Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: cryptse...@packages.debian.org Control: affects -1 + src:cryptsetup
[ Reason ] 1. cryptsetup-suspend 2:2.6.1-4~deb12u1 was found incompatible with systemd 254.1-3 and later, in particular with systemd/bookworm-backports. 2. cryptsetup-initramfs 2:2.6.1-4~deb12u2 dos not support kernel shipping compressed modules under MODULES=dep, as is done by default with linux 6.6 (currently in Debian experimental). [ Impact ] 1. Users installing systemd from bookworm-backports will not be able to use cryptsetup-suspend to suspend-on-ram. 2. Users installing linux ≥6.6.4-1~exp1 will not be able to boot under MODULES=dep when there is any device to be unlocked at initramfs stage. (initramfs.conf(5)'s defaults to MODULES=most, but not being able to boot anymore is obviously a serious regression.) [ Tests ] DEP-8 check suspend-on-ram and initramfs unlocking for various setups, all using stock bookworm packages. In addition, manual tests were made to check behaviour with systemd/bookworm-backports and/or linux-image-amd64/ experimental. [ Risks ] The patches were backported from sid, where 2:2.6.1-5 resp. 2:2.6.1-6 was uploaded to on Aug 27 resp. Dec 05. The diff is pretty trivial and doesn't affect libcryptsetup12 nor cryptsetup-bin. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [x] the issue is verified as fixed in unstable [ Changes ] * Also add compressed kernel modules in the initramfs hook script. * Fix DEP-8 tests to work with compressed kernel modules. * Don't error out when /lib/systemd/system-sleep does not exist (cf. #1036920 and #1050606). -- Guilhem.
diffstat for cryptsetup-2.6.1 cryptsetup-2.6.1
changelog | 18 ++++++++++++++++++
initramfs/hooks/cryptroot | 4 ++--
salsa-ci.yml | 1 +
scripts/suspend/cryptsetup-suspend-wrapper | 1 +
tests/cryptroot-legacy.d/mock | 2 +-
tests/utils/mkinitramfs | 9 ++++-----
6 files changed, 27 insertions(+), 8 deletions(-)
diff -Nru cryptsetup-2.6.1/debian/changelog cryptsetup-2.6.1/debian/changelog
--- cryptsetup-2.6.1/debian/changelog 2023-04-21 00:54:29.000000000 +0200
+++ cryptsetup-2.6.1/debian/changelog 2023-12-18 03:41:04.000000000 +0100
@@ -1,3 +1,21 @@
+cryptsetup (2:2.6.1-4~deb12u2) bookworm; urgency=medium
+
+ [ Michael Biebl ]
+ * cryptsetup-suspend-wrapper: Don't error out on missing
+ /lib/systemd/system-sleep directory as systemd 254.1-3 and later no longer
+ ship empty directories. (Closes: #1050606)
+
+ [ Kevin Locke ]
+ * cryptsetup-initramfs: Add support for compressed kernel modules, which is
+ the default as linux-image 6.6.4-1~exp1. (Closes: #1036049, #1057441)
+
+ [ Guilhem Moulin ]
+ * add_modules(): Change suffix drop logic to match initramfs-tools.
+ * Fix DEP-8 tests with kernels shipping compressed modules.
+ * d/salsa-ci.yml: Set RELEASE=bookworm.
+
+ -- Guilhem Moulin <guil...@debian.org> Mon, 18 Dec 2023 03:41:04 +0100
+
cryptsetup (2:2.6.1-4~deb12u1) bookworm; urgency=medium
* Rebuild for Bookworm.
diff -Nru cryptsetup-2.6.1/debian/initramfs/hooks/cryptroot
cryptsetup-2.6.1/debian/initramfs/hooks/cryptroot
--- cryptsetup-2.6.1/debian/initramfs/hooks/cryptroot 2023-04-21
00:54:29.000000000 +0200
+++ cryptsetup-2.6.1/debian/initramfs/hooks/cryptroot 2023-12-18
03:41:04.000000000 +0100
@@ -266,8 +266,8 @@
add_modules() {
local glob="$1" found=n
shift
- for mod in $(find -H "$@" -name "$glob.ko" -type f -printf '%f\n'); do
- manual_add_modules "${mod%.ko}"
+ for mod in $(find -H "$@" -name "$glob.ko*" -type f -printf '%f\n'); do
+ manual_add_modules "${mod%%.*}"
found=y
done
[ "$found" = y ] && return 0 || return 1
diff -Nru cryptsetup-2.6.1/debian/salsa-ci.yml
cryptsetup-2.6.1/debian/salsa-ci.yml
--- cryptsetup-2.6.1/debian/salsa-ci.yml 2023-04-21 00:54:29.000000000
+0200
+++ cryptsetup-2.6.1/debian/salsa-ci.yml 2023-12-18 03:41:04.000000000
+0100
@@ -3,6 +3,7 @@
-
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml
variables:
+ RELEASE: 'bookworm'
# Skip all DEP-8 tests except 'cryptroot-lvm': each 'cryptroot-*' test
# takes 20-30min on Salsa CI runners as they don't support KVM acceleration
# cf. https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/266 ,
diff -Nru cryptsetup-2.6.1/debian/scripts/suspend/cryptsetup-suspend-wrapper
cryptsetup-2.6.1/debian/scripts/suspend/cryptsetup-suspend-wrapper
--- cryptsetup-2.6.1/debian/scripts/suspend/cryptsetup-suspend-wrapper
2023-04-21 00:54:29.000000000 +0200
+++ cryptsetup-2.6.1/debian/scripts/suspend/cryptsetup-suspend-wrapper
2023-12-18 03:41:04.000000000 +0100
@@ -46,6 +46,7 @@
# Run all executable scripts in directory SYSTEM_SLEEP_PATH with arguments ARGS
# mimic systemd behavior
run_dir() {
+ [ -d "$SYSTEM_SLEEP_PATH" ] || return 0
find "$SYSTEM_SLEEP_PATH" -type f -executable -execdir {} "$@" \;
}
diff -Nru cryptsetup-2.6.1/debian/tests/cryptroot-legacy.d/mock
cryptsetup-2.6.1/debian/tests/cryptroot-legacy.d/mock
--- cryptsetup-2.6.1/debian/tests/cryptroot-legacy.d/mock 2023-04-21
00:54:29.000000000 +0200
+++ cryptsetup-2.6.1/debian/tests/cryptroot-legacy.d/mock 2023-12-18
03:41:04.000000000 +0100
@@ -17,7 +17,7 @@
# assume MODULES=dep won't add too many modules
# XXX lsinitramfs doesn't work on /initrd.img with COMPRESS=zstd, cf. #1015954
-$out = shell(q{lsinitramfs /boot/initrd.img-`uname -r` | grep -Ec
"^(usr/)?lib/modules/.*\.ko$"});
+$out = shell(q{lsinitramfs /boot/initrd.img-`uname -r` | grep -Ec
"^(usr/)?lib/modules/.*\.ko(\.[a-z]+)?$"});
die "$out == 0 or $out > 50" unless $out =~ s/\r?\n\z// and $out =~
/\A([0-9]+)\z/ and $out > 0 and $out <= 50;
# check cipher and key size
diff -Nru cryptsetup-2.6.1/debian/tests/utils/mkinitramfs
cryptsetup-2.6.1/debian/tests/utils/mkinitramfs
--- cryptsetup-2.6.1/debian/tests/utils/mkinitramfs 2023-04-21
00:54:29.000000000 +0200
+++ cryptsetup-2.6.1/debian/tests/utils/mkinitramfs 2023-12-18
03:41:04.000000000 +0100
@@ -67,14 +67,13 @@
depmod -ab "$EXTRACT_DIR" "$KERNEL_VERSION"
for kmod in virtio_console virtio_blk virtio_pci virtio_rng \
- "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/arch/*/crypto/*.ko \
- "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/crypto/*.ko \
+ "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/arch/*/crypto/*.ko* \
+ "$EXTRACT_DIR/lib/modules/$KERNEL_VERSION"/kernel/crypto/*.ko* \
$MODULES; do
kmod="${kmod##*/}"
- modprobe -aid "$EXTRACT_DIR" -S "$KERNEL_VERSION" --show-depends
"${kmod%.ko}"
-done | while read -r insmod kmod; do
+ modprobe -aid "$EXTRACT_DIR" -S "$KERNEL_VERSION" --show-depends
"${kmod%%.*}"
+done | while read -r insmod kmod _; do
[ "$insmod" = "insmod" ] || continue
- [ "$kmod" = "${kmod%.ko *}" ] || kmod="${kmod%.ko *}.ko"
kmod_rel="${kmod#"$EXTRACT_DIR/lib/modules/$KERNEL_VERSION/"}"
if [ ! -f "$kmod" ] || [ "${kmod_rel#kernel/}" = "$kmod_rel" ]; then
echo "Error: Unexpected modprobe output: $insmod $kmod" >&2
signature.asc
Description: PGP signature
