Bug#1099760: marked as done (cryptsetup: Cryptsetup provided keyscript 'decrypt_gnupg' uses obsolete gnupg option --secret-keyring)

Debian Bug Tracking System Sun, 04 May 2025 13:39:30 -0700

Your message dated Sun, 04 May 2025 20:37:02 +0000
with message-id <e1ubg58-00hz7k...@fasolo.debian.org>
and subject line Bug#1099760: fixed in cryptsetup 2:2.7.5-2
has caused the Debian Bug report #1099760,
regarding cryptsetup: Cryptsetup provided keyscript 'decrypt_gnupg' uses 
obsolete gnupg option --secret-keyring
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1099760: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1099760
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: cryptsetup
Version: 2:2.7.5-1
Severity: minor
X-Debbugs-Cc: debianbts-20230827181...@racbu.de

Dear Maintainer,

I use the cryptsetup provided keyscript 'decrypt_gnupg' to open my
type=plain root disk in the initram-stage. I provide the key via gnupg.

Each time the disk is opened in initram I get the warning:
,---- [ Warning ]
| gpg: WARNING: "--secret-keyring" is an obsolete option - it has no effect
`----

The gpg man page confirms this:
,---- [ man gpg ]
| --secret-keyring file
|     This is an obsolete option and ignored.  All secret keys are stored
|     in the ‘private-keys-v1.d’ directory below the GnuPG home directory.
`----

I can't see any impact on the system. It's only an annoying warning.

It would be nice to remove the option '--secret-keyring /dev/null' from
the script 'decrypt_gnupg' when there is time. Thanks.



-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-6.12.12-amd64 root=/dev/mapper/rey_root ro 
intel_iommu=on,igfx_off

-- /etc/crypttab
# <target name> <source device>         <key file>                      
<options>
cswap1          PARTUUID=34cdd6fc-01    /dev/random                     
cipher=aes-xts-plain64,size=512,hash=sha512,plain,swap
rey_root        PARTUUID=34cdd6fc-02    /boot/keys/rey_key.gpg  
cipher=aes-xts-plain64,size=512,hash=sha512,plain,sector-size=512,keyscript=decrypt_gnupg


-- /etc/fstab
/dev/mapper/cswap1      none            swap    defaults        0       0
/dev/mapper/rey_root    /               ext4    defaults        0       1


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.12-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cryptsetup depends on:
ii  cryptsetup-bin         2:2.7.5-1
ii  debconf [debconf-2.0]  1.5.89
ii  dmsetup                2:1.02.201-1
ii  libc6                  2.40-7

cryptsetup recommends no packages.

Versions of packages cryptsetup suggests:
ii  cryptsetup-initramfs    2:2.7.5-1
ii  dosfstools              4.2-1.1
pn  keyutils                <none>
ii  liblocale-gettext-perl  1.07-7+b1

-- debconf information:
  cryptsetup/prerm_active_mappings: true

--- End Message ---

--- Begin Message ---

Source: cryptsetup
Source-Version: 2:2.7.5-2
Done: Guilhem Moulin <guil...@debian.org>

We believe that the bug you reported is fixed in the latest version of
cryptsetup, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1099...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guilhem Moulin <guil...@debian.org> (supplier of updated cryptsetup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 04 May 2025 21:55:13 +0200
Source: cryptsetup
Architecture: source
Version: 2:2.7.5-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Cryptsetup Team 
<pkg-cryptsetup-de...@alioth-lists.debian.net>
Changed-By: Guilhem Moulin <guil...@debian.org>
Closes: 1031198 1055024 1081552 1087271 1099760 1099818 1101115
Changes:
 cryptsetup (2:2.7.5-2) unstable; urgency=medium
 .
   [ Christoph Anton Mitterer ]
   * d/README.Debian: Minor improvements.
   * d/README.Debian: Document when during the initramfs devices are mapped.
   * d/README.Debian: Change initrd to initramfs.
 .
   [ Stephen Gildea ]
   * initramfs hook: Improve the "Source mismatch" error message when
     /etc/crypttab gives a source device that does not match the current
     source.
 .
   [ Guilhem Moulin ]
   * DEP-8: No longer mark cryptroot-* as flaky and only run them on amd64, see
     https://bugs.debian.org/1073052#50.
   * Fix d/t/initramfs-hook and d/t/initramfs-hook-legacy with initramfs-tools
     ≥0.146. (Closes: #1099818)
   * cryptsetup-suspend-wrapper, DEP-8: Don't hardcode unmkinitramfs destdir.
   * d/t/cryptroot-*: Pass --bitmap=internal to mdadm(8).
   * decrypt_gnupg: Drop obsolete option --secret-keyring. (Closes: #1099760)
   * initramfs hook: Add vmx_crypto module. (Closes: #1087271)
   * d/copyright: Replace FSF's old postal address with an URL.
   * Update Standards-Version to 4.7.2 (no changes necessary).
   * Boot script: Fix prereq() logic between directories. (Closes: #1081552)
 .
   [ Carles Pina i Estany ]
   * Added po-debconf Catalan translation. (Closes: #1101115)
 .
   [ Vladimir Petko ]
   * Fix cryptroot-* autopkgtests on Ubuntu. (Closes: #1031198)
 .
   [ Nicolas Melot ]
   * initramfs: Preserve crypttab order for entries with the 'initramfs' option.
     (Closes: #1055024)
Checksums-Sha1:
 0fc7e6a2a3ad0b1bd415eb0b4d49c8a6810d3ebe 3601 cryptsetup_2.7.5-2.dsc
 bd61036f67e9722caad1174a5513daade27b9017 163948 
cryptsetup_2.7.5-2.debian.tar.xz
 1cf2f1f760a1f3c5876e20bb14b4b3201d598284 11271 
cryptsetup_2.7.5-2_amd64.buildinfo
Checksums-Sha256:
 58a5f218191fe32900102760250741bed4e4f058ca915eb91f5f9a48a16562d7 3601 
cryptsetup_2.7.5-2.dsc
 0ef5da90c00f74582c74f031459c066a232ea6c67463f3d528e2faedf6ea5212 163948 
cryptsetup_2.7.5-2.debian.tar.xz
 0a8729f67df99aef52d408e89201198b7069655bda0b463f1485dac744eedfaa 11271 
cryptsetup_2.7.5-2_amd64.buildinfo
Files:
 8201558eb89e9c8813fb12f4c4d6fb76 3601 admin optional cryptsetup_2.7.5-2.dsc
 f0d292307beac8767a719fdd6db0c0cf 163948 admin optional 
cryptsetup_2.7.5-2.debian.tar.xz
 9b304a349f0e0c02476f3b465523e032 11271 admin optional 
cryptsetup_2.7.5-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmgXyToACgkQ05pJnDwh
pVIjixAAknQrUxVIJ/6at+xDyRASqluWfapcfvhSADag9+wIL0aIwJ87edxYNihr
H6cgYJtAILxtIpcTR917fEO67RQQL+SqMWyWiB8lSl7Zh81bj9iYIJKhKX6vJC7t
DHq8dZ2qsMzvi1I31Qu6oWFmwNg4NpCG0PMZNna6gK3GP4hchdqfgJyDciBoEU6X
J42AgJ5IbrTaUfReFclf3sHrLLa8qfBg3meP5bh6ctOi3IxUY3ZX8w0j9vvHBqp1
tKF1hqF7c8EMQFd7wmuWRLawtfyDn1AWs/8xUMfDGHS1Rg+Ay5f1/QzcJe3aOOsj
nbZCPLpa8f42oP+D0TfGTFeVfcD4TCSFObNW4Sar8ajhx82kfxTttt/8dzeB/BjZ
39ouHBanF47ekwaI9sLjKeFq/ae6KXVjIpmHymse6K3mo3yFgBIJXKOOG3eD0HFu
6LpWDrmQ4/MRFvFWjTIMH29Y/TuggsaYbx6akdDXNBksU5jQRl6wFab/dYjr3Trk
kaWIMHFwHt01lbWbIfSTvfzPP9VmpJMDN1ivnm+mbj8qE5dtPG929hFKubkjL+uj
H8gQlkih92d//fdOgNOzHNUhbsGNaMiXlf7jMJlBjiYoKCfNnVgHwKdsDjEaShYn
jvfGEBN85OyGUtJJ8TCLqHi+ETAC62S6Q39wUjz2U/DOAbdrkMU=
=dSWq
-----END PGP SIGNATURE-----

pgpw2h1Xw_gCd.pgp
Description: PGP signature

--- End Message ---

Bug#1099760: marked as done (cryptsetup: Cryptsetup provided keyscript 'decrypt_gnupg' uses obsolete gnupg option --secret-keyring)

Reply via email to