2009
cryptsetup (2:1.1.0~rc2-1) unstable; urgency=low
* new upstream release candidate (1.1.0-rc2), highlights include:
- new libcryptsetup API (documented in libcryptsetup.h)
- luksHeaderBackup and luksHeaderRestore commands (closes: #533643)
- use libgcrypt, enables all gcrypt hash algorithms for LUKS through
-h luksFormat option (closes: #387159, #537385)
- new --master-key-file option for luksFormat and luksAddKey
- use dm-uuid for all crypt devices, contains device type and name now
(closes: #548988, #549870)
- command successful messages moved to verbose level (closes: #541805)
- several code changes to improve speed of luksOpen (closes: #536415)
- luksSuspend and luksResume commands
* remove unneeded patches 03_read_rework and 04_no_stderr_success, update
02_manpage for new upstream release candidate.
* update patch to comply with DEP-3 (http://dep.debian.net/deps/dep3/)
* fix initramfs/cryptroot-hook to support setups where /dev/mapper/ contains
symlinks to devices at /dev/dm-*. the lvm2/device-mapper packages had
defaults changed to this temporary. it has been fixed in a subsequent
upload of lvm2 in the meantime, but still it's not a bad idea to be
prepared for such setups in the future. that way cryproot now supports
/dev/dm-* devices as well. (closes: #532579, #544487, #544773)
* fix initscript dependencies both for cryptdisks and cryptdisks-early.
thanks to Petter Reinholdtsen for bugreport and patch. (closes: #548356)
* finally change default behaviour of initscripts/cryptroot-hook to include
all available crypto modules into the initramfs. this change should fix
any problems with cryto modules missing from the initramfs. announce the
change in NEWS.Debian. (closes: #547597)
* add error messages to lvm detecting code in initramfs/cryptroot-script
in order to make debugging easier. (closes: #541248)
* implement detection of devices which are required by decrypt_derived
keyscript in initscripts/cryptroot-hook. that way setups where encrypted
swap has the key derived from non-root partitions should support suspend/
resume as well. (closes: #475838)
* remove outdated documentation from the source package: CryptoRoot.HowTo,
CheckSystem.Doc
* mention in README.initramfs that busybox is required for cryptroot to work
* stop creating /etc/keys in postinst maintainer script.
* update build system to include library files again: (closes: #480157)
- split into three packages: cryptsetup, libcryptsetup1, libcryptsetup-dev
- rename preinst to cryptsetup.preinst, copy code to create /etc/crypttab
skeleton into cryptsetup-udeb.preinst.
- build with --enable-shared and --enable-static for libcryptsetup.a
- create debian/libcryptsetup1.symbols with help of dpkg-gensymbols
* add debian/cryptsetup.lintian-override for two false positives
* raise build-depends on debhelper and debian/compat for that reason
* update README.remote to work with latest dropbear package. thanks to
debian@x.ray.net.
* make all crypttab fields available to keyscripts as environment variables.
thanks to ludwig nussel from suse for idea and implmentation. document
this in crypttab(5) manpage. impelement the same environment variables in
initramfs cryptroot script.
* fix formatting errors in crypttab(5) manpage.
-- Jonas Meurer <mejo@debian.org> Thu, 15 Oct 2009 19:26:14 +0200
cryptsetup (2:1.0.7-2) unstable; urgency=low
* add a paragraph to the cryptsetup manpage that mentions /proc/crypto as
source for available crypto ciphers, modes, hashs, keysizes, etc.
(closes: #518266)
* fix luksformat to check for mkfs.$fs both in /sbin and /usr/sbin. thanks
to Jon Dowland. (closes: #539734)
* mention era eriksson as author of the typo fixes for manpage (submitted as
bug #476624) in changelog of cryptsetup 2:1.0.6-3. (closes: #541344)
* bump standards-version to 3.8.3. no changes needed.
* add 04_no_stderr_success.patch, which adds an option to suppress success
messages to stderr. don't apply the patch as this already has been fixed
upstream in another way. next cryptsetup release will print the command
successfull message to stdout only if opt_verbose is set.
* add checkscripts blkid and un_blkid for the reason that vol_id will be
removed from udev soon. advertise the new scripts at all places that
mentioned vol_id or un_vol_id before.
* add /usr/share/bug/cryptsetup which adds /proc/cmdline, /etc/crypttab,
/etc/fstab and output of 'lsmod' to bugs against cryptsetup.
* add debian/README.remote, which describes how to setup a cryptroot system
with support for remote unlocking via ssh login into the initramfs. Thanks
to debian@x.ray.net for writing it down.
* update debian/copyright for current format from dep.debian.net/deps/dep5
* add chainiv, cryptomgr and krng to standard list of modules in initramfs
cryptroot hook. (closes: #541835)
* add a section describing LUKS header backups and related security
implications to README.Debian. a tool to automate this task should not be
distributed at all. (closes: #432150)
-- Jonas Meurer <mejo@debian.org> Tue, 01 Sep 2009 12:38:02 +0200
cryptsetup (2:1.0.7-1) unstable; urgency=low
* new upstream release, highlights include (diff from ~rc1):
- allow removal of last slot in luksRemoveKey and luksKillSlot
- eject unsupported --offset and --skip options for luksFormat
* make passdev accept a timeout option, thanks to Evgeni Golov for the patch.
(closes: #502598)
* finally add the cryptsource delay implementation from ubuntu, as it seems
to workaround some issues where appearance of the root device takes longer
than expected. (closes: #488271)
* execute udev_settle before $cryptremove if $cryptcreate fails at
setup_mapping() in the initramfs cryptroot script. it seems like a short
delay and/or udev_settly is needed in between of 'cryptsetup create' and
'cryptsetup remove'. thanks to Gernot Schilling for the bugreport.
(closes: #529527)
* talk about /dev/urandom instead of /dev/random in crypttab manpage.
(closes: #537344)
* check for $IGNORE before check_key() in handle_crypttab_line_start()
* rewrite error code handling:
- return 1 for errors in handle_crypttab_line_{start|stop}
- handle_crypttab_line_... || true needed due to set -e in initscript
- check for exit code of handle_crypttab_line_{start<stop} in
cryptdisks_{start|stop}, exit with proper status code (closes: #524173)
* add a counter to the while loop in cryptdisks_{start|stop}, in order to
detect if $dst was not found in crypttab. (closes: #524485)
* check for keyscript in the new location in initramfs/cryptopensc-hook.
* add README.opensc to docs, thanks to Benjamin Kiessling for writing it.
(closes: #514538)
* add patches/03_rework_read.patch [rework write_blockwise() and
read_blockwise()], but don't apply it yet as it's still experimental.
applying it will increase the speed of luksOpen.
-- Jonas Meurer <mejo@debian.org> Thu, 30 Jul 2009 17:41:16 +0200
cryptsetup (2:1.0.7~rc1-2) unstable; urgency=low
* flag the root device with rootdev option at /conf/conf.d/cryptroot in
initramfs hook, check for that flag before adding ROOT=$NEWROOT to
/conf/param.conf in initramfs script. that should prevent the initramfs
script from adding ROOT=$NEWROOT for resume devices. (closes: #535801)
-- Jonas Meurer <mejo@debian.org> Wed, 15 Jul 2009 11:44:45 +0200
cryptsetup (2:1.0.7~rc1-1) unstable; urgency=low
* new upstream release candidate, highlights include:
- use better error messages if device doesn't exist or is already used by
other mapping (closes: #492926)
- check device size when loading LUKS header
- add some error hint if dm-crypt mapping failed (key size and kernel
version check for XTS and LRW mode for now) (closes: #494584)
- display device name when asking for password
- retain readahead of underlying device, if devmapper version supports it
- set UUID in device-mapper for LUKS devices
- define device-mapper crypt UUID maximal length and check for its size
- add some checks for error codes, fixes warning: ignoring return value...
- update LUKS homepage in manpage to code.google.com/p/cryptsetup
* patches/01_fix_make_distclean.patch: removed, incorporated upstream
* patches/02_manpage.patch: updated, mostly incorporated upstream
* remove invokation of ./setup-gettext.sh from debian/rules.
* set $PATH in checks/xfs. Required to make /usr/sbin/xfs_admin work at early
boot stage. Thanks to Stefan Bender. (closes: #525118)
* update path to docbook-xsl stylesheet in debian/rules to
/usr/share/xml/docbook/stylesheet/docbook-xsl/. Add versioned build-depends
to docbook-xsl (>= 1.74.3+dfsg) for that reason.
* fix bashisms in scripts/decrypt_opensc, thanks to Raphael Geissert.
(closes: #530060)
* fix UUID and LABEL handling for cryptroot, thanks to Kees Cook and ubuntu.
(closes: #522041)
* add ROOT=$NEWROOT to /conf/param.conf in cryptroot initramfs script. This
is required for lilo to find the correct root device. Thanks to Pyotr
Berezhkov and Christian Schaarschmidt. (closes: #511447, #511840)
* replace mini autogen.sh with autoreconf in debian/rules. Thanks to Bastian
Kleineidam. (closes: #522798)
* support escaped newlines in askpass.c, thanks to Kees Cook and ubuntu.
(closes: #528133)
* use the same passphrase prompt in init script and initramfs script
* mention the incoherent behaviour of cryptsetup create/luksOpen with invalid
passwords/keys in cryptsetup manpage. (closes: #529359)
* bump standards-version to 3.8.2, no changes required.
* add 'X-Interactive: true' LSB-header to initscripts.
* fix bash_completion script to use 'command ls'. that way it now works with
aliased ls as well. thanks to Daniel Dehennin. (closes: #535351)
-- Jonas Meurer <mejo@debian.org> Sat, 04 Jul 2009 15:52:06 +0200
cryptsetup (2:1.0.6+20090405.svn49-1) unstable; urgency=low
* New upstream svn snapshot. Highlights include:
- Uses remapping to error target instead of calling udevsettle for
temporary crypt device. (closes: #514729, #498964, #521547)
- Removes lots of autoconf stuff as it's generated by autogen.sh anyway.
- Uses autopoint in build process, thus needs to Build-Depend on cvs.
- Fixes signal handler to proper close device.
- Wipes start of device before LUKS-formatting.
- Allows deletion of key slot with it's own key. (closes: #513596)
- Checks device mapper communication and gives proper error message in
case the communication fails. (closes: #507727)
* Update debian patches accordingly:
- Remove obsolete patches 01_gettext_package and 03_check_for_root
- Update patch 02_manpage
* Add missing newlines to some error messages in passdev.c. Thanks to
Christoph Anton Mitterer for bugreport and patch. (closes: #509067)
* Move keyscripts in initramfs from /keyscripts to /lib/cryptsetup/scripts
for the sake of consistency between initramfs and normal system. Document
this change in NEWS.Debian. (closes: #509066)
* Fix $LOUD in cryptdisks.init and cryptdisks.functions to take effect. Add
LOUD="yes" to cryptdisks_start. (closes: #513149)
* cryptdisks_{start,stop}: print error message if no entry is found in
crypttab for the given name.
* Actually fix watchfile to work with code.google.com.
* Update Homepage field to code.google.com URL. (closes: #516236)
* Fix location of ltmain.sh, build-depend on versioned libtool.
(closes: #521673, #522338)
* Some minor changes to make lintian happy:
- use set -e instead of /bin/sh -e in preinst.
- link to GPL v2 in debian/copyright
* Bump standards-version to 3.8.1, no changes needed.
* Fix a typo in NEWS.Debian. (closes: #522387)
* Taken from ubuntu:
- debian/checks/un_vol_id: dynamically build the "unknown volume type"
string, to allow for encrypted swap, (closes: #521789, #521469). Fix
sed to replace '/' with '\/' instead of '\\/' in device names.
- disable error message 'failed to setup lvm device' (LP 151532).
-- Jonas Meurer <mejo@debian.org> Mon, 06 Apr 2009 08:49:14 +0200
2008
cryptsetup (2:1.0.6-7) unstable; urgency=medium
* Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE
in configure.in.
* Support keyfiles option in bash completion. Thanks to Stefan Goebel for
the patch. (closes: #499936)
* Update patches/02_manpage.patch: Fix the documnetation of default cipher
for LUKS mappings. (closes: #495832)
* Update debian/watch file to reflect the move of project home to
code.google.com.
* Check for $CRYPTDISKS_ENABLE in cryptdisks initscripts instead of
cryptdisks.functions. This way, cryptdisks_start/stop work even with
$CRYPTDISKS_ENABLE != "yes". Thanks to Pietro Abate. (closes: #506643)
* Add force-start to cryptdisks(-early).init in order to support starting
noauto devices manually. Thanks to Niccolo Rigacci. (closes: #505779)
* Document how to enable remote device unlocking via dropbear ssh server
in the initramfs during boot process. Thanks to Chris <debian@x.ray.net>
for the great work. (closes: #465902)
* Completely remove support and documentation of the timeout option,
document this in NEWS.Debian. (closes: #495509, #474120)
* Use exit instead of return in decrypt_ssl keyscript. Thanks to Rene Wagner.
(closes: #499704)
* Fix initramfs/cryptpassdev-hook to check for passdev instead of mountdev.
Thanks to Christoph Anton Mitterer.
* cryptdisks.functions:
- Search for keyscript in /lib/cryptdisks/scripts. the cryptoroot initramfs
script already supports keyscripts without path as argument. Thanks to
Christoph Anton Mitterer.
* README.initramfs:
- Remove the mention of bug #398302 from the section about suspend/resume,
as this bug has been fixes for some time now.
- Remove step 6 (mkswap) from the section about decrypt_derived, as it was
superfluous. Thanks to Helmut Grohe. (closes: #491867)
* Fix initramfs/cryptroot-script to use the lvm binary instead of vgchange.
Thanks to Marc Haber. (closes: #506536)
* Make get_lvm_deps() recursive in initramfs/cryptroot-hook. This is required
to detect the dm-crypt device in setups with more than one level of device
mapper mappings. For example if LVM is used with snapshots on top of the
dm-crypt mapping. Thanks to Christian Jaeger for bugreport and patch, Ben
Hutchings and Yves-Alexis Perez for help with debugging. (closes: #507721)
* urgency=medium due to several important fixes.
-- Jonas Meurer <mejo@debian.org> Wed, 17 Dec 2008 21:25:45 +0100
cryptsetup (2:1.0.6-6) unstable; urgency=high
* Don't cat keyfile into pipe for do_noluks(). cryptsetup handles
--key-file=- different for luks and plain dm-crypt mappings. This time
really (closes: #493848). Thus again upload with urgency=high.
-- Jonas Meurer <mejo@debian.org> Sat, 09 Aug 2008 13:36:31 +0200
cryptsetup (2:1.0.6-5) unstable; urgency=high
* Fix watch file to not report -pre and -rc releases as superior.
* Remove the global var $SIZE from cryptdisks.functions again but keep the
extended value checks.
* Remove the udev rules file also in preinst, code taken from example at
http://wiki.debian.org/DpkgConffileHandling. Thanks Marco d'Itri.
(closes: #493151)
* Remove duplicated configuration of --key-file in $PARAMS at do_noluks().
(closes: #493848).
* Invoke mount_fs() and umount_fs() in cryptdisks_start, add
log_action_begin_msg() and log_action_end_msg() to both cryptdisk_start
and cryptdisks_stop.
* Copy fd 3 code from do_start and do_stop to cryptdisks_start and
cryptdisks_stop to fix "keyscript | cryptsetup". (closes: #493622)
* This upload fixes two RC bugs, thus upload with severity=high.
-- Jonas Meurer <mejo@debian.org> Wed, 06 Aug 2008 10:19:21 +0200
cryptsetup (2:1.0.6-4) unstable; urgency=medium
[ David Härdeman ]
* Make sure $IGNORE is reset as necessary, patch by Thomas Luzat
<thomas@luzat.com> (closes: #490199)
* Use askpass in init scripts as well (closes: #489033, #477203)
[ Jonas Meurer ]
* Don't copy_exec libgcc1 in cryptopensc initramfs hook, as it's already
copied by copy_exec /usr/sbin/pcscd automaticly. Thanks to Evgeni Golov
<sargentd@die-welt.net>. (closes: #490300)
* Remove the udev rules file again as the relevant rules are now provided
by dmsetup package which cryptsetup depends on.
* Add splashy support to askpass, thanks to John Hughes <john@calva.com>
for the patch. (closes: #492451) The support is limited to cryptroot
though, as splashy freezes for passphrase input dialogs from initscripts.
Document that in README.Debian.
* Now that askpass is used as keyscript for interactive mode, it's not
necessary to set cryptsetup parameter '--tries=$TRIES' and TRIES=1 for
interactive mode anymore in cryptdisks.functions.
* Implement special treatment for random passphrases now that we use
"--key-file=-" for all situations. Only necessary in do_noluks.
* Fix the passphrase prompt string in initramfs/cryptroot.script to use
$cryptsource instead of $cryptsources.
* Major documentation cleanup for lenny:
- Rewrite CryptoSwap.HowTo in README.Debian, remove CryptoSwap.HowTo.
- Refer to README.initramfs instead of CryptoRoot.HowTo for encrypted root
filesystem in README.Debian.
- Remove outdated docs CryptoRoot.HowTo, usbcrypto.udev and gen-old-ssl-key
as well as the decrypt_old_ssl keyscript.
- Remove debian/TODO, didn't have any useful content anyway.
- Fix section ''9. The "decrypt_derived" keyscript'': Add swap option to
the example line for crypttab and other minor fixes. Thanks to
Helmut Grohne <helmut@subdivi.de>. (closes: #491867)
* urgency=medium since important (#492451) and security (#477203) bugs get
fixed by this upload.
-- Jonas Meurer <mejo@debian.org> Mon, 28 Jul 2008 00:21:44 +0200
cryptsetup (2:1.0.6-3) unstable; urgency=low
[ Jonas Meurer ]
* Fix cryptdisks.functions to actually recognize the noauto option. Thanks
to Christian Pernegger <pernegger@gmail.com> (closes: #483882)
* Update patches/02_manpage.patch:
- fixes two more typos, thanks to and Era Eriksson <era@iki.fi> for the
patch, and Bruno Barrera Yever <bbyever@gmail.com> for forwarding it
to the bts (closes: #476624)
- removes a duplicate sentence
* Rephrase "Enter password for $crypttarget" to "Enter password to unlock
the disk $cryptsource ($crypttarget)" in initramfs/cryptroot.script.
* Bump Standards-Version to 3.8.0:
- Add a README.source which references /usr/share/doc/quilt/README.source.
- Add support for debian build option parallel=n to debian/rules.
* Add a udev rules file to ignore temporary-cryptsetup-* devices, as
suggested in bug #467200. Thanks to Sam Morris <sam@robots.org.uk>.
* Transform debian/copyright into machine-readable code as proposed in
http://wiki.debian.org/Proposals/CopyrightFormat. Update and add several
copyright notices.
* Change reference to docbook xml v4.2 driver file from an online version
to a local one in the manpage files, as the build process should not
depend on internet access. Add docbook-xml to build-depends. Thanks to
Lucas Nussbaum <lucas@lucas-nussbaum.net>. (closes: #487056)
[ David Härdeman ]
* Hopefully fix askpass to properly handle console and usplash input
(closes: #477203)
* Clarify crypttab manpage (closes: #487246)
* Make regex work if keyfile has extended attributes,
https://launchpad.net/bugs/231339 (closes: #488131)
* Support comments in options part of crypttab (closes: #488128)
-- Jonas Meurer <mejo@debian.org> Mon, 07 Jul 2008 00:30:07 +0200
cryptsetup (2:1.0.6-2) unstable; urgency=low
[ Jonas Meurer ]
* Taken from ubuntu:
- debian/scripts/luksformat: Use 256 bit key size by default. (LP: #78508)
- debian/patches/02_manpage.patch: Clarify default key sizes (128 for
luksFormat and 256 for create) in cryptsetup.8. (side-note in LP #78508)
* Use 'shred -uz' instead of 'rm -r' to remove a tempfile that contains a
key in gen-ssl-key example script.
[ David Härdeman ]
* Misc bugfixes to askpass, make sure it is installed to the correct
location and is built using pedantic mode.
* Change the initramfs script to use askpass to prompt for
passphrases, this should hopefully fix #382375 and #465902 once it
is enabled in the init scripts as well.
* Add a keyscript called passdev which allows a keyfile to be
retrieved from a device which is first mounted, mainly useful to get
keyfiles off USB devices etc.
* Unbreak MODULES=dep booting (closes: #478268)
* Relax checks for suspend devices a bit (closes: #477658)
* Convert man pages to docbook.
-- David Härdeman <david@hardeman.nu> Mon, 26 May 2008 08:12:32 +0200
cryptsetup (2:1.0.6-1) unstable; urgency=low
[ Jonas Meurer ]
* new upstream release
- reload option is depreciated and a warning is printed. (closes: #428288)
* convert patch system from dpatch to quilt.
* enhance the information regarding the default hash setting in NEWS.Debian.
Thanks to Ross Boylan <ross@biostat.ucsf.edu>.
* change author of keyslot patch to Marc Merlin in changelog, thanks to
U. Kuehn for raising that issue.
* doing some debian/rules redesign and cleanup, speeds up the build process.
* ignore devices with the noauto option early enough to prevent any checks
on them. Thanks to Joachim Breitner <nomeata@debian.org> (closes: #464672)
* update debian/copyright to actually mention copyright, thanks lintian.
* change script=$(basename $req) to script=${req##*/} in initramfs cryptroot
script. Thanks to Adeodato Simó <dato@net.com.org.es>. (closes: #466240)
* change test ... -a ... to [ ... ] && [ ... ] in the check scripts.
* add support for tries option to initramfs scripts. Thanks to Helmut Grohne
<helmut@subdivi.de>. (closes: #430158, #469869) Use --tries=1 for
cryptsetup in the initramfs script. Document the difference between
initscript and initramfs for tries=0 in the crypttab manpage.
* add, build and install askpass.c, a helper program by David Härdeman. The
idea is to use it for passphrase prompt in the initramfs script.
[ David Härdeman ]
* Work with LABEL=, UUID= and symlinks in /etc/fstab (closes: #466175)
* Improve module loading in initramfs hook so that the newer as well
as arch specific crypto drivers are taken into consideration
(closes: #464673)
* Depend on race-free version of libdevmapper, thus making udevsettle
call from cryptsetup binary unnecessary. Also change call to
udevsettle in initramfs script (which is still useful as it related
to the source device) to optionally use udevadm if present (closes:
#456326).
-- Jonas Meurer <mejo@debian.org> Mon, 31 Mar 2008 15:58:35 +0200
cryptsetup (2:1.0.6~pre1+svn45-1) unstable; urgency=low
* New upstream svn snapshot:
- Adds typo fixes by Justin Pryzby <jpryzby+d@quoininc.com> to cryptsetup.8
manpage.
- Mentions luksKillSlot in the manpage. Thanks to Alexander Heinlein
<alexander.heinlein@web.de>. (closes: #459206)
- Adds the patch by Marc Merlin <marc_www@merlins.org> to support explicit
key slots for luksFormat and luksAddKey. Thanks to U. Kuehn, who figured
out that this patch wasn't applied even though changelog said so.
- Supports adding new keys to active devices again. Thanks to Tobias Frost
<tobi@coldtobi.de> for the bugreport. (closes: #460409)
* Add support for a custom filesystem for /tmp. Patch provided by
Hans-Peter Oeri <hp@oeri.ch>.
* Add X-Start-Before headers to cryptdisks and cryptdisks-early initscripts.
Thanks to Petter Reinholdtsen <pere@debian.org> for report and patch.
(closes: #458944)
* Add support for a noauto option to cryptdisks. Thanks to U Kuehn
<ukuehn@acm.org> for the idea.
* Add typo fixes by Justin Pryzby <jpryzby+d@quoininc.com> to crypttab.5
manpage. (closes: #460994)
* Add a cryptdisks_stop script, corresponding to cryptdisks_start. Thanks to
Joachim Breitner <nomeata@debian.org> for the idea. (closes: #459832)
* Change log_progress_msg to log_action_msg in cryptdisks.functions. That
way a newline is printed after the start of every device. Thanks to Frans
Pop <elendil@planet.nl> for the bugreport. (closes: #461548)
* Add bash_completition script provided by Kevin Locke <kwl7@cornell.edu>.
(closes: #423591)
* Fix a spelling error in the package description: linux -> Linux.
* Fix bashisms in cryptdisks_{start,stop} found by Raphael Geissert
<atomo64+debian@gmail.com>.
* Change the default hash in initramfs scripts from sha256 to ripemd160 for
consistency with cryptsetup default. Add information about that to
NEWS.Debian. Thanks to martin f krafft <madduck@debian.org>.
(closes: #406317)
-- Jonas Meurer <mejo@debian.org> Wed, 30 Jan 2008 09:01:52 +0100
2007
cryptsetup (2:1.0.6~pre1-1) unstable; urgency=low
[ Jonas Meurer ]
* New upstream alpha release 1.0.6~pre1:
- [01_crypt_luksFormat_libcryptsetup.dpatch] removed, applied upstream
- [02_manpage.dpatch] likewise
- [04_fix_unused_or_unitialized_variables.dpatch] likewise
- [05_segfault_at_nonexisting_device.dpatch] likewise
- [06_run_udevsettle.dpatch] update for new upstream
* Disable 03_check_for_root.dpatch. As Ludwig Nussel mentioned on
dm-crypt@saout.de, cryptsetup 1.0.5 already prints out meaningfull errors
if expected permissions are not available. Therefore the check for uid ==
0 is superfluous.
* [06_run_udevsettle.dpatch] Run udevsettle after device-mapper device
creation. Fixes issues with temporary device files in /dev/mapper. Patch
by Reinhard Tartler from Ubuntu. (closes: #444914)
* Add support for offset and skip options to cryptdisks/crypttab. Thanks to
Marc-Jano Knopp. (closes: #446674)
* Update the long description in debian/control. Don't mention kernel 2.6.4
any longer, remove references to /usr/share/doc/cryptsetup/CryptoRoot.HowTo
and mkinitrd.
* Add noearly option to cryptdisks/crypttab, which causes cryptdisks-early
to ignore the entry. Thanks to Joerg Jaspert (closes: #423102)
* Change log_progress_msg "$dst (started)" to device_msg "$dst" "started" in
cryptdisks.functions. Makes console output of cryptdisks more consistent.
* Add cryptdisks_start and patch to cryptdisks.functions by Jon Dowland.
Also add a manpage for cryptdisks_start(8). (closes: #447159)
* Add load_optimized_module() function to cryptdisks.functions. Initial idea
by Reinhard Tartler from Ubuntu, enhanced by David Härdeman.
(closes: #445186)
* Add support for UUID=.. device strings to initramfs cryptroot-hook. Thanks
to Reinhard Tartler from Ubuntu for the patch. (closes: #445189)
* Support UUID=... and LABEL=... device strings in /etc/crypttab. Thanks
to Martin Pitt from Ubuntu for the patch. (closes: #445189)
* Add Vcs-Browser and Vcs-Svn fields to debian/control.
* Fix debian/rules to not fail to build if autom4te.cache is left behind
from a previous incomplete build. Patch again taken from Ubuntu.
* Mention in the crypttab manpage that files are allowed as source. In that
case they are mounted as loopback device automatically. Thanks to
Michal Cihar (closes: #451909)
* At stopping dm-crypt devices really remove the corresponding loopback
device if one has been used. Thanks to Rene Pavlik for report and to David
Härdeman, who had the idea for the fix. (closes: #451916)
* Also remove loopback devices if the cryptsetup device setup fails.
* Document a possible deadlock if cryptsetup is invoked as a 'run programm'
in a udev role. This i related to the invokation of udevsettle in
cryptsetup. Thanks to Dick Middleton for reporting and debugging.
(closes: #444914)
* Move umount_fs() from handle_crypttab_line() to the end of do_start().
* Bump Standards-Version to 3.7.3.0. No changes needed.
* Remove unused litian-override file
* Remove --build $(DEB_BUILD_GNU_TYPE) and --host $(DEB_HOST_GNU_TYPE) from
invocation of ./configure, as they are already included in $(confflags).
-- Jonas Meurer <mejo@debian.org> Thu, 06 Dec 2007 15:56:05 +0100
cryptsetup (2:1.0.5-2) unstable; urgency=low
[ Jonas Meurer ]
* Add libselinux1-dev and libsepol1-dev to build-depends. Detected by
the build daemon from hell by Steinar H. Gunderson. Thanks to Manoj
Srivastava for advice.
* Fix the watchfile
* Fix cryptopensc-hook to honor key=none. Thanks to Daniel Baumann
(closes: #436434)
* Remove outdated README.html and example usbcrypto.* scripts from
documentation. Add example usbcrypto.udev script. Thanks to Volker Sauer
for the update. (closes: #409775)
* Document that stdin is read different with '--key-file=-' than without.
Thanks to Marc Haber. (closes: #418450)
* Document that --timeout is useless in conjunction with --key-file. Thanks
Alexander Zangerl. (closes: #421693)
* [03_check_for_root.dpatch] Check for UID == 0 before actually doing
something. Thanks to Benjamin Seidenberg. (closes: #401766)
* [04_fix_unused_or_unitialized_variables.dpatch] Fix some gcc warnings
about unused or unitialized variables. Thanks to Ludwig Nussel for the
patch.
* [05_segfault_at_nonexisting_device.dpatch] Fix segfault when trying to
open a non existing device. Thanks to Ludwig Nussel for the patch.
(closes: #438198)
* Add CFLAGS="$(CFLAGS)" before ./configure invocation in debian/rules.
This way CFLAGS are passed to the configure script. Thanks to Gordon
Farquharson for the patch. (closes: #438450)
* Add a warning about missing hash option in crypttab to initramfs
cryptoroot hook. Thanks to Sebastian Leske for the patch.
(closes: #438169)
* Add support for openct using data objects on a smartcard as key. Thanks to
Daniel Baumann <baumann@swiss-it.ch> for patch and documentation.
(closes: #438473)
* Polish opensc_decrypt and openct_decrypt.
* Add initramfs patch by maximilian attems. Bump depends on initramfs-tools
to (>= 0.91). (closes: #441428)
* several cleanups to make lintian happy:
- remove #!/bin/sh from cryptsetup.functions as it is not executable.
- remove unused-override configure-generated-file-in-source config.log.
- add some hyphen fixes to patches/02_manpage.dpatch
* Filter out the detection of filesystem type 'minix' in checks vol_id and
un_vol_id if checking for any valid filesystem. The minix fs signature
seems short enough to be detected erroneously by /lib/udev/vol_id.
Thanks to Fredrik Olofsson and arno for the bugreport. (closes: #411784)
* Add Homepage field to debian/control.
-- Jonas Meurer <mejo@debian.org> Mon, 24 Sep 2007 15:42:06 +0200
cryptsetup (2:1.0.5-1) unstable; urgency=low
[ Jonas Meurer ]
* New upstream release, nearly identical to svn snapshot svn29.
* Fix watch file to use cryptsetup instead of cryptsetup-luks.
* Add 01_crypt_luksFormat_libcryptsetup.dpatch - rename luksInit to
luksFormat in libcryptsetup.h.
* Merge some ubuntu changes:
- make luksformat check if filesystem is already mounted to prevent a
strange error message.
- modprobe dm-mod in cryptsetup.functions.
- wait for udev to be settled in initramfs script.
[ David Härdeman ]
* Allow other crypto devices to be setup even if one fails.
(closes: #423100)
* Remove an incorrect warning in postinst.
-- Jonas Meurer <mejo@debian.org> Fri, 27 Jul 2007 04:59:33 +0200
cryptsetup (2:1.0.4+svn29-1) unstable; urgency=low
* New upstream svn snapshot with several bugfixes
- remove 01_tries_fix.dpatch, added upstream
-- Jonas Meurer <mejo@debian.org> Wed, 02 May 2007 02:48:37 +0200
cryptsetup (2:1.0.4+svn26-3) unstable; urgency=low
* Add cryptdevice name to prompt before actually starting it. Thanks
to Joerg Jaspert. (closes: #421803)
-- Jonas Meurer <mejo@debian.org> Wed, 02 May 2007 01:05:22 +0200
cryptsetup (2:1.0.4+svn26-2) unstable; urgency=low
[ David Härdeman ]
* Fix typo in crypttab(5), the ext checkscript is called ext2, not
ext3. (closes: #410390)
* Use the initramfs-tools keymap support instead of our own (requires
initramfs-tools >= 0.87)
* Add support for usplash password prompt (closes: #397981)
* Remove the "ssl" and "gpg" options which are supported by keyscripts
since October 2006 (see NEWS for details).
* Spring cleaning of cryptdisks.functions, now supports multiple tries
for keyscripts and uses lsb logging. (closes: #420105, #383808)
[ Jonas Meurer ]
* Add 01_tries_fix.dpatch, makes the --tries commandline option work
again. (closes: #414326, #412064)
* Document the un_vol_id check script, remove the swap check script from
documentation. The swap check indeed is rather useless, thanks to Frank
Engler <bts.to.FrankEngler@spamgourmet.com>. The script itself is kept
for compability issues. (closes: #406837)
* Add smartcard keyscript and initramfs-tools hooks/scripts. This adds
support for disk encryption with smartcards, even for root disks.
Thanks a lot to Gerald Turner <gturner@unzane.com> for the patch and a
smartcard reader for testing this. (closes: #416528)
* update copyright file: change "program" to "package", and mention GPL
version 2. add a full disclaimer.
* Add "--showkeys" to the dmsetup invocation in decrypt_derived script.
(closes: #420399)
* Fixes in cryptdisks.functions:
- Don't suppress error messages at mount and unmount and don't break
if 'mount $point' fails.
- Fix handling of checks and prechecks, the vars somehow where mixed
- Really use $CHECKARGS if it's defined
- Rename "stopped" to "stopping" for devices which are shutdown at
'cryptdisks stop' (show a difference to already stopped devices).
-- Jonas Meurer <mejo@debian.org> Sat, 28 Apr 2007 20:45:50 +0200
cryptsetup (2:1.0.4+svn26-1) unstable; urgency=high
[ Jonas Meurer ]
* New upstream svn snapshot 1.0.4+svn26
- contains a slightly modified patch by Rob Walker
<rob@tenfoot.org.uk> to fix a sector size error. (closes: #403075)
- fixes a LUKS header corruption on arm, which downgrades bug
#403426 from critical to important.
- prevents password retrying with I/O errors.
* handle chainmode/essiv "plain" correctly in initramfs hook.
Thanks to Leonard Norrgard. (closes: #402417)
* remove 'rm -rf m4' from a clean target in debian/rules.
* urgency=high to get this into etch.
[ David Härdeman ]
* Document the difference in default hash functions between the
initramfs scripts and the plain cryptsetup binary. (closes: #398429)
* Verify symlinks for source devices when initramfs is generated and
correct if necessary. (closes: #405301)
-- Jonas Meurer <mejo@debian.org> Tue, 9 Jan 2007 21:53:06 +0100
2006
cryptsetup (2:1.0.4+svn16-2) unstable; urgency=high
[ David Härdeman ]
* Add cbc to standard list of modules. Thanks to Michael Olbrich
<michael.olbrich@gmx.net>. (closes: #401370)
* Fix support for crypto-on-evms. Thanks to Enrico Gatto
<cat@legnago.linux.it>. (closes: #402417)
[ Jonas Meurer ]
* urgency=high to get this into etch.
-- Jonas Meurer <mejo@debian.org> Thu, 14 Dec 2006 01:41:40 +0100
cryptsetup (2:1.0.4+svn16-1) unstable; urgency=medium
[ David Härdeman ]
* Support adding separate blockcipher modules to initramfs image
(necessary for kernels >= 2.6.19)
* Hashing was previously not done correctly when decrypt_derived was used
[ Jonas Meurer ]
* Add new upstream patch 02_luks_var_keysize.dpatch. Cryptsetup no longer
segfaults with unsupported keysize. (closes: #381973)
* Urgency medium as we really want these fixes in etch.
-- Jonas Meurer <mejo@debian.org> Tue, 28 Nov 2006 18:17:12 +0100
cryptsetup (2:1.0.4-8) unstable; urgency=high
[ Jonas Meurer ]
* Add 'set -e' and 'if ...; then ... fi' to cryptdisks-early as well.
[ David Härdeman ]
* Make sure that a failed modprobe does not break with 'set -e'.
(closes: #398799)
-- Jonas Meurer <mejo@debian.org> Thu, 16 Nov 2006 16:59:35 +0100
cryptsetup (2:1.0.4-7) unstable; urgency=low
[ David Härdeman ]
* Do not try to configure resume devices which we cant get the key for
and also try harder to find resume devices.
(closes: #397887, #397888)
* Kill some more bashisms.
* Only try three times per crypto device in initramfs scripts to avoid
unbootable systems if a swap partition can't be setup.
* Added decrypt_derived keyscript and improved documentation of latest
changes, see README.initramfs for details.
-- Jonas Meurer <mejo@debian.org> Tue, 14 Nov 2006 16:27:51 +0100
cryptsetup (2:1.0.4-6) unstable; urgency=high
[ David Härdeman ]
* Improve LVM dependency checks in initramfs hook. Thanks to Loïc
Minier <lool@dooz.org> for the patch. (closes: #397633, #397651)
-- Jonas Meurer <mejo@debian.org> Thu, 9 Nov 2006 13:55:48 +0100
cryptsetup (2:1.0.4-5) unstable; urgency=high
[ David Härdeman ]
* Make sure that duplicate entries in initramfs do not block the boot
(closes: #397454)
* Do not check for the presence of a key if the keyscript option is
set (closes: #397450)
-- Jonas Meurer <mejo@debian.org> Tue, 7 Nov 2006 18:03:41 +0100
cryptsetup (2:1.0.4-4) unstable; urgency=high
[ David Härdeman ]
* Readd and document the kernel boot argument "cryptopts" due to user
demand
* Implement support for multiple device setup in initramfs.
(closes: #394136, #382280)
* Remove bashisms. (closes: #396092)
* Fix FTBFS by altering dpatch so that it is applied to Makefile.in.in
before configure is executed. (closes: #396126)
[ Jonas Meurer ]
* Only warn for insecure keyfile mode/owner. Add some information about
insecure keys in README.Debian. (closes: #395357, #394134)
-- Jonas Meurer <mejo@debian.org> Fri, 3 Nov 2006 02:22:49 +0100
cryptsetup (2:1.0.4-3) unstable; urgency=medium
[ Jonas Meurer ]
* Suggest dosfstools. Needed for the default settings in luksformat. Thanks
to Loïc Minier <lool@dooz.org>. (closes: #393473)
* Suggest initramfs-tools (>= 0.60) | linux-initramfs-tool as well.
* Still urgency=medium for the same reasons
[ David Härdeman ]
* Change the previous fix for #388871 to use the original patch from
Loïc Minier <lool@dooz.org>. This also removes the bogus UTF8 char.
(closes: #393895)
-- Jonas Meurer <mejo@debian.org> Wed, 18 Oct 2006 23:03:47 +0200
cryptsetup (2:1.0.4-2) unstable; urgency=medium
[ Jonas Meurer ]
* Fix postinst, use 'elif [ -z $foo] || [ -z $bar ]; then ...'
* Fix a typo in cryptdisks.functions, change $opt to $opts for more
consistency with the postinst script.
* Fix mount_fs() in cryptdisks.functions to actually do what we want it to
do. Up to now, the initscript stopped if a mountpoint failed to mount.
* urgency=medium to get cryptsetup 1.0.4 into etch
-- Jonas Meurer <mejo@debian.org> Tue, 17 Oct 2006 16:16:02 +0200
cryptsetup (2:1.0.4-1) unstable; urgency=low
[ David Härdeman ]
* Always update the current initramfs when a new version is installed
* Move the double-ssl decryption into a keyscript and change the ssl
option to use that script instead
* Move the gpg key decryption into a keyscript and change the gpg
option to use that script instead
* Clean up cryptdisks.functions
* Let initramfs-tools know that we need busybox in the initramfs image
* Fix bogus error message from initramfs hook, based on patch by
Loïc Minier <lool@dooz.org>. (closes: #388871)
* Remove the undocumented kernel boot argument "cryptopts"
* Always add some crypto modules/tools to the initramfs image unless
MODULES=dep. (closes: #389835)
* Update README.initramfs.
* Add checks and warnings that the ssl and gpg options are going away
in favour of the keyscript option
* Fix the decrypt_ssl script (closes: #390514)
[ Jonas Meurer ]
* New upstream release.
- [01_terminal_output.dpatch] removed, finally went upstream
- [02_docs_tries.dpatch] removed, went upstream
- [03_fix_build_error.dpatch] renamed to 01_fix_build_error.dpatch
* Fix SYNOPSIS in crypttab(5) manpage to show all arguments as mandatory.
Thanks to Michael Steinfurth.
* Check in postinst for entries with missing arguments in /etc/crypttab.
Warn is one is found. Thanks to Michael Steinfurth (closes: #388083)
* Fix pretest for encrypted swap. Allow unencrypted swap on the source
device. Thanks to Dennis Furey. (closes: #387158)
* Fix posttest for encrypted swap. Don't skip if a swap filesystem is found
on the target device. Thanks to Sam Couter. (closes: #385317)
* Use 'set -e' and 'if [ -r <file> ]; then ...; fi' in init script. Thanks
to Goswin Brederlow. (closes: #390354)
* change '... > &2' to ... >&2' in cryptdisks.functions
-- Jonas Meurer <mejo@debian.org> Mon, 16 Oct 2006 19:22:41 +0200
cryptsetup (2:1.0.4~rc2-1) unstable; urgency=low
[ Jonas Meurer ]
* Add some more german translations to de.po.
* Add a note to NEWS.Debian where the fix for #376393 is explained. thanks
to Robert Bihlmeyer for the report. (closes: #379719)
* Allow swap filesystems to be overwritten when the swap flag is set. thanks
to Raphaël Quinet for the report. (closes: #379771)
* Update to upstream 1.0.4-rc2. (closes: #378422, #379726, closes: #379723)
* removed patches 03-05, merged upstream.
* [01_terminal_output.dpatch] updated for new upstream.
* [02_docs_tries.dpatch] updated for new upstream, to fix luksDelKey
documentation and to give more information about the keysize.
(closes: #379084)
[ David Härdeman ]
* Make sure that README.initramfs is included in the package (closes
#380048)
* Replace panic calls in cryptsetup script with exit 1 to match the
behaviour of other scripts. The regular initramfs script will panic
later when root isn't detected anyway
* Make all four fields in crypttab mandatory (closes: #370180,
#376941)
* Add UTF8 keyboard input support to initramfs image (closes: #379737)
* Add a keyscript option (closes: #370302, #375913)
* [03_fix_build_error.dpatch] patch po/Makefile with more recent
gettext implementation.
-- Jonas Meurer <mejo@debian.org> Mon, 4 Sep 2006 03:55:35 +0200
cryptsetup (2:1.0.3-3) unstable; urgency=low
[ Jonas Meurer ]
* revert the change that for swap devices the vol_id check is run by
default. if the swap partition is encrypted with a random key, the check
will always fail. thanks to Mika Bostrom <bostik@bostik.iki.fi>
(closes: #371135, #371160, #377434)
* fix the vol_id checkscript to do what it's expected to do.
* add the un_vol_id checkscript, which does the reverse of vol_id.
* use 'check=un_vol_id, checkargs=swap' for swap devices per default.
* added do_close function to cryptdisks.functions, as do_swap needs to use
it. up to now, 'cryptsetup remove' was invoked regardless whether the
device contains a LUKS partition or not. this is fixed now too.
* allow custom check scripts. check only if $CHECK exists in
/lib/cryptsetup/checks/ and use the given value as full path otherwise.
* make precheck for no_luks mandatory, fail if any known filesystem is
found.
* update crypttab manpage to reflect the checksystem changes. added an own
section for check scripts. update the CheckSystem documentation.
* update and simplify the gen-ssl-key script, thanks to Markus Nass
<generalstone@gmx.net>
* move gen-ssl-key, decrypt_ssl and luksformat to debian/scripts in the
source.
* add new directory /lib/cryptsetup/scripts/ for key decryption scripts like
decrypt_ssl and decrypt_gpg.
* add 05_fix_pointer_and_int_comparison.dpatch, fixes compiler warnings on
64bit architectures. Thanks to David Härdeman for the patch.
* revert the order of do_start and do_stop at 'cryptdisks restart'. thanks
to Hans Peter Wiedau <hpw@quelltext.com> for pointing out that silly typo.
(closes: #377591)
[ David Härdeman ]
* Support root-on-crypto-on-lvm in the initramfs scripts without
having to change the root variable (closes: #371846)
* If possible, load correct keymap in the initramfs image before any
password prompts (closes: #376393)
-- Jonas Meurer <mejo@debian.org> Mon, 10 Jul 2006 20:01:02 +0200
cryptsetup (2:1.0.3-2) unstable; urgency=low
[ David Härdeman ] * Add patch by Arjan Oosting <arjanoosting@home.nl) for lvm-on-cryptroot in initramfs scripts (closes: #362564) [ Jonas Meurer ] * install luksformat to /usr/sbin, as it depends on perl (closes: #369923) * use essiv cipher in luksformat, debian 2.6.16 kernels have essiv support compiled in (closes: #369878) * fix cryptsetup output, patch by David Härdeman <david@2gen.com> (closes: #369575) * add new check 'vol_id', which uses /lib/udev/vol_id from udev and supports checks for any known filesystem type. implement a new option checkargs in cryptdisks for that. suggest udev. closes one half of #370302. thanks to Markus Nass and Darvid Härdeman for the suggestion. * always check for a swap partition before running mkswap * updated README.Debian, Checksystem.Doc and crypttab.5.txt accordingly. * drop usage of strings from swap check, as it is in /usr/bin. thanks to Markus Nass.
-- Jonas Meurer <mejo@debian.org> Mon, 5 Jun 2006 18:27:07 +0200
cryptsetup (2:1.0.3-1) unstable; urgency=low
[ Jonas Meurer ]
* new upstream release, 1.0.3 final
- Add alignPayload patch by Peter Palfrader (closes: #358388)
- meaningful exitcodes and password retrying by Johannes Weißl
(closes: #359277)
* add 01_terminal_timeout.dpatch from Andres Salomon <dilinger@debian.org>.
- gets rid of getpass(), which is obsolete according to manpage
- restores the terminal state before doing the timeout (closes: #364153)
* add 02_docs_tries.dpatch, to describe --tries in the cryptsetup manpage.
* add 03_stdin_input.dpatch from David Härdeman <david@2gen.com>,
fixes input from stdin, accepts input with more than 32 characters
(closes: #364529, #365333)
* add 04_status_exit_codes.dpatch from David Härdeman <david@2gen.com>,
fixes the exit codes of 'cryptsetup status'
* provide a cryptsetup-udeb package (closes: #358422)
* remove debian/luksformat.8 in clean target (closes: #358386)
* fix update-rc.d arguments to start cryptdisks in rc0 and rc6.
it is not really started [but stopped], but still the links need to be
named S48cryptdisks. otherwise it will be invoked before umountfs.
* add initramfs cryptroot functionality, thanks to David Härdeman
<david@2gen.com> for the patch (closes: #358452)
* rename /lib/cryptsetup/init_functions to cryptdisks.functions
* move most of /etc/init.d/cryptdisks to cryptdisks.functions.
/etc/init.d/cryptdisks now does not much more than importing
cryptdisks.functions. required for running two seperate cryptdisks
initscripts.
* split the cryptdisks initscript into cryptdisks-early and cryptdisks.
actually both scripts do the same except having slightly different output.
the early script is run before lvm/evms/... are started, and the other one
after they are started. (closes: #363007)
* add support for mount to cryptdisks. this makes it possible to use
keyfiles from removable media. see the crypttab.5 manpage for more
information.
* use upstream cryptsetup tries option instead of the shell code in
cryptdisks. rename cryptdisks 'retry' option to 'tries'.
* document the fact, that the default settings in /etc/default/cryptdisks
take only effect if the relevant option is set without a value in
crypttab. add the environment section to crypttab.5.txt (closes: #364203)
* update the TODO list.
* update crypdisks.default
* run do_swap and do_tmp. Thanks to Riku Voipio <riku.voipio@iki.fi>
(closes: #365633)
* bump Standards-Version to 3.7.2.0, no changes needed
[ David Härdeman ]
* add lvm capabilities to initramfs scripts (closes: #362564)
* add cryptsetup.postinst which executes update-initramfs when
cryptsetup is first installed (not on upgrades)
-- Jonas Meurer <mejo@debian.org> Sat, 13 May 2006 19:45:08 +0200
cryptsetup (2:1.0.2+1.0.3-rc3-1) unstable; urgency=low
[ Jonas Meurer ]
* new upstream release candidate:
- fixes sector size of the temporary mapping (closes: #355156)
- more verbose error logging (closes: #353755, #356288, #258376)
- upstream accepted my patches to the manpage
* fixed spelling error in README.Debian
* removed debian/cryptsetup.sgml, outdated
* ran ispell against doc files in debian/, fixed many typos
* change /usr/share/cryptsetup to /lib/cryptsetup in crypttab.5.txt
(closes: #354910)
* add --build (and maybe even --host) to configure flags, for
cross-compiling
* remove debian/luksformat.8 in clean target
* fix bashism in cryptdisks. thanks to Michal Politowski
<mpol@charybda.icm.edu.pl> (closes: #356484)
* add support for openssl encrypted keys, based on a patch by General Stone
<generalstone@gmx.net> (closes: #350615)
* add some code to support gnupg encrypted keys, some parts are missing.
-- Jonas Meurer <mejo@debian.org> Fri, 17 Mar 2006 00:42:41 +0100
cryptsetup (2:1.0.2+1.0.3-rc2-1) unstable; urgency=low
[ Jonas Meurer ]
* new upstream version 1.0.3-rc2, fixing issues with devmapper
* new upstream version 1.0.3-rc1, doesn't use essiv per default
* new upstream version (1.0.2) released
- add --timeout option for interactive usage
- add --batch-mode option to suppress input verifications
* install local cryptsetup.8 copy instead of the upstream manpage
- mention --readonly as possible option to luksOpen (closes: #353753)
- mention --batch-mode, --timeout, --version
- transform remaining option hyphens from '-' to '\-'
* merged ubuntu patches:
- modify cryptdisks init script to use lsb functions
- add luksformat and a manpage
* removed postinst and postrm, empty scripts
* added a README.Debian and a TODO
* added a NEWS file for Debian, and explain both the upstream transition
from plain cryptsetup to cryptsetup-luks, and the check options for
crypttab.
* install manpages using dh_installman, not with install
* updated CryptoRoot.HowTo, mention /etc/mkinitrd/modules and different
linux-image versions. (closes: #344867)
* removed needless debian/hack
* added debian/watch
* bumped debhelper compat level to 5, add versioned depends on
debhelper (>> 5.0.0)
* update debian/cryptsetup.8 to mention batch-mode and timeout
* updated cryptdisks
- modify init script to use lsb functions, at least where possible
- updated comments for cryptdisks.default
- moved option parsing and setup of loopback devices to seperate functions.
added a new include file /lib/cryptsetup/init_functions with functions
parse_opts, lo_setup, check_key, do_luks, do_noluks, do_swap, do_tmp
- always check for the source device exists before running cryptsetup
- hardcode precheck for LUKS to use 'cryptsetup isLuks'. this is much safer
than allowing other random prechecks, as it manifests that the source
device actually is a LUKS partition.
- don't remove the LUKS device when postcheck fails, as the supplied
password/key is correct anyway.
- use the new 'timeout' commandline option of cryptsetup instead of an
external wrapper
- be silent for not existing devices per default. Implement the loud
option for crypttab to warn if a device does not exist.
- remerge postchecks and prechecks into checks.
- don't disable swap & luks combination, instead disable luks with
/dev/random, /dev/urandom or /dev/hwrandom as key.
- run parse_opts before check_key, to know whether we use luks or not
[ Michael Gebetsroither ]
* converted crypttab.sgml to asciidoc
* added dependencies for asciidoc to manpage conversion
* added developer documentation for a robust checksystem into cryptdisks
-- Jonas Meurer <mejo@debian.org> Sun, 26 Feb 2006 20:04:49 +0100
cryptsetup (2:1.0.1-16) unstable; urgency=low
[ Jonas Meurer ]
* already fixed in 2:1.0.1-14: binaries xor and delay from
usbcrypto.mkinitrd don't exist in debian. replaces with a perl script
and /bin/sleep. thanks to wesley terpstra for the help.
(closes: #324353)
* clean cryptdisks from bashisms (closes: #350360)
* check for /usr/bin/timeout before using it in cryptdisks. First, it's
only available when /usr is mounted, and that is not definitive when
cryptdisks is run at boot time. Second, timeout is a non-essential
debian package, and not neccecarily installed. The usage of
/usr/bin/timeout in any case is only a temporary workaround.
* move /usr/share/cryptsetup to /lib/cryptsetup, as the checks need to be
available at boot time, before local filesystems (like i.e. /usr) are
mounted.
* replace RETRY=`expr $RETRY - 1` with RETRY=$(($RETRY-1)), as expr is in
/usr/bin.
* install init.d script and default file with dh_installinit
(closes: #350548)
* don't build-depend on cvs
-- Jonas Meurer <mejo@debian.org> Mon, 30 Jan 2006 17:54:50 +0100
cryptsetup (2:1.0.1-15) unstable; urgency=low
[ Jonas Meurer ] * rebuilt with -sa, to include the sources into upload
-- Jonas Meurer <mejo@debian.org> Fri, 27 Jan 2006 18:18:46 +0100
cryptsetup (2:1.0.1-14) unstable; urgency=low
[ Jonas Meurer ]
* added a configurable timeout option for interactive password
prompt. set the default timeout to 180 seconds in
/etc/default/cryptdisks, and documented the crypttab option in
the crypttab manpage. (closes: #328961)
* fixed the default "precheck" and "postcheck" options, currently
no useful precheck exists, so no default here.
* removed the dummy cryptsetup-luks package, ftpmaster complains
about it.
[ Michael Gebetsroither ]
* make small fixes to CryptoSwap.HowTo
* added postcheck for swap (closes: #342079)
-- Jonas Meurer <mejo@debian.org> Fri, 27 Jan 2006 12:59:10 +0100
cryptsetup (2:1.0.1-13) unstable; urgency=low
* split the "check" in a "precheck" and a "postcheck" option
- adds the possibility to check the source device before creating the
decrypted target device, useful for things like swap.
-- Jonas Meurer <mejo@debian.org> Sun, 22 Jan 2006 21:24:06 +0100
cryptsetup (2:1.0.1-12) unstable; urgency=low
* correctly parse options in cryptdisks (closes: #304399) * remove the moduledir /usr/lib/cryptsetup from the deb, it's empty anyway (closes: #334648) * replace /usr/local/bin/delay with /bin/sleep in usbcrypto.mkinitrd * cosmetical changes to /etc/crypttab * add "check" and "retry" options to cryptdisks script, thanks to A Mennucc <debdev@mennucci.sns.it>. (closes: #290626)
-- Jonas Meurer <mejo@debian.org> Sun, 22 Jan 2006 19:46:18 +0100
cryptsetup (2:1.0.1-11) unstable; urgency=low
* include sources although the debian revision is not -1
-- Jonas Meurer <mejo@debian.org> Sun, 22 Jan 2006 16:35:12 +0100
cryptsetup (2:1.0.1-10) unstable; urgency=low
* introduce an epoch to make upgrade happen
-- Jonas Meurer <mejo@debian.org> Sun, 22 Jan 2006 09:02:47 +0100
cryptsetup (1.0.1-9) unstable; urgency=low
* rename the package to cryptsetup, provide a dummy cryptsetup-luks package * initial upload to debian
-- Jonas Meurer <mejo@debian.org> Sun, 22 Jan 2006 08:06:25 +0100
cryptsetup-luks (1.0.1-8) unstable; urgency=low
* use upstream tarball as orig.tar.gz and keep debian changes in diff.gz
* change to use dpatch
* adjust build environment to work with upstream sources, and without
autogen.sh
* merge fixes for debian scripts from cryptsetup.
* keep cryptsetup manpage untouched, as merging cryptsetup and
cryptsetup-luks manpages is rather complex.
* set mandir to /usr/share/man for configure
* add a lintian-override file
-- Jonas Meurer <mejo@debian.org> Sun, 22 Jan 2006 06:48:30 +0100
cryptsetup-luks (1.0.1-7) unstable; urgency=high
* make cryptsetup create work again (patch for lib/libdevmapper.c)
-- Michael Gebetsroither <michael.geb@gmx.at> Sat, 21 Jan 2006 14:39:36 +0100
cryptsetup-luks (1.0.1-6) unstable; urgency=low
* recompile for new libdevmapper
-- Michael Gebetsroither <michael.geb@gmx.at> Tue, 10 Jan 2006 15:10:17 +0100
2005
cryptsetup-luks (1.0.1-5) unstable; urgency=low
* improved documentation for /etc/crypttab
-- Michael Gebetsroither <michael.geb@gmx.at> Mon, 7 Nov 2005 17:05:20 +0100
cryptsetup-luks (1.0.1-4) unstable; urgency=low
* added luks option for /etc/crypttab (thx to Fabian Thorns
<fabian@thorns.it> for the initial patch)
-- Michael Gebetsroither <michael.geb@gmx.at> Thu, 3 Nov 2005 19:22:59 +0100
cryptsetup-luks (1.0.1-3) unstable; urgency=low
* completly switched to luks upstream
-- Michael Gebetsroither <michael.geb@gmx.at> Thu, 11 Aug 2005 22:14:16 +0200
cryptsetup-luks (1.0.1-2) unstable; urgency=low
* fixed build dependencies
-- Michael Gebetsroither <michael.geb@gmx.at> Mon, 20 Jun 2005 22:30:38 +0200
cryptsetup-luks (1.0.1-1) unstable; urgency=low
* synced with luks upstream
-- Michael Gebetsroither <michael.geb@gmx.at> Mon, 20 Jun 2005 16:22:53 +0200
cryptsetup-luks (1.0-5) unstable; urgency=low
* fixed a small typo in the manpage
-- Michael Gebetsroither <michael.geb@gmx.at> Sat, 23 Apr 2005 11:06:31 +0200
cryptsetup-luks (1.0-4) unstable; urgency=low
* cleand source-tree for submitting a wishlist report into debian BTS
-- Michael Gebetsroither <michael.geb@gmx.at> Tue, 19 Apr 2005 18:44:13 +0200
cryptsetup-luks (1.0-3) unstable; urgency=low
* updatet dependencies (libdevmapper1.00 => libdevmapper1.01)
-- Michael Gebetsroither <michael.geb@gmx.at> Tue, 19 Apr 2005 13:51:10 +0200
cryptsetup-luks (1.0-2) unstable; urgency=low
* replaced original debian cryptsetup manpage with manpage from
cryptsetup-luks
-- Michael Gebetsroither <michael.geb@gmx.at> Sun, 3 Apr 2005 13:33:55 +0200
cryptsetup-luks (1.0-1) unstable; urgency=low
* new upstream release
-- Michael Gebetsroither <michael.geb@gmx.at> Sat, 2 Apr 2005 23:29:43 +0200
cryptsetup-luks (0.993-3) unstable; urgency=low
* fixed dependencis
-- Michael Gebetsroither <michael.geb@gmx.at> Sun, 13 Feb 2005 01:28:11 +0100
cryptsetup-luks (0.993-2) unstable; urgency=low
* fixed a few source problems * fixed post/pre install scripts
-- Michael Gebetsroither <michael.geb@gmx.at> Sat, 12 Feb 2005 16:18:07 +0100
cryptsetup-luks (0.993-1) unstable; urgency=low
* synced with luks upstream
-- Michael Gebetsroither <michael.geb@gmx.at> Sat, 12 Feb 2005 15:50:21 +0100
cryptsetup-luks (0.992-5) unstable; urgency=low
* fixed a few problems in den debian source package
-- Michael Gebetsroither <michael.geb@gmx.at> Sat, 12 Feb 2005 04:22:30 +0100
cryptsetup-luks (0.992-4) unstable; urgency=low
* debianized the package * cleand up build system
-- Michael Gebetsroither <michael.geb@gmx.at> Sat, 12 Feb 2005 00:12:43 +0100
cryptsetup-luks (0.992-3) unstable; urgency=low
* Fixed typo
-- Michael Gebetsroither <michael.geb@gmx.at> Fri, 11 Feb 2005 18:38:42 +0100
cryptsetup-luks (0.992-2) unstable; urgency=low
* Added note within description
-- Michael Gebetsroither <michael.geb@gmx.at> Fri, 11 Feb 2005 18:21:03 +0100
cryptsetup-luks (0.992-1) unstable; urgency=low
* "integrated LUKS" support (very messy hack)
-- Michael Gebetsroither <michael.geb@gmx.at> Thu, 10 Feb 2005 18:16:21 +0100