Hello,
I just uploaded cryptsetup 1.0.6-7 with urgency=medium to
debian/unstable. This version should be unblocked for lenny as it fixes
one grave , one important and several normal to wishlist bugs. The
complete changelog entry and debdiff are attached.
The debdiff is not that small, but it includes mostly documentation
changes.
cryptsetup provides a udeb, thus i'm cc-ing debian-boot.
Changelog:
cryptsetup (2:1.0.6-7) unstable; urgency=medium
* Add patches/01_gettext_package.patch: Remove -luks from GETTEXT_PACKAGE
in configure.in.
* Support keyfiles option in bash completion. Thanks to Stefan Goebel for
the patch. (closes: #499936)
* Update patches/02_manpage.patch: Fix the documnetation of default cipher
for LUKS mappings. (closes: #495832)
* Update debian/watch file to reflect the move of project home to
code.google.com.
* Check for $CRYPTDISKS_ENABLE in cryptdisks initscripts instead of
cryptdisks.functions. This way, cryptdisks_start/stop work even with
$CRYPTDISKS_ENABLE != "yes". Thanks to Pietro Abate. (closes: #506643)
* Add force-start to cryptdisks(-early).init in order to support starting
noauto devices manually. Thanks to Niccolo Rigacci. (closes: #505779)
* Document how to enable remote device unlocking via dropbear ssh server
in the initramfs during boot process. Thanks to Chris
for the great work. (closes: #465902)
* Completely remove support and documentation of the timeout option,
document this in NEWS.Debian. (closes: #495509, #474120)
* Use exit instead of return in decrypt_ssl keyscript. Thanks to Rene Wagner.
(closes: #499704)
* Fix initramfs/cryptpassdev-hook to check for passdev instead of mountdev.
Thanks to Christoph Anton Mitterer.
* cryptdisks.functions:
- Search for keyscript in /lib/cryptdisks/scripts. the cryptoroot initramfs
script already supports keyscripts without path as argument. Thanks to
Christoph Anton Mitterer.
* README.initramfs:
- Remove the mention of bug #398302 from the section about suspend/resume,
as this bug has been fixes for some time now.
- Remove step 6 (mkswap) from the section about decrypt_derived, as it was
superfluous. Thanks to Helmut Grohe. (closes: #491867)
* Fix initramfs/cryptroot-script to use the lvm binary instead of vgchange.
Thanks to Marc Haber. (closes: #506536)
* Make get_lvm_deps() recursive in initramfs/cryptroot-hook. This is required
to detect the dm-crypt device in setups with more than one level of device
mapper mappings. For example if LVM is used with snapshots on top of the
dm-crypt mapping. Thanks to Christian Jaeger for bugreport and patch, Ben
Hutchings and Yves-Alexis Perez for help with debugging. (closes: #507721)
* urgency=medium due to several important fixes.
-- Jonas Meurer Wed, 17 Dec 2008 21:25:45 +0100
Please don't hesitate to ask when you've questions regarding the upload.
greetings,
jonas
diff -u cryptsetup-1.0.6/debian/watch cryptsetup-1.0.6/debian/watch
--- cryptsetup-1.0.6/debian/watch
+++ cryptsetup-1.0.6/debian/watch
@@ -2 +2 @@
-opts="uversionmangle=s/luks-//;s/-pre/~pre/;s/-rc/~rc/" http://luks.endorphin.org/source/cryptsetup-(.*)\.tar\.bz2
+opts="uversionmangle=s/luks-//;s/-pre/~pre/;s/-rc/~rc/" http://cryptsetup.googlecode.com/files/cryptsetup-(.*)\.tar\.bz2
diff -u cryptsetup-1.0.6/debian/NEWS cryptsetup-1.0.6/debian/NEWS
--- cryptsetup-1.0.6/debian/NEWS
+++ cryptsetup-1.0.6/debian/NEWS
@@ -1,3 +1,19 @@
+cryptsetup (2:1.0.6-7) unstable; urgency=medium
+
+ Support for the timeout option has been removed from cryptdisks initscripts
+ in order to support splash screens and remote shells in boot process.
+ The implementation had been unclean and produced many anyway.
+ If you used the timeout option on headless systems without physical access,
+ then it's a much cleaner solution anyway, to use the 'noauto' option in
+ /etc/crypttab, and start the encrypted devices manually with
+ '/etc/init.d/cryptdisks force-start'.
+ Another approach is to start a minimal ssh-server in the initramfs and unlock
+ the encrypted devices after connecting to it. This even supports encrypted
+ root filesystems for headless server systems.
+ For more information, please see /usr/share/docs/cryptsetup/README.Debian.gz
+
+ -- Jonas Meurer Tue, 16 Dec 2008 18:37:16 +0100
+
cryptsetup (2:1.0.6-4) unstable; urgency=medium
The obsolete keyscript decrypt_old_ssl and the corresponding example script
diff -u cryptsetup-1.0.6/debian/README.initramfs cryptsetup-1.0.6/debian/README.initramfs
--- cryptsetup-1.0.6/debian/README.initramfs
+++ cryptsetup-1.0.6/debian/README.initramfs
@@ -138,9 +138,6 @@
in combination with encryption to keep the resume image safe from potential
attackers.
-Note: This will not work as expected until #398302 has been fixed as the
-decrypted suspend image will currently not be recognized as such.
-
If your resume device and your root partition