Package: cryptsetup Version: 2:1.4.3-4 Severity: wishlist Tags: patch Hi cryptsetup Debian maintainers :)
Please can you update cryptsetup to version 1.6.1 (at least in experimental) (see also bug #704827)? Reported separately, because this bug requests packaging of two new tools: - veritysetup (setup of dm-verity block devices, e.g. used in Chrome OS) - cryptsetup-reencrypt (LUKS device offline reencryption tool) Patches needed for Debian package attached, I tested boot with fully encrypted system (wheezy) and it still works. Second attached patch fixes some compilation errors in Debian specific tools, but these are just cosmetic fixes. Thanks, Milan p.s. Please let me know if you need any help - as upstream maintainer of cryptsetup I am using Debian as primary platform now (but I am not Debian packager). -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (990, 'unstable'), (500, 'testing'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.7.4 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages cryptsetup depends on: ii cryptsetup-bin 2:1.4.3-4 ii debconf [debconf-2.0] 1.5.50 ii dmsetup 2:1.02.77-1 ii libc6 2.13-38 Versions of packages cryptsetup recommends: ii busybox 1:1.20.0-8 ii console-setup 1.92 ii initramfs-tools [linux-initramfs-tool] 0.112 ii kbd 1.15.5-1 Versions of packages cryptsetup suggests: ii dosfstools 3.0.16-2 ii liblocale-gettext-perl 1.05-7+b1 -- debconf information excluded
diff -rupN debian.old/changelog debian/changelog --- debian.old/changelog 2013-01-05 22:11:50.000000000 +0100 +++ debian/changelog 2013-05-12 14:52:10.866587706 +0200 @@ -1,3 +1,17 @@ +cryptsetup (2:1.6.1-1.1) UNRELEASED; urgency=low + + * NOT RELEASED YET + + * Non-maintainer upload. + * update to upstream package 1.6.1 + * default LUKS encryption mode is now XTS (aes-xts-plain64) + * add native support for activation of Truecrypt and compatible on-disk format + * add benchmark command + * add veritysetup, tool for dm-verity block device verification kernel module + * add cryptsetup-reencrypt, tool to offline reencrypt LUKS device + + -- Milan Broz <gmazyl...@gmail.com> Sat, 11 May 2013 19:43:07 +0200 + cryptsetup (2:1.4.3-5) unstable; urgency=low * NOT RELEASED YET diff -rupN debian.old/control debian/control --- debian.old/control 2013-01-05 22:11:50.000000000 +0100 +++ debian/control 2013-05-12 14:15:37.000000000 +0200 @@ -90,3 +90,19 @@ Description: disk encryption support - s Setup (LUKS) support. . This udeb package provides libcryptsetup for the Debian Installer. + +Package: cryptsetup-reencrypt +Section: admin +Architecture: linux-any +Depends: ${shlibs:Depends}, ${misc:Depends}, libcryptsetup4 (>= 2:1.6) +Description: disk encryption support - offline reencryption tool + Cryptsetup-reencrypt provides a tool which can be used for offline + reencryption of LUKS disk in situ. + +Package: veritysetup +Section: admin +Architecture: linux-any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: tool to setup dm-verity + Veritysetup provides an interface for configuring data verification + on block devices using dm-verity kernel module. diff -rupN debian.old/copyright debian/copyright --- debian.old/copyright 2012-06-11 21:49:20.000000000 +0200 +++ debian/copyright 2013-05-12 14:27:40.000000000 +0200 @@ -1,11 +1,12 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Contact: Milan Broz <mb...@redhat.com> +Upstream-Contact: Milan Broz <gmazyl...@gmail.com> Source: http://code.google.com/p/cryptsetup Files: * Copyright: © 2004 Christophe Saout <christo...@saout.de> © 2004-2008 Clemens Fruhwirth <clem...@endorphin.org> - © 2008-2010 Milan Broz <mb...@redhat.com> + © 2008-2012 Red Hat, Inc. + © 2008-2013 Milan Broz <gmazyl...@gmail.com> License: GPL-2+ Files: debian/* @@ -13,6 +14,7 @@ Copyright: © 2004-2005 Wesley W. Terpst © 2005-2006 Michael Gebetsroither <michael....@gmx.at> © 2006-2008 David Härdeman <da...@hardeman.nu> © 2005-2010 Jonas Meurer <jo...@freesources.org> + © 2013 Milan Broz <gmazyl...@gmail.com> License: GPL-2+ Files: debian/askpass.c debian/passdev.c diff -rupN debian.old/cryptsetup.docs debian/cryptsetup.docs --- debian.old/cryptsetup.docs 2012-02-07 16:11:32.000000000 +0100 +++ debian/cryptsetup.docs 2013-05-12 14:43:56.000000000 +0200 @@ -1,5 +1,6 @@ AUTHORS FAQ +docs/*ReleaseNotes debian/README.keyctl debian/README.gnupg debian/README.initramfs diff -rupN debian.old/cryptsetup-reencrypt.dirs debian/cryptsetup-reencrypt.dirs --- debian.old/cryptsetup-reencrypt.dirs 1970-01-01 01:00:00.000000000 +0100 +++ debian/cryptsetup-reencrypt.dirs 2013-05-12 11:10:43.000000000 +0200 @@ -0,0 +1,2 @@ +/sbin +/usr/share/man/man8 diff -rupN debian.old/libcryptsetup4.symbols debian/libcryptsetup4.symbols --- debian.old/libcryptsetup4.symbols 2013-01-05 22:11:50.000000000 +0100 +++ debian/libcryptsetup4.symbols 2013-05-12 11:54:33.000000000 +0200 @@ -4,6 +4,8 @@ libcryptsetup.so.4 libcryptsetup4 #MINVE crypt_activate_by_keyfile_offset@CRYPTSETUP_1.0 2:1.4.3 crypt_activate_by_passphrase@CRYPTSETUP_1.0 2:1.4 crypt_activate_by_volume_key@CRYPTSETUP_1.0 2:1.4 + crypt_benchmark@CRYPTSETUP_1.0 2:1.6 + crypt_benchmark_kdf@CRYPTSETUP_1.0 2:1.6 crypt_deactivate@CRYPTSETUP_1.0 2:1.4 crypt_dump@CRYPTSETUP_1.0 2:1.4 crypt_format@CRYPTSETUP_1.0 2:1.4 @@ -19,6 +21,7 @@ libcryptsetup.so.4 libcryptsetup4 #MINVE crypt_get_rng_type@CRYPTSETUP_1.0 2:1.4 crypt_get_type@CRYPTSETUP_1.0 2:1.4 crypt_get_uuid@CRYPTSETUP_1.0 2:1.4 + crypt_get_verity_info@CRYPTSETUP_1.0 2:1.5 crypt_get_volume_key_size@CRYPTSETUP_1.0 2:1.4 crypt_header_backup@CRYPTSETUP_1.0 2:1.4 crypt_header_restore@CRYPTSETUP_1.0 2:1.4 @@ -29,6 +32,8 @@ libcryptsetup.so.4 libcryptsetup4 #MINVE crypt_keyslot_add_by_keyfile_offset@CRYPTSETUP_1.0 2:1.4.3 crypt_keyslot_add_by_passphrase@CRYPTSETUP_1.0 2:1.4 crypt_keyslot_add_by_volume_key@CRYPTSETUP_1.0 2:1.4 + crypt_keyslot_area@CRYPTSETUP_1.0 2:1.6 + crypt_keyslot_change_by_passphrase@CRYPTSETUP_1.0 2:1.6 crypt_keyslot_destroy@CRYPTSETUP_1.0 2:1.4 crypt_keyslot_max@CRYPTSETUP_1.0 2:1.4 crypt_keyslot_status@CRYPTSETUP_1.0 2:1.4 diff -rupN debian.old/libcryptsetup-dev.docs debian/libcryptsetup-dev.docs --- debian.old/libcryptsetup-dev.docs 1970-01-01 01:00:00.000000000 +0100 +++ debian/libcryptsetup-dev.docs 2013-05-12 14:44:35.000000000 +0200 @@ -0,0 +1 @@ +docs/examples diff -rupN debian.old/rules debian/rules --- debian.old/rules 2013-01-05 22:11:50.000000000 +0100 +++ debian/rules 2013-05-12 14:57:45.591841868 +0200 @@ -43,7 +43,8 @@ configure-stamp: --libdir=/lib \ --sbindir=/sbin \ --mandir=/usr/share/man \ - --enable-shared + --enable-shared \ + --enable-cryptsetup-reencrypt find -xtype f >manifest.new diff manifest manifest.new | grep '>' | cut -b3- >config.mess touch $@ @@ -167,6 +168,15 @@ binary-arch: build install cp -a $(CURDIR)/debian/cryptsetup-bin/sbin/cryptsetup $(CURDIR)/debian/cryptsetup-udeb/sbin/ # Copy relevant parts to libcryptsetup4-udeb package cp -a $(CURDIR)/debian/libcryptsetup4/lib $(CURDIR)/debian/libcryptsetup4-udeb/ + + # Install veritysetup and reencrypt tool + dh_movefiles -pveritysetup --sourcedir=debian/cryptsetup-bin \ + sbin/veritysetup \ + usr/share/man/man8/veritysetup.8 + dh_movefiles -pcryptsetup-reencrypt --sourcedir=debian/cryptsetup-bin \ + sbin/cryptsetup-reencrypt \ + usr/share/man/man8/cryptsetup-reencrypt.8 + dh_lintian -a dh_compress -a dh_fixperms -a diff -rupN debian.old/veritysetup.dirs debian/veritysetup.dirs --- debian.old/veritysetup.dirs 1970-01-01 01:00:00.000000000 +0100 +++ debian/veritysetup.dirs 2013-05-12 11:10:29.000000000 +0200 @@ -0,0 +1,2 @@ +/sbin +/usr/share/man/man8
diff -rupN debian.old/askpass.c debian/askpass.c --- debian.old/askpass.c 2012-02-07 16:11:32.000000000 +0100 +++ debian/askpass.c 2013-05-12 12:07:58.000000000 +0200 @@ -170,7 +170,7 @@ splashy_prepare(const char *prompt) iov[0].iov_base = "getpass "; iov[0].iov_len = strlen ("getpass "); - iov[1].iov_base = prompt; + iov[1].iov_base = (char *)prompt; iov[1].iov_len = strlen (prompt) + 1; if (writev (fd, iov, 2) == -1) { @@ -297,7 +297,7 @@ static int console_prepare(const char *prompt) { struct termios term_new; - char *prompt_ptr = prompt; + const char *prompt_ptr = prompt; char *newline = NULL; if (!isatty(STDIN_FILENO)) { @@ -473,7 +473,10 @@ main(int argc, char **argv, char **envp) } debug("Writing %i bytes to stdout\n", (int)passlen); - write(STDOUT_FILENO, pass, passlen); + if (write(STDOUT_FILENO, pass, passlen) == -1) { + disable_method(NULL); + exit(EXIT_FAILURE); + } disable_method(NULL); exit(EXIT_SUCCESS); } diff -rupN debian.old/passdev.c debian/passdev.c --- debian.old/passdev.c 2010-05-19 18:34:10.000000000 +0200 +++ debian/passdev.c 2013-05-12 12:05:50.000000000 +0200 @@ -51,7 +51,6 @@ static bool do_mount(const char *device, const char *dir) { pid_t pid; - pid_t wpid; int status; char *fstypes[] = { "ext4", "ext3", "ext2", "vfat", "btrfs", "reiserfs", "xfs", "jfs", "ntfs", "iso9660", "udf" }; int fsindex; @@ -70,7 +69,7 @@ do_mount(const char *device, const char } else if (pid > 0) { /* We're in the parent process */ do { - wpid = waitpid(pid, &status, 0); + waitpid(pid, &status, 0); } while (!WIFEXITED(status) && !WIFSIGNALED(status)); if (WIFEXITED(status) && WEXITSTATUS(status) == EXIT_SUCCESS) return true; @@ -119,7 +118,7 @@ main(int argc, char **argv, char **envp) size_t byteswritten; ssize_t bytes; char *to; - int timeout; + int timeout = 0; bool do_timeout = false; /* We only take one argument */