Sync from SUSE:SLFO:Main cryptsetup revision a3b65fc70655f817e62499452695dec5
This commit is contained in:
commit
a7e23cd6de
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
3
baselibs.conf
Normal file
3
baselibs.conf
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
libcryptsetup12
|
||||||
|
provides "libcryptsetup12-hmac-<targettype> = %{version}"
|
||||||
|
obsoletes "libcryptsetup12-hmac-<targettype> < %{version}"
|
16
cryptsetup-2.6.1.tar.sign
Normal file
16
cryptsetup-2.6.1.tar.sign
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmPlHwIACgkQ2bBXe9k+
|
||||||
|
mPwtxg/+PohA6Ygk3e61i0IZmLdvHO2PJG3JefLxf1QDqImkKcALgUdNrt/qv1SZ
|
||||||
|
CBtM4pmYXfhIpYzavSPZdAC0nLvKkx66PpQRCk/ZmUSNZJ8IzmoM5MPZhWLspYtK
|
||||||
|
Z4mVXJz+UVdCAf7ayK7li9A+a947jpVKFlc5hSiQ8SnmkT8X0MhqGPLsO9Z6ndNK
|
||||||
|
+VpBPozZ1YQ6THYp2so5lF3BW9G6YAkm5XhN6IQreDCdZwF0Y4lff6G9PNHFSLpC
|
||||||
|
k9yLmvUgDsDNTcEjXeKbtvIlOzjjHfhJkEmyo9jNDWNUSU6wt5RqnCZmd1VbCQyB
|
||||||
|
HVCKb9Y0Yoz9rvzFBWnU6d1ZCe3aKLrVF89yK6mJ7CYh4CVURMJmIJ+1rEeg2z5n
|
||||||
|
NhXSLrMMF+Q9P/VNupOMec1DOg2OMRKExps5r7kvDeVOz9FmJoguMxAu1+dt0Ze8
|
||||||
|
4b86ii2F+Py2tOy5OzQu7PvQkKbl8dvi8qJM8cEovKIsWiHTp/2Heo0gjXaLJ/kK
|
||||||
|
v/821T9v3ZO7dmtlhgps9q4xEjWV/u3kWwXXFgEtKby48UVzTGNXsDDdkrVEdy2J
|
||||||
|
jKBnqO31mGa8ButNRQvZ6rEOPFaCmdpy95/u5v22LhlACdkEwt5Cky0t6NMKSpvp
|
||||||
|
sSgVzYmU6Pk5RdOzZCt1pyIPwEfJa1y5N1k/kuBasdqPw95RRsM=
|
||||||
|
=m/Re
|
||||||
|
-----END PGP SIGNATURE-----
|
BIN
cryptsetup-2.6.1.tar.xz
(Stored with Git LFS)
Normal file
BIN
cryptsetup-2.6.1.tar.xz
(Stored with Git LFS)
Normal file
Binary file not shown.
@ -0,0 +1,72 @@
|
|||||||
|
From 7893c33d71cde09e240234c484c6c468f22c2fe7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Milan Broz <gmazyland@gmail.com>
|
||||||
|
Date: Mon, 3 Apr 2023 13:31:16 +0200
|
||||||
|
Subject: [PATCH] Check for physical memory available also in PBKDF benchmark.
|
||||||
|
|
||||||
|
---
|
||||||
|
lib/internal.h | 1 +
|
||||||
|
lib/utils_benchmark.c | 9 +++++++++
|
||||||
|
lib/utils_pbkdf.c | 4 ++--
|
||||||
|
3 files changed, 12 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
Index: cryptsetup-2.6.1/lib/internal.h
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-2.6.1.orig/lib/internal.h
|
||||||
|
+++ cryptsetup-2.6.1/lib/internal.h
|
||||||
|
@@ -89,6 +89,7 @@ int crypt_benchmark_pbkdf_internal(struc
|
||||||
|
struct crypt_pbkdf_type *pbkdf,
|
||||||
|
size_t volume_key_size);
|
||||||
|
const char *crypt_get_cipher_spec(struct crypt_device *cd);
|
||||||
|
+uint32_t pbkdf_adjusted_phys_memory_kb(void);
|
||||||
|
|
||||||
|
/* Device backend */
|
||||||
|
struct device;
|
||||||
|
Index: cryptsetup-2.6.1/lib/utils_benchmark.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-2.6.1.orig/lib/utils_benchmark.c
|
||||||
|
+++ cryptsetup-2.6.1/lib/utils_benchmark.c
|
||||||
|
@@ -101,6 +101,7 @@ int crypt_benchmark_pbkdf(struct crypt_d
|
||||||
|
{
|
||||||
|
int r, priority;
|
||||||
|
const char *kdf_opt;
|
||||||
|
+ uint32_t memory_kb;
|
||||||
|
|
||||||
|
if (!pbkdf || (!password && password_size))
|
||||||
|
return -EINVAL;
|
||||||
|
@@ -113,6 +114,14 @@ int crypt_benchmark_pbkdf(struct crypt_d
|
||||||
|
|
||||||
|
log_dbg(cd, "Running %s(%s) benchmark.", pbkdf->type, kdf_opt);
|
||||||
|
|
||||||
|
+ memory_kb = pbkdf_adjusted_phys_memory_kb();
|
||||||
|
+ if (memory_kb < pbkdf->max_memory_kb) {
|
||||||
|
+ log_dbg(cd, "Not enough physical memory detected, "
|
||||||
|
+ "PBKDF max memory decreased from %dkB to %dkB.",
|
||||||
|
+ pbkdf->max_memory_kb, memory_kb);
|
||||||
|
+ pbkdf->max_memory_kb = memory_kb;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
crypt_process_priority(cd, &priority, true);
|
||||||
|
r = crypt_pbkdf_perf(pbkdf->type, pbkdf->hash, password, password_size,
|
||||||
|
salt, salt_size, volume_key_size, pbkdf->time_ms,
|
||||||
|
Index: cryptsetup-2.6.1/lib/utils_pbkdf.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-2.6.1.orig/lib/utils_pbkdf.c
|
||||||
|
+++ cryptsetup-2.6.1/lib/utils_pbkdf.c
|
||||||
|
@@ -61,7 +61,7 @@ const struct crypt_pbkdf_type *crypt_get
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
-static uint32_t adjusted_phys_memory(void)
|
||||||
|
+uint32_t pbkdf_adjusted_phys_memory_kb(void)
|
||||||
|
{
|
||||||
|
uint64_t memory_kb = crypt_getphysmemory_kb();
|
||||||
|
|
||||||
|
@@ -249,7 +249,7 @@ int init_pbkdf_type(struct crypt_device
|
||||||
|
}
|
||||||
|
|
||||||
|
if (cd_pbkdf->max_memory_kb) {
|
||||||
|
- memory_kb = adjusted_phys_memory();
|
||||||
|
+ memory_kb = pbkdf_adjusted_phys_memory_kb();
|
||||||
|
if (cd_pbkdf->max_memory_kb > memory_kb) {
|
||||||
|
log_dbg(cd, "Not enough physical memory detected, "
|
||||||
|
"PBKDF max memory decreased from %dkB to %dkB.",
|
@ -0,0 +1,160 @@
|
|||||||
|
From 899bad8c06957a94a198d1eaa293ed8db205f1de Mon Sep 17 00:00:00 2001
|
||||||
|
From: Milan Broz <gmazyland@gmail.com>
|
||||||
|
Date: Mon, 20 Feb 2023 16:45:36 +0100
|
||||||
|
Subject: [PATCH] Try to avoid OOM killer on low-memory systems without swap.
|
||||||
|
|
||||||
|
Benchmark for memory-hard KDF is tricky, seems that relying
|
||||||
|
on maximum half of physical memory is not enough.
|
||||||
|
|
||||||
|
Let's allow only free physical available space if there is no swap.
|
||||||
|
This should not cause changes on normal systems, at least.
|
||||||
|
---
|
||||||
|
lib/internal.h | 2 ++
|
||||||
|
lib/utils.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++
|
||||||
|
lib/utils_pbkdf.c | 11 ++++++++++-
|
||||||
|
tests/api-test-2.c | 12 ++++++++----
|
||||||
|
4 files changed, 67 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
Index: cryptsetup-2.6.1/lib/internal.h
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-2.6.1.orig/lib/internal.h
|
||||||
|
+++ cryptsetup-2.6.1/lib/internal.h
|
||||||
|
@@ -169,6 +169,8 @@ int crypt_uuid_cmp(const char *dm_uuid,
|
||||||
|
size_t crypt_getpagesize(void);
|
||||||
|
unsigned crypt_cpusonline(void);
|
||||||
|
uint64_t crypt_getphysmemory_kb(void);
|
||||||
|
+uint64_t crypt_getphysmemoryfree_kb(void);
|
||||||
|
+bool crypt_swapavailable(void);
|
||||||
|
|
||||||
|
int init_crypto(struct crypt_device *ctx);
|
||||||
|
|
||||||
|
Index: cryptsetup-2.6.1/lib/utils.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-2.6.1.orig/lib/utils.c
|
||||||
|
+++ cryptsetup-2.6.1/lib/utils.c
|
||||||
|
@@ -59,6 +59,53 @@ uint64_t crypt_getphysmemory_kb(void)
|
||||||
|
return phys_memory_kb;
|
||||||
|
}
|
||||||
|
|
||||||
|
+uint64_t crypt_getphysmemoryfree_kb(void)
|
||||||
|
+{
|
||||||
|
+ long pagesize, phys_pages;
|
||||||
|
+ uint64_t phys_memoryfree_kb;
|
||||||
|
+
|
||||||
|
+ pagesize = sysconf(_SC_PAGESIZE);
|
||||||
|
+ phys_pages = sysconf(_SC_AVPHYS_PAGES);
|
||||||
|
+
|
||||||
|
+ if (pagesize < 0 || phys_pages < 0)
|
||||||
|
+ return 0;
|
||||||
|
+
|
||||||
|
+ phys_memoryfree_kb = pagesize / 1024;
|
||||||
|
+ phys_memoryfree_kb *= phys_pages;
|
||||||
|
+
|
||||||
|
+ return phys_memoryfree_kb;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+bool crypt_swapavailable(void)
|
||||||
|
+{
|
||||||
|
+ int fd;
|
||||||
|
+ ssize_t size;
|
||||||
|
+ char buf[4096], *p;
|
||||||
|
+ uint64_t total;
|
||||||
|
+
|
||||||
|
+ if ((fd = open("/proc/meminfo", O_RDONLY)) < 0)
|
||||||
|
+ return true;
|
||||||
|
+
|
||||||
|
+ size = read(fd, buf, sizeof(buf));
|
||||||
|
+ close(fd);
|
||||||
|
+ if (size < 1)
|
||||||
|
+ return true;
|
||||||
|
+
|
||||||
|
+ if (size < (ssize_t)sizeof(buf))
|
||||||
|
+ buf[size] = 0;
|
||||||
|
+ else
|
||||||
|
+ buf[sizeof(buf) - 1] = 0;
|
||||||
|
+
|
||||||
|
+ p = strstr(buf, "SwapTotal:");
|
||||||
|
+ if (!p)
|
||||||
|
+ return true;
|
||||||
|
+
|
||||||
|
+ if (sscanf(p, "SwapTotal: %" PRIu64 " kB", &total) != 1)
|
||||||
|
+ return true;
|
||||||
|
+
|
||||||
|
+ return total > 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
void crypt_process_priority(struct crypt_device *cd, int *priority, bool raise)
|
||||||
|
{
|
||||||
|
int _priority, new_priority;
|
||||||
|
Index: cryptsetup-2.6.1/lib/utils_pbkdf.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-2.6.1.orig/lib/utils_pbkdf.c
|
||||||
|
+++ cryptsetup-2.6.1/lib/utils_pbkdf.c
|
||||||
|
@@ -63,7 +63,7 @@ const struct crypt_pbkdf_type *crypt_get
|
||||||
|
|
||||||
|
uint32_t pbkdf_adjusted_phys_memory_kb(void)
|
||||||
|
{
|
||||||
|
- uint64_t memory_kb = crypt_getphysmemory_kb();
|
||||||
|
+ uint64_t free_kb, memory_kb = crypt_getphysmemory_kb();
|
||||||
|
|
||||||
|
/* Ignore bogus value */
|
||||||
|
if (memory_kb < (128 * 1024) || memory_kb > UINT32_MAX)
|
||||||
|
@@ -75,6 +75,15 @@ uint32_t pbkdf_adjusted_phys_memory_kb(v
|
||||||
|
*/
|
||||||
|
memory_kb /= 2;
|
||||||
|
|
||||||
|
+ /*
|
||||||
|
+ * Never use more that available free space on system without swap.
|
||||||
|
+ */
|
||||||
|
+ if (!crypt_swapavailable()) {
|
||||||
|
+ free_kb = crypt_getphysmemoryfree_kb();
|
||||||
|
+ if (free_kb > (64 * 1024) && free_kb < memory_kb)
|
||||||
|
+ return free_kb;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
return memory_kb;
|
||||||
|
}
|
||||||
|
|
||||||
|
Index: cryptsetup-2.6.1/tests/api-test-2.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-2.6.1.orig/tests/api-test-2.c
|
||||||
|
+++ cryptsetup-2.6.1/tests/api-test-2.c
|
||||||
|
@@ -2802,7 +2802,8 @@ static void Pbkdf(void)
|
||||||
|
OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
|
||||||
|
OK_(strcmp(pbkdf->hash, default_luks1_hash));
|
||||||
|
EQ_(pbkdf->time_ms, default_luks2_iter_time);
|
||||||
|
- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
|
||||||
|
+ GE_(pbkdf->max_memory_kb, 64 * 1024);
|
||||||
|
+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb);
|
||||||
|
EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
|
||||||
|
// set and verify argon2 type
|
||||||
|
OK_(crypt_set_pbkdf_type(cd, &argon2));
|
||||||
|
@@ -2827,7 +2828,8 @@ static void Pbkdf(void)
|
||||||
|
OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
|
||||||
|
OK_(strcmp(pbkdf->hash, default_luks1_hash));
|
||||||
|
EQ_(pbkdf->time_ms, default_luks2_iter_time);
|
||||||
|
- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
|
||||||
|
+ GE_(pbkdf->max_memory_kb, 64 * 1024);
|
||||||
|
+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb);
|
||||||
|
EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
|
||||||
|
// try to pass illegal values
|
||||||
|
argon2.parallel_threads = 0;
|
||||||
|
@@ -2858,14 +2860,16 @@ static void Pbkdf(void)
|
||||||
|
OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
|
||||||
|
OK_(strcmp(pbkdf->hash, default_luks1_hash));
|
||||||
|
EQ_(pbkdf->time_ms, default_luks2_iter_time);
|
||||||
|
- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
|
||||||
|
+ GE_(pbkdf->max_memory_kb, 64 * 1024);
|
||||||
|
+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb);
|
||||||
|
EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
|
||||||
|
crypt_set_iteration_time(cd, 1);
|
||||||
|
OK_(crypt_load(cd, CRYPT_LUKS, NULL));
|
||||||
|
OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
|
||||||
|
OK_(strcmp(pbkdf->hash, default_luks1_hash));
|
||||||
|
EQ_(pbkdf->time_ms, 1);
|
||||||
|
- EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
|
||||||
|
+ GE_(pbkdf->max_memory_kb, 64 * 1024);
|
||||||
|
+ GE_(adjusted_pbkdf_memory(), pbkdf->max_memory_kb);
|
||||||
|
EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
|
||||||
|
CRYPT_FREE(cd);
|
||||||
|
|
@ -0,0 +1,41 @@
|
|||||||
|
From 6721d3a8b29b13fe88aeeaefe09d457e99d1c6fa Mon Sep 17 00:00:00 2001
|
||||||
|
From: Milan Broz <gmazyland@gmail.com>
|
||||||
|
Date: Mon, 17 Apr 2023 13:41:17 +0200
|
||||||
|
Subject: [PATCH] Use only half of detected free memory on systems without
|
||||||
|
swap.
|
||||||
|
|
||||||
|
As tests shows, limiting used Argon2 memory to free memory on
|
||||||
|
systems without swap is still not enough.
|
||||||
|
Use just half of it, this should bring needed margin while
|
||||||
|
still use Argon2.
|
||||||
|
|
||||||
|
Note, for very-low memory constrained systems user should
|
||||||
|
avoid memory-hard PBKDF (IOW manually select PBKDF2), we
|
||||||
|
do not do this automatically.
|
||||||
|
---
|
||||||
|
lib/utils_pbkdf.c | 9 ++++++++-
|
||||||
|
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
Index: cryptsetup-2.6.1/lib/utils_pbkdf.c
|
||||||
|
===================================================================
|
||||||
|
--- cryptsetup-2.6.1.orig/lib/utils_pbkdf.c
|
||||||
|
+++ cryptsetup-2.6.1/lib/utils_pbkdf.c
|
||||||
|
@@ -76,10 +76,17 @@ uint32_t pbkdf_adjusted_phys_memory_kb(v
|
||||||
|
memory_kb /= 2;
|
||||||
|
|
||||||
|
/*
|
||||||
|
- * Never use more that available free space on system without swap.
|
||||||
|
+ * Never use more that half of available free memory on system without swap.
|
||||||
|
*/
|
||||||
|
if (!crypt_swapavailable()) {
|
||||||
|
free_kb = crypt_getphysmemoryfree_kb();
|
||||||
|
+
|
||||||
|
+ /*
|
||||||
|
+ * Using exactly free memory causes OOM too, use only half of the value.
|
||||||
|
+ * Ignore small values (< 64MB), user should use PBKDF2 in such environment.
|
||||||
|
+ */
|
||||||
|
+ free_kb /= 2;
|
||||||
|
+
|
||||||
|
if (free_kb > (64 * 1024) && free_kb < memory_kb)
|
||||||
|
return free_kb;
|
||||||
|
}
|
1944
cryptsetup.changes
Normal file
1944
cryptsetup.changes
Normal file
File diff suppressed because it is too large
Load Diff
56
cryptsetup.keyring
Normal file
56
cryptsetup.keyring
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
pub 4096R/D93E98FC 2012-04-01 [expires: 2022-03-30]
|
||||||
|
uid Milan Broz <gmazyland@gmail.com>
|
||||||
|
sub 4096R/4BBD6F43 2012-04-01 [expires: 2022-03-30]
|
||||||
|
|
||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
Version: GnuPG v2.0.19 (GNU/Linux)
|
||||||
|
|
||||||
|
mQINBE94p38BEADZRET8y1gVxlfDk44/XwBbFjC7eM6EanyCuivUPMmPwYDo9qRe
|
||||||
|
y0JdOGhWhAZeutGGxsKliozmeTL25Z6wWICu2oeY+ZfbgJQYHFeQ01NVwoYy57hh
|
||||||
|
ytZw/6IMLFRcIaWSHd7oNdneQg6mVJcGdA/BOX68uo3RKSHj6Q8GoQ54F/NpCotz
|
||||||
|
VcP1ORpVJ5ptyG0x6OZm5Esn61pKE979wcHsz7EzcDYl+3MS63gZm+O3D1u80bUM
|
||||||
|
mBUlxyEiC5jo5ksTFheA8m/5CAPQtxzYvgezYlLLS3nkxaq2ERK5DhvMv0NktXSu
|
||||||
|
tfWQsOI5WLjG7UWStwAnO2W+CVZLcnZV0K6OKDaFbCj4ovg5HV0FyQZknN2O5Qbx
|
||||||
|
esNlNWkMOJAnnX6c/zowO7jq8GCpa3oJl3xxmwFbCZtH4z3fEVw0wAFc2JlnufR4
|
||||||
|
dhaax9fhNoUJ4OSVTi9zqstxhEyywkazakEvAYwOlC5+1FKoc9UIvApAGvgcTJGT
|
||||||
|
Op7MuHptHGwWvGZEaJqcsqoy7rsYPxtDQ7bJuJJblzGIUxWAl8qsUsF8M4ISxBkf
|
||||||
|
fcUYiR0wh1luUhXFo2rRTKT+Ic/nJDE66Ee4Ecn9+BPlNODhlEG1vk62rhiYSnyz
|
||||||
|
y5MAUhUlstDxuEjYK+NGd2aYH0VANZalqlUZFTEdOdA6NYROxkYZVsVtXQARAQAB
|
||||||
|
tCBNaWxhbiBCcm96IDxnbWF6eWxhbmRAZ21haWwuY29tPokCPgQTAQIAKAUCT3in
|
||||||
|
fwIbAwUJEswDAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ2bBXe9k+mPxp
|
||||||
|
bg//ZWDcQVNAKOWCviNnNvT315WbDrjsJ6FApF83hB52qQO9tvjb5ZY54794uwof
|
||||||
|
idOqi0XFoLkoLyiJkkvc3Q9SnM89hyhzrxnh2ym4rUr4cL6F9e99uC656er4telM
|
||||||
|
bg9OSPR2iNuqsAzyMhOGMEnnm97YQ2QWOnvbC8QgoQB5VvF3nZMgqTPTxctlUfc7
|
||||||
|
t4BlGcIBLG0oINUNDf441KAXgMP05kVK0CDQd02CTPok2Qshbg6aw56eSSUTB4aq
|
||||||
|
ZM8St1ySJ2ccMDRC9mCqcNFtuuPyAAJAJFmEvlxahd0BA0mwV3ce38JBbTqs5k0X
|
||||||
|
2JVljHObgnfp3WDtuY8Lj0u8KvN0CAYJhRuhY40fARh8EPfkNvIx/740ueexsUBW
|
||||||
|
3N1/lCeABaOKtu11kVUxvDxaFRQc2I5vl/sZMunSjJQQiwrWNbrwZgidwkHzvizm
|
||||||
|
LjdgHgCJeEC+tu1qifTCOllufvXagjYmrH4hm/Qz6+91lLksrHooxp3nAcN78d5/
|
||||||
|
E4reamx0+DleOJ2yD1UeP2wUDdB23OQU3ipVDYwIuIvDWiZSIVwXyDLhuc64ti4t
|
||||||
|
ScUGfucEKMER1eLTJ+zILHZ9R4K7C2BhEGSAyxkeeX/Z8pLNOJ1RdU+B+ZFNXuIH
|
||||||
|
LJbgrAiOOqr07WPbvRT1LvO/w/4m31D9Kalc4Jyqn9+pjtm5Ag0ET3infwEQAN6E
|
||||||
|
dXyfw9xr56CJ1asnQ1PSxpzEGlUsEHvn4wcufyC8KN6VGUlR3WinlaGvOICzvYOi
|
||||||
|
S06E6PqKDEgbbApBh2//6Ihk1OynS0y4hYepJi+pstdXoiud6NQSNQlcFjCfI8Wz
|
||||||
|
AT3rensVLmwc3HgRW5qqt5Vc+EWdg9cylZ48QdPyo3WyOd2pyL+yqNZPjMGijE8z
|
||||||
|
vzurwZiO9aBkJCjulqXMs1YyyIqfTxKQ1GCUQq4SoIQXjD8HvgJ7T/TpuDf9wFhe
|
||||||
|
onGqxiJpxb02LMEdkPgugKIgG6iOFplzrsySyoiJsGa0mJ0n0O6rXQxl1mK/zdfg
|
||||||
|
vm4CPDujbgINnIxRxPescCVYcmjM8kTlGYJuKp4GgbwbwkCISs4retaAXiP3a2f3
|
||||||
|
eSaJc5SnWWa3JqH5ogkEWvuezjNxW5fMpBWszdQEsgnsdlK37V+aB5oWnnkZRlWk
|
||||||
|
1YhGwL1ODz+EZzSsGlkIr7BYakK3xRYbxVfQkUr7EeqruXohSOnPAowePYAXCigC
|
||||||
|
fWvIJMlrPLIOD2GOy9eV3UZ/JDn/7YPfFAjNb0gVdpqBCQNH/fP2ePC0FzW+3YL1
|
||||||
|
UbR+qMAEbKbFepycg75LbC08jFuQVvauDQta4EAvBkF460PoskCzcMuREntjMxip
|
||||||
|
B6IMSoOD74tcGYfUp6/kcgdEaqyK8214couO/u8HABEBAAGJAiUEGAECAA8FAk94
|
||||||
|
p38CGwwFCRLMAwAACgkQ2bBXe9k+mPzIRA//bAf0Ng8dJ+IgydRtdT9X2xYKyukk
|
||||||
|
A3HlrOImOoA4Thrv/HVe7U28AkiQt2DxOmNZYIV0BqvL+dWAD1HYCdQgsgVWVLpr
|
||||||
|
sFfqOYHnAWKsdqyNZHtPC9J6drnwv0vcER0dtDJjMDP4MJMTa4JNjNJYb29WfbIm
|
||||||
|
viDRtIcVujYFoZK2ZBa1Ec7yPfk4CsyE+Y3Qh9Gy8Z08NrrxIn+MVATBbocKs7j1
|
||||||
|
JAvkFk+o1grGnw3NTXnB8gEygAKHHyUgzr5Nyn5qJ28EZr7Vc1FP2lUiKv0JBcHT
|
||||||
|
/9vVXJ1Grd+VF2cwYftMWRKR66lTaUS2BX0ta6IQQSj8nSRsoKapRniCfTm1D4I1
|
||||||
|
6j9bOoEfFdVsMkcrYFtfhq97qgR8gZtVCJkrX2CARZ+a1J+NP/erASd6M1A3n3aM
|
||||||
|
F3xBFfFsotzPplmhzExCYwuOCWIBfPerUQh1MughvG/oT8ZapR6x/EVE+K90J10X
|
||||||
|
pPi8VMi/3QRC5DpCin3Kc14WAE4uEbyUWLKb3PmfmZaS6qFaJNtf2TyZodT0ACgu
|
||||||
|
v9Xs4el0j8FRaCqLvEZS4rKLNxb8EY3Z4LC61QfyAbg5P114muVZ4ro8dzhZ0zwk
|
||||||
|
ZLGeEsYPsQpLo6XPT/32PP8aHn/KKX+KM7ouCEhVeWszR20BMK6sxTBR+4aNqSKC
|
||||||
|
dgr42jrtvzRmJp4=
|
||||||
|
=E79s
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
236
cryptsetup.spec
Normal file
236
cryptsetup.spec
Normal file
@ -0,0 +1,236 @@
|
|||||||
|
#
|
||||||
|
# spec file for package cryptsetup
|
||||||
|
#
|
||||||
|
# Copyright (c) 2023 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
%define so_ver 12
|
||||||
|
Name: cryptsetup
|
||||||
|
Version: 2.6.1
|
||||||
|
Release: 0
|
||||||
|
Summary: Setup program for dm-crypt Based Encrypted Block Devices
|
||||||
|
License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception
|
||||||
|
Group: System/Base
|
||||||
|
URL: https://gitlab.com/cryptsetup/cryptsetup/
|
||||||
|
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{version}.tar.xz
|
||||||
|
# GPG signature of the uncompressed tarball.
|
||||||
|
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-%{version}.tar.sign
|
||||||
|
Source2: baselibs.conf
|
||||||
|
Source3: cryptsetup.keyring
|
||||||
|
#PATCH-FIX-UPSTREAM bsc#1211079 luksFormat: handle system with low memory and no swap space
|
||||||
|
Patch0: cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
|
||||||
|
Patch1: cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
|
||||||
|
Patch2: cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
|
||||||
|
BuildRequires: device-mapper-devel
|
||||||
|
BuildRequires: libjson-c-devel
|
||||||
|
BuildRequires: libpwquality-devel
|
||||||
|
BuildRequires: libselinux-devel
|
||||||
|
BuildRequires: libuuid-devel
|
||||||
|
# 2.6.38 has the required if_alg.h
|
||||||
|
BuildRequires: linux-glibc-devel >= 2.6.38
|
||||||
|
BuildRequires: pkgconfig
|
||||||
|
BuildRequires: popt-devel
|
||||||
|
BuildRequires: suse-module-tools
|
||||||
|
BuildRequires: pkgconfig(blkid)
|
||||||
|
BuildRequires: pkgconfig(libargon2)
|
||||||
|
BuildRequires: pkgconfig(libssh)
|
||||||
|
BuildRequires: pkgconfig(openssl)
|
||||||
|
BuildRequires: rubygem(asciidoctor)
|
||||||
|
Requires(post): coreutils
|
||||||
|
Requires(postun):coreutils
|
||||||
|
Provides: integritysetup = %{version}-%{release}
|
||||||
|
Provides: veritysetup = %{version}-%{release}
|
||||||
|
%if %{?suse_version} >= 1550
|
||||||
|
# LUKS2 used as default format, which GRUB < 2.06 can't read
|
||||||
|
Conflicts: grub2 < 2.06
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%lang_package(cryptsetup)
|
||||||
|
|
||||||
|
%description
|
||||||
|
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
||||||
|
targets. It allows to set up targets to read cryptoloop compatible
|
||||||
|
volumes as well as LUKS formatted ones. The package additionally
|
||||||
|
includes support for automatically setting up encrypted volumes at boot
|
||||||
|
time via the config file %{_sysconfdir}/crypttab.
|
||||||
|
|
||||||
|
%package ssh
|
||||||
|
Summary: Cryptsetup LUKS2 SSH token
|
||||||
|
Group: System/Base
|
||||||
|
|
||||||
|
%description ssh
|
||||||
|
Experimental cryptsetup plugin for unlocking LUKS2 devices with
|
||||||
|
token connected to an SSH server.
|
||||||
|
|
||||||
|
%package doc
|
||||||
|
Summary: Cryptsetup Documentation
|
||||||
|
Group: Documentation/Man
|
||||||
|
Supplements: (cryptsetup and man)
|
||||||
|
Supplements: (cryptsetup and patterns-base-documentation)
|
||||||
|
BuildArch: noarch
|
||||||
|
|
||||||
|
%description doc
|
||||||
|
Documentation and man pages for cryptsetup
|
||||||
|
|
||||||
|
%package -n libcryptsetup%{so_ver}
|
||||||
|
Summary: Library for setting up dm-crypt Based Encrypted Block Devices
|
||||||
|
Group: System/Libraries
|
||||||
|
Provides: libcryptsetup%{so_ver}-hmac = %{version}
|
||||||
|
Obsoletes: libcryptsetup%{so_ver}-hmac < %{version}
|
||||||
|
|
||||||
|
%description -n libcryptsetup%{so_ver}
|
||||||
|
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
||||||
|
targets. It allows to set up targets to read cryptoloop compatible
|
||||||
|
volumes as well as LUKS formatted ones. The package additionally
|
||||||
|
includes support for automatically setting up encrypted volumes at boot
|
||||||
|
time via the config file %{_sysconfdir}/crypttab.
|
||||||
|
|
||||||
|
%package -n lib%{name}-devel
|
||||||
|
Summary: Header files for libcryptsetup
|
||||||
|
Group: Development/Libraries/C and C++
|
||||||
|
Requires: glibc-devel
|
||||||
|
Requires: libcryptsetup%{so_ver} = %{version}
|
||||||
|
# cryptsetup-devel last used 11.1
|
||||||
|
Provides: cryptsetup-devel = %{version}
|
||||||
|
Obsoletes: cryptsetup-devel < %{version}
|
||||||
|
|
||||||
|
%description -n lib%{name}-devel
|
||||||
|
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
||||||
|
targets. It allows to set up targets to read cryptoloop compatible
|
||||||
|
volumes as well as LUKS formatted ones. The package additionally
|
||||||
|
includes support for automatically setting up encrypted volumes at boot
|
||||||
|
time via the config file %{_sysconfdir}/crypttab.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -p1
|
||||||
|
|
||||||
|
%build
|
||||||
|
# force regeneration of manual pages from AsciiDoc
|
||||||
|
rm -f man/*.8
|
||||||
|
|
||||||
|
%configure \
|
||||||
|
--enable-selinux \
|
||||||
|
--enable-fips \
|
||||||
|
--enable-pwquality \
|
||||||
|
--enable-gcrypt-pbkdf2 \
|
||||||
|
--enable-libargon2 \
|
||||||
|
%if %{?suse_version} < 1550
|
||||||
|
--with-default-luks-format=LUKS1 \
|
||||||
|
%endif
|
||||||
|
--with-luks2-lock-path=/run/cryptsetup \
|
||||||
|
--with-tmpfilesdir='%{_tmpfilesdir}'
|
||||||
|
%make_build
|
||||||
|
|
||||||
|
%install
|
||||||
|
|
||||||
|
%make_install
|
||||||
|
%if 0%{?suse_version} < 1550
|
||||||
|
install -dm 0755 %{buildroot}/sbin
|
||||||
|
ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin
|
||||||
|
%endif
|
||||||
|
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
|
||||||
|
find %{buildroot} -type f -name "*.la" -delete -print
|
||||||
|
|
||||||
|
%find_lang %{name} --all-name
|
||||||
|
|
||||||
|
%check
|
||||||
|
%make_build check
|
||||||
|
|
||||||
|
%post
|
||||||
|
%{?regenerate_initrd_post}
|
||||||
|
%tmpfiles_create %{_tmpfilesdir}/cryptsetup.conf
|
||||||
|
|
||||||
|
%postun
|
||||||
|
%{?regenerate_initrd_post}
|
||||||
|
|
||||||
|
%posttrans
|
||||||
|
%{?regenerate_initrd_posttrans}
|
||||||
|
|
||||||
|
%post -n libcryptsetup%{so_ver} -p /sbin/ldconfig
|
||||||
|
|
||||||
|
%postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license COPYING*
|
||||||
|
%if 0%{?suse_version} < 1550
|
||||||
|
/sbin/cryptsetup
|
||||||
|
%endif
|
||||||
|
%{_sbindir}/cryptsetup
|
||||||
|
%{_sbindir}/veritysetup
|
||||||
|
%{_sbindir}/integritysetup
|
||||||
|
%{_tmpfilesdir}/cryptsetup.conf
|
||||||
|
%ghost %attr(700, -, -) %dir /run/cryptsetup
|
||||||
|
|
||||||
|
%files lang -f %{name}.lang
|
||||||
|
|
||||||
|
%files -n libcryptsetup%{so_ver}
|
||||||
|
%{_libdir}/libcryptsetup.so.%{so_ver}*
|
||||||
|
|
||||||
|
%files -n lib%{name}-devel
|
||||||
|
%doc docs/examples/
|
||||||
|
%{_includedir}/libcryptsetup.h
|
||||||
|
%{_libdir}/libcryptsetup.so
|
||||||
|
%{_libdir}/pkgconfig/*
|
||||||
|
|
||||||
|
%files ssh
|
||||||
|
%license COPYING*
|
||||||
|
%dir %{_libdir}/%{name}
|
||||||
|
%{_libdir}/%{name}/libcryptsetup-token-ssh.so
|
||||||
|
%{_mandir}/man8/cryptsetup-ssh.8.gz
|
||||||
|
%{_sbindir}/cryptsetup-ssh
|
||||||
|
|
||||||
|
%files doc
|
||||||
|
%doc AUTHORS FAQ.md README.md docs/*ReleaseNotes docs/on-disk-format*.pdf
|
||||||
|
%{_mandir}/man8/cryptsetup.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-benchmark.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-bitlkDump.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-bitlkOpen.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-close.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-config.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-convert.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-create.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-erase.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-isLuks.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-loopaesOpen.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-luksAddKey.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-luksChangeKey.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-luksConvertKey.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-luksDump.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-luksErase.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-luksFormat.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-luksHeaderBackup.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-luksHeaderRestore.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-luksKillSlot.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-luksOpen.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-luksRemoveKey.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-luksResume.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-luksSuspend.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-luksUUID.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-open.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-plainOpen.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-reencrypt.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-refresh.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-repair.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-resize.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-status.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-tcryptDump.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-tcryptOpen.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-token.8.gz
|
||||||
|
%{_mandir}/man8/integritysetup.8.gz
|
||||||
|
%{_mandir}/man8/veritysetup.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-fvault2Dump.8.gz
|
||||||
|
%{_mandir}/man8/cryptsetup-fvault2Open.8.gz
|
||||||
|
|
||||||
|
%changelog
|
Loading…
Reference in New Issue
Block a user