[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1058928: bookworm-pu: package cryptsetup/2:2.6.1-4~deb12u2

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: cryptsetup@packages.debian.org
Control: affects -1 + src:cryptsetup

[ Reason ]

1. cryptsetup-suspend 2:2.6.1-4~deb12u1 was found incompatible with
systemd 254.1-3 and later, in particular with systemd/bookworm-backports.

2. cryptsetup-initramfs 2:2.6.1-4~deb12u2 dos not support kernel
shipping compressed modules under MODULES=dep, as is done by default
with linux 6.6 (currently in Debian experimental).

[ Impact ]

1. Users installing systemd from bookworm-backports will not be able to
use cryptsetup-suspend to suspend-on-ram.

2. Users installing linux ≥6.6.4-1~exp1 will not be able to boot under
MODULES=dep when there is any device to be unlocked at initramfs stage.
(initramfs.conf(5)'s defaults to MODULES=most, but not being able to
boot anymore is obviously a serious regression.)

[ Tests ]

DEP-8 check suspend-on-ram and initramfs unlocking for various setups,
all using stock bookworm packages.  In addition, manual tests were made
to check behaviour with systemd/bookworm-backports and/or linux-image-amd64/
experimental.

[ Risks ]

The patches were backported from sid, where 2:2.6.1-5 resp. 2:2.6.1-6
was uploaded to on Aug 27 resp. Dec 05.  The diff is pretty trivial and
doesn't affect libcryptsetup12 nor cryptsetup-bin.

[ Checklist ]

  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
  [x] the issue is verified as fixed in unstable

[ Changes ]

 * Also add compressed kernel modules in the initramfs hook script.
 * Fix DEP-8 tests to work with compressed kernel modules.
 * Don't error out when /lib/systemd/system-sleep does not exist (cf.
   #1036920 and #1050606).

-- 
Guilhem.

diffstat for cryptsetup-2.6.1 cryptsetup-2.6.1

 changelog                                  |   18 ++++++++++++++++++
 initramfs/hooks/cryptroot                  |    4 ++--
 salsa-ci.yml                               |    1 +
 scripts/suspend/cryptsetup-suspend-wrapper |    1 +
 tests/cryptroot-legacy.d/mock              |    2 +-
 tests/utils/mkinitramfs                    |    9 ++++-----
 6 files changed, 27 insertions(+), 8 deletions(-)

diff -Nru cryptsetup-2.6.1/debian/changelog cryptsetup-2.6.1/debian/changelog
--- cryptsetup-2.6.1/debian/changelog	2023-04-21 00:54:29.000000000 +0200
+++ cryptsetup-2.6.1/debian/changelog	2023-12-18 03:41:04.000000000 +0100
@@ -1,3 +1,21 @@
+cryptsetup (2:2.6.1-4~deb12u2) bookworm; urgency=medium
+
+  [ Michael Biebl ]
+  * cryptsetup-suspend-wrapper: Don't error out on missing
+    /lib/systemd/system-sleep directory as systemd 254.1-3 and later no longer
+    ship empty directories. (Closes: #1050606)
+
+  [ Kevin Locke ]
+  * cryptsetup-initramfs: Add support for compressed kernel modules, which is
+    the default as linux-image 6.6.4-1~exp1. (Closes: #1036049, #1057441)
+
+  [ Guilhem Moulin ]
+  * add_modules(): Change suffix drop logic to match initramfs-tools.
+  * Fix DEP-8 tests with kernels shipping compressed modules.
+  * d/salsa-ci.yml: Set RELEASE=bookworm.
+
+ -- Guilhem Moulin <guilhem@debian.org>  Mon, 18 Dec 2023 03:41:04 +0100
+
 cryptsetup (2:2.6.1-4~deb12u1) bookworm; urgency=medium
 
   * Rebuild for Bookworm.
diff -Nru cryptsetup-2.6.1/debian/initramfs/hooks/cryptroot cryptsetup-2.6.1/debian/initramfs/hooks/cryptroot
--- cryptsetup-2.6.1/debian/initramfs/hooks/cryptroot	2023-04-21 00:54:29.000000000 +0200
+++ cryptsetup-2.6.1/debian/initramfs/hooks/cryptroot	2023-12-18 03:41:04.000000000 +0100
@@ -266,8 +266,8 @@
 add_modules() {
     local glob="$1" found=n
     shift
-    for mod in $(find -H "$@" -name "$glob.ko" -type f -printf '%f\n'); do
-        manual_add_modules "${mod%.ko}"
+    for mod in $(find -H "$@" -name "$glob.ko*" -type f -printf '%f\n'); do
+        manual_add_modules "${mod%%.*}"
         found=y
     done
     [ "$found" = y ] && return 0 || return 1
diff -Nru cryptsetup-2.6.1/debian/salsa-ci.yml cryptsetup-2.6.1/debian/salsa-ci.yml
--- cryptsetup-2.6.1/debian/salsa-ci.yml	2023-04-21 00:54:29.000000000 +0200
+++ cryptsetup-2.6.1/debian/salsa-ci.yml	2023-12-18 03:41:04.000000000 +0100
@@ -3,6 +3,7 @@
   - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
 
 variables:
+  RELEASE: 'bookworm'
   # Skip all DEP-8 tests except 'cryptroot-lvm': each 'cryptroot-*' test
   # takes 20-30min on Salsa CI runners as they don't support KVM acceleration
   # cf. https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/266 ,
diff -Nru cryptsetup-2.6.1/debian/scripts/suspend/cryptsetup-suspend-wrapper cryptsetup-2.6.1/debian/scripts/suspend/cryptsetup-suspend-wrapper
--- cryptsetup-2.6.1/debian/scripts/suspend/cryptsetup-suspend-wrapper	2023-04-21 00:54:29.000000000 +0200
+++ cryptsetup-2.6.1/debian/scripts/suspend/cryptsetup-suspend-wrapper	2023-12-18 03:41:04.000000000 +0100
@@ -46,6 +46,7 @@
 # Run all executable scripts in directory SYSTEM_SLEEP_PATH with arguments ARGS
 # mimic systemd behavior
 run_dir() {
+    [ -d "$SYSTEM_SLEEP_PATH" ] || return 0
     find "$SYSTEM_SLEEP_PATH" -type f -executable -execdir {} "$@" \;
 }
 
diff -Nru cryptsetup-2.6.1/debian/tests/cryptroot-legacy.d/mock cryptsetup-2.6.1/debian/tests/cryptroot-legacy.d/mock
--- cryptsetup-2.6.1/debian/tests/cryptroot-legacy.d/mock	2023-04-21 00:54:29.000000000 +0200
+++ cryptsetup-2.6.1/debian/tests/cryptroot-legacy.d/mock	2023-12-18 03:41:04.000000000 +0100
@@ -17,7 +17,7 @@
 
 # assume MODULES=dep won't add too many modules
 # XXX lsinitramfs doesn't work on /initrd.img with COMPRESS=zstd, cf. #1015954
-$out = shell(q{lsinitramfs /boot/initrd.img-`uname -r` | grep -Ec "^(usr/)?lib/modules/.*\.ko$"});
+$out = shell(q{lsinitramfs /boot/initrd.img-`uname -r` | grep -Ec "^(usr/)?lib/modules/.*\.ko(\.[a-z]+)?$"});
 die "$out == 0 or $out > 50" unless $out =~ s/\r?\n\z// and $out =~ /\A([0-9]+)\z/ and $out > 0 and $out <= 50;
 
 # check cipher and key size
diff -Nru cryptsetup-2.6.1/debian/tests/utils/mkinitramfs cryptsetup-2.6.1/debian/tests/utils/mkinitramfs
--- cryptsetup-2.6.1/debian/tests/utils/mkinitramfs	2023-04-21 00:54:29.000000000 +0200
+++ cryptsetup-2.6.1/debian/tests/utils/mkinitramfs	2023-12-18 03:41:04.000000000 +0100
@@ -67,14 +67,13 @@
 
 depmod -ab "$EXTRACT_DIR" "$KERNEL_VERSION"
 for kmod in virtio_console virtio_blk virtio_pci virtio_rng \
-        "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/arch/*/crypto/*.ko \
-        "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/crypto/*.ko \
+        "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/arch/*/crypto/*.ko* \
+        "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/crypto/*.ko* \
         $MODULES; do
     kmod="${kmod##*/}"
-    modprobe -aid "$EXTRACT_DIR" -S "$KERNEL_VERSION" --show-depends "${kmod%.ko}"
-done | while read -r insmod kmod; do
+    modprobe -aid "$EXTRACT_DIR" -S "$KERNEL_VERSION" --show-depends "${kmod%%.*}"
+done | while read -r insmod kmod _; do
     [ "$insmod" = "insmod" ] || continue
-    [ "$kmod" = "${kmod%.ko *}" ] || kmod="${kmod%.ko *}.ko"
     kmod_rel="${kmod#"$EXTRACT_DIR/lib/modules/$KERNEL_VERSION/"}"
     if [ ! -f "$kmod" ] || [ "${kmod_rel#kernel/}" = "$kmod_rel" ]; then
         echo "Error: Unexpected modprobe output: $insmod $kmod" >&2

Attachment: signature.asc
Description: PGP signature

Reply to: