diff options
-rw-r--r-- | debian/changelog | 18 | ||||
-rw-r--r-- | debian/control | 1 | ||||
-rw-r--r-- | debian/cryptsetup-bin.install | 6 | ||||
-rw-r--r-- | debian/cryptsetup-ssh.install | 4 | ||||
-rw-r--r-- | debian/cryptsetup-suspend.install | 8 | ||||
-rw-r--r-- | debian/cryptsetup-udeb.install | 14 | ||||
-rw-r--r-- | debian/cryptsetup.install | 14 | ||||
-rw-r--r-- | debian/cryptsetup.lintian-overrides | 1 | ||||
-rw-r--r-- | debian/cryptsetup.postinst | 15 | ||||
-rw-r--r-- | debian/cryptsetup.preinst | 14 | ||||
-rw-r--r-- | debian/functions | 72 | ||||
-rw-r--r-- | debian/libcryptsetup-dev.install | 4 | ||||
-rw-r--r-- | debian/libcryptsetup12-udeb.install | 2 | ||||
-rw-r--r-- | debian/libcryptsetup12.install | 2 | ||||
-rw-r--r-- | debian/libcryptsetup12.lintian-overrides | 3 | ||||
-rw-r--r-- | debian/not-installed | 4 | ||||
-rwxr-xr-x | debian/rules | 14 | ||||
-rwxr-xr-x | debian/tests/utils/cryptroot-common | 5 |
18 files changed, 133 insertions, 68 deletions
diff --git a/debian/changelog b/debian/changelog index 890e7b5..147d2e4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,21 @@ +cryptsetup (2:2.7.1-1) unstable; urgency=medium + + * New bugfix upstream release. + + [ Guilhem Moulin ] + * d/functions: get_mnt_devno(): Speed up execution time on large + /proc/mounts. + * d/t/cryptroot-*: Fix DEP-8 tests when the kernel .deb installs modules in + /usr/lib/modules not /lib/modules, such as + linux-image-6.6.15-686-pae_6.6.15-2_i386.deb. + * d/cryptsetup.lintian-overrides: Remove unused overrides. + + [ Helmut Grohne ] + * /lib/cryptsetup/askpass: Coordinated move to /usr for DEP17 + (Closes: #1060270) + + -- Guilhem Moulin <guilhem@debian.org> Sat, 09 Mar 2024 23:05:42 +0100 + cryptsetup (2:2.7.0-1~progress7.99u1) graograman-backports; urgency=medium * Uploading to graograman-updates, remaining changes: diff --git a/debian/control b/debian/control index e2f7ccb..68c6fe6 100644 --- a/debian/control +++ b/debian/control @@ -49,6 +49,7 @@ Depends: cryptsetup-bin (>= 2:1.6.0), keyutils, ${misc:Depends}, ${shlibs:Depends} +Conflicts: cryptsetup-nuke-password (<< 5~) Suggests: cryptsetup-initramfs, dosfstools, liblocale-gettext-perl Description: disk encryption support - startup scripts Cryptsetup provides an interface for configuring encryption on block diff --git a/debian/cryptsetup-bin.install b/debian/cryptsetup-bin.install index 6c344e1..83a4171 100644 --- a/debian/cryptsetup-bin.install +++ b/debian/cryptsetup-bin.install @@ -1,5 +1,5 @@ -sbin/cryptsetup -sbin/integritysetup -sbin/veritysetup +usr/sbin/cryptsetup +usr/sbin/integritysetup +usr/sbin/veritysetup usr/lib/tmpfiles.d/cryptsetup.conf usr/share/locale/*/*/* diff --git a/debian/cryptsetup-ssh.install b/debian/cryptsetup-ssh.install index f41adb1..4ee9835 100644 --- a/debian/cryptsetup-ssh.install +++ b/debian/cryptsetup-ssh.install @@ -1,2 +1,2 @@ -lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.so -sbin/cryptsetup-ssh +usr/lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.so +usr/sbin/cryptsetup-ssh diff --git a/debian/cryptsetup-suspend.install b/debian/cryptsetup-suspend.install index 371a98f..deb238f 100644 --- a/debian/cryptsetup-suspend.install +++ b/debian/cryptsetup-suspend.install @@ -1,5 +1,5 @@ -debian/scripts/suspend/cryptsetup-suspend /lib/cryptsetup/scripts/suspend/ -debian/scripts/suspend/cryptsetup-suspend-wrapper /lib/cryptsetup/scripts/suspend/ -debian/scripts/suspend/cryptsetup-suspend.shutdown /lib/systemd/system-shutdown/ +debian/scripts/suspend/cryptsetup-suspend /usr/lib/cryptsetup/scripts/suspend/ +debian/scripts/suspend/cryptsetup-suspend-wrapper /usr/lib/cryptsetup/scripts/suspend/ +debian/scripts/suspend/cryptsetup-suspend.shutdown /usr/lib/systemd/system-shutdown/ debian/scripts/suspend/suspend.conf /etc/cryptsetup/ -debian/scripts/suspend/systemd/cryptsetup-suspend.conf /lib/systemd/system/systemd-suspend.service.d/ +debian/scripts/suspend/systemd/cryptsetup-suspend.conf /usr/lib/systemd/system/systemd-suspend.service.d/ diff --git a/debian/cryptsetup-udeb.install b/debian/cryptsetup-udeb.install index b37fb69..d6ccaeb 100644 --- a/debian/cryptsetup-udeb.install +++ b/debian/cryptsetup-udeb.install @@ -1,7 +1,7 @@ -debian/askpass /lib/cryptsetup/ -debian/checks/* /lib/cryptsetup/checks/ -debian/cryptdisks-functions /lib/cryptsetup/ -debian/functions /lib/cryptsetup/ -debian/scripts/decrypt_* /lib/cryptsetup/scripts/ -debian/scripts/passdev /lib/cryptsetup/scripts/ -sbin/cryptsetup +debian/askpass /usr/lib/cryptsetup/ +debian/checks/* /usr/lib/cryptsetup/checks/ +debian/cryptdisks-functions /usr/lib/cryptsetup/ +debian/functions /usr/lib/cryptsetup/ +debian/scripts/decrypt_* /usr/lib/cryptsetup/scripts/ +debian/scripts/passdev /usr/lib/cryptsetup/scripts/ +usr/sbin/cryptsetup diff --git a/debian/cryptsetup.install b/debian/cryptsetup.install index 934801d..d33b7a0 100644 --- a/debian/cryptsetup.install +++ b/debian/cryptsetup.install @@ -1,9 +1,9 @@ -debian/askpass /lib/cryptsetup/ +debian/askpass /usr/lib/cryptsetup/ debian/bash_completion/cryptdisks_start /usr/share/bash-completion/completions/ -debian/checks/* /lib/cryptsetup/checks/ -debian/cryptdisks-functions /lib/cryptsetup/ -debian/functions /lib/cryptsetup/ -debian/scripts/cryptdisks_* /sbin/ -debian/scripts/decrypt_* /lib/cryptsetup/scripts/ +debian/checks/* /usr/lib/cryptsetup/checks/ +debian/cryptdisks-functions /usr/lib/cryptsetup/ +debian/functions /usr/lib/cryptsetup/ +debian/scripts/cryptdisks_* /usr/sbin/ +debian/scripts/decrypt_* /usr/lib/cryptsetup/scripts/ debian/scripts/luksformat /usr/sbin/ -debian/scripts/passdev /lib/cryptsetup/scripts/ +debian/scripts/passdev /usr/lib/cryptsetup/scripts/ diff --git a/debian/cryptsetup.lintian-overrides b/debian/cryptsetup.lintian-overrides index 393e3fe..10c9938 100644 --- a/debian/cryptsetup.lintian-overrides +++ b/debian/cryptsetup.lintian-overrides @@ -1,3 +1,4 @@ init.d-script-does-not-implement-status-option [etc/init.d/cryptdisks] init.d-script-does-not-implement-status-option [etc/init.d/cryptdisks-early] no-debconf-config +cryptsetup: conflicts-with-version cryptsetup-nuke-password (<< 5~) diff --git a/debian/cryptsetup.postinst b/debian/cryptsetup.postinst index 635324b..6643d4e 100644 --- a/debian/cryptsetup.postinst +++ b/debian/cryptsetup.postinst @@ -14,6 +14,21 @@ set -e # <failed-install-package> <version> `removing' # <conflicting-package> <version> +# begin-remove-after: released:forky +if [ "$1" = configure ] && + [ "$(dpkg-divert --truename /usr/lib/cryptsetup/askpass)" = /usr/lib/cryptsetup/askpass.usr-is-merged ] && + [ "$(dpkg-divert --listpackage /usr/lib/cryptsetup/askpass)" = cryptsetup-nuke-password ]; then + # /usr/lib/cryptsetup/askpass is still diverted in the same way as our + # preinst did. Conclude that cryptsetup-nuke-password was installed + # during preinst, we duplicated the diversion and now + # cryptsetup-nuke-password is removed. We have to clean up. + echo "Removing duplicated diversion of /usr/lib/cryptsetup/askpass after cryptsetup-nuke-password is removed." + dpkg-divert --rename --package cryptsetup-nuke-password \ + --divert /usr/lib/cryptsetup/askpass.usr-is-merged \ + --remove /usr/lib/cryptsetup/askpass +fi +# end-remove-after + case "$1" in configure) for file in cryptdisks_start cryptdisks_stop; do diff --git a/debian/cryptsetup.preinst b/debian/cryptsetup.preinst index 7f1e1bc..2e5a7fc 100644 --- a/debian/cryptsetup.preinst +++ b/debian/cryptsetup.preinst @@ -8,6 +8,20 @@ if [ "$1" = install ] && [ ! -f "/etc/crypttab" ]; then EOC fi +# begin-remove-after: released:forky +if [ "$1" = "upgrade" ] || [ "$1" = install ]; then + if [ "$(dpkg-divert --truename /lib/cryptsetup/askpass)" = /lib/cryptsetup/askpass.cryptsetup ] && + [ "$(dpkg-divert --listpackage /lib/cryptsetup/askpass)" = cryptsetup-nuke-password ] && + [ "$(dpkg-divert --truename /usr/lib/cryptsetup/askpass)" = /usr/lib/cryptsetup/askpass ]; then + # A pre-/usr-merge cryptsetup-nuke-password is installed. + echo "Mitigating diversion of /lib/cryptsetup/askpass on behalf of cryptsetup-nuke-password" + dpkg-divert --no-rename --package cryptsetup-nuke-password \ + --divert /usr/lib/cryptsetup/askpass.usr-is-merged \ + --add /usr/lib/cryptsetup/askpass + fi +fi +# end-remove-after + #DEBHELPER# exit 0 diff --git a/debian/functions b/debian/functions index 3409787..7d3b6c2 100644 --- a/debian/functions +++ b/debian/functions @@ -115,7 +115,7 @@ crypttab_parse_options() { # use decrypt_keyctl by default if no keyscript in /etc/crypttab if [ -z "$CRYPTTAB_OPTION_keyscript" ]; then - CRYPTTAB_OPTION_keyscript="/lib/cryptsetup/scripts/decrypt_keyctl" + CRYPTTAB_OPTION_keyscript="/usr/lib/cryptsetup/scripts/decrypt_keyctl" fi if ! _get_crypt_type; then # set CRYPTTAB_TYPE to the type of crypt device @@ -609,34 +609,52 @@ _resolve_device() { # mounted currenty mounted on $mountpoint. # Return 0 on success, 1 on error (if $mountpoint is not a mountpoint). get_mnt_devno() { - local wantmount="$1" devnos="" uuid dev IFS - local spec mountpoint fstype _ DEV MAJ MIN - - while IFS=" " read -r spec mountpoint fstype _; do - # treat lines starting with '#' as comments; /proc/mounts - # doesn't seem to contain these but per procfs(5) the format of - # that file is analogous to fstab(5)'s - if [ "${spec#\#}" = "$spec" ] && [ -n "$spec" ] && - [ "$(printf '%b' "$mountpoint")" = "$wantmount" ]; then - # take the last mountpoint if used several times (shadowed) - unset -v devnos - spec="$(printf '%b' "$spec")" - _resolve_device "$spec" || continue # _resolve_device() already warns on error - fstype="$(printf '%b' "$fstype")" - if [ "$fstype" = "btrfs" ]; then - # btrfs can span over multiple devices - if uuid="$(_device_uuid "$DEV")"; then - for dev in "/sys/fs/$fstype/$uuid/devices"/*/dev; do - devnos="${devnos:+$devnos }$(cat "$dev")" - done - else - cryptsetup_message "ERROR: $spec: Couldn't determine UUID" - fi - elif [ -n "$fstype" ]; then - devnos="$MAJ:$MIN" + local wantmount="$1" devnos="" uuid dev + local out spec fstype DEV MAJ MIN + + # use awk rather than a `while read; do done` loop here as /proc/mounts + # can be many thousands lines long and the `read` builtin goes one + # byte at the time which slows down execution time, see MR !36 + out="$(awk -v mp="$wantmount" -- ' + BEGIN { + FS = "[ \t]" + ret = "" + } + !/^\s*(#|$)/ { + # decode octal sequences; per procfs(5) the format of /proc/mounts + # is analogous to fstab(5) + head = "" + while (match($2, /\\[0-7]{3}/)) { + oct = substr($2, RSTART+1, RLENGTH-1) + dec = (substr(oct, 1, 1) * 8 + substr(oct, 2, 1)) * 8 + substr(oct, 3, 1) + head = head substr($2, 1, RSTART-1) sprintf("%c", dec) + $2 = substr($2, RSTART+RLENGTH) + } + if (head $2 == mp) { + # take the last mountpoint if used several times (shadowed) + ret = $1 " " $3 + } + } + END { + print ret + }' </proc/mounts)" || out="" + + spec="$(printf '%b' "${out% *}")" + if [ -n "$out" ] && _resolve_device "$spec"; then # _resolve_device() already warns on error + fstype="${out##* }" + if [ "$fstype" = "btrfs" ]; then + # btrfs can span over multiple devices + if uuid="$(_device_uuid "$DEV")"; then + for dev in "/sys/fs/$fstype/$uuid/devices"/*/dev; do + devnos="${devnos:+$devnos }$(cat "$dev")" + done + else + cryptsetup_message "ERROR: $spec: Couldn't determine UUID" fi + elif [ -n "$fstype" ]; then + devnos="$MAJ:$MIN" fi - done </proc/mounts + fi if [ -z "${devnos:+x}" ]; then return 1 # not found diff --git a/debian/libcryptsetup-dev.install b/debian/libcryptsetup-dev.install index edf075c..1211b75 100644 --- a/debian/libcryptsetup-dev.install +++ b/debian/libcryptsetup-dev.install @@ -1,3 +1,3 @@ -lib/${DEB_HOST_MULTIARCH}/*.so -lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc /usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/ +usr/lib/${DEB_HOST_MULTIARCH}/*.so +usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc usr/include/*.h diff --git a/debian/libcryptsetup12-udeb.install b/debian/libcryptsetup12-udeb.install index db6f744..8b38ff6 100644 --- a/debian/libcryptsetup12-udeb.install +++ b/debian/libcryptsetup12-udeb.install @@ -1 +1 @@ -lib/${DEB_HOST_MULTIARCH}/*.so.* +usr/lib/${DEB_HOST_MULTIARCH}/*.so.* diff --git a/debian/libcryptsetup12.install b/debian/libcryptsetup12.install index db6f744..8b38ff6 100644 --- a/debian/libcryptsetup12.install +++ b/debian/libcryptsetup12.install @@ -1 +1 @@ -lib/${DEB_HOST_MULTIARCH}/*.so.* +usr/lib/${DEB_HOST_MULTIARCH}/*.so.* diff --git a/debian/libcryptsetup12.lintian-overrides b/debian/libcryptsetup12.lintian-overrides deleted file mode 100644 index fc6d52e..0000000 --- a/debian/libcryptsetup12.lintian-overrides +++ /dev/null @@ -1,3 +0,0 @@ -# See reasoning at #843932 ('dev-pkg-without-shlib-symlink' was renamed -# to 'lacks-unversioned-link-to-shared-library') -lacks-unversioned-link-to-shared-library example: usr/lib/x86_64-linux-gnu/libcryptsetup.so [lib/x86_64-linux-gnu/libcryptsetup.so.12.*] diff --git a/debian/not-installed b/debian/not-installed index 22b45e1..1b9657a 100644 --- a/debian/not-installed +++ b/debian/not-installed @@ -1,2 +1,2 @@ -lib/${DEB_HOST_MULTIARCH}/libcryptsetup.la -lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.la +usr/lib/${DEB_HOST_MULTIARCH}/libcryptsetup.la +usr/lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.la diff --git a/debian/rules b/debian/rules index 757085c..0398211 100755 --- a/debian/rules +++ b/debian/rules @@ -24,8 +24,6 @@ endif override_dh_auto_configure: dh_auto_configure -- $(CONFFLAGS) \ - --libdir=/lib/$(DEB_HOST_MULTIARCH) \ - --sbindir=/sbin \ --with-tmpfilesdir=/usr/lib/tmpfiles.d \ --enable-libargon2 \ --enable-shared \ @@ -85,13 +83,13 @@ override_dh_bugfiles: dh_bugfiles -A execute_after_dh_fixperms-arch: - chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/* - chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_* - chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper - chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown + chmod 0755 debian/cryptsetup/usr/lib/cryptsetup/checks/* + chmod 0755 debian/cryptsetup/usr/lib/cryptsetup/scripts/decrypt_* + chmod 0755 debian/cryptsetup-suspend/usr/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper + chmod 0755 debian/cryptsetup-suspend/usr/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES))) - chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/* - chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_* + chmod 0755 debian/cryptsetup-udeb/usr/lib/cryptsetup/checks/* + chmod 0755 debian/cryptsetup-udeb/usr/lib/cryptsetup/scripts/decrypt_* endif execute_after_dh_fixperms-indep: diff --git a/debian/tests/utils/cryptroot-common b/debian/tests/utils/cryptroot-common index a7df37f..2d73d9d 100755 --- a/debian/tests/utils/cryptroot-common +++ b/debian/tests/utils/cryptroot-common @@ -416,9 +416,12 @@ extract_kernel() { fi mkdir "$destdir" + mkdir "$destdir/usr" "$destdir/usr/lib" + ln -sT "usr/lib" "$destdir/lib" dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \ + --wildcards --wildcards-match-slash \ "./boot/vmlinuz-$KERNEL_VERSION" \ - "./lib/modules/$KERNEL_VERSION" + "*/lib/modules/$KERNEL_VERSION" ln -T -- "$destdir/boot/vmlinuz-$KERNEL_VERSION" "$TEMPDIR/vmlinuz-$KERNEL_VERSION" } |