Debian Installer Buster RC 2 release

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Debian Installer Buster RC 2 release

Cyril Brulebois-4
The Debian Installer team[1] is pleased to announce the second release
candidate of the installer for Debian 10 "Buster".


Improvements in this release
============================

 * choose-mirror:
    - Update Mirrors.masterlist.
 * cryptsetup:
    - New section “Unlocking LUKS devices from GRUB” pointing to:
      https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
 * debian-archive-keyring:
    - Add Buster keys (#917535, #917536).
 * debian-cd:
    - Create images to fit on 16G USB sticks too (for amd64 and i386).
    - Tweak package selection to make the multi-arch firmware netinst
      fit on CD media again (needs a 700MB CD-R): Don't include 686
      PAE kernels on these CDs.
    - Tweak ordering of snapshot URLs in jigdo images to remove load
      on snapshot.debian.org.
 * debian-installer:
    - Add haveged-udeb [linux] to avoid entropy starvation issues
      (#923675). Those could affect HTTPS connections, SSH keypair
      generation, etc.
    - Bump Linux kernel ABI from 4.19.0-4 to 4.19.0-5.
    - Add œ/Œ glyphs for the French translation.
    - Update size limits.
    - Relabel “Dark theme” into “Accessible high contrast” (#930569).
    - Compress armhf u-boot images with “gzip -n” to avoid embedding
      timestamps which cause reproducibility issues.
 * espeakup:
    - Wait longer for sound cards.
 * grub2:
    - Make grub-efi-*-bin recommend efibootmgr, for debugging purposes.
    - Make grub-efi work on armhf too (upstream fixes for alignment
      bugs).
 * installation-guide:
    - Add the partman-auto-lvm/guided_size setting to the example
      preseed config file (#930846).
 * libdebian-installer:
    - Enlarge maximum line length in Packages and Sources files
      (#554444).
 * lowmem:
    - Update size limits.
 * network-console:
    - Fix gen-crypt segfault, which prevented remote installations due
      to a missing password for the “installer” user (#926947, #928299).
 * openssl:
    - Ship an openssl.cnf in libssl1.1-udeb, fixing wget's TLS issues
      in the installer (#926315).
 * partman-auto:
    - Tweak Arabic translation to avoid a hang at the hard disk step
      (#929877).
 * preseed:
    - Update auto-install/defaultroot, replacing stretch with buster
      (#928031).
 * rootskel:
    - Start haveged when appropriate, to avoid entropy starvation
      (#923675). This means when the haveged binary is available, and
      when there's no hardware RNG available.
    - Update size limits for the graphical installer.


UEFI Secure Boot updates
========================

Debian's Secure Boot setup is still being polished, the main updates
are summarized below.

 * debian-installer:
    - Add shim-signed and grub-efi-ARCH-signed to build-dependencies
      for amd64/i386/arm64.
    - Use the signed shim and grub packages for all 3 arches for EFI
      images.
    - Fix the netboot setup for signed grub images to match the
      previous setup and the existing documentation (#928750).
 * grub2:
    - Generate a specific signed netboot image for d-i to use (#928750).
    - Add cpuid, play, ntfs modules to signed UEFI images (#928628,
      #930290, #923855).
    - Deal with --force-extra-removable with signed shim too (#930531).


Hardware support changes
========================

 * debian-installer:
    - [arm64] Add support for netboot SD-card-images.
    - [arm64] Add u-boot images for a64-olinuxino, orangepi_zero_plus2
      and teres_i.
    - Add support for NanoPi NEO2.
 * flash-kernel:
    - Add support for NanoPi NEO2 (#928861).
    - Add support for Marvell 8040 MACCHIATOBin Double-shot and
      Single-shot (#928951).
 * linux:
    - udeb: Add all HWRNG drivers to kernel-image (#923675).
    - udeb: input-modules: Include all keyboard driver modules.
    - [arm64] udeb: kernel-image: Include cros_ec_spi and SPI drivers.
    - [arm64] udeb: kernel-image: Include phy-rockchip-pcie.
    - [arm64] udeb: usb-modules: Include phy-rockchip-typec and
      extcon-usbc-cros-ec.
    - [arm64] udeb: mmc-modules: Include phy-rockchip-emmc.
    - [arm64] udeb: fb-modules: Include rockchipdrm, panel-simple,
      pwm_bl, and pwm-cros-ec.
    - udeb: Drop unused ntfs-modules packages.


Localization status
===================

 * 76 languages are supported in this release.
 * Full translation for 39 of them.


Known bugs in this release
==========================

 * There seems to be no known major bug as of yet.

See the errata[2] for details and a full list of known issues.


Feedback for this release
=========================

We need your help to find bugs and further improve the installer,
so please try it. Installer CDs, other media and everything else you
will need are available at our web site[3].


Thanks
======

The Debian Installer team thanks everybody who has contributed to this
release.


 1. https://wiki.debian.org/DebianInstaller/Team
 2. https://www.debian.org/devel/debian-installer/errata
 3. https://www.debian.org/devel/debian-installer


Cheers,
--
Cyril Brulebois ([hidden email])            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Debian Installer Buster RC 2 release

ghe-2
On 6/26/19 1:57 PM, Peter Ehlert wrote:

>
>
>
> -------- Forwarded Message --------
> Subject: Debian Installer Buster RC 2 release
> Resent-Date: Wed, 26 Jun 2019 17:49:25 +0000 (UTC)
> Resent-From: [hidden email]
> Date: Wed, 26 Jun 2019 19:49:09 +0200
> From: Cyril Brulebois <[hidden email]>
> Reply-To: [hidden email]
> Organization: Debian
> To: [hidden email]
> CC: [hidden email]
>
>
>
> The Debian Installer team[1] is pleased to announce the second release
> candidate of the installer for Debian 10 "Buster".

Thanks -- I've been expecting this. Where the hell is it?

I've looked as best I know how to find a netinstall iso.


--
Glenn English

Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Debian Installer Buster RC 2 release

Steve McIntyre
On Wed, Jun 26, 2019 at 06:32:17PM -0600, ghe wrote:

>On 6/26/19 1:57 PM, Peter Ehlert wrote:
>>
>>
>>
>> -------- Forwarded Message --------
>> Subject: Debian Installer Buster RC 2 release
>> Resent-Date: Wed, 26 Jun 2019 17:49:25 +0000 (UTC)
>> Resent-From: [hidden email]
>> Date: Wed, 26 Jun 2019 19:49:09 +0200
>> From: Cyril Brulebois <[hidden email]>
>> Reply-To: [hidden email]
>> Organization: Debian
>> To: [hidden email]
>> CC: [hidden email]
>>
>>
>>
>> The Debian Installer team[1] is pleased to announce the second release
>> candidate of the installer for Debian 10 "Buster".
>
>Thanks -- I've been expecting this. Where the hell is it?
>
>I've looked as best I know how to find a netinstall iso.

There are links at the bottom of the mail you were replying to,
including:

  https://www.debian.org/devel/debian-installer

--
Steve McIntyre, Cambridge, UK.                                [hidden email]
"I used to be the first kid on the block wanting a cranial implant,
 now I want to be the first with a cranial firewall. " -- Charlie Stross

Reply | Threaded
Open this post in threaded view
|

Re: Debian Installer Buster RC 2 release

Darshaka Pathirana-2
In reply to this post by Cyril Brulebois-4
Hi,

Just a quick note.

On 6/26/19 7:49 PM, Cyril Brulebois wrote:

> The Debian Installer team[1] is pleased to announce the second release
> candidate of the installer for Debian 10 "Buster".
>
>
> Improvements in this release
> ============================
>
>  * choose-mirror:Hi
>     - Update Mirrors.masterlist.
>  * cryptsetup:
>     - New section “Unlocking LUKS devices from GRUB” pointing to:
>       https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
The guide states the following:

,----
| But as of Buster cryptsetup(8) defaults to a new LUKS header format
| version, which isn’t supported by GRUB as of 2.04. Hence the
| pre-Buster workarounds won’t work anymore.
`----

But looking at cryptsetup(8)[1], it is not mentioned that luks2
is default, in fact it seems to tell the opposite:

[1] https://manpages.debian.org/testing/cryptsetup-bin/cryptsetup.8.en.html

,----
| LUKS2 is a new version of header format that allows additional extensions like
| different PBKDF algorithm or authenticated encryption. You can format device
| with LUKS2 header if you specify --type luks2 in luksFormat command. For
| activation, the format is already recognized automatically.
`----
[2] https://gitlab.com/cryptsetup/cryptsetup/blob/master/man/cryptsetup.8#L241

and

,----
| To use LUKS2, specify --type luks2.
`----
[3] https://gitlab.com/cryptsetup/cryptsetup/blob/master/man/cryptsetup.8#L278

Is the guide wrong or is there a (RC) bug in the man page?

Regards,
 - Darsha

P.s. I am not on the list, I read this via debian-devel-announce.


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Debian Installer Buster RC 2 release

Cyril Brulebois-4
[ Adding cryptsetup maintainer to the loop. ]

Hi,

Darshaka Pathirana <[hidden email]> (2019-07-01):
> Just a quick note.

Thanks for the feedback.

> On 6/26/19 7:49 PM, Cyril Brulebois wrote:
> > The Debian Installer team[1] is pleased to announce the second release
> > candidate of the installer for Debian 10 "Buster".
> >
> >
> > Improvements in this release
> > ============================
> >
> >  * choose-mirror:Hi
> >     - Update Mirrors.masterlist.
> >  * cryptsetup:
> >     - New section “Unlocking LUKS devices from GRUB” pointing to:
> >       https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
>
> The guide states the following:
>
> ,----
> | But as of Buster cryptsetup(8) defaults to a new LUKS header format
> | version, which isn’t supported by GRUB as of 2.04. Hence the
> | pre-Buster workarounds won’t work anymore.
> `----
>
> But looking at cryptsetup(8)[1], it is not mentioned that luks2
> is default, in fact it seems to tell the opposite:
>
> [1] https://manpages.debian.org/testing/cryptsetup-bin/cryptsetup.8.en.html
>
> ,----
> | LUKS2 is a new version of header format that allows additional extensions like
> | different PBKDF algorithm or authenticated encryption. You can format device
> | with LUKS2 header if you specify --type luks2 in luksFormat command. For
> | activation, the format is already recognized automatically.
> `----
> [2] https://gitlab.com/cryptsetup/cryptsetup/blob/master/man/cryptsetup.8#L241
>
> and
>
> ,----
> | To use LUKS2, specify --type luks2.
> `----
> [3] https://gitlab.com/cryptsetup/cryptsetup/blob/master/man/cryptsetup.8#L278
That doesn't say much about the default setting; but I can see how one
could read it as “this is not the default”.

> Is the guide wrong or is there a (RC) bug in the man page?

The guide was just written, is correct; and a possible bug in the
manpage wouldn't exactly qualify as release critical.

> P.s. I am not on the list, I read this via debian-devel-announce.

ACK.


Cheers,
--
Cyril Brulebois ([hidden email])            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: unclear LUKS format version from the manpage (Was: Debian Installer Buster RC 2 release)

Guilhem Moulin-2
Hi there,

On Mon, 01 Jul 2019 at 02:54:30 +0200, Cyril Brulebois wrote:

>> [1] https://manpages.debian.org/testing/cryptsetup-bin/cryptsetup.8.en.html
>>
>> ,----
>> | LUKS2 is a new version of header format that allows additional extensions like
>> | different PBKDF algorithm or authenticated encryption. You can format device
>> | with LUKS2 header if you specify --type luks2 in luksFormat command. For
>> | activation, the format is already recognized automatically.
>> `----
>> [2] https://gitlab.com/cryptsetup/cryptsetup/blob/master/man/cryptsetup.8#L241
>>
>> and
>>
>> ,----
>> | To use LUKS2, specify --type luks2.
>> `----
>> [3] https://gitlab.com/cryptsetup/cryptsetup/blob/master/man/cryptsetup.8#L278
>
> That doesn't say much about the default setting; but I can see how one
> could read it as “this is not the default”.
Thanks for the feedback indeed, that manpage snippet should probably be
reformulated.  Would you mind filing a bug against the cryptsetup-bin
package?  I can also do it otherwise.  That bit was likely written for
2.0 (when LUKS2 support was introduced), and not updated for 2.1 (when
LUKS2 was made the default LUKS format).

The compiled in-default for cryptsetup(8) can be obtained with

    ~$ cryptsetup --help
    […]
    Default compiled-in metadata format is LUKS2 (for luksFormat action).
    […]

That setting, as well as other compiled-in defaults (PBKDF algorithm and
parameters, ciphers, modes), comes from upstream.  The Debian binary doesn't
differ in that regard.

>> P.s. I am not on the list, I read this via debian-devel-announce.

Likewise I'm not subscribed to debian-boot.

Cheers,
--
Guilhem.

signature.asc (849 bytes) Download Attachment