-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The stable cryptsetup 1.2.0 release is available at http://code.google.com/p/cryptsetup/ Feedback and bug reports are welcomed. Milan mbroz@xxxxxxxxxx Cryptsetup 1.2.0 Release Notes ============================== Changes since version 1.2.0-rc1 * Fix crypt_activate_by_keyfile() to work with PLAIN devices. * Fix plain create command to properly handle keyfile size. * Update translations. Changes since version 1.1.3 Important changes ~~~~~~~~~~~~~~~~~ * Add text version of *FAQ* (Frequently Asked Questions) to distribution. * Add selection of random/urandom number generator for luksFormat (option --use-random and --use-urandom). (This affects only long term volume key in *luksFormat*, not RNG used for salt and AF splitter). You can also set the default to /dev/random during compilation with --enable-dev-random. Compiled-in default is printed in --help output. Be very careful before changing default to blocking /dev/random use here. * Fix *luksRemoveKey* to not ask for remaining keyslot passphrase, only for removed one. * No longer support *luksDelKey* (replaced with luksKillSlot). * if you want to remove particular passphrase, use *luksKeyRemove* * if you want to remove particular keyslot, use *luksKillSlot* Note that in batch mode *luksKillSlot* allows removing of any keyslot without question, in normal mode requires passphrase or keyfile from other keyslot. * *Default alignment* for device (if not overridden by topology info) is now (multiple of) *1MiB*. This reflects trends in storage technologies and aligns to the same defaults for partitions and volume management. * Allow explicit UUID setting in *luksFormat* and allow change it later in *luksUUID* (--uuid parameter). * All commands using key file now allows limited read from keyfile using --keyfile-size and --new-keyfile-size parameters (in bytes). This change also disallows overloading of --key-size parameter which is now exclusively used for key size specification (in bits.) * *luksFormat* using pre-generated master key now properly allows using key file (only passphrase was allowed prior to this update). * Add --dump-master-key option for *luksDump* to perform volume (master) key dump. Note that printed information allows accessing device without passphrase so it must be stored encrypted. This operation is useful for simple Key Escrow function (volume key and encryption parameters printed on paper on safe place). This operation requires passphrase or key file. * The reload command is no longer supported. (Use dmsetup reload instead if needed. There is no real use for this function except explicit data corruption:-) * Cryptsetup now properly checks if underlying device is in use and disallows *luksFormat*, *luksOpen* and *create* commands on open (e.g. already mapped or mounted) device. * Option --non-exclusive (already deprecated) is removed. Libcryptsetup API additions: * new functions * crypt_get_type() - explicit query to crypt device context type * crypt_resize() - new resize command using context * crypt_keyslot_max() - helper to get number of supported keyslots * crypt_get_active_device() - get active device info * crypt_set/get_rng_type() - random/urandom RNG setting * crypt_set_uuid() - explicit UUID change of existing device * crypt_get_device_name() - get underlying device name * Fix optional password callback handling. * Allow to activate by internally cached volume key immediately after crypt_format() without active slot (for temporary devices with on-disk metadata) * libcryptsetup is binary compatible with 1.1.x release and still supports legacy API calls * cryptsetup binary now uses only new API calls. * Static compilation of both library (--enable-static) and cryptsetup binary (--enable-static-cryptsetup) is now properly implemented by common libtool logic. Prior to this it produced miscompiled dynamic cryptsetup binary with statically linked libcryptsetup. The static binary is compiled as src/cryptsetup.static in parallel with dynamic build if requested. Other changes ~~~~~~~~~~~~~ * Fix default plain password entry from terminal in activate_by_passphrase. * Initialize volume key from active device in crypt_init_by_name() * Fix cryptsetup binary exit codes. 0 - success, otherwise fail 1 - wrong parameters 2 - no permission 3 - out of memory 4 - wrong device specified 5 - device already exists or device is busy * Remove some obsolete info from man page. * Add more regression tests for commands. * Fix possible double free when handling master key file. * Fix pkg-config use in automake scripts. * Wipe iteration and salt after luksKillSlot in LUKS header. * Rewrite file differ test to C (and fix it to really work). * Do not query non-existent device twice (cryptsetup status /dev/nonexistent). * Check if requested hash is supported before writing LUKS header. * Fix problems reported by clang scan-build. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0PTwYACgkQf1Jlc7shgi+sLQCfWcBluCbSPb0IrDz5lAqyW+qK FL0An009iGV5/In9RRRqJZWuufnCiQU8 =InBh -----END PGP SIGNATURE----- -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel