diff -Nru cryptsetup-1.3.0/debian/changelog cryptsetup-1.3.0/debian/changelog --- cryptsetup-1.3.0/debian/changelog 2011-05-19 19:50:22.000000000 +0100 +++ cryptsetup-1.3.0/debian/changelog 2011-06-02 02:07:28.000000000 +0100 @@ -1,3 +1,38 @@ +cryptsetup (2:1.3.0-3ubuntu1) oneiric; urgency=low + + * Merge from debian unstable (LP: #776264). Remaining changes: + - debian/control: + + Bump initramfs-tools Suggests to Depends: so system is not + potentially rendered unbootable. + + Depend on plymouth. + - Add debian/cryptdisks-{enable,udev}.upstart. + - debian/cryptdisks.functions: + + new function, crypttab_start_one_disk, to look for the named source + device in /etc/crypttab (by device name, UUID, or label) and start it + if configured to do so + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure + we only ever have one of these running at a time; otherwise multiple + invocations could steal each other's input and/or write over each + other's output + + when called by cryptdisks-enable, check that we don't already have a + corresponding cryptdisks-udev job running (probably waiting for a + passphrase); if there is, wait until it's finished before continuing. + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init + script a no-op, this should be handled entirely by the upstart job; + and fix the LSB header to not declare this should be started in + runlevel 'S' + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on + upgrade. + - debian/rules: Do not install start symlinks for init scripts, and + install debian/cryptdisks-{enable,udev}.upstart scripts. + * Dropped changes, merged/superseded in Debian: + - debian/rules: link dynamically against libgcrypt and libgpg-error. + - Add debian/cryptsetup.apport: Apport package hook. Install in + debian/rules and create dir in debian/cryptsetup.dirs. + - debian/cryptsetup.postrm: call update-initramfs on package removal. + + -- Zak Kipling Thu, 2 Jun 2011 02:07:28 +0100 + cryptsetup (2:1.3.0-3) unstable; urgency=low * drop the loopback magick from cryptdisks scripts. Mario 'Bitkoenig' Holbe @@ -123,6 +158,41 @@ -- Jonas Meurer Sun, 16 Jan 2011 01:01:03 +0100 +cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low + + * Merge from debian unstable (LP: #682177), remaining changes: + - debian/control: + + Bump initramfs-tools Suggests to Depends: so system is not + potentially rendered unbootable. + + Depend on plymouth. + - Add debian/cryptdisks-{enable,udev}.upstart. + - debian/cryptdisks.functions: + + new function, crypttab_start_one_disk, to look for the named source + device in /etc/crypttab (by device name, UUID, or label) and start it + if configured to do so + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure + we only ever have one of these running at a time; otherwise multiple + invocations could steal each other's input and/or write over each + other's output + + when called by cryptdisks-enable, check that we don't already have a + corresponding cryptdisks-udev job running (probably waiting for a + passphrase); if there is, wait until it's finished before continuing. + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init + script a no-op, this should be handled entirely by the upstart job; + and fix the LSB header to not declare this should be started in + runlevel 'S' + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on + upgrade. + - debian/rules: + + Do not install start symlinks for init scripts, and + install debian/cryptdisks-{enable,udev}.upstart scripts. + + link dynamically against libgcrypt and libgpg-error. + - Add debian/cryptsetup.apport: Apport package hook. Install in + debian/rules and create dir in debian/cryptsetup.dirs. + - debian/cryptsetup.postrm: call update-initramfs on package removal. + + -- Lorenzo De Liso Sat, 27 Nov 2010 17:37:43 +0100 + cryptsetup (2:1.1.3-4) unstable; urgency=high * bump standards-version to 3.9.1, no changes required @@ -228,6 +298,69 @@ -- Jonas Meurer Sat, 10 Jul 2010 14:32:40 +0200 +cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low + + * Merge from Debian unstable (LP: #594365). Remaining changes: + - debian/control: + + Bump initramfs-tools Suggests to Depends: so system is not + potentially rendered unbootable. + + Depend on plymouth. + - Add debian/cryptdisks-{enable,udev}.upstart. + - debian/cryptdisks.functions: + + new function, crypttab_start_one_disk, to look for the named source + device in /etc/crypttab (by device name, UUID, or label) and start it + if configured to do so + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure + we only ever have one of these running at a time; otherwise multiple + invocations could steal each other's input and/or write over each + other's output + + initially create the device under a temporary name and rename it only + at the end using 'dmsetup rename', to ensure that upstart/mountall + doesn't see our device before it's ready to go. + + do_tmp should mount under /var/run/cryptsetup for changing the + permissions of the filesystem root, not directly on /tmp, since + mounting on /tmp a) is racy, b) confuses mountall something fierce. + + when called by cryptdisks-enable, check that we don't already have a + corresponding cryptdisks-udev job running (probably waiting for a + passphrase); if there is, wait until it's finished before continuing. + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init + script a no-op, this should be handled entirely by the upstart job; + and fix the LSB header to not declare this should be started in + runlevel 'S' + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on + upgrade. + - debian/rules: Do not install start symlinks for init scripts, and + install debian/cryptdisks-{enable,udev}.upstart scripts. + - Add debian/cryptsetup.apport: Apport package hook. Install in + debian/rules and create dir in debian/cryptsetup.dirs. + - debian/rules: link dynamically against libgcrypt and libgpg-error. + - debian/cryptsetup.postrm: call update-initramfs on package removal. + * Dropped changes, merged/superseded in Debian: + - Add ext4 support to passdev. + - cryptroot-hook: don't call copy_modules_dir with empty arguments when + archcrypto isn't found + - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into + the initramfs. + - change interaction to use plymouth directly if present, and if not, to + fall back to /lib/cryptsetup/askpass as before + - cryptdisks.functions: replace 'echo -e' bashism with 'printf'. + - debian/initramfs/cryptroot-script: if plymouth is present in the + initramfs, use this directly, bypassing the cryptsetup askpass script + - debian/initramfs/cryptroot-hook: Properly anchor our regexps when + grepping /etc/crypttab so that we don't incorrectly match device names + that are substrings of one another. + - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot + file descriptor to subprocesses. + - Fix grammar error in debian/initramfs/cryptroot-script + ("setup" -> "set up") + - debian/initramfs/cryptroot-script: Fix this to work with current + initramfs-tools: + + Source /scripts/functions after checking for prerequisites. + + prereqs(): Do not assume we are running within initramfs, and + calculate relative path correctly. + + -- Steve Langasek Mon, 14 Jun 2010 21:47:28 -0700 + cryptsetup (2:1.1.2-1) unstable; urgency=low * new upstream release, changes include: @@ -345,6 +478,171 @@ -- Jonas Meurer Mon, 08 Mar 2010 14:15:35 +0100 +cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low + + [ David Stansby ] + * Fix grammar error in debian/initramfs/cryptroot-script + ("setup" -> "set up") (LP: #578896) + + -- James Westby Mon, 17 May 2010 13:33:40 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low + + * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot + file descriptor to subprocesses. + + -- Colin Watson Mon, 29 Mar 2010 22:18:36 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low + + * debian/initramfs/cryptroot-hook: Properly anchor our regexps when + grepping /etc/crypttab so that we don't incorrectly match device names + that are substrings of one another. + * debian/cryptdisks-{enable,udev}.conf, debian/control: drop + 'console output' and add a hard dependency on plymouth instead of + watershed, to avoid spitting extra messages to the console. + + -- Steve Langasek Thu, 18 Feb 2010 06:19:19 -0800 + +cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low + + * Set FRAMEBUFFER=y in the file that we actually ship. + * debian/cryptsetup.postrm: call update-initramfs on package removal. + LP: #468228. + + -- Steve Langasek Mon, 25 Jan 2010 03:07:52 -0800 + +cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low + + * cryptdisks.functions: replace 'echo -e' bashism with 'printf'. + * cryptdisks.functions: when called by cryptdisks-enable, check that we + don't already have a corresponding cryptdisks-udev job running (probably + waiting for a passphrase); if there is, wait until it's finished before + continuing. + + -- Steve Langasek Thu, 21 Jan 2010 14:57:21 +0000 + +cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low + + * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the + initramfs. + * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the + invocation of plymouth, so that we actually get proper passphrase prompts + (once bug #496765 is fixed). + + -- Steve Langasek Sat, 16 Jan 2010 02:32:41 -0800 + +cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low + + * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for + changing the permissions of the filesystem root, not directly on /tmp, + since mounting on /tmp a) is racy, b) confuses mountall something fierce. + LP: #475936. + + -- Steve Langasek Tue, 22 Dec 2009 20:24:28 +0000 + +cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low + + * Depend on watershed. + + -- Steve Langasek Tue, 22 Dec 2009 01:37:36 +0000 + +cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low + + [ Steve Langasek ] + * Fix the LSB header in the init scripts, now that we don't install to + rcS.d. + + [ Martin Pitt ] + * debian/initramfs/cryptroot-script: Fix this to work with current + initramfs-tools: + - Source /scripts/functions after checking for prerequisites. + - prereqs(): Do not assume we are running within initramfs, and calculate + relative path correctly. + + -- Martin Pitt Fri, 18 Dec 2009 17:07:07 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low + + * Rename the upstart job introduced in the previous upload to + cryptdisks-udev and restore the previous version of the job as + cryptdisks-enable, to run at the end of udev coldplugging as before; + this isn't entirely race-free, but should nevertheless give us the + two passes needed to cover devices that are decrypted using keys stored + on other encrypted disks. LP: #443980. + + -- Steve Langasek Wed, 16 Dec 2009 06:41:30 +0000 + +cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low + + [ Steve Langasek ] + * debian/initramfs/cryptroot-script: if plymouth is present in the + initramfs, use this directly, bypassing the cryptsetup askpass script; + but keep support for these other frontends around on a transitional + basis. + * debian/cryptdisks.functions: + - change interaction to use plymouth directly if present, and if not, to + fall back to /lib/cryptsetup/askpass as before + - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure + we only ever have one of these running at a time; otherwise multiple + invocations could steal each other's input and/or write over each + other's output + - new function, crypttab_start_one_disk, to look for the named source + device in /etc/crypttab (by device name, UUID, or label) and start it + if configured to do so + * debian/cryptdisks-enable.upstart: run the upstart job once for each block + device, using the new crypttab_start_one_disk function, triggered by udev; + this doesn't eliminate the possibility of a race with gdm when the + decrypted volume isn't a 'bootwait' mount point (since gdm kills + plymouth), but it does eliminate the race between udev and cryptsetup. + LP: #454898. + * debian/cryptdisks-enable.upstart: check that the package is installed + and exit gracefully if it's not. LP: #435814 + * debian/cryptdisk.functions: initially create the device under a temporary + name and rename it only at the end using 'dmsetup rename', to ensure that + upstart/mountall doesn't see our device before it's ready to go. + LP: #475936. + + [ Colin Watson ] + * Add ext4 support to passdev. + + -- Steve Langasek Tue, 15 Dec 2009 18:05:45 -0800 + +cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low + + * cryptroot-hook: Use if [ -n … ] instead of if ! test -z …. + + -- Loïc Minier Sat, 12 Dec 2009 11:32:52 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low + + * cryptroot-hook: dont call copy_modules_dir with empty arguments when + archcrypto isnt found (LP: #495161) + + -- Oliver Grawert Fri, 11 Dec 2009 14:39:00 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low + + * Merge with Debian testing. Remaining Ubuntu changes: + - debian/rules: cryptsetup is linked dynamically against libgcrypt and + libgpg-error. + - Upstart migration: + + Add debian/cryptdisks-enable.upstart. + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init + script a no-op, this should be handled entirely by the upstart job. + (LP #473615) + + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on + upgrade. + + debian/rules: Do not install start symlinks for those two, and install + debian/cryptdisks-enable.upstart scripts. + - Add debian/cryptsetup.apport: Apport package hook. Install in + debian/rules, and create dir in debian/cryptsetup.dirs. + - Start usplash in initramfs, since we need it for fancy passphrase input: + + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y + + debian/control: Bump initramfs-tools Suggests to Depends:. + + -- Martin Pitt Wed, 11 Nov 2009 15:04:27 +0100 + cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low * new upstream release candidate (1.1.0-rc2), highlights include: @@ -518,6 +816,80 @@ -- Jonas Meurer Sat, 04 Jul 2009 15:52:06 +0200 +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low + + [ Steve Langasek ] + * Make the 'start' action of the init script a no-op, this should be + handled entirely by the upstart job now; and remove any symlinks from + /etc/rcS.d on upgrade. LP: #473615. + + [ Reinhard Tartler ] + * Add an apport hook + * import the blkid and un_blkid from debian, LP: #446517 + * also use this script by default (setting in /etc/default/cryptdisks) + + -- Steve Langasek Wed, 04 Nov 2009 12:06:47 +0000 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low + + * Reupload previous version, siretart had left changes in bzr which + weren't documented in the changelog and caused FTBFS. + + -- Scott James Remnant Wed, 14 Oct 2009 13:57:59 +0100 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low + + [ Steve Langasek ] + * Move the Debian Vcs- fields aside. + + [ Scott James Remnant ] + * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy, + cryptsetup should not need a controlling terminal, just a terminal + is fine. May fix LP: #439138. + + -- Scott James Remnant Wed, 14 Oct 2009 04:52:16 +0100 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low + + * debian/cryptdisks-enable.upstart: Things that often help include + not setting stdin/out to /dev/null, so you can actually type the + passphrase. I am an idiot. LP: #430496. + + -- Scott James Remnant Thu, 17 Sep 2009 17:58:01 +0100 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low + + * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted + disks once we've finished probing for udev devices, so that mountall + can use them. LP: #430496. + + -- Scott James Remnant Thu, 17 Sep 2009 00:04:00 +0100 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low + + * debian/initramfs/cryptroot-conf: declare that we want usplash included + in the initramfs whenever this package is installed. LP: #427356. + + -- Steve Langasek Tue, 15 Sep 2009 08:43:15 -0700 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - Ubuntu specific: + + debian/rules: link dynamically for better security supportability and + smaller packages. + + debian/control: Depend on initramfs-tools so system is not potentially + rendered unbootable. + - debian/initramfs/cryptroot-script wait for encrypted device to appear, + report with log_*_msg (debian bug 488271). + - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL + correlation between fstab and crypttab (debian bug 522041). + - debian/askpass.c, debian/initramfs/cryptroot-script: using newline + escape in passphrase prompt to avoid line-wrapping (debian bug 528133). + * Drop 04_fix_udevsettle_call.patch: fixed upstream differently. + + -- Kees Cook Sun, 10 May 2009 17:29:32 -0700 + cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low * New upstream svn snapshot. Highlights include: @@ -559,6 +931,67 @@ -- Jonas Meurer Mon, 06 Apr 2009 08:49:14 +0200 +cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low + + * debian/control: Depend on initramfs-tools so system is not potentially + rendered unbootable (LP: #358654). + + -- Kees Cook Thu, 09 Apr 2009 12:29:31 -0700 + +cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low + + * debian/initramfs/cryptroot-script: we don't require vol_id to understand + the encrypted device, but we should check the device is fully up first + before continuing by calling udevadm settle. LP: #291752. + + -- Steve Langasek Sat, 07 Mar 2009 21:39:14 -0800 + +cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low + + * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation + between fstab and crypttab (LP: #287879). + + -- TJ Mon, 16 Feb 2009 23:00:00 +0000 + +cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low + + * debian/askpass.c: also handle newline escape code in console prompt. + + -- Kees Cook Sun, 15 Feb 2009 08:57:05 -0800 + +cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low + + [ https://launchpad.net/~svenkata ] + * debian/checks/un_vol_id: dynamically build the "unknown volume type" + string, to allow for encrypted swap, LP: #316607 + + -- Dustin Kirkland Thu, 12 Feb 2009 16:57:30 -0600 + +cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low + + * debian/askpass.c: handle newline escape code in password prompt. + * debian/initramfs/cryptroot-script: add newline to split cryptroot + password prompt onto two lines for readability (LP: #326900). + + -- Kees Cook Sun, 08 Feb 2009 07:26:01 -0800 + +cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/initramfs/cryptroot-script: + - must source /scripts/functions to get the log_*_msg() functions. + - wait for encrypted device to show up (LP 164044, 291752). + - disable error message 'failed to setup lvm device' (LP 151532). + - debian/rules: + - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is + in Debian unstable). + - link dynamically (LP 62751). + - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle. + * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's + version is higher now. + + -- Kees Cook Tue, 06 Jan 2009 13:00:16 -0800 + cryptsetup (2:1.0.6-7) unstable; urgency=medium * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE @@ -603,6 +1036,38 @@ -- Jonas Meurer Wed, 17 Dec 2008 21:25:45 +0100 +cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low + + * debian/initramfs/cryptroot-script: do not require that vol_id + can parse the encrypted device as valid (LP: #291752). + + -- Kees Cook Fri, 31 Oct 2008 13:10:06 -0700 + +cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low + + * Fixes for (LP: #272301) + * debian/initramfs/cryptroot-script: must source /scripts/functions to get + the log_*_msg() functions + * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle + + -- Dustin Kirkland Fri, 19 Sep 2008 18:03:28 -0500 + +cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low + + * drop almost all ubuntu specific changes from the cryptsetup package, + because they have been merged in debian. Thanks a lot! + * merge from debian, remaining changes: + - remove versioned build-depency on libdevmapper-dev, we are using a + rather sophisticated loop for making sure the root filesystem appears. + * debian/rules: fix location of ltmain.sh + * don't exit usplash anymore in the init script. LP: #110970, #139363 + * Disable error message 'failed to setup lvm device'. It is harmless, and + caused by the fact that the udev rules provided by lvm2 are setting up + the lvm on their own. In debian the scripts here are responsible for this + but obviously fail in ubuntu. LP: #151532 + + -- Reinhard Tartler Sat, 30 Aug 2008 17:52:16 +0200 + cryptsetup (2:1.0.6-6) unstable; urgency=high * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles @@ -704,6 +1169,79 @@ -- Jonas Meurer Mon, 07 Jul 2008 00:30:07 +0200 +cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low + + * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally + dropped in version 2:1.0.6-2ubuntu6. + + -- Reinhard Tartler Fri, 20 Jun 2008 15:15:54 +0200 + +cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low + + [ Kjell Braden ] + * load scripts/functions for log_{begin,end}_msg + * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device + * debian/initramfs/cryptroot-hook: copy binaries to the right directory + + [ Reinhard Tartler ] + * remove versioned build-depency on libdevmapper-dev, we are using a + rather sophisticated loop for making sure the root filesystem appears. + + -- Reinhard Tartler Wed, 18 Jun 2008 00:26:43 +0200 + +cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low + + * Okay, I give up. include preprocessed manpages and adapt + debian/rules to easily produce those. + ATTENTION: on subsequent uploads, make sure that the manpages are + available and up-to-date. + + -- Reinhard Tartler Sun, 15 Jun 2008 13:33:07 +0200 + +cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low + + * also use local dtd in debian/doc/variables.xml.in. + + -- Reinhard Tartler Sun, 15 Jun 2008 12:55:42 +0200 + +cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low + + * try harder to fix FTBFS. + + -- Reinhard Tartler Sun, 15 Jun 2008 11:42:54 +0200 + +cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low + + * build docbook documentation using local dtds instead of trying to + download them at buildtime. Fixes FTBFS. + + -- Reinhard Tartler Sun, 15 Jun 2008 11:12:28 +0200 + +cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low + + * Merge new debian version. Remaining changes: + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using + bzr on launchpad. + - debian/rules: cryptsetup is linked dynamically against libgcrypt and + libgpg-error. + - cryptdisks.functions: stop usplash on user input. LP #62751 + - Parse comments in lines not starting with '#', LP #185380 + - If the encrypted source device hasn't shown up yet, give it a + little while to deal with removable devices. LP #164044 + * Depend on race-free version of libdevmapper, thus making udevsettle + call from cryptsetup binary unnecessary. Dropping patch + debian/patches/06_run_udevsettle.patch + * remove patch from LP #73862, loading optimized modules has been solved + in debian in another way. + * cryptdisk.functions: remove spurious call to load_optimized_module. + LP: #239946 + * bugfix: make regex work if keyfile has extended attributes. LP: #231339. + * remove patch in cryptdisks.functions for rexecing the script itself for + ensuring that a tty is always available. (See LP #58794.) According to + Scott, this is not necessary anymore. + + -- Reinhard Tartler Sat, 14 Jun 2008 23:28:51 +0200 + cryptsetup (2:1.0.6-2) unstable; urgency=low [ Jonas Meurer ] @@ -729,6 +1267,54 @@ -- David Härdeman Mon, 26 May 2008 08:12:32 +0200 +cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low + + [ Kjell Braden ] + * Fix configuration parsing (LP: #239808) + + [ Reinhard Tartler ] + * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723) + + -- Reinhard Tartler Fri, 13 Jun 2008 21:26:17 +0200 + +cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low + + * Parse comments in lines not starting with '#', LP: #185380 + * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough + for the cryptdevice to appear. Reimplement the busy waiting loop found + while waiting for the root file system. Patch based on work by Swâmi + Petaramesh. LP: #164044 + * debian/crypdisks.functions: call 'env' with full path. LP: #178829. + + -- Reinhard Tartler Mon, 26 May 2008 22:12:32 +0200 + +cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low + + * Simplify the patch in debian/cryptdisks.functions that stops usplash + before asking for a passphrase. + + -- Reinhard Tartler Mon, 26 May 2008 20:18:14 +0200 + +cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low + + * Merge new debian version. Remaining changes: + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. + - stop usplash on user input. LP #62751 + - debian/cryptdisks.functions: Always output and read from the console. + LP #58794. + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using + bzr on launchpad. + - debian/initramfs/cryptroot-hook: LP #73862 + Added patch to install aes optimized cypher module + - try to load optimized cypher module in cryptsetup.functions as well, + because cryptroot-hook is only executed when we really have a + cryptoroot. + * other ubuntu changes have been merged into debian. Please report bugs + if you believe some patches have been dropped. + * removed 07_typos_fix.patch, has been reviewed and applied upstream. + + -- Reinhard Tartler Sun, 25 May 2008 22:52:30 +0200 + cryptsetup (2:1.0.6-1) unstable; urgency=low [ Jonas Meurer ] @@ -860,6 +1446,138 @@ -- Jonas Meurer Thu, 06 Dec 2007 15:56:05 +0100 +cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low + + * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181) + + -- Bruno Barrera Yever Mon, 07 Apr 2008 18:43:05 -0500 + +cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low + + * debian/initramfs/cryptroot-script: Do show the disk name after all, since + some people use multiple encrypted partitions as LVM PVs. (LP: #201413) + + -- Martin Pitt Sun, 06 Apr 2008 11:54:41 -0600 + +cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low + + * debian/initramfs/cryptroot-script: Do not mention the name of the + encrypted device. It is just technobabble anyway (sda4_crypt), and there + is just one root partition ever, so it is not needed to tell apart + different partitions. From a security POV, someone who can change your + initramfs to boot a different root partition can just as well change the + strings, too. (LP: #201413) + + -- Martin Pitt Wed, 02 Apr 2008 15:51:53 +0200 + +cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low + + * debian/scripts/luksformat: Use 256 bit key size by default. + (LP: #78508) + * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for + luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508) + + -- Martin Pitt Wed, 27 Feb 2008 17:43:46 +0100 + +cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low + + * Fix -x calls and access() call. + + -- Scott James Remnant Fri, 14 Dec 2007 16:54:53 +0000 + +cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low + + * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle + * debian/patches/06_call_udevsettle.dpatch: likewise + + -- Scott James Remnant Fri, 14 Dec 2007 16:11:36 +0000 + +cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low + + * Make cryptsetup understand devices specified by UUID=... or LABEL= + in crypttab. (LP: #153597) + + -- Andrea Colangelo Mon, 29 Oct 2007 18:22:51 +0100 + +cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low + + * reenable additional udevsettle calls in cryptroot hook from + https://launchpad.net/bugs/85640, LP: #132373. + * change maintainer to ubuntu-core-dev. + * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control. + + -- Reinhard Tartler Thu, 08 Nov 2007 23:52:19 +0100 + +cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low + + * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last + upload. Sorry, pitti. + * convert patch to lib/libdevmapper.c to a dpatch. + + -- Reinhard Tartler Sun, 04 Nov 2007 21:42:43 +0100 + +cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low + + * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation + events are being processed by calling /sbin/udevsettle. Patch based on + OpenSUSE bug #285478, LP: #132373. + * Based on the change above, the patch from LP #85640 is no longer needed. + dropping the relevant parts. + * Fix debian/rules to not fail to build if autom4te.cache is left behind + from a previous incomplete build. + + -- Reinhard Tartler Fri, 02 Nov 2007 20:53:31 +0100 + +cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low + + * debian/initramfs/cryptroot-script: + - If the supplied password worked, remove the prompt from usplash again, + so that the user has some visual feedback that everything is alright. + (LP: #151305) + - Do not show the UUID device node of the outer physical device. It is + scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not + improve security at all: If attackers can tamper with your initramfs, + they can also change the prompt, and if the UUID of the physical device + changes, then booting will not even get that far. Now it is a much more + friendly "Enter passphrase for sda5_crypt:" which is still technical, + but it's necessary to point out which device will be unlocked in case + there are several. + + -- Martin Pitt Thu, 11 Oct 2007 19:51:58 +0200 + +cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low + + * Merge new debian version. Remaining changes: + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. + This will break systems where /usr is a separate encrypted filesystem + but not have other bad consequences (in particular, systems with + encrypted root are still fine). The upsides include better + security supportability and smaller packages. + - libcryptsetup.so et al removed from the binary packages. They have + no stable ABI and are not suitable for use by other packages, and + were in violation of library policies etc. They're not needed since + the cryptsetup executable statically contains the relevant parts of + libcryptsetup. + - cryptdisks.functions: remove #!/bin/bash as it isn't a script + by itself; it's only sourced by other scripts. This gets rid + of the lintian warning `script-not-executable' for this file. + - stop usplash on user input. LP #62751 + - Always output and read from the console. LP #58794. + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using + bzr on launchpad. + - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate + libnsl linkage; + - debian/initramfs/cryptroot-hook: (LP: #73862) + Added patch to install aes optimized cypher module + - try to load optimized cypher module in cryptsetup.functions as well, + because cryptroot-hook is only executed when we really have a + cryptoroot. + - apply patch from pitti for allowing UUIDs in /etc/crypttab. + This allowes crypted PVs! LP: #144390. + - remove README.ubuntu, since it contains old and obsolete information. + + -- Reinhard Tartler Tue, 02 Oct 2007 21:31:28 +0200 + cryptsetup (2:1.0.5-2) unstable; urgency=low [ Jonas Meurer ] @@ -908,6 +1626,68 @@ -- Jonas Meurer Mon, 24 Sep 2007 15:42:06 +0200 +cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low + + * apply patch from pitti for allowing UUIDs in /etc/crypttab. + This allowes crypted PVs! LP: #144390. + * remove README.ubuntu, since it contains old and obsolete information. + + -- Reinhard Tartler Tue, 02 Oct 2007 19:59:24 +0200 + +cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low + + [ Stephan Hermann ] + * debian/initramfs/cryptroot-hook: (LP: #73862) + - Added patch to install aes optimized cypher module + + [ Reinhard Tartler ] + * re-applying old patch to new package version + * try to load optimized cypher module in cryptsetup.functions as well, + because cryptroot-hook is only executed when we really have a + cryptoroot. + + -- Reinhard Tartler Thu, 27 Sep 2007 19:38:48 +0200 + +cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low + + * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate + libnsl linkage; should finally produce a usable cryptsetup binary for + the udeb. + + -- Colin Watson Wed, 19 Sep 2007 15:28:52 +0100 + +cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low + + * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for + proper udeb dependencies. + + -- Colin Watson Wed, 19 Sep 2007 01:37:02 +0100 + +cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low + + * Merge new debian version. Remaining changes: + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. + This will break systems where /usr is a separate encrypted filesystem + but not have other bad consequences (in particular, systems with + encrypted root are still fine). The upsides include better + security supportability and smaller packages. + - libcryptsetup.so et al removed from the binary packages. They have + no stable ABI and are not suitable for use by other packages, and + were in violation of library policies etc. They're not needed since + the cryptsetup executable statically contains the relevant parts of + libcryptsetup. + - cryptdisks.functions: remove #!/bin/bash as it isn't a script + by itself; it's only sourced by other scripts. This gets rid + of the lintian warning `script-not-executable' for this file. + - stop usplash on user input. LP #62751 + - Always output and read from the console. LP #58794. + * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using + bzr on launchpad. + * UVF exception request granted by Scott Kitterman and Chuck Short + LP: #138295 + + -- Reinhard Tartler Sat, 08 Sep 2007 19:04:54 +0200 + cryptsetup (2:1.0.5-1) unstable; urgency=low [ Jonas Meurer ] @@ -928,6 +1708,66 @@ -- Jonas Meurer Fri, 27 Jul 2007 04:59:33 +0200 +cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low + + * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu + + -- Reinhard Tartler Sat, 08 Sep 2007 18:43:56 +0200 + +cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low + + * cryptsetup is linked dynamically against libgcrypt and libgpg-error. + This will break systems where /usr is a separate encrypted filesystem + but not have other bad consequences (in particular, systems with + encrypted root are still fine). The upsides include better + security supportability and smaller packages. + * libcryptsetup.so et al removed from the binary packages. They have + no stable ABI and are not suitable for use by other packages, and + were in violation of library policies etc. They're not needed since + the cryptsetup executable statically contains the relevant parts of + libcryptsetup. + * cryptdisks.functions: remove #!/bin/bash as it isn't a script + by itself; it's only sourced by other scripts. This gets rid + of the lintian warning `script-not-executable' for this file. + + -- Ian Jackson Fri, 31 Aug 2007 12:05:33 +0100 + +cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low + + * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions + (LP: #115617) + + -- Reinhard Tartler Tue, 29 May 2007 17:04:05 +0200 + +cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low + + * make luksformat check if filesystem is already mounted to prevent a + strange error message. thanks to mvo for the patch (LP: #116633) + * remove file debian/initramfs-cryptroot-script from source. it is not + installed anywhere, and a leftover from the last merge. + * add missing hunk of cryptsetup.functions compared to debian package. + * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to + debian/initramfs/cryptroot-script, since stgraber's patch has been + lost in the last merge. (LP: #85640) + + -- Reinhard Tartler Tue, 29 May 2007 15:02:57 +0200 + +cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low + + * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405) + + -- Reinhard Tartler Tue, 29 May 2007 13:31:39 +0200 + +cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable. Remaining Ubuntu changes: + - stop usplash on user input. Ubuntu: #62751 + - Always output and read from the console. Ubuntu: #58794. + - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) + * Modify Maintainer value to match Debian-Maintainer-Field Spec + + -- Andrea Veri Sun, 6 May 2007 22:33:25 +0200 + cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low * New upstream svn snapshot with several bugfixes @@ -980,6 +1820,20 @@ -- Jonas Meurer Sat, 28 Apr 2007 20:45:50 +0200 +cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low + + * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) + + -- Stéphane Graber Thu, 14 Apr 2007 10:03:41 +0200 + +cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low + + * merge debian changes. Remaining ubuntu changes: + - stop usplash on user input. Ubuntu: #62751 + - Always output and read from the console. Ubuntu: #58794. + + -- Reinhard Tartler Sat, 3 Feb 2007 21:30:03 +0100 + cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high [ Jonas Meurer ] @@ -1029,6 +1883,28 @@ -- Jonas Meurer Tue, 28 Nov 2006 18:17:12 +0100 +cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low + + * fix and improve initramfs hook: terminate usplash if running, since + adequate secure text input is not possible with usplash ATM + * usplash support: Terminate usplash before asking a password. + Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751 + + -- Reinhard Tartler Wed, 24 Jan 2007 22:43:28 +0100 + +cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low + + * merge debian changes, remaining patches: + - Always output and read from the console. Ubuntu: #58794. + * other changes have been merged or do noy apply anymore + * read password via usplash if available in initramfs for rootfs. based on a patch from + Swen Thümmler (Thanks for that!) Ubuntu #62751 + * read password from initscript via usplash if running. should fix the + rest of Ubuntu #62751. Only problem with that patch: It asks only once + for the password! improvements welcome! + + -- Reinhard Tartler Sun, 19 Nov 2006 20:04:19 +0100 + cryptsetup (2:1.0.4-8) unstable; urgency=high [ Jonas Meurer ] @@ -1186,6 +2062,27 @@ -- Jonas Meurer Mon, 4 Sep 2006 03:55:35 +0200 +cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low + + * Always output and read from the console. Ubuntu: #58794. + + -- Scott James Remnant Thu, 21 Sep 2006 03:05:18 +0100 + +cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low + + * Load the dm-crypt module on startup. Ubuntu: #53475. + + -- Scott James Remnant Wed, 23 Aug 2006 11:53:49 +0200 + +cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low + + * Sync with Debian: + Remaining Ubuntu Changes + + debian/cryptdisks.functions: + - Tell usplash to quit if we ask for a passphrase + + -- Sebastian Dröge Tue, 11 Jul 2006 20:03:27 +0200 + cryptsetup (2:1.0.3-3) unstable; urgency=low [ Jonas Meurer ] diff -Nru cryptsetup-1.3.0/debian/control cryptsetup-1.3.0/debian/control --- cryptsetup-1.3.0/debian/control 2011-05-17 13:14:31.000000000 +0100 +++ cryptsetup-1.3.0/debian/control 2011-06-02 00:33:03.000000000 +0100 @@ -1,18 +1,20 @@ Source: cryptsetup Section: admin Priority: optional -Maintainer: Debian Cryptsetup Team +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian Cryptsetup Team Uploaders: Jonas Meurer Build-Depends: libgcrypt11-dev (>= 1.4.6-3), libdevmapper-dev (>= 2:1.02.24-4), libpopt-dev, uuid-dev, libselinux1-dev, libsepol1-dev, libtool (>= 2.2), autoconf, automake, pkg-config, autopoint, gettext, debhelper (>= 6.0.7~), xsltproc, docbook-xml, docbook-xsl (>= 1.74.3+dfsg), dpkg-dev (>= 1.15.1), po-debconf Standards-Version: 3.9.2 Homepage: http://code.google.com/p/cryptsetup/ -Vcs-Browser: http://svn.debian.org/wsvn/pkg-cryptsetup/cryptsetup/trunk -Vcs-Svn: svn://svn.debian.org/svn/pkg-cryptsetup/cryptsetup/trunk +X-Debian-Vcs-Browser: http://svn.debian.org/wsvn/pkg-cryptsetup/cryptsetup/trunk +X-Debian-Vcs-Svn: svn://svn.debian.org/svn/pkg-cryptsetup/cryptsetup/trunk +Vcs-Bzr: https://code.launchpad.net/~ubuntu-core-dev/cryptsetup/ubuntu Package: cryptsetup Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, dmsetup -Suggests: udev, initramfs-tools (>= 0.91) | linux-initramfs-tool, busybox, dosfstools, liblocale-gettext-perl +Depends: ${shlibs:Depends}, ${misc:Depends}, dmsetup, initramfs-tools (>= 0.91) | linux-initramfs-tool, plymouth +Suggests: udev, busybox, dosfstools, liblocale-gettext-perl Provides: cryptsetup-luks Conflicts: cryptsetup-luks Replaces: cryptsetup-luks, hashalot (<< 0.3-2) diff -Nru cryptsetup-1.3.0/debian/cryptdisks-early.init cryptsetup-1.3.0/debian/cryptdisks-early.init --- cryptsetup-1.3.0/debian/cryptdisks-early.init 2011-05-10 02:24:36.000000000 +0100 +++ cryptsetup-1.3.0/debian/cryptdisks-early.init 2011-06-02 00:27:08.000000000 +0100 @@ -8,7 +8,7 @@ # X-Start-Before: lvm2 # X-Stop-After: lvm2 # X-Interactive: true -# Default-Start: S +# Default-Start: # Default-Stop: 0 6 # Short-Description: Setup early encrypted block devices. # Description: @@ -33,7 +33,6 @@ case "$1" in start) - do_start ;; stop) do_stop diff -Nru cryptsetup-1.3.0/debian/cryptdisks-enable.upstart cryptsetup-1.3.0/debian/cryptdisks-enable.upstart --- cryptsetup-1.3.0/debian/cryptdisks-enable.upstart 1970-01-01 01:00:00.000000000 +0100 +++ cryptsetup-1.3.0/debian/cryptdisks-enable.upstart 2011-06-02 00:27:08.000000000 +0100 @@ -0,0 +1,35 @@ +# cryptdisks - enable encrypted block devices +# +# Sweep up any devices in /etc/crypttab that have not yet been started at +# the end of udev coldplugging; this partly duplicates the cryptdisks-udev +# job, but is necessary because: +# - some devices may not be registered as ID_FS_USAGE=crypto by udev (e.g., +# random-encrypted devices), but we don't want to call the upstart job +# for every single block device +# - some devices can only be decrypted after other devices are decrypted and +# mounted first, so we need a two-pass system (like +# /etc/init.d/cryptdisks{,-early} previously) +# +# This job currently still does not guarantee a race-free startup; instances +# of cryptdisks-udev may be started in parallel with this job. + +description "enable remaining boot-time encrypted block devices" + +start on stopped udevtrigger + +task + +script + [ -r /lib/cryptsetup/cryptdisks.functions ] || { stop; exit 0; } + + . /lib/cryptsetup/cryptdisks.functions + + case "$CRYPTDISKS_ENABLE" in + [Nn]*) + exit 1 + ;; + esac + + INITSTATE="init" + do_start +end script diff -Nru cryptsetup-1.3.0/debian/cryptdisks.functions cryptsetup-1.3.0/debian/cryptdisks.functions --- cryptsetup-1.3.0/debian/cryptdisks.functions 2011-05-12 11:28:55.000000000 +0100 +++ cryptsetup-1.3.0/debian/cryptdisks.functions 2011-06-02 00:27:08.000000000 +0100 @@ -264,7 +264,7 @@ KEYSCRIPT="plymouth ask-for-password --prompt" keyscriptarg=$(printf "$keyscriptarg") else - KEYSCRIPT="/lib/cryptsetup/askpass" + KEYSCRIPT="/lib/udev/watershed /lib/cryptsetup/askpass" fi elif [ "$key" != "${key%/dev/*}" ]; then # no keyscript, device key => special treatment @@ -335,7 +335,7 @@ KEYSCRIPT="plymouth ask-for-password --prompt" keyscriptarg=$(printf "$keyscriptarg") else - KEYSCRIPT="/lib/cryptsetup/askpass" + KEYSCRIPT="/lib/udev/watershed /lib/cryptsetup/askpass" fi else # no keyscript, key => file input @@ -586,6 +586,29 @@ return 0 } +crypttab_start_one_disk () { + local dst src key opts result + local ret=0 + + egrep -v "^[[:space:]]*(#|$)" "$TABFILE" | while read dst src key opts; do + if [ "xUUID=$ID_FS_UUID" = "x$src" ]; then + src="/dev/disk/by-uuid/${src#UUID=}" + elif [ "xLABEL=$ID_FS_LABEL_ENC" = "x$src" ]; then + src="/dev/disk/by-label/${src#LABEL=}" + elif [ "x$1" != "x$src" ]; then + continue + fi + modprobe -qb dm-mod || true + modprobe -qb dm-crypt || true + dmsetup mknodes > /dev/null 2>&1 || true + # FIXME: no locking + mount_fs + handle_crypttab_line_start "$dst" "$src" "$key" "$opts" || ret=$? + umount_fs + done + return $ret +} + do_start () { local dst src key opts result @@ -596,6 +619,22 @@ mount_fs egrep -v "^[[:space:]]*(#|$)" "$TABFILE" | while read dst src key opts; do + dev_match="$src" + if [ "${dev_match#UUID=}" != "$dev_match" ]; then + dev_match="$(readlink -f /dev/disk/by-uuid/${dev_match#UUID=})" + elif [ "${dev_match#LABEL=}" != "$dev_match" ]; then + dev_match="$(readlink -f /dev/disk/by-label/${dev_match#LABEL=})" + fi + # if there's already a udev-triggered job running for this + # device, wait for it to finish, then re-process to confirm + # that it's started successfully. In the general case this + # will just be a no-op, but we don't want to defer to the + # other job entirely because this is the fallback for fixing + # up any ordering-dependent decrypting. + while status cryptdisks-udev DEVNAME="$dev_match" 2>&1 | grep -q 'start' + do + sleep 1 + done handle_crypttab_line_start "$dst" "$src" "$key" "$opts" <&3 || log_action_end_msg $? done 3<&1 umount_fs diff -Nru cryptsetup-1.3.0/debian/cryptdisks.init cryptsetup-1.3.0/debian/cryptdisks.init --- cryptsetup-1.3.0/debian/cryptdisks.init 2011-05-10 02:24:15.000000000 +0100 +++ cryptsetup-1.3.0/debian/cryptdisks.init 2011-06-02 00:27:08.000000000 +0100 @@ -8,7 +8,7 @@ # X-Start-Before: checkfs # X-Stop-After: umountfs # X-Interactive: true -# Default-Start: S +# Default-Start: # Default-Stop: 0 6 # Short-Description: Setup remaining encrypted block devices. # Description: @@ -33,7 +33,6 @@ case "$1" in start) - do_start ;; stop) do_stop diff -Nru cryptsetup-1.3.0/debian/cryptdisks-udev.upstart cryptsetup-1.3.0/debian/cryptdisks-udev.upstart --- cryptsetup-1.3.0/debian/cryptdisks-udev.upstart 1970-01-01 01:00:00.000000000 +0100 +++ cryptsetup-1.3.0/debian/cryptdisks-udev.upstart 2011-06-02 00:27:08.000000000 +0100 @@ -0,0 +1,23 @@ +# cryptdisks - enable encrypted block devices + +description "enable encrypted block devices" + +start on block-device-added ID_FS_USAGE=crypto +instance $DEVNAME + +task + +script + [ -r /lib/cryptsetup/cryptdisks.functions ] || { stop; exit 0; } + + . /lib/cryptsetup/cryptdisks.functions + + case "$CRYPTDISKS_ENABLE" in + [Nn]*) + exit 1 + ;; + esac + + INITSTATE=udev + crypttab_start_one_disk "$DEVNAME" +end script diff -Nru cryptsetup-1.3.0/debian/cryptsetup.dirs cryptsetup-1.3.0/debian/cryptsetup.dirs --- cryptsetup-1.3.0/debian/cryptsetup.dirs 2010-11-04 16:55:53.000000000 +0000 +++ cryptsetup-1.3.0/debian/cryptsetup.dirs 2011-06-02 00:27:08.000000000 +0100 @@ -11,3 +11,4 @@ /usr/share/initramfs-tools/conf-hooks.d /usr/share/man/man5 /usr/share/man/man8 +/usr/share/apport/package-hooks/ diff -Nru cryptsetup-1.3.0/debian/cryptsetup.postinst cryptsetup-1.3.0/debian/cryptsetup.postinst --- cryptsetup-1.3.0/debian/cryptsetup.postinst 2011-05-17 17:50:55.000000000 +0100 +++ cryptsetup-1.3.0/debian/cryptsetup.postinst 2011-06-02 00:27:08.000000000 +0100 @@ -20,6 +20,11 @@ update-initramfs -u fi + if dpkg --compare-versions "$2" lt "2:1.0.6+20090405.svn49-1ubuntu8" + then + rm -f /etc/rcS.d/S26cryptdisks-early /etc/rcS.d/S28cryptdisks + fi + # Do a number of checks on the currently installed crypttab egrep -v "^[[:space:]]*(#|$)" /etc/crypttab | while read dst src key opts; do diff -Nru cryptsetup-1.3.0/debian/rules cryptsetup-1.3.0/debian/rules --- cryptsetup-1.3.0/debian/rules 2011-05-17 16:28:33.000000000 +0100 +++ cryptsetup-1.3.0/debian/rules 2011-06-02 00:27:08.000000000 +0100 @@ -110,6 +110,7 @@ install -m 0755 debian/scripts/decrypt_* $(CURDIR)/debian/cryptsetup/lib/cryptsetup/scripts/ install -m 0755 debian/scripts/passdev $(CURDIR)/debian/cryptsetup/lib/cryptsetup/scripts/ install -m 0755 debian/askpass $(CURDIR)/debian/cryptsetup/lib/cryptsetup/ + install -m 0644 debian/cryptsetup.apport $(CURDIR)/debian/cryptsetup/usr/share/apport/package-hooks/cryptsetup.py install -m 0755 debian/initramfs/cryptgnupg-hook \ $(CURDIR)/debian/cryptsetup/usr/share/initramfs-tools/hooks/cryptgnupg install -m 0755 debian/initramfs/cryptkeyctl-hook \ @@ -150,8 +151,10 @@ dh_installchangelogs -a ChangeLog dh_installdocs -a dh_installexamples -a debian/scripts/gen-ssl-key - dh_installinit -a --no-start --name=cryptdisks-early --update-rcd-params="start 26 S . start 59 0 6 ." - dh_installinit -a --no-start --name=cryptdisks --update-rcd-params="start 28 S . start 48 0 6 ." + dh_installinit -a --no-start --name=cryptdisks-early --update-rcd-params="start 59 0 6 ." + dh_installinit -a --no-start --name=cryptdisks --update-rcd-params="start 48 0 6 ." + dh_installinit -a --no-start --name=cryptdisks-enable --upstart-only + dh_installinit -a --no-start --name=cryptdisks-udev --upstart-only dh_installman -a debian/doc/crypttab.5 debian/doc/cryptdisks_start.8 debian/doc/cryptdisks_stop.8 debian/luksformat.8 # Copy relevant parts to cryptsetup-udeb package cp -a $(CURDIR)/debian/cryptsetup/etc $(CURDIR)/debian/cryptsetup-udeb/