[pkg-cryptsetup-devel] Bug#1060270: /lib/cryptsetup/askpass: coordinated move to /usr for DEP17
Helmut Grohne
helmut at subdivi.de
Mon Jan 22 14:19:28 GMT 2024
Hi,
On Fri, Jan 19, 2024 at 12:42:59PM +0100, Helmut Grohne wrote:
> Chris Hofstaedler found an inconsistency in the remove-after annotations
> where I mixed trixie and forky in bad ways. Attaching an updated patch,
> thanks.
I'm sorry for going another iteration. Chris Hofstaedler also discovered
that a sequence of
echo cryptsetup-nuke-password deinstall | dpkg --set-selections
dpkg --auto-deconfigure -i cryptsetup.deb cryptsetup-bin.deb
would result in
dpkg-divert: error: rename involves overwriting '/usr/lib/cryptsetup/askpass' with
different file '/usr/lib/cryptsetup/askpass.usr-is-merged', not allowed
and fail the installation.
My revised patch downgraded the Conflicts declaration to Breaks based on
a misunderstanding of how Breaks work. I had foolishly assumed that
Breaks would require cryptsetup-nuke-password to be removed by the time
cryptsetup is configured. Breaks only ensure that
cryptsetup-nuke-password is deconfigured though. Hence,
/usr/lib/cryptsetup/askpass is still installed by
cryptsetup-nuke-password when cryptsetup.postinst is run, which explains
the failure. We really need Conflicts here.
I've attached an updated patch and hope it's right this time.
Helmut
-------------- next part --------------
diff --minimal -Nru cryptsetup-2.6.1/debian/changelog cryptsetup-2.6.1/debian/changelog
--- cryptsetup-2.6.1/debian/changelog 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/changelog 2024-01-05 18:56:40.000000000 +0100
@@ -1,3 +1,10 @@
+cryptsetup (2:2.6.1-6.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * DEP17: Move fles to /usr. (Closes: #-1)
+
+ -- Helmut Grohne <helmut at subdivi.de> Fri, 05 Jan 2024 18:56:40 +0100
+
cryptsetup (2:2.6.1-6) unstable; urgency=medium
[ Kevin Locke ]
diff --minimal -Nru cryptsetup-2.6.1/debian/control cryptsetup-2.6.1/debian/control
--- cryptsetup-2.6.1/debian/control 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/control 2024-01-05 18:56:40.000000000 +0100
@@ -43,6 +43,7 @@
dmsetup,
${misc:Depends},
${shlibs:Depends}
+Conflicts: cryptsetup-nuke-password (<< 4+nmu2~)
Suggests: cryptsetup-initramfs, dosfstools, keyutils, liblocale-gettext-perl
Description: disk encryption support - startup scripts
Cryptsetup provides an interface for configuring encryption on block
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-bin.install cryptsetup-2.6.1/debian/cryptsetup-bin.install
--- cryptsetup-2.6.1/debian/cryptsetup-bin.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup-bin.install 2024-01-05 18:56:40.000000000 +0100
@@ -1,5 +1,5 @@
-sbin/cryptsetup
-sbin/integritysetup
-sbin/veritysetup
+usr/sbin/cryptsetup
+usr/sbin/integritysetup
+usr/sbin/veritysetup
usr/lib/tmpfiles.d/cryptsetup.conf
usr/share/locale/*/*/*
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-ssh.install cryptsetup-2.6.1/debian/cryptsetup-ssh.install
--- cryptsetup-2.6.1/debian/cryptsetup-ssh.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup-ssh.install 2024-01-05 18:56:40.000000000 +0100
@@ -1,2 +1,2 @@
-lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.so
-sbin/cryptsetup-ssh
+usr/lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.so
+usr/sbin/cryptsetup-ssh
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-suspend.install cryptsetup-2.6.1/debian/cryptsetup-suspend.install
--- cryptsetup-2.6.1/debian/cryptsetup-suspend.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup-suspend.install 2024-01-05 18:56:40.000000000 +0100
@@ -1,5 +1,5 @@
-debian/scripts/suspend/cryptsetup-suspend /lib/cryptsetup/scripts/suspend/
-debian/scripts/suspend/cryptsetup-suspend-wrapper /lib/cryptsetup/scripts/suspend/
-debian/scripts/suspend/cryptsetup-suspend.shutdown /lib/systemd/system-shutdown/
+debian/scripts/suspend/cryptsetup-suspend /usr/lib/cryptsetup/scripts/suspend/
+debian/scripts/suspend/cryptsetup-suspend-wrapper /usr/lib/cryptsetup/scripts/suspend/
+debian/scripts/suspend/cryptsetup-suspend.shutdown /usr/lib/systemd/system-shutdown/
debian/scripts/suspend/suspend.conf /etc/cryptsetup/
-debian/scripts/suspend/systemd/cryptsetup-suspend.conf /lib/systemd/system/systemd-suspend.service.d/
+debian/scripts/suspend/systemd/cryptsetup-suspend.conf /usr/lib/systemd/system/systemd-suspend.service.d/
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup-udeb.install cryptsetup-2.6.1/debian/cryptsetup-udeb.install
--- cryptsetup-2.6.1/debian/cryptsetup-udeb.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup-udeb.install 2024-01-05 18:56:40.000000000 +0100
@@ -1,7 +1,7 @@
-debian/askpass /lib/cryptsetup/
-debian/checks/* /lib/cryptsetup/checks/
-debian/cryptdisks-functions /lib/cryptsetup/
-debian/functions /lib/cryptsetup/
-debian/scripts/decrypt_* /lib/cryptsetup/scripts/
-debian/scripts/passdev /lib/cryptsetup/scripts/
-sbin/cryptsetup
+debian/askpass /usr/lib/cryptsetup/
+debian/checks/* /usr/lib/cryptsetup/checks/
+debian/cryptdisks-functions /usr/lib/cryptsetup/
+debian/functions /usr/lib/cryptsetup/
+debian/scripts/decrypt_* /usr/lib/cryptsetup/scripts/
+debian/scripts/passdev /usr/lib/cryptsetup/scripts/
+usr/sbin/cryptsetup
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup.install cryptsetup-2.6.1/debian/cryptsetup.install
--- cryptsetup-2.6.1/debian/cryptsetup.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup.install 2024-01-05 18:56:40.000000000 +0100
@@ -1,9 +1,9 @@
-debian/askpass /lib/cryptsetup/
+debian/askpass /usr/lib/cryptsetup/
debian/bash_completion/cryptdisks_start /usr/share/bash-completion/completions/
-debian/checks/* /lib/cryptsetup/checks/
-debian/cryptdisks-functions /lib/cryptsetup/
-debian/functions /lib/cryptsetup/
-debian/scripts/cryptdisks_* /sbin/
-debian/scripts/decrypt_* /lib/cryptsetup/scripts/
+debian/checks/* /usr/lib/cryptsetup/checks/
+debian/cryptdisks-functions /usr/lib/cryptsetup/
+debian/functions /usr/lib/cryptsetup/
+debian/scripts/cryptdisks_* /usr/sbin/
+debian/scripts/decrypt_* /usr/lib/cryptsetup/scripts/
debian/scripts/luksformat /usr/sbin/
-debian/scripts/passdev /lib/cryptsetup/scripts/
+debian/scripts/passdev /usr/lib/cryptsetup/scripts/
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup.lintian-overrides cryptsetup-2.6.1/debian/cryptsetup.lintian-overrides
--- cryptsetup-2.6.1/debian/cryptsetup.lintian-overrides 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup.lintian-overrides 2024-01-05 18:56:40.000000000 +0100
@@ -1,3 +1,7 @@
init.d-script-does-not-implement-status-option [etc/init.d/cryptdisks]
init.d-script-does-not-implement-status-option [etc/init.d/cryptdisks-early]
no-debconf-config
+# begin-remove-after: released:forky
+# DEP17 mitigation aliased diversion for cryptsetup-nuke-password
+cryptsetup: diversion-for-unknown-file lib/cryptsetup/askpass [preinst:*]
+# end-remove-after: released:forky
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup.postinst cryptsetup-2.6.1/debian/cryptsetup.postinst
--- cryptsetup-2.6.1/debian/cryptsetup.postinst 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup.postinst 2024-01-05 18:56:40.000000000 +0100
@@ -14,6 +14,21 @@
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
+# begin-remove-after: released:forky
+if [ "$1" = configure ] &&
+ [ "$(dpkg-divert --truename /usr/lib/cryptsetup/askpass)" = /usr/lib/cryptsetup/askpass.usr-is-merged ] &&
+ [ "$(dpkg-divert --listpackage /usr/lib/cryptsetup/askpass)" = cryptsetup-nuke-password ]; then
+ # /usr/lib/cryptsetup/askpass is still diverted in the same way as our
+ # preinst did. Conclude that cryptsetup-nuke-password was installed
+ # during preinst, we duplicated the diversion and now
+ # cryptsetup-nuke-password is removed. We have to clean up.
+ echo "Removing duplicated diversion of /usr/lib/cryptsetup/askpass after cryptsetup-nuke-password is removed."
+ dpkg-divert --rename --package cryptsetup-nuke-password \
+ --divert /usr/lib/cryptsetup/askpass.usr-is-merged \
+ --remove /usr/lib/cryptsetup/askpass
+fi
+# end-remove-after
+
case "$1" in
configure)
for file in cryptdisks_start cryptdisks_stop; do
diff --minimal -Nru cryptsetup-2.6.1/debian/cryptsetup.preinst cryptsetup-2.6.1/debian/cryptsetup.preinst
--- cryptsetup-2.6.1/debian/cryptsetup.preinst 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/cryptsetup.preinst 2024-01-05 18:56:40.000000000 +0100
@@ -8,6 +8,20 @@
EOC
fi
+# begin-remove-after: released:forky
+if [ "$1" = "upgrade" ] || [ "$1" = install ]; then
+ if [ "$(dpkg-divert --truename /lib/cryptsetup/askpass)" = /lib/cryptsetup/askpass.cryptsetup ] &&
+ [ "$(dpkg-divert --listpackage /lib/cryptsetup/askpass)" = cryptsetup-nuke-password ] &&
+ [ "$(dpkg-divert --truename /usr/lib/cryptsetup/askpass)" = /usr/lib/cryptsetup/askpass ]; then
+ # A pre-/usr-merge cryptsetup-nuke-password is installed.
+ echo "Mitigating diversion of /lib/cryptsetup/askpass on behalf of cryptsetup-nuke-password"
+ dpkg-divert --no-rename --package cryptsetup-nuke-password \
+ --divert /usr/lib/cryptsetup/askpass.usr-is-merged \
+ --add /usr/lib/cryptsetup/askpass
+ fi
+fi
+# end-remove-after
+
#DEBHELPER#
exit 0
diff --minimal -Nru cryptsetup-2.6.1/debian/libcryptsetup-dev.install cryptsetup-2.6.1/debian/libcryptsetup-dev.install
--- cryptsetup-2.6.1/debian/libcryptsetup-dev.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/libcryptsetup-dev.install 2024-01-05 18:56:40.000000000 +0100
@@ -1,3 +1,3 @@
-lib/${DEB_HOST_MULTIARCH}/*.so
-lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc /usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/
+usr/lib/${DEB_HOST_MULTIARCH}/*.so
+usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/*.pc
usr/include/*.h
diff --minimal -Nru cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install
--- cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/libcryptsetup12-udeb.install 2024-01-05 18:56:40.000000000 +0100
@@ -1 +1 @@
-lib/${DEB_HOST_MULTIARCH}/*.so.*
+usr/lib/${DEB_HOST_MULTIARCH}/*.so.*
diff --minimal -Nru cryptsetup-2.6.1/debian/libcryptsetup12.install cryptsetup-2.6.1/debian/libcryptsetup12.install
--- cryptsetup-2.6.1/debian/libcryptsetup12.install 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/libcryptsetup12.install 2024-01-05 18:56:40.000000000 +0100
@@ -1 +1 @@
-lib/${DEB_HOST_MULTIARCH}/*.so.*
+usr/lib/${DEB_HOST_MULTIARCH}/*.so.*
diff --minimal -Nru cryptsetup-2.6.1/debian/not-installed cryptsetup-2.6.1/debian/not-installed
--- cryptsetup-2.6.1/debian/not-installed 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/not-installed 2024-01-05 18:56:40.000000000 +0100
@@ -1,2 +1,2 @@
-lib/${DEB_HOST_MULTIARCH}/libcryptsetup.la
-lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.la
+usr/lib/${DEB_HOST_MULTIARCH}/libcryptsetup.la
+usr/lib/${DEB_HOST_MULTIARCH}/cryptsetup/libcryptsetup-token-ssh.la
diff --minimal -Nru cryptsetup-2.6.1/debian/rules cryptsetup-2.6.1/debian/rules
--- cryptsetup-2.6.1/debian/rules 2023-12-05 17:48:58.000000000 +0100
+++ cryptsetup-2.6.1/debian/rules 2024-01-05 18:56:40.000000000 +0100
@@ -24,8 +24,6 @@
override_dh_auto_configure:
dh_auto_configure -- $(CONFFLAGS) \
- --libdir=/lib/$(DEB_HOST_MULTIARCH) \
- --sbindir=/sbin \
--with-tmpfilesdir=/usr/lib/tmpfiles.d \
--enable-libargon2 \
--enable-shared \
@@ -85,13 +83,13 @@
dh_bugfiles -A
execute_after_dh_fixperms-arch:
- chmod 0755 debian/cryptsetup/lib/cryptsetup/checks/*
- chmod 0755 debian/cryptsetup/lib/cryptsetup/scripts/decrypt_*
- chmod 0755 debian/cryptsetup-suspend/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
- chmod 0755 debian/cryptsetup-suspend/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
+ chmod 0755 debian/cryptsetup/usr/lib/cryptsetup/checks/*
+ chmod 0755 debian/cryptsetup/usr/lib/cryptsetup/scripts/decrypt_*
+ chmod 0755 debian/cryptsetup-suspend/usr/lib/cryptsetup/scripts/suspend/cryptsetup-suspend-wrapper
+ chmod 0755 debian/cryptsetup-suspend/usr/lib/systemd/system-shutdown/cryptsetup-suspend.shutdown
ifeq (,$(filter noudeb, $(DEB_BUILD_PROFILES)))
- chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/checks/*
- chmod 0755 debian/cryptsetup-udeb/lib/cryptsetup/scripts/decrypt_*
+ chmod 0755 debian/cryptsetup-udeb/usr/lib/cryptsetup/checks/*
+ chmod 0755 debian/cryptsetup-udeb/usr/lib/cryptsetup/scripts/decrypt_*
endif
execute_after_dh_fixperms-indep:
More information about the pkg-cryptsetup-devel
mailing list