lp:~xnox/debian/sid/cryptsetup/ubuntu
- Get this branch:
- bzr branch lp:~xnox/debian/sid/cryptsetup/ubuntu
Branch merges
Related bugs
Related blueprints
Branch information
- Owner:
- Dimitri John Ledkov
- Status:
- Development
Recent revisions
- 30. By Dimitri John Ledkov
-
* Merge from debian unstable, remaining changes:
- debian/control:
+ Bump initramfs-tools Suggests to Depends: so system is not
potentially rendered unbootable.
+ Depend on plymouth.
- Invert the "busybox | busybox-static" Recommends, as the latter is
the one we ship in main as part of the ubuntu-standard task.- Remove hardcoded paths to udevadm (LP: #1184066).
- debian/
initramfs/ cryptroot- hook:
+ Do not unconditionally include cryptsetup utils in the initramfs.
+ Do not include any modules or utils in the initramfs, unless
rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
the initramfs.conf configuration file.
* debian/initramfs/ cryptroot- hook:
- Do not unconditionally include cryptsetup utils in the initramfs.
- Do not include any modules or utils in the initramfs, unless
rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in
the initramfs.conf configuration file.
* Remove hardcoded paths to udevadm (LP: #1184066).
* Invert the "busybox | busybox-static" Recommends, as the latter
is the one we ship in main as part of the ubuntu-standard task.
* Merge from debian unstable, remaining changes:
- debian/control:
+ Bump initramfs-tools Suggests to Depends: so system is not
potentially rendered unbootable.
+ Depend on plymouth.
- init/upstart jobs:
+ Rename cryptddisks{,-early} .upstart jobs to
cryptdisks-{enable, udev}.upstart, as we need both init & upstart jobs
for now.
+ debian/cryptdisks{ ,-early} .init: Make the 'start' action of the init
script a no-op, this should be handled entirely by the upstart job;
and fix the LSB header to not declare this should be started in
runlevel 'S'.
+ Do not install start symlinks for init scripts
+ NB! shutdown is still handled by the SystemV init scripts
* Merge from debian unstable (LP: #1015753), remaining changes:
- debian/control:
+ Bump initramfs-tools Suggests to Depends: so system is not
potentially rendered unbootable.
+ Depend on plymouth.
- init/upstart jobs:
+ Add debian/cryptdisks- {enable, udev}.upstart for bootup.
+ debian/cryptdisks{ ,-early} .init: Make the 'start' action of the init
script a no-op, this should be handled entirely by the upstart job;
and fix the LSB header to not declare this should be started in
runlevel 'S'.
+ Do not install start symlinks for init scripts
+ NB! shutdown is still handled by the SystemV init scripts
* Rename cryptddisks{,-early} .upstart jobs back to
cryptdisks-{enable, udev}.upstart, as we need both init & upstart jobs
for now.
* Dropped Changes, included in Debian:
- debian/control:
+ Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
- debian/cryptdisks. functions:
+ Do not overwrite existing filesystems when creating swap (LP: #474258).
+ Add aesni module when we have hardware encryption.
+ Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/ 874774
+ Suppress "Starting init crypto disks" message in "init" phase, to
avoid writing over fsck progress text.
+ new function, crypttab_start_one_ disk, to look for the named source
device in /etc/crypttab (by device name, UUID, or label) and start it
if configured to do so
+ handle the case where crypttab contains a name for the source
device that is not the kernel's preferred name for it (as is the case
for LVs).
- debian/initramfs/ cryptroot- hook:
+ Quiet warnings from find on arches that don't have all the
kernel/{arch,crypto} bits we're testing for.
* Our swap creation can trigger udev change events, which means udev may be
holding the device open at the time we try to call 'dmsetup rename' and
cause the /subsequent/ events to be missed because of dmsetup creating
device nodes by hand. So call 'udevadm settle' before 'dmsetup rename',
to ensure blkid is out of the way first. This should ensure swap
partitions are found by mountall in a non-racy manner. LP: #874774.
* Start cryptdisks-enable upstart job on 'or container', to let us
simplify the udevtrigger job.
* Split up package in cryptsetup and cryptsetup-bin. (LP: #343363).
* Do not overwrite existing filesystems when creating swap (LP: #474258).
* Add aesni module when we have hardware encryption.
* Merge from debian unstable (LP: #776264), remaining changes:
- debian/cryptdisks. functions: Suppress "Starting init crypto disks" message
in "init" phase, to avoid writing over fsck progress text.
- debian/cryptroot- hook: Quiet warnings from find on arches that
don't have all the kernel/{arch,crypto} bits we're testing for.
- debian/control:
+ Bump initramfs-tools Suggests to Depends: so system is not
potentially rendered unbootable.
+ Depend on plymouth.
- Add debian/cryptdisks- {enable, udev}.upstart.
- debian/cryptdisks. functions:
+ new function, crypttab_start_one_ disk, to look for the named source
device in /etc/crypttab (by device name, UUID, or label) and start it
if configured to do so
- debian/cryptdisks{ ,-early} .init: Make the 'start' action of the init
script a no-op, this should be handled entirely by the upstart job;
and fix the LSB header to not declare this should be started in
runlevel 'S'
- debian/rules:
+ Do not install start symlinks for init scripts, and
install debian/cryptdisks- {enable, udev}.upstart scripts.
* debian/cryptdisks. functions: handle the case where crypttab contains a
name for the source device that is not the kernel's preferred name for
it (as is the case for LVs).
* debian/cryptdisks. functions: Suppress "Starting init crypto disks" message
in "init" phase, to avoid writing over fsck progress text.
* debian/cryptroot- hook: Quiet warnings from find on arches that
don't have all the kernel/{arch,crypto} bits we're testing for.
* Merge from debian unstable (LP: #682177), remaining changes:
- debian/control:
+ Bump initramfs-tools Suggests to Depends: so system is not
potentially rendered unbootable.
+ Depend on plymouth.
- Add debian/cryptdisks- {enable, udev}.upstart.
- debian/cryptdisks. functions:
+ new function, crypttab_start_one_ disk, to look for the named source
device in /etc/crypttab (by device name, UUID, or label) and start it
if configured to do so
+ wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
we only ever have one of these running at a time; otherwise multiple
invocations could steal each other's input and/or write over each
other's output
+ when called by cryptdisks-enable, check that we don't already have a
corresponding cryptdisks-udev job running (probably waiting for a
passphrase); if there is, wait until it's finished before continuing.
- debian/cryptdisks{ ,-early} .init: Make the 'start' action of the init
script a no-op, this should be handled entirely by the upstart job;
and fix the LSB header to not declare this should be started in
runlevel 'S'
- debian/cryptsetup. postinst: Remove any symlinks from /etc/rcS.d on
upgrade.
- debian/rules:
+ Do not install start symlinks for init scripts, and
install debian/cryptdisks- {enable, udev}.upstart scripts.
+ link dynamically against libgcrypt and libgpg-error.
- Add debian/cryptsetup. apport: Apport package hook. Install in
debian/rules and create dir in debian/cryptsetup. dirs.
- debian/cryptsetup. postrm: call update-initramfs on package removal.
* Merge from Debian unstable (LP: #594365). Remaining changes:
- debian/control:
+ Bump initramfs-tools Suggests to Depends: so system is not
potentially rendered unbootable.
+ Depend on plymouth.
- Add debian/cryptdisks- {enable, udev}.upstart.
- debian/cryptdisks. functions:
+ new function, crypttab_start_one_ disk, to look for the named source
device in /etc/crypttab (by device name, UUID, or label) and start it
if configured to do so
+ wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
we only ever have one of these running at a time; otherwise multiple
invocations could steal each other's input and/or write over each
other's output
+ initially create the device under a temporary name and rename it only
at the end using 'dmsetup rename', to ensure that upstart/mountall
doesn't see our device before it's ready to go.
+ do_tmp should mount under /var/run/cryptsetup for changing the
permissions of the filesystem root, not directly on /tmp, since
mounting on /tmp a) is racy, b) confuses mountall something fierce.
+ when called by cryptdisks-enable, check that we don't already have a
corresponding cryptdisks-udev job running (probably waiting for a
passphrase); if there is, wait until it's finished before continuing.
- debian/cryptdisks{ ,-early} .init: Make the 'start' action of the init
script a no-op, this should be handled entirely by the upstart job;
and fix the LSB header to not declare this should be started in
runlevel 'S'
- debian/cryptsetup. postinst: Remove any symlinks from /etc/rcS.d on
upgrade.
- debian/rules: Do not install start symlinks for init scripts, and
install debian/cryptdisks- {enable, udev}.upstart scripts.
- Add debian/cryptsetup. apport: Apport package hook. Install in
debian/rules and create dir in debian/cryptsetup. dirs.
- debian/rules: link dynamically against libgcrypt and libgpg-error.
- debian/cryptsetup. postrm: call update-initramfs on package removal.
* Dropped changes, merged/superseded in Debian:
- Add ext4 support to passdev.
- cryptroot-hook: don't call copy_modules_dir with empty arguments when
archcrypto isn't found
- Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into
the initramfs.
- change interaction to use plymouth directly if present, and if not, to
fall back to /lib/cryptsetup/askpass as before
- cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
- debian/initramfs/ cryptroot- script: if plymouth is present in the
initramfs, use this directly, bypassing the cryptsetup askpass script
- debian/initramfs/ cryptroot- hook: Properly anchor our regexps when
grepping /etc/crypttab so that we don't incorrectly match device names
that are substrings of one another.
- debian/initramfs/ cryptroot- script: Don't leak /conf/conf. d/cryptroot
file descriptor to subprocesses.
- Fix grammar error in debian/initramfs/ cryptroot- script
("setup" -> "set up")
- debian/initramfs/ cryptroot- script: Fix this to work with current
initramfs-tools:
+ Source /scripts/functions after checking for prerequisites.
+ prereqs(): Do not assume we are running within initramfs, and
calculate relative path correctly.
* Fix grammar error in debian/initramfs/ cryptroot- script
("setup" -> "set up") (LP: #578896)
* debian/initramfs/ cryptroot- script: Don't leak /conf/conf. d/cryptroot
file descriptor to subprocesses.
* debian/initramfs/ cryptroot- hook: Properly anchor our regexps when
grepping /etc/crypttab so that we don't incorrectly match device names
that are substrings of one another.
* debian/cryptdisks- {enable, udev}.conf, debian/control: drop
'console output' and add a hard dependency on plymouth instead of
watershed, to avoid spitting extra messages to the console.
* Set FRAMEBUFFER=y in the file that we actually ship.
* debian/cryptsetup. postrm: call update-initramfs on package removal.
LP: #468228.
* cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
* cryptdisks.functions: when called by cryptdisks-enable, check that we
don't already have a corresponding cryptdisks-udev job running (probably
waiting for a passphrase); if there is, wait until it's finished before
continuing.
* Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the
initramfs.
* cryptdisks.functions, debian/ initramfs/ cryptroot- script: fix the
invocation of plymouth, so that we actually get proper passphrase prompts
(once bug #496765 is fixed).
* cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for
changing the permissions of the filesystem root, not directly on /tmp,
since mounting on /tmp a) is racy, b) confuses mountall something fierce.
LP: #475936.
* Depend on watershed.
* Fix the LSB header in the init scripts, now that we don't install to
rcS.d.
* debian/initramfs/ cryptroot- script: Fix this to work with current
initramfs-tools:
- Source /scripts/functions after checking for prerequisites.
- prereqs(): Do not assume we are running within initramfs, and calculate
relative path correctly.
* Rename the upstart job introduced in the previous upload to
cryptdisks-udev and restore the previous version of the job as
cryptdisks-enable, to run at the end of udev coldplugging as before;
this isn't entirely race-free, but should nevertheless give us the
two passes needed to cover devices that are decrypted using keys stored
on other encrypted disks. LP: #443980.
* debian/initramfs/ cryptroot- script: if plymouth is present in the
initramfs, use this directly, bypassing the cryptsetup askpass script;
but keep support for these other frontends around on a transitional
basis.
* debian/cryptdisks. functions:
- change interaction to use plymouth directly if present, and if not, to
fall back to /lib/cryptsetup/askpass as before
- wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
we only ever have one of these running at a time; otherwise multiple
invocations could steal each other's input and/or write over each
other's output
- new function, crypttab_start_one_ disk, to look for the named source
device in /etc/crypttab (by device name, UUID, or label) and start it
if configured to do so
* debian/cryptdisks- enable. upstart: run the upstart job once for each block
device, using the new crypttab_start_one_ disk function, triggered by udev;
this doesn't eliminate the possibility of a race with gdm when the
decrypted volume isn't a 'bootwait' mount point (since gdm kills
plymouth), but it does eliminate the race between udev and cryptsetup.
LP: #454898.
* debian/cryptdisks- enable. upstart: check that the package is installed
and exit gracefully if it's not. LP: #435814
* debian/cryptdisk. functions: initially create the device under a temporary
name and rename it only at the end using 'dmsetup rename', to ensure that
upstart/mountall doesn't see our device before it's ready to go.
LP: #475936.
* Add ext4 support to passdev.
* cryptroot-hook: Use if [ -n … ] instead of if ! test -z ….
* cryptroot-hook: dont call copy_modules_dir with empty arguments when
archcrypto isnt found (LP: #495161)
* Merge with Debian testing. Remaining Ubuntu changes:
- debian/rules: cryptsetup is linked dynamically against libgcrypt and
libgpg-error.
- Upstart migration:
+ Add debian/cryptdisks- enable. upstart.
+ debian/cryptdisks{ ,-early} .init: Make the 'start' action of the init
script a no-op, this should be handled entirely by the upstart job.
(LP #473615)
+ debian/cryptsetup. postinst: Remove any symlinks from /etc/rcS.d on
upgrade.
+ debian/rules: Do not install start symlinks for those two, and install
debian/cryptdisks- enable. upstart scripts.
- Add debian/cryptsetup. apport: Apport package hook. Install in
debian/rules, and create dir in debian/cryptsetup. dirs.
- Start usplash in initramfs, since we need it for fancy passphrase input:
+ debian/initramfs/ cryptroot- conf, debian/ initramfs- conf.d: USPLASH=y
+ debian/control: Bump initramfs-tools Suggests to Depends:.
* Make the 'start' action of the init script a no-op, this should be
handled entirely by the upstart job now; and remove any symlinks from
/etc/rcS.d on upgrade. LP: #473615.
* Add an apport hook
* import the blkid and un_blkid from debian, LP: #446517
* also use this script by default (setting in /etc/default/cryptdisks)
* Reupload previous version, siretart had left changes in bzr which
weren't documented in the changelog and caused FTBFS.
* Move the Debian Vcs- fields aside.
* debian/cryptdisks- enable. upstart: Don't overcompensate for my idiocy,
cryptsetup should not need a controlling terminal, just a terminal
is fine. May fix LP: #439138.
* debian/cryptdisks- enable. upstart: Things that often help include
not setting stdin/out to /dev/null, so you can actually type the
passphrase. I am an idiot. LP: #430496.
* debian/cryptdisks- enable. upstart: add upstart job to enable encrypted
disks once we've finished probing for udev devices, so that mountall
can use them. LP: #430496.
* debian/initramfs/ cryptroot- conf: declare that we want usplash included
in the initramfs whenever this package is installed. LP: #427356.
* Merge from debian unstable, remaining changes:
- Ubuntu specific:
+ debian/rules: link dynamically for better security supportability and
smaller packages.
+ debian/control: Depend on initramfs-tools so system is not potentially
rendered unbootable.
- debian/initramfs/ cryptroot- script wait for encrypted device to appear,
report with log_*_msg (debian bug 488271).
- debian/initramfs/ cryptroot- hook: fix support for UUID and LABEL
correlation between fstab and crypttab (debian bug 522041).
- debian/askpass.c, debian/initramfs/ cryptroot- script: using newline
escape in passphrase prompt to avoid line-wrapping (debian bug 528133).
* Drop 04_fix_udevsettle_ call.patch: fixed upstream differently.
* debian/control: Depend on initramfs-tools so system is not potentially
rendered unbootable (LP: #358654).
* debian/initramfs/ cryptroot- script: we don't require vol_id to understand
the encrypted device, but we should check the device is fully up first
before continuing by calling udevadm settle. LP: #291752.
* debian/initramfs/ cryptroot- hook: fix support for UUID and LABEL correlation
between fstab and crypttab (LP: #287879).
* debian/askpass.c: also handle newline escape code in console prompt.
* debian/checks/ un_vol_ id: dynamically build the "unknown volume type"
string, to allow for encrypted swap, LP: #316607
* debian/askpass.c: handle newline escape code in password prompt.
* debian/initramfs/ cryptroot- script: add newline to split cryptroot
password prompt onto two lines for readability (LP: #326900).
* Merge from debian unstable, remaining changes:
- debian/initramfs/ cryptroot- script:
- must source /scripts/functions to get the log_*_msg() functions.
- wait for encrypted device to show up (LP 164044, 291752).
- disable error message 'failed to setup lvm device' (LP 151532).
- debian/rules:
- fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is
in Debian unstable).
- link dynamically (LP 62751).
- add 04_fix_udevsettle_ call.patch: fix path to binary for udevsettle.
* Revert versioned build-depency on libdevmapper-dev, since Ubuntu's
version is higher now.
* debian/initramfs/ cryptroot- script: do not require that vol_id
can parse the encrypted device as valid (LP: #291752).
* Fixes for (LP: #272301)
* debian/initramfs/ cryptroot- script: must source /scripts/functions to get
the log_*_msg() functions
* 04_fix_udevsettle_ call.patch: fix path to binary for udevsettle
* drop almost all ubuntu specific changes from the cryptsetup package,
because they have been merged in debian. Thanks a lot!
* merge from debian, remaining changes:
- remove versioned build-depency on libdevmapper-dev, we are using a
rather sophisticated loop for making sure the root filesystem appears.
* debian/rules: fix location of ltmain.sh
* don't exit usplash anymore in the init script. LP: #110970, #139363
* Disable error message 'failed to setup lvm device'. It is harmless, and
caused by the fact that the udev rules provided by lvm2 are setting up
the lvm on their own. In debian the scripts here are responsible for this
but obviously fail in ubuntu. LP: #151532
* reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally
dropped in version 2:1.0.6-2ubuntu6.
* load scripts/functions for log_{begin,end}_msg
* debian/initramfs/ cryptroot- script: wait for the cryptsource, not the resulting mapped root device
* debian/initramfs/ cryptroot- hook: copy binaries to the right directory
* remove versioned build-depency on libdevmapper-dev, we are using a
rather sophisticated loop for making sure the root filesystem appears.
* Okay, I give up. include preprocessed manpages and adapt
debian/rules to easily produce those.
ATTENTION: on subsequent uploads, make sure that the manpages are
available and up-to-date.
* also use local dtd in debian/doc/variables. xml.in.
* try harder to fix FTBFS.
* build docbook documentation using local dtds instead of trying to
download them at buildtime. Fixes FTBFS.
* Merge new debian version. Remaining changes:
- Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
bzr on launchpad.
- debian/rules: cryptsetup is linked dynamically against libgcrypt and
libgpg-error.
- cryptdisks.functions: stop usplash on user input. LP #62751
- Parse comments in lines not starting with '#', LP #185380
- If the encrypted source device hasn't shown up yet, give it a
little while to deal with removable devices. LP #164044
* Depend on race-free version of libdevmapper, thus making udevsettle
call from cryptsetup binary unnecessary. Dropping patch
debian/patches/ 06_run_ udevsettle. patch
* remove patch from LP #73862, loading optimized modules has been solved
in debian in another way.
* cryptdisk.functions: remove spurious call to load_optimized_ module.
LP: #239946
* bugfix: make regex work if keyfile has extended attributes. LP: #231339.
* remove patch in cryptdisks.functions for rexecing the script itself for
ensuring that a tty is always available. (See LP #58794.) According to
Scott, this is not necessary anymore.
* Fix configuration parsing (LP: #239808)
* cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723)
* Parse comments in lines not starting with '#', LP: #185380
* in cryptroot hook, don't rely on 'udevadm settle' to wait long enough
for the cryptdevice to appear. Reimplement the busy waiting loop found
while waiting for the root file system. Patch based on work by Swâmi
Petaramesh. LP: #164044
* debian/crypdisks. functions: call 'env' with full path. LP: #178829.
* Simplify the patch in debian/cryptdisks. functions that stops usplash
before asking for a passphrase.
* Merge new debian version. Remaining changes:
- cryptsetup is linked dynamically against libgcrypt and libgpg-error.
- stop usplash on user input. LP #62751
- debian/cryptdisks. functions: Always output and read from the console.
LP #58794.
- Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
bzr on launchpad.
- debian/initramfs/ cryptroot- hook: LP #73862
Added patch to install aes optimized cypher module
- try to load optimized cypher module in cryptsetup.functions as well,
because cryptroot-hook is only executed when we really have a
cryptoroot.
* other ubuntu changes have been merged into debian. Please report bugs
if you believe some patches have been dropped.
* removed 07_typos_fix.patch, has been reviewed and applied upstream.
* added debian/patches/ 07_typos_ fix.dpatch: fixed typos in man pages. (LP: #164181)
* debian/initramfs/ cryptroot- script: Do show the disk name after all, since
some people use multiple encrypted partitions as LVM PVs. (LP: #201413)
* debian/initramfs/ cryptroot- script: Do not mention the name of the
encrypted device. It is just technobabble anyway (sda4_crypt), and there
is just one root partition ever, so it is not needed to tell apart
different partitions. From a security POV, someone who can change your
initramfs to boot a different root partition can just as well change the
strings, too. (LP: #201413)
* debian/scripts/ luksformat: Use 256 bit key size by default.
(LP: #78508)
* debian/patches/ 02_manpage. dpatch: Clarify default key sizes (128 for
luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508)
* Fix -x calls and access() call.
* debian/initramfs/ cryptroot- script: call udevadm instead of udevsettle
* debian/patches/ 06_call_ udevsettle. dpatch: likewise
* Make cryptsetup understand devices specified by UUID=... or LABEL=
in crypttab. (LP: #153597)
* reenable additional udevsettle calls in cryptroot hook from
https://launchpad. net/bugs/ 85640, LP: #132373.
* change maintainer to ubuntu-core-dev.
* use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control.
* reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last
upload. Sorry, pitti.
* convert patch to lib/libdevmapper.c to a dpatch.
* RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation
events are being processed by calling /sbin/udevsettle. Patch based on
OpenSUSE bug #285478, LP: #132373.
* Based on the change above, the patch from LP #85640 is no longer needed.
dropping the relevant parts.
* Fix debian/rules to not fail to build if autom4te.cache is left behind
from a previous incomplete build.
* debian/initramfs/ cryptroot- script:
- If the supplied password worked, remove the prompt from usplash again,
so that the user has some visual feedback that everything is alright.
(LP: #151305)
- Do not show the UUID device node of the outer physical device. It is
scary ("/dev/disk/by- uuid/1234yadaya da") and displaying it does not
improve security at all: If attackers can tamper with your initramfs,
they can also change the prompt, and if the UUID of the physical device
changes, then booting will not even get that far. Now it is a much more
friendly "Enter passphrase for sda5_crypt:" which is still technical,
but it's necessary to point out which device will be unlocked in case
there are several.
* Merge new debian version. Remaining changes:
- cryptsetup is linked dynamically against libgcrypt and libgpg-error.
This will break systems where /usr is a separate encrypted filesystem
but not have other bad consequences (in particular, systems with
encrypted root are still fine). The upsides include better
security supportability and smaller packages.
- libcryptsetup.so et al removed from the binary packages. They have
no stable ABI and are not suitable for use by other packages, and
were in violation of library policies etc. They're not needed since
the cryptsetup executable statically contains the relevant parts of
libcryptsetup.
- cryptdisks.functions: remove #!/bin/bash as it isn't a script
by itself; it's only sourced by other scripts. This gets rid
of the lintian warning `script-not-executable' for this file.
- stop usplash on user input. LP #62751
- Always output and read from the console. LP #58794.
- Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
bzr on launchpad.
- Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
libnsl linkage;
- debian/initramfs/ cryptroot- hook: (LP: #73862)
Added patch to install aes optimized cypher module
- try to load optimized cypher module in cryptsetup.functions as well,
because cryptroot-hook is only executed when we really have a
cryptoroot.
- apply patch from pitti for allowing UUIDs in /etc/crypttab.
This allowes crypted PVs! LP: #144390.
- remove README.ubuntu, since it contains old and obsolete information.
* apply patch from pitti for allowing UUIDs in /etc/crypttab.
This allowes crypted PVs! LP: #144390.
* remove README.ubuntu, since it contains old and obsolete information.
* debian/initramfs/ cryptroot- hook: (LP: #73862)
- Added patch to install aes optimized cypher module
* re-applying old patch to new package version
* try to load optimized cypher module in cryptsetup.functions as well,
because cryptroot-hook is only executed when we really have a
cryptoroot.
* Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate
libnsl linkage; should finally produce a usable cryptsetup binary for
the udeb.
* Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for
proper udeb dependencies.
* Merge new debian version. Remaining changes:
- cryptsetup is linked dynamically against libgcrypt and libgpg-error.
This will break systems where /usr is a separate encrypted filesystem
but not have other bad consequences (in particular, systems with
encrypted root are still fine). The upsides include better
security supportability and smaller packages.
- libcryptsetup.so et al removed from the binary packages. They have
no stable ABI and are not suitable for use by other packages, and
were in violation of library policies etc. They're not needed since
the cryptsetup executable statically contains the relevant parts of
libcryptsetup.
- cryptdisks.functions: remove #!/bin/bash as it isn't a script
by itself; it's only sourced by other scripts. This gets rid
of the lintian warning `script-not-executable' for this file.
- stop usplash on user input. LP #62751
- Always output and read from the console. LP #58794.
* Add XSBC-Vcs-Bzr tag to indicate that this package is managed using
bzr on launchpad.
* UVF exception request granted by Scott Kitterman and Chuck Short
LP: #138295
* Add notes by Ilkka Tuohela in a new file debian/README. ubuntu
* cryptsetup is linked dynamically against libgcrypt and libgpg-error.
This will break systems where /usr is a separate encrypted filesystem
but not have other bad consequences (in particular, systems with
encrypted root are still fine). The upsides include better
security supportability and smaller packages.
* libcryptsetup.so et al removed from the binary packages. They have
no stable ABI and are not suitable for use by other packages, and
were in violation of library policies etc. They're not needed since
the cryptsetup executable statically contains the relevant parts of
libcryptsetup.
* cryptdisks.functions: remove #!/bin/bash as it isn't a script
by itself; it's only sourced by other scripts. This gets rid
of the lintian warning `script-not-executable' for this file.
* s/$CRYPTCMD/cryptsetup/ in debian/ cryptdisks. functions
(LP: #115617)
* make luksformat check if filesystem is already mounted to prevent a
strange error message. thanks to mvo for the patch (LP: #116633)
* remove file debian/initramfs- cryptroot- script from source. it is not
installed anywhere, and a leftover from the last merge.
* add missing hunk of cryptsetup.functions compared to debian package.
* reapply http://librarian. launchpad. net/7329604/ bug85640. debdiff to
debian/initramfs/ cryptroot- script, since stgraber's patch has been
lost in the last merge. (LP: #85640)
* modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405)
* Merge from Debian unstable. Remaining Ubuntu changes:
- stop usplash on user input. Ubuntu: #62751
- Always output and read from the console. Ubuntu: #58794.
- Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
* Modify Maintainer value to match Debian-Maintainer- Field Spec
* Wait for Udev to be ready to avoid partition non-detection. (LP: #85640)
* merge debian changes. Remaining ubuntu changes:
- stop usplash on user input. Ubuntu: #62751
- Always output and read from the console. Ubuntu: #58794.
* fix and improve initramfs hook: terminate usplash if running, since
adequate secure text input is not possible with usplash ATM
* usplash support: Terminate usplash before asking a password.
Closes https://bugs.launchpad .net/ubuntu/ +source/ cryptsetup/ +bug/62751
* merge debian changes, remaining patches:
- Always output and read from the console. Ubuntu: #58794.
* other changes have been merged or do noy apply anymore
* read password via usplash if available in initramfs for rootfs. based on a patch from
Swen Thümmler (Thanks for that!) Ubuntu #62751
* read password from initscript via usplash if running. should fix the
rest of Ubuntu #62751. Only problem with that patch: It asks only once
for the password! improvements welcome!
* Always output and read from the console. Ubuntu: #58794.
* Load the dm-crypt module on startup. Ubuntu: #53475.
* Sync with Debian:
Remaining Ubuntu Changes
+ debian/cryptdisks. functions:
- Tell usplash to quit if we ask for a passphrase - 29. By Jonas Meurer <email address hidden>
-
[ Milan Broz ]
* new upstream version. (closes: #704827, 707997)
- default LUKS encryption mode is XTS (aes-xts-plain64) (closes: #714331)
- adds native support for Truecrypt and compatible on-disk format
- adds benchmark command
- adds cryptsetup-reencrypt, a tool to offline reencrypt LUKS device
- adds veritysetup, a tool for dm-verity block device verification module
* install docs/examples into docs at cryptsetup-dev package.
* fix compilation warnings in askpass.c.[ Steve Langasek ]
* fix upstart jobs to not cause boot hangs when actually used in
conjunction with startpar. (closes: #694499, #677712).
* in connection with the above, make the cryptdisks-early job explicitly
wait for 'umountfs' on shutdown just like cryptdisks does; otherwise,
the teardown of the cryptdisks upstart job may cause the cryptdisks-early
init script run before we're done unmounting filesystems.[ Jonas Meurer ]
* minor wording fixes to README.initramfs, suggested by intrigeri and Adam
D. Barrett.
* add bash-completion script for cryptdisks_{start, stop}. Thanks to Claudius
Hubig for providing a patch. (closes: #700777)
* support specifying key-slot in crypttab. Thanks to Kevin Locke for the
patch. (closes: #704470)
* remove evms support code from cryptroot initramfs script. (closes: #713918)
* fix location of keyscripts in initramfs documentation. (closes: #697446)
* fix a typo in decrypt_ssl script that prevented stdout from beeing
redirected to /dev/null. (closes: #700285)
* give full path to blkid in crytproot initramfs script. (closes: #697155)
* export number of previous tries from cryptroot and cryptdisks to
keyscript. Thanks to Laurens Blankers for the idea. Opens the possibility
to fallback after a given number of tries for keyscripts. (closes: #438481,
#471729, #697455)
* improve check for cpu hardware encryption support in initramfs cryptroot
hook. (closes: #714326) - 28. By Jonas Meurer <email address hidden>
-
change recommends for busybox to busybox | busybox-static. Thanks to
Armin Haas for the bugreport. (closes: #692151) - 27. By Jonas Meurer <email address hidden>
-
* add recommends for 'kbd, console-setup' to cryptsetup package. Both are
necessary to support local keymap in initramfs. Thanks to Raphaël Hertzog
for the bugreport. (closes: #689722)
* move suggestion for 'initramfs-tools (>= 0.91) | linux-initramfs-tool,
busybox' to recommends. Both are required for encrypted root fs.
* remove suggestion for udev, most debian systems have it installed anyway.
* mention option to use UUID=<luks_uuid> for source device in crypttab(5).
Thanks to Felicitus for the bug report. (closes: #688786)
* add a paragraph in README.initramfs: Describe, why renaming the target
name is not supported for encrypted root devices. Thanks to Adam Lee for
bugreport and proposed workaround for this limitation. (closes: #671037)
* fix keyfile permission checks in cryptdisks init scripts to follow
symlinks. Thanks to intrigeri for the bugreport. (closes: #691517)
* fix owner group check for keyfile in cryptdisks init scripts to really
check owner group.
* update debconf translations:
- brasilian portuguese, thanks to Adriano Rafael Gomes. (closes: #685762)
- japanese, thanks to victory. (closes: #690784)
* fix typo in manpages: s/passphase/passphrase. Thanks to Milan Broz for
the bugreport. (closes: #684086) - 26. By Jonas Meurer <email address hidden>
-
* fix the shared library symbols magic: so far, the symbols file for
libcryptsetup4 included just a wildcard for all exported symbols, with
libcrypsetup4 (>= 2:1.4) as minimum version. This was wrong. Symbols
that were added later need adjusted minimum versions. Thanks for the
great help in #debian-mentors. (closes: #677127)
* remove emtpy directory /lib from cryptsetup-bin package.
* compile askpass and passdev with CFLAGS, CPPFLAGS and LDFLAGS. - 25. By Jonas Meurer <email address hidden>
-
[ Jonas Meurer ]
* mention limitations for keyscripts in crypttab(5) manpage: keyscripts
must not depend on binaries/files which are part of the to-be-unlocked
device. (closes: #665494)
* bump versioned build-dependency on debhelper now that we install
upstart initscripts in debian as well.
* change versioned breaks/replaces for cryptsetup-bin on cryptsetup to
1.4.3-1~, fixing upgrades in debian.[ Jean-Louis Dupond ]
* New upstream version. (closes: #670071)
- Fix keyslot removal (closes: #672299)
- Add -r to cryptsetup.8 (closes: #674027)
* Split up package in cryptsetup and cryptsetup-bin.
* I'm now co-maintainer (closes: #600777).
* Start cryptdisks-enable upstart job on 'or container', to let us
simplify the udevtrigger job.
* debian/cryptdisks. functions: handle the case where crypttab contains a
name for the source device that is not the kernel's preferred name for
it (as is the case for LVs). (Thanks Steve Langasek)
* debian/cryptdisks. functions: fix a race condition in some cases by
adding and udevadm settle before rename.
* debian/cryptdisks. functions: add UUID & LABEL support to do_start.
* debian/copyright: really fix lintian warning.
* debian/rules: also include upstart files in debian. - 24. By Jonas Meurer <email address hidden>
-
[ Jonas Meurer ]
* finally add back support for configuration of custom rootfs-devices through
the boot parameter 'root' to initramfs cryptroot script. Thanks a lot to
August Martin for the bugreport as well as continuously debugging and
providing patches. (closes: #546610)
* use blkid instead of fstype to detect the content of devices in initramfs
cryptroot script. Unfortunately fstype doesn't recognize md-raid devices,
which leads to errors with encrypted devices on top of software raid.
* check whether $NEWROOT already exists before actually invoking cryptsetup
in initramfs cryptroot script. (closes: #653241)
* fix conditions for prechecks at do_noluks() in cryptdisks.functions. Should
prevent data loss with encrypted swap in most cases. (closes: #652497)
* change default value for tmpfs and examples from ext2 to ext4.
* minor code cleanup.
* update debconf translations:
- russian, thanks to Yuri Kozlov. (closes: #661303)
- spanish, thanks to Camaleón. (closes: #661316)[ Jean-Louis Dupond ]
* fix watch file.
* always add aesni module to initramfs if we have hardware aes support.
(closes: #639832).
* debian/copyright: fix lintain warning.
* add upstart scripts for ubuntu.
* silent warnings on kernels without kernel/{arch,crypto} .
* add crypttab_start_one_ disk in function script to handle udev startup
in ubuntu.
* bump standards-version to 3.9.3, no changes needed. - 23. By Jonas Meurer <email address hidden>
-
* acknowledge NMU. Thanks to Michael Biebl. (closes: #659182)
* don't print error for non-encrypted rootfs in initramfs cryptroot hook.
Thanks to Jamie Heilman and Christoph Anton Mitterer for bugreports.
(closes: #659087, #659106)
* use dmsetup splitname to extract VG name from $node in initramfs cryptroot
hook. Thanks to Kai Weber for the bugreport, Milan Broz and Claudio
Imbrenda for suggestions and patches. (closes: #659235) - 22. By Jonas Meurer <email address hidden>
-
* new upstream release (1.4.0 + 1.4.1) (closes: #647851)
- fixes typo in german translation. (closes: #645528)
- remove patches, all incorporated upstream.
- soname bump, rename library package to libcryptsetup4
* check for busybox in initramfs cryptroot hook, and install the sed binary
in case it's either not installed or not activated. (closes: #591853)
* add checks for 'type $KEYSCRIPT' to initscripts cryptdisks.functions, and
to cryptroot initramfs script/hook. this adds support for keyscripts inside
$PATH. thanks to Ian Jackson for the suggestion. (closes: #597583)
* use argument '--sysinit' for vgchange in cryptroot initramfs script. Thanks
to Christoph Anton Mitterer for the suggestion.
* add option for discard/trim features to crypttab and initramfs scripts.
Thanks to intrigeri and Peter Colberg for patches. (closes: #648868)
* print $target on error in initramfs hook. Thanks to Daniel Hahler for the
bugreport. (closes: #648192)
* add a warning about using decrypt_derived keyscript for devices with
persistent data. Thanks to Arno Wagner for pointing this out.
* remove quotes from resume device candidates at get_resume_devs() in
initramfs hook script. Thanks to Johannes Rohr. (closes: #634017)
* support custom $TABFILE, thanks to Douglas Huff. (closes: #638317)
* fix get_lvm_deps() in initramfs cryptroot hook to add all physical volumes
of lvm volume group that contains the rootfs logical volume, even if the
rootfs is lv is not spread over all physical volumes. Thanks to Christian
Pernegger for bugreport and patch. (closes: #634109)
* debian/initramfs/ cryptroot- script: Move check for maximum number of tries
behind the while loop, to make the warning appear in case that maximum
number of tries is reached. Thanks to Chistian Lamparter for bugreport and
patch. (closes: #646083)
* incorporate changes to package descriptions and debconf templates that
suggested by debian-l10n-english people. Special thanks go to Justin B Rye.
* acknowledge NMU, thanks a lot to Christian Perrier for his great work on
the i18n front. (closes: #633105, #641719, #641839, #641947, #642470,
#640056, #642540, #643633, #643962, #644853)
* add and update debconf translations:
- italian, thanks to Milo Casagrande, Francesca Ciceri. (closes: #656933)
- german, thanks to Erik Pfannenstein. (closes: #642147)
- spanish, thanks to Camaleón. (closes: #658360)
- russian, thanks to Yuri Kuzlov (closes: #654676)
* set architecture to linux-any, depends on linux kernel anyway. Thanks to
Christoph Egger. (closes: #638257)
* small updates to the copyright file.
* add targets build-indep and build-arch to debian/rules, thanks to lintian. - 21. By Christian Perrier
-
* Non-maintainer upload.
* Fix pending l10n issues. Debconf translations:
- French (Julien Patriarca). Closes: #633105
- Vietnamese (Hung Tran). Closes: #641719
- Portuguese (Miguel Figueiredo). Closes: #641839
- Russian (Yuri Kozlov). Closes: #641947
- Swedish (Martin Bagge / brother). Closes: #642470,#640056
- Czech (Michal Simunek). Closes: #642540
- Dutch; (Jeroen Schot). Closes: #643633
- Spanish; (Camaleón). Closes: #643962
- Danish (Joe Hansen). Closes: #644853
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/cryptsetup