summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/changelog18
-rw-r--r--debian/control1
-rw-r--r--debian/cryptsetup-bin.install6
-rw-r--r--debian/cryptsetup-ssh.install4
-rw-r--r--debian/cryptsetup-suspend.install8
-rw-r--r--debian/cryptsetup-udeb.install14
-rw-r--r--debian/cryptsetup.install14
-rw-r--r--debian/cryptsetup.lintian-overrides1
-rw-r--r--debian/cryptsetup.postinst15
-rw-r--r--debian/cryptsetup.preinst14
-rw-r--r--debian/functions72
-rw-r--r--debian/libcryptsetup-dev.install4
-rw-r--r--debian/libcryptsetup12-udeb.install2
-rw-r--r--debian/libcryptsetup12.install2
-rw-r--r--debian/libcryptsetup12.lintian-overrides3
-rw-r--r--debian/not-installed4
-rwxr-xr-xdebian/rules14
-rwxr-xr-xdebian/tests/utils/cryptroot-common5
18 files changed, 133 insertions, 68 deletions
diff --git a/debian/changelog b/debian/changelog
index 890e7b5..147d2e4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+cryptsetup (2:2.7.1-1) unstable; urgency=medium
+
+ * New bugfix upstream release.
+
+ [ Guilhem Moulin ]
+ * d/functions: get_mnt_devno(): Speed up execution time on large
+ /proc/mounts.
+ * d/t/cryptroot-*: Fix DEP-8 tests when the kernel .deb installs modules in
+ /usr/lib/modules not /lib/modules, such as
+ linux-image-6.6.15-686-pae_6.6.15-2_i386.deb.
+ * d/cryptsetup.lintian-overrides: Remove unused overrides.
+
+ [ Helmut Grohne ]
+ * /lib/cryptsetup/askpass: Coordinated move to /usr for DEP17
+ (Closes: #1060270)
+
+ -- Guilhem Moulin <guilhem@debian.org> Sat, 09 Mar 2024 23:05:42 +0100
+
cryptsetup (2:2.7.0-1~progress7.99u1) graograman-backports; urgency=medium
* Uploading to graograman-updates, remaining changes:
diff --git a/debian/control b/debian/control
index e2f7ccb..68c6fe6 100644
--- a/debian/control
+++ b/debian/control
@@ -49,6 +49,7 @@ Depends: cryptsetup-bin (>= 2:1.6.0),
keyutils,
${misc:Depends},
${shlibs:Depends}
+Conflicts: cryptsetup-nuke-password (<< 5~)
Suggests: cryptsetup-initramfs, dosfstools, liblocale-gettext-perl
Description: disk encryption support - startup scripts
Cryptsetup provides an interface for configuring encryption on block
diff --git a/debian/cryptsetup-bin.install b/debian/cryptsetup-bin.install
index 6c344e1..83a4171 100644
--- a/debian/cryptsetup-bin.install
+++ b/debian/cryptsetup-bin.install
@@ -1,5 +1,5 @@
-sbin/cryptsetup
-sbin/integritysetup
-sbin/veritysetup
+usr/sbin/cryptsetup
+usr/sbin/integritysetup
+usr/sbin/veritysetup
usr/lib/tmpfiles.d/cryptsetup.conf
usr/share/locale/*/*/*
diff --git a/debian/cryptsetup-ssh.install b/debian/cryptsetup-ssh.install
index f41adb1..4ee9835 100644
--- a/debian/cryptsetup-ssh.install
+++ b/debian/cryptsetup-ssh.install
@@ -1,2 +1,2 @@
-lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.so
-sbin/cryptsetup-ssh
+usr/lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.so
+usr/sbin/cryptsetup-ssh
diff --git a/debian/cryptsetup-suspend.install b/debian/cryptsetup-suspend.install
index 371a98f..deb238f 100644
--- a/debian/cryptsetup-suspend.install
+++ b/debian/cryptsetup-suspend.install
@@ -1,5 +1,5 @@
-debian/scripts/suspend/cryptsetup-suspend /lib/cryptsetup/scripts/suspend/
-debian/scripts/suspend/cryptsetup-suspend-wrapper /lib/cryptsetup/scripts/suspend/
-debian/scripts/suspend/cryptsetup-suspend.shutdown /lib/systemd/system-shutdown/
+debian/scripts/suspend/cryptsetup-suspend /usr/lib/cryptsetup/scripts/suspend/
+debian/scripts/suspend/cryptsetup-suspend-wrapper /usr/lib/cryptsetup/scripts/suspend/
+debian/scripts/suspend/cryptsetup-suspend.shutdown /usr/lib/systemd/system-shutdown/
debian/scripts/suspend/suspend.conf /etc/cryptsetup/
-debian/scripts/suspend/systemd/cryptsetup-suspend.conf /lib/systemd/system/systemd-suspend.service.d/
+debian/scripts/suspend/systemd/cryptsetup-suspend.conf /usr/lib/systemd/system/systemd-suspend.service.d/
diff --git a/debian/cryptsetup-udeb.install b/debian/cryptsetup-udeb.install
index b37fb69..d6ccaeb 100644
--- a/debian/cryptsetup-udeb.install
+++ b/debian/cryptsetup-udeb.install
@@ -1,7 +1,7 @@
-debian/askpass /lib/cryptsetup/
-debian/checks/* /lib/cryptsetup/checks/
-debian/cryptdisks-functions /lib/cryptsetup/
-debian/functions /lib/cryptsetup/
-debian/scripts/decrypt_* /lib/cryptsetup/scripts/
-debian/scripts/passdev /lib/cryptsetup/scripts/
-sbin/cryptsetup
+debian/askpass /usr/lib/cryptsetup/
+debian/checks/* /usr/lib/cryptsetup/checks/
+debian/cryptdisks-functions /usr/lib/cryptsetup/
+debian/functions /usr/lib/cryptsetup/
+debian/scripts/decrypt_* /usr/lib/cryptsetup/scripts/
+debian/scripts/passdev /usr/lib/cryptsetup/scripts/
+usr/sbin/cryptsetup
diff --git a/debian/cryptsetup.install b/debian/cryptsetup.install
index 934801d..d33b7a0 100644
--- a/debian/cryptsetup.install
+++ b/debian/cryptsetup.install
@@ -1,9 +1,9 @@
-debian/askpass /lib/cryptsetup/
+debian/askpass /usr/lib/cryptsetup/
debian/bash_completion/cryptdisks_start /usr/share/bash-completion/completions/
-debian/checks/* /lib/cryptsetup/checks/
-debian/cryptdisks-functions /lib/cryptsetup/
-debian/functions /lib/cryptsetup/
-debian/scripts/cryptdisks_* /sbin/
-debian/scripts/decrypt_* /lib/cryptsetup/scripts/
+debian/checks/* /usr/lib/cryptsetup/checks/
+debian/cryptdisks-functions /usr/lib/cryptsetup/
+debian/functions /usr/lib/cryptsetup/
+debian/scripts/cryptdisks_* /usr/sbin/
+debian/scripts/decrypt_* /usr/lib/cryptsetup/scripts/
debian/scripts/luksformat /usr/sbin/
-debian/scripts/passdev /lib/cryptsetup/scripts/
+debian/scripts/passdev /usr/lib/cryptsetup/scripts/
diff --git a/debian/cryptsetup.lintian-overrides b/debian/cryptsetup.lintian-overrides
index 393e3fe..10c9938 100644
--- a/debian/cryptsetup.lintian-overrides
+++ b/debian/cryptsetup.lintian-overrides
@@ -1,3 +1,4 @@
init.d-script-does-not-implement-status-option [etc/init.d/cryptdisks]
init.d-script-does-not-implement-status-option [etc/init.d/cryptdisks-early]
no-debconf-config
+cryptsetup: conflicts-with-version cryptsetup-nuke-password (<< 5~)
diff --git a/debian/cryptsetup.postinst b/debian/cryptsetup.postinst
index 635324b..6643d4e 100644
--- a/debian/cryptsetup.postinst
+++ b/debian/cryptsetup.postinst
@@ -14,6 +14,21 @@ set -e
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
+# begin-remove-after: released:forky
+if [ "$1" = configure ] &&
+ [ "$(dpkg-divert --truename /usr/lib/cryptsetup/askpass)" = /usr/lib/cryptsetup/askpass.usr-is-merged ] &&
+ [ "$(dpkg-divert --listpackage /usr/lib/cryptsetup/askpass)" = cryptsetup-nuke-password ]; then
+ # /usr/lib/cryptsetup/askpass is still diverted in the same way as our
+ # preinst did. Conclude that cryptsetup-nuke-password was installed
+ # during preinst, we duplicated the diversion and now
+ # cryptsetup-nuke-password is removed. We have to clean up.
+ echo "Removing duplicated diversion of /usr/lib/cryptsetup/askpass after cryptsetup-nuke-password is removed."
+ dpkg-divert --rename --package cryptsetup-nuke-password \
+ --divert /usr/lib/cryptsetup/askpass.usr-is-merged \
+ --remove /usr/lib/cryptsetup/askpass
+fi
+# end-remove-after
+
case "$1" in
configure)
for file in cryptdisks_start cryptdisks_stop; do
diff --git a/debian/cryptsetup.preinst b/debian/cryptsetup.preinst
index 7f1e1bc..2e5a7fc 100644
--- a/debian/cryptsetup.preinst
+++ b/debian/cryptsetup.preinst
@@ -8,6 +8,20 @@ if [ "$1" = install ] && [ ! -f "/etc/crypttab" ]; then
EOC
fi
+# begin-remove-after: released:forky
+if [ "$1" = "upgrade" ] || [ "$1" = install ]; then
+ if [ "$(dpkg-divert --truename /lib/cryptsetup/askpass)" = /lib/cryptsetup/askpass.cryptsetup ] &&
+ [ "$(dpkg-divert --listpackage /lib/cryptsetup/askpass)" = cryptsetup-nuke-password ] &&
+ [ "$(dpkg-divert --truename /usr/lib/cryptsetup/askpass)" = /usr/lib/cryptsetup/askpass ]; then
+ # A pre-/usr-merge cryptsetup-nuke-password is installed.
+ echo "Mitigating diversion of /lib/cryptsetup/askpass on behalf of cryptsetup-nuke-password"
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --divert /usr/lib/cryptsetup/askpass.usr-is-merged \
+ --add /usr/lib/cryptsetup/askpass
+ fi
+fi
+# end-remove-after
+
#DEBHELPER#
exit 0
diff --git a/debian/functions b/debian/functions
index 3409787..7d3b6c2 100644
--- a/debian/functions
+++ b/debian/functions
@@ -115,7 +115,7 @@ crypttab_parse_options() {
# use decrypt_keyctl by default if no keyscript in /etc/crypttab
if [ -z "$CRYPTTAB_OPTION_keyscript" ]; then
- CRYPTTAB_OPTION_keyscript="/lib/cryptsetup/scripts/decrypt_keyctl"
+ CRYPTTAB_OPTION_keyscript="/usr/lib/cryptsetup/scripts/decrypt_keyctl"
fi
if ! _get_crypt_type; then # set CRYPTTAB_TYPE to the type of crypt device
@@ -609,34 +609,52 @@ _resolve_device() {
# mounted currenty mounted on $mountpoint.
# Return 0 on success, 1 on error (if $mountpoint is not a mountpoint).
get_mnt_devno() {
- local wantmount="$1" devnos="" uuid dev IFS
- local spec mountpoint fstype _ DEV MAJ MIN
-
- while IFS=" " read -r spec mountpoint fstype _; do
- # treat lines starting with '#' as comments; /proc/mounts
- # doesn't seem to contain these but per procfs(5) the format of
- # that file is analogous to fstab(5)'s
- if [ "${spec#\#}" = "$spec" ] && [ -n "$spec" ] &&
- [ "$(printf '%b' "$mountpoint")" = "$wantmount" ]; then
- # take the last mountpoint if used several times (shadowed)
- unset -v devnos
- spec="$(printf '%b' "$spec")"
- _resolve_device "$spec" || continue # _resolve_device() already warns on error
- fstype="$(printf '%b' "$fstype")"
- if [ "$fstype" = "btrfs" ]; then
- # btrfs can span over multiple devices
- if uuid="$(_device_uuid "$DEV")"; then
- for dev in "/sys/fs/$fstype/$uuid/devices"/*/dev; do
- devnos="${devnos:+$devnos }$(cat "$dev")"
- done
- else
- cryptsetup_message "ERROR: $spec: Couldn't determine UUID"
- fi
- elif [ -n "$fstype" ]; then
- devnos="$MAJ:$MIN"
+ local wantmount="$1" devnos="" uuid dev
+ local out spec fstype DEV MAJ MIN
+
+ # use awk rather than a `while read; do done` loop here as /proc/mounts
+ # can be many thousands lines long and the `read` builtin goes one
+ # byte at the time which slows down execution time, see MR !36
+ out="$(awk -v mp="$wantmount" -- '
+ BEGIN {
+ FS = "[ \t]"
+ ret = ""
+ }
+ !/^\s*(#|$)/ {
+ # decode octal sequences; per procfs(5) the format of /proc/mounts
+ # is analogous to fstab(5)
+ head = ""
+ while (match($2, /\\[0-7]{3}/)) {
+ oct = substr($2, RSTART+1, RLENGTH-1)
+ dec = (substr(oct, 1, 1) * 8 + substr(oct, 2, 1)) * 8 + substr(oct, 3, 1)
+ head = head substr($2, 1, RSTART-1) sprintf("%c", dec)
+ $2 = substr($2, RSTART+RLENGTH)
+ }
+ if (head $2 == mp) {
+ # take the last mountpoint if used several times (shadowed)
+ ret = $1 " " $3
+ }
+ }
+ END {
+ print ret
+ }' </proc/mounts)" || out=""
+
+ spec="$(printf '%b' "${out% *}")"
+ if [ -n "$out" ] && _resolve_device "$spec"; then # _resolve_device() already warns on error
+ fstype="${out##* }"
+ if [ "$fstype" = "btrfs" ]; then
+ # btrfs can span over multiple devices
+ if uuid="$(_device_uuid "$DEV")"; then
+ for dev in "/sys/fs/$fstype/$uuid/devices"/*/dev; do
+ devnos="${devnos:+$devnos }$(cat "$dev")"
+ done
+ else
+ cryptsetup_message "ERROR: $spec: Couldn't determine UUID"
fi
+ elif [ -n "$fstype" ]; then
+ devnos="$MAJ:$MIN"
fi
- done </proc/mounts
+ fi
if [ -z "${devnos:+x}" ]; then
return 1 # not found
diff --git a/debian/libcryptsetup-dev.install b/debian/libcryptsetup-dev.install
index edf075c..1211b75 100644
--- a/debian/libcryptsetup-dev.install
+++ b/debian/libcryptsetup-dev.install
@@ -1,3 +1,3 @@
-lib/${DEB_HOST_MULTIARCH}/*.so
-lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc /usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/
+usr/lib/${DEB_HOST_MULTIARCH}/*.so
+usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc
usr/include/*.h
diff --git a/debian/libcryptsetup12-udeb.install b/debian/libcryptsetup12-udeb.install
index db6f744..8b38ff6 100644
--- a/debian/libcryptsetup12-udeb.install
+++ b/debian/libcryptsetup12-udeb.install
@@ -1 +1 @@
-lib/${DEB_HOST_MULTIARCH}/*.so.*
+usr/lib/${DEB_HOST_MULTIARCH}/*.so.*
diff --git a/debian/libcryptsetup12.install b/debian/libcryptsetup12.install
index db6f744..8b38ff6 100644
--- a/debian/libcryptsetup12.install
+++ b/debian/libcryptsetup12.install
@@ -1 +1 @@
-lib/${DEB_HOST_MULTIARCH}/*.so.*
+usr/lib/${DEB_HOST_MULTIARCH}/*.so.*
diff --git a/debian/libcryptsetup12.lintian-overrides b/debian/libcryptsetup12.lintian-overrides
deleted file mode 100644
index fc6d52e..0000000
--- a/debian/libcryptsetup12.lintian-overrides
+++ /dev/null
@@ -1,3 +0,0 @@
-# See reasoning at #843932 ('dev-pkg-without-shlib-symlink' was renamed
-# to 'lacks-unversioned-link-to-shared-library')
-lacks-unversioned-link-to-shared-library example: usr/lib/x86_64-linux-gnu/libcryptsetup.so [lib/x86_64-linux-gnu/libcryptsetup.so.12.*]
diff --git a/debian/not-installed b/debian/not-installed
index 22b45e1..1b9657a 100644
--- a/debian/not-installed
+++ b/debian/not-installed
@@ -1,2 +1,2 @@
-lib/${DEB_HOST_MULTIARCH}/libcryptsetup.la
-lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.la
+usr/lib/${DEB_HOST_MULTIARCH}/libcryptsetup.la
+usr/lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.la
diff --git a/debian/rules b/debian/rules
index 757085c..0398211 100755
--- a/debian/rules
+++ b/debian/rules
@@ -24,8 +24,6 @@ endif
override_dh_auto_configure:
dh_auto_configure -- $(CONFFLAGS) \
- --libdir=/lib/$(DEB_HOST_MULTIARCH) \
- --sbindir=/sbin \
--with-tmpfilesdir=/usr/lib/tmpfiles.d \
--enable-libargon2 \
--enable-shared \
@@ -85,13 +83,13 @@ override_dh_bugfiles:
dh_bugfiles -A
execute_after_dh_fixperms-arch:
- chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/*
- chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_*
- chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
- chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
+ chmod 0755 debian/cryptsetup/usr/lib/cryptsetup/checks/*
+ chmod 0755 debian/cryptsetup/usr/lib/cryptsetup/scripts/decrypt_*
+ chmod 0755 debian/cryptsetup-suspend/usr/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
+ chmod 0755 debian/cryptsetup-suspend/usr/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES)))
- chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/*
- chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_*
+ chmod 0755 debian/cryptsetup-udeb/usr/lib/cryptsetup/checks/*
+ chmod 0755 debian/cryptsetup-udeb/usr/lib/cryptsetup/scripts/decrypt_*
endif
execute_after_dh_fixperms-indep:
diff --git a/debian/tests/utils/cryptroot-common b/debian/tests/utils/cryptroot-common
index a7df37f..2d73d9d 100755
--- a/debian/tests/utils/cryptroot-common
+++ b/debian/tests/utils/cryptroot-common
@@ -416,9 +416,12 @@ extract_kernel() {
fi
mkdir "$destdir"
+ mkdir "$destdir/usr" "$destdir/usr/lib"
+ ln -sT "usr/lib" "$destdir/lib"
dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \
+ --wildcards --wildcards-match-slash \
"./boot/vmlinuz-$KERNEL_VERSION" \
- "./lib/modules/$KERNEL_VERSION"
+ "*/lib/modules/$KERNEL_VERSION"
ln -T -- "$destdir/boot/vmlinuz-$KERNEL_VERSION" "$TEMPDIR/vmlinuz-$KERNEL_VERSION"
}