diffstat for cryptsetup-1.4.1 cryptsetup-1.4.1 changelog | 935 ++++++++++++++++++++++++++++++++++++++++++++++ control | 25 - cryptdisks-early.init | 3 cryptdisks-enable.upstart | 35 + cryptdisks-udev.upstart | 23 + cryptdisks.functions | 56 ++ cryptdisks.init | 3 cryptsetup-bin.dirs | 4 cryptsetup.dirs | 1 initramfs/cryptroot-hook | 17 rules | 33 - 11 files changed, 1101 insertions(+), 34 deletions(-) diff -Nru cryptsetup-1.4.1/debian/changelog cryptsetup-1.4.1/debian/changelog --- cryptsetup-1.4.1/debian/changelog 2012-02-12 14:51:20.000000000 +0000 +++ cryptsetup-1.4.1/debian/changelog 2012-04-14 03:23:22.000000000 +0000 @@ -1,3 +1,61 @@ +cryptsetup (2:1.4.1-2ubuntu4) precise; urgency=low + + * Our swap creation can trigger udev change events, which means udev may be + holding the device open at the time we try to call 'dmsetup rename' and + cause the /subsequent/ events to be missed because of dmsetup creating + device nodes by hand. So call 'udevadm settle' before 'dmsetup rename', + to ensure blkid is out of the way first. This should ensure swap + partitions are found by mountall in a non-racy manner. LP: #874774. + + -- Steve Langasek Fri, 13 Apr 2012 20:23:21 -0700 + +cryptsetup (2:1.4.1-2ubuntu3) precise; urgency=low + + * Start cryptdisks-enable upstart job on 'or container', to let us + simplify the udevtrigger job. + + -- Steve Langasek Wed, 04 Apr 2012 17:02:00 -0700 + +cryptsetup (2:1.4.1-2ubuntu2) precise; urgency=low + + * Split up package in cryptsetup and cryptsetup-bin. (LP: #343363). + * Do not overwrite existing filesystems when creating swap (LP: #474258). + * Add aesni module when we have hardware encryption. + + -- Jean-Louis Dupond Mon, 12 Mar 2012 10:14:30 +0100 + +cryptsetup (2:1.4.1-2ubuntu1) precise; urgency=low + + [ Jean-Louis Dupond ] + * Merge from debian unstable (LP: #776264), remaining changes: + - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message + in "init" phase, to avoid writing over fsck progress text. + - debian/cryptroot-hook: Quiet warnings from find on arches that + don't have all the kernel/{arch,crypto} bits we're testing for. + - debian/control: + + Bump initramfs-tools Suggests to Depends: so system is not + potentially rendered unbootable. + + Depend on plymouth. + - Add debian/cryptdisks-{enable,udev}.upstart. + - debian/cryptdisks.functions: + + new function, crypttab_start_one_disk, to look for the named source + device in /etc/crypttab (by device name, UUID, or label) and start it + if configured to do so + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init + script a no-op, this should be handled entirely by the upstart job; + and fix the LSB header to not declare this should be started in + runlevel 'S' + - debian/rules: + + Do not install start symlinks for init scripts, and + install debian/cryptdisks-{enable,udev}.upstart scripts. + + [ Steve Langasek ] + * debian/cryptdisks.functions: handle the case where crypttab contains a + name for the source device that is not the kernel's preferred name for + it (as is the case for LVs). + + -- Jean-Louis Dupond Thu, 08 Mar 2012 07:32:40 +0100 + cryptsetup (2:1.4.1-2) unstable; urgency=low * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182) @@ -207,6 +265,56 @@ -- Jonas Meurer Sun, 16 Jan 2011 01:01:03 +0100 +cryptsetup (2:1.1.3-4ubuntu3) precise; urgency=low + + [ Pali Rohar ] + * debian/cryptdisks.functions: Suppress "Starting init crypto disks" message + in "init" phase, to avoid writing over fsck progress text. + + -- Martin Pitt Wed, 26 Oct 2011 09:16:15 +0200 + +cryptsetup (2:1.1.3-4ubuntu2) oneiric; urgency=low + + * debian/cryptroot-hook: Quiet warnings from find on arches that + don't have all the kernel/{arch,crypto} bits we're testing for. + + -- Adam Conrad Sat, 01 Oct 2011 00:33:00 -0600 + +cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low + + * Merge from debian unstable (LP: #682177), remaining changes: + - debian/control: + + Bump initramfs-tools Suggests to Depends: so system is not + potentially rendered unbootable. + + Depend on plymouth. + - Add debian/cryptdisks-{enable,udev}.upstart. + - debian/cryptdisks.functions: + + new function, crypttab_start_one_disk, to look for the named source + device in /etc/crypttab (by device name, UUID, or label) and start it + if configured to do so + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure + we only ever have one of these running at a time; otherwise multiple + invocations could steal each other's input and/or write over each + other's output + + when called by cryptdisks-enable, check that we don't already have a + corresponding cryptdisks-udev job running (probably waiting for a + passphrase); if there is, wait until it's finished before continuing. + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init + script a no-op, this should be handled entirely by the upstart job; + and fix the LSB header to not declare this should be started in + runlevel 'S' + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on + upgrade. + - debian/rules: + + Do not install start symlinks for init scripts, and + install debian/cryptdisks-{enable,udev}.upstart scripts. + + link dynamically against libgcrypt and libgpg-error. + - Add debian/cryptsetup.apport: Apport package hook. Install in + debian/rules and create dir in debian/cryptsetup.dirs. + - debian/cryptsetup.postrm: call update-initramfs on package removal. + + -- Lorenzo De Liso Sat, 27 Nov 2010 17:37:43 +0100 + cryptsetup (2:1.1.3-4) unstable; urgency=high * bump standards-version to 3.9.1, no changes required @@ -312,6 +420,69 @@ -- Jonas Meurer Sat, 10 Jul 2010 14:32:40 +0200 +cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low + + * Merge from Debian unstable (LP: #594365). Remaining changes: + - debian/control: + + Bump initramfs-tools Suggests to Depends: so system is not + potentially rendered unbootable. + + Depend on plymouth. + - Add debian/cryptdisks-{enable,udev}.upstart. + - debian/cryptdisks.functions: + + new function, crypttab_start_one_disk, to look for the named source + device in /etc/crypttab (by device name, UUID, or label) and start it + if configured to do so + + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure + we only ever have one of these running at a time; otherwise multiple + invocations could steal each other's input and/or write over each + other's output + + initially create the device under a temporary name and rename it only + at the end using 'dmsetup rename', to ensure that upstart/mountall + doesn't see our device before it's ready to go. + + do_tmp should mount under /var/run/cryptsetup for changing the + permissions of the filesystem root, not directly on /tmp, since + mounting on /tmp a) is racy, b) confuses mountall something fierce. + + when called by cryptdisks-enable, check that we don't already have a + corresponding cryptdisks-udev job running (probably waiting for a + passphrase); if there is, wait until it's finished before continuing. + - debian/cryptdisks{,-early}.init: Make the 'start' action of the init + script a no-op, this should be handled entirely by the upstart job; + and fix the LSB header to not declare this should be started in + runlevel 'S' + - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on + upgrade. + - debian/rules: Do not install start symlinks for init scripts, and + install debian/cryptdisks-{enable,udev}.upstart scripts. + - Add debian/cryptsetup.apport: Apport package hook. Install in + debian/rules and create dir in debian/cryptsetup.dirs. + - debian/rules: link dynamically against libgcrypt and libgpg-error. + - debian/cryptsetup.postrm: call update-initramfs on package removal. + * Dropped changes, merged/superseded in Debian: + - Add ext4 support to passdev. + - cryptroot-hook: don't call copy_modules_dir with empty arguments when + archcrypto isn't found + - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into + the initramfs. + - change interaction to use plymouth directly if present, and if not, to + fall back to /lib/cryptsetup/askpass as before + - cryptdisks.functions: replace 'echo -e' bashism with 'printf'. + - debian/initramfs/cryptroot-script: if plymouth is present in the + initramfs, use this directly, bypassing the cryptsetup askpass script + - debian/initramfs/cryptroot-hook: Properly anchor our regexps when + grepping /etc/crypttab so that we don't incorrectly match device names + that are substrings of one another. + - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot + file descriptor to subprocesses. + - Fix grammar error in debian/initramfs/cryptroot-script + ("setup" -> "set up") + - debian/initramfs/cryptroot-script: Fix this to work with current + initramfs-tools: + + Source /scripts/functions after checking for prerequisites. + + prereqs(): Do not assume we are running within initramfs, and + calculate relative path correctly. + + -- Steve Langasek Mon, 14 Jun 2010 21:47:28 -0700 + cryptsetup (2:1.1.2-1) unstable; urgency=low * new upstream release, changes include: @@ -429,6 +600,171 @@ -- Jonas Meurer Mon, 08 Mar 2010 14:15:35 +0100 +cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low + + [ David Stansby ] + * Fix grammar error in debian/initramfs/cryptroot-script + ("setup" -> "set up") (LP: #578896) + + -- James Westby Mon, 17 May 2010 13:33:40 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low + + * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot + file descriptor to subprocesses. + + -- Colin Watson Mon, 29 Mar 2010 22:18:36 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low + + * debian/initramfs/cryptroot-hook: Properly anchor our regexps when + grepping /etc/crypttab so that we don't incorrectly match device names + that are substrings of one another. + * debian/cryptdisks-{enable,udev}.conf, debian/control: drop + 'console output' and add a hard dependency on plymouth instead of + watershed, to avoid spitting extra messages to the console. + + -- Steve Langasek Thu, 18 Feb 2010 06:19:19 -0800 + +cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low + + * Set FRAMEBUFFER=y in the file that we actually ship. + * debian/cryptsetup.postrm: call update-initramfs on package removal. + LP: #468228. + + -- Steve Langasek Mon, 25 Jan 2010 03:07:52 -0800 + +cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low + + * cryptdisks.functions: replace 'echo -e' bashism with 'printf'. + * cryptdisks.functions: when called by cryptdisks-enable, check that we + don't already have a corresponding cryptdisks-udev job running (probably + waiting for a passphrase); if there is, wait until it's finished before + continuing. + + -- Steve Langasek Thu, 21 Jan 2010 14:57:21 +0000 + +cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low + + * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the + initramfs. + * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the + invocation of plymouth, so that we actually get proper passphrase prompts + (once bug #496765 is fixed). + + -- Steve Langasek Sat, 16 Jan 2010 02:32:41 -0800 + +cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low + + * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for + changing the permissions of the filesystem root, not directly on /tmp, + since mounting on /tmp a) is racy, b) confuses mountall something fierce. + LP: #475936. + + -- Steve Langasek Tue, 22 Dec 2009 20:24:28 +0000 + +cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low + + * Depend on watershed. + + -- Steve Langasek Tue, 22 Dec 2009 01:37:36 +0000 + +cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low + + [ Steve Langasek ] + * Fix the LSB header in the init scripts, now that we don't install to + rcS.d. + + [ Martin Pitt ] + * debian/initramfs/cryptroot-script: Fix this to work with current + initramfs-tools: + - Source /scripts/functions after checking for prerequisites. + - prereqs(): Do not assume we are running within initramfs, and calculate + relative path correctly. + + -- Martin Pitt Fri, 18 Dec 2009 17:07:07 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low + + * Rename the upstart job introduced in the previous upload to + cryptdisks-udev and restore the previous version of the job as + cryptdisks-enable, to run at the end of udev coldplugging as before; + this isn't entirely race-free, but should nevertheless give us the + two passes needed to cover devices that are decrypted using keys stored + on other encrypted disks. LP: #443980. + + -- Steve Langasek Wed, 16 Dec 2009 06:41:30 +0000 + +cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low + + [ Steve Langasek ] + * debian/initramfs/cryptroot-script: if plymouth is present in the + initramfs, use this directly, bypassing the cryptsetup askpass script; + but keep support for these other frontends around on a transitional + basis. + * debian/cryptdisks.functions: + - change interaction to use plymouth directly if present, and if not, to + fall back to /lib/cryptsetup/askpass as before + - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure + we only ever have one of these running at a time; otherwise multiple + invocations could steal each other's input and/or write over each + other's output + - new function, crypttab_start_one_disk, to look for the named source + device in /etc/crypttab (by device name, UUID, or label) and start it + if configured to do so + * debian/cryptdisks-enable.upstart: run the upstart job once for each block + device, using the new crypttab_start_one_disk function, triggered by udev; + this doesn't eliminate the possibility of a race with gdm when the + decrypted volume isn't a 'bootwait' mount point (since gdm kills + plymouth), but it does eliminate the race between udev and cryptsetup. + LP: #454898. + * debian/cryptdisks-enable.upstart: check that the package is installed + and exit gracefully if it's not. LP: #435814 + * debian/cryptdisk.functions: initially create the device under a temporary + name and rename it only at the end using 'dmsetup rename', to ensure that + upstart/mountall doesn't see our device before it's ready to go. + LP: #475936. + + [ Colin Watson ] + * Add ext4 support to passdev. + + -- Steve Langasek Tue, 15 Dec 2009 18:05:45 -0800 + +cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low + + * cryptroot-hook: Use if [ -n … ] instead of if ! test -z …. + + -- Loïc Minier Sat, 12 Dec 2009 11:32:52 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low + + * cryptroot-hook: dont call copy_modules_dir with empty arguments when + archcrypto isnt found (LP: #495161) + + -- Oliver Grawert Fri, 11 Dec 2009 14:39:00 +0100 + +cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low + + * Merge with Debian testing. Remaining Ubuntu changes: + - debian/rules: cryptsetup is linked dynamically against libgcrypt and + libgpg-error. + - Upstart migration: + + Add debian/cryptdisks-enable.upstart. + + debian/cryptdisks{,-early}.init: Make the 'start' action of the init + script a no-op, this should be handled entirely by the upstart job. + (LP #473615) + + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on + upgrade. + + debian/rules: Do not install start symlinks for those two, and install + debian/cryptdisks-enable.upstart scripts. + - Add debian/cryptsetup.apport: Apport package hook. Install in + debian/rules, and create dir in debian/cryptsetup.dirs. + - Start usplash in initramfs, since we need it for fancy passphrase input: + + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y + + debian/control: Bump initramfs-tools Suggests to Depends:. + + -- Martin Pitt Wed, 11 Nov 2009 15:04:27 +0100 + cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low * new upstream release candidate (1.1.0-rc2), highlights include: @@ -602,6 +938,80 @@ -- Jonas Meurer Sat, 04 Jul 2009 15:52:06 +0200 +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low + + [ Steve Langasek ] + * Make the 'start' action of the init script a no-op, this should be + handled entirely by the upstart job now; and remove any symlinks from + /etc/rcS.d on upgrade. LP: #473615. + + [ Reinhard Tartler ] + * Add an apport hook + * import the blkid and un_blkid from debian, LP: #446517 + * also use this script by default (setting in /etc/default/cryptdisks) + + -- Steve Langasek Wed, 04 Nov 2009 12:06:47 +0000 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low + + * Reupload previous version, siretart had left changes in bzr which + weren't documented in the changelog and caused FTBFS. + + -- Scott James Remnant Wed, 14 Oct 2009 13:57:59 +0100 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low + + [ Steve Langasek ] + * Move the Debian Vcs- fields aside. + + [ Scott James Remnant ] + * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy, + cryptsetup should not need a controlling terminal, just a terminal + is fine. May fix LP: #439138. + + -- Scott James Remnant Wed, 14 Oct 2009 04:52:16 +0100 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low + + * debian/cryptdisks-enable.upstart: Things that often help include + not setting stdin/out to /dev/null, so you can actually type the + passphrase. I am an idiot. LP: #430496. + + -- Scott James Remnant Thu, 17 Sep 2009 17:58:01 +0100 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low + + * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted + disks once we've finished probing for udev devices, so that mountall + can use them. LP: #430496. + + -- Scott James Remnant Thu, 17 Sep 2009 00:04:00 +0100 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low + + * debian/initramfs/cryptroot-conf: declare that we want usplash included + in the initramfs whenever this package is installed. LP: #427356. + + -- Steve Langasek Tue, 15 Sep 2009 08:43:15 -0700 + +cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - Ubuntu specific: + + debian/rules: link dynamically for better security supportability and + smaller packages. + + debian/control: Depend on initramfs-tools so system is not potentially + rendered unbootable. + - debian/initramfs/cryptroot-script wait for encrypted device to appear, + report with log_*_msg (debian bug 488271). + - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL + correlation between fstab and crypttab (debian bug 522041). + - debian/askpass.c, debian/initramfs/cryptroot-script: using newline + escape in passphrase prompt to avoid line-wrapping (debian bug 528133). + * Drop 04_fix_udevsettle_call.patch: fixed upstream differently. + + -- Kees Cook Sun, 10 May 2009 17:29:32 -0700 + cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low * New upstream svn snapshot. Highlights include: @@ -643,6 +1053,67 @@ -- Jonas Meurer Mon, 06 Apr 2009 08:49:14 +0200 +cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low + + * debian/control: Depend on initramfs-tools so system is not potentially + rendered unbootable (LP: #358654). + + -- Kees Cook Thu, 09 Apr 2009 12:29:31 -0700 + +cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low + + * debian/initramfs/cryptroot-script: we don't require vol_id to understand + the encrypted device, but we should check the device is fully up first + before continuing by calling udevadm settle. LP: #291752. + + -- Steve Langasek Sat, 07 Mar 2009 21:39:14 -0800 + +cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low + + * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation + between fstab and crypttab (LP: #287879). + + -- TJ Mon, 16 Feb 2009 23:00:00 +0000 + +cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low + + * debian/askpass.c: also handle newline escape code in console prompt. + + -- Kees Cook Sun, 15 Feb 2009 08:57:05 -0800 + +cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low + + [ https://launchpad.net/~svenkata ] + * debian/checks/un_vol_id: dynamically build the "unknown volume type" + string, to allow for encrypted swap, LP: #316607 + + -- Dustin Kirkland Thu, 12 Feb 2009 16:57:30 -0600 + +cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low + + * debian/askpass.c: handle newline escape code in password prompt. + * debian/initramfs/cryptroot-script: add newline to split cryptroot + password prompt onto two lines for readability (LP: #326900). + + -- Kees Cook Sun, 08 Feb 2009 07:26:01 -0800 + +cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/initramfs/cryptroot-script: + - must source /scripts/functions to get the log_*_msg() functions. + - wait for encrypted device to show up (LP 164044, 291752). + - disable error message 'failed to setup lvm device' (LP 151532). + - debian/rules: + - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is + in Debian unstable). + - link dynamically (LP 62751). + - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle. + * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's + version is higher now. + + -- Kees Cook Tue, 06 Jan 2009 13:00:16 -0800 + cryptsetup (2:1.0.6-7) unstable; urgency=medium * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE @@ -687,6 +1158,38 @@ -- Jonas Meurer Wed, 17 Dec 2008 21:25:45 +0100 +cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low + + * debian/initramfs/cryptroot-script: do not require that vol_id + can parse the encrypted device as valid (LP: #291752). + + -- Kees Cook Fri, 31 Oct 2008 13:10:06 -0700 + +cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low + + * Fixes for (LP: #272301) + * debian/initramfs/cryptroot-script: must source /scripts/functions to get + the log_*_msg() functions + * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle + + -- Dustin Kirkland Fri, 19 Sep 2008 18:03:28 -0500 + +cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low + + * drop almost all ubuntu specific changes from the cryptsetup package, + because they have been merged in debian. Thanks a lot! + * merge from debian, remaining changes: + - remove versioned build-depency on libdevmapper-dev, we are using a + rather sophisticated loop for making sure the root filesystem appears. + * debian/rules: fix location of ltmain.sh + * don't exit usplash anymore in the init script. LP: #110970, #139363 + * Disable error message 'failed to setup lvm device'. It is harmless, and + caused by the fact that the udev rules provided by lvm2 are setting up + the lvm on their own. In debian the scripts here are responsible for this + but obviously fail in ubuntu. LP: #151532 + + -- Reinhard Tartler Sat, 30 Aug 2008 17:52:16 +0200 + cryptsetup (2:1.0.6-6) unstable; urgency=high * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles @@ -788,6 +1291,79 @@ -- Jonas Meurer Mon, 07 Jul 2008 00:30:07 +0200 +cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low + + * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally + dropped in version 2:1.0.6-2ubuntu6. + + -- Reinhard Tartler Fri, 20 Jun 2008 15:15:54 +0200 + +cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low + + [ Kjell Braden ] + * load scripts/functions for log_{begin,end}_msg + * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device + * debian/initramfs/cryptroot-hook: copy binaries to the right directory + + [ Reinhard Tartler ] + * remove versioned build-depency on libdevmapper-dev, we are using a + rather sophisticated loop for making sure the root filesystem appears. + + -- Reinhard Tartler Wed, 18 Jun 2008 00:26:43 +0200 + +cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low + + * Okay, I give up. include preprocessed manpages and adapt + debian/rules to easily produce those. + ATTENTION: on subsequent uploads, make sure that the manpages are + available and up-to-date. + + -- Reinhard Tartler Sun, 15 Jun 2008 13:33:07 +0200 + +cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low + + * also use local dtd in debian/doc/variables.xml.in. + + -- Reinhard Tartler Sun, 15 Jun 2008 12:55:42 +0200 + +cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low + + * try harder to fix FTBFS. + + -- Reinhard Tartler Sun, 15 Jun 2008 11:42:54 +0200 + +cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low + + * build docbook documentation using local dtds instead of trying to + download them at buildtime. Fixes FTBFS. + + -- Reinhard Tartler Sun, 15 Jun 2008 11:12:28 +0200 + +cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low + + * Merge new debian version. Remaining changes: + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using + bzr on launchpad. + - debian/rules: cryptsetup is linked dynamically against libgcrypt and + libgpg-error. + - cryptdisks.functions: stop usplash on user input. LP #62751 + - Parse comments in lines not starting with '#', LP #185380 + - If the encrypted source device hasn't shown up yet, give it a + little while to deal with removable devices. LP #164044 + * Depend on race-free version of libdevmapper, thus making udevsettle + call from cryptsetup binary unnecessary. Dropping patch + debian/patches/06_run_udevsettle.patch + * remove patch from LP #73862, loading optimized modules has been solved + in debian in another way. + * cryptdisk.functions: remove spurious call to load_optimized_module. + LP: #239946 + * bugfix: make regex work if keyfile has extended attributes. LP: #231339. + * remove patch in cryptdisks.functions for rexecing the script itself for + ensuring that a tty is always available. (See LP #58794.) According to + Scott, this is not necessary anymore. + + -- Reinhard Tartler Sat, 14 Jun 2008 23:28:51 +0200 + cryptsetup (2:1.0.6-2) unstable; urgency=low [ Jonas Meurer ] @@ -813,6 +1389,54 @@ -- David Härdeman Mon, 26 May 2008 08:12:32 +0200 +cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low + + [ Kjell Braden ] + * Fix configuration parsing (LP: #239808) + + [ Reinhard Tartler ] + * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723) + + -- Reinhard Tartler Fri, 13 Jun 2008 21:26:17 +0200 + +cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low + + * Parse comments in lines not starting with '#', LP: #185380 + * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough + for the cryptdevice to appear. Reimplement the busy waiting loop found + while waiting for the root file system. Patch based on work by Swâmi + Petaramesh. LP: #164044 + * debian/crypdisks.functions: call 'env' with full path. LP: #178829. + + -- Reinhard Tartler Mon, 26 May 2008 22:12:32 +0200 + +cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low + + * Simplify the patch in debian/cryptdisks.functions that stops usplash + before asking for a passphrase. + + -- Reinhard Tartler Mon, 26 May 2008 20:18:14 +0200 + +cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low + + * Merge new debian version. Remaining changes: + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. + - stop usplash on user input. LP #62751 + - debian/cryptdisks.functions: Always output and read from the console. + LP #58794. + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using + bzr on launchpad. + - debian/initramfs/cryptroot-hook: LP #73862 + Added patch to install aes optimized cypher module + - try to load optimized cypher module in cryptsetup.functions as well, + because cryptroot-hook is only executed when we really have a + cryptoroot. + * other ubuntu changes have been merged into debian. Please report bugs + if you believe some patches have been dropped. + * removed 07_typos_fix.patch, has been reviewed and applied upstream. + + -- Reinhard Tartler Sun, 25 May 2008 22:52:30 +0200 + cryptsetup (2:1.0.6-1) unstable; urgency=low [ Jonas Meurer ] @@ -944,6 +1568,138 @@ -- Jonas Meurer Thu, 06 Dec 2007 15:56:05 +0100 +cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low + + * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181) + + -- Bruno Barrera Yever Mon, 07 Apr 2008 18:43:05 -0500 + +cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low + + * debian/initramfs/cryptroot-script: Do show the disk name after all, since + some people use multiple encrypted partitions as LVM PVs. (LP: #201413) + + -- Martin Pitt Sun, 06 Apr 2008 11:54:41 -0600 + +cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low + + * debian/initramfs/cryptroot-script: Do not mention the name of the + encrypted device. It is just technobabble anyway (sda4_crypt), and there + is just one root partition ever, so it is not needed to tell apart + different partitions. From a security POV, someone who can change your + initramfs to boot a different root partition can just as well change the + strings, too. (LP: #201413) + + -- Martin Pitt Wed, 02 Apr 2008 15:51:53 +0200 + +cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low + + * debian/scripts/luksformat: Use 256 bit key size by default. + (LP: #78508) + * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for + luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508) + + -- Martin Pitt Wed, 27 Feb 2008 17:43:46 +0100 + +cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low + + * Fix -x calls and access() call. + + -- Scott James Remnant Fri, 14 Dec 2007 16:54:53 +0000 + +cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low + + * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle + * debian/patches/06_call_udevsettle.dpatch: likewise + + -- Scott James Remnant Fri, 14 Dec 2007 16:11:36 +0000 + +cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low + + * Make cryptsetup understand devices specified by UUID=... or LABEL= + in crypttab. (LP: #153597) + + -- Andrea Colangelo Mon, 29 Oct 2007 18:22:51 +0100 + +cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low + + * reenable additional udevsettle calls in cryptroot hook from + https://launchpad.net/bugs/85640, LP: #132373. + * change maintainer to ubuntu-core-dev. + * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control. + + -- Reinhard Tartler Thu, 08 Nov 2007 23:52:19 +0100 + +cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low + + * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last + upload. Sorry, pitti. + * convert patch to lib/libdevmapper.c to a dpatch. + + -- Reinhard Tartler Sun, 04 Nov 2007 21:42:43 +0100 + +cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low + + * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation + events are being processed by calling /sbin/udevsettle. Patch based on + OpenSUSE bug #285478, LP: #132373. + * Based on the change above, the patch from LP #85640 is no longer needed. + dropping the relevant parts. + * Fix debian/rules to not fail to build if autom4te.cache is left behind + from a previous incomplete build. + + -- Reinhard Tartler Fri, 02 Nov 2007 20:53:31 +0100 + +cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low + + * debian/initramfs/cryptroot-script: + - If the supplied password worked, remove the prompt from usplash again, + so that the user has some visual feedback that everything is alright. + (LP: #151305) + - Do not show the UUID device node of the outer physical device. It is + scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not + improve security at all: If attackers can tamper with your initramfs, + they can also change the prompt, and if the UUID of the physical device + changes, then booting will not even get that far. Now it is a much more + friendly "Enter passphrase for sda5_crypt:" which is still technical, + but it's necessary to point out which device will be unlocked in case + there are several. + + -- Martin Pitt Thu, 11 Oct 2007 19:51:58 +0200 + +cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low + + * Merge new debian version. Remaining changes: + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. + This will break systems where /usr is a separate encrypted filesystem + but not have other bad consequences (in particular, systems with + encrypted root are still fine). The upsides include better + security supportability and smaller packages. + - libcryptsetup.so et al removed from the binary packages. They have + no stable ABI and are not suitable for use by other packages, and + were in violation of library policies etc. They're not needed since + the cryptsetup executable statically contains the relevant parts of + libcryptsetup. + - cryptdisks.functions: remove #!/bin/bash as it isn't a script + by itself; it's only sourced by other scripts. This gets rid + of the lintian warning `script-not-executable' for this file. + - stop usplash on user input. LP #62751 + - Always output and read from the console. LP #58794. + - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using + bzr on launchpad. + - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate + libnsl linkage; + - debian/initramfs/cryptroot-hook: (LP: #73862) + Added patch to install aes optimized cypher module + - try to load optimized cypher module in cryptsetup.functions as well, + because cryptroot-hook is only executed when we really have a + cryptoroot. + - apply patch from pitti for allowing UUIDs in /etc/crypttab. + This allowes crypted PVs! LP: #144390. + - remove README.ubuntu, since it contains old and obsolete information. + + -- Reinhard Tartler Tue, 02 Oct 2007 21:31:28 +0200 + cryptsetup (2:1.0.5-2) unstable; urgency=low [ Jonas Meurer ] @@ -992,6 +1748,68 @@ -- Jonas Meurer Mon, 24 Sep 2007 15:42:06 +0200 +cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low + + * apply patch from pitti for allowing UUIDs in /etc/crypttab. + This allowes crypted PVs! LP: #144390. + * remove README.ubuntu, since it contains old and obsolete information. + + -- Reinhard Tartler Tue, 02 Oct 2007 19:59:24 +0200 + +cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low + + [ Stephan Hermann ] + * debian/initramfs/cryptroot-hook: (LP: #73862) + - Added patch to install aes optimized cypher module + + [ Reinhard Tartler ] + * re-applying old patch to new package version + * try to load optimized cypher module in cryptsetup.functions as well, + because cryptroot-hook is only executed when we really have a + cryptoroot. + + -- Reinhard Tartler Thu, 27 Sep 2007 19:38:48 +0200 + +cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low + + * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate + libnsl linkage; should finally produce a usable cryptsetup binary for + the udeb. + + -- Colin Watson Wed, 19 Sep 2007 15:28:52 +0100 + +cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low + + * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for + proper udeb dependencies. + + -- Colin Watson Wed, 19 Sep 2007 01:37:02 +0100 + +cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low + + * Merge new debian version. Remaining changes: + - cryptsetup is linked dynamically against libgcrypt and libgpg-error. + This will break systems where /usr is a separate encrypted filesystem + but not have other bad consequences (in particular, systems with + encrypted root are still fine). The upsides include better + security supportability and smaller packages. + - libcryptsetup.so et al removed from the binary packages. They have + no stable ABI and are not suitable for use by other packages, and + were in violation of library policies etc. They're not needed since + the cryptsetup executable statically contains the relevant parts of + libcryptsetup. + - cryptdisks.functions: remove #!/bin/bash as it isn't a script + by itself; it's only sourced by other scripts. This gets rid + of the lintian warning `script-not-executable' for this file. + - stop usplash on user input. LP #62751 + - Always output and read from the console. LP #58794. + * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using + bzr on launchpad. + * UVF exception request granted by Scott Kitterman and Chuck Short + LP: #138295 + + -- Reinhard Tartler Sat, 08 Sep 2007 19:04:54 +0200 + cryptsetup (2:1.0.5-1) unstable; urgency=low [ Jonas Meurer ] @@ -1012,6 +1830,66 @@ -- Jonas Meurer Fri, 27 Jul 2007 04:59:33 +0200 +cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low + + * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu + + -- Reinhard Tartler Sat, 08 Sep 2007 18:43:56 +0200 + +cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low + + * cryptsetup is linked dynamically against libgcrypt and libgpg-error. + This will break systems where /usr is a separate encrypted filesystem + but not have other bad consequences (in particular, systems with + encrypted root are still fine). The upsides include better + security supportability and smaller packages. + * libcryptsetup.so et al removed from the binary packages. They have + no stable ABI and are not suitable for use by other packages, and + were in violation of library policies etc. They're not needed since + the cryptsetup executable statically contains the relevant parts of + libcryptsetup. + * cryptdisks.functions: remove #!/bin/bash as it isn't a script + by itself; it's only sourced by other scripts. This gets rid + of the lintian warning `script-not-executable' for this file. + + -- Ian Jackson Fri, 31 Aug 2007 12:05:33 +0100 + +cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low + + * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions + (LP: #115617) + + -- Reinhard Tartler Tue, 29 May 2007 17:04:05 +0200 + +cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low + + * make luksformat check if filesystem is already mounted to prevent a + strange error message. thanks to mvo for the patch (LP: #116633) + * remove file debian/initramfs-cryptroot-script from source. it is not + installed anywhere, and a leftover from the last merge. + * add missing hunk of cryptsetup.functions compared to debian package. + * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to + debian/initramfs/cryptroot-script, since stgraber's patch has been + lost in the last merge. (LP: #85640) + + -- Reinhard Tartler Tue, 29 May 2007 15:02:57 +0200 + +cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low + + * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405) + + -- Reinhard Tartler Tue, 29 May 2007 13:31:39 +0200 + +cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low + + * Merge from Debian unstable. Remaining Ubuntu changes: + - stop usplash on user input. Ubuntu: #62751 + - Always output and read from the console. Ubuntu: #58794. + - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) + * Modify Maintainer value to match Debian-Maintainer-Field Spec + + -- Andrea Veri Sun, 6 May 2007 22:33:25 +0200 + cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low * New upstream svn snapshot with several bugfixes @@ -1064,6 +1942,20 @@ -- Jonas Meurer Sat, 28 Apr 2007 20:45:50 +0200 +cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low + + * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) + + -- Stéphane Graber Thu, 14 Apr 2007 10:03:41 +0200 + +cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low + + * merge debian changes. Remaining ubuntu changes: + - stop usplash on user input. Ubuntu: #62751 + - Always output and read from the console. Ubuntu: #58794. + + -- Reinhard Tartler Sat, 3 Feb 2007 21:30:03 +0100 + cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high [ Jonas Meurer ] @@ -1113,6 +2005,28 @@ -- Jonas Meurer Tue, 28 Nov 2006 18:17:12 +0100 +cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low + + * fix and improve initramfs hook: terminate usplash if running, since + adequate secure text input is not possible with usplash ATM + * usplash support: Terminate usplash before asking a password. + Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751 + + -- Reinhard Tartler Wed, 24 Jan 2007 22:43:28 +0100 + +cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low + + * merge debian changes, remaining patches: + - Always output and read from the console. Ubuntu: #58794. + * other changes have been merged or do noy apply anymore + * read password via usplash if available in initramfs for rootfs. based on a patch from + Swen Thümmler (Thanks for that!) Ubuntu #62751 + * read password from initscript via usplash if running. should fix the + rest of Ubuntu #62751. Only problem with that patch: It asks only once + for the password! improvements welcome! + + -- Reinhard Tartler Sun, 19 Nov 2006 20:04:19 +0100 + cryptsetup (2:1.0.4-8) unstable; urgency=high [ Jonas Meurer ] @@ -1270,6 +2184,27 @@ -- Jonas Meurer Mon, 4 Sep 2006 03:55:35 +0200 +cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low + + * Always output and read from the console. Ubuntu: #58794. + + -- Scott James Remnant Thu, 21 Sep 2006 03:05:18 +0100 + +cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low + + * Load the dm-crypt module on startup. Ubuntu: #53475. + + -- Scott James Remnant Wed, 23 Aug 2006 11:53:49 +0200 + +cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low + + * Sync with Debian: + Remaining Ubuntu Changes + + debian/cryptdisks.functions: + - Tell usplash to quit if we ask for a passphrase + + -- Sebastian Dröge Tue, 11 Jul 2006 20:03:27 +0200 + cryptsetup (2:1.0.3-3) unstable; urgency=low [ Jonas Meurer ] diff -Nru cryptsetup-1.4.1/debian/control cryptsetup-1.4.1/debian/control --- cryptsetup-1.4.1/debian/control 2012-02-04 01:31:57.000000000 +0000 +++ cryptsetup-1.4.1/debian/control 2012-03-13 21:25:35.000000000 +0000 @@ -1,23 +1,25 @@ Source: cryptsetup Section: admin Priority: optional -Maintainer: Debian Cryptsetup Team +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian Cryptsetup Team Uploaders: Jonas Meurer Build-Depends: libgcrypt11-dev (>= 1.4.6-3), libdevmapper-dev (>= 2:1.02.24-4), libpopt-dev, uuid-dev, libselinux1-dev, libsepol1-dev, libtool (>= 2.2), autoconf, automake, pkg-config, autopoint, gettext, debhelper (>= 6.0.7~), xsltproc, docbook-xml, docbook-xsl (>= 1.74.3+dfsg), dpkg-dev (>= 1.15.1), po-debconf Standards-Version: 3.9.2 Homepage: http://code.google.com/p/cryptsetup/ -Vcs-Browser: http://svn.debian.org/wsvn/pkg-cryptsetup/cryptsetup/trunk -Vcs-Svn: svn://svn.debian.org/svn/pkg-cryptsetup/cryptsetup/trunk +X-Debian-Vcs-Browser: http://svn.debian.org/wsvn/pkg-cryptsetup/cryptsetup/trunk +X-Debian-Vcs-Svn: svn://svn.debian.org/svn/pkg-cryptsetup/cryptsetup/trunk +Vcs-Bzr: https://code.launchpad.net/~ubuntu-core-dev/cryptsetup/ubuntu Package: cryptsetup Architecture: linux-any -Depends: ${shlibs:Depends}, ${misc:Depends}, dmsetup -Suggests: udev, initramfs-tools (>= 0.91) | linux-initramfs-tool, busybox, dosfstools, liblocale-gettext-perl +Depends: ${shlibs:Depends}, ${misc:Depends}, dmsetup, initramfs-tools (>= 0.91) | linux-initramfs-tool, plymouth, cryptsetup-bin +Suggests: udev, busybox, dosfstools, liblocale-gettext-perl Provides: cryptsetup-luks Conflicts: cryptsetup-luks Replaces: cryptsetup-luks, hashalot (<< 0.3-2) Breaks: hashalot (<< 0.3-2) -Description: disk encryption support - commandline tools +Description: disk encryption support - startup scripts Cryptsetup provides an interface for configuring encryption on block devices (such as /home or swap partitions), using the Linux kernel device mapper target dm-crypt. It features integrated Linux Unified Key @@ -29,6 +31,17 @@ file /etc/crypttab. Additional features are cryptoroot support through initramfs-tools and several supported ways to read a passphrase or key. +Package: cryptsetup-bin +Architecture: linux-any +Depends: ${shlibs:Depends}, ${misc:Depends} +Breaks: cryptsetup (<< 2:1.4.1-2ubuntu2~) +Replaces: cryptsetup (<< 2:1.4.1-2ubuntu2~) +Description: disk encryption support - command line tools + Cryptsetup provides an interface for configuring encryption on block + devices (such as /home or swap partitions), using the Linux kernel + device mapper target dm-crypt. It features integrated Linux Unified Key + Setup (LUKS) support. + Package: libcryptsetup4 Section: libs Architecture: linux-any diff -Nru cryptsetup-1.4.1/debian/cryptdisks-early.init cryptsetup-1.4.1/debian/cryptdisks-early.init --- cryptsetup-1.4.1/debian/cryptdisks-early.init 2011-09-19 10:46:19.000000000 +0000 +++ cryptsetup-1.4.1/debian/cryptdisks-early.init 2012-03-08 20:40:21.000000000 +0000 @@ -8,7 +8,7 @@ # X-Start-Before: lvm2 # X-Stop-After: lvm2 # X-Interactive: true -# Default-Start: S +# Default-Start: # Default-Stop: 0 6 # Short-Description: Setup early encrypted block devices. # Description: @@ -33,7 +33,6 @@ case "$1" in start) - do_start ;; stop) do_stop diff -Nru cryptsetup-1.4.1/debian/cryptdisks-enable.upstart cryptsetup-1.4.1/debian/cryptdisks-enable.upstart --- cryptsetup-1.4.1/debian/cryptdisks-enable.upstart 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-1.4.1/debian/cryptdisks-enable.upstart 2012-04-05 00:31:39.000000000 +0000 @@ -0,0 +1,35 @@ +# cryptdisks - enable encrypted block devices +# +# Sweep up any devices in /etc/crypttab that have not yet been started at +# the end of udev coldplugging; this partly duplicates the cryptdisks-udev +# job, but is necessary because: +# - some devices may not be registered as ID_FS_USAGE=crypto by udev (e.g., +# random-encrypted devices), but we don't want to call the upstart job +# for every single block device +# - some devices can only be decrypted after other devices are decrypted and +# mounted first, so we need a two-pass system (like +# /etc/init.d/cryptdisks{,-early} previously) +# +# This job currently still does not guarantee a race-free startup; instances +# of cryptdisks-udev may be started in parallel with this job. + +description "enable remaining boot-time encrypted block devices" + +start on stopped udevtrigger or container + +task + +script + [ -r /lib/cryptsetup/cryptdisks.functions ] || { stop; exit 0; } + + . /lib/cryptsetup/cryptdisks.functions + + case "$CRYPTDISKS_ENABLE" in + [Nn]*) + exit 1 + ;; + esac + + INITSTATE="init" + do_start +end script diff -Nru cryptsetup-1.4.1/debian/cryptdisks-udev.upstart cryptsetup-1.4.1/debian/cryptdisks-udev.upstart --- cryptsetup-1.4.1/debian/cryptdisks-udev.upstart 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-1.4.1/debian/cryptdisks-udev.upstart 2012-03-08 20:40:21.000000000 +0000 @@ -0,0 +1,23 @@ +# cryptdisks - enable encrypted block devices + +description "enable encrypted block devices" + +start on block-device-added ID_FS_USAGE=crypto +instance $DEVNAME + +task + +script + [ -r /lib/cryptsetup/cryptdisks.functions ] || { stop; exit 0; } + + . /lib/cryptsetup/cryptdisks.functions + + case "$CRYPTDISKS_ENABLE" in + [Nn]*) + exit 1 + ;; + esac + + INITSTATE=udev + crypttab_start_one_disk "$DEVNAME" +end script diff -Nru cryptsetup-1.4.1/debian/cryptdisks.functions cryptsetup-1.4.1/debian/cryptdisks.functions --- cryptsetup-1.4.1/debian/cryptdisks.functions 2012-02-04 01:52:31.000000000 +0000 +++ cryptsetup-1.4.1/debian/cryptdisks.functions 2012-04-14 01:22:47.000000000 +0000 @@ -136,8 +136,6 @@ ;; swap) MAKESWAP="yes" - SWCHECK="/lib/cryptsetup/checks/un_blkid" - SWCHECKARGS="swap" ;; tmp) if [ -z "$VALUE" ]; then @@ -323,7 +321,6 @@ fi if ! pre_out=$("$PRECHECK" "$src" 2> /dev/null) && \ - [ "$MAKESWAP" != "yes" ] && \ ! /lib/cryptsetup/checks/blkid "$src" swap >/dev/null; then log_warning_msg "$dst: the precheck for '$src' failed: $pre_out" return 1 @@ -433,6 +430,7 @@ # Rename the device from its temp name to its final name, which will # trigger mountall finalize_device () { + udevadm settle dmsetup rename "${dst}_unformatted" "$dst" } @@ -592,16 +590,66 @@ return 0 } +crypttab_start_one_disk () { + local dst src key opts result + local ret=0 + + egrep -v "^[[:space:]]*(#|$)" "$TABFILE" | while read dst src key opts; do + if [ "xUUID=$ID_FS_UUID" = "x$src" ]; then + src="/dev/disk/by-uuid/${src#UUID=}" + elif [ "xLABEL=$ID_FS_LABEL_ENC" = "x$src" ]; then + src="/dev/disk/by-label/${src#LABEL=}" + elif [ "x$1" != "x$src" ]; then + found= + for link in $DEVLINKS; do + if [ "x$link" = "x$src" ]; then + found=1 + break + fi + done + if [ -z "$found" ]; then + continue + fi + fi + modprobe -qb dm-mod || true + modprobe -qb dm-crypt || true + dmsetup mknodes > /dev/null 2>&1 || true + # FIXME: no locking + mount_fs + handle_crypttab_line_start "$dst" "$src" "$key" "$opts" || ret=$? + umount_fs + done + return $ret +} + do_start () { local dst src key opts result modprobe -qb dm-mod || true modprobe -qb dm-crypt || true dmsetup mknodes > /dev/null 2>&1 || true - log_action_begin_msg "Starting $INITSTATE crypto disks" + if [ "$INITSTATE" != "init" ]; then + log_action_begin_msg "Starting $INITSTATE crypto disks" + fi mount_fs egrep -v "^[[:space:]]*(#|$)" "$TABFILE" | while read dst src key opts; do + dev_match="$src" + if [ "${dev_match#UUID=}" != "$dev_match" ]; then + dev_match="$(readlink -f /dev/disk/by-uuid/${dev_match#UUID=})" + elif [ "${dev_match#LABEL=}" != "$dev_match" ]; then + dev_match="$(readlink -f /dev/disk/by-label/${dev_match#LABEL=})" + fi + # if there's already a udev-triggered job running for this + # device, wait for it to finish, then re-process to confirm + # that it's started successfully. In the general case this + # will just be a no-op, but we don't want to defer to the + # other job entirely because this is the fallback for fixing + # up any ordering-dependent decrypting. + while status cryptdisks-udev DEVNAME="$dev_match" 2>&1 | grep -q 'start' + do + sleep 1 + done handle_crypttab_line_start "$dst" "$src" "$key" "$opts" <&3 || log_action_end_msg $? done 3<&1 umount_fs diff -Nru cryptsetup-1.4.1/debian/cryptdisks.init cryptsetup-1.4.1/debian/cryptdisks.init --- cryptsetup-1.4.1/debian/cryptdisks.init 2011-09-19 10:46:19.000000000 +0000 +++ cryptsetup-1.4.1/debian/cryptdisks.init 2012-03-08 20:40:21.000000000 +0000 @@ -8,7 +8,7 @@ # X-Start-Before: checkfs # X-Stop-After: umountfs # X-Interactive: true -# Default-Start: S +# Default-Start: # Default-Stop: 0 6 # Short-Description: Setup remaining encrypted block devices. # Description: @@ -33,7 +33,6 @@ case "$1" in start) - do_start ;; stop) do_stop diff -Nru cryptsetup-1.4.1/debian/cryptsetup-bin.dirs cryptsetup-1.4.1/debian/cryptsetup-bin.dirs --- cryptsetup-1.4.1/debian/cryptsetup-bin.dirs 1970-01-01 00:00:00.000000000 +0000 +++ cryptsetup-1.4.1/debian/cryptsetup-bin.dirs 2012-03-13 21:25:35.000000000 +0000 @@ -0,0 +1,4 @@ +sbin +usr/sbin +usr/share/locale +usr/share/man/man8 diff -Nru cryptsetup-1.4.1/debian/cryptsetup.dirs cryptsetup-1.4.1/debian/cryptsetup.dirs --- cryptsetup-1.4.1/debian/cryptsetup.dirs 2011-09-19 10:46:17.000000000 +0000 +++ cryptsetup-1.4.1/debian/cryptsetup.dirs 2012-03-13 21:25:35.000000000 +0000 @@ -3,7 +3,6 @@ /lib/cryptsetup/checks /lib/cryptsetup/scripts /sbin -/usr/sbin /usr/share/bug /usr/share/initramfs-tools/hooks /usr/share/initramfs-tools/scripts/local-top diff -Nru cryptsetup-1.4.1/debian/initramfs/cryptroot-hook cryptsetup-1.4.1/debian/initramfs/cryptroot-hook --- cryptsetup-1.4.1/debian/initramfs/cryptroot-hook 2012-02-12 14:41:09.000000000 +0000 +++ cryptsetup-1.4.1/debian/initramfs/cryptroot-hook 2012-03-13 21:25:35.000000000 +0000 @@ -430,13 +430,20 @@ echo dm_mod echo dm_crypt echo "$modules" - + # Load hardware aes module + if cpu_has_aesni; then + echo aesni + fi i=$(( $i + 1 )) done return 0 } +cpu_has_aesni() { + return $(grep -q aes /proc/cpuinfo) +} + add_crypto_modules() { local mod file altmod found genericfound mod="$1" @@ -457,14 +464,14 @@ # # d) /lib/modules/$VERSION/kernel/drivers/crypto/$specific-$mod.ko - for file in $(find "$MODULESDIR/kernel/arch/" -name "$mod-*.ko"); do + for file in $(find "$MODULESDIR/kernel/arch/" -name "$mod-*.ko" 2>/dev/null); do altmod="${file##*/}" altmod="${altmod%.ko}" manual_add_modules "$altmod" found="yes" done - for file in $(find "$MODULESDIR/kernel/crypto/" -name "${mod}_generic.ko"); do + for file in $(find "$MODULESDIR/kernel/crypto/" -name "${mod}_generic.ko" 2>/dev/null); do altmod="${file##*/}" altmod="${altmod%.ko}" manual_add_modules "$altmod" @@ -473,7 +480,7 @@ done if [ -z "$genericfound" ]; then - for file in $(find "$MODULESDIR/kernel/crypto/" -name "${mod}.ko"); do + for file in $(find "$MODULESDIR/kernel/crypto/" -name "${mod}.ko" 2>/dev/null); do altmod="${file##*/}" altmod="${altmod%.ko}" manual_add_modules "$altmod" @@ -514,7 +521,7 @@ setup="yes" if [ "$MODULES" = "most" ]; then - archcrypto="$(find "$MODULESDIR/kernel/arch" -type d -name "crypto")" + archcrypto="$(find "$MODULESDIR/kernel/arch" -type d -name "crypto" 2>/dev/null)" if [ -n "$archcrypto" ]; then copy_modules_dir "${archcrypto##*${MODULESDIR}/}" fi diff -Nru cryptsetup-1.4.1/debian/rules cryptsetup-1.4.1/debian/rules --- cryptsetup-1.4.1/debian/rules 2012-02-12 13:48:20.000000000 +0000 +++ cryptsetup-1.4.1/debian/rules 2012-03-13 21:25:35.000000000 +0000 @@ -81,33 +81,34 @@ dh_testroot dh_clean dh_installdirs + mkdir -p $(CURDIR)/debian/cryptsetup-bin mkdir -p $(CURDIR)/debian/cryptsetup-udeb mkdir -p $(CURDIR)/debian/libcryptsetup4-udeb - $(MAKE) DESTDIR=$(CURDIR)/debian/cryptsetup install + $(MAKE) DESTDIR=$(CURDIR)/debian/cryptsetup-bin install # Copy library files to library packages - cp -a $(CURDIR)/debian/cryptsetup/lib/libcryptsetup.so.* \ + cp -a $(CURDIR)/debian/cryptsetup-bin/lib/libcryptsetup.so.* \ $(CURDIR)/debian/libcryptsetup4/lib/ #cp -a $(CURDIR)/debian/cryptsetup/lib/libcryptsetup.la \ # $(CURDIR)/debian/libcryptsetup-dev/usr/lib/ #cp -a $(CURDIR)/debian/cryptsetup/lib/libcryptsetup.a \ # $(CURDIR)/debian/libcryptsetup-dev/usr/lib/ - cp -a $(CURDIR)/debian/cryptsetup/lib/pkgconfig/libcryptsetup.pc \ + cp -a $(CURDIR)/debian/cryptsetup-bin/lib/pkgconfig/libcryptsetup.pc \ $(CURDIR)/debian/libcryptsetup-dev/usr/lib/pkgconfig/ - cp -a $(CURDIR)/debian/cryptsetup/usr/include/libcryptsetup.h \ + cp -a $(CURDIR)/debian/cryptsetup-bin/usr/include/libcryptsetup.h \ $(CURDIR)/debian/libcryptsetup-dev/usr/include/ #cp -a $(CURDIR)/debian/cryptsetup/lib/libcryptsetup.so \ # $(CURDIR)/debian/libcryptsetup-dev/usr/lib/ - dh_link -plibcryptsetup-dev lib/$$(basename $$(readlink debian/cryptsetup/lib/libcryptsetup.so)) usr/lib/libcryptsetup.so + dh_link -plibcryptsetup-dev lib/$$(basename $$(readlink debian/cryptsetup-bin/lib/libcryptsetup.so)) usr/lib/libcryptsetup.so # Remove libraries from cryptsetup package, they're shiped in seperate library packags - rm -rf $(CURDIR)/debian/cryptsetup/lib/libcryptsetup* - rm -rf $(CURDIR)/debian/cryptsetup/lib/pkgconfig - rm -rf $(CURDIR)/debian/cryptsetup/usr/include + rm -rf $(CURDIR)/debian/cryptsetup-bin/lib/libcryptsetup* + rm -rf $(CURDIR)/debian/cryptsetup-bin/lib/pkgconfig + rm -rf $(CURDIR)/debian/cryptsetup-bin/usr/include install -m 0644 debian/cryptdisks.functions $(CURDIR)/debian/cryptsetup/lib/cryptsetup/ install -m 0755 debian/checks/* $(CURDIR)/debian/cryptsetup/lib/cryptsetup/checks/ - install -m 0755 debian/scripts/luksformat $(CURDIR)/debian/cryptsetup/usr/sbin/ + install -m 0755 debian/scripts/luksformat $(CURDIR)/debian/cryptsetup-bin/usr/sbin/ install -m 0755 debian/scripts/cryptdisks_start $(CURDIR)/debian/cryptsetup/sbin/ install -m 0755 debian/scripts/cryptdisks_stop $(CURDIR)/debian/cryptsetup/sbin/ dh_link -pcryptsetup sbin/cryptdisks_start usr/sbin/cryptdisks_start @@ -142,7 +143,7 @@ install -m 0644 debian/cryptsetup.apport \ $(CURDIR)/debian/cryptsetup/usr/share/apport/package-hooks/cryptsetup.py endif - $(MAKE) -C debian/scripts/po DESTDIR=$(CURDIR)/debian/cryptsetup install + $(MAKE) -C debian/scripts/po DESTDIR=$(CURDIR)/debian/cryptsetup-bin install touch $@ binary-indep: build install @@ -155,14 +156,18 @@ dh_installchangelogs -a ChangeLog dh_installdocs -a dh_installexamples -a debian/scripts/gen-ssl-key - dh_installinit -a --no-start --name=cryptdisks-early --update-rcd-params="start 26 S . start 59 0 6 ." - dh_installinit -a --no-start --name=cryptdisks --update-rcd-params="start 28 S . start 48 0 6 ." - dh_installman -a debian/doc/crypttab.5 debian/doc/cryptdisks_start.8 debian/doc/cryptdisks_stop.8 debian/luksformat.8 + dh_installinit -a --no-start --name=cryptdisks-early --update-rcd-params="start 59 0 6 ." + dh_installinit -a --no-start --name=cryptdisks --update-rcd-params="start 48 0 6 ." + dh_installinit -a --no-start --name=cryptdisks-enable --upstart-only + dh_installinit -a --no-start --name=cryptdisks-udev --upstart-only + dh_installman -a debian/doc/crypttab.5 debian/doc/cryptdisks_start.8 debian/doc/cryptdisks_stop.8 + dh_installman -p cryptsetup-bin debian/luksformat.8 # Copy relevant parts to cryptsetup-udeb package cp -a $(CURDIR)/debian/cryptsetup/etc $(CURDIR)/debian/cryptsetup-udeb/ cp -a $(CURDIR)/debian/cryptsetup/lib $(CURDIR)/debian/cryptsetup-udeb/ + cp -a $(CURDIR)/debian/cryptsetup-bin/lib $(CURDIR)/debian/cryptsetup-udeb/ mkdir $(CURDIR)/debian/cryptsetup-udeb/sbin - cp -a $(CURDIR)/debian/cryptsetup/sbin/cryptsetup $(CURDIR)/debian/cryptsetup-udeb/sbin/ + cp -a $(CURDIR)/debian/cryptsetup-bin/sbin/cryptsetup $(CURDIR)/debian/cryptsetup-udeb/sbin/ # Copy relevant parts to libcryptsetup4-udeb package cp -a $(CURDIR)/debian/libcryptsetup4/lib $(CURDIR)/debian/libcryptsetup4-udeb/ dh_lintian -a