[ubuntu/maverick] cryptsetup 2:1.1.2-1ubuntu1 (Accepted)
Steve Langasek
steve.langasek at ubuntu.com
Tue Jun 29 09:45:20 BST 2010
cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low
* Merge from Debian unstable (LP: #594365). Remaining changes:
- debian/control:
+ Bump initramfs-tools Suggests to Depends: so system is not
potentially rendered unbootable.
+ Depend on plymouth.
- Add debian/cryptdisks-{enable,udev}.upstart.
- debian/cryptdisks.functions:
+ new function, crypttab_start_one_disk, to look for the named source
device in /etc/crypttab (by device name, UUID, or label) and start it
if configured to do so
+ wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
we only ever have one of these running at a time; otherwise multiple
invocations could steal each other's input and/or write over each
other's output
+ initially create the device under a temporary name and rename it only
at the end using 'dmsetup rename', to ensure that upstart/mountall
doesn't see our device before it's ready to go.
+ do_tmp should mount under /var/run/cryptsetup for changing the
permissions of the filesystem root, not directly on /tmp, since
mounting on /tmp a) is racy, b) confuses mountall something fierce.
+ when called by cryptdisks-enable, check that we don't already have a
corresponding cryptdisks-udev job running (probably waiting for a
passphrase); if there is, wait until it's finished before continuing.
- debian/cryptdisks{,-early}.init: Make the 'start' action of the init
script a no-op, this should be handled entirely by the upstart job;
and fix the LSB header to not declare this should be started in
runlevel 'S'
- debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
upgrade.
- debian/rules: Do not install start symlinks for init scripts, and
install debian/cryptdisks-{enable,udev}.upstart scripts.
- Add debian/cryptsetup.apport: Apport package hook. Install in
debian/rules and create dir in debian/cryptsetup.dirs.
- debian/rules: link dynamically against libgcrypt and libgpg-error.
- debian/cryptsetup.postrm: call update-initramfs on package removal.
* Dropped changes, merged/superseded in Debian:
- Add ext4 support to passdev.
- cryptroot-hook: don't call copy_modules_dir with empty arguments when
archcrypto isn't found
- Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into
the initramfs.
- change interaction to use plymouth directly if present, and if not, to
fall back to /lib/cryptsetup/askpass as before
- cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
- debian/initramfs/cryptroot-script: if plymouth is present in the
initramfs, use this directly, bypassing the cryptsetup askpass script
- debian/initramfs/cryptroot-hook: Properly anchor our regexps when
grepping /etc/crypttab so that we don't incorrectly match device names
that are substrings of one another.
- debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
file descriptor to subprocesses.
- Fix grammar error in debian/initramfs/cryptroot-script
("setup" -> "set up")
- debian/initramfs/cryptroot-script: Fix this to work with current
initramfs-tools:
+ Source /scripts/functions after checking for prerequisites.
+ prereqs(): Do not assume we are running within initramfs, and
calculate relative path correctly.
cryptsetup (2:1.1.2-1) unstable; urgency=low
* new upstream release, changes include:
- Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile.
(closes: #583397)
- Add verbose log level and move unlocking message there.
- Remove device even if underlying device disappeared (remove, luksClose).
(closes: #554600, #574126)
- Fix (deprecated) reload device command to accept new device argument.
* merged from ubuntu:
- if plymouth is present in the initramfs, use this directly, bypassing
the cryptsetup askpass script
- start usplash in initramfs, since we need it for fancy passphrase input
- Set FRAMEBUFFER=y in cryptroot-conf, to pull plymouth into the initramfs
- debian/initramfs/cryptroot-hook: Properly anchor our regexps when
grepping /etc/crypttab so that we don't incorrectly match device names
that are substrings of one another.
- debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
file descriptor to subprocesses.
* sync list of supported filesystems in passdev.c and cryptpassdev-hook
* fix debian/watch file to work with updated code.google.com download page
* stop building and shipping static libs (closes: #583387, #583471)
* improve documentation on (pre)checks in manpage. (closes: #583568, #583567)
* remove xfs and ext2 check scripts documentation from crypttab manpage,
blkid script can be used. thanks Christoph Anton Mitterer (closes: #583570)
cryptsetup (2:1.1.1-1) unstable; urgency=low
* new upstream release, changes include:
- detects and uses device-mapper udev support if available
- fix luksOpen reading of passphrase on stdin if "-" keyfile specified
- fix isLuks to initialise crypto backend (closes: #578979)
- fix luksClose operation for stacked DM devices
* remove all patches, they have all been merged upstream
* redirect output of copy_exec in add_device() from initramfs cryptroot
hook to stderr. fixes verbose run of mkinitramfs. (closes: #574163)
* acknowledge NMU. thanks to maximilian attems. (closes: #576488)
* change default for random key from /dev/random to /dev/urandom in
README.Debian, extend explanation. (closes: #579932)
* add comment to crypttab manpage about how to disable (pre)checks.
(closes: #574948)
* fix cryptdisks.functions to print cryptsource and crypttarget again at
the passphrase prompt. (closes: #578428)
* reorder build-depends, add pkg-config, change automake1.9 to automake
* add new lintian overrides
* switch to new dpkg source format "3.0 (quilt)", use upstream bzip tarball
* add ${misc:Depends} to depends for libcryptsetup-dev
* remove UID checks from initscripts, as these aren't meant to be invoked by
users anyway, and the UID checks introduced dependency on /usr filesystem.
* use grep -s for /etc/fstab in initramfs/cryptroot-hook. (closes: #580756)
* note that fs modules fore passdev devices need to be added to initramfs
in README.initramfs (closes: #580898)
* merged from ubuntu:
- Fix grammar error in debian/initramfs/cryptroot-script (closes: #581973)
* add busybox to suggests, thanks to martin michlmayr. (closes: #582914)
cryptsetup (2:1.1.0-2.1) unstable; urgency=low
* Non-maintainer upload.
[ Martin Pitt ]
* debian/initramfs/cryptroot-script: (closes: #576488)
- Source /scripts/functions after checking for prerequisites.
- prereqs(): Do not assume we are running within initramfs, and calculate
relative path correctly.
cryptsetup (2:1.1.0-2) unstable; urgency=low
* fix version in NEWS.Debian: 2:1.1.0~rc2-1 instead of 2:1.0.7-3.
* remove 'NOT RELEASED YET' from 2:1.1.0-1 changelog
* capitalize names in changelog
* mention the old default plain mode in changelog and NEWS, add a note that
debian-installer setups can ignore the warning, and warn for plain dm-crypt
mappings in crypttab that don't have set cipher, hash and size.
(closes: #573103, #573261)
cryptsetup (2:1.1.0-1) unstable; urgency=low
* new upstream stable release (1.1.0), notable changes since rc2:
- default key size for LUKS changed from 128 to 256 bits
- default plain mode changed from aes-cbc-plain to aes-cbc-essiv:sha256
- key slot and key diggest iteration minimum set to 1000
- convert hash name to lower case in header
* update patch 02_manpage
* add more supported filesystems to passdev.c, isofs->iso9660. thanks to
Christoph Anton Mitterer. (closes: #557405)
* update to standards-version 3.8.4, no changes needed
* accept spaces in $opts at postinst script. (closes: #559184)
* set extended $PATH in cryptdisks.functions. thanks to Christoph Anton
Mitterer. (closes: #557329)
* fix huge initramfs for archs which don't have kernel/arch directory.
thanks to martin michlmayr for bugreport and patch. (closes: #559510)
* support commandline options to mkfs in luksformat. thanks to Eduard
Bloch for bugreport and patch. (closes: #563975)
* extend error messages for evms setup in cryptroot-script
* add 03_luksAddKey.patch, to not verify unlocking passphrase in luksAddKey
command. (closes: #570418)
* add 04_crypto_init.patch, to properly initialise crypto backend in header
backup/restore commands.
* change build-dependency on cvs to new autopoint package (closes: #572463)
* rename decrypt_gpg keyscript to decrypt_gnupg, improve it based on ideas
by Christoph Anton Mitterer, mention the keyscript rename in NEWS.Debian.
Also, provide a initramfs cryptgnupg hook script. Thanks to Christoph
Anton Mitterer for bugreport and ideas. (closes: #560034)
* check for root privileges with '/usr/bin/id -u' in init scripts and
cryptdisks_{start|stop}. (closes: #563162)
Date: Mon, 14 Jun 2010 21:47:28 -0700
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/maverick/+source/cryptsetup/2:1.1.2-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 14 Jun 2010 21:47:28 -0700
Source: cryptsetup
Binary: cryptsetup cryptsetup-udeb libcryptsetup1 libcryptsetup-dev
Architecture: source
Version: 2:1.1.2-1ubuntu1
Distribution: maverick
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Description:
cryptsetup - configures encrypted block devices
cryptsetup-udeb - configures encrypted block devices (udeb)
libcryptsetup-dev - libcryptsetup development files
libcryptsetup1 - libcryptsetup shared library
Closes: 554600 557329 557405 559184 559510 560034 563162 563975 570418 572463 573103 573261 574126 574163 574948 576488 578428 578979 579932 580756 580898 581973 582914 583387 583397 583471 583567 583568 583570
Launchpad-Bugs-Fixed: 594365
Changes:
cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low
.
* Merge from Debian unstable (LP: #594365). Remaining changes:
- debian/control:
+ Bump initramfs-tools Suggests to Depends: so system is not
potentially rendered unbootable.
+ Depend on plymouth.
- Add debian/cryptdisks-{enable,udev}.upstart.
- debian/cryptdisks.functions:
+ new function, crypttab_start_one_disk, to look for the named source
device in /etc/crypttab (by device name, UUID, or label) and start it
if configured to do so
+ wrap the call to /lib/cryptsetup/askpass with watershed, to make sure
we only ever have one of these running at a time; otherwise multiple
invocations could steal each other's input and/or write over each
other's output
+ initially create the device under a temporary name and rename it only
at the end using 'dmsetup rename', to ensure that upstart/mountall
doesn't see our device before it's ready to go.
+ do_tmp should mount under /var/run/cryptsetup for changing the
permissions of the filesystem root, not directly on /tmp, since
mounting on /tmp a) is racy, b) confuses mountall something fierce.
+ when called by cryptdisks-enable, check that we don't already have a
corresponding cryptdisks-udev job running (probably waiting for a
passphrase); if there is, wait until it's finished before continuing.
- debian/cryptdisks{,-early}.init: Make the 'start' action of the init
script a no-op, this should be handled entirely by the upstart job;
and fix the LSB header to not declare this should be started in
runlevel 'S'
- debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on
upgrade.
- debian/rules: Do not install start symlinks for init scripts, and
install debian/cryptdisks-{enable,udev}.upstart scripts.
- Add debian/cryptsetup.apport: Apport package hook. Install in
debian/rules and create dir in debian/cryptsetup.dirs.
- debian/rules: link dynamically against libgcrypt and libgpg-error.
- debian/cryptsetup.postrm: call update-initramfs on package removal.
* Dropped changes, merged/superseded in Debian:
- Add ext4 support to passdev.
- cryptroot-hook: don't call copy_modules_dir with empty arguments when
archcrypto isn't found
- Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into
the initramfs.
- change interaction to use plymouth directly if present, and if not, to
fall back to /lib/cryptsetup/askpass as before
- cryptdisks.functions: replace 'echo -e' bashism with 'printf'.
- debian/initramfs/cryptroot-script: if plymouth is present in the
initramfs, use this directly, bypassing the cryptsetup askpass script
- debian/initramfs/cryptroot-hook: Properly anchor our regexps when
grepping /etc/crypttab so that we don't incorrectly match device names
that are substrings of one another.
- debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
file descriptor to subprocesses.
- Fix grammar error in debian/initramfs/cryptroot-script
("setup" -> "set up")
- debian/initramfs/cryptroot-script: Fix this to work with current
initramfs-tools:
+ Source /scripts/functions after checking for prerequisites.
+ prereqs(): Do not assume we are running within initramfs, and
calculate relative path correctly.
.
cryptsetup (2:1.1.2-1) unstable; urgency=low
.
* new upstream release, changes include:
- Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile.
(closes: #583397)
- Add verbose log level and move unlocking message there.
- Remove device even if underlying device disappeared (remove, luksClose).
(closes: #554600, #574126)
- Fix (deprecated) reload device command to accept new device argument.
* merged from ubuntu:
- if plymouth is present in the initramfs, use this directly, bypassing
the cryptsetup askpass script
- start usplash in initramfs, since we need it for fancy passphrase input
- Set FRAMEBUFFER=y in cryptroot-conf, to pull plymouth into the initramfs
- debian/initramfs/cryptroot-hook: Properly anchor our regexps when
grepping /etc/crypttab so that we don't incorrectly match device names
that are substrings of one another.
- debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot
file descriptor to subprocesses.
* sync list of supported filesystems in passdev.c and cryptpassdev-hook
* fix debian/watch file to work with updated code.google.com download page
* stop building and shipping static libs (closes: #583387, #583471)
* improve documentation on (pre)checks in manpage. (closes: #583568, #583567)
* remove xfs and ext2 check scripts documentation from crypttab manpage,
blkid script can be used. thanks Christoph Anton Mitterer (closes: #583570)
.
cryptsetup (2:1.1.1-1) unstable; urgency=low
.
* new upstream release, changes include:
- detects and uses device-mapper udev support if available
- fix luksOpen reading of passphrase on stdin if "-" keyfile specified
- fix isLuks to initialise crypto backend (closes: #578979)
- fix luksClose operation for stacked DM devices
* remove all patches, they have all been merged upstream
* redirect output of copy_exec in add_device() from initramfs cryptroot
hook to stderr. fixes verbose run of mkinitramfs. (closes: #574163)
* acknowledge NMU. thanks to maximilian attems. (closes: #576488)
* change default for random key from /dev/random to /dev/urandom in
README.Debian, extend explanation. (closes: #579932)
* add comment to crypttab manpage about how to disable (pre)checks.
(closes: #574948)
* fix cryptdisks.functions to print cryptsource and crypttarget again at
the passphrase prompt. (closes: #578428)
* reorder build-depends, add pkg-config, change automake1.9 to automake
* add new lintian overrides
* switch to new dpkg source format "3.0 (quilt)", use upstream bzip tarball
* add ${misc:Depends} to depends for libcryptsetup-dev
* remove UID checks from initscripts, as these aren't meant to be invoked by
users anyway, and the UID checks introduced dependency on /usr filesystem.
* use grep -s for /etc/fstab in initramfs/cryptroot-hook. (closes: #580756)
* note that fs modules fore passdev devices need to be added to initramfs
in README.initramfs (closes: #580898)
* merged from ubuntu:
- Fix grammar error in debian/initramfs/cryptroot-script (closes: #581973)
* add busybox to suggests, thanks to martin michlmayr. (closes: #582914)
.
cryptsetup (2:1.1.0-2.1) unstable; urgency=low
.
* Non-maintainer upload.
.
[ Martin Pitt ]
* debian/initramfs/cryptroot-script: (closes: #576488)
- Source /scripts/functions after checking for prerequisites.
- prereqs(): Do not assume we are running within initramfs, and calculate
relative path correctly.
.
cryptsetup (2:1.1.0-2) unstable; urgency=low
.
* fix version in NEWS.Debian: 2:1.1.0~rc2-1 instead of 2:1.0.7-3.
* remove 'NOT RELEASED YET' from 2:1.1.0-1 changelog
* capitalize names in changelog
* mention the old default plain mode in changelog and NEWS, add a note that
debian-installer setups can ignore the warning, and warn for plain dm-crypt
mappings in crypttab that don't have set cipher, hash and size.
(closes: #573103, #573261)
.
cryptsetup (2:1.1.0-1) unstable; urgency=low
.
* new upstream stable release (1.1.0), notable changes since rc2:
- default key size for LUKS changed from 128 to 256 bits
- default plain mode changed from aes-cbc-plain to aes-cbc-essiv:sha256
- key slot and key diggest iteration minimum set to 1000
- convert hash name to lower case in header
* update patch 02_manpage
* add more supported filesystems to passdev.c, isofs->iso9660. thanks to
Christoph Anton Mitterer. (closes: #557405)
* update to standards-version 3.8.4, no changes needed
* accept spaces in $opts at postinst script. (closes: #559184)
* set extended $PATH in cryptdisks.functions. thanks to Christoph Anton
Mitterer. (closes: #557329)
* fix huge initramfs for archs which don't have kernel/arch directory.
thanks to martin michlmayr for bugreport and patch. (closes: #559510)
* support commandline options to mkfs in luksformat. thanks to Eduard
Bloch for bugreport and patch. (closes: #563975)
* extend error messages for evms setup in cryptroot-script
* add 03_luksAddKey.patch, to not verify unlocking passphrase in luksAddKey
command. (closes: #570418)
* add 04_crypto_init.patch, to properly initialise crypto backend in header
backup/restore commands.
* change build-dependency on cvs to new autopoint package (closes: #572463)
* rename decrypt_gpg keyscript to decrypt_gnupg, improve it based on ideas
by Christoph Anton Mitterer, mention the keyscript rename in NEWS.Debian.
Also, provide a initramfs cryptgnupg hook script. Thanks to Christoph
Anton Mitterer for bugreport and ideas. (closes: #560034)
* check for root privileges with '/usr/bin/id -u' in init scripts and
cryptdisks_{start|stop}. (closes: #563162)
Checksums-Sha1:
0abca0b02bf3ace6f1679a6f0203eae9410e9acc 2227 cryptsetup_1.1.2-1ubuntu1.dsc
270580572c413facee359b29e5886ff2b4e6de1c 478501 cryptsetup_1.1.2.orig.tar.bz2
c1d09264cb906b79bb80b0c0d8fcee7ac9a481bc 81794 cryptsetup_1.1.2-1ubuntu1.debian.tar.gz
Checksums-Sha256:
aa4a5a6719356eed13ecb0aadb60735fe03fb79c1e76791fe835eca6dfc040b9 2227 cryptsetup_1.1.2-1ubuntu1.dsc
45972839fbb169b3ad5649454c217b7f5b0b3c8bf07e32f51a334a88217c7293 478501 cryptsetup_1.1.2.orig.tar.bz2
a2b028c27552af3dcbd4e47daef1ca7a8d12a4ba766522f1dcb5951bfe0f5be1 81794 cryptsetup_1.1.2-1ubuntu1.debian.tar.gz
Files:
3edcee7d85d864f0cab09328088e7ab6 2227 admin optional cryptsetup_1.1.2-1ubuntu1.dsc
f3928c1f1d49fcee39bb1e8d42fe707a 478501 admin optional cryptsetup_1.1.2.orig.tar.bz2
aa2e603a92f5b117302ae0cfb10d932d 81794 admin optional cryptsetup_1.1.2-1ubuntu1.debian.tar.gz
Original-Maintainer: Debian Cryptsetup Team <pkg-cryptsetup-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIVAwUBTCmxh1aNMPMhshM9AQiPZg/+LMJM1k0OOLvhNdKa/nJ/dx+dX0jL2oGa
V/KchXJGEXj5GcVYi0mUeTVtQcssgZA5VtdEnEMrRxP9DLYf700TNFWqmYCz2z9J
TrvsLJk64jDGzZLF2+EwY/n99IUDrYTw4s4zFgY7nwllY83Z1ilXRBXCujC506CL
+lgYDezv9ZhqpfKY3wluq00/fmQTKrwIG7isG8uuvh1Y5VTAmMI8Po9nw0Ekuwda
zm44xnjcr1X5tDHB2kpizevH+FKRm/xNMQqyRSRrgpKOVPEHB+D3852mj3yFZUEu
m0pYu77M5byJcx1OVHnqUZmQUA4y2LmLi3A4xSBYHkE+OTODDczchdDzWu2+Fy4s
fYK7UnKVBi5x+8FgpM1AKjYdoQrDWQLtHzyecv+vtEOSE+wYm9hlSvUNuE5UDc7H
JQh/0RPoYewefb5JeB/Ug6JmqznMasAfx7kDL2DMXU2jRri6QvprlHMIBEbd+pFi
uTIJ2OwUDP3QmlguhD3tX6SjgzSf7c97IoFsqCUyM6AOV1LnhG2+OiKWlM5JxSBu
Te1KLMgovdkW6WRwRlpa+6GnrnP3FBFlNiBpBNpc8GjD/lTShG6F44G9tlOgg0Si
D8xbQn7RE3i5SxdL1MNlM3sJzV1fEZwpIiL5/fiqtYLVhO220ozzSihv0Z57vAwt
z3eKv+eC4Zw=
=2GwF
-----END PGP SIGNATURE-----
More information about the Maverick-changes
mailing list