[dm-crypt] [ANNOUNCE] cryptsetup 1.2.0-rc1 (test release candidate)

Arno Wagner arno at wagner.name
Fri Nov 19 02:01:26 CET 2010


Compiles and installs fine. What is the new output line
for 'type' on 'cryptestup status'?:


  type:  PLAIN


Arno


On Tue, Nov 16, 2010 at 09:58:51AM +0100, Milan Broz wrote:
> Cryptsetup 1.2.0 (rc1) Release Notes
> ====================================
> 
> The first cryptsetup 1.2.0-rc1 release candidate is available at
> 
>    http://code.google.com/p/cryptsetup/
> 
> Feedback and bug reports are welcomed.
> 
> Changes since version 1.1.3
> 
> Important changes
> ~~~~~~~~~~~~~~~~~
> 
>  * Add text version of *FAQ* (Frequently Asked Questions) to distribution.
> 
>  * Add selection of random/urandom number generator for luksFormat
>  (option --use-random and --use-urandom).
> 
>  (This affects only long term volume key in *luksFormat*,
>  not RNG used for salt and AF splitter).
> 
>   You can also set the default to /dev/random during compilation with
>   --enable-dev-random. Compiled-in default is printed in --help output.
> 
>   Be very careful before changing default to blocking /dev/random use here.
> 
>  * Fix *luksRemoveKey* to not ask for remaining keyslot passphrase,
>  only for removed one.
> 
>  * No longer support *luksDelKey* (replaced with luksKillSlot).
>   * if you want to remove particular passphrase, use *luksKeyRemove*
>   * if you want to remove particular keyslot, use *luksKillSlot*
> 
>  Note that in batch mode *luksKillSlot* allows removing of any keyslot
>  without question, in normal mode requires passphrase or keyfile from
>  other keyslot.
> 
>  * *Default alignment* for device (if not overridden by topology info)
>  is now (multiple of) *1MiB*.
>  This reflects trends in storage technologies and aligns to the same
>  defaults for partitions and volume management.
> 
>  * Allow explicit UUID setting in *luksFormat* and allow change it later
>  in *luksUUID* (--uuid parameter).
> 
>  * All commands using key file now allows limited read from keyfile using
>  --keyfile-size and --new-keyfile-size parameters (in bytes).
> 
>  This change also disallows overloading of --key-size parameter which
>  is now exclusively used for key size specification (in bits.)
> 
>  * *luksFormat* using pre-generated master key now properly allows
>  using key file (only passphrase was allowed prior to this update).
> 
>  * Add --dump-master-key option for *luksDump* to perform volume (master)
>  key dump. Note that printed information allows accessing device without
>  passphrase so it must be stored encrypted.
> 
>  This operation is useful for simple Key Escrow function (volume key and
>  encryption parameters printed on paper on safe place).
> 
>  This operation requires passphrase or key file.
> 
>  * The reload command is no longer supported.
>  (Use dmsetup reload instead if needed. There is no real use for this
>  function except explicit data corruption:-)
> 
>  * Cryptsetup now properly checks if underlying device is in use and
>  disallows *luksFormat*, *luksOpen* and *create* commands on open
>  (e.g. already mapped or mounted) device.
> 
>  * Option --non-exclusive (already deprecated) is removed.
> 
> Libcryptsetup API additions:
> 
>  * new functions
>   * crypt_get_type() - explicit query to crypt device context type
>   * crypt_resize() - new resize command using context
>   * crypt_keyslot_max() - helper to get number of supported keyslots
>   * crypt_get_active_device() - get active device info
>   * crypt_set/get_rng_type() - random/urandom RNG setting
>   * crypt_set_uuid() - explicit UUID change of existing device
>   * crypt_get_device_name() - get underlying device name
> 
>  * Fix optional password callback handling.
> 
>  * Allow to activate by internally cached volume key immediately after
>  crypt_format() without active slot (for temporary devices with
>  on-disk metadata)
> 
>  * libcryptsetup is binary compatible with 1.1.x release and still
>  supports legacy API calls
> 
>  * cryptsetup binary now uses only new API calls.
> 
>  * Static compilation of both library (--enable-static) and cryptsetup
>  binary (--enable-static-cryptsetup) is now properly implemented by common
>  libtool logic.
> 
>  Prior to this it produced miscompiled dynamic cryptsetup binary with
>  statically linked libcryptsetup.
> 
>  The static binary is compiled as src/cryptsetup.static in parallel
>  with dynamic build if requested.
> 
> Other changes
> ~~~~~~~~~~~~~
>  * Fix default plain password entry from terminal in activate_by_passphrase.
>  * Initialize volume key from active device in crypt_init_by_name()
>  * Fix cryptsetup binary exit codes.
>    0 - success, otherwise fail
>    1 - wrong parameters
>    2 - no permission
>    3 - out of memory
>    4 - wrong device specified
>    5 - device already exists or device is busy
>  * Remove some obsolete info from man page.
>  * Add more regression tests for commands.
>  * Fix possible double free when handling master key file.
>  * Fix pkg-config use in automake scripts.
>  * Wipe iteration and salt after luksKillSlot in LUKS header.
>  * Rewrite file differ test to C (and fix it to really work).
>  * Do not query non-existent device twice (cryptsetup status /dev/nonexistent).
>  * Check if requested hash is supported before writing LUKS header.
>  * Fix problems reported by clang scan-build.
> 
> Milan
> 
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
> 

-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 


More information about the dm-crypt mailing list