[ubuntu/lucid] cryptsetup 2:1.1.0~rc2-1ubuntu1 (Accepted)
Martin Pitt
martin.pitt at ubuntu.com
Wed Nov 11 14:10:13 GMT 2009
cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low
* Merge with Debian testing. Remaining Ubuntu changes:
- debian/rules: cryptsetup is linked dynamically against libgcrypt and
libgpg-error.
- Upstart migration:
+ Add debian/cryptdisks-enable.upstart.
+ debian/cryptdisks{,-early}.init: Make the 'start' action of the init
script a no-op, this should be handled entirely by the upstart job.
(LP #473615)
+ debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
upgrade.
+ debian/rules: Do not install start symlinks for those two, and install
debian/cryptdisks-enable.upstart scripts.
- Add debian/cryptsetup.apport: Apport package hook. Install in
debian/rules, and create dir in debian/cryptsetup.dirs.
- Start usplash in initramfs, since we need it for fancy passphrase input:
+ debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y
+ debian/control: Bump initramfs-tools Suggests to Depends:.
cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low
* new upstream release candidate (1.1.0-rc2), highlights include:
- new libcryptsetup API (documented in libcryptsetup.h)
- luksHeaderBackup and luksHeaderRestore commands (closes: #533643)
- use libgcrypt, enables all gcrypt hash algorithms for LUKS through
-h luksFormat option (closes: #387159, #537385)
- new --master-key-file option for luksFormat and luksAddKey
- use dm-uuid for all crypt devices, contains device type and name now
(closes: #548988, #549870)
- command successful messages moved to verbose level (closes: #541805)
- several code changes to improve speed of luksOpen (closes: #536415)
- luksSuspend and luksResume commands
* remove unneeded patches 03_read_rework and 04_no_stderr_success, update
02_manpage for new upstream release candidate.
* update patch to comply with DEP-3 (http://dep.debian.net/deps/dep3/)
* fix initramfs/cryptroot-hook to support setups where /dev/mapper/ contains
symlinks to devices at /dev/dm-*. the lvm2/device-mapper packages had
defaults changed to this temporary. it has been fixed in a subsequent
upload of lvm2 in the meantime, but still it's not a bad idea to be
prepared for such setups in the future. that way cryproot now supports
/dev/dm-* devices as well. (closes: #532579, #544487, #544773)
* fix initscript dependencies both for cryptdisks and cryptdisks-early.
thanks to Petter Reinholdtsen for bugreport and patch. (closes: #548356)
* finally change default behaviour of initscripts/cryptroot-hook to include
all available crypto modules into the initramfs. this change should fix
any problems with cryto modules missing from the initramfs. announce the
change in NEWS.Debian. (closes: #547597)
* add error messages to lvm detecting code in initramfs/cryptroot-script
in order to make debugging easier. (closes: #541248)
* implement detection of devices which are required by decrypt_derived
keyscript in initscripts/cryptroot-hook. that way setups where encrypted
swap has the key derived from non-root partitions should support suspend/
resume as well. (closes: #475838)
* remove outdated documentation from the source package: CryptoRoot.HowTo,
CheckSystem.Doc
* mention in README.initramfs that busybox is required for cryptroot to work
* stop creating /etc/keys in postinst maintainer script.
* update build system to include library files again: (closes: #480157)
- split into three packages: cryptsetup, libcryptsetup1, libcryptsetup-dev
- rename preinst to cryptsetup.preinst, copy code to create /etc/crypttab
skeleton into cryptsetup-udeb.preinst.
- build with --enable-shared and --enable-static for libcryptsetup.a
- create debian/libcryptsetup1.symbols with help of dpkg-gensymbols
* add debian/cryptsetup.lintian-override for two false positives
* raise build-depends on debhelper and debian/compat for that reason
* update README.remote to work with latest dropbear package. thanks to
debian at x.ray.net.
* make all crypttab fields available to keyscripts as environment variables.
thanks to ludwig nussel from suse for idea and implmentation. document
this in crypttab(5) manpage. impelement the same environment variables in
initramfs cryptroot script.
* fix formatting errors in crypttab(5) manpage.
cryptsetup (2:1.0.7-2) unstable; urgency=low
* add a paragraph to the cryptsetup manpage that mentions /proc/crypto as
source for available crypto ciphers, modes, hashs, keysizes, etc.
(closes: #518266)
* fix luksformat to check for mkfs.$fs both in /sbin and /usr/sbin. thanks
to Jon Dowland. (closes: #539734)
* mention era eriksson as author of the typo fixes for manpage (submitted as
bug #476624) in changelog of cryptsetup 2:1.0.6-3. (closes: #541344)
* bump standards-version to 3.8.3. no changes needed.
* add 04_no_stderr_success.patch, which adds an option to suppress success
messages to stderr. don't apply the patch as this already has been fixed
upstream in another way. next cryptsetup release will print the command
successfull message to stdout only if opt_verbose is set.
* add checkscripts blkid and un_blkid for the reason that vol_id will be
removed from udev soon. advertise the new scripts at all places that
mentioned vol_id or un_vol_id before.
* add /usr/share/bug/cryptsetup which adds /proc/cmdline, /etc/crypttab,
/etc/fstab and output of 'lsmod' to bugs against cryptsetup.
* add debian/README.remote, which describes how to setup a cryptroot system
with support for remote unlocking via ssh login into the initramfs. Thanks
to debian at x.ray.net for writing it down.
* update debian/copyright for current format from dep.debian.net/deps/dep5
* add chainiv, cryptomgr and krng to standard list of modules in initramfs
cryptroot hook. (closes: #541835)
* add a section describing LUKS header backups and related security
implications to README.Debian. a tool to automate this task should not be
distributed at all. (closes: #432150)
cryptsetup (2:1.0.7-1) unstable; urgency=low
* new upstream release, highlights include (diff from ~rc1):
- allow removal of last slot in luksRemoveKey and luksKillSlot
- eject unsupported --offset and --skip options for luksFormat
* make passdev accept a timeout option, thanks to Evgeni Golov for the patch.
(closes: #502598)
* finally add the cryptsource delay implementation from ubuntu, as it seems
to workaround some issues where appearance of the root device takes longer
than expected. (closes: #488271)
* execute udev_settle before $cryptremove if $cryptcreate fails at
setup_mapping() in the initramfs cryptroot script. it seems like a short
delay and/or udev_settly is needed in between of 'cryptsetup create' and
'cryptsetup remove'. thanks to Gernot Schilling for the bugreport.
(closes: #529527)
* talk about /dev/urandom instead of /dev/random in crypttab manpage.
(closes: #537344)
* check for $IGNORE before check_key() in handle_crypttab_line_start()
* rewrite error code handling:
- return 1 for errors in handle_crypttab_line_{start|stop}
- handle_crypttab_line_... || true needed due to set -e in initscript
- check for exit code of handle_crypttab_line_{start<stop} in
cryptdisks_{start|stop}, exit with proper status code (closes: #524173)
* add a counter to the while loop in cryptdisks_{start|stop}, in order to
detect if $dst was not found in crypttab. (closes: #524485)
* check for keyscript in the new location in initramfs/cryptopensc-hook.
* add README.opensc to docs, thanks to Benjamin Kiessling for writing it.
(closes: #514538)
* add patches/03_rework_read.patch [rework write_blockwise() and
read_blockwise()], but don't apply it yet as it's still experimental.
applying it will increase the speed of luksOpen.
cryptsetup (2:1.0.7~rc1-2) unstable; urgency=low
* flag the root device with rootdev option at /conf/conf.d/cryptroot in
initramfs hook, check for that flag before adding ROOT=$NEWROOT to
/conf/param.conf in initramfs script. that should prevent the initramfs
script from adding ROOT=$NEWROOT for resume devices. (closes: #535801)
cryptsetup (2:1.0.7~rc1-1) unstable; urgency=low
* new upstream release candidate, highlights include:
- use better error messages if device doesn't exist or is already used by
other mapping (closes: #492926)
- check device size when loading LUKS header
- add some error hint if dm-crypt mapping failed (key size and kernel
version check for XTS and LRW mode for now) (closes: #494584)
- display device name when asking for password
- retain readahead of underlying device, if devmapper version supports it
- set UUID in device-mapper for LUKS devices
- define device-mapper crypt UUID maximal length and check for its size
- add some checks for error codes, fixes warning: ignoring return value...
- update LUKS homepage in manpage to code.google.com/p/cryptsetup
* patches/01_fix_make_distclean.patch: removed, incorporated upstream
* patches/02_manpage.patch: updated, mostly incorporated upstream
* remove invokation of ./setup-gettext.sh from debian/rules.
* set $PATH in checks/xfs. Required to make /usr/sbin/xfs_admin work at early
boot stage. Thanks to Stefan Bender. (closes: #525118)
* update path to docbook-xsl stylesheet in debian/rules to
/usr/share/xml/docbook/stylesheet/docbook-xsl/. Add versioned build-depends
to docbook-xsl (>= 1.74.3+dfsg) for that reason.
* fix bashisms in scripts/decrypt_opensc, thanks to Raphael Geissert.
(closes: #530060)
* fix UUID and LABEL handling for cryptroot, thanks to Kees Cook and ubuntu.
(closes: #522041)
* add ROOT=$NEWROOT to /conf/param.conf in cryptroot initramfs script. This
is required for lilo to find the correct root device. Thanks to Pyotr
Berezhkov and Christian Schaarschmidt. (closes: #511447, #511840)
* replace mini autogen.sh with autoreconf in debian/rules. Thanks to Bastian
Kleineidam. (closes: #522798)
* support escaped newlines in askpass.c, thanks to Kees Cook and ubuntu.
(closes: #528133)
* use the same passphrase prompt in init script and initramfs script
* mention the incoherent behaviour of cryptsetup create/luksOpen with invalid
passwords/keys in cryptsetup manpage. (closes: #529359)
* bump standards-version to 3.8.2, no changes required.
* add 'X-Interactive: true' LSB-header to initscripts.
* fix bash_completion script to use 'command ls'. that way it now works with
aliased ls as well. thanks to Daniel Dehennin. (closes: #535351)
Date: Wed, 11 Nov 2009 15:04:27 +0100
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/cryptsetup/2:1.1.0~rc2-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 11 Nov 2009 15:04:27 +0100
Source: cryptsetup
Binary: cryptsetup cryptsetup-udeb libcryptsetup1 libcryptsetup-dev
Architecture: source
Version: 2:1.1.0~rc2-1ubuntu1
Distribution: lucid
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
cryptsetup - configures encrypted block devices
cryptsetup-udeb - configures encrypted block devices (udeb)
libcryptsetup-dev - libcryptsetup development files
libcryptsetup1 - libcryptsetup shared library
Closes: 387159 432150 475838 480157 488271 492926 494584 502598 511447 511840 514538 518266 522041 522798 524173 524485 525118 528133 529359 529527 530060 532579 533643 535351 535801 536415 537344 537385 539734 541248 541344 541805 541835 544487 544773 547597 548356 548988 549870
Changes:
cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low
.
* Merge with Debian testing. Remaining Ubuntu changes:
- debian/rules: cryptsetup is linked dynamically against libgcrypt and
libgpg-error.
- Upstart migration:
+ Add debian/cryptdisks-enable.upstart.
+ debian/cryptdisks{,-early}.init: Make the 'start' action of the init
script a no-op, this should be handled entirely by the upstart job.
(LP #473615)
+ debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
upgrade.
+ debian/rules: Do not install start symlinks for those two, and install
debian/cryptdisks-enable.upstart scripts.
- Add debian/cryptsetup.apport: Apport package hook. Install in
debian/rules, and create dir in debian/cryptsetup.dirs.
- Start usplash in initramfs, since we need it for fancy passphrase input:
+ debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y
+ debian/control: Bump initramfs-tools Suggests to Depends:.
.
cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low
.
* new upstream release candidate (1.1.0-rc2), highlights include:
- new libcryptsetup API (documented in libcryptsetup.h)
- luksHeaderBackup and luksHeaderRestore commands (closes: #533643)
- use libgcrypt, enables all gcrypt hash algorithms for LUKS through
-h luksFormat option (closes: #387159, #537385)
- new --master-key-file option for luksFormat and luksAddKey
- use dm-uuid for all crypt devices, contains device type and name now
(closes: #548988, #549870)
- command successful messages moved to verbose level (closes: #541805)
- several code changes to improve speed of luksOpen (closes: #536415)
- luksSuspend and luksResume commands
* remove unneeded patches 03_read_rework and 04_no_stderr_success, update
02_manpage for new upstream release candidate.
* update patch to comply with DEP-3 (http://dep.debian.net/deps/dep3/)
* fix initramfs/cryptroot-hook to support setups where /dev/mapper/ contains
symlinks to devices at /dev/dm-*. the lvm2/device-mapper packages had
defaults changed to this temporary. it has been fixed in a subsequent
upload of lvm2 in the meantime, but still it's not a bad idea to be
prepared for such setups in the future. that way cryproot now supports
/dev/dm-* devices as well. (closes: #532579, #544487, #544773)
* fix initscript dependencies both for cryptdisks and cryptdisks-early.
thanks to Petter Reinholdtsen for bugreport and patch. (closes: #548356)
* finally change default behaviour of initscripts/cryptroot-hook to include
all available crypto modules into the initramfs. this change should fix
any problems with cryto modules missing from the initramfs. announce the
change in NEWS.Debian. (closes: #547597)
* add error messages to lvm detecting code in initramfs/cryptroot-script
in order to make debugging easier. (closes: #541248)
* implement detection of devices which are required by decrypt_derived
keyscript in initscripts/cryptroot-hook. that way setups where encrypted
swap has the key derived from non-root partitions should support suspend/
resume as well. (closes: #475838)
* remove outdated documentation from the source package: CryptoRoot.HowTo,
CheckSystem.Doc
* mention in README.initramfs that busybox is required for cryptroot to work
* stop creating /etc/keys in postinst maintainer script.
* update build system to include library files again: (closes: #480157)
- split into three packages: cryptsetup, libcryptsetup1, libcryptsetup-dev
- rename preinst to cryptsetup.preinst, copy code to create /etc/crypttab
skeleton into cryptsetup-udeb.preinst.
- build with --enable-shared and --enable-static for libcryptsetup.a
- create debian/libcryptsetup1.symbols with help of dpkg-gensymbols
* add debian/cryptsetup.lintian-override for two false positives
* raise build-depends on debhelper and debian/compat for that reason
* update README.remote to work with latest dropbear package. thanks to
debian at x.ray.net.
* make all crypttab fields available to keyscripts as environment variables.
thanks to ludwig nussel from suse for idea and implmentation. document
this in crypttab(5) manpage. impelement the same environment variables in
initramfs cryptroot script.
* fix formatting errors in crypttab(5) manpage.
.
cryptsetup (2:1.0.7-2) unstable; urgency=low
.
* add a paragraph to the cryptsetup manpage that mentions /proc/crypto as
source for available crypto ciphers, modes, hashs, keysizes, etc.
(closes: #518266)
* fix luksformat to check for mkfs.$fs both in /sbin and /usr/sbin. thanks
to Jon Dowland. (closes: #539734)
* mention era eriksson as author of the typo fixes for manpage (submitted as
bug #476624) in changelog of cryptsetup 2:1.0.6-3. (closes: #541344)
* bump standards-version to 3.8.3. no changes needed.
* add 04_no_stderr_success.patch, which adds an option to suppress success
messages to stderr. don't apply the patch as this already has been fixed
upstream in another way. next cryptsetup release will print the command
successfull message to stdout only if opt_verbose is set.
* add checkscripts blkid and un_blkid for the reason that vol_id will be
removed from udev soon. advertise the new scripts at all places that
mentioned vol_id or un_vol_id before.
* add /usr/share/bug/cryptsetup which adds /proc/cmdline, /etc/crypttab,
/etc/fstab and output of 'lsmod' to bugs against cryptsetup.
* add debian/README.remote, which describes how to setup a cryptroot system
with support for remote unlocking via ssh login into the initramfs. Thanks
to debian at x.ray.net for writing it down.
* update debian/copyright for current format from dep.debian.net/deps/dep5
* add chainiv, cryptomgr and krng to standard list of modules in initramfs
cryptroot hook. (closes: #541835)
* add a section describing LUKS header backups and related security
implications to README.Debian. a tool to automate this task should not be
distributed at all. (closes: #432150)
.
cryptsetup (2:1.0.7-1) unstable; urgency=low
.
* new upstream release, highlights include (diff from ~rc1):
- allow removal of last slot in luksRemoveKey and luksKillSlot
- eject unsupported --offset and --skip options for luksFormat
* make passdev accept a timeout option, thanks to Evgeni Golov for the patch.
(closes: #502598)
* finally add the cryptsource delay implementation from ubuntu, as it seems
to workaround some issues where appearance of the root device takes longer
than expected. (closes: #488271)
* execute udev_settle before $cryptremove if $cryptcreate fails at
setup_mapping() in the initramfs cryptroot script. it seems like a short
delay and/or udev_settly is needed in between of 'cryptsetup create' and
'cryptsetup remove'. thanks to Gernot Schilling for the bugreport.
(closes: #529527)
* talk about /dev/urandom instead of /dev/random in crypttab manpage.
(closes: #537344)
* check for $IGNORE before check_key() in handle_crypttab_line_start()
* rewrite error code handling:
- return 1 for errors in handle_crypttab_line_{start|stop}
- handle_crypttab_line_... || true needed due to set -e in initscript
- check for exit code of handle_crypttab_line_{start<stop} in
cryptdisks_{start|stop}, exit with proper status code (closes: #524173)
* add a counter to the while loop in cryptdisks_{start|stop}, in order to
detect if $dst was not found in crypttab. (closes: #524485)
* check for keyscript in the new location in initramfs/cryptopensc-hook.
* add README.opensc to docs, thanks to Benjamin Kiessling for writing it.
(closes: #514538)
* add patches/03_rework_read.patch [rework write_blockwise() and
read_blockwise()], but don't apply it yet as it's still experimental.
applying it will increase the speed of luksOpen.
.
cryptsetup (2:1.0.7~rc1-2) unstable; urgency=low
.
* flag the root device with rootdev option at /conf/conf.d/cryptroot in
initramfs hook, check for that flag before adding ROOT=$NEWROOT to
/conf/param.conf in initramfs script. that should prevent the initramfs
script from adding ROOT=$NEWROOT for resume devices. (closes: #535801)
.
cryptsetup (2:1.0.7~rc1-1) unstable; urgency=low
.
* new upstream release candidate, highlights include:
- use better error messages if device doesn't exist or is already used by
other mapping (closes: #492926)
- check device size when loading LUKS header
- add some error hint if dm-crypt mapping failed (key size and kernel
version check for XTS and LRW mode for now) (closes: #494584)
- display device name when asking for password
- retain readahead of underlying device, if devmapper version supports it
- set UUID in device-mapper for LUKS devices
- define device-mapper crypt UUID maximal length and check for its size
- add some checks for error codes, fixes warning: ignoring return value...
- update LUKS homepage in manpage to code.google.com/p/cryptsetup
* patches/01_fix_make_distclean.patch: removed, incorporated upstream
* patches/02_manpage.patch: updated, mostly incorporated upstream
* remove invokation of ./setup-gettext.sh from debian/rules.
* set $PATH in checks/xfs. Required to make /usr/sbin/xfs_admin work at early
boot stage. Thanks to Stefan Bender. (closes: #525118)
* update path to docbook-xsl stylesheet in debian/rules to
/usr/share/xml/docbook/stylesheet/docbook-xsl/. Add versioned build-depends
to docbook-xsl (>= 1.74.3+dfsg) for that reason.
* fix bashisms in scripts/decrypt_opensc, thanks to Raphael Geissert.
(closes: #530060)
* fix UUID and LABEL handling for cryptroot, thanks to Kees Cook and ubuntu.
(closes: #522041)
* add ROOT=$NEWROOT to /conf/param.conf in cryptroot initramfs script. This
is required for lilo to find the correct root device. Thanks to Pyotr
Berezhkov and Christian Schaarschmidt. (closes: #511447, #511840)
* replace mini autogen.sh with autoreconf in debian/rules. Thanks to Bastian
Kleineidam. (closes: #522798)
* support escaped newlines in askpass.c, thanks to Kees Cook and ubuntu.
(closes: #528133)
* use the same passphrase prompt in init script and initramfs script
* mention the incoherent behaviour of cryptsetup create/luksOpen with invalid
passwords/keys in cryptsetup manpage. (closes: #529359)
* bump standards-version to 3.8.2, no changes required.
* add 'X-Interactive: true' LSB-header to initscripts.
* fix bash_completion script to use 'command ls'. that way it now works with
aliased ls as well. thanks to Daniel Dehennin. (closes: #535351)
Checksums-Sha1:
09c73528a4d72e313dddcab8df33af4613ad085d 1595 cryptsetup_1.1.0~rc2-1ubuntu1.dsc
eeed2f2fd1557b72997211108dc9ccb0aedc66a1 511212 cryptsetup_1.1.0~rc2.orig.tar.gz
246e7016e3a0cc9466da81736d5601ae75247f58 74488 cryptsetup_1.1.0~rc2-1ubuntu1.diff.gz
Checksums-Sha256:
1feea65037a6ec8022735ff52c4eaf49fb2b99aa9bb557378b6b050dc9fa150b 1595 cryptsetup_1.1.0~rc2-1ubuntu1.dsc
b3adc7f48eb1867752a4da7f7682cde8ca5bc8b098f47b7ed6475f4abe67da8a 511212 cryptsetup_1.1.0~rc2.orig.tar.gz
00811a8dae2138c588669d6920814646df903f74fe97b5df51f76d5a2229cf3f 74488 cryptsetup_1.1.0~rc2-1ubuntu1.diff.gz
Files:
b2e8eda1dd63f86676d52a0d78397211 1595 admin optional cryptsetup_1.1.0~rc2-1ubuntu1.dsc
4a5e5c8b04f8ec54ebb75b4b8ea3dff6 511212 admin optional cryptsetup_1.1.0~rc2.orig.tar.gz
b1f25f1fde66d4903545a8c9994d7b94 74488 admin optional cryptsetup_1.1.0~rc2-1ubuntu1.diff.gz
Original-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkr6xJsACgkQDecnbV4Fd/JavQCfc3FRY/6ZrxXw/ZBLS14larZN
QG0AniBS8T1J/E/rV3v2E/WsFXFW3zqi
=kqUP
-----END PGP SIGNATURE-----
More information about the Lucid-changes
mailing list