Hello community,
here is the log from the commit of package cryptsetup for openSUSE:Factory
checked in at 2012-04-17 21:57:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cryptsetup (Old)
and /work/SRC/openSUSE:Factory/.cryptsetup.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cryptsetup", Maintainer is "lnus...@suse.com"
Changes:
--------
--- /work/SRC/openSUSE:Factory/cryptsetup/cryptsetup.changes 2011-12-27
18:34:52.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.cryptsetup.new/cryptsetup.changes
2012-04-17 21:58:11.000000000 +0200
@@ -1,0 +2,31 @@
+Tue Apr 17 13:03:28 UTC 2012 - lnus...@suse.de
+
+- boot.crypto:
+ * prefer physdev from crypttab
+ * fix non-plymouth use
+
+-------------------------------------------------------------------
+Mon Apr 16 12:08:30 UTC 2012 - lnus...@suse.de
+
+- new version 1.4.2
+ * Fix header check to support old (cryptsetup 1.0.0) header alignment.
(1.4.0)
+ * Add --keyfile-offset and --new-keyfile-offset parameters to API and CLI.
+ * Add repair command and crypt_repair() for known LUKS metadata problems
repair.
+ * Allow to specify --align-payload only for luksFormat.
+ * Unify password verification option.
+ * Support password verification with quiet flag if possible. (1.2.0)
+ * Fix retry if entered passphrases (with verify option) do not match.
+ * Support UUID=<LUKS_UUID> format for device specification.
+ * Add --master-key-file option to luksOpen (open using volume key).
+ * Fix use of empty keyfile.
+ * Fix error message for luksClose and detached LUKS header.
+ * Allow --header for status command to get full info with detached header.
+
+-------------------------------------------------------------------
+Mon Apr 16 09:56:40 UTC 2012 - lnus...@suse.de
+
+- boot.crypto:
+ * avoid warning about module 'kernel' (bnc#741468)
+ * incorporate plymouth support
+
+-------------------------------------------------------------------
Old:
----
boot.crypto-0_201110101134.tar.bz2
cryptsetup-1.4.1.tar.bz2
cryptsetup-1.4.1.tar.bz2.asc
New:
----
boot.crypto-0_201204171450.tar.bz2
cryptsetup-1.4.2.tar.bz2
cryptsetup-1.4.2.tar.bz2.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cryptsetup.spec ++++++
--- /var/tmp/diff_new_pack.aXO1Xc/_old 2012-04-17 21:58:12.000000000 +0200
+++ /var/tmp/diff_new_pack.aXO1Xc/_new 2012-04-17 21:58:12.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package cryptsetup
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -20,18 +20,18 @@
%define ver %version%{?beta:-%beta}
Name: cryptsetup
-URL: http://code.google.com/p/cryptsetup/
+Url: http://code.google.com/p/cryptsetup/
BuildRequires: device-mapper-devel e2fsprogs-devel libgcrypt-devel popt-devel
BuildRequires: libselinux-devel pkgconfig
BuildRequires: libtool
# hashalot version
%define haver 0.3
# boot.crypto version
-%define bcver 0_201110101134
+%define bcver 0_201204171450
License: GPL-2.0+
Group: System/Base
-Version: 1.4.1
-Release: 2
+Version: 1.4.2
+Release: 1
#Release: %{?beta:0.}<CI_CNT>.<B_CNT>%{?beta:.}%{?beta}
Summary: Set Up dm-crypt Based Encrypted Block Devices
Source:
http://cryptsetup.googlecode.com/files/cryptsetup-%{ver}.tar.bz2
++++++ boot.crypto-0_201110101134.tar.bz2 -> boot.crypto-0_201204171450.tar.bz2
++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/boot.crypto-0_201110101134/crypttab.5
new/boot.crypto-0_201204171450/crypttab.5
--- old/boot.crypto-0_201110101134/crypttab.5 2011-10-10 11:34:41.000000000
+0200
+++ new/boot.crypto-0_201204171450/crypttab.5 2012-04-17 14:50:27.000000000
+0200
@@ -1,13 +1,22 @@
'\" t
.\" Title: crypttab
.\" Author: [see the "AUTHOR" section]
-.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
-.\" Date: 02/02/2010
+.\" Generator: DocBook XSL Stylesheets v1.76.1 <http://docbook.sf.net/>
+.\" Date: 11/24/2011
.\" Manual: Cryptsetup Manual
.\" Source: cryptsetup
.\" Language: English
.\"
-.TH "CRYPTTAB" "5" "02/02/2010" "cryptsetup" "Cryptsetup Manual"
+.TH "CRYPTTAB" "5" "11/24/2011" "cryptsetup" "Cryptsetup Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
@@ -122,25 +131,25 @@
\fBcipher\fR=<cipher>
.RS 4
Encryption algorithm\&. See
-\fBcryptsetup \-c\fR\&.
+\fBcryptsetup \-c\fR\&. Ignored for LUKS volumes\&.
.RE
.PP
\fBsize\fR=<size>
.RS 4
Encryption key size\&. See
-\fBcryptsetup \-s\fR\&.
+\fBcryptsetup \-s\fR\&. Ignored for LUKS volumes\&.
.RE
.PP
\fBhash\fR=<hash>
.RS 4
Hash algorithm\&. See
-\fBcryptsetup \-h\fR\&.
+\fBcryptsetup \-h\fR\&. Ignored for LUKS volumes\&.
.RE
.PP
\fBverify\fR
.RS 4
Verify password\&. See
-\fBcryptsetup \-y\fR\&.
+\fBcryptsetup \-y\fR\&. Ignored for LUKS volumes\&.
.RE
.PP
\fBreadonly\fR
@@ -223,12 +232,12 @@
.PP
\fBpseed=<string>\fR
.RS 4
-Set a string that is appended to the passphrase after hashing\&. Using
different seeds for volumes with the same passphrase makes dictionary attacks
harder\&. Use for compatability with loop\-AES\&.
+Set a string that is appended to the passphrase after hashing\&. Using
different seeds for volumes with the same passphrase makes dictionary attacks
harder\&. Use for compatability with loop\-AES\&. Ignored for LUKS volumes\&.
.RE
.PP
\fBitercountk=<num>\fR
.RS 4
-Encrypts the hashed password <num> thousand times using AES\-256\&. Use for
compatability with loop\-AES\&.
+Encrypts the hashed password <num> thousand times using AES\-256\&. Use for
compatability with loop\-AES\&. Ignored for LUKS volumes\&.
.RE
.PP
\fBkeyscript=<path>\fR
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/boot.crypto-0_201110101134/crypttab.5.txt
new/boot.crypto-0_201204171450/crypttab.5.txt
--- old/boot.crypto-0_201110101134/crypttab.5.txt 2011-10-10
11:34:41.000000000 +0200
+++ new/boot.crypto-0_201204171450/crypttab.5.txt 2012-04-17
14:50:27.000000000 +0200
@@ -62,15 +62,19 @@
*cipher*=<cipher>::
Encryption algorithm. See *cryptsetup -c*.
+Ignored for LUKS volumes.
*size*=<size>::
Encryption key size. See *cryptsetup -s*.
+Ignored for LUKS volumes.
*hash*=<hash>::
Hash algorithm. See *cryptsetup -h*.
+Ignored for LUKS volumes.
*verify*::
Verify password. See *cryptsetup -y*.
+Ignored for LUKS volumes.
*readonly*::
The backing device is read-only (eg: a dvd).
@@ -139,10 +143,12 @@
Set a string that is appended to the passphrase after hashing.
Using different seeds for volumes with the same passphrase makes
dictionary attacks harder. Use for compatability with loop-AES.
+Ignored for LUKS volumes.
*itercountk=<num>*::
Encrypts the hashed password <num> thousand times using AES-256. Use
for compatability with loop-AES.
+Ignored for LUKS volumes.
*keyscript=<path>*::
Calls <path> and uses the output passphrase or key. If <path> is not
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/boot.crypto-0_201110101134/mkinitrd/boot-luks.sh
new/boot.crypto-0_201204171450/mkinitrd/boot-luks.sh
--- old/boot.crypto-0_201110101134/mkinitrd/boot-luks.sh 2011-10-10
11:34:41.000000000 +0200
+++ new/boot.crypto-0_201204171450/mkinitrd/boot-luks.sh 2012-04-17
14:50:27.000000000 +0200
@@ -13,7 +13,7 @@
##
## luks a list of luks devices (e.g. xxx)
## luks_xxx the luks device (e.g. /dev/sda)
-##
+##
if test -t 1 -a "$TERM" != "raw" -a "$TERM" != "dumb"; then
extd="\e[1m"
@@ -23,6 +23,14 @@
norm=''
fi
+luks_check_ply()
+{
+ if [ -x /usr/bin/plymouth ] && /usr/bin/plymouth --ping; then
+ return 0
+ fi
+ return 1
+}
+
splash_read()
{
splash=""
@@ -37,12 +45,16 @@
splash_off()
{
- [ -z "$splash" ] || echo verbose > /proc/splash
+ if ! luks_check_ply && [ -n "$splash" ]; then
+ echo verbose > /proc/splash
+ fi
}
splash_restore()
{
- [ -z "$splash" ] || echo "$splash" > /proc/splash
+ if ! luks_check_ply && [ -n "$splash" ]; then
+ echo "$splash" > /proc/splash
+ fi
}
# can't do this in luksopen as it would mix output with the
@@ -58,9 +70,13 @@
{
local name="$1"
eval local dev="\"\${luks_${luks}}\""
- echo -e "${extd}Unlocking ${name} ($dev)${norm}"
- splash_off
- /sbin/cryptsetup --tries=1 luksOpen "$dev" "$name"
+ if luks_check_ply; then
+ /usr/bin/plymouth ask-for-password --prompt="Unlocking ${name}
($dev)" | /sbin/cryptsetup --tries=1 luksOpen "$dev" "$name"
+ else
+ echo -e "${extd}Unlocking ${name} ($dev)${norm}"
+ splash_off
+ /sbin/cryptsetup --tries=1 luksOpen "$dev" "$name"
+ fi
}
check_retry()
@@ -76,8 +92,12 @@
# We only support english keyboard layout
;;
*)
- echo "*** Note: only US keyboard layout is supported."
- echo "*** Please ensure that the password is typed correctly."
+ if luks_check_ply; then
+ plymouth display-message --text "Enter your passphrase,
only US keyboard layout is supported"
+ else
+ echo "*** Note: only US keyboard layout is supported."
+ echo "*** Please ensure that the password is typed
correctly."
+ fi
;;
esac
@@ -87,6 +107,7 @@
fi
for luks in "$@"; do
+ local pass
eval local keyfile="\"\${luks_${luks}_keyfile}\""
eval local keyscript="\"\${luks_${luks}_keyscript}\""
luks_wait_device "$luks"
@@ -96,24 +117,26 @@
# devices are to be decrypted
if [ -n "$reuse_pass" ]; then
if [ -z "$pass" ]; then
- splash_off
- local pass
- echo
- echo -e "${extd}Need to unlock
encrypted volumes${norm}"
- echo -n "Enter LUKS Passphrase:
"
- read -s pass
- echo
+ if luks_check_ply; then
+ pass=`/usr/bin/plymouth
ask-for-password --prompt="Enter LUKS Passphrase"`
+ else splash_off
+ echo
+ echo -e "${extd}Need to
unlock encrypted volumes${norm}"
+ echo -n "Enter LUKS
Passphrase: "
+ read -s pass
+ echo
+ fi
fi
- echo "$pass" | luksopen "$luks" || {
- pass='xxxxxxxxxxxxxxxxxxxx';
unset pass; luksopen "$luks"; }
+ echo "$pass" | luksopen "$luks"
"$ask_pass" || {
+ pass='xxxxxxxxxxxxxxxxxxxx';
unset pass; luksopen "$luks" "$ask_pass"; }
check_retry $? || break;
else
- luksopen "$luks"
+ luksopen "$luks" "$ask_pass"
check_retry $? || break;
fi
else
- $keyscript "$keyfile" | luksopen "$luks"
+ $keyscript "$keyfile" | luksopen "$luks"
"$ask_pass"
check_retry $? || break;
fi
done
@@ -129,6 +152,11 @@
do_luks
+# Clear the screen of all text
+if luks_check_ply; then
+ plymouth display-message --text ""
+fi
+
# XXX: activate and wait for volume groups if the resume volume is
# on lvm. This is a layering violation but with current mkinitrd
# design we have no other choice if we want to resume from a vg
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/boot.crypto-0_201110101134/mkinitrd/setup-luks.sh
new/boot.crypto-0_201204171450/mkinitrd/setup-luks.sh
--- old/boot.crypto-0_201110101134/mkinitrd/setup-luks.sh 2011-10-10
11:34:41.000000000 +0200
+++ new/boot.crypto-0_201204171450/mkinitrd/setup-luks.sh 2012-04-17
14:50:27.000000000 +0200
@@ -45,21 +45,24 @@
if [ -n "$extraopts" ]; then
echo "/etc/crypttab: $name has extra options, not supported by the
initrd" >&2
continue;
- elif [ -n "$keyscript" ]; then
- if [ "${keyscript:0:1}" != '/' ]; then
- keyscript="/lib/cryptsetup/scripts/$keyscript"
- fi
- if [ ! -x "$keyscript" ]; then
- echo "keyscript \"$keyscript\" must be an executable" >&2
- continue
- fi
- eval "luks_${name}_device=\"\$physdev\""
- eval "luks_${name}_keyscript=\"\$keyscript\""
- [ -z "$keyfile" ] || eval "luks_${name}_keyfile=\"\$keyfile\""
- eval "luks_${name}_options=\"\$options\""
- elif [ -n "$keyfile" ]; then
+ elif [ -z "$keyscript" -a -n "$keyfile" ]; then
echo "/etc/crypttab: $name: keyfile not supported by the initrd" >&2
continue
+ else
+ dbg "got $name ($physdev) from crypttab"
+ eval "luks_${name}_device=\"\$physdev\""
+ if [ -n "$keyscript" ]; then
+ if [ "${keyscript:0:1}" != '/' ]; then
+ keyscript="/lib/cryptsetup/scripts/$keyscript"
+ fi
+ if [ ! -x "$keyscript" ]; then
+ echo "keyscript \"$keyscript\" must be an executable" >&2
+ continue
+ fi
+ eval "luks_${name}_keyscript=\"\$keyscript\""
+ [ -z "$keyfile" ] || eval "luks_${name}_keyfile=\"\$keyfile\""
+ eval "luks_${name}_options=\"\$options\""
+ fi
fi
luks_add_device+=("/dev/mapper/$name")
done < /etc/crypttab
@@ -76,6 +79,7 @@
# bd holds the device we see the decrypted LUKS partition as
for bd in "${luks_add_device[@]}" $blockdev; do
luks_name=
+ luks_physdev=
update_blockdev $bd
if [ "$blockdriver" != "device-mapper" ]; then
luks_blockdev="$luks_blockdev $bd"
@@ -102,7 +106,14 @@
dbg "$luks_name already handled"
continue
fi
- eval luks_${luks_name}=$(beautify_blockdev ${luksbd}) || continue
+ dbg "found name $luks_name"
+ if isset "luks_${luks_name}_device"; then
+ eval luks_physdev=\$luks_${luks_name}_device
+ fi
+ if [ -z "$luks_physdev" ]; then
+ eval luks_physdev=$(beautify_blockdev ${luksbd}) || continue
+ fi
+ eval luks_${luks_name}=\"\$luks_physdev\"
save_var luks_${luks_name}
save_var luks_${luks_name}_device
! isset luks_${luks_name}_options || save_var
luks_${luks_name}_options
@@ -116,7 +127,7 @@
fi
luks="$luks $luks_name"
- echo "enabling LUKS support for $luksbd ($luks_name)"
+ echo "enabling LUKS support for ${luks_physdev} ($luks_name)"
luks_blockdev="$luks_blockdev $luksbd"
done
if [ ! "$luks_name" ]; then # no luks found
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/boot.crypto-0_201110101134/mkinitrd/setup-luks_final.sh
new/boot.crypto-0_201204171450/mkinitrd/setup-luks_final.sh
--- old/boot.crypto-0_201110101134/mkinitrd/setup-luks_final.sh 2011-10-10
11:34:41.000000000 +0200
+++ new/boot.crypto-0_201204171450/mkinitrd/setup-luks_final.sh 2012-04-17
14:50:27.000000000 +0200
@@ -27,7 +27,7 @@
luks_lang="$LANG"
;;
esac
- cryptmodules=`sed -ne '/^module/s/.*: //p' < /proc/crypto`
+ cryptmodules=`sed -ne '/ kernel$/d;/^module/s/.*: //p' < /proc/crypto`
fi
check_cryptomgr_needed
++++++ cryptsetup-1.4.1.tar.bz2 -> cryptsetup-1.4.2.tar.bz2 ++++++
++++ 21829 lines of diff (skipped)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
