Get:1 http://changelogs.ubuntu.com cryptsetup 2:1.6.6-5ubuntu2 Changelog [148 kB] cryptsetup (2:1.6.6-5ubuntu2) wily; urgency=medium * Fix stupid typo in Recommends "busybox | busybox-static" inversion. Fixes binary moves for busybox into main. -- Andy Whitcroft Fri, 21 Aug 2015 08:56:34 +0100 cryptsetup (2:1.6.6-5ubuntu1) wily; urgency=low * Merge from Debian unstable. Remaining changes: - debian/control: + Bump initramfs-tools Suggests to Depends: so system is not potentially rendered unbootable. + Depend on plymouth. + Invert the "busybox | busybox-static" Recommends, as the latter is the one we ship in main as part of the ubuntu-standard task. + Drop explicit libgcrypt11 dependency from libcryptsetup4. * Dropped changes, now in Debian: - Remove hardcoded paths to udevadm. - debian/initramfs/cryptroot-hook: + Do not unconditionally include cryptsetup utils in the initramfs. + Do not include any modules or utils in the initramfs, unless rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in the initramfs.conf configuration file. - debian/cryptsetup.maintscripts: + Migrate upstart jobs to new names. -- Andy Whitcroft Tue, 07 Jul 2015 16:58:45 +0100 cryptsetup (2:1.6.6-5) unstable; urgency=high * debian/cryptdisks.functions: fix the precheck for ubuntu+upstart before invoking 'status cryptdisks-udev'. (closes: #773456) * debian/cryptdisks.functions: fix the insufficient grep regex for detecting a running cryptdisks-udev (upstart) init script. -- Jonas Meurer Thu, 22 Jan 2015 21:22:08 +0100 cryptsetup (2:1.6.6-4) unstable; urgency=medium [ Simon McVittie ] * debian/initramfs/cryptroot-script: decrypt /usr as well as / so that split-/usr will work with initramfs-tools (>= 0.118). (closes: #767832) [ Jonas Meurer ] * debian/cryptdisks.funcctions: check for cryptdisks-udev initscript before actually invoking 'status' on it. It's only useful in ubuntu+upstart environment anyway. (closes: #764564) * debian/askpas.c: fix systemd_read() to really strip trailing newline from input. Thanks to Quentin Lefebvre for report and patch. (closes: #768407) -- Jonas Meurer Wed, 17 Dec 2014 14:24:41 +0100 cryptsetup (2:1.6.6-3) unstable; urgency=medium * debian/initramfs/cryptroot-script: fix environment variable $CRYPTTAB_TRIED to hold the number of actual tries instead of the number of maximum tries. Thanks to Luc Maisonobe for debugging and the patch. (closes: #758788) -- Jonas Meurer Tue, 07 Oct 2014 19:51:36 +0200 cryptsetup (2:1.6.6-2) unstable; urgency=medium * rename 'luksheader' option in crypttab to 'header', as it may be used for different encryption modes later as well. * add support for detached LUKS header to initramfs scripts. Thanks to Pablo Santiago for the hint and DiagonalArg from Launchpad for patch suggestions. (closes: #716652) * fix support for truecrypt devices in initramfs scripts. Thanks to Lukas Wunner for the patch. (closes: #748286) * use blkid instead of fstype everywhere in cryptroot initramfs scripts. Thanks to Pablo Santiago for the hint. * debian/initramfs/cryptroot-hook: add support for 'initramfs' option to crypttab. Thanks to Hugh Davenport for the patch. (closes: #697162) * debian/initramfs/cryptroot-script: add support for multiple btrfs root devices. This should fix the WARNING at mkinitramfs for unencrypted btrfs root device(s) as well. Thanks to Jon Severinsson and Gerald Turner for patches. (closes: #682751, #762268) * debian/initramfs/cryptroot-script: skip missing device in initramfs after dropping to the panic/emergency shell instead of looping in the panic shell. Thanks to Cédric Barboiron for the patch. (closes: #762573) * debian/initramfs/cryptroot-script: for LVM devices, don't set ROOT to $NEWROOT in /etc/param.conf in case that /etc/param.conf already has ROOT set. This is the case for flash-kernel devices. Thanks to Brandon Parker for bugreport and patch. (closes: #759720) * debian/initramfs/cryptroot-script: in slumber loop, retry vg_activate every ten seconds. Fixes LVM on USB in cases that the USB device didn't come up fast enough. (closes: #762032) * fix package version number in debian/NEWS. * bump standards-version to 3.9.6, no changes needed. -- Jonas Meurer Wed, 20 Aug 2014 19:59:03 +0200 cryptsetup (2:1.6.6-1) unstable; urgency=medium * new upsream version 1.6.6. * add versioned dependency on cryptsetup-bin to cryptsetup. (closes: #747670) * change versioned build-depends on automake to >= 1.12 to reflect upstream requirements. Thanks to Joel Johnson. (closes: #740688) * build and link against libgcrypt20 (>= 1.6.1). Add note about whirlpool bug in older libgcrypt releases and how to deal with it to debian/NEWS. * add systemd support to askpass. Thanks to David Härdeman for the patch. (closes: #742600, #755074) * fix initramfs cryptroot hook to not include modules unconditionally. Thanks to Dmitrijs Ledkovs for bugreport and patch. (closes: #714104) * fix decrypt_keyctl script to ask again in case of wrong passphrase. Thanks to Dmitriy Matrosov for bugreport and patch. (closes: #748368) * incorporate changes from ubuntu package: - don't hardcode paths to udevadm and udevsettle. - restore terminal settings in askpass.c. (closes: #714942) - migrate upstart jobs to new names. -- Jonas Meurer Tue, 04 Mar 2014 20:14:07 +0100 cryptsetup (2:1.6.4-4) unstable; urgency=medium * really fix plain device opening in initramfs cryptroot script this time. Thanks again to Dirk Griesbach for the patch. (closes: #740592) -- Jonas Meurer Mon, 03 Mar 2014 21:00:16 +0100 cryptsetup (2:1.6.4-3) unstable; urgency=medium * fix plain device opening, broken by switch to new unified open command in 1.6.4-1. Thanks to Dirk Griesbach for the patch. (closes: #740592) * update italian debconf translations, thanks to Italian l10n team and Francesca Ciceri. (closes: #740557) * remove trailing whitespaces from text files. * some minor packaging fixes thanks to lintian checks: - fix VCS-* fields in debian/control to use canoncial URIs. - remove empty directory from libcryptsetup4 package. - add lintian-override for init.d-script-not-included-in-package. -- Jonas Meurer Sun, 02 Mar 2014 13:51:35 +0100 cryptsetup (2:1.6.4-2) unstable; urgency=medium * fix libcryptsetup.so symlink. Thanks to Michael Biebl. (closes: #740484) -- Jonas Meurer Sun, 02 Mar 2014 01:33:39 +0100 cryptsetup (2:1.6.4-1) unstable; urgency=low * new upstream version 1.6.4. - minor fixes in cryptsetup manpage. (closes: #725131) - by default verify new passphrase in luksChangeKey and luksAddKey commands (closes: #728302) - cryptsetup releases are released on kernel.org since 1.6.4. Change debian/watch accordingly. * use compiled defaults for cypher, keysize and hash in luksformat script * improvements to docs (thanks to Christoph Anton Mitterer): - small improvement to explanation for CRYPTTAB_TRIED environment variable in crypttab manpage - update cipher, size and hash settings in examples (closes: #714331) - replace '/dev/hdX' devices with '/dev/sdX' in examples - full path to keyscripts in /lib/cryptsetup/scripts not needed in examples * update init and initramfs scripts to use new open syntax (closes: #714395) * add scripts/local-block/cryptroot in order to support event based block device handling. Thanks to Goswin von Brederlow (closes: #678692) * add support for TCRYPT device handling to cryptdisks init and cryptroot initramfs scripts. (closes: #722509) * improve passphrase prompt in cryptroot initramfs script. Thanks to Joachim Breitner. (closes: #728080) * add support for detached luks header to cryptdisks init script. Thanks to Ximin Luo. (closes: #716652) * enhance docs about remote unlocking feature. Thanks to Karl O. Pinc. (closes: #715487, #714952) * update README.keyctl docs: since linux kernel 2.6.38, dm-crypt is not single-threaded any longer. (closes: #714806) * don't sleep between retries in cryptroot initramfs script. (closes: #715525) * add multi-arch support. Thanks to Shawn Landden. (closes: #696008, #732099) * suggest keyutils. Thanks to Nikolaus Rath. (closes: #734133, #735496) * fix initramfs/cryptroot-hook to support more than one lvm source devices. Thanks to Jens Reinsberger for the patch. (closes: #659688, #737686) * bump standards-version to 3.9.5, no changes needed. * override lintian false positives for init scripts: - init.d-script-does-not-implement-optional-option status - init.d-script-does-not-source-init-functions -- Jonas Meurer Fri, 28 Jun 2013 12:14:55 +0200 cryptsetup (2:1.6.1-1ubuntu7) vivid; urgency=medium * Drop explicit libgcrypt11 dependency from libcryptsetup4. -- Adam Conrad Fri, 27 Mar 2015 18:24:38 -0600 cryptsetup (2:1.6.1-1ubuntu6) vivid; urgency=medium * No-change rebuild for the libgcrypt20 transition. -- Adam Conrad Fri, 27 Mar 2015 06:16:08 -0600 cryptsetup (2:1.6.1-1ubuntu5) vivid; urgency=medium * ./debian/scripts/luksformat: Drop luksFormat -s and --ciper options. They aren't necessary any more, and aes-cbc-essiv:sha256 is obsolete. This will now use aes-xts-plain64 by default. (LP: #1414719) -- Martin Pitt Fri, 27 Feb 2015 09:37:05 +0100 cryptsetup (2:1.6.1-1ubuntu4) vivid; urgency=medium * No change rebuild to get debug symbols for all architectures. -- Brian Murray Wed, 03 Dec 2014 08:03:31 -0800 cryptsetup (2:1.6.1-1ubuntu3) utopic; urgency=high * No change rebuild against new dh_installinit, to call update-rc.d at postinst. -- Dimitri John Ledkov Wed, 28 May 2014 10:39:30 +0100 cryptsetup (2:1.6.1-1ubuntu2) utopic; urgency=medium * debian/askpass.c: - Fix bug (LP: #1301086) where askpass fails to restore terminal settings. -- Robert Barabas Fri, 18 Apr 2014 14:08:51 -0400 cryptsetup (2:1.6.1-1ubuntu1) trusty; urgency=low * Merge from debian unstable, remaining changes: - debian/control: + Bump initramfs-tools Suggests to Depends: so system is not potentially rendered unbootable. + Depend on plymouth. - Invert the "busybox | busybox-static" Recommends, as the latter is the one we ship in main as part of the ubuntu-standard task. - Remove hardcoded paths to udevadm (LP: #1184066). - debian/initramfs/cryptroot-hook: + Do not unconditionally include cryptsetup utils in the initramfs. + Do not include any modules or utils in the initramfs, unless rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in the initramfs.conf configuration file. - debian/cryptsetup.maintscripts: + Migrate upstart jobs to new names. -- Dmitrijs Ledkovs Fri, 01 Nov 2013 16:48:57 +0000 cryptsetup (2:1.6.1-1) unstable; urgency=low [ Milan Broz ] * new upstream version. (closes: #704827, 707997) - default LUKS encryption mode is XTS (aes-xts-plain64) (closes: #714331) - adds native support for Truecrypt and compatible on-disk format - adds benchmark command - adds cryptsetup-reencrypt, a tool to offline reencrypt LUKS device - adds veritysetup, a tool for dm-verity block device verification module * install docs/examples into docs at cryptsetup-dev package. * fix compilation warnings in askpass.c. [ Steve Langasek ] * fix upstart jobs to not cause boot hangs when actually used in conjunction with startpar. (closes: #694499, #677712). * in connection with the above, make the cryptdisks-early job explicitly wait for 'umountfs' on shutdown just like cryptdisks does; otherwise, the teardown of the cryptdisks upstart job may cause the cryptdisks-early init script run before we're done unmounting filesystems. [ Jonas Meurer ] * minor wording fixes to README.initramfs, suggested by intrigeri and Adam D. Barrett. * add bash-completion script for cryptdisks_{start,stop}. Thanks to Claudius Hubig for providing a patch. (closes: #700777) * support specifying key-slot in crypttab. Thanks to Kevin Locke for the patch. (closes: #704470) * remove evms support code from cryptroot initramfs script. (closes: #713918) * fix location of keyscripts in initramfs documentation. (closes: #697446) * fix a typo in decrypt_ssl script that prevented stdout from beeing redirected to /dev/null. (closes: #700285) * give full path to blkid in crytproot initramfs script. (closes: #697155) * export number of previous tries from cryptroot and cryptdisks to keyscript. Thanks to Laurens Blankers for the idea. Opens the possibility to fallback after a given number of tries for keyscripts. (closes: #438481, #471729, #697455) * improve check for cpu hardware encryption support in initramfs cryptroot hook. (closes: #714326) -- Jonas Meurer Fri, 28 Jun 2013 12:10:41 +0200 cryptsetup (2:1.4.3-4ubuntu4) saucy; urgency=low * debian/initramfs/cryptroot-hook: - Do not unconditionally include cryptsetup utils in the initramfs. - Do not include any modules or utils in the initramfs, unless rootfs/resume devices are encrypted or CRYPTSETUP is set to 'y' in the initramfs.conf configuration file. -- Dmitrijs Ledkovs Mon, 10 Jun 2013 16:25:46 +0100 cryptsetup (2:1.4.3-4ubuntu3) saucy; urgency=low * Remove hardcoded paths to udevadm (LP: #1184066). -- Colin Watson Tue, 28 May 2013 11:27:27 +0100 cryptsetup (2:1.4.3-4ubuntu2) raring; urgency=low * Invert the "busybox | busybox-static" Recommends, as the latter is the one we ship in main as part of the ubuntu-standard task. -- Adam Conrad Fri, 16 Nov 2012 01:14:35 -0700 cryptsetup (2:1.4.3-4ubuntu1) raring; urgency=low * Merge from debian unstable, remaining changes: - debian/control: + Bump initramfs-tools Suggests to Depends: so system is not potentially rendered unbootable. + Depend on plymouth. - init/upstart jobs: + Rename cryptddisks{,-early}.upstart jobs to cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs for now. + debian/cryptdisks{,-early}.init: Make the 'start' action of the init script a no-op, this should be handled entirely by the upstart job; and fix the LSB header to not declare this should be started in runlevel 'S'. + Do not install start symlinks for init scripts + NB! shutdown is still handled by the SystemV init scripts -- Dmitrijs Ledkovs Tue, 13 Nov 2012 11:17:57 +0000 cryptsetup (2:1.4.3-4) unstable; urgency=medium * change recommends for busybox to busybox | busybox-static. Thanks to Armin Haas for the bugreport. (closes: #692151) -- Jonas Meurer Wed, 07 Nov 2012 16:12:25 +0100 cryptsetup (2:1.4.3-3) unstable; urgency=medium * add recommends for 'kbd, console-setup' to cryptsetup package. Both are necessary to support local keymap in initramfs. Thanks to Raphaël Hertzog for the bugreport. (closes: #689722) * move suggestion for 'initramfs-tools (>= 0.91) | linux-initramfs-tool, busybox' to recommends. Both are required for encrypted root fs. * remove suggestion for udev, most debian systems have it installed anyway. * mention option to use UUID= for source device in crypttab(5). Thanks to Felicitus for the bug report. (closes: #688786) * add a paragraph in README.initramfs: Describe, why renaming the target name is not supported for encrypted root devices. Thanks to Adam Lee for bugreport and proposed workaround for this limitation. (closes: #671037) * fix keyfile permission checks in cryptdisks init scripts to follow symlinks. Thanks to intrigeri for the bugreport. (closes: #691517) * fix owner group check for keyfile in cryptdisks init scripts to really check owner group. * update debconf translations: - brasilian portuguese, thanks to Adriano Rafael Gomes. (closes: #685762) - japanese, thanks to victory. (closes: #690784) * fix typo in manpages: s/passphase/passphrase. Thanks to Milan Broz for the bugreport. (closes: #684086) -- Jonas Meurer Thu, 01 Nov 2012 15:34:09 +0100 cryptsetup (2:1.4.3-2ubuntu1) quantal; urgency=low * Merge from debian unstable (LP: #1015753), remaining changes: - debian/control: + Bump initramfs-tools Suggests to Depends: so system is not potentially rendered unbootable. + Depend on plymouth. - init/upstart jobs: + Add debian/cryptdisks-{enable,udev}.upstart for bootup. + debian/cryptdisks{,-early}.init: Make the 'start' action of the init script a no-op, this should be handled entirely by the upstart job; and fix the LSB header to not declare this should be started in runlevel 'S'. + Do not install start symlinks for init scripts + NB! shutdown is still handled by the SystemV init scripts * Rename cryptddisks{,-early}.upstart jobs back to cryptdisks-{enable,udev}.upstart, as we need both init & upstart jobs for now. * Dropped Changes, included in Debian: - debian/control: + Split up package in cryptsetup and cryptsetup-bin. (LP: #343363). - debian/cryptdisks.functions: + Do not overwrite existing filesystems when creating swap (LP: #474258). + Add aesni module when we have hardware encryption. + Call 'udevadm settle' before 'dmsetup rename' http://pad.lv/874774 + Suppress "Starting init crypto disks" message in "init" phase, to avoid writing over fsck progress text. + new function, crypttab_start_one_disk, to look for the named source device in /etc/crypttab (by device name, UUID, or label) and start it if configured to do so + handle the case where crypttab contains a name for the source device that is not the kernel's preferred name for it (as is the case for LVs). - debian/initramfs/cryptroot-hook: + Quiet warnings from find on arches that don't have all the kernel/{arch,crypto} bits we're testing for. -- Dmitrijs Ledkovs Tue, 21 Aug 2012 11:57:28 +0100 cryptsetup (2:1.4.3-2) unstable; urgency=medium * fix the shared library symbols magic: so far, the symbols file for libcryptsetup4 included just a wildcard for all exported symbols, with libcrypsetup4 (>= 2:1.4) as minimum version. This was wrong. Symbols that were added later need adjusted minimum versions. Thanks for the great help in #debian-mentors. (closes: #677127) * remove emtpy directory /lib from cryptsetup-bin package. * compile askpass and passdev with CFLAGS, CPPFLAGS and LDFLAGS. -- Jonas Meurer Tue, 12 Jun 2012 21:26:18 +0200 cryptsetup (2:1.4.3-1) unstable; urgency=low [ Jonas Meurer ] * mention limitations for keyscripts in crypttab(5) manpage: keyscripts must not depend on binaries/files which are part of the to-be-unlocked device. (closes: #665494) * bump versioned build-dependency on debhelper now that we install upstart initscripts in debian as well. * change versioned breaks/replaces for cryptsetup-bin on cryptsetup to 1.4.3-1~, fixing upgrades in debian. [ Jean-Louis Dupond ] * New upstream version. (closes: #670071) - Fix keyslot removal (closes: #672299) - Add -r to cryptsetup.8 (closes: #674027) * Split up package in cryptsetup and cryptsetup-bin. * I'm now co-maintainer (closes: #600777). * Start cryptdisks-enable upstart job on 'or container', to let us simplify the udevtrigger job. * debian/cryptdisks.functions: handle the case where crypttab contains a name for the source device that is not the kernel's preferred name for it (as is the case for LVs). (Thanks Steve Langasek) * debian/cryptdisks.functions: fix a race condition in some cases by adding and udevadm settle before rename. * debian/cryptdisks.functions: add UUID & LABEL support to do_start. * debian/copyright: really fix lintian warning. * debian/rules: also include upstart files in debian. -- Jonas Meurer Fri, 08 Jun 2012 13:42:51 +0200 cryptsetup (2:1.4.1-3) unstable; urgency=low [ Jonas Meurer ] * finally add back support for configuration of custom rootfs-devices through the boot parameter 'root' to initramfs cryptroot script. Thanks a lot to August Martin for the bugreport as well as continuously debugging and providing patches. (closes: #546610) * use blkid instead of fstype to detect the content of devices in initramfs cryptroot script. Unfortunately fstype doesn't recognize md-raid devices, which leads to errors with encrypted devices on top of software raid. * check whether $NEWROOT already exists before actually invoking cryptsetup in initramfs cryptroot script. (closes: #653241) * fix conditions for prechecks at do_noluks() in cryptdisks.functions. Should prevent data loss with encrypted swap in most cases. (closes: #652497) * change default value for tmpfs and examples from ext2 to ext4. * minor code cleanup. * update debconf translations: - russian, thanks to Yuri Kozlov. (closes: #661303) - spanish, thanks to Camaleón. (closes: #661316) [ Jean-Louis Dupond ] * fix watch file. * always add aesni module to initramfs if we have hardware aes support. (closes: #639832). * debian/copyright: fix lintain warning. * add upstart scripts for ubuntu. * silent warnings on kernels without kernel/{arch,crypto}. * add crypttab_start_one_disk in function script to handle udev startup in ubuntu. * bump standards-version to 3.9.3, no changes needed. -- Jonas Meurer Wed, 11 Apr 2012 23:55:35 +0200 cryptsetup (2:1.4.1-2ubuntu4) precise; urgency=low * Our swap creation can trigger udev change events, which means udev may be holding the device open at the time we try to call 'dmsetup rename' and cause the /subsequent/ events to be missed because of dmsetup creating device nodes by hand. So call 'udevadm settle' before 'dmsetup rename', to ensure blkid is out of the way first. This should ensure swap partitions are found by mountall in a non-racy manner. LP: #874774. -- Steve Langasek Fri, 13 Apr 2012 20:23:21 -0700 cryptsetup (2:1.4.1-2ubuntu3) precise; urgency=low * Start cryptdisks-enable upstart job on 'or container', to let us simplify the udevtrigger job. -- Steve Langasek Wed, 04 Apr 2012 17:02:00 -0700 cryptsetup (2:1.4.1-2ubuntu2) precise; urgency=low * Split up package in cryptsetup and cryptsetup-bin. (LP: #343363). * Do not overwrite existing filesystems when creating swap (LP: #474258). * Add aesni module when we have hardware encryption. -- Jean-Louis Dupond Mon, 12 Mar 2012 10:14:30 +0100 cryptsetup (2:1.4.1-2ubuntu1) precise; urgency=low [ Jean-Louis Dupond ] * Merge from debian unstable (LP: #776264), remaining changes: - debian/cryptdisks.functions: Suppress "Starting init crypto disks" message in "init" phase, to avoid writing over fsck progress text. - debian/cryptroot-hook: Quiet warnings from find on arches that don't have all the kernel/{arch,crypto} bits we're testing for. - debian/control: + Bump initramfs-tools Suggests to Depends: so system is not potentially rendered unbootable. + Depend on plymouth. - Add debian/cryptdisks-{enable,udev}.upstart. - debian/cryptdisks.functions: + new function, crypttab_start_one_disk, to look for the named source device in /etc/crypttab (by device name, UUID, or label) and start it if configured to do so - debian/cryptdisks{,-early}.init: Make the 'start' action of the init script a no-op, this should be handled entirely by the upstart job; and fix the LSB header to not declare this should be started in runlevel 'S' - debian/rules: + Do not install start symlinks for init scripts, and install debian/cryptdisks-{enable,udev}.upstart scripts. [ Steve Langasek ] * debian/cryptdisks.functions: handle the case where crypttab contains a name for the source device that is not the kernel's preferred name for it (as is the case for LVs). -- Jean-Louis Dupond Thu, 08 Mar 2012 07:32:40 +0100 cryptsetup (2:1.4.1-2) unstable; urgency=low * acknowledge NMU. Thanks to Michael Biebl. (closes: #659182) * don't print error for non-encrypted rootfs in initramfs cryptroot hook. Thanks to Jamie Heilman and Christoph Anton Mitterer for bugreports. (closes: #659087, #659106) * use dmsetup splitname to extract VG name from $node in initramfs cryptroot hook. Thanks to Kai Weber for the bugreport, Milan Broz and Claudio Imbrenda for suggestions and patches. (closes: #659235) -- Jonas Meurer Sun, 12 Feb 2012 15:51:11 +0100 cryptsetup (2:1.4.1-1.1) unstable; urgency=low * Non-maintainer upload. * Fix dangling .so symlink. Don't hard code the library version but use readlink instead to determine where the .so symlink should point at. (closes: #659182) -- Michael Biebl Sat, 11 Feb 2012 04:32:01 +0100 cryptsetup (2:1.4.1-1) unstable; urgency=low * new upstream release (1.4.0 + 1.4.1) (closes: #647851) - fixes typo in german translation. (closes: #645528) - remove patches, all incorporated upstream. - soname bump, rename library package to libcryptsetup4 * check for busybox in initramfs cryptroot hook, and install the sed binary in case it's either not installed or not activated. (closes: #591853) * add checks for 'type $KEYSCRIPT' to initscripts cryptdisks.functions, and to cryptroot initramfs script/hook. this adds support for keyscripts inside $PATH. thanks to Ian Jackson for the suggestion. (closes: #597583) * use argument '--sysinit' for vgchange in cryptroot initramfs script. Thanks to Christoph Anton Mitterer for the suggestion. * add option for discard/trim features to crypttab and initramfs scripts. Thanks to intrigeri and Peter Colberg for patches. (closes: #648868) * print $target on error in initramfs hook. Thanks to Daniel Hahler for the bugreport. (closes: #648192) * add a warning about using decrypt_derived keyscript for devices with persistent data. Thanks to Arno Wagner for pointing this out. * remove quotes from resume device candidates at get_resume_devs() in initramfs hook script. Thanks to Johannes Rohr. (closes: #634017) * support custom $TABFILE, thanks to Douglas Huff. (closes: #638317) * fix get_lvm_deps() in initramfs cryptroot hook to add all physical volumes of lvm volume group that contains the rootfs logical volume, even if the rootfs is lv is not spread over all physical volumes. Thanks to Christian Pernegger for bugreport and patch. (closes: #634109) * debian/initramfs/cryptroot-script: Move check for maximum number of tries behind the while loop, to make the warning appear in case that maximum number of tries is reached. Thanks to Chistian Lamparter for bugreport and patch. (closes: #646083) * incorporate changes to package descriptions and debconf templates that suggested by debian-l10n-english people. Special thanks go to Justin B Rye. * acknowledge NMU, thanks a lot to Christian Perrier for his great work on the i18n front. (closes: #633105, #641719, #641839, #641947, #642470, #640056, #642540, #643633, #643962, #644853) * add and update debconf translations: - italian, thanks to Milo Casagrande, Francesca Ciceri. (closes: #656933) - german, thanks to Erik Pfannenstein. (closes: #642147) - spanish, thanks to Camaleón. (closes: #658360) - russian, thanks to Yuri Kuzlov (closes: #654676) * set architecture to linux-any, depends on linux kernel anyway. Thanks to Christoph Egger. (closes: #638257) * small updates to the copyright file. * add targets build-indep and build-arch to debian/rules, thanks to lintian. -- Jonas Meurer Sun, 05 Feb 2012 03:17:59 +0100 cryptsetup (2:1.3.0-3.1) unstable; urgency=low * Non-maintainer upload. * Fix pending l10n issues. Debconf translations: - French (Julien Patriarca). Closes: #633105 - Vietnamese (Hung Tran). Closes: #641719 - Portuguese (Miguel Figueiredo). Closes: #641839 - Russian (Yuri Kozlov). Closes: #641947 - Swedish (Martin Bagge / brother). Closes: #642470,#640056 - Czech (Michal Simunek). Closes: #642540 - Dutch; (Jeroen Schot). Closes: #643633 - Spanish; (Camaleón). Closes: #643962 - Danish (Joe Hansen). Closes: #644853 -- Christian Perrier Sun, 25 Dec 2011 19:00:24 +0100 cryptsetup (2:1.3.0-3) unstable; urgency=low * drop the loopback magick from cryptdisks scripts. Mario 'Bitkoenig' Holbe pointed out, that auto-destruction support was added to the loopback driver with kernel 2.6.25. Given, that even lenny has a more recent kernel, support for kernels < 2.6.25 is not required any more. (closes: #626458) * add debconf question 'prerm/active-mappings' with priority high to prerm maintainer script. will warn about active dm-crypt mappings before the package is removed/purged. (closes: #626641) * add lintian-override for 'cryptsetup: no-debconf-config', as the debconf question in prerm doesn't require a debconf config script. * add debian/patches/03_create_fix_keyfile.patch. (closes: #626738) -- Jonas Meurer Thu, 19 May 2011 20:50:08 +0200 cryptsetup (2:1.3.0-2) unstable; urgency=low * fix changelog of 2:1.3.0-1 release, thanks to Thorsten Glaser for the hint -- Jonas Meurer Thu, 12 May 2011 03:06:46 +0200 cryptsetup (2:1.3.0-1) unstable; urgency=low * new upstream release - automatically allocates loopback device for container files. update the cryptdisks functions to only setup loopback device for kernel < 2.6.35. otherwise, let cryptsetup do the magic itself. - introduces maximum default keyfile size, see --help for value. manually set the keyfile size with --keyfile-size in order to overwrite the limit. - adds luksChangeKey command for changing passphrase/keyfile in one step - adds loopAES compatibility command loopaesOpen - remove d/patches/01_luksAddKey_return_code.patch, incorporated upstream * add gettext support to luksformat script. Thanks to intrigeri for initial patch, and adduser sources for implementation ideas. (closes: #558405) * fix KEYSCRIPT checks in cryptdisks.functions for empty values. * update REAMDE.gnupg and initramfs cryptgnupg hook script: - warn about keys being copied to initramfs. - fix the documentation to provide working examples. * update README.Debian and related documentation: - add a section about the 'special' keyscripts askpass and passdev (closes: #601314) - update several sections, remove reference to lenny * add debian/patches/01_create_fix_size.patch, to fix a regression in 1.2.0 where the size argument was ignored for create command (closes: #624828) * add debian/patches/02_manpage.patch, escapes minus signs in manpage * remove usplash support from cryptroot initramfs script, askpass and keyscripts, add plymouth support to keyscripts. (closes: #620923) * ignore options like cipher, hash, size, etc. for luks commands in cryptdisks. mention this in the crypttab manpage. (closes: #619249) * again check for existance of /lib/cryptsetup/cryptdisks.functions before sourcing it in cryptdisks(-early).init. required if cryptsetup is removed but not purged, where initscripts are still around. (closes: #625468) * bump standards-version to 3.9.2, no changes needed. * debian/libcryptsetup1.symbols: update, 1.3.0 adds new function symbols -- Jonas Meurer Wed, 11 May 2011 14:45:42 +0200 cryptsetup (2:1.2.0-2) unstable; urgency=low * upload to unstable. * fixes a ftbfs due to updated libgpg-error and libgcrypt11 build- dependencies. (closes: #614530) * install cryptkeyctl initramfs hook, needed for keyctl keyscript in initramfs, thanks to Maik Zumstrull (closes: #610750) * use 'egrep -c' instead of wc in cryptdisks_st* scripts, wc might not be available as it's located at /usr/bin. Thanks to Mario 'BitKoenig' Holbe for bugreport and patch. (closes: #611747) * add debian/patches/01_luksAddKey_return_code.patch, fixes the luksAddKey return code when the master key is used. (closes: #610366) * fix luksformat script to invoke usage() with --help. (closes: #612947) * add a paragraph about known upgrade issues to the crypttab manpage. this paragraph strongly suggests to configure cipher, hash and keysize for plain dm-crypt devices. (closes: #612452) * fix examples in crypttab manpage, cipher, hash and keysize should be configured for plain dm-crypt devices. * luksformat: invoke udevadm settle between mkfs.vfat and luksClose, to prevent possible race conditions. This is a workaround. (closes: #601886) * update lintian-overrides for new lintian from experimental. * fix spelling mistake in README.Debian thanks to lintian. * update short and long description for udebs to mention udeb and debian-installer. This satisfies lintian. * fix get_resume_device() in initramfs cryptroot hook script to add source device for decrypt_derived keyscript in case it's not the root device. Thanks to Robert Lange and mahashakti89 for bugreport. (closes: #592430) -- Jonas Meurer Mon, 07 Mar 2011 23:52:13 +0100 cryptsetup (2:1.2.0-1) experimental; urgency=low * new major upstream release (closes: #603804) - adds text version of FAQ - adds new options --use-random and --use-urandom for MK generation - fixes luksRemoveKey to not ask for remaining keyslot passphrase - no longer supports luksDelKey command (replaced by luksKillSlot) - no longer supports reload command, dmsetup reload should be used instead - adds support to change the UUID later (with --uuid cmd option) - adds --dump-master-key option for luksDump command - no luksOpen, luksFormat and create for open devices (closes: #600208) - remove debian/patches/01_manpage.patch, incorporated upstream - and many more changes, see upstream changelog for further information - update debian/libcryptsetup1.symbols * invoke update-initramfs at cryptsetup removal in order to not leave behind a broken initramfs. thanks to ubuntu for the hint. * link dynamically against libgcrypt11 and libgpg-error0 now that the libraries have been moved to /lib. add versioned depends for libcryptsetup1 on (libgcrypt >= 1.4.6-2) and libgpg-error0 (>= 1.10-0.1). * debian/initramfs/cryptroot-script: prereq 'cryptroot-prepare' added in order to support cryptroot to depend on custom initramfs scripts. thanks to Marc Haber for the suggestion. (closes: #601311) * debian/cryptdisks.functions: + fix check for ownership and permissions of $key to work with slighly different output of 'ls -l' with selinux enabled. (closes: #600522) + fix $TRIES implementation to support TRIES=0 again. (closes: #602501) * change 'echo -e' to 'printf' in debian/initramfs/cryptroot-script. thanks to checkbashisms script devscripts for spotting that bashism. * add a libcryptsetup1-udeb library package for debian-installer in order to satisfy cryptsetup-udeb dependencies with dynamically linked binary. Version the build-depends on libgcrypt11-dev to (>= 1.4.6-3), to satisfy udeb library dependencies. * change 'XC-Package-Type: udeb' to 'Package-Type: udeb' in debian/control * add debian/cryptsetup.apport from Ubuntu, install only for dist=Ubuntu. build-depends on dpkg-dev (>= 1.15.1) is required for this to work. -- Jonas Meurer Sun, 16 Jan 2011 01:01:03 +0100 cryptsetup (2:1.1.3-4ubuntu3) precise; urgency=low [ Pali Rohar ] * debian/cryptdisks.functions: Suppress "Starting init crypto disks" message in "init" phase, to avoid writing over fsck progress text. -- Martin Pitt Wed, 26 Oct 2011 09:16:15 +0200 cryptsetup (2:1.1.3-4ubuntu2) oneiric; urgency=low * debian/cryptroot-hook: Quiet warnings from find on arches that don't have all the kernel/{arch,crypto} bits we're testing for. -- Adam Conrad Sat, 01 Oct 2011 00:33:00 -0600 cryptsetup (2:1.1.3-4ubuntu1) natty; urgency=low * Merge from debian unstable (LP: #682177), remaining changes: - debian/control: + Bump initramfs-tools Suggests to Depends: so system is not potentially rendered unbootable. + Depend on plymouth. - Add debian/cryptdisks-{enable,udev}.upstart. - debian/cryptdisks.functions: + new function, crypttab_start_one_disk, to look for the named source device in /etc/crypttab (by device name, UUID, or label) and start it if configured to do so + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure we only ever have one of these running at a time; otherwise multiple invocations could steal each other's input and/or write over each other's output + when called by cryptdisks-enable, check that we don't already have a corresponding cryptdisks-udev job running (probably waiting for a passphrase); if there is, wait until it's finished before continuing. - debian/cryptdisks{,-early}.init: Make the 'start' action of the init script a no-op, this should be handled entirely by the upstart job; and fix the LSB header to not declare this should be started in runlevel 'S' - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on upgrade. - debian/rules: + Do not install start symlinks for init scripts, and install debian/cryptdisks-{enable,udev}.upstart scripts. + link dynamically against libgcrypt and libgpg-error. - Add debian/cryptsetup.apport: Apport package hook. Install in debian/rules and create dir in debian/cryptsetup.dirs. - debian/cryptsetup.postrm: call update-initramfs on package removal. -- Lorenzo De Liso Sat, 27 Nov 2010 17:37:43 +0100 cryptsetup (2:1.1.3-4) unstable; urgency=high * bump standards-version to 3.9.1, no changes required * add patches/01_manpage_units: mention units (512b sectors) for -o option in man page. (closes: #584174) * move cryptdisks_st* scripts from /usr/sbin to /sbin, add symlinks for compatibility reasons. thanks to Mario 'BitKoenig' Holbe. (closes: #589800) * add decrypt_keyctl keyscript and initramfs hook from Michael Gebetsroither, which supports to cache a passphrase for later use. (closes: #563961) * invoke /sbin/lvm with full path in cryptroot initramfs script. thanks to Bernd Zeimetz. (closes: #597648) * print out a warning at initramfs cryptroot hook in case that detection of canonical device failed. (closes: #594092) * add manpage fixes, thanks to Stephen Gildea for patch. (closes: #598237) * fix depreciated ext2 wrapper checkscript to succeed for ext2, ext3, ext4 and ext4dev filesystems. (closes: #595331) * again remove duplicates from debian/NEWS. * truncate trailing spaces for some variables at initramfs cryptroot hook. * remove volume group -guessing magic from initramfs scripts and hooks, instead activate all available lvm volume groups. thanks to Christoph Anton Mitterer for the suggestion. (closes: #554506, #591626) * remove /etc/bash_completion.d from debian/cryptsetup.dirs * set urgency=high as this upload fixes two release-critical bugs. -- Jonas Meurer Thu, 04 Nov 2010 20:36:45 +0100 cryptsetup (2:1.1.3-3) unstable; urgency=low * fix usage of new variable $DEFAULT_LOUD, and some cosmetical changes. thanks to Mario 'BitKoenig' Holbe. (closes: #589029) -- Jonas Meurer Thu, 22 Jul 2010 12:56:01 +0200 cryptsetup (2:1.1.3-2) unstable; urgency=low * introduce new $INITSTATE 'manual' for cryptdisks_st* scripts. that way, noauto devices are processed again by cryptdisks_st* scripts. (closes: #588697, #588698, #589153, #589798) * introduce new variable $DEFAULT_LOUD. now the 'loud' option in crypttab affects only the device in question. thanks to Mario 'BitKoenig' Holbe. * introduce new crypttab option 'quiet' which overwrites and unsets the 'loud' option. thanks to Mario 'BitKoenig' Holbe. (closes: #589029) -- Jonas Meurer Wed, 21 Jul 2010 10:42:49 +0200 cryptsetup (2:1.1.3-1) unstable; urgency=low * new upstream release: - fix device alignment ioctl calls parameters for archs like ppc64. - fix activate_by_* API calls to handle NULL device name as documented - fix udev support for old libdevmapper with not compatible definition * fix rm_lo_setup() in cryptdisks.functions for failed device setup. thanks to Roger Pettersson. (closes: #581712) * add X-Stop-After headers to cryptdisks(-early) initscripts. this fixes shutdown process for system without encrypted rootfs at least. thanks to Alfredo Finelli. (closes: #575652) * more merges from ubuntu, thanks to and Steve Langasek (closes: #575024): - debian/cryptdisk.functions: initially create the device under a temporary name and rename it only at the end using 'dmsetup rename', to ensure that upstart/mountall doesn't see our device before it's ready to go. LP: #475936. - cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for changing the permissions of the filesystem root, not directly on /tmp, since mounting on /tmp a) is racy, b) confuses mountall something fierce. LP: #475936. * fix manpage checkscripts documentation. clarify that both cryptdisks and cryptroot invoke checkscripts. thanks Christoph Anton Mitterer. * remove quotes from $KEYSCRIPT invokation, thanks Alexandre Rossi. (closes: #585099) * fix support for commandline options to mkfs in luksformat. thanks to Eduard Bloch again for bugreport and patch. (closes: #585787) * remove duplicates from debian/NEWS, thanks Steve Langasek (closes: 586019) * improve documentation on environment variables in cryptdisks.default and crypttab manpage. thanks Christoph Anton Mitterer. (closes: #585664) * several improvements to (pre)check scripts, inspired by scripts from Christoph Anton Mitterer (closes: #585418, #585496) - checkscripts exit with error 1 if executables aren't available. - ext2, swap and xfs scripts are depreciated and invoke blkid script. - drop filtering of minix filesystem in blkid, util-linux 2.17.2 in debian - remove *vol_id check scripts, vol_id isn't available in debian any longer - don't use sed in *blkid check scripts any longer * fix initramfs/cryptroot-hook to canonicalize $device in get_resume_devices function. this should really weed out all duplicates. (closes: #586122), and catch all udev/device-mapper symlink setups as well (closes: #554506) * bash-completion file now in pck bash-completion (closes: #586299, #586162) * add a paragraph about the boot order of init scripts to README.Debian, describing the current catch-22 situation. (closes: #576646) * initscripts and cryptdisks_st* no longer silently quit in case that include file /lib/cryptsetup/cryptdisks.functions is missing. (closes: #587220) * fix cryptdisks-early LSB headers to restore legacy boot sequence order. mdadm-raid was started before cryptdisks-early. (closes: #587224) * cryptdisks initscript now raises a warning for failed started devices, and cryptdisks-early initscript raises a warning for failed stopped devices. this makes the initscript actions far more transparent to users. same holds for cryptdisks_st*. thanks to Christoph Anton Mitterer. (closes: #587222) * remove lintian overrides init.d-script-should-depend-on-virtual-facility as lintian lintian 2.4.2 has fixed #580082. * bump standards-version to 3.9.0, remove version information from replaces/ provides/conflicts against cryptsetup-luks, change conflicts against hashalot (<= 0.3-1) to breaks hashalot (<< 0.3-1) and add replaces. * fix loads of typos, thanks to Christoph Anton Mitterer. (closes: #588068) * update copyright years and list Milan Broz in debian/copyright -- Jonas Meurer Sat, 10 Jul 2010 14:32:40 +0200 cryptsetup (2:1.1.2-1ubuntu1) maverick; urgency=low * Merge from Debian unstable (LP: #594365). Remaining changes: - debian/control: + Bump initramfs-tools Suggests to Depends: so system is not potentially rendered unbootable. + Depend on plymouth. - Add debian/cryptdisks-{enable,udev}.upstart. - debian/cryptdisks.functions: + new function, crypttab_start_one_disk, to look for the named source device in /etc/crypttab (by device name, UUID, or label) and start it if configured to do so + wrap the call to /lib/cryptsetup/askpass with watershed, to make sure we only ever have one of these running at a time; otherwise multiple invocations could steal each other's input and/or write over each other's output + initially create the device under a temporary name and rename it only at the end using 'dmsetup rename', to ensure that upstart/mountall doesn't see our device before it's ready to go. + do_tmp should mount under /var/run/cryptsetup for changing the permissions of the filesystem root, not directly on /tmp, since mounting on /tmp a) is racy, b) confuses mountall something fierce. + when called by cryptdisks-enable, check that we don't already have a corresponding cryptdisks-udev job running (probably waiting for a passphrase); if there is, wait until it's finished before continuing. - debian/cryptdisks{,-early}.init: Make the 'start' action of the init script a no-op, this should be handled entirely by the upstart job; and fix the LSB header to not declare this should be started in runlevel 'S' - debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on upgrade. - debian/rules: Do not install start symlinks for init scripts, and install debian/cryptdisks-{enable,udev}.upstart scripts. - Add debian/cryptsetup.apport: Apport package hook. Install in debian/rules and create dir in debian/cryptsetup.dirs. - debian/rules: link dynamically against libgcrypt and libgpg-error. - debian/cryptsetup.postrm: call update-initramfs on package removal. * Dropped changes, merged/superseded in Debian: - Add ext4 support to passdev. - cryptroot-hook: don't call copy_modules_dir with empty arguments when archcrypto isn't found - Set USPLASH=y and FRAMEBUFFER=y in the hook config to pull plymouth into the initramfs. - change interaction to use plymouth directly if present, and if not, to fall back to /lib/cryptsetup/askpass as before - cryptdisks.functions: replace 'echo -e' bashism with 'printf'. - debian/initramfs/cryptroot-script: if plymouth is present in the initramfs, use this directly, bypassing the cryptsetup askpass script - debian/initramfs/cryptroot-hook: Properly anchor our regexps when grepping /etc/crypttab so that we don't incorrectly match device names that are substrings of one another. - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot file descriptor to subprocesses. - Fix grammar error in debian/initramfs/cryptroot-script ("setup" -> "set up") - debian/initramfs/cryptroot-script: Fix this to work with current initramfs-tools: + Source /scripts/functions after checking for prerequisites. + prereqs(): Do not assume we are running within initramfs, and calculate relative path correctly. -- Steve Langasek Mon, 14 Jun 2010 21:47:28 -0700 cryptsetup (2:1.1.2-1) unstable; urgency=low * new upstream release, changes include: - Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile. (closes: #583397) - Add verbose log level and move unlocking message there. - Remove device even if underlying device disappeared (remove, luksClose). (closes: #554600, #574126) - Fix (deprecated) reload device command to accept new device argument. * merged from ubuntu: - if plymouth is present in the initramfs, use this directly, bypassing the cryptsetup askpass script - start usplash in initramfs, since we need it for fancy passphrase input - Set FRAMEBUFFER=y in cryptroot-conf, to pull plymouth into the initramfs - debian/initramfs/cryptroot-hook: Properly anchor our regexps when grepping /etc/crypttab so that we don't incorrectly match device names that are substrings of one another. - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot file descriptor to subprocesses. * sync list of supported filesystems in passdev.c and cryptpassdev-hook * fix debian/watch file to work with updated code.google.com download page * stop building and shipping static libs (closes: #583387, #583471) * improve documentation on (pre)checks in manpage. (closes: #583568, #583567) * remove xfs and ext2 check scripts documentation from crypttab manpage, blkid script can be used. thanks Christoph Anton Mitterer (closes: #583570) -- Jonas Meurer Tue, 01 Jun 2010 15:37:50 +0200 cryptsetup (2:1.1.1-1) unstable; urgency=low * new upstream release, changes include: - detects and uses device-mapper udev support if available - fix luksOpen reading of passphrase on stdin if "-" keyfile specified - fix isLuks to initialise crypto backend (closes: #578979) - fix luksClose operation for stacked DM devices * remove all patches, they have all been merged upstream * redirect output of copy_exec in add_device() from initramfs cryptroot hook to stderr. fixes verbose run of mkinitramfs. (closes: #574163) * acknowledge NMU. thanks to maximilian attems. (closes: #576488) * change default for random key from /dev/random to /dev/urandom in README.Debian, extend explanation. (closes: #579932) * add comment to crypttab manpage about how to disable (pre)checks. (closes: #574948) * fix cryptdisks.functions to print cryptsource and crypttarget again at the passphrase prompt. (closes: #578428) * reorder build-depends, add pkg-config, change automake1.9 to automake * add new lintian overrides * switch to new dpkg source format "3.0 (quilt)", use upstream bzip tarball * add ${misc:Depends} to depends for libcryptsetup-dev * remove UID checks from initscripts, as these aren't meant to be invoked by users anyway, and the UID checks introduced dependency on /usr filesystem. * use grep -s for /etc/fstab in initramfs/cryptroot-hook. (closes: #580756) * note that fs modules fore passdev devices need to be added to initramfs in README.initramfs (closes: #580898) * merged from ubuntu: - Fix grammar error in debian/initramfs/cryptroot-script (closes: #581973) * add busybox to suggests, thanks to martin michlmayr. (closes: #582914) -- Jonas Meurer Wed, 26 May 2010 23:38:01 +0200 cryptsetup (2:1.1.0-2.1) unstable; urgency=low * Non-maintainer upload. [ Martin Pitt ] * debian/initramfs/cryptroot-script: (closes: #576488) - Source /scripts/functions after checking for prerequisites. - prereqs(): Do not assume we are running within initramfs, and calculate relative path correctly. -- maximilian attems Thu, 08 Apr 2010 01:37:17 +0200 cryptsetup (2:1.1.0-2) unstable; urgency=low * fix version in NEWS.Debian: 2:1.1.0~rc2-1 instead of 2:1.0.7-3. * remove 'NOT RELEASED YET' from 2:1.1.0-1 changelog * capitalize names in changelog * mention the old default plain mode in changelog and NEWS, add a note that debian-installer setups can ignore the warning, and warn for plain dm-crypt mappings in crypttab that don't have set cipher, hash and size. (closes: #573103, #573261) -- Jonas Meurer Tue, 16 Mar 2010 13:44:50 +0100 cryptsetup (2:1.1.0-1) unstable; urgency=low * new upstream stable release (1.1.0), notable changes since rc2: - default key size for LUKS changed from 128 to 256 bits - default plain mode changed from aes-cbc-plain to aes-cbc-essiv:sha256 - key slot and key diggest iteration minimum set to 1000 - convert hash name to lower case in header * update patch 02_manpage * add more supported filesystems to passdev.c, isofs->iso9660. thanks to Christoph Anton Mitterer. (closes: #557405) * update to standards-version 3.8.4, no changes needed * accept spaces in $opts at postinst script. (closes: #559184) * set extended $PATH in cryptdisks.functions. thanks to Christoph Anton Mitterer. (closes: #557329) * fix huge initramfs for archs which don't have kernel/arch directory. thanks to martin michlmayr for bugreport and patch. (closes: #559510) * support commandline options to mkfs in luksformat. thanks to Eduard Bloch for bugreport and patch. (closes: #563975) * extend error messages for evms setup in cryptroot-script * add 03_luksAddKey.patch, to not verify unlocking passphrase in luksAddKey command. (closes: #570418) * add 04_crypto_init.patch, to properly initialise crypto backend in header backup/restore commands. * change build-dependency on cvs to new autopoint package (closes: #572463) * rename decrypt_gpg keyscript to decrypt_gnupg, improve it based on ideas by Christoph Anton Mitterer, mention the keyscript rename in NEWS.Debian. Also, provide a initramfs cryptgnupg hook script. Thanks to Christoph Anton Mitterer for bugreport and ideas. (closes: #560034) * check for root privileges with '/usr/bin/id -u' in init scripts and cryptdisks_{start|stop}. (closes: #563162) -- Jonas Meurer Mon, 08 Mar 2010 14:15:35 +0100 cryptsetup (2:1.1.0~rc2-1ubuntu14) maverick; urgency=low [ David Stansby ] * Fix grammar error in debian/initramfs/cryptroot-script ("setup" -> "set up") (LP: #578896) -- James Westby Mon, 17 May 2010 13:33:40 +0100 cryptsetup (2:1.1.0~rc2-1ubuntu13) lucid; urgency=low * debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot file descriptor to subprocesses. -- Colin Watson Mon, 29 Mar 2010 22:18:36 +0100 cryptsetup (2:1.1.0~rc2-1ubuntu12) lucid; urgency=low * debian/initramfs/cryptroot-hook: Properly anchor our regexps when grepping /etc/crypttab so that we don't incorrectly match device names that are substrings of one another. * debian/cryptdisks-{enable,udev}.conf, debian/control: drop 'console output' and add a hard dependency on plymouth instead of watershed, to avoid spitting extra messages to the console. -- Steve Langasek Thu, 18 Feb 2010 06:19:19 -0800 cryptsetup (2:1.1.0~rc2-1ubuntu11) lucid; urgency=low * Set FRAMEBUFFER=y in the file that we actually ship. * debian/cryptsetup.postrm: call update-initramfs on package removal. LP: #468228. -- Steve Langasek Mon, 25 Jan 2010 03:07:52 -0800 cryptsetup (2:1.1.0~rc2-1ubuntu10) lucid; urgency=low * cryptdisks.functions: replace 'echo -e' bashism with 'printf'. * cryptdisks.functions: when called by cryptdisks-enable, check that we don't already have a corresponding cryptdisks-udev job running (probably waiting for a passphrase); if there is, wait until it's finished before continuing. -- Steve Langasek Thu, 21 Jan 2010 14:57:21 +0000 cryptsetup (2:1.1.0~rc2-1ubuntu9) lucid; urgency=low * Set FRAMEBUFFER=y in the hook config as well, to pull plymouth into the initramfs. * cryptdisks.functions, debian/initramfs/cryptroot-script: fix the invocation of plymouth, so that we actually get proper passphrase prompts (once bug #496765 is fixed). -- Steve Langasek Sat, 16 Jan 2010 02:32:41 -0800 cryptsetup (2:1.1.0~rc2-1ubuntu8) lucid; urgency=low * cryptdisks.functions: do_tmp should mount under /var/run/cryptsetup for changing the permissions of the filesystem root, not directly on /tmp, since mounting on /tmp a) is racy, b) confuses mountall something fierce. LP: #475936. -- Steve Langasek Tue, 22 Dec 2009 20:24:28 +0000 cryptsetup (2:1.1.0~rc2-1ubuntu7) lucid; urgency=low * Depend on watershed. -- Steve Langasek Tue, 22 Dec 2009 01:37:36 +0000 cryptsetup (2:1.1.0~rc2-1ubuntu6) lucid; urgency=low [ Steve Langasek ] * Fix the LSB header in the init scripts, now that we don't install to rcS.d. [ Martin Pitt ] * debian/initramfs/cryptroot-script: Fix this to work with current initramfs-tools: - Source /scripts/functions after checking for prerequisites. - prereqs(): Do not assume we are running within initramfs, and calculate relative path correctly. -- Martin Pitt Fri, 18 Dec 2009 17:07:07 +0100 cryptsetup (2:1.1.0~rc2-1ubuntu5) lucid; urgency=low * Rename the upstart job introduced in the previous upload to cryptdisks-udev and restore the previous version of the job as cryptdisks-enable, to run at the end of udev coldplugging as before; this isn't entirely race-free, but should nevertheless give us the two passes needed to cover devices that are decrypted using keys stored on other encrypted disks. LP: #443980. -- Steve Langasek Wed, 16 Dec 2009 06:41:30 +0000 cryptsetup (2:1.1.0~rc2-1ubuntu4) lucid; urgency=low [ Steve Langasek ] * debian/initramfs/cryptroot-script: if plymouth is present in the initramfs, use this directly, bypassing the cryptsetup askpass script; but keep support for these other frontends around on a transitional basis. * debian/cryptdisks.functions: - change interaction to use plymouth directly if present, and if not, to fall back to /lib/cryptsetup/askpass as before - wrap the call to /lib/cryptsetup/askpass with watershed, to make sure we only ever have one of these running at a time; otherwise multiple invocations could steal each other's input and/or write over each other's output - new function, crypttab_start_one_disk, to look for the named source device in /etc/crypttab (by device name, UUID, or label) and start it if configured to do so * debian/cryptdisks-enable.upstart: run the upstart job once for each block device, using the new crypttab_start_one_disk function, triggered by udev; this doesn't eliminate the possibility of a race with gdm when the decrypted volume isn't a 'bootwait' mount point (since gdm kills plymouth), but it does eliminate the race between udev and cryptsetup. LP: #454898. * debian/cryptdisks-enable.upstart: check that the package is installed and exit gracefully if it's not. LP: #435814 * debian/cryptdisk.functions: initially create the device under a temporary name and rename it only at the end using 'dmsetup rename', to ensure that upstart/mountall doesn't see our device before it's ready to go. LP: #475936. [ Colin Watson ] * Add ext4 support to passdev. -- Steve Langasek Tue, 15 Dec 2009 18:05:45 -0800 cryptsetup (2:1.1.0~rc2-1ubuntu3) lucid; urgency=low * cryptroot-hook: Use if [ -n … ] instead of if ! test -z …. -- Loïc Minier Sat, 12 Dec 2009 11:32:52 +0100 cryptsetup (2:1.1.0~rc2-1ubuntu2) lucid; urgency=low * cryptroot-hook: dont call copy_modules_dir with empty arguments when archcrypto isnt found (LP: #495161) -- Oliver Grawert Fri, 11 Dec 2009 14:39:00 +0100 cryptsetup (2:1.1.0~rc2-1ubuntu1) lucid; urgency=low * Merge with Debian testing. Remaining Ubuntu changes: - debian/rules: cryptsetup is linked dynamically against libgcrypt and libgpg-error. - Upstart migration: + Add debian/cryptdisks-enable.upstart. + debian/cryptdisks{,-early}.init: Make the 'start' action of the init script a no-op, this should be handled entirely by the upstart job. (LP #473615) + debian/cryptsetup.postinst: Remove any symlinks from /etc/rcS.d on upgrade. + debian/rules: Do not install start symlinks for those two, and install debian/cryptdisks-enable.upstart scripts. - Add debian/cryptsetup.apport: Apport package hook. Install in debian/rules, and create dir in debian/cryptsetup.dirs. - Start usplash in initramfs, since we need it for fancy passphrase input: + debian/initramfs/cryptroot-conf, debian/initramfs-conf.d: USPLASH=y + debian/control: Bump initramfs-tools Suggests to Depends:. -- Martin Pitt Wed, 11 Nov 2009 15:04:27 +0100 cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low * new upstream release candidate (1.1.0-rc2), highlights include: - new libcryptsetup API (documented in libcryptsetup.h) - luksHeaderBackup and luksHeaderRestore commands (closes: #533643) - use libgcrypt, enables all gcrypt hash algorithms for LUKS through -h luksFormat option (closes: #387159, #537385) - new --master-key-file option for luksFormat and luksAddKey - use dm-uuid for all crypt devices, contains device type and name now (closes: #548988, #549870) - command successful messages moved to verbose level (closes: #541805) - several code changes to improve speed of luksOpen (closes: #536415) - luksSuspend and luksResume commands * remove unneeded patches 03_read_rework and 04_no_stderr_success, update 02_manpage for new upstream release candidate. * update patch to comply with DEP-3 (http://dep.debian.net/deps/dep3/) * fix initramfs/cryptroot-hook to support setups where /dev/mapper/ contains symlinks to devices at /dev/dm-*. the lvm2/device-mapper packages had defaults changed to this temporary. it has been fixed in a subsequent upload of lvm2 in the meantime, but still it's not a bad idea to be prepared for such setups in the future. that way cryproot now supports /dev/dm-* devices as well. (closes: #532579, #544487, #544773) * fix initscript dependencies both for cryptdisks and cryptdisks-early. thanks to Petter Reinholdtsen for bugreport and patch. (closes: #548356) * finally change default behaviour of initscripts/cryptroot-hook to include all available crypto modules into the initramfs. this change should fix any problems with cryto modules missing from the initramfs. announce the change in NEWS.Debian. (closes: #547597) * add error messages to lvm detecting code in initramfs/cryptroot-script in order to make debugging easier. (closes: #541248) * implement detection of devices which are required by decrypt_derived keyscript in initscripts/cryptroot-hook. that way setups where encrypted swap has the key derived from non-root partitions should support suspend/ resume as well. (closes: #475838) * remove outdated documentation from the source package: CryptoRoot.HowTo, CheckSystem.Doc * mention in README.initramfs that busybox is required for cryptroot to work * stop creating /etc/keys in postinst maintainer script. * update build system to include library files again: (closes: #480157) - split into three packages: cryptsetup, libcryptsetup1, libcryptsetup-dev - rename preinst to cryptsetup.preinst, copy code to create /etc/crypttab skeleton into cryptsetup-udeb.preinst. - build with --enable-shared and --enable-static for libcryptsetup.a - create debian/libcryptsetup1.symbols with help of dpkg-gensymbols * add debian/cryptsetup.lintian-override for two false positives * raise build-depends on debhelper and debian/compat for that reason * update README.remote to work with latest dropbear package. thanks to debian@x.ray.net. * make all crypttab fields available to keyscripts as environment variables. thanks to ludwig nussel from suse for idea and implmentation. document this in crypttab(5) manpage. impelement the same environment variables in initramfs cryptroot script. * fix formatting errors in crypttab(5) manpage. -- Jonas Meurer Thu, 15 Oct 2009 19:26:14 +0200 cryptsetup (2:1.0.7-2) unstable; urgency=low * add a paragraph to the cryptsetup manpage that mentions /proc/crypto as source for available crypto ciphers, modes, hashs, keysizes, etc. (closes: #518266) * fix luksformat to check for mkfs.$fs both in /sbin and /usr/sbin. thanks to Jon Dowland. (closes: #539734) * mention era eriksson as author of the typo fixes for manpage (submitted as bug #476624) in changelog of cryptsetup 2:1.0.6-3. (closes: #541344) * bump standards-version to 3.8.3. no changes needed. * add 04_no_stderr_success.patch, which adds an option to suppress success messages to stderr. don't apply the patch as this already has been fixed upstream in another way. next cryptsetup release will print the command successfull message to stdout only if opt_verbose is set. * add checkscripts blkid and un_blkid for the reason that vol_id will be removed from udev soon. advertise the new scripts at all places that mentioned vol_id or un_vol_id before. * add /usr/share/bug/cryptsetup which adds /proc/cmdline, /etc/crypttab, /etc/fstab and output of 'lsmod' to bugs against cryptsetup. * add debian/README.remote, which describes how to setup a cryptroot system with support for remote unlocking via ssh login into the initramfs. Thanks to debian@x.ray.net for writing it down. * update debian/copyright for current format from dep.debian.net/deps/dep5 * add chainiv, cryptomgr and krng to standard list of modules in initramfs cryptroot hook. (closes: #541835) * add a section describing LUKS header backups and related security implications to README.Debian. a tool to automate this task should not be distributed at all. (closes: #432150) -- Jonas Meurer Tue, 01 Sep 2009 12:38:02 +0200 cryptsetup (2:1.0.7-1) unstable; urgency=low * new upstream release, highlights include (diff from ~rc1): - allow removal of last slot in luksRemoveKey and luksKillSlot - eject unsupported --offset and --skip options for luksFormat * make passdev accept a timeout option, thanks to Evgeni Golov for the patch. (closes: #502598) * finally add the cryptsource delay implementation from ubuntu, as it seems to workaround some issues where appearance of the root device takes longer than expected. (closes: #488271) * execute udev_settle before $cryptremove if $cryptcreate fails at setup_mapping() in the initramfs cryptroot script. it seems like a short delay and/or udev_settly is needed in between of 'cryptsetup create' and 'cryptsetup remove'. thanks to Gernot Schilling for the bugreport. (closes: #529527) * talk about /dev/urandom instead of /dev/random in crypttab manpage. (closes: #537344) * check for $IGNORE before check_key() in handle_crypttab_line_start() * rewrite error code handling: - return 1 for errors in handle_crypttab_line_{start|stop} - handle_crypttab_line_... || true needed due to set -e in initscript - check for exit code of handle_crypttab_line_{start Thu, 30 Jul 2009 17:41:16 +0200 cryptsetup (2:1.0.7~rc1-2) unstable; urgency=low * flag the root device with rootdev option at /conf/conf.d/cryptroot in initramfs hook, check for that flag before adding ROOT=$NEWROOT to /conf/param.conf in initramfs script. that should prevent the initramfs script from adding ROOT=$NEWROOT for resume devices. (closes: #535801) -- Jonas Meurer Wed, 15 Jul 2009 11:44:45 +0200 cryptsetup (2:1.0.7~rc1-1) unstable; urgency=low * new upstream release candidate, highlights include: - use better error messages if device doesn't exist or is already used by other mapping (closes: #492926) - check device size when loading LUKS header - add some error hint if dm-crypt mapping failed (key size and kernel version check for XTS and LRW mode for now) (closes: #494584) - display device name when asking for password - retain readahead of underlying device, if devmapper version supports it - set UUID in device-mapper for LUKS devices - define device-mapper crypt UUID maximal length and check for its size - add some checks for error codes, fixes warning: ignoring return value... - update LUKS homepage in manpage to code.google.com/p/cryptsetup * patches/01_fix_make_distclean.patch: removed, incorporated upstream * patches/02_manpage.patch: updated, mostly incorporated upstream * remove invokation of ./setup-gettext.sh from debian/rules. * set $PATH in checks/xfs. Required to make /usr/sbin/xfs_admin work at early boot stage. Thanks to Stefan Bender. (closes: #525118) * update path to docbook-xsl stylesheet in debian/rules to /usr/share/xml/docbook/stylesheet/docbook-xsl/. Add versioned build-depends to docbook-xsl (>= 1.74.3+dfsg) for that reason. * fix bashisms in scripts/decrypt_opensc, thanks to Raphael Geissert. (closes: #530060) * fix UUID and LABEL handling for cryptroot, thanks to Kees Cook and ubuntu. (closes: #522041) * add ROOT=$NEWROOT to /conf/param.conf in cryptroot initramfs script. This is required for lilo to find the correct root device. Thanks to Pyotr Berezhkov and Christian Schaarschmidt. (closes: #511447, #511840) * replace mini autogen.sh with autoreconf in debian/rules. Thanks to Bastian Kleineidam. (closes: #522798) * support escaped newlines in askpass.c, thanks to Kees Cook and ubuntu. (closes: #528133) * use the same passphrase prompt in init script and initramfs script * mention the incoherent behaviour of cryptsetup create/luksOpen with invalid passwords/keys in cryptsetup manpage. (closes: #529359) * bump standards-version to 3.8.2, no changes required. * add 'X-Interactive: true' LSB-header to initscripts. * fix bash_completion script to use 'command ls'. that way it now works with aliased ls as well. thanks to Daniel Dehennin. (closes: #535351) -- Jonas Meurer Sat, 04 Jul 2009 15:52:06 +0200 cryptsetup (2:1.0.6+20090405.svn49-1ubuntu8) lucid; urgency=low [ Steve Langasek ] * Make the 'start' action of the init script a no-op, this should be handled entirely by the upstart job now; and remove any symlinks from /etc/rcS.d on upgrade. LP: #473615. [ Reinhard Tartler ] * Add an apport hook * import the blkid and un_blkid from debian, LP: #446517 * also use this script by default (setting in /etc/default/cryptdisks) -- Steve Langasek Wed, 04 Nov 2009 12:06:47 +0000 cryptsetup (2:1.0.6+20090405.svn49-1ubuntu7) karmic; urgency=low * Reupload previous version, siretart had left changes in bzr which weren't documented in the changelog and caused FTBFS. -- Scott James Remnant Wed, 14 Oct 2009 13:57:59 +0100 cryptsetup (2:1.0.6+20090405.svn49-1ubuntu6) karmic; urgency=low [ Steve Langasek ] * Move the Debian Vcs- fields aside. [ Scott James Remnant ] * debian/cryptdisks-enable.upstart: Don't overcompensate for my idiocy, cryptsetup should not need a controlling terminal, just a terminal is fine. May fix LP: #439138. -- Scott James Remnant Wed, 14 Oct 2009 04:52:16 +0100 cryptsetup (2:1.0.6+20090405.svn49-1ubuntu4) karmic; urgency=low * debian/cryptdisks-enable.upstart: Things that often help include not setting stdin/out to /dev/null, so you can actually type the passphrase. I am an idiot. LP: #430496. -- Scott James Remnant Thu, 17 Sep 2009 17:58:01 +0100 cryptsetup (2:1.0.6+20090405.svn49-1ubuntu3) karmic; urgency=low * debian/cryptdisks-enable.upstart: add upstart job to enable encrypted disks once we've finished probing for udev devices, so that mountall can use them. LP: #430496. -- Scott James Remnant Thu, 17 Sep 2009 00:04:00 +0100 cryptsetup (2:1.0.6+20090405.svn49-1ubuntu2) karmic; urgency=low * debian/initramfs/cryptroot-conf: declare that we want usplash included in the initramfs whenever this package is installed. LP: #427356. -- Steve Langasek Tue, 15 Sep 2009 08:43:15 -0700 cryptsetup (2:1.0.6+20090405.svn49-1ubuntu1) karmic; urgency=low * Merge from debian unstable, remaining changes: - Ubuntu specific: + debian/rules: link dynamically for better security supportability and smaller packages. + debian/control: Depend on initramfs-tools so system is not potentially rendered unbootable. - debian/initramfs/cryptroot-script wait for encrypted device to appear, report with log_*_msg (debian bug 488271). - debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation between fstab and crypttab (debian bug 522041). - debian/askpass.c, debian/initramfs/cryptroot-script: using newline escape in passphrase prompt to avoid line-wrapping (debian bug 528133). * Drop 04_fix_udevsettle_call.patch: fixed upstream differently. -- Kees Cook Sun, 10 May 2009 17:29:32 -0700 cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low * New upstream svn snapshot. Highlights include: - Uses remapping to error target instead of calling udevsettle for temporary crypt device. (closes: #514729, #498964, #521547) - Removes lots of autoconf stuff as it's generated by autogen.sh anyway. - Uses autopoint in build process, thus needs to Build-Depend on cvs. - Fixes signal handler to proper close device. - Wipes start of device before LUKS-formatting. - Allows deletion of key slot with it's own key. (closes: #513596) - Checks device mapper communication and gives proper error message in case the communication fails. (closes: #507727) * Update debian patches accordingly: - Remove obsolete patches 01_gettext_package and 03_check_for_root - Update patch 02_manpage * Add missing newlines to some error messages in passdev.c. Thanks to Christoph Anton Mitterer for bugreport and patch. (closes: #509067) * Move keyscripts in initramfs from /keyscripts to /lib/cryptsetup/scripts for the sake of consistency between initramfs and normal system. Document this change in NEWS.Debian. (closes: #509066) * Fix $LOUD in cryptdisks.init and cryptdisks.functions to take effect. Add LOUD="yes" to cryptdisks_start. (closes: #513149) * cryptdisks_{start,stop}: print error message if no entry is found in crypttab for the given name. * Actually fix watchfile to work with code.google.com. * Update Homepage field to code.google.com URL. (closes: #516236) * Fix location of ltmain.sh, build-depend on versioned libtool. (closes: #521673, #522338) * Some minor changes to make lintian happy: - use set -e instead of /bin/sh -e in preinst. - link to GPL v2 in debian/copyright * Bump standards-version to 3.8.1, no changes needed. * Fix a typo in NEWS.Debian. (closes: #522387) * Taken from ubuntu: - debian/checks/un_vol_id: dynamically build the "unknown volume type" string, to allow for encrypted swap, (closes: #521789, #521469). Fix sed to replace '/' with '\/' instead of '\\/' in device names. - disable error message 'failed to setup lvm device' (LP 151532). -- Jonas Meurer Mon, 06 Apr 2009 08:49:14 +0200 cryptsetup (2:1.0.6-7ubuntu7) jaunty; urgency=low * debian/control: Depend on initramfs-tools so system is not potentially rendered unbootable (LP: #358654). -- Kees Cook Thu, 09 Apr 2009 12:29:31 -0700 cryptsetup (2:1.0.6-7ubuntu6) jaunty; urgency=low * debian/initramfs/cryptroot-script: we don't require vol_id to understand the encrypted device, but we should check the device is fully up first before continuing by calling udevadm settle. LP: #291752. -- Steve Langasek Sat, 07 Mar 2009 21:39:14 -0800 cryptsetup (2:1.0.6-7ubuntu5) jaunty; urgency=low * debian/initramfs/cryptroot-hook: fix support for UUID and LABEL correlation between fstab and crypttab (LP: #287879). -- TJ Mon, 16 Feb 2009 23:00:00 +0000 cryptsetup (2:1.0.6-7ubuntu4) jaunty; urgency=low * debian/askpass.c: also handle newline escape code in console prompt. -- Kees Cook Sun, 15 Feb 2009 08:57:05 -0800 cryptsetup (2:1.0.6-7ubuntu3) jaunty; urgency=low [ https://launchpad.net/~svenkata ] * debian/checks/un_vol_id: dynamically build the "unknown volume type" string, to allow for encrypted swap, LP: #316607 -- Dustin Kirkland Thu, 12 Feb 2009 16:57:30 -0600 cryptsetup (2:1.0.6-7ubuntu2) jaunty; urgency=low * debian/askpass.c: handle newline escape code in password prompt. * debian/initramfs/cryptroot-script: add newline to split cryptroot password prompt onto two lines for readability (LP: #326900). -- Kees Cook Sun, 08 Feb 2009 07:26:01 -0800 cryptsetup (2:1.0.6-7ubuntu1) jaunty; urgency=low * Merge from debian unstable, remaining changes: - debian/initramfs/cryptroot-script: - must source /scripts/functions to get the log_*_msg() functions. - wait for encrypted device to show up (LP 164044, 291752). - disable error message 'failed to setup lvm device' (LP 151532). - debian/rules: - fix location of ltmain.sh (Ubuntu-specific until libtool 2.2.x is in Debian unstable). - link dynamically (LP 62751). - add 04_fix_udevsettle_call.patch: fix path to binary for udevsettle. * Revert versioned build-depency on libdevmapper-dev, since Ubuntu's version is higher now. -- Kees Cook Tue, 06 Jan 2009 13:00:16 -0800 cryptsetup (2:1.0.6-7) unstable; urgency=medium * Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE in configure.in. * Support keyfiles option in bash completion. Thanks to Stefan Goebel for the patch. (closes: #499936) * Update patches/02_manpage.patch: Fix the documnetation of default cipher for LUKS mappings. (closes: #495832) * Update debian/watch file to reflect the move of project home to code.google.com. * Check for $CRYPTDISKS_ENABLE in cryptdisks initscripts instead of cryptdisks.functions. This way, cryptdisks_start/stop work even with $CRYPTDISKS_ENABLE != "yes". Thanks to Pietro Abate. (closes: #506643) * Add force-start to cryptdisks(-early).init in order to support starting noauto devices manually. Thanks to Niccolo Rigacci. (closes: #505779) * Document how to enable remote device unlocking via dropbear ssh server in the initramfs during boot process. Thanks to Chris for the great work. (closes: #465902) * Completely remove support and documentation of the timeout option, document this in NEWS.Debian. (closes: #495509, #474120) * Use exit instead of return in decrypt_ssl keyscript. Thanks to Rene Wagner. (closes: #499704) * Fix initramfs/cryptpassdev-hook to check for passdev instead of mountdev. Thanks to Christoph Anton Mitterer. * cryptdisks.functions: - Search for keyscript in /lib/cryptdisks/scripts. the cryptoroot initramfs script already supports keyscripts without path as argument. Thanks to Christoph Anton Mitterer. * README.initramfs: - Remove the mention of bug #398302 from the section about suspend/resume, as this bug has been fixes for some time now. - Remove step 6 (mkswap) from the section about decrypt_derived, as it was superfluous. Thanks to Helmut Grohe. (closes: #491867) * Fix initramfs/cryptroot-script to use the lvm binary instead of vgchange. Thanks to Marc Haber. (closes: #506536) * Make get_lvm_deps() recursive in initramfs/cryptroot-hook. This is required to detect the dm-crypt device in setups with more than one level of device mapper mappings. For example if LVM is used with snapshots on top of the dm-crypt mapping. Thanks to Christian Jaeger for bugreport and patch, Ben Hutchings and Yves-Alexis Perez for help with debugging. (closes: #507721) * urgency=medium due to several important fixes. -- Jonas Meurer Wed, 17 Dec 2008 21:25:45 +0100 cryptsetup (2:1.0.6-6ubuntu2.1) intrepid-proposed; urgency=low * debian/initramfs/cryptroot-script: do not require that vol_id can parse the encrypted device as valid (LP: #291752). -- Kees Cook Fri, 31 Oct 2008 13:10:06 -0700 cryptsetup (2:1.0.6-6ubuntu2) intrepid; urgency=low * Fixes for (LP: #272301) * debian/initramfs/cryptroot-script: must source /scripts/functions to get the log_*_msg() functions * 04_fix_udevsettle_call.patch: fix path to binary for udevsettle -- Dustin Kirkland Fri, 19 Sep 2008 18:03:28 -0500 cryptsetup (2:1.0.6-6ubuntu1) intrepid; urgency=low * drop almost all ubuntu specific changes from the cryptsetup package, because they have been merged in debian. Thanks a lot! * merge from debian, remaining changes: - remove versioned build-depency on libdevmapper-dev, we are using a rather sophisticated loop for making sure the root filesystem appears. * debian/rules: fix location of ltmain.sh * don't exit usplash anymore in the init script. LP: #110970, #139363 * Disable error message 'failed to setup lvm device'. It is harmless, and caused by the fact that the udev rules provided by lvm2 are setting up the lvm on their own. In debian the scripts here are responsible for this but obviously fail in ubuntu. LP: #151532 -- Reinhard Tartler Sat, 30 Aug 2008 17:52:16 +0200 cryptsetup (2:1.0.6-6) unstable; urgency=high * Don't cat keyfile into pipe for do_noluks(). cryptsetup handles --key-file=- different for luks and plain dm-crypt mappings. This time really (closes: #493848). Thus again upload with urgency=high. -- Jonas Meurer Sat, 09 Aug 2008 13:36:31 +0200 cryptsetup (2:1.0.6-5) unstable; urgency=high * Fix watch file to not report -pre and -rc releases as superior. * Remove the global var $SIZE from cryptdisks.functions again but keep the extended value checks. * Remove the udev rules file also in preinst, code taken from example at http://wiki.debian.org/DpkgConffileHandling. Thanks Marco d'Itri. (closes: #493151) * Remove duplicated configuration of --key-file in $PARAMS at do_noluks(). (closes: #493848). * Invoke mount_fs() and umount_fs() in cryptdisks_start, add log_action_begin_msg() and log_action_end_msg() to both cryptdisk_start and cryptdisks_stop. * Copy fd 3 code from do_start and do_stop to cryptdisks_start and cryptdisks_stop to fix "keyscript | cryptsetup". (closes: #493622) * This upload fixes two RC bugs, thus upload with severity=high. -- Jonas Meurer Wed, 06 Aug 2008 10:19:21 +0200 cryptsetup (2:1.0.6-4) unstable; urgency=medium [ David Härdeman ] * Make sure $IGNORE is reset as necessary, patch by Thomas Luzat (closes: #490199) * Use askpass in init scripts as well (closes: #489033, #477203) [ Jonas Meurer ] * Don't copy_exec libgcc1 in cryptopensc initramfs hook, as it's already copied by copy_exec /usr/sbin/pcscd automaticly. Thanks to Evgeni Golov . (closes: #490300) * Remove the udev rules file again as the relevant rules are now provided by dmsetup package which cryptsetup depends on. * Add splashy support to askpass, thanks to John Hughes for the patch. (closes: #492451) The support is limited to cryptroot though, as splashy freezes for passphrase input dialogs from initscripts. Document that in README.Debian. * Now that askpass is used as keyscript for interactive mode, it's not necessary to set cryptsetup parameter '--tries=$TRIES' and TRIES=1 for interactive mode anymore in cryptdisks.functions. * Implement special treatment for random passphrases now that we use "--key-file=-" for all situations. Only necessary in do_noluks. * Fix the passphrase prompt string in initramfs/cryptroot.script to use $cryptsource instead of $cryptsources. * Major documentation cleanup for lenny: - Rewrite CryptoSwap.HowTo in README.Debian, remove CryptoSwap.HowTo. - Refer to README.initramfs instead of CryptoRoot.HowTo for encrypted root filesystem in README.Debian. - Remove outdated docs CryptoRoot.HowTo, usbcrypto.udev and gen-old-ssl-key as well as the decrypt_old_ssl keyscript. - Remove debian/TODO, didn't have any useful content anyway. - Fix section ''9. The "decrypt_derived" keyscript'': Add swap option to the example line for crypttab and other minor fixes. Thanks to Helmut Grohne . (closes: #491867) * urgency=medium since important (#492451) and security (#477203) bugs get fixed by this upload. -- Jonas Meurer Mon, 28 Jul 2008 00:21:44 +0200 cryptsetup (2:1.0.6-3) unstable; urgency=low [ Jonas Meurer ] * Fix cryptdisks.functions to actually recognize the noauto option. Thanks to Christian Pernegger (closes: #483882) * Update patches/02_manpage.patch: - fixes two more typos, thanks to and Era Eriksson for the patch, and Bruno Barrera Yever for forwarding it to the bts (closes: #476624) - removes a duplicate sentence * Rephrase "Enter password for $crypttarget" to "Enter password to unlock the disk $cryptsource ($crypttarget)" in initramfs/cryptroot.script. * Bump Standards-Version to 3.8.0: - Add a README.source which references /usr/share/doc/quilt/README.source. - Add support for debian build option parallel=n to debian/rules. * Add a udev rules file to ignore temporary-cryptsetup-* devices, as suggested in bug #467200. Thanks to Sam Morris . * Transform debian/copyright into machine-readable code as proposed in http://wiki.debian.org/Proposals/CopyrightFormat. Update and add several copyright notices. * Change reference to docbook xml v4.2 driver file from an online version to a local one in the manpage files, as the build process should not depend on internet access. Add docbook-xml to build-depends. Thanks to Lucas Nussbaum . (closes: #487056) [ David Härdeman ] * Hopefully fix askpass to properly handle console and usplash input (closes: #477203) * Clarify crypttab manpage (closes: #487246) * Make regex work if keyfile has extended attributes, https://launchpad.net/bugs/231339 (closes: #488131) * Support comments in options part of crypttab (closes: #488128) -- Jonas Meurer Mon, 07 Jul 2008 00:30:07 +0200 cryptsetup (2:1.0.6-2ubuntu7) intrepid; urgency=low * reintroduce changes from 2:1.0.6-2ubuntu5 that have been accidentally dropped in version 2:1.0.6-2ubuntu6. -- Reinhard Tartler Fri, 20 Jun 2008 15:15:54 +0200 cryptsetup (2:1.0.6-2ubuntu6) intrepid; urgency=low [ Kjell Braden ] * load scripts/functions for log_{begin,end}_msg * debian/initramfs/cryptroot-script: wait for the cryptsource, not the resulting mapped root device * debian/initramfs/cryptroot-hook: copy binaries to the right directory [ Reinhard Tartler ] * remove versioned build-depency on libdevmapper-dev, we are using a rather sophisticated loop for making sure the root filesystem appears. -- Reinhard Tartler Wed, 18 Jun 2008 00:26:43 +0200 cryptsetup (2:1.0.6-2ubuntu5) intrepid; urgency=low * Okay, I give up. include preprocessed manpages and adapt debian/rules to easily produce those. ATTENTION: on subsequent uploads, make sure that the manpages are available and up-to-date. -- Reinhard Tartler Sun, 15 Jun 2008 13:33:07 +0200 cryptsetup (2:1.0.6-2ubuntu4) intrepid; urgency=low * also use local dtd in debian/doc/variables.xml.in. -- Reinhard Tartler Sun, 15 Jun 2008 12:55:42 +0200 cryptsetup (2:1.0.6-2ubuntu3) intrepid; urgency=low * try harder to fix FTBFS. -- Reinhard Tartler Sun, 15 Jun 2008 11:42:54 +0200 cryptsetup (2:1.0.6-2ubuntu2) intrepid; urgency=low * build docbook documentation using local dtds instead of trying to download them at buildtime. Fixes FTBFS. -- Reinhard Tartler Sun, 15 Jun 2008 11:12:28 +0200 cryptsetup (2:1.0.6-2ubuntu1) intrepid; urgency=low * Merge new debian version. Remaining changes: - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using bzr on launchpad. - debian/rules: cryptsetup is linked dynamically against libgcrypt and libgpg-error. - cryptdisks.functions: stop usplash on user input. LP #62751 - Parse comments in lines not starting with '#', LP #185380 - If the encrypted source device hasn't shown up yet, give it a little while to deal with removable devices. LP #164044 * Depend on race-free version of libdevmapper, thus making udevsettle call from cryptsetup binary unnecessary. Dropping patch debian/patches/06_run_udevsettle.patch * remove patch from LP #73862, loading optimized modules has been solved in debian in another way. * cryptdisk.functions: remove spurious call to load_optimized_module. LP: #239946 * bugfix: make regex work if keyfile has extended attributes. LP: #231339. * remove patch in cryptdisks.functions for rexecing the script itself for ensuring that a tty is always available. (See LP #58794.) According to Scott, this is not necessary anymore. -- Reinhard Tartler Sat, 14 Jun 2008 23:28:51 +0200 cryptsetup (2:1.0.6-2) unstable; urgency=low [ Jonas Meurer ] * Taken from ubuntu: - debian/scripts/luksformat: Use 256 bit key size by default. (LP: #78508) - debian/patches/02_manpage.patch: Clarify default key sizes (128 for luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508) * Use 'shred -uz' instead of 'rm -r' to remove a tempfile that contains a key in gen-ssl-key example script. [ David Härdeman ] * Misc bugfixes to askpass, make sure it is installed to the correct location and is built using pedantic mode. * Change the initramfs script to use askpass to prompt for passphrases, this should hopefully fix #382375 and #465902 once it is enabled in the init scripts as well. * Add a keyscript called passdev which allows a keyfile to be retrieved from a device which is first mounted, mainly useful to get keyfiles off USB devices etc. * Unbreak MODULES=dep booting (closes: #478268) * Relax checks for suspend devices a bit (closes: #477658) * Convert man pages to docbook. -- David Härdeman Mon, 26 May 2008 08:12:32 +0200 cryptsetup (2:1.0.6-1ubuntu4) intrepid; urgency=low [ Kjell Braden ] * Fix configuration parsing (LP: #239808) [ Reinhard Tartler ] * cryptroot-script: use 'echo' instead of 'log_begin_msg' (LP: #237723) -- Reinhard Tartler Fri, 13 Jun 2008 21:26:17 +0200 cryptsetup (2:1.0.6-1ubuntu3) intrepid; urgency=low * Parse comments in lines not starting with '#', LP: #185380 * in cryptroot hook, don't rely on 'udevadm settle' to wait long enough for the cryptdevice to appear. Reimplement the busy waiting loop found while waiting for the root file system. Patch based on work by Swâmi Petaramesh. LP: #164044 * debian/crypdisks.functions: call 'env' with full path. LP: #178829. -- Reinhard Tartler Mon, 26 May 2008 22:12:32 +0200 cryptsetup (2:1.0.6-1ubuntu2) intrepid; urgency=low * Simplify the patch in debian/cryptdisks.functions that stops usplash before asking for a passphrase. -- Reinhard Tartler Mon, 26 May 2008 20:18:14 +0200 cryptsetup (2:1.0.6-1ubuntu1) intrepid; urgency=low * Merge new debian version. Remaining changes: - cryptsetup is linked dynamically against libgcrypt and libgpg-error. - stop usplash on user input. LP #62751 - debian/cryptdisks.functions: Always output and read from the console. LP #58794. - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using bzr on launchpad. - debian/initramfs/cryptroot-hook: LP #73862 Added patch to install aes optimized cypher module - try to load optimized cypher module in cryptsetup.functions as well, because cryptroot-hook is only executed when we really have a cryptoroot. * other ubuntu changes have been merged into debian. Please report bugs if you believe some patches have been dropped. * removed 07_typos_fix.patch, has been reviewed and applied upstream. -- Reinhard Tartler Sun, 25 May 2008 22:52:30 +0200 cryptsetup (2:1.0.6-1) unstable; urgency=low [ Jonas Meurer ] * new upstream release - reload option is depreciated and a warning is printed. (closes: #428288) * convert patch system from dpatch to quilt. * enhance the information regarding the default hash setting in NEWS.Debian. Thanks to Ross Boylan . * change author of keyslot patch to Marc Merlin in changelog, thanks to U. Kuehn for raising that issue. * doing some debian/rules redesign and cleanup, speeds up the build process. * ignore devices with the noauto option early enough to prevent any checks on them. Thanks to Joachim Breitner (closes: #464672) * update debian/copyright to actually mention copyright, thanks lintian. * change script=$(basename $req) to script=${req##*/} in initramfs cryptroot script. Thanks to Adeodato Simó . (closes: #466240) * change test ... -a ... to [ ... ] && [ ... ] in the check scripts. * add support for tries option to initramfs scripts. Thanks to Helmut Grohne . (closes: #430158, #469869) Use --tries=1 for cryptsetup in the initramfs script. Document the difference between initscript and initramfs for tries=0 in the crypttab manpage. * add, build and install askpass.c, a helper program by David Härdeman. The idea is to use it for passphrase prompt in the initramfs script. [ David Härdeman ] * Work with LABEL=, UUID= and symlinks in /etc/fstab (closes: #466175) * Improve module loading in initramfs hook so that the newer as well as arch specific crypto drivers are taken into consideration (closes: #464673) * Depend on race-free version of libdevmapper, thus making udevsettle call from cryptsetup binary unnecessary. Also change call to udevsettle in initramfs script (which is still useful as it related to the source device) to optionally use udevadm if present (closes: #456326). -- Jonas Meurer Mon, 31 Mar 2008 15:58:35 +0200 cryptsetup (2:1.0.6~pre1+svn45-1) unstable; urgency=low * New upstream svn snapshot: - Adds typo fixes by Justin Pryzby to cryptsetup.8 manpage. - Mentions luksKillSlot in the manpage. Thanks to Alexander Heinlein . (closes: #459206) - Adds the patch by Marc Merlin to support explicit key slots for luksFormat and luksAddKey. Thanks to U. Kuehn, who figured out that this patch wasn't applied even though changelog said so. - Supports adding new keys to active devices again. Thanks to Tobias Frost for the bugreport. (closes: #460409) * Add support for a custom filesystem for /tmp. Patch provided by Hans-Peter Oeri . * Add X-Start-Before headers to cryptdisks and cryptdisks-early initscripts. Thanks to Petter Reinholdtsen for report and patch. (closes: #458944) * Add support for a noauto option to cryptdisks. Thanks to U Kuehn for the idea. * Add typo fixes by Justin Pryzby to crypttab.5 manpage. (closes: #460994) * Add a cryptdisks_stop script, corresponding to cryptdisks_start. Thanks to Joachim Breitner for the idea. (closes: #459832) * Change log_progress_msg to log_action_msg in cryptdisks.functions. That way a newline is printed after the start of every device. Thanks to Frans Pop for the bugreport. (closes: #461548) * Add bash_completition script provided by Kevin Locke . (closes: #423591) * Fix a spelling error in the package description: linux -> Linux. * Fix bashisms in cryptdisks_{start,stop} found by Raphael Geissert . * Change the default hash in initramfs scripts from sha256 to ripemd160 for consistency with cryptsetup default. Add information about that to NEWS.Debian. Thanks to martin f krafft . (closes: #406317) -- Jonas Meurer Wed, 30 Jan 2008 09:01:52 +0100 cryptsetup (2:1.0.6~pre1-1) unstable; urgency=low [ Jonas Meurer ] * New upstream alpha release 1.0.6~pre1: - [01_crypt_luksFormat_libcryptsetup.dpatch] removed, applied upstream - [02_manpage.dpatch] likewise - [04_fix_unused_or_unitialized_variables.dpatch] likewise - [05_segfault_at_nonexisting_device.dpatch] likewise - [06_run_udevsettle.dpatch] update for new upstream * Disable 03_check_for_root.dpatch. As Ludwig Nussel mentioned on dm-crypt@saout.de, cryptsetup 1.0.5 already prints out meaningfull errors if expected permissions are not available. Therefore the check for uid == 0 is superfluous. * [06_run_udevsettle.dpatch] Run udevsettle after device-mapper device creation. Fixes issues with temporary device files in /dev/mapper. Patch by Reinhard Tartler from Ubuntu. (closes: #444914) * Add support for offset and skip options to cryptdisks/crypttab. Thanks to Marc-Jano Knopp. (closes: #446674) * Update the long description in debian/control. Don't mention kernel 2.6.4 any longer, remove references to /usr/share/doc/cryptsetup/CryptoRoot.HowTo and mkinitrd. * Add noearly option to cryptdisks/crypttab, which causes cryptdisks-early to ignore the entry. Thanks to Joerg Jaspert (closes: #423102) * Change log_progress_msg "$dst (started)" to device_msg "$dst" "started" in cryptdisks.functions. Makes console output of cryptdisks more consistent. * Add cryptdisks_start and patch to cryptdisks.functions by Jon Dowland. Also add a manpage for cryptdisks_start(8). (closes: #447159) * Add load_optimized_module() function to cryptdisks.functions. Initial idea by Reinhard Tartler from Ubuntu, enhanced by David Härdeman. (closes: #445186) * Add support for UUID=.. device strings to initramfs cryptroot-hook. Thanks to Reinhard Tartler from Ubuntu for the patch. (closes: #445189) * Support UUID=... and LABEL=... device strings in /etc/crypttab. Thanks to Martin Pitt from Ubuntu for the patch. (closes: #445189) * Add Vcs-Browser and Vcs-Svn fields to debian/control. * Fix debian/rules to not fail to build if autom4te.cache is left behind from a previous incomplete build. Patch again taken from Ubuntu. * Mention in the crypttab manpage that files are allowed as source. In that case they are mounted as loopback device automatically. Thanks to Michal Cihar (closes: #451909) * At stopping dm-crypt devices really remove the corresponding loopback device if one has been used. Thanks to Rene Pavlik for report and to David Härdeman, who had the idea for the fix. (closes: #451916) * Also remove loopback devices if the cryptsetup device setup fails. * Document a possible deadlock if cryptsetup is invoked as a 'run programm' in a udev role. This i related to the invokation of udevsettle in cryptsetup. Thanks to Dick Middleton for reporting and debugging. (closes: #444914) * Move umount_fs() from handle_crypttab_line() to the end of do_start(). * Bump Standards-Version to 3.7.3.0. No changes needed. * Remove unused litian-override file * Remove --build $(DEB_BUILD_GNU_TYPE) and --host $(DEB_HOST_GNU_TYPE) from invocation of ./configure, as they are already included in $(confflags). -- Jonas Meurer Thu, 06 Dec 2007 15:56:05 +0100 cryptsetup (2:1.0.5-2ubuntu12) hardy; urgency=low * added debian/patches/07_typos_fix.dpatch: fixed typos in man pages. (LP: #164181) -- Bruno Barrera Yever Mon, 07 Apr 2008 18:43:05 -0500 cryptsetup (2:1.0.5-2ubuntu11) hardy; urgency=low * debian/initramfs/cryptroot-script: Do show the disk name after all, since some people use multiple encrypted partitions as LVM PVs. (LP: #201413) -- Martin Pitt Sun, 06 Apr 2008 11:54:41 -0600 cryptsetup (2:1.0.5-2ubuntu10) hardy; urgency=low * debian/initramfs/cryptroot-script: Do not mention the name of the encrypted device. It is just technobabble anyway (sda4_crypt), and there is just one root partition ever, so it is not needed to tell apart different partitions. From a security POV, someone who can change your initramfs to boot a different root partition can just as well change the strings, too. (LP: #201413) -- Martin Pitt Wed, 02 Apr 2008 15:51:53 +0200 cryptsetup (2:1.0.5-2ubuntu9) hardy; urgency=low * debian/scripts/luksformat: Use 256 bit key size by default. (LP: #78508) * debian/patches/02_manpage.dpatch: Clarify default key sizes (128 for luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508) -- Martin Pitt Wed, 27 Feb 2008 17:43:46 +0100 cryptsetup (2:1.0.5-2ubuntu8) hardy; urgency=low * Fix -x calls and access() call. -- Scott James Remnant Fri, 14 Dec 2007 16:54:53 +0000 cryptsetup (2:1.0.5-2ubuntu7) hardy; urgency=low * debian/initramfs/cryptroot-script: call udevadm instead of udevsettle * debian/patches/06_call_udevsettle.dpatch: likewise -- Scott James Remnant Fri, 14 Dec 2007 16:11:36 +0000 cryptsetup (2:1.0.5-2ubuntu6) hardy; urgency=low * Make cryptsetup understand devices specified by UUID=... or LABEL= in crypttab. (LP: #153597) -- Andrea Colangelo Mon, 29 Oct 2007 18:22:51 +0100 cryptsetup (2:1.0.5-2ubuntu5) hardy; urgency=low * reenable additional udevsettle calls in cryptroot hook from https://launchpad.net/bugs/85640, LP: #132373. * change maintainer to ubuntu-core-dev. * use Vcs-Bzr instead of XSCB-Vcs-Bzr header in debian/control. -- Reinhard Tartler Thu, 08 Nov 2007 23:52:19 +0100 cryptsetup (2:1.0.5-2ubuntu4) hardy; urgency=low * reapply changes from version 2:1.0.5-2ubuntu2, got dropped with last upload. Sorry, pitti. * convert patch to lib/libdevmapper.c to a dpatch. -- Reinhard Tartler Sun, 04 Nov 2007 21:42:43 +0100 cryptsetup (2:1.0.5-2ubuntu3) hardy; urgency=low * RELIABILY FIX: lib/libdevmapper.c: Ensure that pending device creation events are being processed by calling /sbin/udevsettle. Patch based on OpenSUSE bug #285478, LP: #132373. * Based on the change above, the patch from LP #85640 is no longer needed. dropping the relevant parts. * Fix debian/rules to not fail to build if autom4te.cache is left behind from a previous incomplete build. -- Reinhard Tartler Fri, 02 Nov 2007 20:53:31 +0100 cryptsetup (2:1.0.5-2ubuntu2) gutsy; urgency=low * debian/initramfs/cryptroot-script: - If the supplied password worked, remove the prompt from usplash again, so that the user has some visual feedback that everything is alright. (LP: #151305) - Do not show the UUID device node of the outer physical device. It is scary ("/dev/disk/by-uuid/1234yadayada") and displaying it does not improve security at all: If attackers can tamper with your initramfs, they can also change the prompt, and if the UUID of the physical device changes, then booting will not even get that far. Now it is a much more friendly "Enter passphrase for sda5_crypt:" which is still technical, but it's necessary to point out which device will be unlocked in case there are several. -- Martin Pitt Thu, 11 Oct 2007 19:51:58 +0200 cryptsetup (2:1.0.5-2ubuntu1) gutsy; urgency=low * Merge new debian version. Remaining changes: - cryptsetup is linked dynamically against libgcrypt and libgpg-error. This will break systems where /usr is a separate encrypted filesystem but not have other bad consequences (in particular, systems with encrypted root are still fine). The upsides include better security supportability and smaller packages. - libcryptsetup.so et al removed from the binary packages. They have no stable ABI and are not suitable for use by other packages, and were in violation of library policies etc. They're not needed since the cryptsetup executable statically contains the relevant parts of libcryptsetup. - cryptdisks.functions: remove #!/bin/bash as it isn't a script by itself; it's only sourced by other scripts. This gets rid of the lintian warning `script-not-executable' for this file. - stop usplash on user input. LP #62751 - Always output and read from the console. LP #58794. - Add XSBC-Vcs-Bzr tag to indicate that this package is managed using bzr on launchpad. - Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate libnsl linkage; - debian/initramfs/cryptroot-hook: (LP: #73862) Added patch to install aes optimized cypher module - try to load optimized cypher module in cryptsetup.functions as well, because cryptroot-hook is only executed when we really have a cryptoroot. - apply patch from pitti for allowing UUIDs in /etc/crypttab. This allowes crypted PVs! LP: #144390. - remove README.ubuntu, since it contains old and obsolete information. -- Reinhard Tartler Tue, 02 Oct 2007 21:31:28 +0200 cryptsetup (2:1.0.5-2) unstable; urgency=low [ Jonas Meurer ] * Add libselinux1-dev and libsepol1-dev to build-depends. Detected by the build daemon from hell by Steinar H. Gunderson. Thanks to Manoj Srivastava for advice. * Fix the watchfile * Fix cryptopensc-hook to honor key=none. Thanks to Daniel Baumann (closes: #436434) * Remove outdated README.html and example usbcrypto.* scripts from documentation. Add example usbcrypto.udev script. Thanks to Volker Sauer for the update. (closes: #409775) * Document that stdin is read different with '--key-file=-' than without. Thanks to Marc Haber. (closes: #418450) * Document that --timeout is useless in conjunction with --key-file. Thanks Alexander Zangerl. (closes: #421693) * [03_check_for_root.dpatch] Check for UID == 0 before actually doing something. Thanks to Benjamin Seidenberg. (closes: #401766) * [04_fix_unused_or_unitialized_variables.dpatch] Fix some gcc warnings about unused or unitialized variables. Thanks to Ludwig Nussel for the patch. * [05_segfault_at_nonexisting_device.dpatch] Fix segfault when trying to open a non existing device. Thanks to Ludwig Nussel for the patch. (closes: #438198) * Add CFLAGS="$(CFLAGS)" before ./configure invocation in debian/rules. This way CFLAGS are passed to the configure script. Thanks to Gordon Farquharson for the patch. (closes: #438450) * Add a warning about missing hash option in crypttab to initramfs cryptoroot hook. Thanks to Sebastian Leske for the patch. (closes: #438169) * Add support for openct using data objects on a smartcard as key. Thanks to Daniel Baumann for patch and documentation. (closes: #438473) * Polish opensc_decrypt and openct_decrypt. * Add initramfs patch by maximilian attems. Bump depends on initramfs-tools to (>= 0.91). (closes: #441428) * several cleanups to make lintian happy: - remove #!/bin/sh from cryptsetup.functions as it is not executable. - remove unused-override configure-generated-file-in-source config.log. - add some hyphen fixes to patches/02_manpage.dpatch * Filter out the detection of filesystem type 'minix' in checks vol_id and un_vol_id if checking for any valid filesystem. The minix fs signature seems short enough to be detected erroneously by /lib/udev/vol_id. Thanks to Fredrik Olofsson and arno for the bugreport. (closes: #411784) * Add Homepage field to debian/control. -- Jonas Meurer Mon, 24 Sep 2007 15:42:06 +0200 cryptsetup (2:1.0.5-1ubuntu5) UNRELEASED; urgency=low * apply patch from pitti for allowing UUIDs in /etc/crypttab. This allowes crypted PVs! LP: #144390. * remove README.ubuntu, since it contains old and obsolete information. -- Reinhard Tartler Tue, 02 Oct 2007 19:59:24 +0200 cryptsetup (2:1.0.5-1ubuntu4) gutsy; urgency=low [ Stephan Hermann ] * debian/initramfs/cryptroot-hook: (LP: #73862) - Added patch to install aes optimized cypher module [ Reinhard Tartler ] * re-applying old patch to new package version * try to load optimized cypher module in cryptsetup.functions as well, because cryptroot-hook is only executed when we really have a cryptoroot. -- Reinhard Tartler Thu, 27 Sep 2007 19:38:48 +0200 cryptsetup (2:1.0.5-1ubuntu3) gutsy; urgency=low * Bump libgcrypt11 build-dependency again to 1.2.4-2ubuntu2 to eliminate libnsl linkage; should finally produce a usable cryptsetup binary for the udeb. -- Colin Watson Wed, 19 Sep 2007 15:28:52 +0100 cryptsetup (2:1.0.5-1ubuntu2) gutsy; urgency=low * Bump libgcrypt11 build-dependency to 1.2.4-2ubuntu1 and rebuild for proper udeb dependencies. -- Colin Watson Wed, 19 Sep 2007 01:37:02 +0100 cryptsetup (2:1.0.5-1ubuntu1) gutsy; urgency=low * Merge new debian version. Remaining changes: - cryptsetup is linked dynamically against libgcrypt and libgpg-error. This will break systems where /usr is a separate encrypted filesystem but not have other bad consequences (in particular, systems with encrypted root are still fine). The upsides include better security supportability and smaller packages. - libcryptsetup.so et al removed from the binary packages. They have no stable ABI and are not suitable for use by other packages, and were in violation of library policies etc. They're not needed since the cryptsetup executable statically contains the relevant parts of libcryptsetup. - cryptdisks.functions: remove #!/bin/bash as it isn't a script by itself; it's only sourced by other scripts. This gets rid of the lintian warning `script-not-executable' for this file. - stop usplash on user input. LP #62751 - Always output and read from the console. LP #58794. * Add XSBC-Vcs-Bzr tag to indicate that this package is managed using bzr on launchpad. * UVF exception request granted by Scott Kitterman and Chuck Short LP: #138295 -- Reinhard Tartler Sat, 08 Sep 2007 19:04:54 +0200 cryptsetup (2:1.0.5-1) unstable; urgency=low [ Jonas Meurer ] * New upstream release, nearly identical to svn snapshot svn29. * Fix watch file to use cryptsetup instead of cryptsetup-luks. * Add 01_crypt_luksFormat_libcryptsetup.dpatch - rename luksInit to luksFormat in libcryptsetup.h. * Merge some ubuntu changes: - make luksformat check if filesystem is already mounted to prevent a strange error message. - modprobe dm-mod in cryptsetup.functions. - wait for udev to be settled in initramfs script. [ David Härdeman ] * Allow other crypto devices to be setup even if one fails. (closes: #423100) * Remove an incorrect warning in postinst. -- Jonas Meurer Fri, 27 Jul 2007 04:59:33 +0200 cryptsetup (2:1.0.4+svn29-1ubuntu6) gutsy; urgency=low * Add notes by Ilkka Tuohela in a new file debian/README.ubuntu -- Reinhard Tartler Sat, 08 Sep 2007 18:43:56 +0200 cryptsetup (2:1.0.4+svn29-1ubuntu5) gutsy; urgency=low * cryptsetup is linked dynamically against libgcrypt and libgpg-error. This will break systems where /usr is a separate encrypted filesystem but not have other bad consequences (in particular, systems with encrypted root are still fine). The upsides include better security supportability and smaller packages. * libcryptsetup.so et al removed from the binary packages. They have no stable ABI and are not suitable for use by other packages, and were in violation of library policies etc. They're not needed since the cryptsetup executable statically contains the relevant parts of libcryptsetup. * cryptdisks.functions: remove #!/bin/bash as it isn't a script by itself; it's only sourced by other scripts. This gets rid of the lintian warning `script-not-executable' for this file. -- Ian Jackson Fri, 31 Aug 2007 12:05:33 +0100 cryptsetup (2:1.0.4+svn29-1ubuntu4) gutsy; urgency=low * s/$CRYPTCMD/cryptsetup/ in debian/cryptdisks.functions (LP: #115617) -- Reinhard Tartler Tue, 29 May 2007 17:04:05 +0200 cryptsetup (2:1.0.4+svn29-1ubuntu3) gutsy; urgency=low * make luksformat check if filesystem is already mounted to prevent a strange error message. thanks to mvo for the patch (LP: #116633) * remove file debian/initramfs-cryptroot-script from source. it is not installed anywhere, and a leftover from the last merge. * add missing hunk of cryptsetup.functions compared to debian package. * reapply http://librarian.launchpad.net/7329604/bug85640.debdiff to debian/initramfs/cryptroot-script, since stgraber's patch has been lost in the last merge. (LP: #85640) -- Reinhard Tartler Tue, 29 May 2007 15:02:57 +0200 cryptsetup (2:1.0.4+svn29-1ubuntu2) gutsy; urgency=low * modprobe dm-mod from cryptsetup.functions. (LP: #64625, #91405) -- Reinhard Tartler Tue, 29 May 2007 13:31:39 +0200 cryptsetup (2:1.0.4+svn29-1ubuntu1) gutsy; urgency=low * Merge from Debian unstable. Remaining Ubuntu changes: - stop usplash on user input. Ubuntu: #62751 - Always output and read from the console. Ubuntu: #58794. - Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) * Modify Maintainer value to match Debian-Maintainer-Field Spec -- Andrea Veri Sun, 6 May 2007 22:33:25 +0200 cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low * New upstream svn snapshot with several bugfixes - remove 01_tries_fix.dpatch, added upstream -- Jonas Meurer Wed, 02 May 2007 02:48:37 +0200 cryptsetup (2:1.0.4+svn26-3) unstable; urgency=low * Add cryptdevice name to prompt before actually starting it. Thanks to Joerg Jaspert. (closes: #421803) -- Jonas Meurer Wed, 02 May 2007 01:05:22 +0200 cryptsetup (2:1.0.4+svn26-2) unstable; urgency=low [ David Härdeman ] * Fix typo in crypttab(5), the ext checkscript is called ext2, not ext3. (closes: #410390) * Use the initramfs-tools keymap support instead of our own (requires initramfs-tools >= 0.87) * Add support for usplash password prompt (closes: #397981) * Remove the "ssl" and "gpg" options which are supported by keyscripts since October 2006 (see NEWS for details). * Spring cleaning of cryptdisks.functions, now supports multiple tries for keyscripts and uses lsb logging. (closes: #420105, #383808) [ Jonas Meurer ] * Add 01_tries_fix.dpatch, makes the --tries commandline option work again. (closes: #414326, #412064) * Document the un_vol_id check script, remove the swap check script from documentation. The swap check indeed is rather useless, thanks to Frank Engler . The script itself is kept for compability issues. (closes: #406837) * Add smartcard keyscript and initramfs-tools hooks/scripts. This adds support for disk encryption with smartcards, even for root disks. Thanks a lot to Gerald Turner for the patch and a smartcard reader for testing this. (closes: #416528) * update copyright file: change "program" to "package", and mention GPL version 2. add a full disclaimer. * Add "--showkeys" to the dmsetup invocation in decrypt_derived script. (closes: #420399) * Fixes in cryptdisks.functions: - Don't suppress error messages at mount and unmount and don't break if 'mount $point' fails. - Fix handling of checks and prechecks, the vars somehow where mixed - Really use $CHECKARGS if it's defined - Rename "stopped" to "stopping" for devices which are shutdown at 'cryptdisks stop' (show a difference to already stopped devices). -- Jonas Meurer Sat, 28 Apr 2007 20:45:50 +0200 cryptsetup (2:1.0.4+svn26-1ubuntu2) feisty; urgency=low * Wait for Udev to be ready to avoid partition non-detection. (LP: #85640) -- Stéphane Graber Thu, 14 Apr 2007 10:03:41 +0200 cryptsetup (2:1.0.4+svn26-1ubuntu1) feisty; urgency=low * merge debian changes. Remaining ubuntu changes: - stop usplash on user input. Ubuntu: #62751 - Always output and read from the console. Ubuntu: #58794. -- Reinhard Tartler Sat, 3 Feb 2007 21:30:03 +0100 cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high [ Jonas Meurer ] * New upstream svn snapshot 1.0.4+svn26 - contains a slightly modified patch by Rob Walker to fix a sector size error. (closes: #403075) - fixes a LUKS header corruption on arm, which downgrades bug #403426 from critical to important. - prevents password retrying with I/O errors. * handle chainmode/essiv "plain" correctly in initramfs hook. Thanks to Leonard Norrgard. (closes: #402417) * remove 'rm -rf m4' from a clean target in debian/rules. * urgency=high to get this into etch. [ David Härdeman ] * Document the difference in default hash functions between the initramfs scripts and the plain cryptsetup binary. (closes: #398429) * Verify symlinks for source devices when initramfs is generated and correct if necessary. (closes: #405301) -- Jonas Meurer Tue, 9 Jan 2007 21:53:06 +0100 cryptsetup (2:1.0.4+svn16-2) unstable; urgency=high [ David Härdeman ] * Add cbc to standard list of modules. Thanks to Michael Olbrich . (closes: #401370) * Fix support for crypto-on-evms. Thanks to Enrico Gatto . (closes: #402417) [ Jonas Meurer ] * urgency=high to get this into etch. -- Jonas Meurer Thu, 14 Dec 2006 01:41:40 +0100 cryptsetup (2:1.0.4+svn16-1) unstable; urgency=medium [ David Härdeman ] * Support adding separate blockcipher modules to initramfs image (necessary for kernels >= 2.6.19) * Hashing was previously not done correctly when decrypt_derived was used [ Jonas Meurer ] * Add new upstream patch 02_luks_var_keysize.dpatch. Cryptsetup no longer segfaults with unsupported keysize. (closes: #381973) * Urgency medium as we really want these fixes in etch. -- Jonas Meurer Tue, 28 Nov 2006 18:17:12 +0100 cryptsetup (2:1.0.4-8ubuntu2) feisty; urgency=low * fix and improve initramfs hook: terminate usplash if running, since adequate secure text input is not possible with usplash ATM * usplash support: Terminate usplash before asking a password. Closes https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/62751 -- Reinhard Tartler Wed, 24 Jan 2007 22:43:28 +0100 cryptsetup (2:1.0.4-8ubuntu1) feisty; urgency=low * merge debian changes, remaining patches: - Always output and read from the console. Ubuntu: #58794. * other changes have been merged or do noy apply anymore * read password via usplash if available in initramfs for rootfs. based on a patch from Swen Thümmler (Thanks for that!) Ubuntu #62751 * read password from initscript via usplash if running. should fix the rest of Ubuntu #62751. Only problem with that patch: It asks only once for the password! improvements welcome! -- Reinhard Tartler Sun, 19 Nov 2006 20:04:19 +0100 cryptsetup (2:1.0.4-8) unstable; urgency=high [ Jonas Meurer ] * Add 'set -e' and 'if ...; then ... fi' to cryptdisks-early as well. [ David Härdeman ] * Make sure that a failed modprobe does not break with 'set -e'. (closes: #398799) -- Jonas Meurer Thu, 16 Nov 2006 16:59:35 +0100 cryptsetup (2:1.0.4-7) unstable; urgency=low [ David Härdeman ] * Do not try to configure resume devices which we cant get the key for and also try harder to find resume devices. (closes: #397887, #397888) * Kill some more bashisms. * Only try three times per crypto device in initramfs scripts to avoid unbootable systems if a swap partition can't be setup. * Added decrypt_derived keyscript and improved documentation of latest changes, see README.initramfs for details. -- Jonas Meurer Tue, 14 Nov 2006 16:27:51 +0100 cryptsetup (2:1.0.4-6) unstable; urgency=high [ David Härdeman ] * Improve LVM dependency checks in initramfs hook. Thanks to Loïc Minier for the patch. (closes: #397633, #397651) -- Jonas Meurer Thu, 9 Nov 2006 13:55:48 +0100 cryptsetup (2:1.0.4-5) unstable; urgency=high [ David Härdeman ] * Make sure that duplicate entries in initramfs do not block the boot (closes: #397454) * Do not check for the presence of a key if the keyscript option is set (closes: #397450) -- Jonas Meurer Tue, 7 Nov 2006 18:03:41 +0100 cryptsetup (2:1.0.4-4) unstable; urgency=high [ David Härdeman ] * Readd and document the kernel boot argument "cryptopts" due to user demand * Implement support for multiple device setup in initramfs. (closes: #394136, #382280) * Remove bashisms. (closes: #396092) * Fix FTBFS by altering dpatch so that it is applied to Makefile.in.in before configure is executed. (closes: #396126) [ Jonas Meurer ] * Only warn for insecure keyfile mode/owner. Add some information about insecure keys in README.Debian. (closes: #395357, #394134) -- Jonas Meurer Fri, 3 Nov 2006 02:22:49 +0100 cryptsetup (2:1.0.4-3) unstable; urgency=medium [ Jonas Meurer ] * Suggest dosfstools. Needed for the default settings in luksformat. Thanks to Loïc Minier . (closes: #393473) * Suggest initramfs-tools (>= 0.60) | linux-initramfs-tool as well. * Still urgency=medium for the same reasons [ David Härdeman ] * Change the previous fix for #388871 to use the original patch from Loïc Minier . This also removes the bogus UTF8 char. (closes: #393895) -- Jonas Meurer Wed, 18 Oct 2006 23:03:47 +0200 cryptsetup (2:1.0.4-2) unstable; urgency=medium [ Jonas Meurer ] * Fix postinst, use 'elif [ -z $foo] || [ -z $bar ]; then ...' * Fix a typo in cryptdisks.functions, change $opt to $opts for more consistency with the postinst script. * Fix mount_fs() in cryptdisks.functions to actually do what we want it to do. Up to now, the initscript stopped if a mountpoint failed to mount. * urgency=medium to get cryptsetup 1.0.4 into etch -- Jonas Meurer Tue, 17 Oct 2006 16:16:02 +0200 cryptsetup (2:1.0.4-1) unstable; urgency=low [ David Härdeman ] * Always update the current initramfs when a new version is installed * Move the double-ssl decryption into a keyscript and change the ssl option to use that script instead * Move the gpg key decryption into a keyscript and change the gpg option to use that script instead * Clean up cryptdisks.functions * Let initramfs-tools know that we need busybox in the initramfs image * Fix bogus error message from initramfs hook, based on patch by Loïc Minier . (closes: #388871) * Remove the undocumented kernel boot argument "cryptopts" * Always add some crypto modules/tools to the initramfs image unless MODULES=dep. (closes: #389835) * Update README.initramfs. * Add checks and warnings that the ssl and gpg options are going away in favour of the keyscript option * Fix the decrypt_ssl script (closes: #390514) [ Jonas Meurer ] * New upstream release. - [01_terminal_output.dpatch] removed, finally went upstream - [02_docs_tries.dpatch] removed, went upstream - [03_fix_build_error.dpatch] renamed to 01_fix_build_error.dpatch * Fix SYNOPSIS in crypttab(5) manpage to show all arguments as mandatory. Thanks to Michael Steinfurth. * Check in postinst for entries with missing arguments in /etc/crypttab. Warn is one is found. Thanks to Michael Steinfurth (closes: #388083) * Fix pretest for encrypted swap. Allow unencrypted swap on the source device. Thanks to Dennis Furey. (closes: #387158) * Fix posttest for encrypted swap. Don't skip if a swap filesystem is found on the target device. Thanks to Sam Couter. (closes: #385317) * Use 'set -e' and 'if [ -r ]; then ...; fi' in init script. Thanks to Goswin Brederlow. (closes: #390354) * change '... > &2' to ... >&2' in cryptdisks.functions -- Jonas Meurer Mon, 16 Oct 2006 19:22:41 +0200 cryptsetup (2:1.0.4~rc2-1) unstable; urgency=low [ Jonas Meurer ] * Add some more german translations to de.po. * Add a note to NEWS.Debian where the fix for #376393 is explained. thanks to Robert Bihlmeyer for the report. (closes: #379719) * Allow swap filesystems to be overwritten when the swap flag is set. thanks to Raphaël Quinet for the report. (closes: #379771) * Update to upstream 1.0.4-rc2. (closes: #378422, #379726, closes: #379723) * removed patches 03-05, merged upstream. * [01_terminal_output.dpatch] updated for new upstream. * [02_docs_tries.dpatch] updated for new upstream, to fix luksDelKey documentation and to give more information about the keysize. (closes: #379084) [ David Härdeman ] * Make sure that README.initramfs is included in the package (closes #380048) * Replace panic calls in cryptsetup script with exit 1 to match the behaviour of other scripts. The regular initramfs script will panic later when root isn't detected anyway * Make all four fields in crypttab mandatory (closes: #370180, #376941) * Add UTF8 keyboard input support to initramfs image (closes: #379737) * Add a keyscript option (closes: #370302, #375913) * [03_fix_build_error.dpatch] patch po/Makefile with more recent gettext implementation. -- Jonas Meurer Mon, 4 Sep 2006 03:55:35 +0200 cryptsetup (2:1.0.3-3ubuntu3) edgy; urgency=low * Always output and read from the console. Ubuntu: #58794. -- Scott James Remnant Thu, 21 Sep 2006 03:05:18 +0100 cryptsetup (2:1.0.3-3ubuntu2) edgy; urgency=low * Load the dm-crypt module on startup. Ubuntu: #53475. -- Scott James Remnant Wed, 23 Aug 2006 11:53:49 +0200 cryptsetup (2:1.0.3-3ubuntu1) edgy; urgency=low * Sync with Debian: Remaining Ubuntu Changes + debian/cryptdisks.functions: - Tell usplash to quit if we ask for a passphrase -- Sebastian Dröge Tue, 11 Jul 2006 20:03:27 +0200 cryptsetup (2:1.0.3-3) unstable; urgency=low [ Jonas Meurer ] * revert the change that for swap devices the vol_id check is run by default. if the swap partition is encrypted with a random key, the check will always fail. thanks to Mika Bostrom (closes: #371135, #371160, #377434) * fix the vol_id checkscript to do what it's expected to do. * add the un_vol_id checkscript, which does the reverse of vol_id. * use 'check=un_vol_id, checkargs=swap' for swap devices per default. * added do_close function to cryptdisks.functions, as do_swap needs to use it. up to now, 'cryptsetup remove' was invoked regardless whether the device contains a LUKS partition or not. this is fixed now too. * allow custom check scripts. check only if $CHECK exists in /lib/cryptsetup/checks/ and use the given value as full path otherwise. * make precheck for no_luks mandatory, fail if any known filesystem is found. * update crypttab manpage to reflect the checksystem changes. added an own section for check scripts. update the CheckSystem documentation. * update and simplify the gen-ssl-key script, thanks to Markus Nass * move gen-ssl-key, decrypt_ssl and luksformat to debian/scripts in the source. * add new directory /lib/cryptsetup/scripts/ for key decryption scripts like decrypt_ssl and decrypt_gpg. * add 05_fix_pointer_and_int_comparison.dpatch, fixes compiler warnings on 64bit architectures. Thanks to David Härdeman for the patch. * revert the order of do_start and do_stop at 'cryptdisks restart'. thanks to Hans Peter Wiedau for pointing out that silly typo. (closes: #377591) [ David Härdeman ] * Support root-on-crypto-on-lvm in the initramfs scripts without having to change the root variable (closes: #371846) * If possible, load correct keymap in the initramfs image before any password prompts (closes: #376393) -- Jonas Meurer Mon, 10 Jul 2006 20:01:02 +0200 cryptsetup (2:1.0.3-2) unstable; urgency=low [ David Härdeman ] * Add patch by Arjan Oosting (closes: #369575) * add new check 'vol_id', which uses /lib/udev/vol_id from udev and supports checks for any known filesystem type. implement a new option checkargs in cryptdisks for that. suggest udev. closes one half of #370302. thanks to Markus Nass and Darvid Härdeman for the suggestion. * always check for a swap partition before running mkswap * updated README.Debian, Checksystem.Doc and crypttab.5.txt accordingly. * drop usage of strings from swap check, as it is in /usr/bin. thanks to Markus Nass. -- Jonas Meurer Mon, 5 Jun 2006 18:27:07 +0200 cryptsetup (2:1.0.3-1) unstable; urgency=low [ Jonas Meurer ] * new upstream release, 1.0.3 final - Add alignPayload patch by Peter Palfrader (closes: #358388) - meaningful exitcodes and password retrying by Johannes Weißl (closes: #359277) * add 01_terminal_timeout.dpatch from Andres Salomon . - gets rid of getpass(), which is obsolete according to manpage - restores the terminal state before doing the timeout (closes: #364153) * add 02_docs_tries.dpatch, to describe --tries in the cryptsetup manpage. * add 03_stdin_input.dpatch from David Härdeman , fixes input from stdin, accepts input with more than 32 characters (closes: #364529, #365333) * add 04_status_exit_codes.dpatch from David Härdeman , fixes the exit codes of 'cryptsetup status' * provide a cryptsetup-udeb package (closes: #358422) * remove debian/luksformat.8 in clean target (closes: #358386) * fix update-rc.d arguments to start cryptdisks in rc0 and rc6. it is not really started [but stopped], but still the links need to be named S48cryptdisks. otherwise it will be invoked before umountfs. * add initramfs cryptroot functionality, thanks to David Härdeman for the patch (closes: #358452) * rename /lib/cryptsetup/init_functions to cryptdisks.functions * move most of /etc/init.d/cryptdisks to cryptdisks.functions. /etc/init.d/cryptdisks now does not much more than importing cryptdisks.functions. required for running two seperate cryptdisks initscripts. * split the cryptdisks initscript into cryptdisks-early and cryptdisks. actually both scripts do the same except having slightly different output. the early script is run before lvm/evms/... are started, and the other one after they are started. (closes: #363007) * add support for mount to cryptdisks. this makes it possible to use keyfiles from removable media. see the crypttab.5 manpage for more information. * use upstream cryptsetup tries option instead of the shell code in cryptdisks. rename cryptdisks 'retry' option to 'tries'. * document the fact, that the default settings in /etc/default/cryptdisks take only effect if the relevant option is set without a value in crypttab. add the environment section to crypttab.5.txt (closes: #364203) * update the TODO list. * update crypdisks.default * run do_swap and do_tmp. Thanks to Riku Voipio (closes: #365633) * bump Standards-Version to 3.7.2.0, no changes needed [ David Härdeman ] * add lvm capabilities to initramfs scripts (closes: #362564) * add cryptsetup.postinst which executes update-initramfs when cryptsetup is first installed (not on upgrades) -- Jonas Meurer Sat, 13 May 2006 19:45:08 +0200 cryptsetup (2:1.0.2+1.0.3-rc3-1) unstable; urgency=low [ Jonas Meurer ] * new upstream release candidate: - fixes sector size of the temporary mapping (closes: #355156) - more verbose error logging (closes: #353755, #356288, #258376) - upstream accepted my patches to the manpage * fixed spelling error in README.Debian * removed debian/cryptsetup.sgml, outdated * ran ispell against doc files in debian/, fixed many typos * change /usr/share/cryptsetup to /lib/cryptsetup in crypttab.5.txt (closes: #354910) * add --build (and maybe even --host) to configure flags, for cross-compiling * remove debian/luksformat.8 in clean target * fix bashism in cryptdisks. thanks to Michal Politowski (closes: #356484) * add support for openssl encrypted keys, based on a patch by General Stone (closes: #350615) * add some code to support gnupg encrypted keys, some parts are missing. -- Jonas Meurer Fri, 17 Mar 2006 00:42:41 +0100 cryptsetup (2:1.0.2+1.0.3-rc2-1) unstable; urgency=low [ Jonas Meurer ] * new upstream version 1.0.3-rc2, fixing issues with devmapper * new upstream version 1.0.3-rc1, doesn't use essiv per default * new upstream version (1.0.2) released - add --timeout option for interactive usage - add --batch-mode option to suppress input verifications * install local cryptsetup.8 copy instead of the upstream manpage - mention --readonly as possible option to luksOpen (closes: #353753) - mention --batch-mode, --timeout, --version - transform remaining option hyphens from '-' to '\-' * merged ubuntu patches: - modify cryptdisks init script to use lsb functions - add luksformat and a manpage * removed postinst and postrm, empty scripts * added a README.Debian and a TODO * added a NEWS file for Debian, and explain both the upstream transition from plain cryptsetup to cryptsetup-luks, and the check options for crypttab. * install manpages using dh_installman, not with install * updated CryptoRoot.HowTo, mention /etc/mkinitrd/modules and different linux-image versions. (closes: #344867) * removed needless debian/hack * added debian/watch * bumped debhelper compat level to 5, add versioned depends on debhelper (>> 5.0.0) * update debian/cryptsetup.8 to mention batch-mode and timeout * updated cryptdisks - modify init script to use lsb functions, at least where possible - updated comments for cryptdisks.default - moved option parsing and setup of loopback devices to seperate functions. added a new include file /lib/cryptsetup/init_functions with functions parse_opts, lo_setup, check_key, do_luks, do_noluks, do_swap, do_tmp - always check for the source device exists before running cryptsetup - hardcode precheck for LUKS to use 'cryptsetup isLuks'. this is much safer than allowing other random prechecks, as it manifests that the source device actually is a LUKS partition. - don't remove the LUKS device when postcheck fails, as the supplied password/key is correct anyway. - use the new 'timeout' commandline option of cryptsetup instead of an external wrapper - be silent for not existing devices per default. Implement the loud option for crypttab to warn if a device does not exist. - remerge postchecks and prechecks into checks. - don't disable swap & luks combination, instead disable luks with /dev/random, /dev/urandom or /dev/hwrandom as key. - run parse_opts before check_key, to know whether we use luks or not [ Michael Gebetsroither ] * converted crypttab.sgml to asciidoc * added dependencies for asciidoc to manpage conversion * added developer documentation for a robust checksystem into cryptdisks -- Jonas Meurer Sun, 26 Feb 2006 20:04:49 +0100 cryptsetup (2:1.0.1-16) unstable; urgency=low [ Jonas Meurer ] * already fixed in 2:1.0.1-14: binaries xor and delay from usbcrypto.mkinitrd don't exist in debian. replaces with a perl script and /bin/sleep. thanks to wesley terpstra for the help. (closes: #324353) * clean cryptdisks from bashisms (closes: #350360) * check for /usr/bin/timeout before using it in cryptdisks. First, it's only available when /usr is mounted, and that is not definitive when cryptdisks is run at boot time. Second, timeout is a non-essential debian package, and not neccecarily installed. The usage of /usr/bin/timeout in any case is only a temporary workaround. * move /usr/share/cryptsetup to /lib/cryptsetup, as the checks need to be available at boot time, before local filesystems (like i.e. /usr) are mounted. * replace RETRY=`expr $RETRY - 1` with RETRY=$(($RETRY-1)), as expr is in /usr/bin. * install init.d script and default file with dh_installinit (closes: #350548) * don't build-depend on cvs -- Jonas Meurer Mon, 30 Jan 2006 17:54:50 +0100 cryptsetup (2:1.0.1-15) unstable; urgency=low [ Jonas Meurer ] * rebuilt with -sa, to include the sources into upload -- Jonas Meurer Fri, 27 Jan 2006 18:18:46 +0100 cryptsetup (2:1.0.1-14) unstable; urgency=low [ Jonas Meurer ] * added a configurable timeout option for interactive password prompt. set the default timeout to 180 seconds in /etc/default/cryptdisks, and documented the crypttab option in the crypttab manpage. (closes: #328961) * fixed the default "precheck" and "postcheck" options, currently no useful precheck exists, so no default here. * removed the dummy cryptsetup-luks package, ftpmaster complains about it. [ Michael Gebetsroither ] * make small fixes to CryptoSwap.HowTo * added postcheck for swap (closes: #342079) -- Jonas Meurer Fri, 27 Jan 2006 12:59:10 +0100 cryptsetup (2:1.0.1-13) unstable; urgency=low * split the "check" in a "precheck" and a "postcheck" option - adds the possibility to check the source device before creating the decrypted target device, useful for things like swap. -- Jonas Meurer Sun, 22 Jan 2006 21:24:06 +0100 cryptsetup (2:1.0.1-12) unstable; urgency=low * correctly parse options in cryptdisks (closes: #304399) * remove the moduledir /usr/lib/cryptsetup from the deb, it's empty anyway (closes: #334648) * replace /usr/local/bin/delay with /bin/sleep in usbcrypto.mkinitrd * cosmetical changes to /etc/crypttab * add "check" and "retry" options to cryptdisks script, thanks to A Mennucc . (closes: #290626) -- Jonas Meurer Sun, 22 Jan 2006 19:46:18 +0100 cryptsetup (2:1.0.1-11) unstable; urgency=low * include sources although the debian revision is not -1 -- Jonas Meurer Sun, 22 Jan 2006 16:35:12 +0100 cryptsetup (2:1.0.1-10) unstable; urgency=low * introduce an epoch to make upgrade happen -- Jonas Meurer Sun, 22 Jan 2006 09:02:47 +0100 cryptsetup (1.0.1-9) unstable; urgency=low * rename the package to cryptsetup, provide a dummy cryptsetup-luks package * initial upload to debian -- Jonas Meurer Sun, 22 Jan 2006 08:06:25 +0100 cryptsetup-luks (1.0.1-8) unstable; urgency=low * use upstream tarball as orig.tar.gz and keep debian changes in diff.gz * change to use dpatch * adjust build environment to work with upstream sources, and without autogen.sh * merge fixes for debian scripts from cryptsetup. * keep cryptsetup manpage untouched, as merging cryptsetup and cryptsetup-luks manpages is rather complex. * set mandir to /usr/share/man for configure * add a lintian-override file -- Jonas Meurer Sun, 22 Jan 2006 06:48:30 +0100 cryptsetup-luks (1.0.1-7) unstable; urgency=high * make cryptsetup create work again (patch for lib/libdevmapper.c) -- Michael Gebetsroither Sat, 21 Jan 2006 14:39:36 +0100 cryptsetup-luks (1.0.1-6) unstable; urgency=low * recompile for new libdevmapper -- Michael Gebetsroither Tue, 10 Jan 2006 15:10:17 +0100 cryptsetup-luks (1.0.1-5) unstable; urgency=low * improved documentation for /etc/crypttab -- Michael Gebetsroither Mon, 7 Nov 2005 17:05:20 +0100 cryptsetup-luks (1.0.1-4) unstable; urgency=low * added luks option for /etc/crypttab (thx to Fabian Thorns for the initial patch) -- Michael Gebetsroither Thu, 3 Nov 2005 19:22:59 +0100 cryptsetup-luks (1.0.1-3) unstable; urgency=low * completly switched to luks upstream -- Michael Gebetsroither Thu, 11 Aug 2005 22:14:16 +0200 cryptsetup-luks (1.0.1-2) unstable; urgency=low * fixed build dependencies -- Michael Gebetsroither Mon, 20 Jun 2005 22:30:38 +0200 cryptsetup-luks (1.0.1-1) unstable; urgency=low * synced with luks upstream -- Michael Gebetsroither Mon, 20 Jun 2005 16:22:53 +0200 cryptsetup-luks (1.0-5) unstable; urgency=low * fixed a small typo in the manpage -- Michael Gebetsroither Sat, 23 Apr 2005 11:06:31 +0200 cryptsetup-luks (1.0-4) unstable; urgency=low * cleand source-tree for submitting a wishlist report into debian BTS -- Michael Gebetsroither Tue, 19 Apr 2005 18:44:13 +0200 cryptsetup-luks (1.0-3) unstable; urgency=low * updatet dependencies (libdevmapper1.00 => libdevmapper1.01) -- Michael Gebetsroither Tue, 19 Apr 2005 13:51:10 +0200 cryptsetup-luks (1.0-2) unstable; urgency=low * replaced original debian cryptsetup manpage with manpage from cryptsetup-luks -- Michael Gebetsroither Sun, 3 Apr 2005 13:33:55 +0200 cryptsetup-luks (1.0-1) unstable; urgency=low * new upstream release -- Michael Gebetsroither Sat, 2 Apr 2005 23:29:43 +0200 cryptsetup-luks (0.993-3) unstable; urgency=low * fixed dependencis -- Michael Gebetsroither Sun, 13 Feb 2005 01:28:11 +0100 cryptsetup-luks (0.993-2) unstable; urgency=low * fixed a few source problems * fixed post/pre install scripts -- Michael Gebetsroither Sat, 12 Feb 2005 16:18:07 +0100 cryptsetup-luks (0.993-1) unstable; urgency=low * synced with luks upstream -- Michael Gebetsroither Sat, 12 Feb 2005 15:50:21 +0100 cryptsetup-luks (0.992-5) unstable; urgency=low * fixed a few problems in den debian source package -- Michael Gebetsroither Sat, 12 Feb 2005 04:22:30 +0100 cryptsetup-luks (0.992-4) unstable; urgency=low * debianized the package * cleand up build system -- Michael Gebetsroither Sat, 12 Feb 2005 00:12:43 +0100 cryptsetup-luks (0.992-3) unstable; urgency=low * Fixed typo -- Michael Gebetsroither Fri, 11 Feb 2005 18:38:42 +0100 cryptsetup-luks (0.992-2) unstable; urgency=low * Added note within description -- Michael Gebetsroither Fri, 11 Feb 2005 18:21:03 +0100 cryptsetup-luks (0.992-1) unstable; urgency=low * "integrated LUKS" support (very messy hack) -- Michael Gebetsroither Thu, 10 Feb 2005 18:16:21 +0100 Fetched 148 kB in 0s (706 kB/s)