Revisions of cryptsetup
buildservice-autocommit
accepted
request 1166583
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 197)
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 197)
baserev update by copy to link target
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1166516
from
Andreas Stieger (AndreasStieger)
(revision 196)
cryptsetup 2.7.2
buildservice-autocommit
accepted
request 1158211
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 195)
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 195)
baserev update by copy to link target
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1157608
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 194)
- Update to 2.7.1: * Fix interrupted LUKS1 decryption resume. With the replacement of the cryptsetup-reencrypt tool by the cryptsetup reencrypt command, resuming the interrupted LUKS1 decryption operation could fail. LUKS2 was not affected. * Allow --link-vk-to-keyring with --test-passphrase option. This option allows uploading the volume key in a user-specified kernel keyring without activating the device. * Fix crash when --active-name was used in decryption initialization. * Updates and changes to man pages, including indentation, sorting options alphabetically, fixing mistakes in crypt_set_keyring_to_link, and fixing some typos. * Fix compilation with libargon2 when --disable-internal-argon2 was used. * Do not require installed argon2.h header and never compile internal libargon2 code if the crypto library directly supports Argon2. * Fixes to regression tests to support older Linux distributions.
buildservice-autocommit
accepted
request 1142597
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 193)
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 193)
baserev update by copy to link target
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1142596
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 192)
- Update to 2.7.0:
* Full changelog in:
mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes
* Introduce support for hardware OPAL disk encryption.
* plain mode: Set default cipher to aes-xts-plain64 and password hashing
to sha256.
* Allow activation (open), luksResume, and luksAddKey to use the volume
key stored in a keyring.
* Allow to store volume key to a user-specified keyring in open and
luksResume commands.
* Do not flush IO operations if resize grows the device.
This can help performance in specific cases where the encrypted device
is extended automatically while running many IO operations.
* Use only half of detected free memory for Argon2 PBKDF on systems
without swap (for LUKS2 new keyslot or format operations).
* Add the possibility to specify a directory for external LUKS2 token
handlers (plugins).
* Do not allow reencryption/decryption on LUKS2 devices with
authenticated encryption or hardware (OPAL) encryption.
* Do not fail LUKS format if the operation was interrupted on subsequent
device wipe.
* Fix the LUKS2 keyslot option to be used while activating the device
by a token.
* Properly report if the dm-verity device cannot be activated due to
the inability to verify the signed root hash (ENOKEY).
* Fix to check passphrase for selected keyslot only when adding
new keyslot.
* Fix to not wipe the keyslot area before in-place overwrite.
* bitlk: Fix segfaults when attempting to verify the volume key.
* Add --disable-blkid command line option to avoid blkid device check.
buildservice-autocommit
accepted
request 1098512
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 191)
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 191)
baserev update by copy to link target
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1098511
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 190)
- luksFormat: Handle system with low memory and no swap space [bsc#1211079]
* Check for physical memory available also in PBKDF benchmark.
* Try to avoid OOM killer on low-memory systems without swap.
* Use only half of detected free memory on systems without swap.
* Add patches:
- cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
- cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
- cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
buildservice-autocommit
accepted
request 1093291
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 189)
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 189)
baserev update by copy to link target
Pedro Monreal Gonzalez (pmonrealgonzalez)
accepted
request 1093121
from
Pedro Monreal Gonzalez (pmonrealgonzalez)
(revision 188)
- Enable running the regression test suite. - Force a regeneration of the man pages from AsciiDoc. - Add LUKS1 and LUKS2 On-Disk Format Specification pdfs to doc. - FIPS: Remove not needed libcryptsetup12-hmac package that contains the HMAC checksums for integrity checking for FIPS. [bsc#1185116] * Remove the cryptsetup-rpmlintrc file. * Remove not needed fipscheck dependency.
buildservice-autocommit
accepted
request 1064730
from
Andreas Stieger (AndreasStieger)
(revision 187)
Andreas Stieger (AndreasStieger)
(revision 187)
baserev update by copy to link target
Andreas Stieger (AndreasStieger)
accepted
request 1064729
from
Andreas Stieger (AndreasStieger)
(revision 186)
cryptsetup 2.6.1
buildservice-autocommit
accepted
request 1055943
from
Andreas Stieger (AndreasStieger)
(revision 185)
Andreas Stieger (AndreasStieger)
(revision 185)
baserev update by copy to link target
Andreas Stieger (AndreasStieger)
accepted
request 1052843
from
Ludwig Nussel (lnussel)
(revision 184)
Replace transitional %usrmerged macro with regular version check (boo#1206798)
buildservice-autocommit
accepted
request 1038821
from
Ludwig Nussel (lnussel)
(revision 183)
Ludwig Nussel (lnussel)
(revision 183)
baserev update by copy to link target
Ludwig Nussel (lnussel)
accepted
request 1038690
from
Paolo Stivanin (polslinux)
(revision 182)
- cryptsetup 2.6.0:
* Introduce support for handling macOS FileVault2 devices (FVAULT2).
* libcryptsetup: no longer use global memory locking through mlockall()
* libcryptsetup: process priority is increased only for key derivation
(PBKDF) calls.
* Add new LUKS keyslot context handling functions and API.
* The volume key may now be extracted using a passphrase, keyfile, or
token. For LUKS devices, it also returns the volume key after
a successful crypt_format call.
* Fix --disable-luks2-reencryption configuration option.
* cryptsetup: Print a better error message and warning if the format
produces an image without space available for data.
* Print error if anti-forensic LUKS2 hash setting is not available.
If the specified hash was not available, activation quietly failed.
* Fix internal crypt segment compare routine if the user
specified cipher in kernel format (capi: prefix).
* cryptsetup: Add token unassign action.
This action allows removing token binding on specific keyslot.
* veritysetup: add support for --use-tasklets option.
This option sets try_verify_in_tasklet kernel dm-verity option
(available since Linux kernel 6.0) to allow some performance
improvement on specific systems.
* Provide pkgconfig Require.private settings.
While we do not completely provide static build on udev systems,
it helps produce statically linked binaries in certain situations.
* Always update automake library files if autogen.sh is run.
For several releases, we distributed older automake scripts by mistake.
* reencryption: Fix user defined moved segment size in LUKS2 decryption.
The --hotzone-size argument was ignored in cases where the actual data
size was less than the original LUKS2 data offset.
* Delegate FIPS mode detection to configured crypto backend.
System FIPS mode check no longer depends on /etc/system-fips file.
* Update documentation, including FAQ and man pages.
buildservice-autocommit
accepted
request 1003455
from
Ludwig Nussel (lnussel)
(revision 181)
Ludwig Nussel (lnussel)
(revision 181)
baserev update by copy to link target
Ludwig Nussel (lnussel)
accepted
request 1003354
from
Luca Boccassi (bluca)
(revision 180)
- Add virtual provides for 'integritysetup' and 'veritysetup' to match package names provided by Fedora/RHEL, to allow the same set of dependencies to be used across all RPM distributions.
buildservice-autocommit
accepted
request 999047
from
Ludwig Nussel (lnussel)
(revision 179)
Ludwig Nussel (lnussel)
(revision 179)
baserev update by copy to link target
Ludwig Nussel (lnussel)
accepted
request 999046
from
Ludwig Nussel (lnussel)
(revision 178)
- cryptsetup 2.5.0:
* Split manual pages into per-action pages and use AsciiDoc format.
* Remove cryptsetup-reencrypt tool from the project and move reencryption
to already existing "cryptsetup reencrypt" command.
If you need to emulate the old cryptsetup-reencrypt binary, use simple
wrappers script running "exec cryptsetup reencrypt $@".
* LUKS2: implement --decryption option that allows LUKS removal.
* Fix decryption operation with --active-name option and restrict
it to be used only with LUKS2.
* Do not refresh reencryption digest when not needed.
This should speed up the reencryption resume process.
* Store proper resilience data in LUKS2 reencrypt initialization.
Resuming reencryption now does not require specification of resilience
type parameters if these are the same as during initialization.
* Properly wipe the unused area after reencryption with datashift in
the forward direction.
* Check datashift value against larger sector size.
For example, it could cause an issue if misaligned 4K sector appears
during decryption.
* Do not allow sector size increase reencryption in offline mode.
* Do not allow dangerous sector size change during reencryption.
* Ask the user for confirmation before resuming reencryption.
* Do not resume reencryption with conflicting parameters.
* Add --force-offline-reencrypt option.
* Do not allow nested encryption in LUKS reencrypt.
* Support all options allowed with luksFormat with encrypt action.
* Add resize action to integritysetup.
* Remove obsolete dracut plugin reencryption example.
* Fix possible keyslot area size overflow during conversion to LUKS2.
* Allow use of --header option for cryptsetup close.
Displaying revisions 1 - 20 of 197
