Your message dated Sun, 10 Mar 2024 00:57:32 +0000
with message-id <[email protected]>
and subject line Bug#1060270: fixed in cryptsetup 2:2.7.1-1
has caused the Debian Bug report #1060270,
regarding /lib/cryptsetup/askpass: coordinated move to /usr for DEP17
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1060270: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060270
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: cryptsetup-nuke-password
Version: 4+nmu1
User: [email protected]
Usertags: dep17m2 dep17p3
Control: clone -1 -2
Control: reassign -2 cryptsetup
Control: block -2 by -1
Hi,
for finalizing the /usr-merge via DEP17, we want to move all aliased
files to /usr. cryptsetup and cryptsetup-nuke-password are affected in
multiple ways. For one think /lib/cryptsetup/askpass is being diverted
and diversions need special attention (DEP17 P3), for another
libcryptsetup12 is part of the debootstrap set and needs to be done
soon.
I've done a similar conversion for molly-guard/systemd and have prepared
patches for cryptsetup-nuke-password and cryptsetup. Notably:
* These patches move all the files to /usr. (DEP17 M2)
* Therefore, cryptsetup declares versioned Conflicts for
cryptsetup-nuke-password. Please check the version that actually will
be uploaded before uploading cryptsetup.
* cryptsetup-nuke-password actually uses the original askpass, but it
only declares a dependency on cryptsetup-bin, which does not contain
askpass. I consider this a bug and upgrade the dependency to
cryptsetup. I hope this is fine.
* Since cryptsetup-nuke-password depends on the package it diverts
(after my previous change), I upgrade the dependency to the version
that is expected to apply this patch in cryptsetup. Please coordinate
this version with the cryptsetup maintainer.
* The way I have implemented this (and which reduces complexity), the
moved cryptsetup will be incompatible with the aliased
cryptsetup-nuke-password and the moved cryptsetup-nuke-password will
be incompatible with the moved cryptsetup. Hence these uploads need
to happen concurrently. Otherwise, the packages will not migrate to
testing.
* There is a corner case when performing the upgrade with dpkg. If you
schedule cryptsetup-nuke-password for removal (using dpkg
--set-selections) and then unpack the updated cryptsetup, askpass
will be lost. After consultation with [email protected]
we consider this acceptable and do not mitigate it. If you want this
mitigated, cryptsetup needs to ship a copy of askpass else where
(.e.g. a hardlink in the same directory) and have its postinst
restore the lost file in case it is missing. This loss cannot be
experienced when working with apt. (In the sense that we couldn't
trick apt into loosing it, but there is no proof that this cannot
happen.)
* Acceptance of this patch will make both packages un-backportatble.
These patches must not be uploaded to bookworm-backports or earlier.
Removing these patches in a backport would result in a high-versioned
cryptsetup containing aliased files. That would break
cryptsetup-nuke-password's assumption that a high enough version of
cryptsetup is moved. Therefore cryptsetup must not be backported. If
you want cryptsetup backportable, a more elaborate patch on the
cryptsetup-nuke-password side is needed or the backported cryptsetup
must declare an unversioned conflict for cryptsetup-nuke-password.
* Please upload these changes to experimental first. That allows
running them past QA systems such as piuparts, dumat and others and
also lets us double check the version constraints.
* If you later restructure (move files to a different binary package)
any binary package, please go via experimental as you may need
further mitigations for /usr-merged caused file loss (DEP17 P1).
I see that this may sound scary. We'll get past this mess together. If
things break, I'll keep the pieces and I've done so for molly-guard
already. Let me know if you have any questions.
Helmut
--- End Message ---
--- Begin Message ---
Source: cryptsetup
Source-Version: 2:2.7.1-1
Done: Guilhem Moulin <[email protected]>
We believe that the bug you reported is fixed in the latest version of
cryptsetup, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guilhem Moulin <[email protected]> (supplier of updated cryptsetup package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 09 Mar 2024 23:05:42 +0100
Source: cryptsetup
Architecture: source
Version: 2:2.7.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Cryptsetup Team
<[email protected]>
Changed-By: Guilhem Moulin <[email protected]>
Closes: 1060270
Changes:
cryptsetup (2:2.7.1-1) unstable; urgency=medium
.
* New bugfix upstream release.
.
[ Guilhem Moulin ]
* d/functions: get_mnt_devno(): Speed up execution time on large
/proc/mounts.
* d/t/cryptroot-*: Fix DEP-8 tests when the kernel .deb installs modules in
/usr/lib/modules not /lib/modules, such as
linux-image-6.6.15-686-pae_6.6.15-2_i386.deb.
* d/cryptsetup.lintian-overrides: Remove unused overrides.
.
[ Helmut Grohne ]
* /lib/cryptsetup/askpass: Coordinated move to /usr for DEP17
(Closes: #1060270)
Checksums-Sha1:
cb600191e8d4f6192543121d387249aa08b1d7aa 3545 cryptsetup_2.7.1-1.dsc
d7642c46fc1c8ff7eb4f5462544777da201392f8 11764313 cryptsetup_2.7.1.orig.tar.gz
4cd094631d3f5cd55c73da1fc486504c39d2f681 157168
cryptsetup_2.7.1-1.debian.tar.xz
216480ec0c4be4fd2201392e34bcc6c1718e7ceb 11677
cryptsetup_2.7.1-1_amd64.buildinfo
Checksums-Sha256:
dcf72e15cbb1d83aaad883cc3da26d589e03f5c993a1bfd6dcb94b9952328b77 3545
cryptsetup_2.7.1-1.dsc
2f7622bae9f5e808f5fd3570b595caa0a28f0a177ab25648c5a7956ce6dfbe75 11764313
cryptsetup_2.7.1.orig.tar.gz
365f85731c1a878b266f2979acd296045b32a398c8d3f5ed6acb1b611f84bc4c 157168
cryptsetup_2.7.1-1.debian.tar.xz
5ebb9eae6bdc8b8be88c28d36e6a66cf779ef6be20ae3c78b3bedbeffa50fb0b 11677
cryptsetup_2.7.1-1_amd64.buildinfo
Files:
3aa08ce94b10bac126a6da61db3186eb 3545 admin optional cryptsetup_2.7.1-1.dsc
1f6bc8de2674af3a0e4d0d5c4f8aeee4 11764313 admin optional
cryptsetup_2.7.1.orig.tar.gz
a4b02f140f2d99349b9d84cade097aa6 157168 admin optional
cryptsetup_2.7.1-1.debian.tar.xz
95d4b7d944899c37406ec2a2b8f3a190 11677 admin optional
cryptsetup_2.7.1-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmXs4E0ACgkQ05pJnDwh
pVIxaxAAuBLtfJxoQ/IWlTBxh77udLYMTjBA1f2dLuRhiKUTRheVVUs6YBleiWtf
KGcORbJPJr3s4ABEDNPIAhU/xC708hxXsFHjserJHbFkgq1poZlBKjYkm+nkki+g
BKEe9379ikMtSYkXyTzdAqQhpmBMUHyEuL4e6KtiEc8M7/ZrYZi2TnCk4r+RzQ92
ILPYiOUYOi5Xd9bQ0xtYu9UKZ+NnY5wl4tTmtnMOtN/KZ40TQ89oXhBzzIBsL+/Z
c6pVAu4VQLeKSGEiSXREx7hKbmMczkIWD4moNsIwPm++ND3CSMXeYiRF36jISGXG
DRGxvm8ohe6tbSaBUWq5nj20lkSF+TsVBG25vrIihjTuT9/o7C95QDxShOjcFhI5
Jr/ojVzYi0IM1tUr5hrZml7kqMKw60dhxFLPeQKpUIAmRCG0WtAG8nIyFz07gynY
O0qbYUMRiKQnWY3vKPxGV213Xty4qQxAXr69UisD1nHZr9olkJdlAg3vIoi030UE
82qfw4CCqCHkQajBvauT4j3qoLT9wCkc6DR+j26bv82LvPtOgtZftpCYqlr17KT4
VIB1qtCdEVJL4NBlvBtLQIVWvn8dfC+M/NUA9xYZghE5gC9ZuTXJ91J3M0HjgbaV
n0zttzL24koT3xPQzZl19vQXtEKp4Vyq1EiHv9ov6lcFvEYq3rI=
=3Ybt
-----END PGP SIGNATURE-----
pgpTVAsjdFnY0.pgp
Description: PGP signature
--- End Message ---
