Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Hello, I just prepared cryptsetup packages targeted at jessie that do fix the following bugs: #767832: cryptsetup: does not decrypt a split /usr as required by initramfs-tools >= 0.118 (hope that the fix for #767832 works for #768314 as well) #767921: files with the same name installed in / and /usr #764564: openrc: fail to boot when encryption + lvm are present I asked all bugreport submitters to test the prepared packages. Once I got positive feedback, I'd like to upload the packages to unstable. But before, I'd like to have your ok that the packages will be allowed into jessie. The full debdiff is attached, below follows the changelog (debian revision and targeted distribution will be fixed in final upload): cryptsetup (2:1.6.6-4~mejo1) mejo-unstable; urgency=medium [ Simon McVittie ] * debian/initramfs/cryptroot-script: decrypt /usr as well as / so that split-/usr will work with initramfs-tools (>= 0.118). (closes: #767832) [ Jonas Meurer ] * Move cryptdisks_{start,stop} symlink creation from debian/rules to postinst. Needed to support /usr-merging. Thanks to Marco d'Itri for the patch. (closes: #767921) * debian/cryptdisks.funcctions: check for cryptdisks-udev initscript before actually invoking 'status' on it. It's only useful in ubuntu+upstart environment anyway. (closes: #764564) -- Jonas Meurer <mejo@debian.org> Mon, 08 Dec 2014 22:01:09 +0100 Cheers, jonas
diff -Nru cryptsetup-1.6.6/debian/changelog cryptsetup-1.6.6/debian/changelog --- cryptsetup-1.6.6/debian/changelog 2014-10-22 19:28:59.000000000 +0200 +++ cryptsetup-1.6.6/debian/changelog 2014-12-08 22:59:47.000000000 +0100 @@ -1,3 +1,20 @@ +cryptsetup (2:1.6.6-4~mejo1) mejo-unstable; urgency=medium + + [ Simon McVittie ] + * debian/initramfs/cryptroot-script: decrypt /usr as well as / so that + split-/usr will work with initramfs-tools (>= 0.118). (closes: #767832) + + [ Jonas Meurer ] + * Move cryptdisks_{start,stop} symlink creation from debian/rules to + postinst. Needed to support /usr-merging. Thanks to Marco d'Itri for + the patch. (closes: #767921) + * debian/cryptdisks.funcctions: check for cryptdisks-udev initscript before + actually invoking 'status' on it. It's only useful in ubuntu+upstart + environment anyway. (closes: #764564) + * + + -- Jonas Meurer <mejo@debian.org> Mon, 08 Dec 2014 22:01:09 +0100 + cryptsetup (2:1.6.6-3) unstable; urgency=medium * debian/initramfs/cryptroot-script: fix environment variable $CRYPTTAB_TRIED diff -Nru cryptsetup-1.6.6/debian/cryptdisks.functions cryptsetup-1.6.6/debian/cryptdisks.functions --- cryptsetup-1.6.6/debian/cryptdisks.functions 2014-09-21 15:09:03.000000000 +0200 +++ cryptsetup-1.6.6/debian/cryptdisks.functions 2014-12-08 22:58:47.000000000 +0100 @@ -750,8 +750,7 @@ # will just be a no-op, but we don't want to defer to the # other job entirely because this is the fallback for fixing # up any ordering-dependent decrypting. - while status cryptdisks-udev DEVNAME="$dev_match" 2>&1 | grep -q 'start' - do + invoke-rc.d --quiet cryptdisks-udev status && while status cryptdisks-udev DEVNAME="$dev_match" 2>&1 | grep -q 'start'; do sleep 1 done handle_crypttab_line_start "$dst" "$src" "$key" "$opts" <&3 || log_action_end_msg $? diff -Nru cryptsetup-1.6.6/debian/cryptsetup.postinst cryptsetup-1.6.6/debian/cryptsetup.postinst --- cryptsetup-1.6.6/debian/cryptsetup.postinst 2014-03-03 20:25:28.000000000 +0100 +++ cryptsetup-1.6.6/debian/cryptsetup.postinst 2014-12-08 22:04:51.000000000 +0100 @@ -16,6 +16,12 @@ case "$1" in configure) + for file in cryptdisks_start cryptdisks_stop; do + if [ ! -e /usr/sbin/$file ]; then + ln -s /sbin/$file /usr/sbin/$file + fi + done + if [ -x /usr/sbin/update-initramfs ]; then update-initramfs -u fi diff -Nru cryptsetup-1.6.6/debian/cryptsetup.postrm cryptsetup-1.6.6/debian/cryptsetup.postrm --- cryptsetup-1.6.6/debian/cryptsetup.postrm 2011-09-19 12:46:19.000000000 +0200 +++ cryptsetup-1.6.6/debian/cryptsetup.postrm 2014-12-08 22:04:51.000000000 +0100 @@ -7,6 +7,12 @@ if [ -x /usr/sbin/update-initramfs ]; then update-initramfs -u fi + + for file in cryptdisks_start cryptdisks_stop; do + if [ -L /usr/sbin/$file ]; then + rm /usr/sbin/$file + fi + done ;; esac diff -Nru cryptsetup-1.6.6/debian/initramfs/cryptroot-hook cryptsetup-1.6.6/debian/initramfs/cryptroot-hook --- cryptsetup-1.6.6/debian/initramfs/cryptroot-hook 2014-10-02 13:20:55.000000000 +0200 +++ cryptsetup-1.6.6/debian/initramfs/cryptroot-hook 2014-12-08 21:59:51.000000000 +0100 @@ -16,8 +16,9 @@ . /usr/share/initramfs-tools/hook-functions -get_root_devices() { +get_fs_devices() { local device mount type options dump pass + local wantmount="$1" if [ ! -r /etc/fstab ]; then return 1 @@ -25,7 +26,7 @@ grep -s '^[^#]' /etc/fstab | \ while read device mount type options dump pass; do - if [ "$mount" = "/" ]; then + if [ "$mount" = "$wantmount" ]; then local devices if [ "$type" = "btrfs" ]; then for dev in $(btrfs filesystem show $(canonical_device "$device" --no-simplify) 2>/dev/null | sed -r -e 's/.*devid .+ path (.+)/\1/;tx;d;:x') ; do @@ -611,6 +612,7 @@ setup="no" rootdevs="" +usrdevs="" resumedevs="" # Include cryptsetup modules, regardless of _this_ machine @@ -621,16 +623,17 @@ # Find the root and resume device(s) if [ -r /etc/crypttab ]; then - rootdevs=$(get_root_devices) + rootdevs=$(get_fs_devices /) if [ -z "$rootdevs" ]; then echo "cryptsetup: WARNING: could not determine root device from /etc/fstab" >&2 fi + usrdevs=$(get_fs_devices /usr) resumedevs=$(get_resume_devices) initramfsdevs=$(get_initramfs_devices) fi # Load the config opts and modules for each device -for dev in $rootdevs $resumedevs $initramfsdevs; do +for dev in $rootdevs $usrdevs $resumedevs $initramfsdevs; do if ! modules=$(add_device "$dev"); then echo "cryptsetup: FAILURE: could not determine configuration for $dev" >&2 continue diff -Nru cryptsetup-1.6.6/debian/rules cryptsetup-1.6.6/debian/rules --- cryptsetup-1.6.6/debian/rules 2014-03-03 20:53:49.000000000 +0100 +++ cryptsetup-1.6.6/debian/rules 2014-12-08 22:04:51.000000000 +0100 @@ -115,8 +115,6 @@ install -m 0755 debian/scripts/luksformat $(CURDIR)/debian/cryptsetup-bin/usr/sbin/ install -m 0755 debian/scripts/cryptdisks_start $(CURDIR)/debian/cryptsetup/sbin/ install -m 0755 debian/scripts/cryptdisks_stop $(CURDIR)/debian/cryptsetup/sbin/ - dh_link -pcryptsetup sbin/cryptdisks_start usr/sbin/cryptdisks_start - dh_link -pcryptsetup sbin/cryptdisks_stop usr/sbin/cryptdisks_stop install -m 0755 debian/scripts/decrypt_* $(CURDIR)/debian/cryptsetup/lib/cryptsetup/scripts/ install -m 0755 debian/scripts/passdev $(CURDIR)/debian/cryptsetup/lib/cryptsetup/scripts/ install -m 0755 debian/askpass $(CURDIR)/debian/cryptsetup/lib/cryptsetup/
Attachment:
signature.asc
Description: OpenPGP digital signature