[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#772596: asking for pre-approval: unblock: cryptsetup/2:1.6.6-4

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hello,

I just prepared cryptsetup packages targeted at jessie that do fix the
following bugs:

#767832: cryptsetup: does not decrypt a split /usr as required by
initramfs-tools >= 0.118
        (hope that the fix for #767832 works for #768314 as well)
#767921: files with the same name installed in / and /usr
#764564: openrc: fail to boot when encryption + lvm are present

I asked all bugreport submitters to test the prepared packages. Once I
got positive feedback, I'd like to upload the packages to unstable. But
before, I'd like to have your ok that the packages will be allowed into
jessie.

The full debdiff is attached, below follows the changelog (debian
revision and targeted distribution will be fixed in final upload):

cryptsetup (2:1.6.6-4~mejo1) mejo-unstable; urgency=medium

  [ Simon McVittie ]
  * debian/initramfs/cryptroot-script: decrypt /usr as well as / so that
    split-/usr will work with initramfs-tools (>= 0.118). (closes: #767832)

  [ Jonas Meurer ]
  * Move cryptdisks_{start,stop} symlink creation from debian/rules to
    postinst. Needed to support /usr-merging. Thanks to Marco d'Itri for
    the patch. (closes: #767921)
  * debian/cryptdisks.funcctions: check for cryptdisks-udev initscript
before
    actually invoking 'status' on it. It's only useful in ubuntu+upstart
    environment anyway. (closes: #764564)

 -- Jonas Meurer <mejo@debian.org>  Mon, 08 Dec 2014 22:01:09 +0100

Cheers,
 jonas

diff -Nru cryptsetup-1.6.6/debian/changelog cryptsetup-1.6.6/debian/changelog
--- cryptsetup-1.6.6/debian/changelog	2014-10-22 19:28:59.000000000 +0200
+++ cryptsetup-1.6.6/debian/changelog	2014-12-08 22:59:47.000000000 +0100
@@ -1,3 +1,20 @@
+cryptsetup (2:1.6.6-4~mejo1) mejo-unstable; urgency=medium
+
+  [ Simon McVittie ]
+  * debian/initramfs/cryptroot-script: decrypt /usr as well as / so that
+    split-/usr will work with initramfs-tools (>= 0.118). (closes: #767832)
+
+  [ Jonas Meurer ]
+  * Move cryptdisks_{start,stop} symlink creation from debian/rules to
+    postinst. Needed to support /usr-merging. Thanks to Marco d'Itri for
+    the patch. (closes: #767921)
+  * debian/cryptdisks.funcctions: check for cryptdisks-udev initscript before
+    actually invoking 'status' on it. It's only useful in ubuntu+upstart
+    environment anyway. (closes: #764564)
+  * 
+
+ -- Jonas Meurer <mejo@debian.org>  Mon, 08 Dec 2014 22:01:09 +0100
+
 cryptsetup (2:1.6.6-3) unstable; urgency=medium
 
   * debian/initramfs/cryptroot-script: fix environment variable $CRYPTTAB_TRIED
diff -Nru cryptsetup-1.6.6/debian/cryptdisks.functions cryptsetup-1.6.6/debian/cryptdisks.functions
--- cryptsetup-1.6.6/debian/cryptdisks.functions	2014-09-21 15:09:03.000000000 +0200
+++ cryptsetup-1.6.6/debian/cryptdisks.functions	2014-12-08 22:58:47.000000000 +0100
@@ -750,8 +750,7 @@
 		# will just be a no-op, but we don't want to defer to the
 		# other job entirely because this is the fallback for fixing
 		# up any ordering-dependent decrypting.
-		while status cryptdisks-udev DEVNAME="$dev_match" 2>&1 | grep -q 'start'
-		do
+		invoke-rc.d --quiet cryptdisks-udev status && while status cryptdisks-udev DEVNAME="$dev_match" 2>&1 | grep -q 'start'; do
 			sleep 1
 		done
 		handle_crypttab_line_start "$dst" "$src" "$key" "$opts" <&3 || log_action_end_msg $?
diff -Nru cryptsetup-1.6.6/debian/cryptsetup.postinst cryptsetup-1.6.6/debian/cryptsetup.postinst
--- cryptsetup-1.6.6/debian/cryptsetup.postinst	2014-03-03 20:25:28.000000000 +0100
+++ cryptsetup-1.6.6/debian/cryptsetup.postinst	2014-12-08 22:04:51.000000000 +0100
@@ -16,6 +16,12 @@
 
 case "$1" in
     configure)
+	for file in cryptdisks_start cryptdisks_stop; do
+		if [ ! -e /usr/sbin/$file ]; then
+			ln -s /sbin/$file /usr/sbin/$file
+		fi
+	done
+
 	if [ -x /usr/sbin/update-initramfs ]; then
 		update-initramfs -u
 	fi
diff -Nru cryptsetup-1.6.6/debian/cryptsetup.postrm cryptsetup-1.6.6/debian/cryptsetup.postrm
--- cryptsetup-1.6.6/debian/cryptsetup.postrm	2011-09-19 12:46:19.000000000 +0200
+++ cryptsetup-1.6.6/debian/cryptsetup.postrm	2014-12-08 22:04:51.000000000 +0100
@@ -7,6 +7,12 @@
 	if [ -x /usr/sbin/update-initramfs ]; then
 		update-initramfs -u
 	fi
+
+	for file in cryptdisks_start cryptdisks_stop; do
+		if [ -L /usr/sbin/$file ]; then
+			rm /usr/sbin/$file
+		fi
+	done
     ;;
 esac
 
diff -Nru cryptsetup-1.6.6/debian/initramfs/cryptroot-hook cryptsetup-1.6.6/debian/initramfs/cryptroot-hook
--- cryptsetup-1.6.6/debian/initramfs/cryptroot-hook	2014-10-02 13:20:55.000000000 +0200
+++ cryptsetup-1.6.6/debian/initramfs/cryptroot-hook	2014-12-08 21:59:51.000000000 +0100
@@ -16,8 +16,9 @@
 
 . /usr/share/initramfs-tools/hook-functions
 
-get_root_devices() {
+get_fs_devices() {
 	local device mount type options dump pass
+	local wantmount="$1"
 
 	if [ ! -r /etc/fstab ]; then
 		return 1
@@ -25,7 +26,7 @@
 
 	grep -s '^[^#]' /etc/fstab | \
 	while read device mount type options dump pass; do
-		if [ "$mount" = "/" ]; then
+		if [ "$mount" = "$wantmount" ]; then
 			local devices
 			if [ "$type" = "btrfs" ]; then
 				for dev in $(btrfs filesystem show $(canonical_device "$device" --no-simplify) 2>/dev/null | sed -r -e 's/.*devid .+ path (.+)/\1/;tx;d;:x') ; do
@@ -611,6 +612,7 @@
 
 setup="no"
 rootdevs=""
+usrdevs=""
 resumedevs=""
 
 # Include cryptsetup modules, regardless of _this_ machine
@@ -621,16 +623,17 @@
 
 # Find the root and resume device(s)
 if [ -r /etc/crypttab ]; then
-	rootdevs=$(get_root_devices)
+	rootdevs=$(get_fs_devices /)
 	if [ -z "$rootdevs" ]; then
 		echo "cryptsetup: WARNING: could not determine root device from /etc/fstab" >&2
 	fi
+	usrdevs=$(get_fs_devices /usr)
 	resumedevs=$(get_resume_devices)
 	initramfsdevs=$(get_initramfs_devices)
 fi
 
 # Load the config opts and modules for each device
-for dev in $rootdevs $resumedevs $initramfsdevs; do
+for dev in $rootdevs $usrdevs $resumedevs $initramfsdevs; do
 	if ! modules=$(add_device "$dev"); then
 		echo "cryptsetup: FAILURE: could not determine configuration for $dev" >&2
 		continue
diff -Nru cryptsetup-1.6.6/debian/rules cryptsetup-1.6.6/debian/rules
--- cryptsetup-1.6.6/debian/rules	2014-03-03 20:53:49.000000000 +0100
+++ cryptsetup-1.6.6/debian/rules	2014-12-08 22:04:51.000000000 +0100
@@ -115,8 +115,6 @@
 	install -m 0755 debian/scripts/luksformat $(CURDIR)/debian/cryptsetup-bin/usr/sbin/
 	install -m 0755 debian/scripts/cryptdisks_start $(CURDIR)/debian/cryptsetup/sbin/
 	install -m 0755 debian/scripts/cryptdisks_stop $(CURDIR)/debian/cryptsetup/sbin/
-	dh_link -pcryptsetup sbin/cryptdisks_start usr/sbin/cryptdisks_start
-	dh_link -pcryptsetup sbin/cryptdisks_stop usr/sbin/cryptdisks_stop
 	install -m 0755 debian/scripts/decrypt_* $(CURDIR)/debian/cryptsetup/lib/cryptsetup/scripts/
 	install -m 0755 debian/scripts/passdev $(CURDIR)/debian/cryptsetup/lib/cryptsetup/scripts/
 	install -m 0755 debian/askpass $(CURDIR)/debian/cryptsetup/lib/cryptsetup/

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: