Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

cryptsetup-1.3.1-6.4.1 RPM for x86_64

From OpenSuSE 12.1 updates for x86_64

Name: cryptsetup Distribution: openSUSE 12.1
Version: 1.3.1 Vendor: openSUSE
Release: 6.4.1 Build date: Wed Jan 18 17:50:33 2012
Group: System/Base Build host: build35
Size: 303782 Source RPM: cryptsetup-1.3.1-6.4.1.src.rpm
Packager: http://bugs.opensuse.org
Url: http://code.google.com/p/cryptsetup/
Summary: Set Up dm-crypt Based Encrypted Block Devices
 
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file /etc/crypttab.

Provides

Requires

License

GPLv2+

Changelog

* Fri Jan 13 2012 lnussel@suse.de
  - fix error on empty key files (bnc#738546)
* Thu Oct 27 2011 lnussel@suse.de
  - on update convert noauto to nofail and turn on fsck (bnc#724113)
* Mon Oct 10 2011 jeffm@suse.com
  - cryptsetup-boot: Rescan LVM volumes after opening crypto (bnc#722916).
* Fri Sep 30 2011 coolo@suse.com
  - add libtool as buildrequire to make the spec file more reliable
* Sun Sep 18 2011 jengelh@medozas.de
  - Remove redundant tags/sections from specfile
* Fri May 27 2011 lnussel@suse.de
  - boot.crypto:
    * don't hard require boot.device-mapper in boot.crypto
* Wed May 25 2011 lnussel@suse.de
  - new version 1.3.1:
    * Fix keyfile=- processing in create command (regression in 1.3.0).
    * Simplify device path status check (use /sys and do not scan /dev).
    * Do not ignore device size argument for create command (regression in 1.2.0).
    * Fix error paths in blockwise code and lseek_write call.
* Mon Apr 11 2011 lnussel@suse.de
  - new version 1.3.0:
    * userspace crypto backends support
    * Cryptsetup now automatically allocates loopback device
    if device argument is file and not plain device.
    * luksChangeKey command
    * loopaesOpen command for loop-AES compatibility
* Thu Feb 17 2011 lnussel@suse.de
  - boot.crypto:
    * also fix exit code in boot.crypto.functions (bnc#671822)
* Mon Jan 31 2011 lnussel@suse.de
  - boot.crypto:
    * don't fail if loop module is not loaded
    * adapt to new crypsetup exit codes (bnc#667931)
* Mon Dec 20 2010 lnussel@suse.de
  - new version 1.2.0
    * Add selection of random/urandom number generator for luksFormat
    (option --use-random and --use-urandom).
    * Fix luksRemoveKey to not ask for remaining keyslot passphrase,
    only for removed one.
    * No longer support luksDelKey (replaced with luksKillSlot).
    * if you want to remove particular passphrase, use luksKeyRemove
    * if you want to remove particular keyslot, use luksKillSlot
    Note that in batch mode luksKillSlot allows removing of any keyslot
    without question, in normal mode requires passphrase or keyfile from
    other keyslot.
    * Default alignment for device (if not overridden by topology info)
    is now (multiple of) *1MiB*.
    This reflects trends in storage technologies and aligns to the same
    defaults for partitions and volume management.
    * Allow explicit UUID setting in luksFormat and allow change it later
    in luksUUID (--uuid parameter).
    * All commands using key file now allows limited read from keyfile using
    - -keyfile-size and --new-keyfile-size parameters (in bytes).
    This change also disallows overloading of --key-size parameter which
    is now exclusively used for key size specification (in bits.)
    * luksFormat using pre-generated master key now properly allows
    using key file (only passphrase was allowed prior to this update).
    * Add --dump-master-key option for luksDump to perform volume (master)
    key dump. Note that printed information allows accessing device without
    passphrase so it must be stored encrypted.
    This operation is useful for simple Key Escrow function (volume key and
    encryption parameters printed on paper on safe place).
    This operation requires passphrase or key file.
    * The reload command is no longer supported.
    (Use dmsetup reload instead if needed. There is no real use for this
    function except explicit data corruption:-)
    * Cryptsetup now properly checks if underlying device is in use and
    disallows *luksFormat*, luksOpen and create commands on open
    (e.g. already mapped or mounted) device.
    * Option --non-exclusive (already deprecated) is removed.
    Libcryptsetup API additions:
    * new functions
    * crypt_get_type() - explicit query to crypt device context type
    * crypt_resize() - new resize command using context
    * crypt_keyslot_max() - helper to get number of supported keyslots
    * crypt_get_active_device() - get active device info
    * crypt_set/get_rng_type() - random/urandom RNG setting
    * crypt_set_uuid() - explicit UUID change of existing device
    * crypt_get_device_name() - get underlying device name
    * Fix optional password callback handling.
    * Allow to activate by internally cached volume key immediately after
    crypt_format() without active slot (for temporary devices with
    on-disk metadata)
    * libcryptsetup is binary compatible with 1.1.x release and still
    supports legacy API calls
    * cryptsetup binary now uses only new API calls.
    * Static compilation of both library (--enable-static) and cryptsetup
    binary (--enable-static-cryptsetup) is now properly implemented by common
    libtool logic.
    Prior to this it produced miscompiled dynamic cryptsetup binary with
    statically linked libcryptsetup.
    The static binary is compiled as src/cryptsetup.static in parallel
    with dynamic build if requested.
* Tue Nov 30 2010 lnussel@suse.de
  - boot.crypto:
    * drop cryptotab support
* Tue Nov 16 2010 lnussel@suse.de
  - boot.crypto:
    * add a few tweaks for systemd (bnc#652767)
* Wed Jul 07 2010 lnussel@suse.de
  - new version 1.1.3
    * Fix device alignment ioctl calls parameters. (Device alignment
      code was not working properly on some architectures like ppc64.)
    * Fix activate_by_* API calls to handle NULL device name as
      documented. (To enable check of passphrase/keyfile using
      libcryptsetup without activating the device.)
    * Fix udev support for old libdevmapper with not compatible definition.
    * Added Polish translation file.
* Thu Jul 01 2010 lnussel@suse.de
  - skip temporary mappings in early stage as chmod needs to be called
    on the mounted file systems (bnc#591704)
* Sat Jun 26 2010 jengelh@medozas.de
  - Use %_smp_mflags
* Mon May 31 2010 lnussel@suse.de
  - new version 1.1.2 fixes keyfile regression introduced by 1.1.1
    * Fix luksFormat/luksOpen reading passphrase from stdin and "-" keyfile.
    * Support --key-file/-d option for luksFormat.
    * Fix description of --key-file and add --verbose and --debug options to man page.
    * Add verbose log level and move unlocking message there.
    * Remove device even if underlying device disappeared (remove, luksClose).
    * Fix (deprecated) reload device command to accept new device argument.
* Tue May 25 2010 lnussel@suse.de
  - new version 1.1.1
    * Detects and use device-mapper udev support if available.
    * Supports device topology detection for data alignment.
    * Fix luksOpen reading of passphrase on stdin (if "-" keyfile specified).
    * Fix isLuks to initialise crypto backend (blkid instead is suggested anyway).
    * Properly initialise crypto backend in header backup/restore commands.
    * Do not verify unlocking passphrase in luksAddKey command.
    * Allow no hash specification in plain device constructor - user can provide volume key directly.
    * Try to use pkgconfig for device mapper library in configuration script.
    * Add some compatibility checks and disable LUKS suspend/resume if not supported.
    * Rearrange tests, "make check" now run all available test for package.
    * Avoid class C++ keyword in library header.
* Tue Mar 09 2010 lnussel@suse.de
  - boot.crypto:
    * turn off splash only if needed to avoid flicker
* Tue Mar 02 2010 lnussel@suse.de
  - boot.crypto:
    * restore splash screen state after initrd prompt (bnc#559053)
    * use highlighted prompt in initrd too
    * fix adding volumes with initrd option (bnc#558891)
* Tue Feb 02 2010 lnussel@suse.de
  - boot.crypto:
    * document the stages of the boot process
    * show status message in boot.cypto-early
    * don't perform some checks if the device is skipped anyways
    * seed random number generator (bnc#575139)
* Mon Jan 18 2010 lnussel@suse.de
  - cryptsetup 1.1.0:
    * IMPORTANT: the default compiled-in cipher parameters changed
    plain mode: aes-cbc-essiv:sha256 (default is backward incompatible!).
    LUKS mode: aes-cbc-essiv:sha256 (only key size increased)
    In both modes is now default key size 256bits.
    * Default compiled-in parameters are now configurable through configure options:
    - -with-plain-* / --with-luks1-* (see configure --help)
    * If you need backward compatible defaults for distribution use
    configure --with-plain-mode=cbc-plain --with-luks1-keybits=128
    Default compiled-in modes are printed in "cryptsetup --help" output.
    * Change in iterations count (LUKS):
    The slot and key digest iteration minimum count is now 1000.
    The key digest iteration count is calculated from iteration time (approx 1/8 of req. time).
    For more info about above items see discussion here: http://tinyurl.com/yaug97y
    * New libcryptsetup API (documented in libcryptsetup.h).
    The old API (using crypt_options struct) is still available but will remain
    frozen and not used for new functions.
    Soname of library changed to libcryptsetup.so.1.0.0.
    (But only recompilation should be needed for old programs.)
    The new API provides much more flexible operation over LUKS device for
    applications, it is preferred that new applications will use libcryptsetup
    and not wrapper around cryptsetup binary.
    * New luksHeaderBackup and luksHeaderRestore commands.
    These commands allows binary backup of LUKS header.
    Please read man page about possible security issues with backup files.
    * New luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase).
    luksSuspend wipe encryption key in kernel memory and set device to suspend
    (blocking all IO) state. This option can be used for situations when you need
    temporary wipe encryption key (like suspend to RAM etc.)
    Please read man page for more information.
    * New --master-key-file option for luksFormat and luksAddKey.
    User can now specify pre-generated master key in file, which allows regenerating
    LUKS header or add key with only master key knowledge.
    * Uses libgcrypt and enables all gcrypt hash algorithms for LUKS through -h luksFormat option.
    Please note that using different hash for LUKS header make device incompatible with
    old cryptsetup releases.
    * Introduces --debug parameter.
    Use when reporting bugs (just run cryptsetup with --debug and attach output
    to issue report.) Sensitive data are never printed to this log.
    * Moves command successful messages to verbose level.
    * Requires device-mapper library and libgcrypt to build.
    * Uses dm-uuid for all crypt devices, contains device type and name now.
    * Removes support for dangerous non-exclusive option
    (it is ignored now, LUKS device must be always opened exclusive)
  - boot.crypto:
    * don't use dirty prompt override hack anymore
    * wait for volume groups if resume volume is on lvm (bnc#556895)
    * dynamically determine whether the cryptomgr module is neeeded
* Mon Oct 19 2009 lnussel@suse.de
  - add luks script in volumemanager stage too, this way some side
    effects are avoided (bnc#547612)
* Wed Oct 07 2009 lnussel@suse.de
  - boot.crypto:
    * /lib/udev/vol_id no longer exists, use blkid instead
    * add space at end of password prompt in initrd
    * fix autodetetection of root on LVM on LUKS (bnc#528474)
* Tue Oct 06 2009 lnussel@suse.de
  - boot.crypto: more changes as agreed with the Debian maintainer:
    * rename keyscript variable CRYPTTAB_DEVICE to CRYPTTAB_SOURCE
    * export list of options in CRYPTTAB_OPTIONS
* Tue Sep 29 2009 lnussel@suse.de
  - replace patch that quits on EOF with upstream version
* Fri Sep 25 2009 lnussel@suse.de
  - actually hash=plain can be used to get raw keyscript output so
    remove keyscript_raw again
* Thu Sep 24 2009 lnussel@suse.de
  - boot.crypto:
    * don't use hashalot if keyfile is specified
    * to comply with Debian, keyscripts must only output the password.
      In order to allow keyscript to use different methods to retrieve
      a key, add a keyscript_rawkey option.
  - cryptsetup:
    * When reading no single byte for the key abort.
* Mon Sep 21 2009 lnussel@suse.de
  - boot.crypto:
    * fix test for keyfile (bnc#540363)
* Wed Sep 16 2009 lnussel@suse.de
  - boot.crypto:
    * 2.6.31 requires the cryptomgr module in the initrd (bnc#535013)
* Tue Sep 15 2009 lnussel@suse.de
  - boot.crypto:
    * uppercase variables exported to keyscript in anticipation of
      Debian adopting the implementation
* Fri Sep 04 2009 lnussel@suse.de
  - boot.crypto:
    * fix setting options without parameter
    * infinite retries in initrd
    * tries=0 means infinite tries
    * implement retries in the script to make it work with keyscripts and non-luks volumes
    * keyscript support (fate#302628)
    * remove the option to fsck the fs as it actually never worked
    * fix initrd option parsing
* Thu Aug 27 2009 lnussel@suse.de
  - new cryptsetup version 1.0.7
    * Allow removal of last slot in luksRemoveKey and luksKillSlot.
    * Reject unsupported --offset and --skip options for luksFormat and update man page.
    * Various man page fixes.
    * Set UUID in device-mapper for LUKS devices.
    * Retain readahead of underlying device.
    * Display device name when asking for password.
    * Check device size when loading LUKS header. Remove misleading error message later.
    * Add error hint if dm-crypt mapping failed.
    * Use better error messages if device doesn't exist or is already used by other mapping.
    * Fix make distcheck.
    * Check if all slots are full during luksAddKey.
    * Fix segfault in set_error.
    * Code cleanups, remove precompiled pot files, remove unnecessary files from po directory
    * Fix uninitialized return value variable in setup.c.
    * Code cleanups. (thanks to Ivan Stankovic)
    * Fix wrong output for remaining key at key deletion.
    * Allow deletion of key slot while other keys have the same key information.
    * Add missing AM_PROG_CC_C_O to configure.in
    * Remove duplicate sentence in man page.
    * Wipe start of device (possible fs signature) before LUKS-formatting.
    * Do not process configure.in in hidden directories.
    * Return more descriptive error in case of IO or header format error.
    * Use remapping to error target instead of calling udevsettle for temporary crypt device.
    * Check device mapper communication and warn user if device-mapper support missing in kernel.
    * Fix signal handler to properly close device.
    * write_lseek_blockwise: declare innerCount outside the if block.
    * add -Wall to the default CFLAGS. fix some signedness issues.
    * Error handling improvement.
    * Add non-exclusive override to interface definition.
    * Refactor key slot selection into keyslot_from_option.
* Wed Aug 19 2009 lnussel@suse.de
  - boot.crypto:
    * set infinite timeout during 2nd stage (bnc#456004)
* Mon Jul 13 2009 lnussel@suse.de
  - boot.crypto:
    * wait for device before calling luksOpen (bnc#521446)
* Wed Jun 17 2009 coolo@novell.com
  - fix link order
* Thu Jun 11 2009 coolo@novell.com
  - fix compile with glibc 2.10
* Thu Apr 02 2009 lnussel@suse.de
  - boot.crypto:
    * resolve symlinks when searching for loop devices (bnc#490170)
    * add extra man page tags to avoid FIXME output of docbook
    * don't pipe password if there's only one device to open
    * update copyright information
    * fix spelling and actually stop in pre_stop_hook
    * introduce initrd option in crypttab (bnc#465711)
* Fri Mar 06 2009 lnussel@suse.de
  - boot.crypto:
    * print dm name instead of physdev (bnc#456664)
    * make prompt work with infinite timeout (bnc#466405)
    * implement pre-stop hook (bnc#481870)
    * remove hardcoded loop device number limit (bnc#481872)
    * Warn if using a non-absolute path for physdev in crypttab
  - hashalot: compute hash of empty passphrase if not interactive
    (bnc#475135)
* Tue Mar 03 2009 lnussel@suse.de
  - fix boot.crypto doesn't care on tries flag in crypttab (bnc#480741)
  - mkinitrd scripts now included in boot.crypto git

Files

/etc/cryptotab
/etc/crypttab
/etc/init.d/boot.crypto
/etc/init.d/boot.crypto-early
/lib/cryptsetup
/lib/cryptsetup/boot.crypto.functions
/lib/cryptsetup/checks
/lib/cryptsetup/checks/vol_id
/lib/mkinitrd
/lib/mkinitrd/scripts
/lib/mkinitrd/scripts/boot-luks.sh
/lib/mkinitrd/scripts/setup-luks.sh
/lib/mkinitrd/scripts/setup-luks2.sh
/lib/mkinitrd/scripts/setup-luks_final.sh
/sbin/cryptsetup
/sbin/hashalot
/sbin/rccrypto
/usr/sbin/convert_cryptotab
/usr/share/locale/cs/LC_MESSAGES/cryptsetup.mo
/usr/share/locale/de/LC_MESSAGES/cryptsetup.mo
/usr/share/locale/fr/LC_MESSAGES/cryptsetup.mo
/usr/share/locale/id/LC_MESSAGES/cryptsetup.mo
/usr/share/locale/it/LC_MESSAGES/cryptsetup.mo
/usr/share/locale/nl/LC_MESSAGES/cryptsetup.mo
/usr/share/locale/pl/LC_MESSAGES/cryptsetup.mo
/usr/share/locale/sv/LC_MESSAGES/cryptsetup.mo
/usr/share/locale/vi/LC_MESSAGES/cryptsetup.mo
/usr/share/man/man1/hashalot.1.gz
/usr/share/man/man5/cryptotab.5.gz
/usr/share/man/man5/crypttab.5.gz
/usr/share/man/man8/cryptsetup.8.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Jun 15 03:30:48 2013