Your message dated Mon, 26 Feb 2024 16:34:15 +0000
with message-id <[email protected]>
and subject line Bug#1060270: fixed in cryptsetup 2:2.7.0-1+exp
has caused the Debian Bug report #1060270,
regarding /lib/cryptsetup/askpass: coordinated move to /usr for DEP17
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1060270: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060270
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cryptsetup-nuke-password
Version: 4+nmu1
User: [email protected]
Usertags: dep17m2 dep17p3
Control: clone -1 -2
Control: reassign -2 cryptsetup
Control: block -2 by -1
Hi,
for finalizing the /usr-merge via DEP17, we want to move all aliased
files to /usr. cryptsetup and cryptsetup-nuke-password are affected in
multiple ways. For one think /lib/cryptsetup/askpass is being diverted
and diversions need special attention (DEP17 P3), for another
libcryptsetup12 is part of the debootstrap set and needs to be done
soon.
I've done a similar conversion for molly-guard/systemd and have prepared
patches for cryptsetup-nuke-password and cryptsetup. Notably:
* These patches move all the files to /usr. (DEP17 M2)
* Therefore, cryptsetup declares versioned Conflicts for
cryptsetup-nuke-password. Please check the version that actually will
be uploaded before uploading cryptsetup.
* cryptsetup-nuke-password actually uses the original askpass, but it
only declares a dependency on cryptsetup-bin, which does not contain
askpass. I consider this a bug and upgrade the dependency to
cryptsetup. I hope this is fine.
* Since cryptsetup-nuke-password depends on the package it diverts
(after my previous change), I upgrade the dependency to the version
that is expected to apply this patch in cryptsetup. Please coordinate
this version with the cryptsetup maintainer.
* The way I have implemented this (and which reduces complexity), the
moved cryptsetup will be incompatible with the aliased
cryptsetup-nuke-password and the moved cryptsetup-nuke-password will
be incompatible with the moved cryptsetup. Hence these uploads need
to happen concurrently. Otherwise, the packages will not migrate to
testing.
* There is a corner case when performing the upgrade with dpkg. If you
schedule cryptsetup-nuke-password for removal (using dpkg
--set-selections) and then unpack the updated cryptsetup, askpass
will be lost. After consultation with [email protected]
we consider this acceptable and do not mitigate it. If you want this
mitigated, cryptsetup needs to ship a copy of askpass else where
(.e.g. a hardlink in the same directory) and have its postinst
restore the lost file in case it is missing. This loss cannot be
experienced when working with apt. (In the sense that we couldn't
trick apt into loosing it, but there is no proof that this cannot
happen.)
* Acceptance of this patch will make both packages un-backportatble.
These patches must not be uploaded to bookworm-backports or earlier.
Removing these patches in a backport would result in a high-versioned
cryptsetup containing aliased files. That would break
cryptsetup-nuke-password's assumption that a high enough version of
cryptsetup is moved. Therefore cryptsetup must not be backported. If
you want cryptsetup backportable, a more elaborate patch on the
cryptsetup-nuke-password side is needed or the backported cryptsetup
must declare an unversioned conflict for cryptsetup-nuke-password.
* Please upload these changes to experimental first. That allows
running them past QA systems such as piuparts, dumat and others and
also lets us double check the version constraints.
* If you later restructure (move files to a different binary package)
any binary package, please go via experimental as you may need
further mitigations for /usr-merged caused file loss (DEP17 P1).
I see that this may sound scary. We'll get past this mess together. If
things break, I'll keep the pieces and I've done so for molly-guard
already. Let me know if you have any questions.
Helmut
--- End Message ---
--- Begin Message ---
Source: cryptsetup
Source-Version: 2:2.7.0-1+exp
Done: Guilhem Moulin <[email protected]>
We believe that the bug you reported is fixed in the latest version of
cryptsetup, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guilhem Moulin <[email protected]> (supplier of updated cryptsetup package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 26 Feb 2024 11:57:19 +0100
Source: cryptsetup
Architecture: source
Version: 2:2.7.0-1+exp
Distribution: experimental
Urgency: medium
Maintainer: Debian Cryptsetup Team
<[email protected]>
Changed-By: Guilhem Moulin <[email protected]>
Closes: 1060270
Changes:
cryptsetup (2:2.7.0-1+exp) experimental; urgency=medium
.
* New upstream release.
.
[ Guilhem Moulin ]
* d/control: cryptsetup Depends: Bump minimum cryptsetup-bin version to 2.7~.
* d/control: Build-Depends: Replace pkg-config with pkgconf.
* d/cryptsetup-suspend.lintian-overrides: Remove alien tag.
* d/cryptsetup.lintian-overrides: Remove unused overrides.
* d/cryptsetup.lintian-overrides: Add override ‘conflicts-with-version
cryptsetup-nuke-password’.
* d/t/cryptroot-*: Fix DEP-8 tests with QEMU 8.2.
.
[ Helmut Grohne ]
* /lib/cryptsetup/askpass: coordinated move to /usr for DEP17.
(Closes: #1060270)
Checksums-Sha1:
fa4b83f10d4d6dd49993bdd462ad4687ce407533 3556 cryptsetup_2.7.0-1+exp.dsc
f8d47320dae75ad194e4089d8a28d308b1eda208 11754085 cryptsetup_2.7.0.orig.tar.gz
b960739ea9e1f7117b49f47771b9b0e70ba4121e 156512
cryptsetup_2.7.0-1+exp.debian.tar.xz
af5d72d926bb43269435a899b87353205685c601 11896
cryptsetup_2.7.0-1+exp_amd64.buildinfo
Checksums-Sha256:
b876f83c764e677b128aa19d28adefcdd47de5674053ca6b357de13f1e05a9c1 3556
cryptsetup_2.7.0-1+exp.dsc
f0d490f2eb32d1648d586d56fab1329666d34e69e0db3bd6f0ac16fb3de816a2 11754085
cryptsetup_2.7.0.orig.tar.gz
58c8736f7f1b514228e193b57b8403696da88557f5775450fafb4837085c26c9 156512
cryptsetup_2.7.0-1+exp.debian.tar.xz
e7008571a5a9e47827844f42ae3f9e46b7fd2e15efc8c2f46730ff46393440a8 11896
cryptsetup_2.7.0-1+exp_amd64.buildinfo
Files:
453b0957341d9fbad88e814db199892d 3556 admin optional cryptsetup_2.7.0-1+exp.dsc
3f984ff4e595bdfd8b3329a8d35a763d 11754085 admin optional
cryptsetup_2.7.0.orig.tar.gz
fe0af28608815001bc85fd55c9d02ed9 156512 admin optional
cryptsetup_2.7.0-1+exp.debian.tar.xz
53461362d084d309cc10a6655fb89595 11896 admin optional
cryptsetup_2.7.0-1+exp_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmXcrEQACgkQ05pJnDwh
pVIbtA//V/dHJTDLkW/bTCHSkY3hjpikuNRjVeI+QMnB0kGihL18ZwyOl7llGpX1
LEkAey5C029zO8lYB5QHQ98xManEwmoualGz492tRzKiw272vNv2Jn2zRTajS7Q9
UJoV1LuoZ197EgyNFjzUwzIs5uykN3KPAiEAtavVrLpt1Lby2W3QRllwUYcWysml
M1+WjRn1cbpZ0m+AFsoWvB7VYr+B8SaGzq4tA6oa7bhHPtIoqDZ8a8ErA/kCCuMW
uNrVQ03NwJKtAj2+TAG8DJ+36ZDWzEcCrU+u91E4sxWYRpGdwX5xP+HvtNsAsSjz
PkoqHZWQjVszeSKfH38EhKkrc29z9wSYOp+sXiG1cKGCdTww37HCt60EGyQRqNWc
XQYMgYrvYVOiIQHhB9+H2DAv4g+SMfBpjYECmfs5bmwrv2qbnxMXlxmPSDVuoJow
FGAo66Bd+LyOYc5v9zIjt4hoDy2vMQ3b6/XdaxiXAsgsWgRlwig2VxbBvZTt4Z/z
RcsekAPBnCAQWKhEg+aShOCPIOjQJyFf6bZzS837GnI8PcHIs5/XAybJgcnFtOrN
KmCOm4XvzeAlyd2b12o3AGw42xHlLx0/pHBKhGjQYTOctpCr65RtBLVCF0xNAAuP
MX4SVh2heDM1u14UEHgomabc2zckE79O7gpGEHn2ZXlFAQMHJnE=
=+ad9
-----END PGP SIGNATURE-----
pgpaurcdbA9Yx.pgp
Description: PGP signature
--- End Message ---
