* Merge from Debian unstable (LP: #594365). Remaining changes:
- debian/control:
+ Bump initramfs-tools Suggests to Depends: so system is not
potentially rendered unbootable.
+ Depend on plymouth.
- Add debian/cryptdisks-{enable,udev}.upstart.
- debian/cryptdisks.functions:
+ new function, crypttab_start_one_disk, to look for the named source
device in /etc/crypttab (by device name, UUID, or label) and start it
if configured to do so
+ wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
we only ever have one of these running at a time; otherwise multiple
invocations could steal each other's input and/or write over each
other's output
+ initially create the device under a temporary name and rename it only
at the end using 'dmsetup rename', to ensure that upstart/mountall
doesn't see our device before it's ready to go.
+ do_tmp should mount under /var/run/cryptsetup for changing the
permissions of the filesystem root, not directly on /tmp, since
mounting on /tmp a) is racy, b) confuses mountall something fierce.
+ when called by cryptdisks-enable, check that we don't already have a corresponding cryptdisks-udev job running (probably waiting for a passphrase); if there is, wait until it's finished before continuing.
- debian/cryptdisks{,-early}.init: Make the 'start' action of the init
script a no-op, this should be handled entirely by the upstart job;
and fix the LSB header to not declare this should be started in
runlevel 'S'
- debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
upgrade.
- debian/rules: Do not install start symlinks for init scripts, and
install debian/cryptdisks-{enable,udev}.upstart scripts.
- Add debian/cryptsetup.apport: Apport package hook. Install in
debian/rules and create dir in debian/cryptsetup.dirs.
- debian/rules: link dynamically against libgcrypt and libgpg-error.
- debian/cryptsetup.postrm: call update-initramfs on package removal.
* Dropped changes, merged/superseded in Debian:
- Add ext4 support to passdev.
- cryptroot-hook: don't call copy_modules_dir with empty arguments when
archcrypto isn't found
- Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into
the initramfs.
- change interaction to use plymouth directly if present, and if not, to
fall back to /lib/cryptsetup/askpass as before
- cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
- debian/initramfs/cryptroot-script: if plymouth is present in the
initramfs, use this directly, bypassing the cryptsetup askpass script
- debian/initramfs/cryptroot-hook: Properly anchor our regexps when
grepping /etc/crypttab so that we don't incorrectly match device names
that are substrings of one another.
- debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
file descriptor to subprocesses.
- Fix grammar error in debian/initramfs/cryptroot-script
("setup" -> "set up")
- debian/initramfs/cryptroot-script: Fix this to work with current
initramfs-tools:
+ Source /scripts/functions after checking for prerequisites.
+ prereqs(): Do not assume we are running within initramfs, and
calculate relative path correctly.
cryptsetup (2:1.1.2-1) unstable; urgency=low
* new upstream release, changes include:
- Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile.
(closes: #583397)
- Add verbose log level and move unlocking message there.
- Remove device even if underlying device disappeared (remove, luksClose).
(closes: #554600, #574126)
- Fix (deprecated) reload device command to accept new device argument.
* merged from ubuntu:
- if plymouth is present in the initramfs, use this directly, bypassing
the cryptsetup askpass script
- start usplash in initramfs, since we need it for fancy passphrase input
- Set FRAMEBUFFER=y in cryptroot-conf, to pull plymouth into the initramfs
- debian/initramfs/cryptroot-hook: Properly anchor our regexps when
grepping /etc/crypttab so that we don't incorrectly match device names
that are substrings of one another.
- debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
file descriptor to subprocesses.
* sync list of supported filesystems in passdev.c and cryptpassdev-hook
* fix debian/watch file to work with updated code.google.com download page
* stop building and shipping static libs (closes: #583387, #583471)
* improve documentation on (pre)checks in manpage. (closes: #583568, #583567)
* remove xfs and ext2 check scripts documentation from crypttab manpage,
blkid script can be used. thanks Christoph Anton Mitterer (closes: #583570)
cryptsetup (2:1.1.1-1) unstable; urgency=low
* new upstream release, changes include:
- detects and uses device-mapper udev support if available
- fix luksOpen reading of passphrase on stdin if "-" keyfile specified
- fix isLuks to initialise crypto backend (closes: #578979)
- fix luksClose operation for stacked DM devices
* remove all patches, they have all been merged upstream
* redirect output of copy_exec in add_device() from initramfs cryptroot
hook to stderr. fixes verbose run of mkinitramfs. (closes: #574163)
* acknowledge NMU. thanks to maximilian attems. (closes: #576488)
* change default for random key from /dev/random to /dev/urandom in
README.Debian, extend explanation. (closes: #579932)
* add comment to crypttab manpage about how to disable (pre)checks.
(closes: #574948)
* fix cryptdisks.functions to print cryptsource and crypttarget again at
the passphrase prompt. (closes: #578428)
* reorder build-depends, add pkg-config, change automake1.9 to automake
* add new lintian overrides
* switch to new dpkg source format "3.0 (quilt)", use upstream bzip tarball
* add ${misc:Depends} to depends for libcryptsetup-dev
* remove UID checks from initscripts, as these aren't meant to be invoked by
users anyway, and the UID checks introduced dependency on /usr filesystem.
* use grep -s for /etc/fstab in initramfs/cryptroot-hook. (closes: #580756)
* note that fs modules fore passdev devices need to be added to initramfs
in README.initramfs (closes: #580898)
* merged from ubuntu:
- Fix grammar error in debian/initramfs/cryptroot-script (closes: #581973)
* add busybox to suggests, thanks to martin michlmayr. (closes: #582914)
cryptsetup (2:1.1.0-2.1) unstable; urgency=low
* Non-maintainer upload.
[ Martin Pitt ]
* debian/initramfs/cryptroot-script: (closes: #576488)
- Source /scripts/functions after checking for prerequisites.
- prereqs(): Do not assume we are running within initramfs, and calculate
relative path correctly.
cryptsetup (2:1.1.0-2) unstable; urgency=low
* fix version in NEWS.Debian: 2:1.1.0~rc2-1 instead of 2:1.0.7-3.
* remove 'NOT RELEASED YET' from 2:1.1.0-1 changelog
* capitalize names in changelog
* mention the old default plain mode in changelog and NEWS, add a note that
debian-installer setups can ignore the warning, and warn for plain dm-crypt
mappings in crypttab that don't have set cipher, hash and size.
(closes: #573103, #573261)
cryptsetup (2:1.1.0-1) unstable; urgency=low
* new upstream stable release (1.1.0), notable changes since rc2:
- default key size for LUKS changed from 128 to 256 bits
- default plain mode changed from aes-cbc-plain to aes-cbc-essiv:sha256
- key slot and key diggest iteration minimum set to 1000
- convert hash name to lower case in header
* update patch 02_manpage
* add more supported filesystems to passdev.c, isofs->iso9660. thanks to
Christoph Anton Mitterer. (closes: #557405)
* update to standards-version 3.8.4, no changes needed
* accept spaces in $opts at postinst script. (closes: #559184)
* set extended $PATH in cryptdisks.functions. thanks to Christoph Anton
Mitterer. (closes: #557329)
* fix huge initramfs for archs which don't have kernel/arch directory.
thanks to martin michlmayr for bugreport and patch. (closes: #559510)
* support commandline options to mkfs in luksformat. thanks to Eduard
Bloch for bugreport and patch. (closes: #563975)
* extend error messages for evms setup in cryptroot-script
* add 03_luksAddKey.patch, to not verify unlocking passphrase in luksAddKey
command. (closes: #570418)
* add 04_crypto_init.patch, to properly initialise crypto backend in header
backup/restore commands.
* change build-dependency on cvs to new autopoint package (closes: #572463)
* rename decrypt_gpg keyscript to decrypt_gnupg, improve it based on ideas
by Christoph Anton Mitterer, mention the keyscript rename in NEWS.Debian.
Also, provide a initramfs cryptgnupg hook script. Thanks to Christoph
Anton Mitterer for bugreport and ideas. (closes: #560034)
* check for root privileges with '/usr/bin/id -u' in init scripts and
cryptdisks_{start|stop}. (closes: #563162)
-- Steve Langasek <email address hidden> Mon, 14 Jun 2010 21:47:28 -0700
This bug was fixed in the package cryptsetup - 2:1.1.2-1ubuntu1
---------------
cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low
* Merge from Debian unstable (LP: #594365). Remaining changes: cryptdisks- {enable, udev}.upstart. cryptdisks. functions: start_one_ disk, to look for the named source /askpass with watershed, to make sure
corresponding cryptdisks-udev job running (probably waiting for a
passphrase) ; if there is, wait until it's finished before continuing. cryptdisks{ ,-early} .init: Make the 'start' action of the init cryptsetup. postinst: Remove any symlinks from /etc/rcS.d on cryptdisks- {enable, udev}.upstart scripts. cryptsetup. apport: Apport package hook. Install in cryptsetup. dirs. cryptsetup. postrm: call update-initramfs on package removal. /askpass as before functions: replace 'echo -e' bashism with 'printf'. initramfs/ cryptroot- script: if plymouth is present in the initramfs/ cryptroot- hook: Properly anchor our regexps when initramfs/ cryptroot- script: Don't leak /conf/conf. d/cryptroot initramfs/ cryptroot- script initramfs/ cryptroot- script: Fix this to work with current -tools:
- debian/control:
+ Bump initramfs-tools Suggests to Depends: so system is not
potentially rendered unbootable.
+ Depend on plymouth.
- Add debian/
- debian/
+ new function, crypttab_
device in /etc/crypttab (by device name, UUID, or label) and start it
if configured to do so
+ wrap the call to /lib/cryptsetup
we only ever have one of these running at a time; otherwise multiple
invocations could steal each other's input and/or write over each
other's output
+ initially create the device under a temporary name and rename it only
at the end using 'dmsetup rename', to ensure that upstart/mountall
doesn't see our device before it's ready to go.
+ do_tmp should mount under /var/run/cryptsetup for changing the
permissions of the filesystem root, not directly on /tmp, since
mounting on /tmp a) is racy, b) confuses mountall something fierce.
+ when called by cryptdisks-enable, check that we don't already have a
- debian/
script a no-op, this should be handled entirely by the upstart job;
and fix the LSB header to not declare this should be started in
runlevel 'S'
- debian/
upgrade.
- debian/rules: Do not install start symlinks for init scripts, and
install debian/
- Add debian/
debian/rules and create dir in debian/
- debian/rules: link dynamically against libgcrypt and libgpg-error.
- debian/
* Dropped changes, merged/superseded in Debian:
- Add ext4 support to passdev.
- cryptroot-hook: don't call copy_modules_dir with empty arguments when
archcrypto isn't found
- Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into
the initramfs.
- change interaction to use plymouth directly if present, and if not, to
fall back to /lib/cryptsetup
- cryptdisks.
- debian/
initramfs, use this directly, bypassing the cryptsetup askpass script
- debian/
grepping /etc/crypttab so that we don't incorrectly match device names
that are substrings of one another.
- debian/
file descriptor to subprocesses.
- Fix grammar error in debian/
("setup" -> "set up")
- debian/
initramfs
+ Source /scripts/functions after checking for prerequisites.
+ prereqs(): Do not assume we are running within initramfs, and
calculate relative path correctly.
cryptsetup (2:1.1.2-1) unstable; urgency=low
* new upstream release, changes include: initramfs/ cryptroot- hook: Properly anchor our regexps when initramfs/ cryptroot- script: Don't leak /conf/conf. d/cryptroot
- Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile.
(closes: #583397)
- Add verbose log level and move unlocking message there.
- Remove device even if underlying device disappeared (remove, luksClose).
(closes: #554600, #574126)
- Fix (deprecated) reload device command to accept new device argument.
* merged from ubuntu:
- if plymouth is present in the initramfs, use this directly, bypassing
the cryptsetup askpass script
- start usplash in initramfs, since we need it for fancy passphrase input
- Set FRAMEBUFFER=y in cryptroot-conf, to pull plymouth into the initramfs
- debian/
grepping /etc/crypttab so that we don't incorrectly match device names
that are substrings of one another.
- debian/
file descriptor to subprocesses.
* sync list of supported filesystems in passdev.c and cryptpassdev-hook
* fix debian/watch file to work with updated code.google.com download page
* stop building and shipping static libs (closes: #583387, #583471)
* improve documentation on (pre)checks in manpage. (closes: #583568, #583567)
* remove xfs and ext2 check scripts documentation from crypttab manpage,
blkid script can be used. thanks Christoph Anton Mitterer (closes: #583570)
cryptsetup (2:1.1.1-1) unstable; urgency=low
* new upstream release, changes include: functions to print cryptsource and crypttarget again at cryptroot- hook. (closes: #580756) initramfs/ cryptroot- script (closes: #581973)
- detects and uses device-mapper udev support if available
- fix luksOpen reading of passphrase on stdin if "-" keyfile specified
- fix isLuks to initialise crypto backend (closes: #578979)
- fix luksClose operation for stacked DM devices
* remove all patches, they have all been merged upstream
* redirect output of copy_exec in add_device() from initramfs cryptroot
hook to stderr. fixes verbose run of mkinitramfs. (closes: #574163)
* acknowledge NMU. thanks to maximilian attems. (closes: #576488)
* change default for random key from /dev/random to /dev/urandom in
README.Debian, extend explanation. (closes: #579932)
* add comment to crypttab manpage about how to disable (pre)checks.
(closes: #574948)
* fix cryptdisks.
the passphrase prompt. (closes: #578428)
* reorder build-depends, add pkg-config, change automake1.9 to automake
* add new lintian overrides
* switch to new dpkg source format "3.0 (quilt)", use upstream bzip tarball
* add ${misc:Depends} to depends for libcryptsetup-dev
* remove UID checks from initscripts, as these aren't meant to be invoked by
users anyway, and the UID checks introduced dependency on /usr filesystem.
* use grep -s for /etc/fstab in initramfs/
* note that fs modules fore passdev devices need to be added to initramfs
in README.initramfs (closes: #580898)
* merged from ubuntu:
- Fix grammar error in debian/
* add busybox to suggests, thanks to martin michlmayr. (closes: #582914)
cryptsetup (2:1.1.0-2.1) unstable; urgency=low
* Non-maintainer upload.
[ Martin Pitt ] initramfs/ cryptroot- script: (closes: #576488)
* debian/
- Source /scripts/functions after checking for prerequisites.
- prereqs(): Do not assume we are running within initramfs, and calculate
relative path correctly.
cryptsetup (2:1.1.0-2) unstable; urgency=low
* fix version in NEWS.Debian: 2:1.1.0~rc2-1 instead of 2:1.0.7-3. installer setups can ignore the warning, and warn for plain dm-crypt
* remove 'NOT RELEASED YET' from 2:1.1.0-1 changelog
* capitalize names in changelog
* mention the old default plain mode in changelog and NEWS, add a note that
debian-
mappings in crypttab that don't have set cipher, hash and size.
(closes: #573103, #573261)
cryptsetup (2:1.1.0-1) unstable; urgency=low
* new upstream stable release (1.1.0), notable changes since rc2: essiv:sha256 functions. thanks to Christoph Anton patch, to not verify unlocking passphrase in luksAddKey init.patch, to properly initialise crypto backend in header {start| stop}. (closes: #563162)
- default key size for LUKS changed from 128 to 256 bits
- default plain mode changed from aes-cbc-plain to aes-cbc-
- key slot and key diggest iteration minimum set to 1000
- convert hash name to lower case in header
* update patch 02_manpage
* add more supported filesystems to passdev.c, isofs->iso9660. thanks to
Christoph Anton Mitterer. (closes: #557405)
* update to standards-version 3.8.4, no changes needed
* accept spaces in $opts at postinst script. (closes: #559184)
* set extended $PATH in cryptdisks.
Mitterer. (closes: #557329)
* fix huge initramfs for archs which don't have kernel/arch directory.
thanks to martin michlmayr for bugreport and patch. (closes: #559510)
* support commandline options to mkfs in luksformat. thanks to Eduard
Bloch for bugreport and patch. (closes: #563975)
* extend error messages for evms setup in cryptroot-script
* add 03_luksAddKey.
command. (closes: #570418)
* add 04_crypto_
backup/restore commands.
* change build-dependency on cvs to new autopoint package (closes: #572463)
* rename decrypt_gpg keyscript to decrypt_gnupg, improve it based on ideas
by Christoph Anton Mitterer, mention the keyscript rename in NEWS.Debian.
Also, provide a initramfs cryptgnupg hook script. Thanks to Christoph
Anton Mitterer for bugreport and ideas. (closes: #560034)
* check for root privileges with '/usr/bin/id -u' in init scripts and
cryptdisks_
-- Steve Langasek <email address hidden> Mon, 14 Jun 2010 21:47:28 -0700