 -- Kees Cook <kees@ubuntu.com>  Thu, 09 Apr 2009 12:29:31 -0700
1617
3930
1618
3931
cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low
1619
3932
1620
3933
  * debian/initramfs/cryptroot-script: we don't require vol_id to understand
1621
3934
    the encrypted device, but we should check the device is fully up first
1622
3935
    before continuing by calling udevadm settle.  LP: #291752.
1623
3936
1624
3937
 -- Steve Langasek <steve.langasek@ubuntu.com>  Sat, 07 Mar 2009 21:39:14 -0800
1625
3938
1626
3939
cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low
1627
3940
1628
3941
  * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation
1629
3942
    between fstab and crypttab (LP: #287879).
1630
3943
1631
3944
 -- TJ <ubuntu@tjworld.net>  Mon, 16 Feb 2009 23:00:00 +0000
1632
3945
1633
3946
cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low
1634
3947
1635
3948
  * debian/askpass.c: also handle newline escape code in console prompt.
1636
3949
1637
3950
 -- Kees Cook <kees@ubuntu.com>  Sun, 15 Feb 2009 08:57:05 -0800
1638
3951
1639
3952
cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low
1640
3953
1641
3954
  [ https://launchpad.net/~svenkata ]
1642
3955
  * debian/checks/un_vol_id: dynamically build the "unknown volume type"
1643
3956
    string, to allow for encrypted swap, LP: #316607
1644
3957
1645
3958
 -- Dustin Kirkland <kirkland@ubuntu.com>  Thu, 12 Feb 2009 16:57:30 -0600
1646
3959
1647
3960
cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low
1648
3961
1649
3962
  * debian/askpass.c: handle newline escape code in password prompt.
1650
3963
  * debian/initramfs/cryptroot-script: add newline to split cryptroot
1651
3964
    password prompt onto two lines for readability (LP: #326900).
1652
3965
1653
3966
 -- Kees Cook <kees@ubuntu.com>  Sun, 08 Feb 2009 07:26:01 -0800
1654
3967
1655
3968
cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low
1656
3969
1657
3970
  * Merge from debian unstable, remaining changes:
1658
3971
    - debian/initramfs/cryptroot-script:
1659
3972
      - must source /scripts/functions to get the log_*_msg() functions.
1660
3973
      - wait for encrypted device to show up (LP 164044, 291752).
1661
3974
      - disable error message 'failed to setup lvm device' (LP 151532).
1662
3975
    - debian/rules:
1663
3976
      - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is
1664
3977
        in Debian unstable).
1665
3978
      - link dynamically (LP 62751).
1666
3979
    - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle.
1667
3980
  * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's
1668
3981
    version is higher now.
1669
3982
1670
3983
 -- Kees Cook <kees@ubuntu.com>  Tue, 06 Jan 2009 13:00:16 -0800
1671
3984
1672
2592
cryptsetup (2:1.0.6-7) unstable; urgency=medium
3985
cryptsetup (2:1.0.6-7) unstable; urgency=medium
1673
2593
3986
1674
2594
  * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE
3987
  * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE
1675
@@ -2633,6 +4026,38 @@ cryptsetup (2:1.0.6-7) unstable; urgency=medium
1676
2633
4026
1677
2634
 -- Jonas Meurer <mejo@debian.org>  Wed, 17 Dec 2008 21:25:45 +0100
4027
 -- Jonas Meurer <mejo@debian.org>  Wed, 17 Dec 2008 21:25:45 +0100
1678
2635
4028
1679
4029
cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low
1680
4030
1681
4031
  * debian/initramfs/cryptroot-script: do not require that vol_id
1682
4032
    can parse the encrypted device as valid (LP: #291752).
1683
4033
1684
4034
 -- Kees Cook <kees@ubuntu.com>  Fri, 31 Oct 2008 13:10:06 -0700
1685
4035
1686
4036
cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low
1687
4037
1688
4038
  * Fixes for (LP: #272301)
1689
4039
  * debian/initramfs/cryptroot-script: must source /scripts/functions to get
1690
4040
    the log_*_msg() functions
1691
4041
  * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle
1692
4042
1693
4043
 -- Dustin Kirkland <kirkland@ubuntu.com>  Fri, 19 Sep 2008 18:03:28 -0500
1694
4044
1695
4045
cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low
1696
4046
1697
4047
  * drop almost all ubuntu specific changes from the cryptsetup package,
1698
4048
    because they have been merged in debian. Thanks a lot!
1699
4049
  * merge from debian, remaining changes:
1700
4050
    - remove versioned build-depency on libdevmapper-dev, we are using a
1701
4051
      rather sophisticated loop for making sure the root filesystem appears.
1702
4052
  * debian/rules: fix location of ltmain.sh
1703
4053
  * don't exit usplash anymore in the init script. LP: #110970, #139363
1704
4054
  * Disable error message 'failed to setup lvm device'. It is harmless, and
1705
4055
    caused by the fact that the udev rules provided by lvm2 are setting up
1706
4056
    the lvm on their own. In debian the scripts here are responsible for this
1707
4057
    but obviously fail in ubuntu. LP: #151532
1708
4058
1709
4059
 -- Reinhard Tartler <siretart@tauware.de>  Sat, 30 Aug 2008 17:52:16 +0200
1710
4060
1711
2636
cryptsetup (2:1.0.6-6) unstable; urgency=high
4061
cryptsetup (2:1.0.6-6) unstable; urgency=high
1712
2637
4062
1713
2638
  * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles
4063
  * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles
1714
@@ -2734,6 +4159,79 @@ cryptsetup (2:1.0.6-3) unstable; urgency=low
1715
2734
4159
1716
2735
 -- Jonas Meurer <mejo@debian.org>  Mon, 07 Jul 2008 00:30:07 +0200
4160
 -- Jonas Meurer <mejo@debian.org>  Mon, 07 Jul 2008 00:30:07 +0200
1717
2736
4161
1718
4162
cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low
1719
4163
1720
4164
  * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally
1721
4165
    dropped in version 2:1.0.6-2ubuntu6.
1722
4166
1723
4167
 -- Reinhard Tartler <siretart@tauware.de>  Fri, 20 Jun 2008 15:15:54 +0200
1724
4168
1725
4169
cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low
1726
4170
1727
4171
  [ Kjell Braden ]
1728
4172
  * load scripts/functions for log_{begin,end}_msg
1729
4173
  * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device
1730
4174
  * debian/initramfs/cryptroot-hook: copy binaries to the right directory
1731
4175
1732
4176
  [ Reinhard Tartler ]
1733
4177
  * remove versioned build-depency on libdevmapper-dev, we are using a
1734
4178
    rather sophisticated loop for making sure the root filesystem appears.
1735
4179
1736
4180
 -- Reinhard Tartler <siretart@tauware.de>  Wed, 18 Jun 2008 00:26:43 +0200
1737
4181
1738
4182
cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low
1739
4183
1740
4184
  * Okay, I give up. include preprocessed manpages and adapt
1741
4185
    debian/rules to easily produce those.
1742
4186
    ATTENTION: on subsequent uploads, make sure that the manpages are
1743
4187
    available and up-to-date.
1744
4188
1745
4189
 -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 13:33:07 +0200
1746
4190
1747
4191
cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low
1748
4192
1749
4193
  * also use local dtd in debian/doc/variables.xml.in.
1750
4194
1751
4195
 -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 12:55:42 +0200
1752
4196
1753
4197
cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low
1754
4198
1755
4199
  * try harder to fix FTBFS.
1756
4200
1757
4201
 -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 11:42:54 +0200
1758
4202
1759
4203
cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low
1760
4204
1761
4205
  * build docbook documentation using local dtds instead of trying to
1762
4206
    download them at buildtime. Fixes FTBFS.
1763
4207
1764
4208
 -- Reinhard Tartler <siretart@tauware.de>  Sun, 15 Jun 2008 11:12:28 +0200
1765
4209
1766
4210
cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low
1767
4211
1768
4212
  * Merge new debian version. Remaining changes:
1769
4213
    - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
1770
4214
      bzr on launchpad.
1771
4215
    - debian/rules: cryptsetup is linked dynamically against libgcrypt and
1772
4216
      libgpg-error.
1773
4217
    - cryptdisks.functions: stop usplash on user input. LP #62751
1774
4218
    - Parse comments in lines not starting with '#', LP #185380
1775
4219
    - If the encrypted source device hasn't shown up yet, give it a
1776
4220
      little while to deal with removable devices. LP #164044
1777
4221
  * Depend on race-free version of libdevmapper, thus making udevsettle
1778
4222
    call from cryptsetup binary unnecessary. Dropping patch
1779
4223
    debian/patches/06_run_udevsettle.patch
1780
4224
  * remove patch from LP #73862, loading optimized modules has been solved
1781
4225
    in debian in another way.
1782
4226
  * cryptdisk.functions: remove spurious call to load_optimized_module.
1783
4227
    LP: #239946
1784
4228
  * bugfix: make regex work if keyfile has extended attributes. LP: #231339.
1785
4229
  * remove patch in cryptdisks.functions for rexecing the script itself for
1786
4230
    ensuring that a tty is always available. (See LP #58794.) According to
1787
4231
    Scott, this is not necessary anymore.
1788
4232
1789
4233
 -- Reinhard Tartler <siretart@tauware.de>  Sat, 14 Jun 2008 23:28:51 +0200
1790
4234
1791
2737
cryptsetup (2:1.0.6-2) unstable; urgency=low
4235
cryptsetup (2:1.0.6-2) unstable; urgency=low
1792
2738
4236
1793
2739
  [ Jonas Meurer ]
4237
  [ Jonas Meurer ]
1794
@@ -2759,6 +4257,54 @@ cryptsetup (2:1.0.6-2) unstable; urgency=low
1795
2759
4257
1796
2760
 -- David Härdeman <david@hardeman.nu>  Mon, 26 May 2008 08:12:32 +0200
4258
 -- David Härdeman <david@hardeman.nu>  Mon, 26 May 2008 08:12:32 +0200
1797
2761
4259
1798
4260
cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low
1799
4261
1800
4262
  [ Kjell Braden ]
1801
4263
  * Fix configuration parsing (LP: #239808)
1802
4264
1803
4265
  [ Reinhard Tartler ]
1804
4266
  * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723)
1805
4267
1806
4268
 -- Reinhard Tartler <siretart@tauware.de>  Fri, 13 Jun 2008 21:26:17 +0200
1807
4269
1808
4270
cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low
1809
4271
1810
4272
  * Parse comments in lines not starting with '#', LP: #185380
1811
4273
  * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough
1812
4274
    for the cryptdevice to appear. Reimplement the busy waiting loop found
1813
4275
    while waiting for the root file system. Patch based on work by Swâmi
1814
4276
    Petaramesh. LP: #164044
1815
4277
  * debian/crypdisks.functions: call 'env' with full path. LP: #178829.
1816
4278
1817
4279
 -- Reinhard Tartler <siretart@tauware.de>  Mon, 26 May 2008 22:12:32 +0200
1818
4280
1819
4281
cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low
1820
4282
1821
4283
  * Simplify the patch in debian/cryptdisks.functions that stops usplash
1822
4284
    before asking for a passphrase.
1823
4285
1824
4286
 -- Reinhard Tartler <siretart@tauware.de>  Mon, 26 May 2008 20:18:14 +0200
1825
4287
1826
4288
cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low
1827
4289
1828
4290
  * Merge new debian version. Remaining changes:
1829
4291
    - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
1830
4292
    - stop usplash on user input. LP #62751
1831
4293
    - debian/cryptdisks.functions: Always output and read from the console.
1832
4294
      LP #58794.
1833
4295
    - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
1834
4296
      bzr on launchpad.
1835
4297
    - debian/initramfs/cryptroot-hook: LP #73862
1836
4298
      Added patch to install aes optimized cypher module
1837
4299
    - try to load optimized cypher module in cryptsetup.functions as well,
1838
4300
      because cryptroot-hook is only executed when we really have a
1839
4301
      cryptoroot.
1840
4302
  * other ubuntu changes have been merged into debian. Please report bugs
1841
4303
    if you believe some patches have been dropped.
1842
4304
  * removed 07_typos_fix.patch, has been reviewed and applied upstream.
1843
4305
1844
4306
 -- Reinhard Tartler <siretart@tauware.de>  Sun, 25 May 2008 22:52:30 +0200
1845
4307
1846
2762
cryptsetup (2:1.0.6-1) unstable; urgency=low
4308
cryptsetup (2:1.0.6-1) unstable; urgency=low
1847
2763
4309
1848
2764
  [ Jonas Meurer ]
4310
  [ Jonas Meurer ]
1849
@@ -2890,6 +4436,138 @@ cryptsetup (2:1.0.6~pre1-1) unstable; urgency=low
1850
2890
4436
1851
2891
 -- Jonas Meurer <mejo@debian.org>  Thu, 06 Dec 2007 15:56:05 +0100
4437
 -- Jonas Meurer <mejo@debian.org>  Thu, 06 Dec 2007 15:56:05 +0100
1852
2892
4438
1853
4439
cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low
1854
4440
1855
4441
  * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181)
1856
4442
1857
4443
 -- Bruno Barrera Yever <bbyever@gmail.com>  Mon, 07 Apr 2008 18:43:05 -0500
1858
4444
1859
4445
cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low
1860
4446
1861
4447
  * debian/initramfs/cryptroot-script: Do show the disk name after all, since
1862
4448
    some people use multiple encrypted partitions as LVM PVs. (LP: #201413)
1863
4449
1864
4450
 -- Martin Pitt <martin.pitt@ubuntu.com>  Sun, 06 Apr 2008 11:54:41 -0600
1865
4451
1866
4452
cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low
1867
4453
1868
4454
  * debian/initramfs/cryptroot-script: Do not mention the name of the
1869
4455
    encrypted device. It is just technobabble anyway (sda4_crypt), and there
1870
4456
    is just one root partition ever, so it is not needed to tell apart
1871
4457
    different partitions. From a security POV, someone who can change your
1872
4458
    initramfs to boot a different root partition can just as well change the
1873
4459
    strings, too. (LP: #201413)
1874
4460
1875
4461
 -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 02 Apr 2008 15:51:53 +0200
1876
4462
1877
4463
cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low
1878
4464
1879
4465
  * debian/scripts/luksformat: Use 256 bit key size by default.
1880
4466
    (LP: #78508)
1881
4467
  * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for
1882
4468
    luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508)
1883
4469
1884
4470
 -- Martin Pitt <martin.pitt@ubuntu.com>  Wed, 27 Feb 2008 17:43:46 +0100
1885
4471
1886
4472
cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low
1887
4473
1888
4474
  * Fix -x calls and access() call.
1889
4475
1890
4476
 -- Scott James Remnant <scott@ubuntu.com>  Fri, 14 Dec 2007 16:54:53 +0000
1891
4477
1892
4478
cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low
1893
4479
1894
4480
  * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle
1895
4481
  * debian/patches/06_call_udevsettle.dpatch: likewise
1896
4482
1897
4483
 -- Scott James Remnant <scott@ubuntu.com>  Fri, 14 Dec 2007 16:11:36 +0000
1898
4484
1899
4485
cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low
1900
4486
1901
4487
  * Make cryptsetup understand devices specified by UUID=... or LABEL=
1902
4488
    in crypttab. (LP: #153597)
1903
4489
1904
4490
 -- Andrea Colangelo <warp10@libero.it>  Mon, 29 Oct 2007 18:22:51 +0100
1905
4491
1906
4492
cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low
1907
4493
1908
4494
  * reenable additional udevsettle calls in cryptroot hook from
1909
4495
    https://launchpad.net/bugs/85640, LP: #132373.
1910
4496
  * change maintainer to ubuntu-core-dev.
1911
4497
  * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control.
1912
4498
1913
4499
 -- Reinhard Tartler <siretart@tauware.de>  Thu, 08 Nov 2007 23:52:19 +0100
1914
4500
1915
4501
cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low
1916
4502
1917
4503
  * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last
1918
4504
    upload. Sorry, pitti.
1919
4505
  * convert patch to lib/libdevmapper.c to a dpatch.
1920
4506
1921
4507
 -- Reinhard Tartler <siretart@tauware.de>  Sun, 04 Nov 2007 21:42:43 +0100
1922
4508
1923
4509
cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low
1924
4510
1925
4511
  * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation
1926
4512
    events are being processed by calling /sbin/udevsettle. Patch based on
1927
4513
    OpenSUSE bug #285478, LP: #132373.
1928
4514
  * Based on the change above, the patch from LP #85640 is no longer needed.
1929
4515
    dropping the relevant parts.
1930
4516
  * Fix debian/rules to not fail to build if autom4te.cache is left behind
1931
4517
    from a previous incomplete build.
1932
4518
1933
4519
 -- Reinhard Tartler <siretart@tauware.de>  Fri, 02 Nov 2007 20:53:31 +0100
1934
4520
1935
4521
cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low
1936
4522
1937
4523
  * debian/initramfs/cryptroot-script:
1938
4524
    - If the supplied password worked, remove the prompt from usplash again,
1939
4525
      so that the user has some visual feedback that everything is alright.
1940
4526
      (LP: #151305)
1941
4527
    - Do not show the UUID device node of the outer physical device. It is
1942
4528
      scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not
1943
4529
      improve security at all: If attackers can tamper with your initramfs,
1944
4530
      they can also change the prompt, and if the UUID of the physical device
1945
4531
      changes, then booting will not even get that far. Now it is a much more
1946
4532
      friendly "Enter passphrase for sda5_crypt:" which is still technical,
1947
4533
      but it's necessary to point out which device will be unlocked in case
1948
4534
      there are several.
1949
4535
1950
4536
 -- Martin Pitt <martin.pitt@ubuntu.com>  Thu, 11 Oct 2007 19:51:58 +0200
1951
4537
1952
4538
cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low
1953
4539
1954
4540
  * Merge new debian version. Remaining changes:
1955
4541
    - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
1956
4542
      This will break systems where /usr is a separate encrypted filesystem
1957
4543
      but not have other bad consequences (in particular, systems with
1958
4544
      encrypted root are still fine).  The upsides include better
1959
4545
      security supportability and smaller packages.
1960
4546
    - libcryptsetup.so et al removed from the binary packages.  They have
1961
4547
      no stable ABI and are not suitable for use by other packages, and
1962
4548
      were in violation of library policies etc.  They're not needed since
1963
4549
      the cryptsetup executable statically contains the relevant parts of
1964
4550
      libcryptsetup.
1965
4551
    - cryptdisks.functions: remove #!/bin/bash as it isn't a script
1966
4552
      by itself; it's only sourced by other scripts.  This gets rid
1967
4553
      of the lintian warning `script-not-executable' for this file.
1968
4554
    - stop usplash on user input. LP #62751
1969
4555
    - Always output and read from the console. LP #58794.
1970
4556
    - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
1971
4557
      bzr on launchpad.
1972
4558
    - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
1973
4559
      libnsl linkage;
1974
4560
    - debian/initramfs/cryptroot-hook: (LP: #73862)
1975
4561
      Added patch to install aes optimized cypher module
1976
4562
    - try to load optimized cypher module in cryptsetup.functions as well,
1977
4563
      because cryptroot-hook is only executed when we really have a
1978
4564
      cryptoroot.
1979
4565
    - apply patch from pitti for allowing UUIDs in /etc/crypttab.
1980
4566
      This allowes crypted PVs! LP: #144390.
1981
4567
    - remove README.ubuntu, since it contains old and obsolete information.
1982
4568
1983
4569
 -- Reinhard Tartler <siretart@tauware.de>  Tue, 02 Oct 2007 21:31:28 +0200
1984
4570
1985
2893
cryptsetup (2:1.0.5-2) unstable; urgency=low
4571
cryptsetup (2:1.0.5-2) unstable; urgency=low
1986
2894
4572
1987
2895
  [ Jonas Meurer ]
4573
  [ Jonas Meurer ]
1988
@@ -2938,6 +4616,68 @@ cryptsetup (2:1.0.5-2) unstable; urgency=low
1989
2938
4616
1990
2939
 -- Jonas Meurer <mejo@debian.org>  Mon, 24 Sep 2007 15:42:06 +0200
4617
 -- Jonas Meurer <mejo@debian.org>  Mon, 24 Sep 2007 15:42:06 +0200
1991
2940
4618
1992
4619
cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low
1993
4620
1994
4621
  * apply patch from pitti for allowing UUIDs in /etc/crypttab.
1995
4622
    This allowes crypted PVs! LP: #144390.
1996
4623
  * remove README.ubuntu, since it contains old and obsolete information.
1997
4624
1998
4625
 -- Reinhard Tartler <siretart@tauware.de>  Tue, 02 Oct 2007 19:59:24 +0200
1999
4626
2000
4627
cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low
2001
4628
2002
4629
  [ Stephan Hermann ]
2003
4630
  * debian/initramfs/cryptroot-hook: (LP: #73862)
2004
4631
    - Added patch to install aes optimized cypher module
2005
4632
2006
4633
  [ Reinhard Tartler ]
2007
4634
  * re-applying old patch to new package version
2008
4635
  * try to load optimized cypher module in cryptsetup.functions as well,
2009
4636
    because cryptroot-hook is only executed when we really have a
2010
4637
    cryptoroot.
2011
4638
2012
4639
 -- Reinhard Tartler <siretart@tauware.de>  Thu, 27 Sep 2007 19:38:48 +0200
2013
4640
2014
4641
cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low
2015
4642
2016
4643
  * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
2017
4644
    libnsl linkage; should finally produce a usable cryptsetup binary for
2018
4645
    the udeb.
2019
4646
2020
4647
 -- Colin Watson <cjwatson@ubuntu.com>  Wed, 19 Sep 2007 15:28:52 +0100
2021
4648
2022
4649
cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low
2023
4650
2024
4651
  * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for
2025
4652
    proper udeb dependencies.
2026
4653
2027
4654
 -- Colin Watson <cjwatson@ubuntu.com>  Wed, 19 Sep 2007 01:37:02 +0100
2028
4655
2029
4656
cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low
2030
4657
2031
4658
  * Merge new debian version. Remaining changes:
2032
4659
    - cryptsetup is linked dynamically against libgcrypt and libgpg-error.
2033
4660
      This will break systems where /usr is a separate encrypted filesystem
2034
4661
      but not have other bad consequences (in particular, systems with
2035
4662
      encrypted root are still fine).  The upsides include better
2036
4663
      security supportability and smaller packages.
2037
4664
    - libcryptsetup.so et al removed from the binary packages.  They have
2038
4665
      no stable ABI and are not suitable for use by other packages, and
2039
4666
      were in violation of library policies etc.  They're not needed since
2040
4667
      the cryptsetup executable statically contains the relevant parts of
2041
4668
      libcryptsetup.
2042
4669
    - cryptdisks.functions: remove #!/bin/bash as it isn't a script
2043
4670
      by itself; it's only sourced by other scripts.  This gets rid
2044
4671
      of the lintian warning `script-not-executable' for this file.
2045
4672
    - stop usplash on user input. LP #62751
2046
4673
    - Always output and read from the console. LP #58794.
2047
4674
  * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
2048
4675
    bzr on launchpad.
2049
4676
  * UVF exception request granted by Scott Kitterman and Chuck Short
2050
4677
    LP: #138295
2051
4678
2052
4679
 -- Reinhard Tartler <siretart@tauware.de>  Sat, 08 Sep 2007 19:04:54 +0200
2053
4680
2054
2941
cryptsetup (2:1.0.5-1) unstable; urgency=low
4681
cryptsetup (2:1.0.5-1) unstable; urgency=low
2055
2942
4682
2056
2943
  [ Jonas Meurer ]
4683
  [ Jonas Meurer ]
2057
@@ -2958,6 +4698,66 @@ cryptsetup (2:1.0.5-1) unstable; urgency=low
2058
2958
4698
2059
2959
 -- Jonas Meurer <mejo@debian.org>  Fri, 27 Jul 2007 04:59:33 +0200
4699
 -- Jonas Meurer <mejo@debian.org>  Fri, 27 Jul 2007 04:59:33 +0200
2060
2960
4700
2061
4701
cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low
2062
4702
2063
4703
  * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu
2064
4704
2065
4705
 -- Reinhard Tartler <siretart@tauware.de>  Sat, 08 Sep 2007 18:43:56 +0200
2066
4706
2067
4707
cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low
2068
4708
2069
4709
  * cryptsetup is linked dynamically against libgcrypt and libgpg-error.
2070
4710
    This will break systems where /usr is a separate encrypted filesystem
2071
4711
    but not have other bad consequences (in particular, systems with
2072
4712
    encrypted root are still fine).  The upsides include better
2073
4713
    security supportability and smaller packages.
2074
4714
  * libcryptsetup.so et al removed from the binary packages.  They have
2075
4715
    no stable ABI and are not suitable for use by other packages, and
2076
4716
    were in violation of library policies etc.  They're not needed since
2077
4717
    the cryptsetup executable statically contains the relevant parts of
2078
4718
    libcryptsetup.
2079
4719
  * cryptdisks.functions: remove #!/bin/bash as it isn't a script
2080
4720
    by itself; it's only sourced by other scripts.  This gets rid
2081
4721
    of the lintian warning `script-not-executable' for this file.
2082
4722
2083
4723
 -- Ian Jackson <iwj@ubuntu.com>  Fri, 31 Aug 2007 12:05:33 +0100
2084
4724
2085
4725
cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low
2086
4726
2087
4727
  * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions
2088
4728
    (LP: #115617)
2089
4729
2090
4730
 -- Reinhard Tartler <siretart@ubuntu.com>  Tue, 29 May 2007 17:04:05 +0200
2091
4731
2092
4732
cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low
2093
4733
2094
4734
  * make luksformat check if filesystem is already mounted to prevent a
2095
4735
    strange error message. thanks to mvo for the patch (LP: #116633)
2096
4736
  * remove file debian/initramfs-cryptroot-script from source. it is not
2097
4737
    installed anywhere, and a leftover from the last merge.
2098
4738
  * add missing hunk of cryptsetup.functions compared to debian package.
2099
4739
  * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to
2100
4740
    debian/initramfs/cryptroot-script, since stgraber's patch has been
2101
4741
    lost in the last merge. (LP: #85640)
2102
4742
2103
4743
 -- Reinhard Tartler <siretart@ubuntu.com>  Tue, 29 May 2007 15:02:57 +0200
2104
4744
2105
4745
cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low
2106
4746
2107
4747
  * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405)
2108
4748
2109
4749
 -- Reinhard Tartler <siretart@ubuntu.com>  Tue, 29 May 2007 13:31:39 +0200
2110
4750
2111
4751
cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low
2112
4752
2113
4753
  * Merge from Debian unstable. Remaining Ubuntu changes:
2114
4754
    - stop usplash on user input. Ubuntu: #62751
2115
4755
    - Always output and read from the console.  Ubuntu: #58794.
2116
4756
    - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
2117
4757
  * Modify Maintainer value to match Debian-Maintainer-Field Spec
2118
4758
2119
4759
 -- Andrea Veri <bluekuja@ubuntu.com>  Sun,  6 May 2007 22:33:25 +0200
2120
4760
2121
2961
cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low
4761
cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low
2122
2962
4762
2123
2963
  * New upstream svn snapshot with several bugfixes
4763
  * New upstream svn snapshot with several bugfixes
2124
@@ -3010,6 +4810,20 @@ cryptsetup (2:1.0.4+svn26-2) unstable; urgency=low
2125
3010
4810
2126
3011
 -- Jonas Meurer <mejo@debian.org>  Sat, 28 Apr 2007 20:45:50 +0200
4811
 -- Jonas Meurer <mejo@debian.org>  Sat, 28 Apr 2007 20:45:50 +0200
2127
3012
4812
2128
4813
cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low
2129
4814
2130
4815
  * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
2131
4816
2132
4817
 -- Stéphane Graber <stgraber@ubuntu.com>  Thu,  14 Apr 2007 10:03:41 +0200
2133
4818
2134
4819
cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low
2135
4820
2136
4821
  * merge debian changes. Remaining ubuntu changes:
2137
4822
    - stop usplash on user input. Ubuntu: #62751
2138
4823
    - Always output and read from the console.  Ubuntu: #58794.
2139
4824
2140
4825
 -- Reinhard Tartler <siretart@tauware.de>  Sat,  3 Feb 2007 21:30:03 +0100
2141
4826
2142
3013
cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high
4827
cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high
2143
3014
4828
2144
3015
  [ Jonas Meurer ]
4829
  [ Jonas Meurer ]
2145
@@ -3059,6 +4873,28 @@ cryptsetup (2:1.0.4+svn16-1) unstable; urgency=medium
2146
3059
4873
2147
3060
 -- Jonas Meurer <mejo@debian.org>  Tue, 28 Nov 2006 18:17:12 +0100
4874
 -- Jonas Meurer <mejo@debian.org>  Tue, 28 Nov 2006 18:17:12 +0100
2148
3061
4875
2149
4876
cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low
2150
4877
2151
4878
  * fix and improve initramfs hook: terminate usplash if running, since
2152
4879
    adequate secure text input is not possible with usplash ATM
2153
4880
  * usplash support: Terminate usplash before asking a password.
2154
4881
    Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751
2155
4882
2156
4883
 -- Reinhard Tartler <siretart@tauware.de>  Wed, 24 Jan 2007 22:43:28 +0100
2157
4884
2158
4885
cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low
2159
4886
2160
4887
  * merge debian changes, remaining patches:
2161
4888
    - Always output and read from the console.  Ubuntu: #58794.
2162
4889
  * other changes have been merged or do noy apply anymore
2163
4890
  * read password via usplash if available in initramfs for rootfs. based on a patch from
2164
4891
    Swen Thümmler (Thanks for that!)  Ubuntu #62751
2165
4892
  * read password from initscript via usplash if running. should fix the
2166
4893
    rest of Ubuntu #62751. Only problem with that patch: It asks only once
2167
4894
    for the password! improvements welcome!
2168
4895
2169
4896
 -- Reinhard Tartler <siretart@tauware.de>  Sun, 19 Nov 2006 20:04:19 +0100
2170
4897
2171
3062
cryptsetup (2:1.0.4-8) unstable; urgency=high
4898
cryptsetup (2:1.0.4-8) unstable; urgency=high
2172
3063
4899
2173
3064
  [ Jonas Meurer ]
4900
  [ Jonas Meurer ]
2174
@@ -3216,6 +5052,27 @@ cryptsetup (2:1.0.4~rc2-1) unstable; urgency=low
2175
3216
5052
2176
3217
 -- Jonas Meurer <mejo@debian.org>  Mon,  4 Sep 2006 03:55:35 +0200
5053
 -- Jonas Meurer <mejo@debian.org>  Mon,  4 Sep 2006 03:55:35 +0200
2177
3218
5054
2178
5055
cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low
2179
5056
2180
5057
  * Always output and read from the console.  Ubuntu: #58794.
2181
5058
2182
5059
 -- Scott James Remnant <scott@ubuntu.com>  Thu, 21 Sep 2006 03:05:18 +0100
2183
5060
2184
5061
cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low
2185
5062
2186
5063
  * Load the dm-crypt module on startup.  Ubuntu: #53475.
2187
5064
2188
5065
 -- Scott James Remnant <scott@ubuntu.com>  Wed, 23 Aug 2006 11:53:49 +0200
2189
5066
2190
5067
cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low
2191
5068
2192
5069
  * Sync with Debian:
2193
5070
    Remaining Ubuntu Changes
2194
5071
    + debian/cryptdisks.functions:
2195
5072
      - Tell usplash to quit if we ask for a passphrase
2196
5073
2197
5074
 -- Sebastian Dröge <slomo@ubuntu.com>  Tue, 11 Jul 2006 20:03:27 +0200
2198
5075
2199
3219
cryptsetup (2:1.0.3-3) unstable; urgency=low
5076
cryptsetup (2:1.0.3-3) unstable; urgency=low
2200
3220
5077
2201
3221
  [ Jonas Meurer ]
5078
  [ Jonas Meurer ]
2202
diff --git a/debian/control b/debian/control
2203
index b53fcda..d218d7a 100644
2204
--- a/debian/control
2205
+++ b/debian/control
2206
@@ -1,7 +1,8 @@
2207
1
Source: cryptsetup
1
Source: cryptsetup
2208
2
Section: admin
2
Section: admin
2209
3
Priority: optional
3
Priority: optional
2211
4
Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>
4
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
2212
5
XSBC-Original-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel@alioth-lists.debian.net>
2213
5
Uploaders: Jonas Meurer <jonas@freesources.org>,
6
Uploaders: Jonas Meurer <jonas@freesources.org>,
2214
6
           Guilhem Moulin <guilhem@debian.org>
7
           Guilhem Moulin <guilhem@debian.org>
2215
7
Rules-Requires-Root: no
8
Rules-Requires-Root: no
2216
@@ -43,7 +44,8 @@ Depends: cryptsetup-bin (>= 2:1.6.0),
2217
43
         dmsetup,
44
         dmsetup,
2218
44
         ${misc:Depends},
45
         ${misc:Depends},
2219
45
         ${shlibs:Depends}
46
         ${shlibs:Depends}
2221
46
Suggests: cryptsetup-initramfs, dosfstools, keyutils, liblocale-gettext-perl
47
Recommends: cryptsetup-initramfs
2222
48
Suggests: dosfstools, keyutils, liblocale-gettext-perl
2223
47
Replaces: cryptsetup-run (<< 2:2.1.0-6)
49
Replaces: cryptsetup-run (<< 2:2.1.0-6)
2224
48
Breaks: cryptsetup-run (<< 2:2.1.0-6)
50
Breaks: cryptsetup-run (<< 2:2.1.0-6)
2225
49
Description: disk encryption support - startup scripts
51
Description: disk encryption support - startup scripts
2226
@@ -94,11 +96,11 @@ Description: disk encryption support - experimental SSH token handler
2227
94
96
2228
95
Package: cryptsetup-initramfs
97
Package: cryptsetup-initramfs
2229
96
Architecture: all
98
Architecture: all
2231
97
Depends: busybox | busybox-static,
99
Depends: busybox-initramfs,
2232
98
         cryptsetup (>= ${source:Version}),
100
         cryptsetup (>= ${source:Version}),
2233
99
         initramfs-tools (>= 0.137) | linux-initramfs-tool,
101
         initramfs-tools (>= 0.137) | linux-initramfs-tool,
2234
100
         ${misc:Depends}
102
         ${misc:Depends}
2236
101
Recommends: console-setup, kbd
103
Recommends: console-setup, kbd, plymouth
2237
102
Breaks: cryptsetup (<< 2:2.0.3-1)
104
Breaks: cryptsetup (<< 2:2.0.3-1)
2238
103
Replaces: cryptsetup (<< 2:2.0.3-1)
105
Replaces: cryptsetup (<< 2:2.0.3-1)
2239
104
Conflicts: lvm2 (<< 2.03.15-1)
106
Conflicts: lvm2 (<< 2.03.15-1)
2240
@@ -111,7 +113,7 @@ Description: disk encryption support - initramfs integration
2241
111
 This package provides initramfs integration for cryptsetup.
113
 This package provides initramfs integration for cryptsetup.
2242
112
114
2243
113
Package: cryptsetup-suspend
115
Package: cryptsetup-suspend
2245
114
Architecture: linux-any
116
Architecture: amd64 arm64 armhf ppc64el riscv64 s390x
2246
115
Multi-Arch: foreign
117
Multi-Arch: foreign
2247
116
Depends: cryptsetup-initramfs (>= ${source:Version}),
118
Depends: cryptsetup-initramfs (>= ${source:Version}),
2248
117
         initramfs-tools-core,
119
         initramfs-tools-core,
2249
diff --git a/debian/functions b/debian/functions
2250
index 917abad..73f5f2a 100644
2251
--- a/debian/functions
2252
+++ b/debian/functions
2253
@@ -603,6 +603,7 @@ _resolve_device() {
2254
603
#   Print the major:minor device ID(s) holding the file system currently
603
#   Print the major:minor device ID(s) holding the file system currently
2255
604
#   mounted currenty mounted on $mountpoint.
604
#   mounted currenty mounted on $mountpoint.
2256
605
#   Return 0 on success, 1 on error (if $mountpoint is not a mountpoint).
605
#   Return 0 on success, 1 on error (if $mountpoint is not a mountpoint).
2257
606
#   devno will be empty if the filesystem must be excluded.
2258
606
get_mnt_devno() {
607
get_mnt_devno() {
2259
607
    local wantmount="$1" devnos="" uuid dev IFS
608
    local wantmount="$1" devnos="" uuid dev IFS
2260
608
    local spec mountpoint fstype _ DEV MAJ MIN
609
    local spec mountpoint fstype _ DEV MAJ MIN
2261
@@ -616,8 +617,15 @@ get_mnt_devno() {
2262
616
            # take the last mountpoint if used several times (shadowed)
617
            # take the last mountpoint if used several times (shadowed)
2263
617
            unset -v devnos
618
            unset -v devnos
2264
618
            spec="$(printf '%b' "$spec")"
619
            spec="$(printf '%b' "$spec")"
2265
619
            _resolve_device "$spec" || continue # _resolve_device() already warns on error
2266
620
            fstype="$(printf '%b' "$fstype")"
620
            fstype="$(printf '%b' "$fstype")"
2267
621
            if [ "$fstype" = "zfs" ]; then
2268
622
                # Ignore ZFS entries as they don't have a major/minor and won't
2269
623
                # be imported when local-top cryptroot script will ran.
2270
624
                # Returns success with empty devno
2271
625
                printf ''
2272
626
                return 0
2273
627
            fi
2274
628
            _resolve_device "$spec" || continue # _resolve_device() already warns on error
2275
621
            if [ "$fstype" = "btrfs" ]; then
629
            if [ "$fstype" = "btrfs" ]; then
2276
622
                # btrfs can span over multiple devices
630
                # btrfs can span over multiple devices
2277
623
                if uuid="$(_device_uuid "$DEV")"; then
631
                if uuid="$(_device_uuid "$DEV")"; then
2278
diff --git a/debian/initramfs/cryptroot-unlock b/debian/initramfs/cryptroot-unlock
2279
index dbc2ad0..0e91701 100644
2280
--- a/debian/initramfs/cryptroot-unlock
2281
+++ b/debian/initramfs/cryptroot-unlock
2282
@@ -40,8 +40,14 @@ fi
2283
40
pgrep_exe() {
40
pgrep_exe() {
2284
41
	local exe pid
41
	local exe pid
2285
42
	exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0
42
	exe="$(readlink -f -- "$1" 2>/dev/null)" && [ -f "$exe" ] || return 0
2288
43
	ps -eo pid= | while read pid; do
43
	ps | awk '{print $1, $5}' | while read LINE; do
2289
44
		[ "$(readlink -f "/proc/$pid/exe")" != "$exe" ] || printf '%d\n' "$pid"
44
		set $LINE
2290
45
		local pid=$1
2291
46
		local cmd=$(readlink -f -- "$2")
2292
47
		if [ "$cmd" == "$exe" ]; then
2293
48
			echo $pid
2294
49
			break
2295
50
		fi
2296
45
	done
51
	done
2297
46
}
52
}
2298
47
53
2299
@@ -101,7 +107,7 @@ wait_for_prompt() {
2300
101
			break
107
			break
2301
102
		fi
108
		fi
2302
103
109
2304
104
		usleep 100000
110
		sleep 0.1
2305
105
		timer=$(( $timer - 1 ))
111
		timer=$(( $timer - 1 ))
2306
106
		if [ $timer -le 0 ]; then
112
		if [ $timer -le 0 ]; then
2307
107
			echo "Error: Timeout reached while waiting for askpass." >&2
113
			echo "Error: Timeout reached while waiting for askpass." >&2
2308
@@ -112,7 +118,7 @@ wait_for_prompt() {
2309
112
	# find the cryptsetup process with same $CRYPTTAB_NAME
118
	# find the cryptsetup process with same $CRYPTTAB_NAME
2310
113
	local o v
119
	local o v
2311
114
	for o in NAME TRIED OPTION_tries; do
120
	for o in NAME TRIED OPTION_tries; do
2313
115
		if v="$(grep -z -m1 "^CRYPTTAB_$o=" "/proc/$pid/environ")"; then
121
		if v="$(tr '\0' '\n' < "/proc/$pid/environ" | grep -m1 "^CRYPTTAB_$o=")"; then
2314
116
			eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}"
122
			eval "CRYPTTAB_$o"="\${v#CRYPTTAB_$o=}"
2315
117
		else
123
		else
2316
118
			eval unset -v "CRYPTTAB_$o"
124
			eval unset -v "CRYPTTAB_$o"
2317
@@ -128,7 +134,7 @@ wait_for_prompt() {
2318
128
	fi
134
	fi
2319
129
135
2320
130
	for pid in $(pgrep_exe "/sbin/cryptsetup"); do
136
	for pid in $(pgrep_exe "/sbin/cryptsetup"); do
2322
131
		if grep -Fxqz "CRYPTTAB_NAME=$CRYPTTAB_NAME" "/proc/$pid/environ"; then
137
		if tr '\0' '\n' < "/proc/$pid/environ" | grep -Fxq "CRYPTTAB_NAME=$CRYPTTAB_NAME"; then
2323
132
			PID=$pid
138
			PID=$pid
2324
133
			BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break
139
			BIRTH=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) || break
2325
134
			return 0
140
			return 0
2326
@@ -148,7 +154,7 @@ wait_for_prompt() {
2327
148
wait_for_answer() {
154
wait_for_answer() {
2328
149
	local timer=$(( 10 * $TIMEOUT )) b
155
	local timer=$(( 10 * $TIMEOUT )) b
2329
150
	while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do
156
	while [ -d "/proc/$PID" ] && b=$(stat -c"%Z" "/proc/$PID" 2>/dev/null) && [ $b -le $BIRTH ]; do
2331
151
		usleep 100000
157
		sleep 0.1
2332
152
		timer=$(( $timer - 1 ))
158
		timer=$(( $timer - 1 ))
2333
153
		if [ $timer -le 0 ]; then
159
		if [ $timer -le 0 ]; then
2334
154
			echo "Error: Timeout reached while waiting for PID $PID." >&2
160
			echo "Error: Timeout reached while waiting for PID $PID." >&2
2335
diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot
2336
index 3557786..eda5fdd 100644
2337
--- a/debian/initramfs/hooks/cryptroot
2338
+++ b/debian/initramfs/hooks/cryptroot
2339
@@ -178,16 +178,18 @@ generate_initrd_crypttab() {
2340
178
178
2341
179
    {
179
    {
2342
180
        if devnos="$(get_mnt_devno /)"; then
180
        if devnos="$(get_mnt_devno /)"; then
2344
181
            usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos
181
            if [ -n "$devnos" ]; then
2345
182
                usage=rootfs foreach_cryptdev crypttab_find_and_print_entry $devnos
2346
183
            fi
2347
182
        else
184
        else
2348
183
            cryptsetup_message "WARNING: Couldn't determine root device"
185
            cryptsetup_message "WARNING: Couldn't determine root device"
2349
184
        fi
186
        fi
2350
185
187
2352
186
        if devnos="$(get_resume_devno)"; then
188
        if devnos="$(get_resume_devno)" && [ -n "$devnos" ]; then
2353
187
            usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos
189
            usage=resume foreach_cryptdev crypttab_find_and_print_entry $devnos
2354
188
        fi
190
        fi
2355
189
191
2357
190
        if devnos="$(get_mnt_devno /usr)"; then
192
        if devnos="$(get_mnt_devno /usr)" && [ -n "$devnos" ]; then
2358
191
            usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos
193
            usage="" foreach_cryptdev crypttab_find_and_print_entry $devnos
2359
192
        fi
194
        fi
2360
193
195
2361
diff --git a/debian/patches/decrease_memlock_ulimit.patch b/debian/patches/decrease_memlock_ulimit.patch
2362
194
new file mode 100644
196
new file mode 100644
2363
index 0000000..a9fd0d1
2364
--- /dev/null
2365
+++ b/debian/patches/decrease_memlock_ulimit.patch
2366
@@ -0,0 +1,49 @@
2367
1
Description: Decrease memlock limit to mimic Xenial builder behavior.
2368
2
 This approach prevents cryptsetup to FTBFS, since the PPA builders were
2369
3
 upgraded to Bionic, which has a bigger memlock limit (but not enough).
2370
4
 With this quirk, cryptsetup won't mlock() its memory allocationss, hence
2371
5
 it behaves exactly as the Xenial builders. Meanwhile, we pursue the
2372
6
 proper fix (systemd patch to bump memlock to a higher limit on Bionic).
2373
7
Author: Guilherme G. Piccoli <gpiccoli@canonical.com>
2374
8
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1891473
2375
9
Last-Update: 2020-09-09
2376
10
2377
11
--- a/tests/compat-test
2378
12
+++ b/tests/compat-test
2379
13
@@ -47,6 +47,10 @@
2380
14
 LOOPDEV=$(losetup -f 2>/dev/null)
2381
15
 FIPS_MODE=$(cat /proc/sys/crypto/fips_enabled 2>/dev/null)
2382
16
 
2383
17
+# Circumvent test failure due to Bionic builder; we need to decrease
2384
18
+# the memlock limit here to mimic Xenial builder (see LP #1891473).
2385
19
+ulimit -l 0
2386
20
+
2387
21
 function remove_mapping()
2388
22
 {
2389
23
 	[ -b /dev/mapper/$DEV_NAME3 ] && dmsetup remove --retry $DEV_NAME3 >/dev/null 2>&1
2390
24
--- a/tests/luks2-validation-test
2391
25
+++ b/tests/luks2-validation-test
2392
26
@@ -21,6 +21,10 @@
2393
27
 
2394
28
 [ -z "$srcdir" ] && srcdir="."
2395
29
 
2396
30
+# Circumvent test failure due to Bionic builder; we need to decrease
2397
31
+# the memlock limit here to mimic Xenial builder (see LP #1891473).
2398
32
+ulimit -l 0
2399
33
+
2400
34
 function remove_mapping()
2401
35
 {
2402
36
 	rm -rf $IMG $TST_IMGS >/dev/null 2>&1
2403
37
--- a/tests/tcrypt-compat-test
2404
38
+++ b/tests/tcrypt-compat-test
2405
39
@@ -16,6 +16,10 @@
2406
40
 
2407
41
 [ -z "$srcdir" ] && srcdir="."
2408
42
 
2409
43
+# Circumvent test failure due to Bionic builder; we need to decrease
2410
44
+# the memlock limit here to mimic Xenial builder (see LP #1891473).
2411
45
+ulimit -l 0
2412
46
+
2413
47
 function remove_mapping()
2414
48
 {
2415
49
 	[ -b /dev/mapper/$MAP ] && dmsetup remove --retry $MAP
2416
diff --git a/debian/patches/series b/debian/patches/series
2417
index f64f6f7..e19ab24 100644
2418
--- a/debian/patches/series
2419
+++ b/debian/patches/series
2420
@@ -2,3 +2,4 @@ Try-to-avoid-OOM-killer-on-low-memory-systems-without-swa.patch
2421
2
Print-warning-when-keyslot-requires-more-memory-than-avai.patch
2
Print-warning-when-keyslot-requires-more-memory-than-avai.patch
2422
3
Check-for-physical-memory-available-also-in-PBKDF-benchma.patch
3
Check-for-physical-memory-available-also-in-PBKDF-benchma.patch
2423
4
Use-only-half-of-detected-free-memory-on-systems-without-.patch
4
Use-only-half-of-detected-free-memory-on-systems-without-.patch
2424
5
decrease_memlock_ulimit.patch
2425
diff --git a/debian/rules b/debian/rules
2426
index 757085c..08074b4 100755
2427
--- a/debian/rules
2428
+++ b/debian/rules
2429
@@ -87,8 +87,10 @@ override_dh_bugfiles:
2430
87
execute_after_dh_fixperms-arch:
87
execute_after_dh_fixperms-arch:
2431
88
	chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/*
88
	chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/*
2432
89
	chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_*
89
	chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_*
2433
90
ifneq ($(DEB_HOST_ARCH),i386)
2434
90
	chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
91
	chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
2435
91
	chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
92
	chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
2436
93
endif
2437
92
ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES)))
94
ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES)))
2438
93
	chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/*
95
	chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/*
2439
94
	chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_*
96
	chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_*
2440
diff --git a/debian/tests/control b/debian/tests/control
2441
index 52752a3..0b7e9be 100644
2442
--- a/debian/tests/control
2443
+++ b/debian/tests/control
2444
@@ -42,8 +42,9 @@ Depends: cryptsetup-bin,
2445
42
         sshpass
42
         sshpass
2446
43
Restrictions: needs-root, isolation-machine
43
Restrictions: needs-root, isolation-machine
2447
44
44
2450
45
45
# cryptdisks test is disabled - it fails to open /dev/tty in CI
2451
46
Tests: cryptdisks, cryptdisks.init
46
#Tests: cryptdisks, cryptdisks.init
2452
47
Tests: cryptdisks.init
2453
47
Depends: cryptsetup, xxd
48
Depends: cryptsetup, xxd
2454
48
Restrictions: allow-stderr, needs-root, isolation-machine
49
Restrictions: allow-stderr, needs-root, isolation-machine
2455
49
50
2456
diff --git a/debian/tests/cryptroot-lvm.d/mock b/debian/tests/cryptroot-lvm.d/mock
2457
index f57e42f..f777763 100755
2458
--- a/debian/tests/cryptroot-lvm.d/mock
2459
+++ b/debian/tests/cryptroot-lvm.d/mock
2460
@@ -36,8 +36,13 @@ else {
2461
36
    expect($SERIAL => qr/(?:^|\s)?PM: suspend exit\r\n/m);
36
    expect($SERIAL => qr/(?:^|\s)?PM: suspend exit\r\n/m);
2462
37
    unlock_disk("topsecret");
37
    unlock_disk("topsecret");
2463
38
38
2466
39
    # consume PS1 to make sure we're at a shell prompt
39
    # suspend() leaves clutter in the console due to the retries
2467
40
    expect($CONSOLE => qr/\A $PS1 \z/aamsx);
40
    # that prevents test from succeeding.
2468
41
    consume($CONSOLE);
2469
42
2470
43
    # ensure that shell is available
2471
44
    shell(q{echo ready}, rv => 0);
2472
45
2473
41
    my $out = shell(q{dmsetup info -c --noheadings -omangled_name,suspended --separator ' '});
46
    my $out = shell(q{dmsetup info -c --noheadings -omangled_name,suspended --separator ' '});
2474
42
    die if grep !/[:[:blank:]]Active$/i, split(/\r?\n/, $out);
47
    die if grep !/[:[:blank:]]Active$/i, split(/\r?\n/, $out);
2475
43
48
2476
diff --git a/debian/tests/cryptroot-nested.d/config b/debian/tests/cryptroot-nested.d/config
2477
index 995200c..fcfba32 100644
2478
--- a/debian/tests/cryptroot-nested.d/config
2479
+++ b/debian/tests/cryptroot-nested.d/config
2480
@@ -1,6 +1,13 @@
2481
1
PKGS_EXTRA+=( btrfs-progs lvm2 mdadm )
1
PKGS_EXTRA+=( btrfs-progs lvm2 mdadm )
2482
2
PKGS_EXTRA+=( cryptsetup-initramfs )
2
PKGS_EXTRA+=( cryptsetup-initramfs )
2483
3
3
2484
4
# "$DISTRIBUTOR_ID" is defined in ../utils/cryptroot-common
2485
5
# Workaround for LP1831747 https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1831747
2486
6
# Add implicit dependency of cryptsetup-initramfs
2487
7
if [ "$DISTRIBUTOR_ID" = "ubuntu" ]; then
2488
8
    PKGS_EXTRA+=( e2fsprogs )
2489
9
fi
2490
10
2491
4
# /dev/mapper/testvg-lv1_crypt and /dev/vdc are both 1G and used in RAID1 mode
11
# /dev/mapper/testvg-lv1_crypt and /dev/vdc are both 1G and used in RAID1 mode
2492
5
DRIVE_SIZES=( "1G" "264M" "1G" "512M" )
12
DRIVE_SIZES=( "1G" "264M" "1G" "512M" )
2493
6
13
2494
diff --git a/debian/tests/cryptroot-sysvinit.d/config b/debian/tests/cryptroot-sysvinit.d/config
2495
index f6b7392..1d41c24 100644
2496
--- a/debian/tests/cryptroot-sysvinit.d/config
2497
+++ b/debian/tests/cryptroot-sysvinit.d/config
2498
@@ -1,5 +1,10 @@
2499
1
PKGS_EXTRA+=( e2fsprogs ) # for fsck.ext4
1
PKGS_EXTRA+=( e2fsprogs ) # for fsck.ext4
2500
2
PKGS_EXTRA+=( cryptsetup-initramfs cryptsetup )
2
PKGS_EXTRA+=( cryptsetup-initramfs cryptsetup )
2503
3
PKG_INIT="sysvinit-core"
3
# "$DISTRIBUTOR_ID" is defined in ../utils/cryptroot-common
2504
4
4
case "$DISTRIBUTOR_ID" in
2505
5
    debian) PKG_INIT="sysvinit-core";;
2506
6
    ubuntu) PKG_INIT="systemd-sysv";;
2507
7
    *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't determine default init package" >&2;
2508
8
       exit 1;;
2509
9
esac
2510
5
# vim: set filetype=bash :
10
# vim: set filetype=bash :
2511
diff --git a/debian/tests/initramfs-hook b/debian/tests/initramfs-hook
2512
index 4171102..f58e6f5 100755
2513
--- a/debian/tests/initramfs-hook
2514
+++ b/debian/tests/initramfs-hook
2515
@@ -63,6 +63,20 @@ mkinitramfs() {
2516
63
    # `mkinitramfs -k` would be better but we can't set $DESTDIR in advance
63
    # `mkinitramfs -k` would be better but we can't set $DESTDIR in advance
2517
64
    cleanup_initrd_dir
64
    cleanup_initrd_dir
2518
65
    command unmkinitramfs "$INITRD_IMG" "$INITRD_DIR"
65
    command unmkinitramfs "$INITRD_IMG" "$INITRD_DIR"
2519
66
2520
67
    # find subdirectory with the root file system relative to the cryptsetup location
2521
68
    CRYPTSETUP_PATH=sbin/cryptsetup
2522
69
    ROOTFS_DIR=`find "$INITRD_DIR" -name cryptsetup | grep "/usr/$CRYPTSETUP_PATH" | sed -e "s|/usr/$CRYPTSETUP_PATH||"`
2523
70
2524
71
    if [[ -z "$ROOTFS_DIR" ]]; then
2525
72
        ROOTFS_DIR=`find "$INITRD_DIR" -name cryptsetup | grep "/$CRYPTSETUP_PATH" | sed -e "s|/$CRYPTSETUP_PATH||"`
2526
73
    fi
2527
74
2528
75
    if [[ ! -z "$ROOTFS_DIR" ]] && [[ "$ROOTFS_DIR" != "$INITRD_DIR" ]] && [[ -d "$ROOTFS_DIR" ]]; then
2529
76
        echo move root filesystem from "$ROOTFS_DIR" to "$INITRD_DIR"
2530
77
        mv "$ROOTFS_DIR"/* "$INITRD_DIR"
2531
78
    fi
2532
79
2533
66
    for d in dev proc sys; do
80
    for d in dev proc sys; do
2534
67
        mkdir -p "$INITRD_DIR/$d"
81
        mkdir -p "$INITRD_DIR/$d"
2535
68
        mount --bind "/$d" "$INITRD_DIR/$d"
82
        mount --bind "/$d" "$INITRD_DIR/$d"
2536
@@ -190,9 +204,9 @@ cryptsetup close test3_crypt
2537
190
# plain, blowfish + ripemd160 (ignored due to keyfile)
204
# plain, blowfish + ripemd160 (ignored due to keyfile)
2538
191
disk_setup
205
disk_setup
2539
192
head -c32 /dev/urandom >"$TMPDIR/keyfile"
206
head -c32 /dev/urandom >"$TMPDIR/keyfile"
2541
193
cryptsetup open --type=plain --cipher="blowfish" --key-file="$TMPDIR/keyfile" --size=256 --hash="ripemd160" "$CRYPT_DEV" test3_crypt
207
cryptsetup open --type=plain --cipher="blowfish" --key-file="$TMPDIR/keyfile" --hash="ripemd160" "$CRYPT_DEV" test3_crypt
2542
194
mkfs.ext2 -m0 /dev/mapper/test3_crypt
208
mkfs.ext2 -m0 /dev/mapper/test3_crypt
2544
195
echo "test3_crypt $CRYPT_DEV $TMPDIR/keyfile plain,cipher=blowfish,hash=ripemd160,size=256,initramfs" >/etc/crypttab
209
echo "test3_crypt $CRYPT_DEV $TMPDIR/keyfile plain,cipher=blowfish,hash=ripemd160,initramfs" >/etc/crypttab
2545
196
mkinitramfs
210
mkinitramfs
2546
197
legacy_so="$(find "$INITRD_DIR" -xdev -type f -path "*/ossl-modules/legacy.so")"
211
legacy_so="$(find "$INITRD_DIR" -xdev -type f -path "*/ossl-modules/legacy.so")"
2547
198
test -z "$legacy_so" || exit 1 # don't need legacy.so here
212
test -z "$legacy_so" || exit 1 # don't need legacy.so here
2548
diff --git a/debian/tests/utils/cryptroot-common b/debian/tests/utils/cryptroot-common
2549
index a7df37f..8cedda0 100755
2550
--- a/debian/tests/utils/cryptroot-common
2551
+++ b/debian/tests/utils/cryptroot-common
2552
@@ -81,6 +81,7 @@ load_os_release() {
2553
81
}
81
}
2554
82
case "${DISTRIBUTOR_ID:="$(load_os_release && printf "%s" "${ID,,[A-Z]}")"}" in
82
case "${DISTRIBUTOR_ID:="$(load_os_release && printf "%s" "${ID,,[A-Z]}")"}" in
2555
83
    debian) APT_REPO_ORIGIN="Debian"; APT_REPO_URI="http://deb.debian.org/debian";;
83
    debian) APT_REPO_ORIGIN="Debian"; APT_REPO_URI="http://deb.debian.org/debian";;
2556
84
    ubuntu) APT_REPO_ORIGIN="Ubuntu"; APT_REPO_URI="http://archive.ubuntu.com/ubuntu";;
2557
84
    # suitable values for derivative can be added here
85
    # suitable values for derivative can be added here
2558
85
    *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract APT origin" >&2;
86
    *) echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract APT origin" >&2;
2559
86
       exit 1;;
87
       exit 1;;
2560
@@ -164,6 +165,12 @@ case "$BOOT" in
2561
164
    efi) PKG_BOOTLOADER="grub-efi";;
165
    efi) PKG_BOOTLOADER="grub-efi";;
2562
165
    *) echo "ERROR unknown boot method '$BOOT'" >&2; exit 1;;
166
    *) echo "ERROR unknown boot method '$BOOT'" >&2; exit 1;;
2563
166
esac
167
esac
2564
168
2565
169
if [ "$DISTRIBUTOR_ID" = "ubuntu" ]; then
2566
170
    echo "Overriding kernel arch to generic"
2567
171
    KERNEL_ARCH="generic"
2568
172
fi
2569
173
2570
167
PKG_KERNEL="linux-image-$KERNEL_ARCH"
174
PKG_KERNEL="linux-image-$KERNEL_ARCH"
2571
168
PKG_INIT="systemd-sysv" # default pid1
175
PKG_INIT="systemd-sysv" # default pid1
2572
169
MERGED_USR="" # use default layout for the target version
176
MERGED_USR="" # use default layout for the target version
2573
@@ -301,6 +308,12 @@ setup_apt() {
2574
301
        esac >"$TEMPDIR/apt/sources.list"
308
        esac >"$TEMPDIR/apt/sources.list"
2575
302
    fi
309
    fi
2576
303
310
2577
311
    # ubuntu CI populates sources.list.d with PPA source, append them to the list
2578
312
    if [ "$DISTRIBUTOR_ID" = "ubuntu" -a -d /etc/apt/sources.list.d ]; then
2579
313
        echo "Append contents of /etc/apt/sources.list.d to $TEMPDIR/apt/sources.list"
2580
314
        find /etc/apt/sources.list.d -type f | xargs cat >> "$TEMPDIR/apt/sources.list"
2581
315
    fi
2582
316
2583
304
    local apt_repo
317
    local apt_repo
2584
305
    for apt_repo in "${EXTRA_REPOS[@]}"; do
318
    for apt_repo in "${EXTRA_REPOS[@]}"; do
2585
306
        printf "%s\\n" "$apt_repo" >>"$TEMPDIR/apt/sources.list"
319
        printf "%s\\n" "$apt_repo" >>"$TEMPDIR/apt/sources.list"
2586
@@ -416,9 +429,20 @@ extract_kernel() {
2587
416
    fi
429
    fi
2588
417
430
2589
418
    mkdir "$destdir"
431
    mkdir "$destdir"
2593
419
    dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \
432
    if [ "$DISTRIBUTOR_ID" == "debian" ]; then
2594
420
        "./boot/vmlinuz-$KERNEL_VERSION" \
433
            dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \
2595
421
        "./lib/modules/$KERNEL_VERSION"
434
            "./boot/vmlinuz-$KERNEL_VERSION" \
2596
435
            "./lib/modules/$KERNEL_VERSION"
2597
436
    elif [ "$DISTRIBUTOR_ID" == "ubuntu" ]; then
2598
437
        dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \
2599
438
            "./boot/vmlinuz-$KERNEL_VERSION"; MODULES_DEB="$(echo $KERNEL_DEB |  sed s/-image-/-modules-/)"; \
2600
439
        dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$MODULES_DEB" | tar -C "$destdir" -xf- \
2601
440
            "./lib/modules/$KERNEL_VERSION"
2602
441
    else
2603
442
        echo "ERROR: Unknown distributor ID '$DISTRIBUTOR_ID', can't extract kernel" >&2
2604
443
        exit 1
2605
444
    fi
2606
445
2607
422
    ln -T -- "$destdir/boot/vmlinuz-$KERNEL_VERSION" "$TEMPDIR/vmlinuz-$KERNEL_VERSION"
446
    ln -T -- "$destdir/boot/vmlinuz-$KERNEL_VERSION" "$TEMPDIR/vmlinuz-$KERNEL_VERSION"
2608
423
}
447
}
2609
424
448
2610
diff --git a/debian/tests/utils/mock.pm b/debian/tests/utils/mock.pm
2611
index 10db3e6..2425d87 100644
2612
--- a/debian/tests/utils/mock.pm
2613
+++ b/debian/tests/utils/mock.pm
2614
@@ -97,6 +97,26 @@ sub expect(;$$) {
2615
97
    #print STDERR "INFO done reading\n";
97
    #print STDERR "INFO done reading\n";
2616
98
}
98
}
2617
99
99
2618
100
sub consume($) {
2619
101
    my $chan = shift;
2620
102
    my $buffer = defined $chan ? \$BUFFER{$chan} : undef;
2621
103
    if (! defined $buffer) {
2622
104
        return;
2623
105
    }
2624
106
2625
107
    while(unpack("b*", $RBITS) != 0) {
2626
108
        my $rout = $RBITS;
2627
109
        if (select($rout, undef, undef, 1) == -1) {
2628
110
            return;
2629
111
        }
2630
112
        read_data($rout);
2631
113
        if (length($$buffer) == 0) {
2632
114
            return;
2633
115
        }
2634
116
        $$buffer = "";
2635
117
    }
2636
118
}
2637
119
2638
100
sub write_data($$%) {
120
sub write_data($$%) {
2639
101
    my $chan = shift;
121
    my $chan = shift;
2640
102
    my $data = shift;
122
    my $data = shift;
2641
@@ -167,11 +187,13 @@ BEGIN {
2642
167
        hibernate
187
        hibernate
2643
168
        poweroff
188
        poweroff
2644
169
        expect
189
        expect
2645
190
        consume
2646
170
    /;
191
    /;
2647
171
}
192
}
2648
172
193
2649
173
*expect     = \&CryptrootTest::Utils::expect;
194
*expect     = \&CryptrootTest::Utils::expect;
2650
174
*write_data = \&CryptrootTest::Utils::write_data;
195
*write_data = \&CryptrootTest::Utils::write_data;
2651
196
*consume = \&CryptrootTest::Utils::consume;
2652
175
197
2653
176
sub unlock_disk($) {
198
sub unlock_disk($) {
2654
177
    my $passphrase = shift;
199
    my $passphrase = shift;
2655
@@ -228,7 +250,9 @@ sub shell($%) {
2656
228
250
2657
229
# enter S3 sleep state (suspend to ram aka standby)
251
# enter S3 sleep state (suspend to ram aka standby)
2658
230
sub suspend() {
252
sub suspend() {
2660
231
    write_data($CONSOLE => q{systemctl suspend});
253
    # there is a race condition that causes suspend to fail.
2661
254
    # retry until success. Note, this may leave clutter in the console
2662
255
    write_data($CONSOLE => q{until systemctl suspend; do sleep 1; done});
2663
232
    # while the command is asynchronous the system might suspend before
256
    # while the command is asynchronous the system might suspend before
2664
233
    # we have a chance to read the next $PS1
257
    # we have a chance to read the next $PS1
2665
234
258
Reviewer	Date Requested	Status
Steve Langasek (community)		Approve on 2023-05-15
git-ubuntu import	2023-05-14	Pending
Review via email: mp+442802@code.launchpad.net