mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-15 21:00:05 +01:00
Add ReleaseNotes texts into distribution.
git-svn-id: https://cryptsetup.googlecode.com/svn/trunk@433 36d66b0a-2a48-0410-832c-cd162a569da5
This commit is contained in:
Milan Broz
126
docs/v1.2.0-ReleaseNotes
Normal file
126
docs/v1.2.0-ReleaseNotes
Normal file
@@ -0,0 +1,126 @@
|
||||
Cryptsetup 1.2.0 Release Notes
|
||||
==============================
|
||||
|
||||
Changes since version 1.2.0-rc1
|
||||
|
||||
* Fix crypt_activate_by_keyfile() to work with PLAIN devices.
|
||||
* Fix plain create command to properly handle keyfile size.
|
||||
* Update translations.
|
||||
|
||||
Changes since version 1.1.3
|
||||
|
||||
Important changes
|
||||
~~~~~~~~~~~~~~~~~
|
||||
|
||||
* Add text version of *FAQ* (Frequently Asked Questions) to distribution.
|
||||
|
||||
* Add selection of random/urandom number generator for luksFormat
|
||||
(option --use-random and --use-urandom).
|
||||
|
||||
(This affects only long term volume key in *luksFormat*,
|
||||
not RNG used for salt and AF splitter).
|
||||
|
||||
You can also set the default to /dev/random during compilation with
|
||||
--enable-dev-random. Compiled-in default is printed in --help output.
|
||||
|
||||
Be very careful before changing default to blocking /dev/random use here.
|
||||
|
||||
* Fix *luksRemoveKey* to not ask for remaining keyslot passphrase,
|
||||
only for removed one.
|
||||
|
||||
* No longer support *luksDelKey* (replaced with luksKillSlot).
|
||||
* if you want to remove particular passphrase, use *luksKeyRemove*
|
||||
* if you want to remove particular keyslot, use *luksKillSlot*
|
||||
|
||||
Note that in batch mode *luksKillSlot* allows removing of any keyslot
|
||||
without question, in normal mode requires passphrase or keyfile from
|
||||
other keyslot.
|
||||
|
||||
* *Default alignment* for device (if not overridden by topology info)
|
||||
is now (multiple of) *1MiB*.
|
||||
This reflects trends in storage technologies and aligns to the same
|
||||
defaults for partitions and volume management.
|
||||
|
||||
* Allow explicit UUID setting in *luksFormat* and allow change it later
|
||||
in *luksUUID* (--uuid parameter).
|
||||
|
||||
* All commands using key file now allows limited read from keyfile using
|
||||
--keyfile-size and --new-keyfile-size parameters (in bytes).
|
||||
|
||||
This change also disallows overloading of --key-size parameter which
|
||||
is now exclusively used for key size specification (in bits.)
|
||||
|
||||
* *luksFormat* using pre-generated master key now properly allows
|
||||
using key file (only passphrase was allowed prior to this update).
|
||||
|
||||
* Add --dump-master-key option for *luksDump* to perform volume (master)
|
||||
key dump. Note that printed information allows accessing device without
|
||||
passphrase so it must be stored encrypted.
|
||||
|
||||
This operation is useful for simple Key Escrow function (volume key and
|
||||
encryption parameters printed on paper on safe place).
|
||||
|
||||
This operation requires passphrase or key file.
|
||||
|
||||
* The reload command is no longer supported.
|
||||
(Use dmsetup reload instead if needed. There is no real use for this
|
||||
function except explicit data corruption:-)
|
||||
|
||||
* Cryptsetup now properly checks if underlying device is in use and
|
||||
disallows *luksFormat*, *luksOpen* and *create* commands on open
|
||||
(e.g. already mapped or mounted) device.
|
||||
|
||||
* Option --non-exclusive (already deprecated) is removed.
|
||||
|
||||
Libcryptsetup API additions:
|
||||
|
||||
* new functions
|
||||
* crypt_get_type() - explicit query to crypt device context type
|
||||
* crypt_resize() - new resize command using context
|
||||
* crypt_keyslot_max() - helper to get number of supported keyslots
|
||||
* crypt_get_active_device() - get active device info
|
||||
* crypt_set/get_rng_type() - random/urandom RNG setting
|
||||
* crypt_set_uuid() - explicit UUID change of existing device
|
||||
* crypt_get_device_name() - get underlying device name
|
||||
|
||||
* Fix optional password callback handling.
|
||||
|
||||
* Allow to activate by internally cached volume key immediately after
|
||||
crypt_format() without active slot (for temporary devices with
|
||||
on-disk metadata)
|
||||
|
||||
* libcryptsetup is binary compatible with 1.1.x release and still
|
||||
supports legacy API calls
|
||||
|
||||
* cryptsetup binary now uses only new API calls.
|
||||
|
||||
* Static compilation of both library (--enable-static) and cryptsetup
|
||||
binary (--enable-static-cryptsetup) is now properly implemented by common
|
||||
libtool logic.
|
||||
|
||||
Prior to this it produced miscompiled dynamic cryptsetup binary with
|
||||
statically linked libcryptsetup.
|
||||
|
||||
The static binary is compiled as src/cryptsetup.static in parallel
|
||||
with dynamic build if requested.
|
||||
|
||||
Other changes
|
||||
~~~~~~~~~~~~~
|
||||
* Fix default plain password entry from terminal in activate_by_passphrase.
|
||||
* Initialize volume key from active device in crypt_init_by_name()
|
||||
* Fix cryptsetup binary exit codes.
|
||||
0 - success, otherwise fail
|
||||
1 - wrong parameters
|
||||
2 - no permission
|
||||
3 - out of memory
|
||||
4 - wrong device specified
|
||||
5 - device already exists or device is busy
|
||||
* Remove some obsolete info from man page.
|
||||
* Add more regression tests for commands.
|
||||
* Fix possible double free when handling master key file.
|
||||
* Fix pkg-config use in automake scripts.
|
||||
* Wipe iteration and salt after luksKillSlot in LUKS header.
|
||||
* Rewrite file differ test to C (and fix it to really work).
|
||||
* Do not query non-existent device twice (cryptsetup status /dev/nonexistent).
|
||||
* Check if requested hash is supported before writing LUKS header.
|
||||
* Fix problems reported by clang scan-build.
|
||||
Reference in New Issue
Block a user