Package: cryptsetup
Version: 2:1.4.3-4
Severity: wishlist
Tags: patch
Hi cryptsetup Debian maintainers :)
Please can you update cryptsetup to version 1.6.1 (at least in experimental)
(see also bug #704827)?
Reported separately, because this bug requests packaging of two new tools:
- veritysetup (setup of dm-verity block devices, e.g. used in Chrome OS)
- cryptsetup-reencrypt (LUKS device offline reencryption tool)
Patches needed for Debian package attached, I tested boot with fully encrypted
system (wheezy) and it still works.
Second attached patch fixes some compilation errors in Debian specific tools,
but these are just cosmetic fixes.
Thanks,
Milan
p.s.
Please let me know if you need any help - as upstream maintainer of cryptsetup
I am using Debian as primary platform now (but I am not Debian packager).
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing'), (500, 'oldstable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.7.4 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages cryptsetup depends on:
ii cryptsetup-bin 2:1.4.3-4
ii debconf [debconf-2.0] 1.5.50
ii dmsetup 2:1.02.77-1
ii libc6 2.13-38
Versions of packages cryptsetup recommends:
ii busybox 1:1.20.0-8
ii console-setup 1.92
ii initramfs-tools [linux-initramfs-tool] 0.112
ii kbd 1.15.5-1
Versions of packages cryptsetup suggests:
ii dosfstools 3.0.16-2
ii liblocale-gettext-perl 1.05-7+b1
-- debconf information excluded
diff -rupN debian.old/changelog debian/changelog
--- debian.old/changelog 2013-01-05 22:11:50.000000000 +0100
+++ debian/changelog 2013-05-12 14:52:10.866587706 +0200
@@ -1,3 +1,17 @@
+cryptsetup (2:1.6.1-1.1) UNRELEASED; urgency=low
+
+ * NOT RELEASED YET
+
+ * Non-maintainer upload.
+ * update to upstream package 1.6.1
+ * default LUKS encryption mode is now XTS (aes-xts-plain64)
+ * add native support for activation of Truecrypt and compatible on-disk format
+ * add benchmark command
+ * add veritysetup, tool for dm-verity block device verification kernel module
+ * add cryptsetup-reencrypt, tool to offline reencrypt LUKS device
+
+ -- Milan Broz <gmazyl...@gmail.com> Sat, 11 May 2013 19:43:07 +0200
+
cryptsetup (2:1.4.3-5) unstable; urgency=low
* NOT RELEASED YET
diff -rupN debian.old/control debian/control
--- debian.old/control 2013-01-05 22:11:50.000000000 +0100
+++ debian/control 2013-05-12 14:15:37.000000000 +0200
@@ -90,3 +90,19 @@ Description: disk encryption support - s
Setup (LUKS) support.
.
This udeb package provides libcryptsetup for the Debian Installer.
+
+Package: cryptsetup-reencrypt
+Section: admin
+Architecture: linux-any
+Depends: ${shlibs:Depends}, ${misc:Depends}, libcryptsetup4 (>= 2:1.6)
+Description: disk encryption support - offline reencryption tool
+ Cryptsetup-reencrypt provides a tool which can be used for offline
+ reencryption of LUKS disk in situ.
+
+Package: veritysetup
+Section: admin
+Architecture: linux-any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: tool to setup dm-verity
+ Veritysetup provides an interface for configuring data verification
+ on block devices using dm-verity kernel module.
diff -rupN debian.old/copyright debian/copyright
--- debian.old/copyright 2012-06-11 21:49:20.000000000 +0200
+++ debian/copyright 2013-05-12 14:27:40.000000000 +0200
@@ -1,11 +1,12 @@
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Contact: Milan Broz <mb...@redhat.com>
+Upstream-Contact: Milan Broz <gmazyl...@gmail.com>
Source: http://code.google.com/p/cryptsetup
Files: *
Copyright: © 2004 Christophe Saout <christo...@saout.de>
© 2004-2008 Clemens Fruhwirth <clem...@endorphin.org>
- © 2008-2010 Milan Broz <mb...@redhat.com>
+ © 2008-2012 Red Hat, Inc.
+ © 2008-2013 Milan Broz <gmazyl...@gmail.com>
License: GPL-2+
Files: debian/*
@@ -13,6 +14,7 @@ Copyright: © 2004-2005 Wesley W. Terpst
© 2005-2006 Michael Gebetsroither <michael....@gmx.at>
© 2006-2008 David Härdeman <da...@hardeman.nu>
© 2005-2010 Jonas Meurer <jo...@freesources.org>
+ © 2013 Milan Broz <gmazyl...@gmail.com>
License: GPL-2+
Files: debian/askpass.c debian/passdev.c
diff -rupN debian.old/cryptsetup.docs debian/cryptsetup.docs
--- debian.old/cryptsetup.docs 2012-02-07 16:11:32.000000000 +0100
+++ debian/cryptsetup.docs 2013-05-12 14:43:56.000000000 +0200
@@ -1,5 +1,6 @@
AUTHORS
FAQ
+docs/*ReleaseNotes
debian/README.keyctl
debian/README.gnupg
debian/README.initramfs
diff -rupN debian.old/cryptsetup-reencrypt.dirs debian/cryptsetup-reencrypt.dirs
--- debian.old/cryptsetup-reencrypt.dirs 1970-01-01 01:00:00.000000000 +0100
+++ debian/cryptsetup-reencrypt.dirs 2013-05-12 11:10:43.000000000 +0200
@@ -0,0 +1,2 @@
+/sbin
+/usr/share/man/man8
diff -rupN debian.old/libcryptsetup4.symbols debian/libcryptsetup4.symbols
--- debian.old/libcryptsetup4.symbols 2013-01-05 22:11:50.000000000 +0100
+++ debian/libcryptsetup4.symbols 2013-05-12 11:54:33.000000000 +0200
@@ -4,6 +4,8 @@ libcryptsetup.so.4 libcryptsetup4 #MINVE
crypt_activate_by_keyfile_offset@CRYPTSETUP_1.0 2:1.4.3
crypt_activate_by_passphrase@CRYPTSETUP_1.0 2:1.4
crypt_activate_by_volume_key@CRYPTSETUP_1.0 2:1.4
+ crypt_benchmark@CRYPTSETUP_1.0 2:1.6
+ crypt_benchmark_kdf@CRYPTSETUP_1.0 2:1.6
crypt_deactivate@CRYPTSETUP_1.0 2:1.4
crypt_dump@CRYPTSETUP_1.0 2:1.4
crypt_format@CRYPTSETUP_1.0 2:1.4
@@ -19,6 +21,7 @@ libcryptsetup.so.4 libcryptsetup4 #MINVE
crypt_get_rng_type@CRYPTSETUP_1.0 2:1.4
crypt_get_type@CRYPTSETUP_1.0 2:1.4
crypt_get_uuid@CRYPTSETUP_1.0 2:1.4
+ crypt_get_verity_info@CRYPTSETUP_1.0 2:1.5
crypt_get_volume_key_size@CRYPTSETUP_1.0 2:1.4
crypt_header_backup@CRYPTSETUP_1.0 2:1.4
crypt_header_restore@CRYPTSETUP_1.0 2:1.4
@@ -29,6 +32,8 @@ libcryptsetup.so.4 libcryptsetup4 #MINVE
crypt_keyslot_add_by_keyfile_offset@CRYPTSETUP_1.0 2:1.4.3
crypt_keyslot_add_by_passphrase@CRYPTSETUP_1.0 2:1.4
crypt_keyslot_add_by_volume_key@CRYPTSETUP_1.0 2:1.4
+ crypt_keyslot_area@CRYPTSETUP_1.0 2:1.6
+ crypt_keyslot_change_by_passphrase@CRYPTSETUP_1.0 2:1.6
crypt_keyslot_destroy@CRYPTSETUP_1.0 2:1.4
crypt_keyslot_max@CRYPTSETUP_1.0 2:1.4
crypt_keyslot_status@CRYPTSETUP_1.0 2:1.4
diff -rupN debian.old/libcryptsetup-dev.docs debian/libcryptsetup-dev.docs
--- debian.old/libcryptsetup-dev.docs 1970-01-01 01:00:00.000000000 +0100
+++ debian/libcryptsetup-dev.docs 2013-05-12 14:44:35.000000000 +0200
@@ -0,0 +1 @@
+docs/examples
diff -rupN debian.old/rules debian/rules
--- debian.old/rules 2013-01-05 22:11:50.000000000 +0100
+++ debian/rules 2013-05-12 14:57:45.591841868 +0200
@@ -43,7 +43,8 @@ configure-stamp:
--libdir=/lib \
--sbindir=/sbin \
--mandir=/usr/share/man \
- --enable-shared
+ --enable-shared \
+ --enable-cryptsetup-reencrypt
find -xtype f >manifest.new
diff manifest manifest.new | grep '>' | cut -b3- >config.mess
touch $@
@@ -167,6 +168,15 @@ binary-arch: build install
cp -a $(CURDIR)/debian/cryptsetup-bin/sbin/cryptsetup $(CURDIR)/debian/cryptsetup-udeb/sbin/
# Copy relevant parts to libcryptsetup4-udeb package
cp -a $(CURDIR)/debian/libcryptsetup4/lib $(CURDIR)/debian/libcryptsetup4-udeb/
+
+ # Install veritysetup and reencrypt tool
+ dh_movefiles -pveritysetup --sourcedir=debian/cryptsetup-bin \
+ sbin/veritysetup \
+ usr/share/man/man8/veritysetup.8
+ dh_movefiles -pcryptsetup-reencrypt --sourcedir=debian/cryptsetup-bin \
+ sbin/cryptsetup-reencrypt \
+ usr/share/man/man8/cryptsetup-reencrypt.8
+
dh_lintian -a
dh_compress -a
dh_fixperms -a
diff -rupN debian.old/veritysetup.dirs debian/veritysetup.dirs
--- debian.old/veritysetup.dirs 1970-01-01 01:00:00.000000000 +0100
+++ debian/veritysetup.dirs 2013-05-12 11:10:29.000000000 +0200
@@ -0,0 +1,2 @@
+/sbin
+/usr/share/man/man8
diff -rupN debian.old/askpass.c debian/askpass.c
--- debian.old/askpass.c 2012-02-07 16:11:32.000000000 +0100
+++ debian/askpass.c 2013-05-12 12:07:58.000000000 +0200
@@ -170,7 +170,7 @@ splashy_prepare(const char *prompt)
iov[0].iov_base = "getpass ";
iov[0].iov_len = strlen ("getpass ");
- iov[1].iov_base = prompt;
+ iov[1].iov_base = (char *)prompt;
iov[1].iov_len = strlen (prompt) + 1;
if (writev (fd, iov, 2) == -1) {
@@ -297,7 +297,7 @@ static int
console_prepare(const char *prompt)
{
struct termios term_new;
- char *prompt_ptr = prompt;
+ const char *prompt_ptr = prompt;
char *newline = NULL;
if (!isatty(STDIN_FILENO)) {
@@ -473,7 +473,10 @@ main(int argc, char **argv, char **envp)
}
debug("Writing %i bytes to stdout\n", (int)passlen);
- write(STDOUT_FILENO, pass, passlen);
+ if (write(STDOUT_FILENO, pass, passlen) == -1) {
+ disable_method(NULL);
+ exit(EXIT_FAILURE);
+ }
disable_method(NULL);
exit(EXIT_SUCCESS);
}
diff -rupN debian.old/passdev.c debian/passdev.c
--- debian.old/passdev.c 2010-05-19 18:34:10.000000000 +0200
+++ debian/passdev.c 2013-05-12 12:05:50.000000000 +0200
@@ -51,7 +51,6 @@ static bool
do_mount(const char *device, const char *dir)
{
pid_t pid;
- pid_t wpid;
int status;
char *fstypes[] = { "ext4", "ext3", "ext2", "vfat", "btrfs", "reiserfs", "xfs", "jfs", "ntfs", "iso9660", "udf" };
int fsindex;
@@ -70,7 +69,7 @@ do_mount(const char *device, const char
} else if (pid > 0) {
/* We're in the parent process */
do {
- wpid = waitpid(pid, &status, 0);
+ waitpid(pid, &status, 0);
} while (!WIFEXITED(status) && !WIFSIGNALED(status));
if (WIFEXITED(status) && WEXITSTATUS(status) == EXIT_SUCCESS)
return true;
@@ -119,7 +118,7 @@ main(int argc, char **argv, char **envp)
size_t byteswritten;
ssize_t bytes;
char *to;
- int timeout;
+ int timeout = 0;
bool do_timeout = false;
/* We only take one argument */
