[pkg-cryptsetup-devel] Bug#1060270: /lib/cryptsetup/askpass: coordinated move to /usr for DEP17
Helmut Grohne
helmut at subdivi.de
Wed Jan 17 21:01:52 GMT 2024
On Mon, Jan 08, 2024 at 05:48:52PM +0100, Helmut Grohne wrote:
> What I also forgot to mention is that I applied quite some testing. You
> cannot test these patches with piuparts, because they need to be
> upgraded in lockstep, so I wrote a kind of mini-piuparts based on
> debhelper that specifically validates all kinds of upgrades and checks
> for correct diversions. Also attaching the tests.
I note that the patches were still subject to a rather strange file loss
scenario:
dpkg --auto-deconfigure --unpack cryptsetup_new.deb
dpkg --install cryptsetup-nuke-password.deb
This is not something apt would do, but dpkg accepts it and the first
unpack causes loss, because the declared Conflicts do not prevent dpkg
from doing the concurrent unpack.
In evaluating this problem more generally and moving the general
discussion forward via #1060700, I had an idea to prevent the loss
reliably, but the resulting diversions incur a bit more complexity and
cryptsetup has be part of the mitigation.
cryptsetup.preinst checks whether there is a pre-/usr-merge diversion
issued by cryptsetup-nuke-password. If there is, it duplicates it to the
physical location with a temporary diversion target on behalf of
cryptsetup-nuke-password.
cryptsetup-nuke-password.preinst can deal with cryptsetup.preinst not
having run and sets up the right diversion. It also can deal with the
temporary diversion and changes it to the permanent one.
cryptsetup.postinst checks whether its temporary diversion is still
there. This can happen if cryptsetup-nuke-password was removed. It
cleans up.
cryptsetup-nuke-password.postinst cleans up the aliased diversion that
is no longer needed.
The key to making this work is having cryptsetup mess with
cryptsetup-nuke-password's diversions. That's really ugly, but only
needed for this transition.
I've rerun all the tests successfully and on top of that also checked
that upgrading cryptsetup while removing cryptsetup-nuke-password works
as well as the complex failure motivating the change:
root at localhost:/# dpkg --auto-deconfigure --unpack /tmp/cryptsetup_2.6.1-6.1_amd64.deb
dpkg: considering deconfiguration of cryptsetup-nuke-password, which would be broken by installation of cryptsetup ...
dpkg: yes, will deconfigure cryptsetup-nuke-password (broken by cryptsetup)
(Reading database ... 10381 files and directories currently installed.)
Preparing to unpack .../cryptsetup_2.6.1-6.1_amd64.deb ...
De-configuring cryptsetup-nuke-password (4+nmu1), to allow installation of cryptsetup (2:2.6.1-6.1) ...
Mitigating diversion of /lib/cryptsetup/askpass on behalf of cryptsetup-nuke-password
Adding 'diversion of /usr/lib/cryptsetup/askpass to /usr/lib/cryptsetup/askpass.usr-is-merged by cryptsetup-nuke-password'
Unpacking cryptsetup (2:2.6.1-6.1) over (2:2.6.1-6+b1) ...
dpkg: warning: unable to delete old directory '/lib/cryptsetup/scripts': Directory not empty
dpkg: warning: unable to delete old directory '/lib/cryptsetup/checks': Directory not empty
root at localhost:/# dpkg -i /tmp/cryptsetup-nuke-password_4+nmu2_amd64.deb
(Reading database ... 10383 files and directories currently installed.)
Preparing to unpack .../cryptsetup-nuke-password_4+nmu2_amd64.deb ...
Removing 'diversion of /usr/lib/cryptsetup/askpass to /usr/lib/cryptsetup/askpass.usr-is-merged by cryptsetup-nuke-password'
Adding 'diversion of /usr/lib/cryptsetup/askpass to /usr/lib/cryptsetup/askpass.cryptsetup by cryptsetup-nuke-password'
Removing 'diversion of /lib/cryptsetup/askpass to /lib/cryptsetup/askpass.cryptsetup by cryptsetup-nuke-password'
Adding 'diversion of /lib/cryptsetup/askpass to /lib/cryptsetup/askpass.cryptsetup.usr-is-merged by cryptsetup-nuke-password'
Unpacking cryptsetup-nuke-password (4+nmu2) over (4+nmu1) ...
dpkg: warning: unable to delete old directory '/lib/cryptsetup': Directory not empty
dpkg: dependency problems prevent configuration of cryptsetup-nuke-password:
cryptsetup-nuke-password depends on cryptsetup (>= 2:2.6.1-6.1~); however:
Package cryptsetup is not configured yet.
dpkg: error processing package cryptsetup-nuke-password (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
cryptsetup-nuke-password
root at localhost:/# dpkg --configure -a
Setting up cryptsetup (2:2.6.1-6.1) ...
Setting up cryptsetup-nuke-password (4+nmu2) ...
Removing 'diversion of /lib/cryptsetup/askpass to /lib/cryptsetup/askpass.cryptsetup.usr-is-merged by cryptsetup-nuke-password'
root at localhost:/# dpkg-divert --list
diversion of /usr/lib/cryptsetup/askpass to /usr/lib/cryptsetup/askpass.cryptsetup by cryptsetup-nuke-password
root at localhost:/# dpkg --verify
root at localhost:/#
What do you think? Yes, this adds quite some complexity to both
packages, but now I don't see any opportunities for file loss anymore
even when upgrading the packages with dpkg. Bonus, what formerly was
Conflicts has now become Breaks making it easier for apt to find a
solution.
Helmut
-------------- next part --------------
diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/Makefile cryptsetup-nuke-password-4+nmu2/Makefile
--- cryptsetup-nuke-password-4+nmu1/Makefile 2023-06-20 03:55:03.000000000 +0200
+++ cryptsetup-nuke-password-4+nmu2/Makefile 2024-01-05 18:25:54.000000000 +0100
@@ -13,8 +13,8 @@
rm -f $(EXECUTABLES)
install: $(EXECUTABLES)
- mkdir -p $(DESTDIR)/lib/cryptsetup
- cp askpass $(DESTDIR)/lib/cryptsetup/
+ mkdir -p $(DESTDIR)/usr/lib/cryptsetup
+ cp askpass $(DESTDIR)/usr/lib/cryptsetup/
mkdir -p $(DESTDIR)/usr/share/initramfs-tools/hooks/
cp hooks/* $(DESTDIR)/usr/share/initramfs-tools/hooks/
diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/debian/changelog cryptsetup-nuke-password-4+nmu2/debian/changelog
--- cryptsetup-nuke-password-4+nmu1/debian/changelog 2023-06-20 04:00:28.000000000 +0200
+++ cryptsetup-nuke-password-4+nmu2/debian/changelog 2024-01-05 18:53:10.000000000 +0100
@@ -1,3 +1,12 @@
+cryptsetup-nuke-password (4+nmu2) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Upgrade cryptsetup-bin dependency to cryptsetup, as that contains askpass.
+ * DEP17: Move files to /usr (M2) and mitigate file loss with diverions (P7).
+ (Closes: #-1)
+
+ -- Helmut Grohne <helmut at subdivi.de> Fri, 05 Jan 2024 18:53:10 +0100
+
cryptsetup-nuke-password (4+nmu1) unstable; urgency=medium
* Non-maintainer upload.
diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/debian/control cryptsetup-nuke-password-4+nmu2/debian/control
--- cryptsetup-nuke-password-4+nmu1/debian/control 2023-06-20 04:00:28.000000000 +0200
+++ cryptsetup-nuke-password-4+nmu2/debian/control 2024-01-05 18:53:10.000000000 +0100
@@ -11,7 +11,7 @@
Package: cryptsetup-nuke-password
Architecture: any
-Depends: cryptsetup-bin, ${shlibs:Depends}, ${misc:Depends}
+Depends: cryptsetup (>= 2:2.6.1-6.1~), ${shlibs:Depends}, ${misc:Depends}
Enhances: cryptsetup-initramfs
Description: Erase the LUKS keys with a special password on the unlock prompt
Installing this package lets you configure a special "nuke password" that
diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.lintian-overrides cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.lintian-overrides
--- cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.lintian-overrides 1970-01-01 01:00:00.000000000 +0100
+++ cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.lintian-overrides 2024-01-05 18:53:10.000000000 +0100
@@ -0,0 +1,3 @@
+# DEP17 P7 M18
+cryptsetup-nuke-password: diversion-for-unknown-file lib/cryptsetup/askpass [preinst:*]
+cryptsetup-nuke-password: orphaned-diversion [preinst:*]
diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.postinst cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.postinst
--- cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.postinst 2023-06-20 03:55:03.000000000 +0200
+++ cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.postinst 2024-01-05 18:52:12.000000000 +0100
@@ -50,6 +50,12 @@
}
configure_nuke_password() {
+ if test "$(dpkg-divert --truename /lib/cryptsetup/askpass)" != /lib/cryptsetup/askpass; then
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --divert /lib/cryptsetup/askpass.cryptsetup.usr-is-merged \
+ --remove /lib/cryptsetup/askpass
+ fi
+
db_get cryptsetup-nuke-password/already-configured || true
what="$RET"
diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.postrm cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.postrm
--- cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.postrm 2023-06-20 03:55:03.000000000 +0200
+++ cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.postrm 2024-01-05 18:52:33.000000000 +0100
@@ -4,8 +4,8 @@
if [ "$1" = "remove" ]; then
dpkg-divert --rename --package cryptsetup-nuke-password \
- --divert /lib/cryptsetup/askpass.cryptsetup \
- --remove /lib/cryptsetup/askpass
+ --divert /usr/lib/cryptsetup/askpass.cryptsetup \
+ --remove /usr/lib/cryptsetup/askpass
elif [ "$1" = "purge" ]; then
rm -rf /etc/cryptsetup-nuke-password
fi
diff --minimal -Nru cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.preinst cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.preinst
--- cryptsetup-nuke-password-4+nmu1/debian/cryptsetup-nuke-password.preinst 2023-06-20 03:55:03.000000000 +0200
+++ cryptsetup-nuke-password-4+nmu2/debian/cryptsetup-nuke-password.preinst 2024-01-05 18:53:10.000000000 +0100
@@ -4,8 +4,41 @@
if [ "$1" = "install" ]; then
dpkg-divert --rename --package cryptsetup-nuke-password \
- --divert /lib/cryptsetup/askpass.cryptsetup \
+ --divert /usr/lib/cryptsetup/askpass.cryptsetup \
+ --add /usr/lib/cryptsetup/askpass
+ dpkg-divert --rename --package cryptsetup-nuke-password \
+ --divert /lib/cryptsetup/askpass.cryptsetup.usr-is-merged \
--add /lib/cryptsetup/askpass
+elif [ "$1" = "upgrade" ]; then
+ TRUENAME=$(dpkg-divert --truename /usr/lib/cryptsetup/askpass)
+ if test "$TRUENAME" = /usr/lib/cryptsetup/askpass.usr-is-merged; then
+ # crypsetup.preinst duplicated the diversion for us
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --divert /usr/lib/cryptsetup/askpass.usr-is-merged \
+ --remove /usr/lib/cryptsetup/askpass
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --divert /usr/lib/cryptsetup/askpass.cryptsetup \
+ --add /usr/lib/cryptsetup/askpass
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --remove /lib/cryptsetup/askpass
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --divert /lib/cryptsetup/askpass.cryptsetup.usr-is-merged \
+ --add /lib/cryptsetup/askpass
+ mv "$TRUENAME" /usr/lib/cryptsetup/askpass.cryptsetup
+ elif test "$TRUENAME" != /usr/lib/cryptsetup/askpass.cryptsetup; then
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --divert /usr/lib/cryptsetup/askpass.cryptsetup \
+ --add /usr/lib/cryptsetup/askpass
+ TRUENAME=$(dpkg-divert --truename /lib/cryptsetup/askpass)
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --remove /lib/cryptsetup/askpass
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --divert /lib/cryptsetup/askpass.cryptsetup.usr-is-merged \
+ --add /lib/cryptsetup/askpass
+ if test -e "$TRUENAME"; then
+ mv "$TRUENAME" /lib/cryptsetup/askpass.cryptsetup.usr-is-merged
+ fi
+ fi
fi
#DEBHELPER#
-------------- next part --------------
diff --minimal -Nru cryptsetup-2.6.1/debian/changelog cryptsetup-2.6.1/debian/changelog
--- cryptsetup-2.6.1/debian/changelog 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/changelog 2024-01-05 18:56:40.000000000 +0100
@@ -1,3 +1,10 @@
+cryptsetup (2:2.6.1-6.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * DEP17: Move fles to /usr. (Closes: #-1)
+
+ -- Helmut Grohne <helmut at subdivi.de> Fri, 05 Jan 2024 18:56:40 +0100
+
cryptsetup (2:2.6.1-6) unstable; urgency=medium
[ Kevin Locke ]
diff --minimal -Nru cryptsetup-2.6.1/debian/control cryptsetup-2.6.1/debian/control
--- cryptsetup-2.6.1/debian/control 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/control 2024-01-05 18:56:40.000000000 +0100
@@ -43,6 +43,7 @@
dmsetup,
${misc:Depends},
${shlibs:Depends}
+Breaks: cryptsetup-nuke-password (<< 4+nmu2~)
Suggests: cryptsetup-initramfs, dosfstools, keyutils, liblocale-gettext-perl
Description: disk encryption support - startup scripts
Cryptsetup provides an interface for configuring encryption on block
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-bin.install cryptsetup-2.6.1/debian/cryptsetup-bin.install
--- cryptsetup-2.6.1/debian/cryptsetup-bin.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup-bin.install 2024-01-05 18:56:40.000000000 +0100
@@ -1,5 +1,5 @@
-sbin/cryptsetup
-sbin/integritysetup
-sbin/veritysetup
+usr/sbin/cryptsetup
+usr/sbin/integritysetup
+usr/sbin/veritysetup
usr/lib/tmpfiles.d/cryptsetup.conf
usr/share/locale/*/*/*
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-ssh.install cryptsetup-2.6.1/debian/cryptsetup-ssh.install
--- cryptsetup-2.6.1/debian/cryptsetup-ssh.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup-ssh.install 2024-01-05 18:56:40.000000000 +0100
@@ -1,2 +1,2 @@
-lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.so
-sbin/cryptsetup-ssh
+usr/lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.so
+usr/sbin/cryptsetup-ssh
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-suspend.install cryptsetup-2.6.1/debian/cryptsetup-suspend.install
--- cryptsetup-2.6.1/debian/cryptsetup-suspend.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup-suspend.install 2024-01-05 18:56:40.000000000 +0100
@@ -1,5 +1,5 @@
-debian/scripts/suspend/cryptsetup-suspend /lib/cryptsetup/scripts/suspend/
-debian/scripts/suspend/cryptsetup-suspend-wrapper /lib/cryptsetup/scripts/suspend/
-debian/scripts/suspend/cryptsetup-suspend.shutdown /lib/systemd/system-shutdown/
+debian/scripts/suspend/cryptsetup-suspend /usr/lib/cryptsetup/scripts/suspend/
+debian/scripts/suspend/cryptsetup-suspend-wrapper /usr/lib/cryptsetup/scripts/suspend/
+debian/scripts/suspend/cryptsetup-suspend.shutdown /usr/lib/systemd/system-shutdown/
debian/scripts/suspend/suspend.conf /etc/cryptsetup/
-debian/scripts/suspend/systemd/cryptsetup-suspend.conf /lib/systemd/system/systemd-suspend.service.d/
+debian/scripts/suspend/systemd/cryptsetup-suspend.conf /usr/lib/systemd/system/systemd-suspend.service.d/
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-udeb.install cryptsetup-2.6.1/debian/cryptsetup-udeb.install
--- cryptsetup-2.6.1/debian/cryptsetup-udeb.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup-udeb.install 2024-01-05 18:56:40.000000000 +0100
@@ -1,7 +1,7 @@
-debian/askpass /lib/cryptsetup/
-debian/checks/* /lib/cryptsetup/checks/
-debian/cryptdisks-functions /lib/cryptsetup/
-debian/functions /lib/cryptsetup/
-debian/scripts/decrypt_* /lib/cryptsetup/scripts/
-debian/scripts/passdev /lib/cryptsetup/scripts/
-sbin/cryptsetup
+debian/askpass /usr/lib/cryptsetup/
+debian/checks/* /usr/lib/cryptsetup/checks/
+debian/cryptdisks-functions /usr/lib/cryptsetup/
+debian/functions /usr/lib/cryptsetup/
+debian/scripts/decrypt_* /usr/lib/cryptsetup/scripts/
+debian/scripts/passdev /usr/lib/cryptsetup/scripts/
+usr/sbin/cryptsetup
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup.install cryptsetup-2.6.1/debian/cryptsetup.install
--- cryptsetup-2.6.1/debian/cryptsetup.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup.install 2024-01-05 18:56:40.000000000 +0100
@@ -1,9 +1,9 @@
-debian/askpass /lib/cryptsetup/
+debian/askpass /usr/lib/cryptsetup/
debian/bash_completion/cryptdisks_start /usr/share/bash-completion/completions/
-debian/checks/* /lib/cryptsetup/checks/
-debian/cryptdisks-functions /lib/cryptsetup/
-debian/functions /lib/cryptsetup/
-debian/scripts/cryptdisks_* /sbin/
-debian/scripts/decrypt_* /lib/cryptsetup/scripts/
+debian/checks/* /usr/lib/cryptsetup/checks/
+debian/cryptdisks-functions /usr/lib/cryptsetup/
+debian/functions /usr/lib/cryptsetup/
+debian/scripts/cryptdisks_* /usr/sbin/
+debian/scripts/decrypt_* /usr/lib/cryptsetup/scripts/
debian/scripts/luksformat /usr/sbin/
-debian/scripts/passdev /lib/cryptsetup/scripts/
+debian/scripts/passdev /usr/lib/cryptsetup/scripts/
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup.lintian-overrides cryptsetup-2.6.1/debian/cryptsetup.lintian-overrides
--- cryptsetup-2.6.1/debian/cryptsetup.lintian-overrides 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup.lintian-overrides 2024-01-05 18:56:40.000000000 +0100
@@ -1,3 +1,7 @@
init.d-script-does-not-implement-status-option [etc/init.d/cryptdisks]
init.d-script-does-not-implement-status-option [etc/init.d/cryptdisks-early]
no-debconf-config
+# begin-remove-after: released:trixie
+# DEP17 mitigation aliased diversion for cryptsetup-nuke-password
+cryptsetup: diversion-for-unknown-file lib/cryptsetup/askpass [preinst:*]
+# end-remove-after: released:trixie
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup.postinst cryptsetup-2.6.1/debian/cryptsetup.postinst
--- cryptsetup-2.6.1/debian/cryptsetup.postinst 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup.postinst 2024-01-05 18:56:40.000000000 +0100
@@ -14,6 +14,21 @@
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
+# begin-remove-after: released:forky
+if [ "$1" = configure ] &&
+ [ "$(dpkg-divert --truename /usr/lib/cryptsetup/askpass)" = /usr/lib/cryptsetup/askpass.usr-is-merged ] &&
+ [ "$(dpkg-divert --listpackage /usr/lib/cryptsetup/askpass)" = cryptsetup-nuke-password ]; then
+ # /usr/lib/cryptsetup/askpass is still diverted in the same way as our
+ # preinst did. Conclude that cryptsetup-nuke-password was installed
+ # during preinst, we duplicated the diversion and now
+ # cryptsetup-nuke-password is removed. We have to clean up.
+ echo "Removing duplicated diversion of /usr/lib/cryptsetup/askpass after cryptsetup-nuke-password is removed."
+ dpkg-divert --rename --package cryptsetup-nuke-password \
+ --divert /usr/lib/cryptsetup/askpass.usr-is-merged \
+ --remove /usr/lib/cryptsetup/askpass
+fi
+# end-remove-after
+
case "$1" in
configure)
for file in cryptdisks_start cryptdisks_stop; do
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup.preinst cryptsetup-2.6.1/debian/cryptsetup.preinst
--- cryptsetup-2.6.1/debian/cryptsetup.preinst 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup.preinst 2024-01-05 18:56:40.000000000 +0100
@@ -8,6 +8,20 @@
EOC
fi
+# begin-remove-after: released:forky
+if [ "$1" = "upgrade" ] || [ "$1" = install ]; then
+ if [ "$(dpkg-divert --truename /lib/cryptsetup/askpass)" = /lib/cryptsetup/askpass.cryptsetup ] &&
+ [ "$(dpkg-divert --listpackage /lib/cryptsetup/askpass)" = cryptsetup-nuke-password ] &&
+ [ "$(dpkg-divert --truename /usr/lib/cryptsetup/askpass)" = /usr/lib/cryptsetup/askpass ]; then
+ # A pre-/usr-merge cryptsetup-nuke-password is installed.
+ echo "Mitigating diversion of /lib/cryptsetup/askpass on behalf of cryptsetup-nuke-password"
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --divert /usr/lib/cryptsetup/askpass.usr-is-merged \
+ --add /usr/lib/cryptsetup/askpass
+ fi
+fi
+# end-remove-after
+
#DEBHELPER#
exit 0
diff --minimal -Nru cryptsetup-2.6.1/debian/libcryptsetup-dev.install cryptsetup-2.6.1/debian/libcryptsetup-dev.install
--- cryptsetup-2.6.1/debian/libcryptsetup-dev.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/libcryptsetup-dev.install 2024-01-05 18:56:40.000000000 +0100
@@ -1,3 +1,3 @@
-lib/${DEB_HOST_MULTIARCH}/*.so
-lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc /usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/
+usr/lib/${DEB_HOST_MULTIARCH}/*.so
+usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc
usr/include/*.h
diff --minimal -Nru cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install
--- cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install 2024-01-05 18:56:40.000000000 +0100
@@ -1 +1 @@
-lib/${DEB_HOST_MULTIARCH}/*.so.*
+usr/lib/${DEB_HOST_MULTIARCH}/*.so.*
diff --minimal -Nru cryptsetup-2.6.1/debian/libcryptsetup12.install cryptsetup-2.6.1/debian/libcryptsetup12.install
--- cryptsetup-2.6.1/debian/libcryptsetup12.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/libcryptsetup12.install 2024-01-05 18:56:40.000000000 +0100
@@ -1 +1 @@
-lib/${DEB_HOST_MULTIARCH}/*.so.*
+usr/lib/${DEB_HOST_MULTIARCH}/*.so.*
diff --minimal -Nru cryptsetup-2.6.1/debian/not-installed cryptsetup-2.6.1/debian/not-installed
--- cryptsetup-2.6.1/debian/not-installed 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/not-installed 2024-01-05 18:56:40.000000000 +0100
@@ -1,2 +1,2 @@
-lib/${DEB_HOST_MULTIARCH}/libcryptsetup.la
-lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.la
+usr/lib/${DEB_HOST_MULTIARCH}/libcryptsetup.la
+usr/lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.la
diff --minimal -Nru cryptsetup-2.6.1/debian/rules cryptsetup-2.6.1/debian/rules
--- cryptsetup-2.6.1/debian/rules 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/rules 2024-01-05 18:56:40.000000000 +0100
@@ -24,8 +24,6 @@
override_dh_auto_configure:
dh_auto_configure -- $(CONFFLAGS) \
- --libdir=/lib/$(DEB_HOST_MULTIARCH) \
- --sbindir=/sbin \
--with-tmpfilesdir=/usr/lib/tmpfiles.d \
--enable-libargon2 \
--enable-shared \
@@ -85,13 +83,13 @@
dh_bugfiles -A
execute_after_dh_fixperms-arch:
- chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/*
- chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_*
- chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
- chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
+ chmod 0755 debian/cryptsetup/usr/lib/cryptsetup/checks/*
+ chmod 0755 debian/cryptsetup/usr/lib/cryptsetup/scripts/decrypt_*
+ chmod 0755 debian/cryptsetup-suspend/usr/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
+ chmod 0755 debian/cryptsetup-suspend/usr/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES)))
- chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/*
- chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_*
+ chmod 0755 debian/cryptsetup-udeb/usr/lib/cryptsetup/checks/*
+ chmod 0755 debian/cryptsetup-udeb/usr/lib/cryptsetup/scripts/decrypt_*
endif
execute_after_dh_fixperms-indep:
More information about the pkg-cryptsetup-devel
mailing list