29
|
|
[ Milan Broz ] * new upstream version. (closes: #704827, 707997) - default LUKS encryption mode is XTS (aes-xts-plain64) (closes: #714331) - adds native support for Truecrypt and compatible on-disk format - adds benchmark command - adds cryptsetup-reencrypt, a tool to offline reencrypt LUKS device - adds veritysetup, a tool for dm-verity block device verification module * install docs/examples into docs at cryptsetup-dev package. * fix compilation warnings in askpass.c.
[ Steve Langasek ] * fix upstart jobs to not cause boot hangs when actually used in conjunction with startpar. (closes: #694499, #677712). * in connection with the above, make the cryptdisks-early job explicitly wait for 'umountfs' on shutdown just like cryptdisks does; otherwise, the teardown of the cryptdisks upstart job may cause the cryptdisks-early init script run before we're done unmounting filesystems.
[ Jonas Meurer ] * minor wording fixes to README.initramfs, suggested by intrigeri and Adam D. Barrett. * add bash-completion script for cryptdisks_{start,stop}. Thanks to Claudius Hubig for providing a patch. (closes: #700777) * support specifying key-slot in crypttab. Thanks to Kevin Locke for the patch. (closes: #704470) * remove evms support code from cryptroot initramfs script. (closes: #713918) * fix location of keyscripts in initramfs documentation. (closes: #697446) * fix a typo in decrypt_ssl script that prevented stdout from beeing redirected to /dev/null. (closes: #700285) * give full path to blkid in crytproot initramfs script. (closes: #697155) * export number of previous tries from cryptroot and cryptdisks to keyscript. Thanks to Laurens Blankers for the idea. Opens the possibility to fallback after a given number of tries for keyscripts. (closes: #438481, #471729, #697455) * improve check for cpu hardware encryption support in initramfs cryptroot hook. (closes: #714326)
|
Jonas Meurer |
2:1.6.1-1 |
10 years ago
|
|
|
25
|
|
|
Jonas Meurer |
2:1.4.3-1 |
11 years ago
|
|
|
22
|
|
* new upstream release (1.4.0 + 1.4.1) (closes: #647851) - fixes typo in german translation. (closes: #645528) - remove patches, all incorporated upstream. - soname bump, rename library package to libcryptsetup4 * check for busybox in initramfs cryptroot hook, and install the sed binary in case it's either not installed or not activated. (closes: #591853) * add checks for 'type $KEYSCRIPT' to initscripts cryptdisks.functions, and to cryptroot initramfs script/hook. this adds support for keyscripts inside $PATH. thanks to Ian Jackson for the suggestion. (closes: #597583) * use argument '--sysinit' for vgchange in cryptroot initramfs script. Thanks to Christoph Anton Mitterer for the suggestion. * add option for discard/trim features to crypttab and initramfs scripts. Thanks to intrigeri and Peter Colberg for patches. (closes: #648868) * print $target on error in initramfs hook. Thanks to Daniel Hahler for the bugreport. (closes: #648192) * add a warning about using decrypt_derived keyscript for devices with persistent data. Thanks to Arno Wagner for pointing this out. * remove quotes from resume device candidates at get_resume_devs() in initramfs hook script. Thanks to Johannes Rohr. (closes: #634017) * support custom $TABFILE, thanks to Douglas Huff. (closes: #638317) * fix get_lvm_deps() in initramfs cryptroot hook to add all physical volumes of lvm volume group that contains the rootfs logical volume, even if the rootfs is lv is not spread over all physical volumes. Thanks to Christian Pernegger for bugreport and patch. (closes: #634109) * debian/initramfs/cryptroot-script: Move check for maximum number of tries behind the while loop, to make the warning appear in case that maximum number of tries is reached. Thanks to Chistian Lamparter for bugreport and patch. (closes: #646083) * incorporate changes to package descriptions and debconf templates that suggested by debian-l10n-english people. Special thanks go to Justin B Rye. * acknowledge NMU, thanks a lot to Christian Perrier for his great work on the i18n front. (closes: #633105, #641719, #641839, #641947, #642470, #640056, #642540, #643633, #643962, #644853) * add and update debconf translations: - italian, thanks to Milo Casagrande, Francesca Ciceri. (closes: #656933) - german, thanks to Erik Pfannenstein. (closes: #642147) - spanish, thanks to Camaleón. (closes: #658360) - russian, thanks to Yuri Kuzlov (closes: #654676) * set architecture to linux-any, depends on linux kernel anyway. Thanks to Christoph Egger. (closes: #638257) * small updates to the copyright file. * add targets build-indep and build-arch to debian/rules, thanks to lintian.
|
Jonas Meurer |
2:1.4.1-1 |
12 years ago
|
|
|
18
|
|
* NOT RELEASED YET * new upstream release - automatically allocates loopback device for container files. update the cryptdisks functions to only setup loopback device for kernel < 2.6.35. otherwise, let cryptsetup do the magic itself. *****TODO: TESTING***** - introduces maximum default keyfile size, see --help for value. manually set the keyfile size with --keyfile-size in order to overwrite the limit. - adds luksChangeKey command for changing passphrase/keyfile in one step - adds loopAES compatibility command loopaesOpen - remove d/patches/01_luksAddKey_return_code.patch, incorporated upstream * add gettext support to luksformat script. Thanks to intrigeri for initial patch, and adduser sources for implementation ideas. (closes: #558405) * fix KEYSCRIPT checks in cryptdisks.functions for empty values. * update REAMDE.gnupg and initramfs cryptgnupg hook script: - warn about keys being copied to initramfs. - fix the documentation to provide working examples. * update README.Debian and related documentation: - add a section about the 'special' keyscripts askpass and passdev (closes: #601314) - update several sections, remove reference to lenny * add debian/patches/01_create_fix_size.patch, to fix a regression in 1.2.0 where the size argument was ignored for create command (closes: #624828) * add debian/patches/02_manpage.patch, escapes minus signs in manpage * remove usplash support from cryptroot initramfs script, askpass and keyscripts, add plymouth support to keyscripts. (closes: #620923) * ignore options like cipher, hash, size, etc. for luks commands in cryptdisks. mention this in the crypttab manpage. (closes: #619249) * again check for existance of /lib/cryptsetup/cryptdisks.functions before sourcing it in cryptdisks(-early).init. required if cryptsetup is removed but not purged, where initscripts are still around. (closes: #625468) * bump standards-version to 3.9.2, no changes needed. * debian/libcryptsetup1.symbols: update, 1.3.0 adds new function symbols
|
Jonas Meurer |
2:1.3.0-1 |
13 years ago
|
|
|
17
|
|
|
Jonas Meurer |
2:1.2.0-2 |
13 years ago
|
|
|
12
|
|
* new upstream release, changes include: - Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile. (closes: #583397) - Add verbose log level and move unlocking message there. - Remove device even if underlying device disappeared (remove, luksClose). (closes: #554600, #574126) - Fix (deprecated) reload device command to accept new device argument. * merged from ubuntu: - if plymouth is present in the initramfs, use this directly, bypassing the cryptsetup askpass script - start usplash in initramfs, since we need it for fancy passphrase input - Set FRAMEBUFFER=y in cryptroot-conf, to pull plymouth into the initramfs - debian/initramfs/cryptroot-hook: Properly anchor our regexps when grepping /etc/crypttab so that we don't incorrectly match device names that are substrings of one another. - debian/initramfs/cryptroot-script: Don't leak /conf/conf.d/cryptroot file descriptor to subprocesses. * sync list of supported filesystems in passdev.c and cryptpassdev-hook * fix debian/watch file to work with updated code.google.com download page * stop building and shipping static libs (closes: #583387, #583471) * improve documentation on (pre)checks in manpage. (closes: #583568, #583567) * remove xfs and ext2 check scripts documentation from crypttab manpage, blkid script can be used. thanks Christoph Anton Mitterer (closes: #583570)
|
Jonas Meurer |
2:1.1.2-1 |
14 years ago
|
|
|
11
|
|
|
Jonas Meurer |
2:1.1.1-1 |
14 years ago
|
|
|
10
|
|
|
maximilian attems |
2:1.1.0-2.1 |
14 years ago
|
|
|
8
|
|
|
Jonas Meurer |
2:1.1.0-1 |
14 years ago
|
|
|
7
|
|
* new upstream release candidate (1.1.0-rc2), highlights include: - new libcryptsetup API (documented in libcryptsetup.h) - luksHeaderBackup and luksHeaderRestore commands (closes: #533643) - use libgcrypt, enables all gcrypt hash algorithms for LUKS through -h luksFormat option (closes: #387159, #537385) - new --master-key-file option for luksFormat and luksAddKey - use dm-uuid for all crypt devices, contains device type and name now (closes: #548988, #549870) - command successful messages moved to verbose level (closes: #541805) - several code changes to improve speed of luksOpen (closes: #536415) - luksSuspend and luksResume commands * remove unneeded patches 03_read_rework and 04_no_stderr_success, update 02_manpage for new upstream release candidate. * update patch to comply with DEP-3 (http://dep.debian.net/deps/dep3/) * fix initramfs/cryptroot-hook to support setups where /dev/mapper/ contains symlinks to devices at /dev/dm-*. the lvm2/device-mapper packages had defaults changed to this temporary. it has been fixed in a subsequent upload of lvm2 in the meantime, but still it's not a bad idea to be prepared for such setups in the future. that way cryproot now supports /dev/dm-* devices as well. (closes: #532579, #544487, #544773) * fix initscript dependencies both for cryptdisks and cryptdisks-early. thanks to Petter Reinholdtsen for bugreport and patch. (closes: #548356) * finally change default behaviour of initscripts/cryptroot-hook to include all available crypto modules into the initramfs. this change should fix any problems with cryto modules missing from the initramfs. announce the change in NEWS.Debian. (closes: #547597) * add error messages to lvm detecting code in initramfs/cryptroot-script in order to make debugging easier. (closes: #541248) * implement detection of devices which are required by decrypt_derived keyscript in initscripts/cryptroot-hook. that way setups where encrypted swap has the key derived from non-root partitions should support suspend/ resume as well. (closes: #475838) * remove outdated documentation from the source package: CryptoRoot.HowTo, CheckSystem.Doc * mention in README.initramfs that busybox is required for cryptroot to work * stop creating /etc/keys in postinst maintainer script. * update build system to include library files again: (closes: #480157) - split into three packages: cryptsetup, libcryptsetup1, libcryptsetup-dev - rename preinst to cryptsetup.preinst, copy code to create /etc/crypttab skeleton into cryptsetup-udeb.preinst. - build with --enable-shared and --enable-static for libcryptsetup.a - create debian/libcryptsetup1.symbols with help of dpkg-gensymbols * add debian/cryptsetup.lintian-override for two false positives * raise build-depends on debhelper and debian/compat for that reason * update README.remote to work with latest dropbear package. thanks to debian@x.ray.net. * make all crypttab fields available to keyscripts as environment variables. thanks to ludwig nussel from suse for idea and implmentation. document this in crypttab(5) manpage. impelement the same environment variables in initramfs cryptroot script. * fix formatting errors in crypttab(5) manpage.
|
Jonas Meurer |
2:1.1.0~rc2-1 |
14 years ago
|
|
|
5
|
|
|
Jonas Meurer |
2:1.0.7-1 |
14 years ago
|
|
|
3
|
|
|
Jonas Meurer |
2:1.0.6-7 |
15 years ago
|
|
|
1
|
|
|
Jonas Meurer |
|
17 years ago
|
|
|