[ANNOUNCE] cryptsetup 1.1.0-rc1 (test release candidate)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

new testing release of cryptsetup is now available.

Please note that because of huge internal changes
there will be more testing needed before real
stable version appears.

Please report all problems to properly fix them before
stable release.

Thanks,
Milan
--
mbroz@xxxxxxxxxx


Cryptsetup 1.1.0-rc1 Release Notes
==================================

The first cryptsetup 1.1.0-rc1 release candidate is available at

   http://code.google.com/p/cryptsetup/

Feedback and bug reports are welcomed.


Changes since version 1.0.7
---------------------------

Important changes:
~~~~~~~~~~~~~~~~~~

 * Adds new libcryptsetup API (documented in libcryptsetup.h).

	The old API (using crypt_options struct) is still available but will remain
	frozen and not used for new functions.
	Soname of library changed to libcryptsetup.so.1.0.0.
	(But only recompilation should be needed for old programs.)

	The new API provides much more flexible operation over LUKS device for
	applications, it is preferred that new applications will use libcryptsetup
	and not wrapper around cryptsetup binary.

 * Adds luksHeaderBackup and luksHeaderRestore commands.

	These commands allows binary backup of LUKS header.
	Please read man page about possible security issues with backup files.

 * Adds luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase).

	luksSuspend wipe encryption key in kernel memory and set device to suspend
	(blocking all IO) state. This option can be used for situations when you need
	temporary wipe encryption key (like suspend to RAM etc.)
	Please read man page for more information.

 * Adds --master-key-file option for luksFormat and luksAddKey.

	User can now specify pre-generated master key in file, which allows regenerating
	LUKS header or add key with only master key knowledge.

 * Uses libgcrypt and enables all gcrypt hash algorithms for LUKS through -h luksFormat option.

	Please note that using different hash for LUKS header make device incompatible with
	old cryptsetup releases.

 * Introduce --debug parameter.

	Use when reporting bugs (just run cryptsetup with --debug and attach output
	to issue report.) Sensitive data are never printed to this log.

 * Move command successful messages to verbose level.

 * Require device-mapper library and libgcrypt to build.

 * Use dm-uuid for all crypt devices, contains device type and name now.

 * Remove support for dangerous non-exclusive option
	(it is ignored now, LUKS device must be always opened exclusive)

Other changes:
~~~~~~~~~~~~~~
 * Fail passphrase read if piped input no longer exists.
 * Fix manpage to not require --size which expands to device size by default.
 * Clean up Makefiles and configure script.
 * Try to read first sector from device to properly check that device is ready.
 * Move memory locking and dm initialization to command layer.
 * Increase priority of process if memory is locked.
 * Add log macros and make logging more consistent.
 * Keyfile now must be provided by path, only stdin file descriptor is used (api only).
 * Do not call isatty() on closed keyfile descriptor.
 * Move key slot manipulation function into LUKS specific code.
 * Replace global options struct with separate parameters in helper functions.
 * Implement old API calls using new functions.
 * Allow using passphrase provided in options struct for LuksOpen.
 * Allow restrict keys size in LuksOpen.
 * Fix errors when compiled with LUKS_DEBUG.
 * Print error when getline fails.
 * Completely remove internal SHA1 implementation code, not needed anymore.
 * Pad luks header to 512 sector size.
 * Rework read/write blockwise to not split operation to many pieces.
 * Use posix_memalign if available.
 * Fix segfault if provided slot in luksKillslot is invalid.
 * Remove unneeded timeout when remove of temporary device succeeded.

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux