bilibop 0.4.20 source package in Ubuntu
Changelog
bilibop (0.4.20) unstable; urgency=low * bilibop-common: * Modify common.sh: replace '/sbin/udevadm' by just 'udevadm', and declare a udevadm() function if the command itself is not in the PATH. This should work with all versions of udev. * Modify device_node_from_major_minor(): rely on the contents of /dev/block (as these symlinks are not created by udev). * Modify drivemap.sh: add a missing debug command at the beginning of a function. * Modify lib/bilibop/disk: set -e * Fix a typo in drivemap.sh and the drivemap command: rename function _drivemap_max_mp_lenght() -> _drivemap_max_mp_length(), and also fix the same spelling error for the variable lenght -> length. * Update bilibop(7) and bilibop.conf(5) manpages (and also the french translations). * Update documentation (README.Debian, examples/bilibop.conf, misc/*.txt). * bilibop-rules: * Add translations for the debconf templates: + Italian: thanks to Beatrice Torracca <email address hidden> Closes: #727755. + Portuguese: thanks to Américo Monteiro <email address hidden> Closes: #730000. * Modify the config maintscript and the initramfs script: as the --run option no more works for 'udevadm info', use the hardcoded /run/udev instead. * Modify the udev rules file: rely on the 'removable' attribute to know that a device is a disk (as for the 'partition' attribute to know that a device is a partition); also do not set unconditionally Udisks ENV variables for the disk; reorder some rules, rename LABELs, + other cosmetics. * Update bilibop_rules_generator helper script for consistency. * Fix management of errors in physical_volumes_filter and pvfilter.sh * Remove a reference to a non-existent manpage in pvfilter.sh * Fix a spelling error in the help page of physical_volumes_filter. * Modify _pvfilter_find_dev_links(): use a best 'find' commandline, and simplify its output filter (grep). * Modify postinst to regenerate the cache file if the filter value has been modified in lvm.conf * Add support for the LVM 'global_filter' variable (lvm2 >= 2.02.98): + Add '_pvfilter_has_global()' function in pvfilter.sh: just tests if the 'global_filter' variable is supported by the version of lvm2 actually installed on the system. + Modify _pvfilter_init_lvm_configfile(). + Modify _pvfilter_init_device_filters(). + Add --global and --noglobal options to the helper script. + Rename debconf template: 'bilibop-rules/physical_volumes_filter/warning' -> 'bilibop-rules/physical_volumes_filter/without_global_filter/warning' + Add 'bilibop-rules/physical_volumes_filter/with_global_filter/warning' debconf template. + Update maintscripts. * Add support for Udisks 2.x (udisks2 package): + Modify the udev rules file to set udisks2 variables as well as udisks variables. + Update bilibop_rules_generator helper script for consistency. + Modify lsbilibop script: grep also udisks2 variables. * Replace all occurences of 'eval ${foo}' by [ "${foo}" = "true" ] (as eval ${foo} is true if ${foo} is empty). * Replace all occurences of '\s' by the POSIX class '[[:blank:]]' in grep commands (see bug #729581/#730146). * Update lsbilibop(8) manpage (and also the french translation). * Update documentation (README.Debian, examples/bilibop.conf). * bilibop-lockfs: * Add 'random' as a possible value for BILIBOP_LOCKFS_SWAP_POLICY: this allows one to specify to use a swap device only if it is encrypted with a random key. + Add new function is_randomly_encrypted() in lockfs.sh + Modify get_swap_policy() and apply_swap_policy() in lockfs.sh * Add a new boot option 'lockfs=default', used to reset bilibop-lockfs variables to their default values, i.e. empty strings (but BILIBOP_LOCKFS itself, which is then set to 'true'); modify lockfs_mount_helper and the initramfs scripts accordingly. * Modify lockfs_mount_helper and local-bottom initramfs script to also accept boot options of the form 'lockfs=-/foobar', where /foobar is a mountpoint to whitelist. * Remove unneeded code about 'crypto_LUKS' filesystem types in the mount helper script: the mount.crypt command (libpam-mount) already manages permissions of children virtual devices (loop and dm) when the 'ro' option is encountered in the fstab entry. * Add new function get_device_node() in lockfs.sh: if LABEL=* is used in fstab, translate '/' characters to their hex value to be sure to find the symlink in /dev/disk/by-label/; modify unlock_logical_volume() and is_encrypted() to call it. * Add support for LVM 'global_filter' variable in lockfs.sh: modify initialize_lvm_conf() and blacklist_bilibop_devices(); so 'global_filter' is unconditionally set to the same value than 'filter'. * Modify local-bottom initramfs script: when calling 'is_removable()', don't call 'physical_hard_disk()' again, as BILIBOP_DISK has already been computed. * Replace all occurences of '\s' by the POSIX class '[[:blank:]]' in grep commands. * Update documentation (README.Debian, TODO, examples/bilibop.conf). * bilibop-udev: * Modify the udev rules file: rely on the 'removable' attribute to know that a device is a disk. * Replace all occurences of '\s' by the POSIX class '[[:blank:]]' in grep commands. * debian/control: * Update bilibop-lockfs and bilibop-rules extended descriptions. * Move aufs-tools from Recommends: to Suggests: for bilibop-lockfs. * Add udisks2 as an alternative to udisks in Recommends: for bilibop-rules. * Bump Standards-Version: to 3.9.5; no changes. * Update debian/po/templates.pot and debian/po/*.po * Add debian/source.lintian-overrides (newer-standards-version 3.9.5), as lintian (2.5.19) is not yet updated (see #729096). * Add debian/bilibop-rules.lintian-overrides (unused-debconf-template): the postinst script embeds the ${HELPER} variable in template names. -- Yann Amar <email address hidden> Mon, 09 Dec 2013 02:58:24 +0000
Upload details
- Uploaded by:
- bilibop project
- Uploaded to:
- Sid
- Original maintainer:
- bilibop project
- Architectures:
- linux-any
- Section:
- misc
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Trusty | release | universe | misc |
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
bilibop_0.4.20.dsc | 1.6 KiB | 9266a65ce681a6cb6ec1bd6db6ae486afb7e6e43560b2e11a3ce94a66eb3d1e7 |
bilibop_0.4.20.tar.gz | 138.6 KiB | 90572ff386536155923c977a1cf8eea0918e13c9c6af9b83a3ff3d8a4a209616 |
Available diffs
- diff from 0.4.19 to 0.4.20 (47.4 KiB)
No changes file available.
Binary packages built by this source
- bilibop: No summary available for bilibop in ubuntu utopic.
No description available for bilibop in ubuntu utopic.
- bilibop-common: shell functions for bilibop scripts
Bilibop helps to maintain a Debian GNU/Linux operating system installed
on an external media (USB, FireWire, Flash memory, eSATA). It hardens
standard rules and policies to make the system more robust in this
particular situation.
.
This package provides shell functions usable by other bilibop scripts on the
running system or into the initramfs environment. These functions use /dev,
/proc and /sys databases to output the drive name or the partition hosting
the running system, and are fully usable by any unprivileged user or
application. Dm-crypt, LVM, loop devices and aufs root filesystems (and any
combination of them) are supported. A 'drivemap' command is also provided,
to show block devices in a tree of dependencies.
.
Some features may require Linux kernel 2.6.37 or higher to work properly.
- bilibop-lockfs: lock filesystems and write changes into RAM
Bilibop helps to maintain a Debian GNU/Linux operating system installed
on an external media (USB, FireWire, Flash memory, eSATA). It hardens
standard rules and policies to make the system more robust in this
particular situation.
.
If the lockfs feature is enabled (in a configuration file, in the boot
commandline or by a heuristic), nothing will be written on the filesystems
listed in /etc/fstab, except for those that have been whitelisted, or for
the encrypted swap devices. More, bilibop-lockfs now is able to detect if
the drive has been locked by a physical switch, and then overrides its own
settings to unconditionally apply a 'hard' policy.
.
The root filesystem is locked (set readonly, using aufs) by an initramfs
script which also modifies the temporary fstab to prepare other filesystems
to be locked later by a mount helper script.
.
bilibop-lockfs provides the following features:
* whitelist based policy: filesystems on which you want to allow persistent
changes must be explicitly listed in a configuration file.
* swap devices policy: they can be used 'as is', noauto, only if encrypted,
only if encrypted with a random key, or not used at all.
* not only filesystems are set read-only, but also block devices: this
forbids changes of the partition table, boot sectors, LUKS headers and
LVM metadata.
* plymouth messages to know at boot time if bilibop-lockfs is enabled or
not, or if an error occured.
* desktop notifications at startup about filesystems status, to inform the
user that volatile or persistent changes are allowed or not, and where.
.
This package can be used as an alternative to fsprotect or overlayroot,
especially for writable operating systems embedded on a USB stick; but it
may also be installed on public or personal computers, for daily use,
kiosks, testing purposes, or as a tool in anti-forensics strategies.
.
Some features may require Linux kernel 2.6.37 or higher to work properly.
- bilibop-rules: device management rules for OS running from external media
Bilibop helps to maintain a Debian GNU/Linux operating system installed
on an external media (USB, FireWire, Flash memory, eSATA). It hardens
standard rules and policies to make the system more robust in this
particular situation.
.
This package provides a udev rules file to manage the external drive hosting
the running system. Its main goal is to forbid low-level write access on this
drive and its partitions by any unprivileged user or application, but some
other convenient and optional rules have been added for desktop-level
management of the system disk and partitions (need udisks), as well as the
internal disks of the computer. The 'lsbilibop' command allows the admin to
update udev properties of the devices after the configuration file has been
modified.
.
To ease device management, bilibop-rules also provides helper scripts to:
* build custom bilibop udev rules running faster than the generic ones
* make some persistent and cumulative udev rules files unpersistent
* use either a fake or an always-up-to-date grub device map
* filter Physical Volumes, to activate only those needed by the system
.
This package is not designed to be used on internal disks. It works only
for OS installed on removable and writable media, including LiveUSB systems.
See also the bilibop-udev package.
.
Some features may require Linux kernel 2.6.37 or higher to work properly.
- bilibop-udev: minimal udev rule for Debian GNU/Linux running from external media
Bilibop helps to maintain a Debian GNU/Linux operating system installed
on an external media (USB, FireWire, Flash memory, eSATA). It hardens
standard rules and policies to make the system more robust in this
particular situation.
.
This package provides a udev rules file to manage the external drive hosting
the running system. Its goal is to forbid low-level write access on this
drive and its partitions by any unprivileged user or application.
.
This package is not designed to be used on internal disks. It works only
for OS installed on removable and writable media, especially LiveUSB systems.
See also the bilibop-rules package.
.
Some features may require Linux kernel 2.6.37 or higher to work properly.