Compiles and installs fine. What is the new output line for 'type' on 'cryptestup status'?: type: PLAIN Arno On Tue, Nov 16, 2010 at 09:58:51AM +0100, Milan Broz wrote: > Cryptsetup 1.2.0 (rc1) Release Notes > ==================================== > > The first cryptsetup 1.2.0-rc1 release candidate is available at > > http://code.google.com/p/cryptsetup/ > > Feedback and bug reports are welcomed. > > Changes since version 1.1.3 > > Important changes > ~~~~~~~~~~~~~~~~~ > > * Add text version of *FAQ* (Frequently Asked Questions) to distribution. > > * Add selection of random/urandom number generator for luksFormat > (option --use-random and --use-urandom). > > (This affects only long term volume key in *luksFormat*, > not RNG used for salt and AF splitter). > > You can also set the default to /dev/random during compilation with > --enable-dev-random. Compiled-in default is printed in --help output. > > Be very careful before changing default to blocking /dev/random use here. > > * Fix *luksRemoveKey* to not ask for remaining keyslot passphrase, > only for removed one. > > * No longer support *luksDelKey* (replaced with luksKillSlot). > * if you want to remove particular passphrase, use *luksKeyRemove* > * if you want to remove particular keyslot, use *luksKillSlot* > > Note that in batch mode *luksKillSlot* allows removing of any keyslot > without question, in normal mode requires passphrase or keyfile from > other keyslot. > > * *Default alignment* for device (if not overridden by topology info) > is now (multiple of) *1MiB*. > This reflects trends in storage technologies and aligns to the same > defaults for partitions and volume management. > > * Allow explicit UUID setting in *luksFormat* and allow change it later > in *luksUUID* (--uuid parameter). > > * All commands using key file now allows limited read from keyfile using > --keyfile-size and --new-keyfile-size parameters (in bytes). > > This change also disallows overloading of --key-size parameter which > is now exclusively used for key size specification (in bits.) > > * *luksFormat* using pre-generated master key now properly allows > using key file (only passphrase was allowed prior to this update). > > * Add --dump-master-key option for *luksDump* to perform volume (master) > key dump. Note that printed information allows accessing device without > passphrase so it must be stored encrypted. > > This operation is useful for simple Key Escrow function (volume key and > encryption parameters printed on paper on safe place). > > This operation requires passphrase or key file. > > * The reload command is no longer supported. > (Use dmsetup reload instead if needed. There is no real use for this > function except explicit data corruption:-) > > * Cryptsetup now properly checks if underlying device is in use and > disallows *luksFormat*, *luksOpen* and *create* commands on open > (e.g. already mapped or mounted) device. > > * Option --non-exclusive (already deprecated) is removed. > > Libcryptsetup API additions: > > * new functions > * crypt_get_type() - explicit query to crypt device context type > * crypt_resize() - new resize command using context > * crypt_keyslot_max() - helper to get number of supported keyslots > * crypt_get_active_device() - get active device info > * crypt_set/get_rng_type() - random/urandom RNG setting > * crypt_set_uuid() - explicit UUID change of existing device > * crypt_get_device_name() - get underlying device name > > * Fix optional password callback handling. > > * Allow to activate by internally cached volume key immediately after > crypt_format() without active slot (for temporary devices with > on-disk metadata) > > * libcryptsetup is binary compatible with 1.1.x release and still > supports legacy API calls > > * cryptsetup binary now uses only new API calls. > > * Static compilation of both library (--enable-static) and cryptsetup > binary (--enable-static-cryptsetup) is now properly implemented by common > libtool logic. > > Prior to this it produced miscompiled dynamic cryptsetup binary with > statically linked libcryptsetup. > > The static binary is compiled as src/cryptsetup.static in parallel > with dynamic build if requested. > > Other changes > ~~~~~~~~~~~~~ > * Fix default plain password entry from terminal in activate_by_passphrase. > * Initialize volume key from active device in crypt_init_by_name() > * Fix cryptsetup binary exit codes. > 0 - success, otherwise fail > 1 - wrong parameters > 2 - no permission > 3 - out of memory > 4 - wrong device specified > 5 - device already exists or device is busy > * Remove some obsolete info from man page. > * Add more regression tests for commands. > * Fix possible double free when handling master key file. > * Fix pkg-config use in automake scripts. > * Wipe iteration and salt after luksKillSlot in LUKS header. > * Rewrite file differ test to C (and fix it to really work). > * Do not query non-existent device twice (cryptsetup status /dev/nonexistent). > * Check if requested hash is supported before writing LUKS header. > * Fix problems reported by clang scan-build. > > Milan > > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
