On Mon, Jan 08, 2024 at 02:56:16PM +0100, Helmut Grohne wrote: > I've done a similar conversion for molly-guard/systemd and have prepared > patches for cryptsetup-nuke-password and cryptsetup. Notably:
I actually forgot to attach the patches (thanks Raphael), so here go the patches. What I also forgot to mention is that I applied quite some testing. You cannot test these patches with piuparts, because they need to be upgraded in lockstep, so I wrote a kind of mini-piuparts based on debhelper that specifically validates all kinds of upgrades and checks for correct diversions. Also attaching the tests. Hope this is good to upload now. Helmut
diff --minimal -Nru cryptsetup-2.6.1/debian/changelog
cryptsetup-2.6.1/debian/changelog
--- cryptsetup-2.6.1/debian/changelog 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/changelog 2024-01-05 18:56:40.000000000 +0100
@@ -1,3 +1,10 @@
+cryptsetup (2:2.6.1-6.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * DEP17: Move fles to /usr. (Closes: #-1)
+
+ -- Helmut Grohne <hel...@subdivi.de> Fri, 05 Jan 2024 18:56:40 +0100
+
cryptsetup (2:2.6.1-6) unstable; urgency=medium
[ Kevin Locke ]
diff --minimal -Nru cryptsetup-2.6.1/debian/control
cryptsetup-2.6.1/debian/control
--- cryptsetup-2.6.1/debian/control 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/control 2024-01-05 18:56:40.000000000 +0100
@@ -63,6 +63,7 @@
Architecture: linux-any
Multi-Arch: foreign
Depends: ${misc:Depends}, ${shlibs:Depends}
+Conflicts: cryptsetup-nuke-password (<< 4+nmu2~)
Description: disk encryption support - command line tools
Cryptsetup provides an interface for configuring encryption on block
devices (such as /home or swap partitions), using the Linux kernel
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-bin.install
cryptsetup-2.6.1/debian/cryptsetup-bin.install
--- cryptsetup-2.6.1/debian/cryptsetup-bin.install 2023-12-05
17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup-bin.install 2024-01-05
18:56:40.000000000 +0100
@@ -1,5 +1,5 @@
-sbin/cryptsetup
-sbin/integritysetup
-sbin/veritysetup
+usr/sbin/cryptsetup
+usr/sbin/integritysetup
+usr/sbin/veritysetup
usr/lib/tmpfiles.d/cryptsetup.conf
usr/share/locale/*/*/*
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-ssh.install
cryptsetup-2.6.1/debian/cryptsetup-ssh.install
--- cryptsetup-2.6.1/debian/cryptsetup-ssh.install 2023-12-05
17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup-ssh.install 2024-01-05
18:56:40.000000000 +0100
@@ -1,2 +1,2 @@
-lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.so
-sbin/cryptsetup-ssh
+usr/lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.so
+usr/sbin/cryptsetup-ssh
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-suspend.install
cryptsetup-2.6.1/debian/cryptsetup-suspend.install
--- cryptsetup-2.6.1/debian/cryptsetup-suspend.install 2023-12-05
17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup-suspend.install 2024-01-05
18:56:40.000000000 +0100
@@ -1,5 +1,5 @@
-debian/scripts/suspend/cryptsetup-suspend /lib/cryptsetup/scripts/suspend/
-debian/scripts/suspend/cryptsetup-suspend-wrapper
/lib/cryptsetup/scripts/suspend/
-debian/scripts/suspend/cryptsetup-suspend.shutdown
/lib/systemd/system-shutdown/
+debian/scripts/suspend/cryptsetup-suspend /usr/lib/cryptsetup/scripts/suspend/
+debian/scripts/suspend/cryptsetup-suspend-wrapper
/usr/lib/cryptsetup/scripts/suspend/
+debian/scripts/suspend/cryptsetup-suspend.shutdown
/usr/lib/systemd/system-shutdown/
debian/scripts/suspend/suspend.conf /etc/cryptsetup/
-debian/scripts/suspend/systemd/cryptsetup-suspend.conf
/lib/systemd/system/systemd-suspend.service.d/
+debian/scripts/suspend/systemd/cryptsetup-suspend.conf
/usr/lib/systemd/system/systemd-suspend.service.d/
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-udeb.install
cryptsetup-2.6.1/debian/cryptsetup-udeb.install
--- cryptsetup-2.6.1/debian/cryptsetup-udeb.install 2023-12-05
17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup-udeb.install 2024-01-05
18:56:40.000000000 +0100
@@ -1,7 +1,7 @@
-debian/askpass /lib/cryptsetup/
-debian/checks/* /lib/cryptsetup/checks/
-debian/cryptdisks-functions /lib/cryptsetup/
-debian/functions /lib/cryptsetup/
-debian/scripts/decrypt_* /lib/cryptsetup/scripts/
-debian/scripts/passdev /lib/cryptsetup/scripts/
-sbin/cryptsetup
+debian/askpass /usr/lib/cryptsetup/
+debian/checks/* /usr/lib/cryptsetup/checks/
+debian/cryptdisks-functions /usr/lib/cryptsetup/
+debian/functions /usr/lib/cryptsetup/
+debian/scripts/decrypt_* /usr/lib/cryptsetup/scripts/
+debian/scripts/passdev /usr/lib/cryptsetup/scripts/
+usr/sbin/cryptsetup
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup.install
cryptsetup-2.6.1/debian/cryptsetup.install
--- cryptsetup-2.6.1/debian/cryptsetup.install 2023-12-05 17:48:58.000000000
+0100
+++ cryptsetup-2.6.1/debian/cryptsetup.install 2024-01-05 18:56:40.000000000
+0100
@@ -1,9 +1,9 @@
-debian/askpass /lib/cryptsetup/
+debian/askpass /usr/lib/cryptsetup/
debian/bash_completion/cryptdisks_start /usr/share/bash-completion/completions/
-debian/checks/* /lib/cryptsetup/checks/
-debian/cryptdisks-functions /lib/cryptsetup/
-debian/functions /lib/cryptsetup/
-debian/scripts/cryptdisks_* /sbin/
-debian/scripts/decrypt_* /lib/cryptsetup/scripts/
+debian/checks/* /usr/lib/cryptsetup/checks/
+debian/cryptdisks-functions /usr/lib/cryptsetup/
+debian/functions /usr/lib/cryptsetup/
+debian/scripts/cryptdisks_* /usr/sbin/
+debian/scripts/decrypt_* /usr/lib/cryptsetup/scripts/
debian/scripts/luksformat /usr/sbin/
-debian/scripts/passdev /lib/cryptsetup/scripts/
+debian/scripts/passdev /usr/lib/cryptsetup/scripts/
diff --minimal -Nru cryptsetup-2.6.1/debian/libcryptsetup-dev.install
cryptsetup-2.6.1/debian/libcryptsetup-dev.install
--- cryptsetup-2.6.1/debian/libcryptsetup-dev.install 2023-12-05
17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/libcryptsetup-dev.install 2024-01-05
18:56:40.000000000 +0100
@@ -1,3 +1,3 @@
-lib/${DEB_HOST_MULTIARCH}/*.so
-lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc
/usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/
+usr/lib/${DEB_HOST_MULTIARCH}/*.so
+usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc
usr/include/*.h
diff --minimal -Nru cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install
cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install
--- cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install 2023-12-05
17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install 2024-01-05
18:56:40.000000000 +0100
@@ -1 +1 @@
-lib/${DEB_HOST_MULTIARCH}/*.so.*
+usr/lib/${DEB_HOST_MULTIARCH}/*.so.*
diff --minimal -Nru cryptsetup-2.6.1/debian/libcryptsetup12.install
cryptsetup-2.6.1/debian/libcryptsetup12.install
--- cryptsetup-2.6.1/debian/libcryptsetup12.install 2023-12-05
17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/libcryptsetup12.install 2024-01-05
18:56:40.000000000 +0100
@@ -1 +1 @@
-lib/${DEB_HOST_MULTIARCH}/*.so.*
+usr/lib/${DEB_HOST_MULTIARCH}/*.so.*
diff --minimal -Nru cryptsetup-2.6.1/debian/not-installed
cryptsetup-2.6.1/debian/not-installed
--- cryptsetup-2.6.1/debian/not-installed 2023-12-05 17:48:58.000000000
+0100
+++ cryptsetup-2.6.1/debian/not-installed 2024-01-05 18:56:40.000000000
+0100
@@ -1,2 +1,2 @@
-lib/${DEB_HOST_MULTIARCH}/libcryptsetup.la
-lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.la
+usr/lib/${DEB_HOST_MULTIARCH}/libcryptsetup.la
+usr/lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.la
diff --minimal -Nru cryptsetup-2.6.1/debian/rules cryptsetup-2.6.1/debian/rules
--- cryptsetup-2.6.1/debian/rules 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/rules 2024-01-05 18:56:40.000000000 +0100
@@ -24,8 +24,6 @@
override_dh_auto_configure:
dh_auto_configure -- $(CONFFLAGS) \
- --libdir=/lib/$(DEB_HOST_MULTIARCH) \
- --sbindir=/sbin \
--with-tmpfilesdir=/usr/lib/tmpfiles.d \
--enable-libargon2 \
--enable-shared \
@@ -85,13 +83,13 @@
dh_bugfiles -A
execute_after_dh_fixperms-arch:
- chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/*
- chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_*
- chmod 0755
debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
- chmod 0755
debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
+ chmod 0755 debian/cryptsetup/usr/lib/cryptsetup/checks/*
+ chmod 0755 debian/cryptsetup/usr/lib/cryptsetup/scripts/decrypt_*
+ chmod 0755
debian/cryptsetup-suspend/usr/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
+ chmod 0755
debian/cryptsetup-suspend/usr/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES)))
- chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/*
- chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_*
+ chmod 0755 debian/cryptsetup-udeb/usr/lib/cryptsetup/checks/*
+ chmod 0755 debian/cryptsetup-udeb/usr/lib/cryptsetup/scripts/decrypt_*
endif
execute_after_dh_fixperms-indep:
diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/Makefile
cryptsetup-nuke-password-4+nmu2/Makefile
--- cryptsetup-nuke-password-4+nmu1/Makefile 2023-06-20 03:55:03.000000000
+0200
+++ cryptsetup-nuke-password-4+nmu2/Makefile 2024-01-05 18:25:54.000000000
+0100
@@ -13,8 +13,8 @@
rm -f $(EXECUTABLES)
install: $(EXECUTABLES)
- mkdir -p $(DESTDIR)/lib/cryptsetup
- cp askpass $(DESTDIR)/lib/cryptsetup/
+ mkdir -p $(DESTDIR)/usr/lib/cryptsetup
+ cp askpass $(DESTDIR)/usr/lib/cryptsetup/
mkdir -p $(DESTDIR)/usr/share/initramfs-tools/hooks/
cp hooks/* $(DESTDIR)/usr/share/initramfs-tools/hooks/
diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/debian/changelog
cryptsetup-nuke-password-4+nmu2/debian/changelog
--- cryptsetup-nuke-password-4+nmu1/debian/changelog 2023-06-20
04:00:28.000000000 +0200
+++ cryptsetup-nuke-password-4+nmu2/debian/changelog 2024-01-05
18:53:10.000000000 +0100
@@ -1,3 +1,12 @@
+cryptsetup-nuke-password (4+nmu2) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Upgrade cryptsetup-bin dependency to cryptsetup, as that contains askpass.
+ * DEP17: Move files to /usr (M2) and mitigate file loss with diverions (P7).
+ (Closes: #-1)
+
+ -- Helmut Grohne <hel...@subdivi.de> Fri, 05 Jan 2024 18:53:10 +0100
+
cryptsetup-nuke-password (4+nmu1) unstable; urgency=medium
* Non-maintainer upload.
diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/debian/control
cryptsetup-nuke-password-4+nmu2/debian/control
--- cryptsetup-nuke-password-4+nmu1/debian/control 2023-06-20
04:00:28.000000000 +0200
+++ cryptsetup-nuke-password-4+nmu2/debian/control 2024-01-05
18:53:10.000000000 +0100
@@ -11,7 +11,7 @@
Package: cryptsetup-nuke-password
Architecture: any
-Depends: cryptsetup-bin, ${shlibs:Depends}, ${misc:Depends}
+Depends: cryptsetup (>= 2:2.6.1-6.1~), ${shlibs:Depends}, ${misc:Depends}
Enhances: cryptsetup-initramfs
Description: Erase the LUKS keys with a special password on the unlock prompt
Installing this package lets you configure a special "nuke password" that
diff --minimal -Nru
cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.lintian-overrides
cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.lintian-overrides
---
cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.lintian-overrides
1970-01-01 01:00:00.000000000 +0100
+++
cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.lintian-overrides
2024-01-05 18:53:10.000000000 +0100
@@ -0,0 +1,2 @@
+# DEP17 P7 M18
+cryptsetup-nuke-password: diversion-for-unknown-file lib/cryptsetup/askpass
[preinst:*]
diff --minimal -Nru
cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.postinst
cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.postinst
--- cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.postinst
2023-06-20 03:55:03.000000000 +0200
+++ cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.postinst
2024-01-05 18:52:12.000000000 +0100
@@ -50,6 +50,12 @@
}
configure_nuke_password() {
+ if test "$(dpkg-divert --truename /lib/cryptsetup/askpass)" !=
/lib/cryptsetup/askpass; then
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --divert /lib/cryptsetup/askpass.cryptsetup.usr-is-merged \
+ --remove /lib/cryptsetup/askpass
+ fi
+
db_get cryptsetup-nuke-password/already-configured || true
what="$RET"
diff --minimal -Nru
cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.postrm
cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.postrm
--- cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.postrm
2023-06-20 03:55:03.000000000 +0200
+++ cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.postrm
2024-01-05 18:52:33.000000000 +0100
@@ -4,8 +4,8 @@
if [ "$1" = "remove" ]; then
dpkg-divert --rename --package cryptsetup-nuke-password \
- --divert /lib/cryptsetup/askpass.cryptsetup \
- --remove /lib/cryptsetup/askpass
+ --divert /usr/lib/cryptsetup/askpass.cryptsetup \
+ --remove /usr/lib/cryptsetup/askpass
elif [ "$1" = "purge" ]; then
rm -rf /etc/cryptsetup-nuke-password
fi
diff --minimal -Nru
cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.preinst
cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.preinst
--- cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.preinst
2023-06-20 03:55:03.000000000 +0200
+++ cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.preinst
2024-01-05 18:53:10.000000000 +0100
@@ -4,8 +4,26 @@
if [ "$1" = "install" ]; then
dpkg-divert --rename --package cryptsetup-nuke-password \
- --divert /lib/cryptsetup/askpass.cryptsetup \
+ --divert /usr/lib/cryptsetup/askpass.cryptsetup \
+ --add /usr/lib/cryptsetup/askpass
+ dpkg-divert --rename --package cryptsetup-nuke-password \
+ --divert /lib/cryptsetup/askpass.cryptsetup.usr-is-merged \
--add /lib/cryptsetup/askpass
+elif [ "$1" = "upgrade" ]; then
+ if test "$(dpkg-divert --truename /usr/lib/cryptsetup/askpass)" !=
/usr/lib/cryptsetup/askpass.cryptsetup; then
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --divert /usr/lib/cryptsetup/askpass.cryptsetup \
+ --add /usr/lib/cryptsetup/askpass
+ TRUENAME=$(dpkg-divert --truename /lib/cryptsetup/askpass)
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --remove /lib/cryptsetup/askpass
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --divert /lib/cryptsetup/askpass.cryptsetup.usr-is-merged \
+ --add /lib/cryptsetup/askpass
+ if test -e "$TRUENAME"; then
+ mv "$TRUENAME" /lib/cryptsetup/askpass.cryptsetup.usr-is-merged
+ fi
+ fi
fi
#DEBHELPER#
testcase.sh
Description: Bourne shell script
TESTS= \
-_divertee \
-_divertee-diverter \
divertee_divertee \
divertee_diverter-divertee \
diverter-divertee_diverter-divertee \
diverter-divertee_rmdiverter-divertee \
diverter-divertee_divertee \
newdivertee_diverter \
newdivertee_rmdivertee \
newdivertee-newdiverter_rmdiverter \
newdivertee-newdiverter_rmdiverter-rmdivertee \
all: $(foreach t,$(TESTS),testout/$(t))
testout/%:
./testcase.sh "$(firstword $(subst _, ,$*))" "$(lastword $(subst _,
,$*))" >"$@" 2>&1; echo $$? >> "$@"
