On Mon, Jan 08, 2024 at 02:56:16PM +0100, Helmut Grohne wrote: > I've done a similar conversion for molly-guard/systemd and have prepared > patches for cryptsetup-nuke-password and cryptsetup. Notably:
I actually forgot to attach the patches (thanks Raphael), so here go the patches. What I also forgot to mention is that I applied quite some testing. You cannot test these patches with piuparts, because they need to be upgraded in lockstep, so I wrote a kind of mini-piuparts based on debhelper that specifically validates all kinds of upgrades and checks for correct diversions. Also attaching the tests. Hope this is good to upload now. Helmut
diff --minimal -Nru cryptsetup-2.6.1/debian/changelog cryptsetup-2.6.1/debian/changelog --- cryptsetup-2.6.1/debian/changelog 2023-12-05 17:48:58.000000000 +0100 +++ cryptsetup-2.6.1/debian/changelog 2024-01-05 18:56:40.000000000 +0100 @@ -1,3 +1,10 @@ +cryptsetup (2:2.6.1-6.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * DEP17: Move fles to /usr. (Closes: #-1) + + -- Helmut Grohne <hel...@subdivi.de> Fri, 05 Jan 2024 18:56:40 +0100 + cryptsetup (2:2.6.1-6) unstable; urgency=medium [ Kevin Locke ] diff --minimal -Nru cryptsetup-2.6.1/debian/control cryptsetup-2.6.1/debian/control --- cryptsetup-2.6.1/debian/control 2023-12-05 17:48:58.000000000 +0100 +++ cryptsetup-2.6.1/debian/control 2024-01-05 18:56:40.000000000 +0100 @@ -63,6 +63,7 @@ Architecture: linux-any Multi-Arch: foreign Depends: ${misc:Depends}, ${shlibs:Depends} +Conflicts: cryptsetup-nuke-password (<< 4+nmu2~) Description: disk encryption support - command line tools Cryptsetup provides an interface for configuring encryption on block devices (such as /home or swap partitions), using the Linux kernel diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-bin.install cryptsetup-2.6.1/debian/cryptsetup-bin.install --- cryptsetup-2.6.1/debian/cryptsetup-bin.install 2023-12-05 17:48:58.000000000 +0100 +++ cryptsetup-2.6.1/debian/cryptsetup-bin.install 2024-01-05 18:56:40.000000000 +0100 @@ -1,5 +1,5 @@ -sbin/cryptsetup -sbin/integritysetup -sbin/veritysetup +usr/sbin/cryptsetup +usr/sbin/integritysetup +usr/sbin/veritysetup usr/lib/tmpfiles.d/cryptsetup.conf usr/share/locale/*/*/* diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-ssh.install cryptsetup-2.6.1/debian/cryptsetup-ssh.install --- cryptsetup-2.6.1/debian/cryptsetup-ssh.install 2023-12-05 17:48:58.000000000 +0100 +++ cryptsetup-2.6.1/debian/cryptsetup-ssh.install 2024-01-05 18:56:40.000000000 +0100 @@ -1,2 +1,2 @@ -lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.so -sbin/cryptsetup-ssh +usr/lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.so +usr/sbin/cryptsetup-ssh diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-suspend.install cryptsetup-2.6.1/debian/cryptsetup-suspend.install --- cryptsetup-2.6.1/debian/cryptsetup-suspend.install 2023-12-05 17:48:58.000000000 +0100 +++ cryptsetup-2.6.1/debian/cryptsetup-suspend.install 2024-01-05 18:56:40.000000000 +0100 @@ -1,5 +1,5 @@ -debian/scripts/suspend/cryptsetup-suspend /lib/cryptsetup/scripts/suspend/ -debian/scripts/suspend/cryptsetup-suspend-wrapper /lib/cryptsetup/scripts/suspend/ -debian/scripts/suspend/cryptsetup-suspend.shutdown /lib/systemd/system-shutdown/ +debian/scripts/suspend/cryptsetup-suspend /usr/lib/cryptsetup/scripts/suspend/ +debian/scripts/suspend/cryptsetup-suspend-wrapper /usr/lib/cryptsetup/scripts/suspend/ +debian/scripts/suspend/cryptsetup-suspend.shutdown /usr/lib/systemd/system-shutdown/ debian/scripts/suspend/suspend.conf /etc/cryptsetup/ -debian/scripts/suspend/systemd/cryptsetup-suspend.conf /lib/systemd/system/systemd-suspend.service.d/ +debian/scripts/suspend/systemd/cryptsetup-suspend.conf /usr/lib/systemd/system/systemd-suspend.service.d/ diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-udeb.install cryptsetup-2.6.1/debian/cryptsetup-udeb.install --- cryptsetup-2.6.1/debian/cryptsetup-udeb.install 2023-12-05 17:48:58.000000000 +0100 +++ cryptsetup-2.6.1/debian/cryptsetup-udeb.install 2024-01-05 18:56:40.000000000 +0100 @@ -1,7 +1,7 @@ -debian/askpass /lib/cryptsetup/ -debian/checks/* /lib/cryptsetup/checks/ -debian/cryptdisks-functions /lib/cryptsetup/ -debian/functions /lib/cryptsetup/ -debian/scripts/decrypt_* /lib/cryptsetup/scripts/ -debian/scripts/passdev /lib/cryptsetup/scripts/ -sbin/cryptsetup +debian/askpass /usr/lib/cryptsetup/ +debian/checks/* /usr/lib/cryptsetup/checks/ +debian/cryptdisks-functions /usr/lib/cryptsetup/ +debian/functions /usr/lib/cryptsetup/ +debian/scripts/decrypt_* /usr/lib/cryptsetup/scripts/ +debian/scripts/passdev /usr/lib/cryptsetup/scripts/ +usr/sbin/cryptsetup diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup.install cryptsetup-2.6.1/debian/cryptsetup.install --- cryptsetup-2.6.1/debian/cryptsetup.install 2023-12-05 17:48:58.000000000 +0100 +++ cryptsetup-2.6.1/debian/cryptsetup.install 2024-01-05 18:56:40.000000000 +0100 @@ -1,9 +1,9 @@ -debian/askpass /lib/cryptsetup/ +debian/askpass /usr/lib/cryptsetup/ debian/bash_completion/cryptdisks_start /usr/share/bash-completion/completions/ -debian/checks/* /lib/cryptsetup/checks/ -debian/cryptdisks-functions /lib/cryptsetup/ -debian/functions /lib/cryptsetup/ -debian/scripts/cryptdisks_* /sbin/ -debian/scripts/decrypt_* /lib/cryptsetup/scripts/ +debian/checks/* /usr/lib/cryptsetup/checks/ +debian/cryptdisks-functions /usr/lib/cryptsetup/ +debian/functions /usr/lib/cryptsetup/ +debian/scripts/cryptdisks_* /usr/sbin/ +debian/scripts/decrypt_* /usr/lib/cryptsetup/scripts/ debian/scripts/luksformat /usr/sbin/ -debian/scripts/passdev /lib/cryptsetup/scripts/ +debian/scripts/passdev /usr/lib/cryptsetup/scripts/ diff --minimal -Nru cryptsetup-2.6.1/debian/libcryptsetup-dev.install cryptsetup-2.6.1/debian/libcryptsetup-dev.install --- cryptsetup-2.6.1/debian/libcryptsetup-dev.install 2023-12-05 17:48:58.000000000 +0100 +++ cryptsetup-2.6.1/debian/libcryptsetup-dev.install 2024-01-05 18:56:40.000000000 +0100 @@ -1,3 +1,3 @@ -lib/${DEB_HOST_MULTIARCH}/*.so -lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc /usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/ +usr/lib/${DEB_HOST_MULTIARCH}/*.so +usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc usr/include/*.h diff --minimal -Nru cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install --- cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install 2023-12-05 17:48:58.000000000 +0100 +++ cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install 2024-01-05 18:56:40.000000000 +0100 @@ -1 +1 @@ -lib/${DEB_HOST_MULTIARCH}/*.so.* +usr/lib/${DEB_HOST_MULTIARCH}/*.so.* diff --minimal -Nru cryptsetup-2.6.1/debian/libcryptsetup12.install cryptsetup-2.6.1/debian/libcryptsetup12.install --- cryptsetup-2.6.1/debian/libcryptsetup12.install 2023-12-05 17:48:58.000000000 +0100 +++ cryptsetup-2.6.1/debian/libcryptsetup12.install 2024-01-05 18:56:40.000000000 +0100 @@ -1 +1 @@ -lib/${DEB_HOST_MULTIARCH}/*.so.* +usr/lib/${DEB_HOST_MULTIARCH}/*.so.* diff --minimal -Nru cryptsetup-2.6.1/debian/not-installed cryptsetup-2.6.1/debian/not-installed --- cryptsetup-2.6.1/debian/not-installed 2023-12-05 17:48:58.000000000 +0100 +++ cryptsetup-2.6.1/debian/not-installed 2024-01-05 18:56:40.000000000 +0100 @@ -1,2 +1,2 @@ -lib/${DEB_HOST_MULTIARCH}/libcryptsetup.la -lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.la +usr/lib/${DEB_HOST_MULTIARCH}/libcryptsetup.la +usr/lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.la diff --minimal -Nru cryptsetup-2.6.1/debian/rules cryptsetup-2.6.1/debian/rules --- cryptsetup-2.6.1/debian/rules 2023-12-05 17:48:58.000000000 +0100 +++ cryptsetup-2.6.1/debian/rules 2024-01-05 18:56:40.000000000 +0100 @@ -24,8 +24,6 @@ override_dh_auto_configure: dh_auto_configure -- $(CONFFLAGS) \ - --libdir=/lib/$(DEB_HOST_MULTIARCH) \ - --sbindir=/sbin \ --with-tmpfilesdir=/usr/lib/tmpfiles.d \ --enable-libargon2 \ --enable-shared \ @@ -85,13 +83,13 @@ dh_bugfiles -A execute_after_dh_fixperms-arch: - chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/* - chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_* - chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper - chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown + chmod 0755 debian/cryptsetup/usr/lib/cryptsetup/checks/* + chmod 0755 debian/cryptsetup/usr/lib/cryptsetup/scripts/decrypt_* + chmod 0755 debian/cryptsetup-suspend/usr/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper + chmod 0755 debian/cryptsetup-suspend/usr/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES))) - chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/* - chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_* + chmod 0755 debian/cryptsetup-udeb/usr/lib/cryptsetup/checks/* + chmod 0755 debian/cryptsetup-udeb/usr/lib/cryptsetup/scripts/decrypt_* endif execute_after_dh_fixperms-indep:
diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/Makefile cryptsetup-nuke-password-4+nmu2/Makefile --- cryptsetup-nuke-password-4+nmu1/Makefile 2023-06-20 03:55:03.000000000 +0200 +++ cryptsetup-nuke-password-4+nmu2/Makefile 2024-01-05 18:25:54.000000000 +0100 @@ -13,8 +13,8 @@ rm -f $(EXECUTABLES) install: $(EXECUTABLES) - mkdir -p $(DESTDIR)/lib/cryptsetup - cp askpass $(DESTDIR)/lib/cryptsetup/ + mkdir -p $(DESTDIR)/usr/lib/cryptsetup + cp askpass $(DESTDIR)/usr/lib/cryptsetup/ mkdir -p $(DESTDIR)/usr/share/initramfs-tools/hooks/ cp hooks/* $(DESTDIR)/usr/share/initramfs-tools/hooks/ diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/debian/changelog cryptsetup-nuke-password-4+nmu2/debian/changelog --- cryptsetup-nuke-password-4+nmu1/debian/changelog 2023-06-20 04:00:28.000000000 +0200 +++ cryptsetup-nuke-password-4+nmu2/debian/changelog 2024-01-05 18:53:10.000000000 +0100 @@ -1,3 +1,12 @@ +cryptsetup-nuke-password (4+nmu2) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Upgrade cryptsetup-bin dependency to cryptsetup, as that contains askpass. + * DEP17: Move files to /usr (M2) and mitigate file loss with diverions (P7). + (Closes: #-1) + + -- Helmut Grohne <hel...@subdivi.de> Fri, 05 Jan 2024 18:53:10 +0100 + cryptsetup-nuke-password (4+nmu1) unstable; urgency=medium * Non-maintainer upload. diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/debian/control cryptsetup-nuke-password-4+nmu2/debian/control --- cryptsetup-nuke-password-4+nmu1/debian/control 2023-06-20 04:00:28.000000000 +0200 +++ cryptsetup-nuke-password-4+nmu2/debian/control 2024-01-05 18:53:10.000000000 +0100 @@ -11,7 +11,7 @@ Package: cryptsetup-nuke-password Architecture: any -Depends: cryptsetup-bin, ${shlibs:Depends}, ${misc:Depends} +Depends: cryptsetup (>= 2:2.6.1-6.1~), ${shlibs:Depends}, ${misc:Depends} Enhances: cryptsetup-initramfs Description: Erase the LUKS keys with a special password on the unlock prompt Installing this package lets you configure a special "nuke password" that diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.lintian-overrides cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.lintian-overrides --- cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.lintian-overrides 1970-01-01 01:00:00.000000000 +0100 +++ cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.lintian-overrides 2024-01-05 18:53:10.000000000 +0100 @@ -0,0 +1,2 @@ +# DEP17 P7 M18 +cryptsetup-nuke-password: diversion-for-unknown-file lib/cryptsetup/askpass [preinst:*] diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.postinst cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.postinst --- cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.postinst 2023-06-20 03:55:03.000000000 +0200 +++ cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.postinst 2024-01-05 18:52:12.000000000 +0100 @@ -50,6 +50,12 @@ } configure_nuke_password() { + if test "$(dpkg-divert --truename /lib/cryptsetup/askpass)" != /lib/cryptsetup/askpass; then + dpkg-divert --no-rename --package cryptsetup-nuke-password \ + --divert /lib/cryptsetup/askpass.cryptsetup.usr-is-merged \ + --remove /lib/cryptsetup/askpass + fi + db_get cryptsetup-nuke-password/already-configured || true what="$RET" diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.postrm cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.postrm --- cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.postrm 2023-06-20 03:55:03.000000000 +0200 +++ cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.postrm 2024-01-05 18:52:33.000000000 +0100 @@ -4,8 +4,8 @@ if [ "$1" = "remove" ]; then dpkg-divert --rename --package cryptsetup-nuke-password \ - --divert /lib/cryptsetup/askpass.cryptsetup \ - --remove /lib/cryptsetup/askpass + --divert /usr/lib/cryptsetup/askpass.cryptsetup \ + --remove /usr/lib/cryptsetup/askpass elif [ "$1" = "purge" ]; then rm -rf /etc/cryptsetup-nuke-password fi diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.preinst cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.preinst --- cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.preinst 2023-06-20 03:55:03.000000000 +0200 +++ cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.preinst 2024-01-05 18:53:10.000000000 +0100 @@ -4,8 +4,26 @@ if [ "$1" = "install" ]; then dpkg-divert --rename --package cryptsetup-nuke-password \ - --divert /lib/cryptsetup/askpass.cryptsetup \ + --divert /usr/lib/cryptsetup/askpass.cryptsetup \ + --add /usr/lib/cryptsetup/askpass + dpkg-divert --rename --package cryptsetup-nuke-password \ + --divert /lib/cryptsetup/askpass.cryptsetup.usr-is-merged \ --add /lib/cryptsetup/askpass +elif [ "$1" = "upgrade" ]; then + if test "$(dpkg-divert --truename /usr/lib/cryptsetup/askpass)" != /usr/lib/cryptsetup/askpass.cryptsetup; then + dpkg-divert --no-rename --package cryptsetup-nuke-password \ + --divert /usr/lib/cryptsetup/askpass.cryptsetup \ + --add /usr/lib/cryptsetup/askpass + TRUENAME=$(dpkg-divert --truename /lib/cryptsetup/askpass) + dpkg-divert --no-rename --package cryptsetup-nuke-password \ + --remove /lib/cryptsetup/askpass + dpkg-divert --no-rename --package cryptsetup-nuke-password \ + --divert /lib/cryptsetup/askpass.cryptsetup.usr-is-merged \ + --add /lib/cryptsetup/askpass + if test -e "$TRUENAME"; then + mv "$TRUENAME" /lib/cryptsetup/askpass.cryptsetup.usr-is-merged + fi + fi fi #DEBHELPER#
testcase.sh
Description: Bourne shell script
TESTS= \ -_divertee \ -_divertee-diverter \ divertee_divertee \ divertee_diverter-divertee \ diverter-divertee_diverter-divertee \ diverter-divertee_rmdiverter-divertee \ diverter-divertee_divertee \ newdivertee_diverter \ newdivertee_rmdivertee \ newdivertee-newdiverter_rmdiverter \ newdivertee-newdiverter_rmdiverter-rmdivertee \ all: $(foreach t,$(TESTS),testout/$(t)) testout/%: ./testcase.sh "$(firstword $(subst _, ,$*))" "$(lastword $(subst _, ,$*))" >"$@" 2>&1; echo $$? >> "$@"