From 0c50fbfc9ef4f6c538804759ab9f6143ac2d028b Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 17 Apr 2024 10:37:32 +0200
Subject: Merging debian version 2:2.7.1-1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/changelog                         | 18 ++++++++
 debian/control                           |  1 +
 debian/cryptsetup-bin.install            |  6 +--
 debian/cryptsetup-ssh.install            |  4 +-
 debian/cryptsetup-suspend.install        |  8 ++--
 debian/cryptsetup-udeb.install           | 14 +++----
 debian/cryptsetup.install                | 14 +++----
 debian/cryptsetup.lintian-overrides      |  1 +
 debian/cryptsetup.postinst               | 15 +++++++
 debian/cryptsetup.preinst                | 14 +++++++
 debian/functions                         | 72 ++++++++++++++++++++------------
 debian/libcryptsetup-dev.install         |  4 +-
 debian/libcryptsetup12-udeb.install      |  2 +-
 debian/libcryptsetup12.install           |  2 +-
 debian/libcryptsetup12.lintian-overrides |  3 --
 debian/not-installed                     |  4 +-
 debian/rules                             | 14 +++----
 debian/tests/utils/cryptroot-common      |  5 ++-
 18 files changed, 133 insertions(+), 68 deletions(-)
 delete mode 100644 debian/libcryptsetup12.lintian-overrides

diff --git a/debian/changelog b/debian/changelog
index 890e7b5..147d2e4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+cryptsetup (2:2.7.1-1) unstable; urgency=medium
+
+  * New bugfix upstream release.
+
+  [ Guilhem Moulin ]
+  * d/functions: get_mnt_devno(): Speed up execution time on large
+    /proc/mounts.
+  * d/t/cryptroot-*: Fix DEP-8 tests when the kernel .deb installs modules in
+    /usr/lib/modules not /lib/modules, such as
+    linux-image-6.6.15-686-pae_6.6.15-2_i386.deb.
+  * d/cryptsetup.lintian-overrides: Remove unused overrides.
+
+  [ Helmut Grohne ]
+  * /lib/cryptsetup/askpass: Coordinated move to /usr for DEP17
+    (Closes: #1060270)
+
+ -- Guilhem Moulin <guilhem@debian.org>  Sat, 09 Mar 2024 23:05:42 +0100
+
 cryptsetup (2:2.7.0-1~progress7.99u1) graograman-backports; urgency=medium
 
   * Uploading to graograman-updates, remaining changes:
diff --git a/debian/control b/debian/control
index e2f7ccb..68c6fe6 100644
--- a/debian/control
+++ b/debian/control
@@ -49,6 +49,7 @@ Depends: cryptsetup-bin (>= 2:1.6.0),
          keyutils,
          ${misc:Depends},
          ${shlibs:Depends}
+Conflicts: cryptsetup-nuke-password (<< 5~)
 Suggests: cryptsetup-initramfs, dosfstools, liblocale-gettext-perl
 Description: disk encryption support - startup scripts
  Cryptsetup provides an interface for configuring encryption on block
diff --git a/debian/cryptsetup-bin.install b/debian/cryptsetup-bin.install
index 6c344e1..83a4171 100644
--- a/debian/cryptsetup-bin.install
+++ b/debian/cryptsetup-bin.install
@@ -1,5 +1,5 @@
-sbin/cryptsetup
-sbin/integritysetup
-sbin/veritysetup
+usr/sbin/cryptsetup
+usr/sbin/integritysetup
+usr/sbin/veritysetup
 usr/lib/tmpfiles.d/cryptsetup.conf
 usr/share/locale/*/*/*
diff --git a/debian/cryptsetup-ssh.install b/debian/cryptsetup-ssh.install
index f41adb1..4ee9835 100644
--- a/debian/cryptsetup-ssh.install
+++ b/debian/cryptsetup-ssh.install
@@ -1,2 +1,2 @@
-lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.so
-sbin/cryptsetup-ssh
+usr/lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.so
+usr/sbin/cryptsetup-ssh
diff --git a/debian/cryptsetup-suspend.install b/debian/cryptsetup-suspend.install
index 371a98f..deb238f 100644
--- a/debian/cryptsetup-suspend.install
+++ b/debian/cryptsetup-suspend.install
@@ -1,5 +1,5 @@
-debian/scripts/suspend/cryptsetup-suspend /lib/cryptsetup/scripts/suspend/
-debian/scripts/suspend/cryptsetup-suspend-wrapper /lib/cryptsetup/scripts/suspend/
-debian/scripts/suspend/cryptsetup-suspend.shutdown /lib/systemd/system-shutdown/
+debian/scripts/suspend/cryptsetup-suspend /usr/lib/cryptsetup/scripts/suspend/
+debian/scripts/suspend/cryptsetup-suspend-wrapper /usr/lib/cryptsetup/scripts/suspend/
+debian/scripts/suspend/cryptsetup-suspend.shutdown /usr/lib/systemd/system-shutdown/
 debian/scripts/suspend/suspend.conf /etc/cryptsetup/
-debian/scripts/suspend/systemd/cryptsetup-suspend.conf /lib/systemd/system/systemd-suspend.service.d/
+debian/scripts/suspend/systemd/cryptsetup-suspend.conf /usr/lib/systemd/system/systemd-suspend.service.d/
diff --git a/debian/cryptsetup-udeb.install b/debian/cryptsetup-udeb.install
index b37fb69..d6ccaeb 100644
--- a/debian/cryptsetup-udeb.install
+++ b/debian/cryptsetup-udeb.install
@@ -1,7 +1,7 @@
-debian/askpass              /lib/cryptsetup/
-debian/checks/*             /lib/cryptsetup/checks/
-debian/cryptdisks-functions /lib/cryptsetup/
-debian/functions            /lib/cryptsetup/
-debian/scripts/decrypt_*    /lib/cryptsetup/scripts/
-debian/scripts/passdev      /lib/cryptsetup/scripts/
-sbin/cryptsetup
+debian/askpass              /usr/lib/cryptsetup/
+debian/checks/*             /usr/lib/cryptsetup/checks/
+debian/cryptdisks-functions /usr/lib/cryptsetup/
+debian/functions            /usr/lib/cryptsetup/
+debian/scripts/decrypt_*    /usr/lib/cryptsetup/scripts/
+debian/scripts/passdev      /usr/lib/cryptsetup/scripts/
+usr/sbin/cryptsetup
diff --git a/debian/cryptsetup.install b/debian/cryptsetup.install
index 934801d..d33b7a0 100644
--- a/debian/cryptsetup.install
+++ b/debian/cryptsetup.install
@@ -1,9 +1,9 @@
-debian/askpass                          /lib/cryptsetup/
+debian/askpass                          /usr/lib/cryptsetup/
 debian/bash_completion/cryptdisks_start /usr/share/bash-completion/completions/
-debian/checks/*                         /lib/cryptsetup/checks/
-debian/cryptdisks-functions             /lib/cryptsetup/
-debian/functions                        /lib/cryptsetup/
-debian/scripts/cryptdisks_*             /sbin/
-debian/scripts/decrypt_*                /lib/cryptsetup/scripts/
+debian/checks/*                         /usr/lib/cryptsetup/checks/
+debian/cryptdisks-functions             /usr/lib/cryptsetup/
+debian/functions                        /usr/lib/cryptsetup/
+debian/scripts/cryptdisks_*             /usr/sbin/
+debian/scripts/decrypt_*                /usr/lib/cryptsetup/scripts/
 debian/scripts/luksformat               /usr/sbin/
-debian/scripts/passdev                  /lib/cryptsetup/scripts/
+debian/scripts/passdev                  /usr/lib/cryptsetup/scripts/
diff --git a/debian/cryptsetup.lintian-overrides b/debian/cryptsetup.lintian-overrides
index 393e3fe..10c9938 100644
--- a/debian/cryptsetup.lintian-overrides
+++ b/debian/cryptsetup.lintian-overrides
@@ -1,3 +1,4 @@
 init.d-script-does-not-implement-status-option [etc/init.d/cryptdisks]
 init.d-script-does-not-implement-status-option [etc/init.d/cryptdisks-early]
 no-debconf-config
+cryptsetup: conflicts-with-version cryptsetup-nuke-password (<< 5~)
diff --git a/debian/cryptsetup.postinst b/debian/cryptsetup.postinst
index 635324b..6643d4e 100644
--- a/debian/cryptsetup.postinst
+++ b/debian/cryptsetup.postinst
@@ -14,6 +14,21 @@ set -e
 #          <failed-install-package> <version> `removing'
 #          <conflicting-package> <version>
 
+# begin-remove-after: released:forky
+if [ "$1" = configure ] &&
+	[ "$(dpkg-divert --truename /usr/lib/cryptsetup/askpass)" = /usr/lib/cryptsetup/askpass.usr-is-merged ] &&
+	[ "$(dpkg-divert --listpackage /usr/lib/cryptsetup/askpass)" = cryptsetup-nuke-password ]; then
+	# /usr/lib/cryptsetup/askpass is still diverted in the same way as our
+	# preinst did.  Conclude that cryptsetup-nuke-password was installed
+	# during preinst, we duplicated the diversion and now
+	# cryptsetup-nuke-password is removed. We have to clean up.
+	echo "Removing duplicated diversion of /usr/lib/cryptsetup/askpass after cryptsetup-nuke-password is removed."
+	dpkg-divert --rename --package cryptsetup-nuke-password \
+		--divert /usr/lib/cryptsetup/askpass.usr-is-merged \
+		--remove /usr/lib/cryptsetup/askpass
+fi
+# end-remove-after
+
 case "$1" in
     configure)
         for file in cryptdisks_start cryptdisks_stop; do
diff --git a/debian/cryptsetup.preinst b/debian/cryptsetup.preinst
index 7f1e1bc..2e5a7fc 100644
--- a/debian/cryptsetup.preinst
+++ b/debian/cryptsetup.preinst
@@ -8,6 +8,20 @@ if [ "$1" = install ] && [ ! -f "/etc/crypttab" ]; then
 	EOC
 fi
 
+# begin-remove-after: released:forky
+if [ "$1" = "upgrade" ] || [ "$1" = install ]; then
+	if [ "$(dpkg-divert --truename /lib/cryptsetup/askpass)" = /lib/cryptsetup/askpass.cryptsetup ] &&
+		[ "$(dpkg-divert --listpackage /lib/cryptsetup/askpass)" = cryptsetup-nuke-password ] &&
+		[ "$(dpkg-divert --truename /usr/lib/cryptsetup/askpass)" = /usr/lib/cryptsetup/askpass ]; then
+		# A pre-/usr-merge cryptsetup-nuke-password is installed.
+		echo "Mitigating diversion of /lib/cryptsetup/askpass on behalf of cryptsetup-nuke-password"
+		dpkg-divert --no-rename --package cryptsetup-nuke-password \
+			    --divert /usr/lib/cryptsetup/askpass.usr-is-merged \
+			    --add /usr/lib/cryptsetup/askpass
+	fi
+fi
+# end-remove-after
+
 #DEBHELPER#
 
 exit 0
diff --git a/debian/functions b/debian/functions
index 3409787..7d3b6c2 100644
--- a/debian/functions
+++ b/debian/functions
@@ -115,7 +115,7 @@ crypttab_parse_options() {
 
     # use decrypt_keyctl by default if no keyscript in /etc/crypttab
     if [ -z "$CRYPTTAB_OPTION_keyscript" ]; then
-        CRYPTTAB_OPTION_keyscript="/lib/cryptsetup/scripts/decrypt_keyctl"
+        CRYPTTAB_OPTION_keyscript="/usr/lib/cryptsetup/scripts/decrypt_keyctl"
     fi
 
     if ! _get_crypt_type; then # set CRYPTTAB_TYPE to the type of crypt device
@@ -609,34 +609,52 @@ _resolve_device() {
 #   mounted currenty mounted on $mountpoint.
 #   Return 0 on success, 1 on error (if $mountpoint is not a mountpoint).
 get_mnt_devno() {
-    local wantmount="$1" devnos="" uuid dev IFS
-    local spec mountpoint fstype _ DEV MAJ MIN
-
-    while IFS=" 	" read -r spec mountpoint fstype _; do
-        # treat lines starting with '#' as comments; /proc/mounts
-        # doesn't seem to contain these but per procfs(5) the format of
-        # that file is analogous to fstab(5)'s
-        if [ "${spec#\#}" = "$spec" ] && [ -n "$spec" ] &&
-                [ "$(printf '%b' "$mountpoint")" = "$wantmount" ]; then
-            # take the last mountpoint if used several times (shadowed)
-            unset -v devnos
-            spec="$(printf '%b' "$spec")"
-            _resolve_device "$spec" || continue # _resolve_device() already warns on error
-            fstype="$(printf '%b' "$fstype")"
-            if [ "$fstype" = "btrfs" ]; then
-                # btrfs can span over multiple devices
-                if uuid="$(_device_uuid "$DEV")"; then
-                    for dev in "/sys/fs/$fstype/$uuid/devices"/*/dev; do
-                        devnos="${devnos:+$devnos }$(cat "$dev")"
-                    done
-                else
-                    cryptsetup_message "ERROR: $spec: Couldn't determine UUID"
-                fi
-            elif [ -n "$fstype" ]; then
-                devnos="$MAJ:$MIN"
+    local wantmount="$1" devnos="" uuid dev
+    local out spec fstype DEV MAJ MIN
+
+    # use awk rather than a `while read; do done` loop here as /proc/mounts
+    # can be many thousands lines long and the `read` builtin goes one
+    # byte at the time which slows down execution time, see MR !36
+    out="$(awk -v mp="$wantmount" -- '
+        BEGIN {
+            FS = "[ \t]"
+            ret = ""
+        }
+        !/^\s*(#|$)/ {
+            # decode octal sequences; per procfs(5) the format of /proc/mounts
+            # is analogous to fstab(5)
+            head = ""
+            while (match($2, /\\[0-7]{3}/)) {
+                oct = substr($2, RSTART+1, RLENGTH-1)
+                dec = (substr(oct, 1, 1) * 8 + substr(oct, 2, 1)) * 8 + substr(oct, 3, 1)
+                head = head substr($2, 1, RSTART-1) sprintf("%c", dec)
+                $2 = substr($2, RSTART+RLENGTH)
+            }
+            if (head $2 == mp) {
+                # take the last mountpoint if used several times (shadowed)
+                ret = $1 "	" $3
+            }
+        }
+        END {
+            print ret
+        }' </proc/mounts)" || out=""
+
+    spec="$(printf '%b' "${out%	*}")"
+    if [ -n "$out" ] && _resolve_device "$spec"; then # _resolve_device() already warns on error
+        fstype="${out##*	}"
+        if [ "$fstype" = "btrfs" ]; then
+            # btrfs can span over multiple devices
+            if uuid="$(_device_uuid "$DEV")"; then
+                for dev in "/sys/fs/$fstype/$uuid/devices"/*/dev; do
+                    devnos="${devnos:+$devnos }$(cat "$dev")"
+                done
+            else
+                cryptsetup_message "ERROR: $spec: Couldn't determine UUID"
             fi
+        elif [ -n "$fstype" ]; then
+            devnos="$MAJ:$MIN"
         fi
-    done </proc/mounts
+    fi
 
     if [ -z "${devnos:+x}" ]; then
         return 1 # not found
diff --git a/debian/libcryptsetup-dev.install b/debian/libcryptsetup-dev.install
index edf075c..1211b75 100644
--- a/debian/libcryptsetup-dev.install
+++ b/debian/libcryptsetup-dev.install
@@ -1,3 +1,3 @@
-lib/${DEB_HOST_MULTIARCH}/*.so
-lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc /usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/
+usr/lib/${DEB_HOST_MULTIARCH}/*.so
+usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc
 usr/include/*.h
diff --git a/debian/libcryptsetup12-udeb.install b/debian/libcryptsetup12-udeb.install
index db6f744..8b38ff6 100644
--- a/debian/libcryptsetup12-udeb.install
+++ b/debian/libcryptsetup12-udeb.install
@@ -1 +1 @@
-lib/${DEB_HOST_MULTIARCH}/*.so.*
+usr/lib/${DEB_HOST_MULTIARCH}/*.so.*
diff --git a/debian/libcryptsetup12.install b/debian/libcryptsetup12.install
index db6f744..8b38ff6 100644
--- a/debian/libcryptsetup12.install
+++ b/debian/libcryptsetup12.install
@@ -1 +1 @@
-lib/${DEB_HOST_MULTIARCH}/*.so.*
+usr/lib/${DEB_HOST_MULTIARCH}/*.so.*
diff --git a/debian/libcryptsetup12.lintian-overrides b/debian/libcryptsetup12.lintian-overrides
deleted file mode 100644
index fc6d52e..0000000
--- a/debian/libcryptsetup12.lintian-overrides
+++ /dev/null
@@ -1,3 +0,0 @@
-# See reasoning at #843932 ('dev-pkg-without-shlib-symlink' was renamed
-# to 'lacks-unversioned-link-to-shared-library')
-lacks-unversioned-link-to-shared-library example: usr/lib/x86_64-linux-gnu/libcryptsetup.so [lib/x86_64-linux-gnu/libcryptsetup.so.12.*]
diff --git a/debian/not-installed b/debian/not-installed
index 22b45e1..1b9657a 100644
--- a/debian/not-installed
+++ b/debian/not-installed
@@ -1,2 +1,2 @@
-lib/${DEB_HOST_MULTIARCH}/libcryptsetup.la
-lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.la
+usr/lib/${DEB_HOST_MULTIARCH}/libcryptsetup.la
+usr/lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.la
diff --git a/debian/rules b/debian/rules
index 757085c..0398211 100755
--- a/debian/rules
+++ b/debian/rules
@@ -24,8 +24,6 @@ endif
 
 override_dh_auto_configure:
 	dh_auto_configure -- $(CONFFLAGS) \
-		--libdir=/lib/$(DEB_HOST_MULTIARCH) \
-		--sbindir=/sbin \
 		--with-tmpfilesdir=/usr/lib/tmpfiles.d \
 		--enable-libargon2 \
 		--enable-shared \
@@ -85,13 +83,13 @@ override_dh_bugfiles:
 	dh_bugfiles -A
 
 execute_after_dh_fixperms-arch:
-	chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/*
-	chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_*
-	chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
-	chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
+	chmod 0755 debian/cryptsetup/usr/lib/cryptsetup/checks/*
+	chmod 0755 debian/cryptsetup/usr/lib/cryptsetup/scripts/decrypt_*
+	chmod 0755 debian/cryptsetup-suspend/usr/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
+	chmod 0755 debian/cryptsetup-suspend/usr/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
 ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES)))
-	chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/*
-	chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_*
+	chmod 0755 debian/cryptsetup-udeb/usr/lib/cryptsetup/checks/*
+	chmod 0755 debian/cryptsetup-udeb/usr/lib/cryptsetup/scripts/decrypt_*
 endif
 
 execute_after_dh_fixperms-indep:
diff --git a/debian/tests/utils/cryptroot-common b/debian/tests/utils/cryptroot-common
index a7df37f..2d73d9d 100755
--- a/debian/tests/utils/cryptroot-common
+++ b/debian/tests/utils/cryptroot-common
@@ -416,9 +416,12 @@ extract_kernel() {
     fi
 
     mkdir "$destdir"
+    mkdir "$destdir/usr" "$destdir/usr/lib"
+    ln -sT "usr/lib" "$destdir/lib"
     dpkg-deb --fsys-tarfile "$APT_CACHE/archives/$KERNEL_DEB" | tar -C "$destdir" -xf- \
+        --wildcards --wildcards-match-slash \
         "./boot/vmlinuz-$KERNEL_VERSION" \
-        "./lib/modules/$KERNEL_VERSION"
+        "*/lib/modules/$KERNEL_VERSION"
     ln -T -- "$destdir/boot/vmlinuz-$KERNEL_VERSION" "$TEMPDIR/vmlinuz-$KERNEL_VERSION"
 }
 
-- 
cgit v1.2.3