Ludwig Nussel
2d76387d91
* don't hard require boot.device-mapper in boot.crypto OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=68
756 lines
28 KiB
Plaintext
756 lines
28 KiB
Plaintext
-------------------------------------------------------------------
|
|
Fri May 27 13:20:27 UTC 2011 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* don't hard require boot.device-mapper in boot.crypto
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 25 06:42:03 UTC 2011 - lnussel@suse.de
|
|
|
|
- new version 1.3.1:
|
|
* Fix keyfile=- processing in create command (regression in 1.3.0).
|
|
* Simplify device path status check (use /sys and do not scan /dev).
|
|
* Do not ignore device size argument for create command (regression in 1.2.0).
|
|
* Fix error paths in blockwise code and lseek_write call.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 11 14:04:11 UTC 2011 - lnussel@suse.de
|
|
|
|
- new version 1.3.0:
|
|
* userspace crypto backends support
|
|
* Cryptsetup now automatically allocates loopback device
|
|
if device argument is file and not plain device.
|
|
* luksChangeKey command
|
|
* loopaesOpen command for loop-AES compatibility
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 17 07:53:34 UTC 2011 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* also fix exit code in boot.crypto.functions (bnc#671822)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 31 15:32:57 UTC 2011 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* don't fail if loop module is not loaded
|
|
* adapt to new crypsetup exit codes (bnc#667931)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 20 13:01:54 UTC 2010 - lnussel@suse.de
|
|
|
|
- new version 1.2.0
|
|
* Add selection of random/urandom number generator for luksFormat
|
|
(option --use-random and --use-urandom).
|
|
|
|
* Fix luksRemoveKey to not ask for remaining keyslot passphrase,
|
|
only for removed one.
|
|
|
|
* No longer support luksDelKey (replaced with luksKillSlot).
|
|
* if you want to remove particular passphrase, use luksKeyRemove
|
|
* if you want to remove particular keyslot, use luksKillSlot
|
|
|
|
Note that in batch mode luksKillSlot allows removing of any keyslot
|
|
without question, in normal mode requires passphrase or keyfile from
|
|
other keyslot.
|
|
|
|
* Default alignment for device (if not overridden by topology info)
|
|
is now (multiple of) *1MiB*.
|
|
This reflects trends in storage technologies and aligns to the same
|
|
defaults for partitions and volume management.
|
|
|
|
* Allow explicit UUID setting in luksFormat and allow change it later
|
|
in luksUUID (--uuid parameter).
|
|
|
|
* All commands using key file now allows limited read from keyfile using
|
|
--keyfile-size and --new-keyfile-size parameters (in bytes).
|
|
|
|
This change also disallows overloading of --key-size parameter which
|
|
is now exclusively used for key size specification (in bits.)
|
|
|
|
* luksFormat using pre-generated master key now properly allows
|
|
using key file (only passphrase was allowed prior to this update).
|
|
|
|
* Add --dump-master-key option for luksDump to perform volume (master)
|
|
key dump. Note that printed information allows accessing device without
|
|
passphrase so it must be stored encrypted.
|
|
|
|
This operation is useful for simple Key Escrow function (volume key and
|
|
encryption parameters printed on paper on safe place).
|
|
|
|
This operation requires passphrase or key file.
|
|
|
|
* The reload command is no longer supported.
|
|
(Use dmsetup reload instead if needed. There is no real use for this
|
|
function except explicit data corruption:-)
|
|
|
|
* Cryptsetup now properly checks if underlying device is in use and
|
|
disallows *luksFormat*, luksOpen and create commands on open
|
|
(e.g. already mapped or mounted) device.
|
|
|
|
* Option --non-exclusive (already deprecated) is removed.
|
|
|
|
Libcryptsetup API additions:
|
|
|
|
* new functions
|
|
* crypt_get_type() - explicit query to crypt device context type
|
|
* crypt_resize() - new resize command using context
|
|
* crypt_keyslot_max() - helper to get number of supported keyslots
|
|
* crypt_get_active_device() - get active device info
|
|
* crypt_set/get_rng_type() - random/urandom RNG setting
|
|
* crypt_set_uuid() - explicit UUID change of existing device
|
|
* crypt_get_device_name() - get underlying device name
|
|
|
|
* Fix optional password callback handling.
|
|
|
|
* Allow to activate by internally cached volume key immediately after
|
|
crypt_format() without active slot (for temporary devices with
|
|
on-disk metadata)
|
|
|
|
* libcryptsetup is binary compatible with 1.1.x release and still
|
|
supports legacy API calls
|
|
|
|
* cryptsetup binary now uses only new API calls.
|
|
|
|
* Static compilation of both library (--enable-static) and cryptsetup
|
|
binary (--enable-static-cryptsetup) is now properly implemented by common
|
|
libtool logic.
|
|
|
|
Prior to this it produced miscompiled dynamic cryptsetup binary with
|
|
statically linked libcryptsetup.
|
|
|
|
The static binary is compiled as src/cryptsetup.static in parallel
|
|
with dynamic build if requested.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 30 14:16:07 UTC 2010 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* drop cryptotab support
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 16 14:05:47 UTC 2010 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* add a few tweaks for systemd (bnc#652767)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 7 14:38:11 UTC 2010 - lnussel@suse.de
|
|
|
|
- new version 1.1.3
|
|
* Fix device alignment ioctl calls parameters. (Device alignment
|
|
code was not working properly on some architectures like ppc64.)
|
|
* Fix activate_by_* API calls to handle NULL device name as
|
|
documented. (To enable check of passphrase/keyfile using
|
|
libcryptsetup without activating the device.)
|
|
* Fix udev support for old libdevmapper with not compatible definition.
|
|
* Added Polish translation file.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 1 14:27:12 UTC 2010 - lnussel@suse.de
|
|
|
|
- skip temporary mappings in early stage as chmod needs to be called
|
|
on the mounted file systems (bnc#591704)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jun 26 10:07:24 UTC 2010 - jengelh@medozas.de
|
|
|
|
- Use %_smp_mflags
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 31 09:42:27 UTC 2010 - lnussel@suse.de
|
|
|
|
- new version 1.1.2 fixes keyfile regression introduced by 1.1.1
|
|
* Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile.
|
|
* Support --key-file/-d option for luksFormat.
|
|
* Fix description of --key-file and add --verbose and --debug options to man page.
|
|
* Add verbose log level and move unlocking message there.
|
|
* Remove device even if underlying device disappeared (remove, luksClose).
|
|
* Fix (deprecated) reload device command to accept new device argument.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 25 08:11:30 UTC 2010 - lnussel@suse.de
|
|
|
|
- new version 1.1.1
|
|
* Detects and use device-mapper udev support if available.
|
|
* Supports device topology detection for data alignment.
|
|
* Fix luksOpen reading of passphrase on stdin (if "-" keyfile specified).
|
|
* Fix isLuks to initialise crypto backend (blkid instead is suggested anyway).
|
|
* Properly initialise crypto backend in header backup/restore commands.
|
|
* Do not verify unlocking passphrase in luksAddKey command.
|
|
* Allow no hash specification in plain device constructor - user can provide volume key directly.
|
|
* Try to use pkgconfig for device mapper library in configuration script.
|
|
* Add some compatibility checks and disable LUKS suspend/resume if not supported.
|
|
* Rearrange tests, "make check" now run all available test for package.
|
|
* Avoid class C++ keyword in library header.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 9 10:50:00 UTC 2010 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* turn off splash only if needed to avoid flicker
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 2 12:02:50 UTC 2010 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* restore splash screen state after initrd prompt (bnc#559053)
|
|
* use highlighted prompt in initrd too
|
|
* fix adding volumes with initrd option (bnc#558891)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 2 12:21:44 UTC 2010 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* document the stages of the boot process
|
|
* show status message in boot.cypto-early
|
|
* don't perform some checks if the device is skipped anyways
|
|
* seed random number generator (bnc#575139)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 18 12:18:32 UTC 2010 - lnussel@suse.de
|
|
|
|
- cryptsetup 1.1.0:
|
|
|
|
* IMPORTANT: the default compiled-in cipher parameters changed
|
|
plain mode: aes-cbc-essiv:sha256 (default is backward incompatible!).
|
|
LUKS mode: aes-cbc-essiv:sha256 (only key size increased)
|
|
In both modes is now default key size 256bits.
|
|
|
|
* Default compiled-in parameters are now configurable through configure options:
|
|
--with-plain-* / --with-luks1-* (see configure --help)
|
|
|
|
* If you need backward compatible defaults for distribution use
|
|
configure --with-plain-mode=cbc-plain --with-luks1-keybits=128
|
|
|
|
Default compiled-in modes are printed in "cryptsetup --help" output.
|
|
|
|
* Change in iterations count (LUKS):
|
|
The slot and key digest iteration minimum count is now 1000.
|
|
The key digest iteration count is calculated from iteration time (approx 1/8 of req. time).
|
|
For more info about above items see discussion here: http://tinyurl.com/yaug97y
|
|
|
|
* New libcryptsetup API (documented in libcryptsetup.h).
|
|
|
|
The old API (using crypt_options struct) is still available but will remain
|
|
frozen and not used for new functions.
|
|
Soname of library changed to libcryptsetup.so.1.0.0.
|
|
(But only recompilation should be needed for old programs.)
|
|
|
|
The new API provides much more flexible operation over LUKS device for
|
|
applications, it is preferred that new applications will use libcryptsetup
|
|
and not wrapper around cryptsetup binary.
|
|
|
|
* New luksHeaderBackup and luksHeaderRestore commands.
|
|
|
|
These commands allows binary backup of LUKS header.
|
|
Please read man page about possible security issues with backup files.
|
|
|
|
* New luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase).
|
|
|
|
luksSuspend wipe encryption key in kernel memory and set device to suspend
|
|
(blocking all IO) state. This option can be used for situations when you need
|
|
temporary wipe encryption key (like suspend to RAM etc.)
|
|
Please read man page for more information.
|
|
|
|
* New --master-key-file option for luksFormat and luksAddKey.
|
|
|
|
User can now specify pre-generated master key in file, which allows regenerating
|
|
LUKS header or add key with only master key knowledge.
|
|
|
|
* Uses libgcrypt and enables all gcrypt hash algorithms for LUKS through -h luksFormat option.
|
|
|
|
Please note that using different hash for LUKS header make device incompatible with
|
|
old cryptsetup releases.
|
|
|
|
* Introduces --debug parameter.
|
|
|
|
Use when reporting bugs (just run cryptsetup with --debug and attach output
|
|
to issue report.) Sensitive data are never printed to this log.
|
|
|
|
* Moves command successful messages to verbose level.
|
|
|
|
* Requires device-mapper library and libgcrypt to build.
|
|
|
|
* Uses dm-uuid for all crypt devices, contains device type and name now.
|
|
|
|
* Removes support for dangerous non-exclusive option
|
|
(it is ignored now, LUKS device must be always opened exclusive)
|
|
|
|
- boot.crypto:
|
|
* don't use dirty prompt override hack anymore
|
|
* wait for volume groups if resume volume is on lvm (bnc#556895)
|
|
* dynamically determine whether the cryptomgr module is neeeded
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 19 14:33:57 UTC 2009 - lnussel@suse.de
|
|
|
|
- add luks script in volumemanager stage too, this way some side
|
|
effects are avoided (bnc#547612)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 7 12:37:24 UTC 2009 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* /lib/udev/vol_id no longer exists, use blkid instead
|
|
* add space at end of password prompt in initrd
|
|
* fix autodetetection of root on LVM on LUKS (bnc#528474)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 6 11:43:15 UTC 2009 - lnussel@suse.de
|
|
|
|
- boot.crypto: more changes as agreed with the Debian maintainer:
|
|
* rename keyscript variable CRYPTTAB_DEVICE to CRYPTTAB_SOURCE
|
|
* export list of options in CRYPTTAB_OPTIONS
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 29 11:25:58 UTC 2009 - lnussel@suse.de
|
|
|
|
- replace patch that quits on EOF with upstream version
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 25 12:42:23 UTC 2009 - lnussel@suse.de
|
|
|
|
- actually hash=plain can be used to get raw keyscript output so
|
|
remove keyscript_raw again
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 24 13:36:52 UTC 2009 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* don't use hashalot if keyfile is specified
|
|
* to comply with Debian, keyscripts must only output the password.
|
|
In order to allow keyscript to use different methods to retrieve
|
|
a key, add a keyscript_rawkey option.
|
|
- cryptsetup:
|
|
* When reading no single byte for the key abort.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 21 08:51:40 UTC 2009 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* fix test for keyfile (bnc#540363)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 16 12:49:07 UTC 2009 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* 2.6.31 requires the cryptomgr module in the initrd (bnc#535013)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 15 13:20:59 UTC 2009 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* uppercase variables exported to keyscript in anticipation of
|
|
Debian adopting the implementation
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 4 10:04:05 UTC 2009 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* fix setting options without parameter
|
|
* infinite retries in initrd
|
|
* tries=0 means infinite tries
|
|
* implement retries in the script to make it work with keyscripts and non-luks volumes
|
|
* keyscript support (fate#302628)
|
|
* remove the option to fsck the fs as it actually never worked
|
|
* fix initrd option parsing
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 27 06:59:55 UTC 2009 - lnussel@suse.de
|
|
|
|
- new cryptsetup version 1.0.7
|
|
* Allow removal of last slot in luksRemoveKey and luksKillSlot.
|
|
* Reject unsupported --offset and --skip options for luksFormat and update man page.
|
|
* Various man page fixes.
|
|
* Set UUID in device-mapper for LUKS devices.
|
|
* Retain readahead of underlying device.
|
|
* Display device name when asking for password.
|
|
* Check device size when loading LUKS header. Remove misleading error message later.
|
|
* Add error hint if dm-crypt mapping failed.
|
|
* Use better error messages if device doesn't exist or is already used by other mapping.
|
|
* Fix make distcheck.
|
|
* Check if all slots are full during luksAddKey.
|
|
* Fix segfault in set_error.
|
|
* Code cleanups, remove precompiled pot files, remove unnecessary files from po directory
|
|
* Fix uninitialized return value variable in setup.c.
|
|
* Code cleanups. (thanks to Ivan Stankovic)
|
|
* Fix wrong output for remaining key at key deletion.
|
|
* Allow deletion of key slot while other keys have the same key information.
|
|
* Add missing AM_PROG_CC_C_O to configure.in
|
|
* Remove duplicate sentence in man page.
|
|
* Wipe start of device (possible fs signature) before LUKS-formatting.
|
|
* Do not process configure.in in hidden directories.
|
|
* Return more descriptive error in case of IO or header format error.
|
|
* Use remapping to error target instead of calling udevsettle for temporary crypt device.
|
|
* Check device mapper communication and warn user if device-mapper support missing in kernel.
|
|
* Fix signal handler to properly close device.
|
|
* write_lseek_blockwise: declare innerCount outside the if block.
|
|
* add -Wall to the default CFLAGS. fix some signedness issues.
|
|
* Error handling improvement.
|
|
* Add non-exclusive override to interface definition.
|
|
* Refactor key slot selection into keyslot_from_option.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 19 14:08:40 CEST 2009 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* set infinite timeout during 2nd stage (bnc#456004)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 13 08:56:56 UTC 2009 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* wait for device before calling luksOpen (bnc#521446)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 17 11:30:08 CEST 2009 - coolo@novell.com
|
|
|
|
- fix link order
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 11 21:36:28 CEST 2009 - coolo@novell.com
|
|
|
|
- fix compile with glibc 2.10
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 2 09:33:22 CEST 2009 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* resolve symlinks when searching for loop devices (bnc#490170)
|
|
* add extra man page tags to avoid FIXME output of docbook
|
|
* don't pipe password if there's only one device to open
|
|
* update copyright information
|
|
* fix spelling and actually stop in pre_stop_hook
|
|
* introduce initrd option in crypttab (bnc#465711)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 6 13:01:44 CET 2009 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* print dm name instead of physdev (bnc#456664)
|
|
* make prompt work with infinite timeout (bnc#466405)
|
|
* implement pre-stop hook (bnc#481870)
|
|
* remove hardcoded loop device number limit (bnc#481872)
|
|
* Warn if using a non-absolute path for physdev in crypttab
|
|
- hashalot: compute hash of empty passphrase if not interactive
|
|
(bnc#475135)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 3 16:27:23 CET 2009 - lnussel@suse.de
|
|
|
|
- fix boot.crypto doesn't care on tries flag in crypttab (bnc#480741)
|
|
- mkinitrd scripts now included in boot.crypto git
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 26 15:34:06 CET 2009 - mhopf@suse.de
|
|
|
|
- Fix segfault with oversized hashes (bnc #476290).
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 25 13:47:43 CET 2009 - jsmeix@suse.de
|
|
|
|
- Fixed initrd LUKS password annoyance in mkinitrd-boot.sh and
|
|
mkinitrd-setup.sh when the same password is used for all
|
|
partitions. In this case the password is now only asked
|
|
once (bnc#465711).
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Dec 14 12:27:34 CET 2008 - bwalle@suse.de
|
|
|
|
- Fix LUKS root partition residing on a soft raid (bnc#358341)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 3 14:03:33 CET 2008 - mkoenig@suse.de
|
|
|
|
- boot.crypto-early: explicitly start before boot.localfs
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 12 16:40:03 CEST 2008 - mkoenig@suse.de
|
|
|
|
- branch off shlib to subpackage libcryptsetup0
|
|
- rename cryptsetup-devel to libcryptsetup-devel
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 3 11:09:34 CEST 2008 - hare@suse.de
|
|
|
|
- Call mkinitrd_setup during %post and %postun (bnc#413709)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 20 15:20:06 CEST 2008 - mkoenig@suse.de
|
|
|
|
- enable SELinux support (fate#303662)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 13 11:21:14 CEST 2008 - mkoenig@suse.de
|
|
|
|
- boot.crypto:
|
|
* Fix init script tags
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 8 11:42:10 CEST 2008 - mkoenig@suse.de
|
|
|
|
- boot.crypto:
|
|
* Provide some reasonable exit status (bnc#409502)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 23 15:44:31 CEST 2008 - hare@suse.de
|
|
|
|
- Include mkinitrd scriptlets.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 23 13:05:20 CEST 2008 - mkoenig@suse.de
|
|
|
|
- use /sbin/udevadm settle instead of /sbin/udevsettle (bnc#404875)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 6 12:36:49 CEST 2008 - mkoenig@suse.de
|
|
|
|
- load loop module in boot.crypto-early as it might be needed.
|
|
It is previously initially loaded by boot.localfs.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 9 15:59:09 CEST 2008 - mkoenig@suse.de
|
|
|
|
- add support for boot.crypto-early (bnc#355824)
|
|
needed to encrypt block devices for usage with LVM or MD
|
|
adds a new option 'noearly' for crypttab, which will skip
|
|
the device in boot.crypto-early.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 27 12:10:32 CET 2008 - mkoenig@suse.de
|
|
|
|
- update to svn revision 46:
|
|
* fix out of bound for key index in delKey (bnc#360041)
|
|
* Add typo fixes to the cryptsetup.8 manpage
|
|
* Add key-slot patch
|
|
* Remove O_EXCL requirement for certain LUKS operations
|
|
* mention luksKillSlot in the manpage
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 4 16:22:42 CET 2008 - lnussel@suse.de
|
|
|
|
- boot.crypto:
|
|
* check for columns of terminal (bnc#337614)
|
|
* enhance crypttab manpage (bnc#351061)
|
|
* check for fs_passno (bnc#345339)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 9 12:07:14 CET 2008 - lnussel@suse.de
|
|
|
|
- upgrade to svn revision 42 which includes previous patches
|
|
- boot.crypto:
|
|
* don't mount read-only as safety check (bnc#345338)
|
|
* implement precheck scripts
|
|
* allow restarting of single volumes (bnc#345605)
|
|
* status query of individual devices (bnc#345605)
|
|
* add vol_id check script
|
|
* maintain boot.crypto stuff in revision control and use tarball
|
|
snapshots of it
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 29 13:47:24 CET 2007 - lnussel@suse.de
|
|
|
|
- upgrade to svn revision 38
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 7 12:40:02 CET 2007 - mkoenig@suse.de
|
|
|
|
- add %fillup_prereq and %insserv_prereq to PreReq
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 16 10:38:35 CEST 2007 - lnussel@suse.de
|
|
|
|
- upgrade to svn revision 31
|
|
* Rename luksDelKey into luksKillSlot
|
|
* Add luksRemoveKey that queries a given key before removal
|
|
* Fix segfault in luksOpen.
|
|
* Add LUKS_device_ready check for most LUKS calls, so that
|
|
cryptsetup dies before password querying in case a blockdev is
|
|
unavailable
|
|
* For LUKS key material access require exclusive access to the
|
|
underlying device. This will prevent multiple mappings onto a
|
|
single LUKS device. dm*crypt doesn't feature any syncing
|
|
capabilities, hence there is no real application for this as it
|
|
will likely lead to disk corruption.
|
|
* Add signal handler to keyencryption to free the temporary
|
|
mapping in case the user hits ctrl-c.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 27 16:25:54 CEST 2007 - lnussel@suse.de
|
|
|
|
- remove /var/run/keymap from previous boot to make /etc/init.d/kbd
|
|
work (#296409)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 27 10:42:32 CEST 2007 - lnussel@suse.de
|
|
|
|
- run fsck with progressbar (#304750)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 21 16:06:53 CEST 2007 - mkoenig@suse.de
|
|
|
|
- run udevsettle to avoid problems with busy temporary
|
|
device mapper devices [#285478]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 11 09:23:24 CEST 2007 - lnussel@suse.de
|
|
|
|
- rephrase error message (#279169)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 1 10:07:14 CEST 2007 - lnussel@suse.de
|
|
|
|
- rename util-linux-crypto to cryptsetup
|
|
- remove dmconvert
|
|
- replace svn snapshot with official 1.0.5 release
|
|
- don't enable boot.crypto by default
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 29 15:58:44 CEST 2007 - lnussel@suse.de
|
|
|
|
- fix segfault when trying to open a non existing device
|
|
- fix gcc warnings
|
|
- add Short-Description to boot.crypto
|
|
- use %find_lang
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 9 14:52:00 CEST 2007 - lnussel@suse.de
|
|
|
|
- boot.crypto: implement 'status'
|
|
- boot.crypto: accept argument to start/stop single devices
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 9 10:40:28 CEST 2007 - lnussel@suse.de
|
|
|
|
- hashalot: add timeout option
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 9 09:40:42 CEST 2007 - lnussel@suse.de
|
|
|
|
- fix build
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 8 15:16:41 CEST 2007 - lnussel@suse.de
|
|
|
|
- boot.crypto: switch off splash screen only when needed
|
|
- boot.crypto: report status for individual volumes instead of using one global
|
|
exit status
|
|
- hashalot: exit unsucessfully on empty passphrase
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 8 10:43:24 CEST 2007 - lnussel@suse.de
|
|
|
|
- boot.crypto: sleep a bit longer before overwriting the prompt
|
|
- boot.crypto: add support for pseed and itercountk options
|
|
- boot.crypto: skip entries with unsupported/unknown options
|
|
- hashalot: add support for itercountk
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 4 16:38:11 CEST 2007 - lnussel@suse.de
|
|
|
|
- upgrade cryptsetup to current svn revision 30 which includes
|
|
previous patches.
|
|
- fix background prompt process not getting killed on ctrl-d in
|
|
boot.crypto
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 27 15:46:05 CEST 2007 - lnussel@suse.de
|
|
|
|
- upgrade cryptsetup to current svn revision 26. Does no longer hang
|
|
when a file is specified instead of a device.
|
|
- remove obsolete cryptsetup.sh script
|
|
- boot.crypto:
|
|
* drop support for cryptoloop, use cryptsetup also for cryptotab
|
|
* refactor code and create reusable components for use in cryptotab
|
|
and crypttab code path
|
|
* run sulogin only during boot if fsck failed
|
|
* support crypttab's 'tries' option
|
|
- add crypttab manpage based on Debian one
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 24 17:38:40 CEST 2007 - lnussel@suse.de
|
|
|
|
- add boot.crypto (#257884)
|
|
- add crypttab and cryptotab as %ghost to filelist
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 27 10:22:48 CEST 2007 - mkoenig@suse.de
|
|
|
|
- move devel .so link to %{libdir}
|
|
- run ldconfig, since we have now a shared lib installed
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 23 16:18:12 CET 2007 - dmueller@suse.de
|
|
|
|
- cryptsetup can now link shared since libpopt is
|
|
no longer under /usr
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 9 12:06:53 CET 2007 - lnussel@suse.de
|
|
|
|
- add patch to support old loop_fish2 key hash method
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 7 18:33:01 CET 2006 - mkoenig@suse.de
|
|
|
|
- update cryptsetup to version 1.0.4:
|
|
* added terminal timeout rewrite
|
|
* allow user selection of key slot
|
|
* reading binary keys from stdin using the "-" as key file
|
|
* fix 64 bit compiler warning issues.
|
|
* fix getline problem for 64-bit archs.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 13 11:30:19 CEST 2006 - mkoenig@suse.de
|
|
|
|
- fix build failure due to missing pthreads
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 13 12:39:27 CEST 2006 - hvogel@suse.de
|
|
|
|
- use the LUKS version of cryptsetup
|
|
- split -devel subpackage for libcryptsetup
|
|
- remove patches because they are in the new cryptsetup
|
|
* cryptsetup-0.1-static.patch
|
|
* cryptsetup-0.1-retval.patch
|
|
* cryptsetup-0.1-dmi.exists.patch
|
|
* cryptsetup-0.1-timeout.patch
|
|
- use man page from the new cryptsetup
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 16 11:03:08 CEST 2006 - hvogel@suse.de
|
|
|
|
- Fix cryptsetup to work when the device does not exist yet
|
|
[#175931]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 25 21:42:28 CET 2006 - mls@suse.de
|
|
|
|
- converted neededforbuild to BuildRequires
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 19 14:46:30 CET 2005 - mmj@suse.de
|
|
|
|
- Remove symlinks to hashalot we don't want
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 13 15:04:29 CEST 2005 - hvogel@suse.de
|
|
|
|
- Fix uninitialized var in dmconvert. Add
|
|
* dmconvert-0.2-uninitialized.patch
|
|
- Fix return value in cryptsetup. Add
|
|
* cryptsetup-0.1-retval.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 29 14:28:32 CEST 2005 - hvogel@suse.de
|
|
|
|
- Link cryptsetup static so it can be in /sbin and you can get
|
|
/usr over nfs or even crypted
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 9 17:23:39 CEST 2005 - hvogel@suse.de
|
|
|
|
- New package, Version 2.12q
|
|
|