Package: pinentry-curses
Version: 0.8.3-1
Severity: important
Dear Maintainer,
Since the upgrade to 0.8.3-1 pinentry-curses is no longer able to show
multiline prompts. This is problematic when used with gpg-agent, since for
instance the key ID that is being unlocked is no longer visible.
Here i
tags 736963 patch
thanks
The enclosed patch allows the user's key(s) to be passed as gpg accepts
it that is, as short, 0xshort, long or 0xlong format, as well as
a (formatted or not) fingerprint:
- 0x109E6244
- 109E6244
- 0x39278DA8109E6244
- 39278DA8109E6244
- 7420 DF86 BCE1 5A45 8DCE 997
Package: grub-installer
Version: 1.85
Followup-For: Bug #666974
Tags: patch
Dear Maintainer,
The bug is still present in Wheezy's installer. The enclosed (naive)
patch makes sure grub-installer jumps to state 2 (hence ignores
$default_bootdev) if grub-installer/bootdev is known. It has been
suc
Hi,
I'd also be happy to give a hand by becoming an adopter.
Cheers,
--
Guilhem.
signature.asc
Description: Digital signature
Hi Thijs,
On Sun, 23 Feb 2014 at 14:53:28 +0100, Thijs Kinkhorst wrote:
> Thank you both for your interest.
And thanks for your trust :-)
> If you give me your alioth username I will arrange the commit access.
My alioth username is guilhem-guest. By the way as far as I'm concerned
I'll use git
Interesting. Since 2008-03-16 /usr/share/signing-party/ is explicitly
added to the $PATH. Does your gpg.conf explicitly sets a value for
exec-path?
I'm just curious as I can't reproduce that bug in a clean sid chroot;
But your solution is cleaner is cleaner and more robust since it doesn't
r
That's cool! I cannot think of any side effect either, short of
- that'll only work on POSIX systems (unsure if we care, but it'd
still be possible to fallback to STDIN on non-POSIX systems), and
- one would not longer be able to answer the questions with things like
‘yes | caff …’.
Well you've been warned :-P
[WARN] You have set arguments to pass to Mail::Mailer. Better fix
your MTA. (Also, Mail::Mailer's error reporting is non existant, so
it won't tell you when it doesn't work.)
As for the error itself, it has nothing to do with caff but with the
“non existe
notfound 728543 1.1.5-1
thanks
Hi Carsten,
If anything should depend on libnet-smtp-ssl-perl it should probably be
libmailtools-perl (which provides Mail::Mailer and which signing-party
depends on), not signining-party itself.
libmailtools-perl actually added the dependency somewhere between the
Hi there,
While adding signencrypt support to caff certainly wouldn't hurt, I'm
unsure what is the threat model exactly and what what kind of
vulnerability a message signature would patch. I mean, the only
interesting thing in the messages caff sends is the attachment
(encrypted together with the
On Wed, 21 Aug 2013 at 10:40:38 -0400, Joey Hess wrote:
> caff seems to have its own hard-coded list of keyservers, rather than using
> the same ones I have gpg configured to use. This seems a gratuitous
> duplication
> of configuration.
An alternative would be to grep ~/.gnupg/gpg.conf for ‘keys
Hi Carsten,
On Tue, 25 Feb 2014 at 17:24:43 +0100, Carsten Schoenert wrote:
> So everything should be fine for Jessie or greater. But as I can't check
> Wheezy directly. So a quick search via packages.debian.org shows me the
> dependency is still missing in Wheezy
>
> https://packages.debian.org/
Hi,
Are you sure the issue was encountered using 1.1.4-1? According to the
changelog a similar bug, #590666, was fixed during that release.
I can't reproduce the bug anyway.
Cheers,
--
Guilhem.
signature.asc
Description: Digital signature
tags 659971 patch
thanks
One could use the (core) module I18N::Langinfo to decode
$CONFIG{'owner'} from the user's locale to Perl's internal format.
Also, since the template is expected to be in UTF-8, it needs to be
converted as well.
Cheers,
--
Guilhem.
--- a/usr/bin/caff
+++ b/usr/bin/caf
Oh, I forgot about UIDs, which may need to be converted as well. Patch
updated, sorry for the noise.
--
Guilhem.
diff -ru a/caff/caff b/caff/caff
--- a/caff/caff
+++ b/caff/caff
@@ -321,6 +321,7 @@
use Text::Template;
use MIME::Entity;
use Encode;
+use I18N::Langinfo;
use Fcntl;
use IO::Se
tags 637222 patch
thanks
IMHO an argument against fixing the issue in Mail::Mailer directly is
that the Q-Encoding of the headers is typically done when constructing
the MIME::Entity object. Mail::Mailer extracts the envelope from/to
from the header (or delegated the extraction to eg, sendmail(1
tags 618781 patch
thanks
I think the problem is not with gpgsigs per se, but rather with the
LaTeX output it produces. (As Tanguy hinted at, the text output of
UTF-8 encoded input files seems to be rendered properly.) LaTeX is
in fact known for its poor support of Unicode characters in input fi
Package: signing-party
Version: 1.1.5-1
Severity: normal
Tags: patch
Dear Maintainer,
gpgsigs currently doesn't wrap long UIDs in its LaTeX output. This is
a problem, because after compilation and printing, the full UID is not
always visible on the printout.
I propose the enclosed patch, which
Package: postfix-ldap
Version: 2.10.2-1
Severity: wishlist
Tags: patch
Dear Maintainer,
LDAP SASL binds have been added to Postfix back to v2.8, at the expense
of a flag in the CCARGS [1].
It would be great if postfix-ldap included SASL support. As far as I can
tell, the change boilds down to a
Hi,
On Mon, 16 Jun 2014 at 17:59:45 +0200, Olivier Berger wrote:
> False error : a result of my own customizations.
> Sorry about the bothering.
No problem :-)
It might still be useful to fix this (which looks like a race condition
and/or unexpected output from gpg). Would you mind sharing your
Hi,
On Tue, 19 Mar 2013 15:47:18 +0100 Dominik George wrote:
> it actually tells you about the wrong permissions when you tell it to
> continue after the error. Which is really not very helpful.
I pushed a patch to make it dump gpg's standard error after importing
the keys, meaning you'd get
Hi,
In fact the manpage says (all) subkeys are removed by default unless pgp-clean
is used with flag -s:
-s --export-subkeys
Do not remove subkeys. (Pruned by default.)
Cheers,
--
Guilhem.
signature.asc
Description: Digital signature
Hi,
Ideally solving this bug would solve #637115 as well. But I couldn't
find a nice way to integrate mutt (probably other MUAs as well) with
caff. First I've got two questions:
1/ Do you want to interact with the MUA (for instance to edit the
headers), or should it work in batch mode?
Control: found -1 2013.60-1
Hi,
I fully second this patch. Would be great to see it applied in Jessie ;-)
Another common use case is where the dropbear in the ramdisk should
listen on a port other than 22: then a simple firewall rule can make
it inaccessible from the whole world while keeping t
Hi there,
In case you would like to try it out and give feedback before the
release, I pushed a fixed to the repository.
svn://svn.debian.org/pgp-tools/trunk/
gpgparticipants formatted content is now accepted on caff's STDIN.
(Only v4 keys annotated with "Fingerprint OK" and "ID OK" are c
Package: mutt
Version: 1.5.22-1
Severity: normal
Tags: patch
Dear Maintainer,
As signing-party's pgpring, Mutt's does not look at the right field as
key lengh for DSA and Elgamal keys, which results to an incorrect
output similar to that reported in #602284. The attached patch, adapted
from Fab
On Tue, 21 Nov 2010 at 20:51:12 +0100, Franck Joncourt wrote:
> Is there a proper document which explains to us how the fields are organized
> in a
> keyblock according to the algorithm used? I have looked at the gnupg sources,
> and found a bit of information in build_packet.c, but this is still
Control: tag -1 wontfix
Hi,
On Thu, 20 Mar 2014 21:51:52 -0700, H. S. Teoh wrote:
> I'm also running into this problem, caff insists on sending email with
> MAIL FROM as username@localhost instead of the value I set in
> $CONFIG{'email'}. I've tried Todd Lyons' workaround but it still
> didn't wo
Hi,
While your tool would certainly be a valuable addition to signing-party,
a blocker is that it gets the digest algorithm on certificate signatures
by parsing the output of ‘--list-packets’, which as far as I can tell
isn't documented.
IMHO a better (and faster) approach would be, as you hinted
Hi Jonas,
This looks useful indeed, but after a quick look at the code it doesn't
really appeal to me, as the script seems rather unfinished.
Also, I find it rather confusing that it's not possible not to report
expired/revoked subkeys in case the key has other valid subkey(s)
covering the same c
Hi,
I wonder if these scripts are still useful? As of 1.1.6-1 caff is able
to parse key fingerprints directly from a gpgparticipants(1) format (and
annotated) list. See also #622560:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622560
Cheers,
--
Guilhem.
signature.asc
Description: Di
Hi Stefan,
On Wed, 07 May 2014 at 11:25:37 +0200, Stefan Huber wrote:
> gpgparticipants sets LC_CTYPE=C.UTF-8 for gpg when printing each key.
> On systems where C.UTF-8 is not available (e.g., Gentoo), the fallback
> locale causes the output not to be UTF-8 encoded, even if the
> overridden LC_CTY
Hi Ralf,
On Mon, 02 Jun 2014 at 22:22:15 +0200, Ralf Jung wrote:
> After setting up caff as described in https://wiki.debian.org/caff, I still
> get the following warnings when caff sends a mail
>
> Use of uninitialized value $name in pattern match (m//) at
> /usr/share/perl5/Mail/Internet.pm li
Hi,
Is there a reason *not* to enable SASL binds in postfix-ldap? After
all, dict_ldap.so is linked against libsasl and OpenLDAP's libldap,
which does support SASL binds. Furthermore, ldap_table(5) and
/usr/share/doc/postfix/LDAP_README.gz already mention SASL binds (OK
it's written that their a
Control: retitle -1 Mail::Internet spews warnings for unnamed users
Control: reassign -1 libmailtools-perl 2.12-1
Control: tag -1 patch
(split /,/, $name)[0] is undefined when $name is the empty string.
--
Guilhem.
--- a/Mail/Internet.pm
+++ b/Mail/Internet.pm
@@ -532,7 +532,7 @@
# se
Package: netcat-openbsd
Version: 1.105-7
Severity: normal
Dear Maintainer,
An interesting feature available in the new release is the addition of
a ‘-F’ flag, to pass the first connected socket to the standard output
and exit. (This is useful with the ‘ProxyUseFdPass’ option in OpenSSH
6.5 or l
Control: severity -1 important
Hi Ilario,
First off, thanks for this thorough report :-)
This seems to be due to gpg ignoring signatures under the cutoff
certification level (2 by default) when exporting with the
‘export-clean’ option.
Compare the output of the following two lines:
gpg --min
Control: notfound -1 1.4.16-1.1
Contol: merge -1 735363
This seems to be working now:
gpg --export $keyID | gpg --homedir $(mktemp -d --tmpdir gpg.XX)
--trust-model=always --import
--
Guilhem.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (990, '
Package: gnupg2
Version: 2.0.23-1
Severity: important
Dear Maintainer,
gnupg2 is also affected by #735363 (and #737128).
$ gpg --export $keyID | gpg2 --homedir $(mktemp -d) --trust-model=always
--import
gpg: keyring `/tmp/tmp.CgvawKyhkU/secring.gpg' created
gpg: keyring `/tmp/tmp.Cg
On Wed, 11 Jun 2014 at 17:56:50 +0200, Ilario Gelmetti wrote:
> I have to retire my statement on Key2: the problem is present also with
> this key. To verify this I created a new gpg key with an empty pubring
> and tried to sign with caff that Key2 and it didn't work. With my main
> key I didn't se
Package: busybox
Version: 1:1.22.0-6
Severity: wishlist
Dear Maintainer,
In udebs, it is common to redirect the standard output of a command to
a fifo, and use that to display progress bars in the installer.
trap 'kill $pid' EXIT
/path/to/command >"$fifo" &
while read -u 7 n; do
Package: pinentry-curses
Version: 0.8.3-2
Severity: normal
Tags: upstream
Dear Maintainer,
When two parallel instance gpg(1) prompt the user for a passphrase,
there should be a locking mechanism to avoid both pinentry to try to
modify the TTY at the same time.
The problem is visible in the follo
On Wed, 07 May 2014 at 14:22:30 +0200, Stefan Huber wrote:
> Thank you for applying the patch. Since you apply LANGUAGE=en to gpg,
> you may want to look into using LC_TIME=en for /bin/date, such that the
> time on the first line is given in English?
As ‘en’ is not a valid locale, I think date(1)
Control: tag -1 moreinfo
Hi Nik,
mutt is capable of tagging messages matching a given pattern, and of
applying an action on all tagged messages, hence your second motivating
point is untrue IMHO.
That said, I believe your tool can be of interest, and possibly to mutt
users as well. I've got a w
Package: mysql-server
Version: 5.5.35+dfsg-2
Severity: normal
Dear Maintainer,
When installing a MySQL server in a non-interactive environment (for
instance using a configuration manager):
DEBIAN_FRONTEND=noninteractive apt-get install mysql-server
The post-install hook currently creates a ro
Package: slapd
Version: 2.4.39-1
Severity: wishlist
Dear Maintainer,
When installing slapd in a non-interactive environment (for instance
using a configuration manager):
DEBIAN_FRONTEND=noninteractive apt-get install slapd
Currently a new database ‘olcDatabase={1}hdb,cn=config’ is automatical
Package: debian-maintainers
Severity: normal
Hi there,
This is my annual ping. I'm still active in Debian, so please keep my
key in the DM keyring.
Cheers,
--
Guilhem.
signature.asc
Description: Digital signature
Control: title -1 RFS: dropbear/2015.68-1 - lightweight SSH2 server and client
Hi Gerrit & al.,
On Wed, 16 Sep 2015 at 12:19:39 +, Gerrit Pape wrote:
> Comaintenance is fine too.
Awesome, thanks! I've therefore removed the NMU annotations and
uploaded 2015.68-1 to m.d.n:
dget -x
http://
Control: tag -1 moreinfo
Hi there,
I wonder what's the best way to close this. dropbear and openssh-client
can currently coexist, because the SSH clients have different binary
names: /usr/bin/dbclient and /usr/bin/ssh. We could also install
dropbear SCP binary to e.g., /usr/bin/dbscp to have a
Hi Helmut & Gianfranco,
By the way if you don't have time or are no longer interested in
sponsoring this upload (which is no longer an NMU by the way) please
just say it out loud so I can poke debian-mentors@l.d.o again :-)
Thanks!
Cheers,
--
Guilhem.
signature.asc
Description: Digital signatu
d:
dget -x http://mentors.debian.net/debian/pool/main/n/netmask/netmask_2.4.0.dsc
Changes since the last upload:
[ Robert Stone ]
* New upstream release. (Closes: #79512.)
[ Guilhem Moulin ]
* New maintainer. (Closes: #784185.)
* debian/compat: bump debhelper compatibility level f
Hi,
On Mon, 21 Sep 2015 at 15:03:16 +, Gianfranco Costamagna wrote:
> +Maintainer: Guilhem Moulin
> +Uploaders: Gerrit Pape ,
>
> I would do the opposite, but well, as you wish :)
I don't mind either way :-) But why would you swap the addresses? (Yes
I read section 3.3
Source: roundcube
Severity: wishlist
Hi there,
Since Roundcube didn't make it to Jessie, I am stuck with Wheezy's
0.7.2-9+deb7u1 (or Wheezy-bpo's 0.9.5-1~bpo70+1) unless I add testing to
the sources.list.
I think it'd be great to provide 1.1.2 to Jessie-bpo instead. Is there
a technical reason
Hi! Thanks for your interest. And generally for your mentoring work :-)
On Fri, 25 Sep 2015 at 12:11:54 +, Gianfranco Costamagna wrote:
>> I don't mind either way :-) But why would you swap the addresses?
>> (Yes I read section 3.3 of the policy, it didn't help me
>> understanding.)
>
> fo
On Fri, 25 Sep 2015 at 13:59:11 +, Gianfranco Costamagna wrote:
>> Making people upset was certainly not my intention. And it's precisely
>> because I don't have upload rights that I didn't put my name in the
>> Uploaders fields. Anyway I don't care either way, so if it's less
>> controversia
Hi Paul,
On Wed, 23 Sep 2015 at 18:03:41 +0200, Paul Wise wrote:
> The source package should not be a native source package as netmask
> isn't Debian specific.
It has however (to my surprise as well) been a native package since its
integration to Debian in 1999. Just made it non-native as you
su
On Wed, 23 Sep 2015 at 07:28:32 +0200, Vincent Bernat wrote:
> ❦ 23 septembre 2015 00:05 +0200, Sandro Knauß :
>
>>> I think it'd be great to provide 1.1.2 to Jessie-bpo instead. Is there
>>> a technical reason why it's not there already? 1.1.2+dfsg.1-4 builds
>>> fine in a Jessie chroot. If i
Hi there,
On Thu, 30 Jul 2015 at 22:21:21 +0200, Helmut Grohne wrote:
> In general, I'd find sponsoring this NMU much easier if the package
> split and the fixing of those many bugs could happen in separate
> uploads. Each part is complex and the fallout is hard to estimate. I
> understand that su
Hi Gianfranco,
On Thu, 20 Aug 2015 at 07:23:55 +, Gianfranco Costamagna wrote:
> I didn't follow the thread, and seems that other DDs are already caring of
> this one, so I would just put my .02$ (and let me know if you need a review
> or help).
Thanks! So far only Helmut has given feedback
Control: severity -1 wishlist
Control: merge-1 739407
On Sun, 03 Jul 2016 at 23:41:30 +0200, Guilhem Moulin wrote:
> On Mon, 04 Apr 2016 at 14:47:43 +0200, Thomas Leuxner wrote:
>> Complete debdiff against 3.1.0-1 attached. Please consider importing.
>
> I'd like to s
On Wed, 09 Nov 2016 at 11:42:29 -0500, Scott Kitterman wrote:
> We do want to make this a separate binary, so it's a bit more
> complicated than the patch in the bug.
Thomas Leuxner's patch from #815659 msg. #45 adds a new binary package
postfix-lmdb including the relevant .so, in the fashion of p
On Thu, 23 Jun 2016 at 13:29:44 +0200, Tomas Janousek wrote:
> Is there perhaps something we can do to help?
Right. Aron, if you need help with this package, would you be
interested in co-maintenance? The package is in collab-maint already so
hopefully it won't be too much overhead to jump in.
.4+dfsg1-2.1
ii libyajl22.1.0-2
libvirt-clients recommends no packages.
Versions of packages libvirt-clients suggests:
ii libvirt-daemon 2.4.0-1+b1
-- no debconf information
From 45494adf56fbfa69ed69226e0bee4c584ffda167 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin
Date: Thu, 1
Package: libvirt-daemon
Version: 2.4.0-1+b1
Severity: normal
Tags: patch
Dear Maintainer,
Pinning domain processes and vCPUs to physical CPUs increases cache
efficiency [0]. One can add a ‘cpuset’ attribute to the element
to explicitely list physical CPU numbers [1]; however I find it more
flex
On Thu, 10 Nov 2016 at 18:14:31 +0800, Aron Xu wrote:
> On Thu, Nov 10, 2016 at 5:04 PM, Guilhem Moulin wrote:
>> Right. Aron, if you need help with this package, would you be
>> interested in co-maintenance? The package is in collab-maint already so
>> hopefully it won&#
On Fri, 11 Nov 2016 at 03:40:32 +0100, Guilhem Moulin wrote:
> On Thu, 10 Nov 2016 at 18:14:31 +0800, Aron Xu wrote:
>> On Thu, Nov 10, 2016 at 5:04 PM, Guilhem Moulin wrote:
>>> Right. Aron, if you need help with this package, would you be
>>> interested in co-main
ptsetup-1.7.3/debian/changelog 2017-05-09 13:50:59.0 +0200
@@ -1,3 +1,16 @@
+cryptsetup (2:1.7.3-4) unstable; urgency=high
+
+ [ Guilhem Moulin ]
+ * Drop obsolete update-rc.d parameters. Thanks to Michael Biebl for the
+patch. (Closes: #847620)
+ * debian/copyright: Fix license m
Package: dropbear
Version: 2014.65-1+deb8u2
Severity: grave
Tags: security
Justification: user security hole
dropbear 2017.75 was released [0] on May 18 and fixes the following two
security vulnerabilities, for which no CVE was assigned yet AFAIK [1].
- Security: Fix double-free in server TCP
Hi intrigeri,
On Sun, 02 Apr 2017 at 09:50:55 +0200, intrigeri wrote:
> So at this point, I suggest this bug is reassigned to cryptsetup, and
> option 3 is implemented there. But downgrading to non-RC and leaving
> things as-is seems acceptable to me as well.
>
> Thoughts?
I think the proper fix
ive value
+to "-q" now implies "-N"; in particular, "-q0" is now a mere alias for
+"-N". (Closes: #854292)
+
+ -- Guilhem Moulin Fri, 03 Mar 2017 20:32:55 +0100
+
netcat-openbsd (1.130-2) unstable; urgency=medium
* Fix handling of del
Control: tag -1 pending
Hi,
On Sat, 11 Mar 2017 at 20:29:11 +0100, Salvatore Bonaccorso wrote:
> 1.2.4 roundcube release fixed a XSS issue in handling of a style tag
> inside of an svg element.
Thanks for the ping and the pointers! I applied the fix to 1.2.3
(unstable) and 1.1.5 (jessie-backpor
Control: reopen -1
Control: tag -1 pending
On Tue, 14 Mar 2017 at 07:40:34 +0100, Vincent Bernat wrote:
> Both of them uploaded.
Crap, I shouldn't work in the middle of the night, I forgot to add the
patch to the debian/patches/series… Fixed in the VCS, sorry for the
inconvenience. :-(
--
Guil
Control: tag -1 patch
Was an easy one, patch attached.
Thanks for maintaining repro in Debian!
--
Guilhem.
diff --git a/debian/libresiprocate-1.11.install b/debian/libresiprocate-1.11.install
index 3fa33baaf..b9c8b98eb 100644
--- a/debian/libresiprocate-1.11.install
+++ b/debian/libresiprocate-
Hi Francois,
On Fri, 03 Mar 2017 at 17:10:19 +0100, Francois Gouget wrote:
> But does the -q option still do anything at all?
-q0 is the default since 1.89-4, see #502188. From debian/Changelog:
Quit immediately after EOF if -q is not given (i.e. make the default
equivalent to -q 0). Th
Control: tag -1 pending
I just pushed a fix with the following debian/changelog snippet:
Change defaults from "-q0" to "-q-1" to match upstream defaults since the
introduction of flag "-N" in version 1.110. Passing a non-negative value
to "-q" now implies "-N"; in particular, "-q0" i
Package: apt-listbugs
Version: 0.1.23
Severity: normal
Dear Maintainer,
As the manpage indicates, apt-listbugs connects to bugs.debian.org:80 by
default:
~$ apt-listbugs -d list . 2>/dev/null | grep -A4 '= Request'
= Request
! CONNECT TO bugs.debian.org:80
! CONNECTION ESTABLISH
First of, apologizes for opening duplicate #856844… I apparently
overlooked this one while browsing though the list of existing bug
reports :-/
On Thu, 30 Jul 2015 at 22:35:17 +0200, Francesco Poli wrote:
> Now, the bad news is that I remembered that the libruby module
> providing SSL support lin
Control: reopen -1
Control: found -1 1.130-3
Control: tag-1 upstream
On Mon, 12 Dec 2016 at 15:18:53 +, Guilhem Moulin wrote:
> We believe that the bug you reported is fixed in the latest version of
> netcat-openbsd, which is due to be installed in the Debian FTP
> archive.
M
Control: tag -1 pending
On Fri, 28 Apr 2017 at 12:25:02 +0200, Salvatore Bonaccorso wrote:
> the following vulnerability was published for roundcube.
>
> CVE-2017-8114[0]:
> security issue in virtualmin and sasl drivers
Thanks, pushed. Sandro, Vincent, would you mind tagging & uploading?
--
G
Package: cryptsetup
Version: 2:1.6.1-1
Severity: important
Tag: pending
Upstream changed sub-libraries license from GPLv2 only to LGPLv2.1+ in
7eccb7ff [0], but as of 2:1.7.3-3 debian/copyright lists GPLv2+ for all
files.
--
Guilhem.
[0]
https://gitlab.com/cryptsetup/cryptsetup/commit/7eccb7ff
Control: severity -1 serious
Control: tag -1 pending
Control: retitle -1 cryptsetup: cryptroot-hook doesn't honor initramfs-tools'
(>= 0.129) logic for resume devices
On Mon, 24 Apr 2017 at 13:46:06 +0200, Thorsten Glaser wrote:
> bwh indicates that this is a bug in cryptsetup.
> If initram
Control: affect -1 libvirt-clients
Hi Klaus,
On Sun, 5 Feb 2017 at 20:50:39 +0100, Klaus Ethgen wrote:
> The solution for #849192 in version 1.130-2 creates a regression. Some
> connections in qemu net cmds (-net user,guestfwd=tcp:X.X.X.X:xx-"cmd:nc
> X.X.X.X xx") will now hang forever after rece
ons welcome.
Cheers,
--
Guilhem.
From ad449c5b2d84f3d093a0e3ba2667fc3e282aa8f8 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin
Date: Wed, 9 Dec 2015 04:53:41 +0100
Subject: [PATCH] Add support for storing keyfiles directly in the initrd.
---
debian/README.initramfs | 18 ++
debian
Control: merge 776409 -1
Hi,
Yeah, it's because in the initramfs (before pivot_root) the key files
are relative to the real rootfs's mountpoint (/root). Sergio Gelato has
found another workaround [0] using a dummy keyscript.
I'll see how to support this use case natively. As documented in
cryp
Exporting the variable initramfs.conf will do the trick. That's
somewhat dirty though, we should probably source that file in the hook
file instead.
--
Guilhem.
signature.asc
Description: PGP signature
It looks like the initramfs image can't find the cryptsetup binary
somehow. What's the output of ‘lsinitramfs /initrd.img | grep cryptsetup’?
--
Guilhem.
signature.asc
Description: PGP signature
Control: tag -1 moreinfo
Hi Rick,
On Sun, 27 Sep 2015 at 03:40:29 -0700, Rick Thomas wrote
> aux
> /dev/disk/by-id/ata-VMware_Virtual_IDE_Hard_Drive_0101-part1
> /dev/disk/by-label/keys:/keys
> luks,noearly,keyscript=/lib/cryptsetup/scripts/passdev
What is ‘/dev/mapper/aux’ u
Control: severity -1 minor
Hi dkg,
On Sat, 21 Feb 2015 at 19:58:43 -0500, Daniel Kahn Gillmor wrote:
> these ReleaseNotes files aren't large. It would be nice to include at
> least the latest few ReleaseNotesin the debian package's docs
> directory.
In fact they're all in /usr/share/doc/cryptse
I forgot an important piece of information: UMASK should be changed to
0077 to ensure that regular users can't access the keys.
-8<-->8-
diff --git a/debian/README.initramfs b/debian/README.initramfs
index ce7e01a..85f8828 100644
---
Hi Ole,
Are you aware of the “passdev” keyscript? (See
/usr/share/doc/cryptsetup/README.initramfs.gz section 10.) Does your
patch have any advantage over that script?
Cheers,
--
Guilhem.
signature.asc
Description: PGP signature
ep 17 00:00:00 2001
From: Guilhem Moulin
Date: Wed, 9 Dec 2015 21:33:16 +0100
Subject: [PATCH] d/initramfs/cryptroot-hook: Display a warning for invalid
source devices.
---
debian/changelog| 2 ++
debian/initramfs/cryptroot-hook | 4
2 files changed, 6 insertions(+)
diff --git
Sorry, typo :-(. Patch updated.
--
Guilhem.
From c4bcd1acdc3f65f5ce7943345d529b50bbeb21fb Mon Sep 17 00:00:00 2001
From: Guilhem Moulin
Date: Wed, 9 Dec 2015 21:42:19 +0100
Subject: [PATCH] d/initramfs/cryptroot-hook: Display a warning for invalid
source devices.
---
debian/changelog
On Wed, 09 Dec 2015 at 21:43:35 +0100, Guilhem Moulin wrote:
> Sorry, typo :-(. Patch updated.
…and again. Sorry for the noise.
--
Guilhem.
From c4bcd1acdc3f65f5ce7943345d529b50bbeb21fb Mon Sep 17 00:00:00 2001
From: Guilhem Moulin
Date: Wed, 9 Dec 2015 21:42:19 +0100
Subject: [PATCH
Hi Jonas,
On Wed, 09 Dec 2015 at 23:28:51 +0100, Jonas Meurer wrote:
> Am 09.12.2015 um 19:58 schrieb Guilhem Moulin:
>> I forgot an important piece of information: UMASK should be changed to
>> 0077 to ensure that regular users can't access the keys.
>
> Sounds reas
Control: reopen -1
On Wed, 09 Dec 2015 at 23:50:58 +0100, Jonas Meurer wrote:
> The homepage URL will be updated with the next upload.
> […]
> Therefore I'm closing this bugreport.
And I'm reopening it, because the URL for “full commit messages” is incorrect
in upstream's changelog (as of 1.7.0):
Package: initramfs-tools
Severity: normal
X-Debug-CC: pkg-cryptsetup-de...@lists.alioth.debian.org
Dear Maintainer,
AFAIK there is no documentation for where users should set variables to
configure an initramfs hook. There are a couple of workaround, all
hacky and/or relying on undocumented prop
s/X-Debug-CC/X-Debbugs-CC/
--
Guilhem.
signature.asc
Description: PGP signature
Hi Ben,
On Fri, 10 Apr 2015 at 02:40:53 +0100, Ben Hutchings wrote:
> cryptsetup needs to adjust the key file paths when unlocking volumes
> from the initramfs, because at this point the 'real' root filesystem is
> mounted at /root.
Can we really assume in the hook file that the roofs will be mou
On Thu, 10 Dec 2015 at 12:15:33 +0100, Jonas Meurer wrote:
> - redefine the purpose of files in conf-hooks.d to set variables that
> are made available to mkinitramfs *and* the hook scripts.
On second thought it might not be ideal to use the same file for both,
as exporting all variable to the hoo
On Fri, 11 Dec 2015 at 01:48:24 +, Ben Hutchings wrote:
> So don't assume; add $rootmnt to the beginning of the paths.
Sure. I was only wondering if the documentation was outdated since you
said /root not $rootmnt in message 61.
--
Guilhem.
signature.asc
Description: PGP signature
1 - 100 of 1095 matches
Mail list logo
