pool/cryptsetup
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a3b9b4d0c2
cryptsetup/cryptsetup.spec

243 lines
8.3 KiB
RPMSpec
Raw Normal View History

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
#
Accepting request 999046 from home:lnussel:branches:security - cryptsetup 2.5.0: * Split manual pages into per-action pages and use AsciiDoc format. * Remove cryptsetup-reencrypt tool from the project and move reencryption to already existing "cryptsetup reencrypt" command. If you need to emulate the old cryptsetup-reencrypt binary, use simple wrappers script running "exec cryptsetup reencrypt $@". * LUKS2: implement --decryption option that allows LUKS removal. * Fix decryption operation with --active-name option and restrict it to be used only with LUKS2. * Do not refresh reencryption digest when not needed. This should speed up the reencryption resume process. * Store proper resilience data in LUKS2 reencrypt initialization. Resuming reencryption now does not require specification of resilience type parameters if these are the same as during initialization. * Properly wipe the unused area after reencryption with datashift in the forward direction. * Check datashift value against larger sector size. For example, it could cause an issue if misaligned 4K sector appears during decryption. * Do not allow sector size increase reencryption in offline mode. * Do not allow dangerous sector size change during reencryption. * Ask the user for confirmation before resuming reencryption. * Do not resume reencryption with conflicting parameters. * Add --force-offline-reencrypt option. * Do not allow nested encryption in LUKS reencrypt. * Support all options allowed with luksFormat with encrypt action. * Add resize action to integritysetup. * Remove obsolete dracut plugin reencryption example. * Fix possible keyslot area size overflow during conversion to LUKS2. * Allow use of --header option for cryptsetup close. OBS-URL: https://build.opensuse.org/request/show/999046 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=178
2022-08-24 13:32:11 +02:00
# spec file for package cryptsetup
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
#
Accepting request 1142596 from home:pmonrealgonzalez:branches:security - Update to 2.7.0: * Full changelog in: mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes * Introduce support for hardware OPAL disk encryption. * plain mode: Set default cipher to aes-xts-plain64 and password hashing to sha256. * Allow activation (open), luksResume, and luksAddKey to use the volume key stored in a keyring. * Allow to store volume key to a user-specified keyring in open and luksResume commands. * Do not flush IO operations if resize grows the device. This can help performance in specific cases where the encrypted device is extended automatically while running many IO operations. * Use only half of detected free memory for Argon2 PBKDF on systems without swap (for LUKS2 new keyslot or format operations). * Add the possibility to specify a directory for external LUKS2 token handlers (plugins). * Do not allow reencryption/decryption on LUKS2 devices with authenticated encryption or hardware (OPAL) encryption. * Do not fail LUKS format if the operation was interrupted on subsequent device wipe. * Fix the LUKS2 keyslot option to be used while activating the device by a token. * Properly report if the dm-verity device cannot be activated due to the inability to verify the signed root hash (ENOKEY). * Fix to check passphrase for selected keyslot only when adding new keyslot. * Fix to not wipe the keyslot area before in-place overwrite. * bitlk: Fix segfaults when attempting to verify the volume key. * Add --disable-blkid command line option to avoid blkid device check. OBS-URL: https://build.opensuse.org/request/show/1142596 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=192
2024-01-29 18:02:57 +01:00
# Copyright (c) 2024 SUSE LLC
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
#
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=14
2008-08-08 17:19:08 +02:00
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
Accepting request 739355 from home:vitezslav_cizek:branches:security - Create a weak dependency cycle between libcryptsetup and libcryptsetup-hmac to make sure they are installed together (bsc#1090768) OBS-URL: https://build.opensuse.org/request/show/739355 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=151
2019-12-11 16:11:37 +01:00
# Please submit bugfixes or comments via https://bugs.opensuse.org/
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
#
Accepting request 561151 from home:archie172:branches:security - Update to version 2.0.0: * Add support for new on-disk LUKS2 format * Enable to use system libargon2 instead of bundled version * Install tmpfiles.d configuration for LUKS2 locking directory * New command integritysetup: support for the new dm-integrity kernel target * Support for larger sector sizes for crypt devices * Miscellaneous fixes and improvements OBS-URL: https://build.opensuse.org/request/show/561151 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=136
2018-01-09 09:52:58 +01:00
%define so_ver 12
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
Name: cryptsetup
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
Version: 2.7.2
Accepting request 160813 from home:jengelh:branches:security - Remove excessive dependencies of libcryptsetup-devel (it does not require any of these) - Mark 2.6.38 as needed N.B.: You can now use the tilde syntax when procuring beta versions in future, e.g. "Version: 2.0~beta1" OBS-URL: https://build.opensuse.org/request/show/160813 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=101
2013-03-26 12:48:10 +01:00
Release: 0
Accepting request 676570 from home:jengelh:branches:security - Use noun phrase in summary. OBS-URL: https://build.opensuse.org/request/show/676570 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=147
2019-02-18 13:27:45 +01:00
Summary: Setup program for dm-crypt Based Encrypted Block Devices
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
License: CC-BY-SA-4.0 AND LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception
Accepting request 160813 from home:jengelh:branches:security - Remove excessive dependencies of libcryptsetup-devel (it does not require any of these) - Mark 2.6.38 as needed N.B.: You can now use the tilde syntax when procuring beta versions in future, e.g. "Version: 2.0~beta1" OBS-URL: https://build.opensuse.org/request/show/160813 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=101
2013-03-26 12:48:10 +01:00
Group: System/Base
Accepting request 769866 from home:polslinux:branches:security - Update to 2.3.0 (include release notes for 2.2.0) * BITLK (Windows BitLocker compatible) device access * Veritysetup now supports activation with additional PKCS7 signature of root hash through --root-hash-signature option. * Integritysetup now calculates hash integrity size according to algorithm instead of requiring an explicit tag size. * Integritysetup now supports fixed padding for dm-integrity devices. * A lot of fixes to online LUKS2 reecryption. * Add crypt_resume_by_volume_key() function to libcryptsetup. If a user has a volume key available, the LUKS device can be resumed directly using the provided volume key. No keyslot derivation is needed, only the key digest is checked. * Implement active device suspend info. Add CRYPT_ACTIVATE_SUSPENDED bit to crypt_get_active_device() flags that informs the caller that device is suspended (luksSuspend). * Allow --test-passphrase for a detached header. Before this fix, we required a data device specified on the command line even though it was not necessary for the passphrase check. * Allow --key-file option in legacy offline encryption. The option was ignored for LUKS1 encryption initialization. * Export memory safe functions. To make developing of some extensions simpler, we now export functions to handle memory with proper wipe on deallocation. * Fail crypt_keyslot_get_pbkdf for inactive LUKS1 keyslot. * Add optional global serialization lock for memory hard PBKDF. * Abort conversion to LUKS1 with incompatible sector size that is not supported in LUKS1. * Report error (-ENOENT) if no LUKS keyslots are available. User can now distinguish between a wrong passphrase and no keyslot available. * Fix a possible segfault in detached header handling (double free). * Add integritysetup support for bitmap mode introduced in Linux kernel 5.2. * The libcryptsetup now keeps all file descriptors to underlying device open during the whole lifetime of crypt device context to avoid excessive scanning in udev (udev run scan on every descriptor close). * The luksDump command now prints more info for reencryption keyslot (when a device is in-reencryption). * New --device-size parameter is supported for LUKS2 reencryption. * New --resume-only parameter is supported for LUKS2 reencryption. * The repair command now tries LUKS2 reencryption recovery if needed. * If reencryption device is a file image, an interactive dialog now asks if reencryption should be run safely in offline mode (if autodetection of active devices failed). * Fix activation through a token where dm-crypt volume key was not set through keyring (but using old device-mapper table parameter mode). * Online reencryption can now retain all keyslots (if all passphrases are provided). Note that keyslot numbers will change in this case. * Allow volume key file to be used if no LUKS2 keyslots are present. * Print a warning if online reencrypt is called over LUKS1 (not supported). * Fix TCRYPT KDF failure in FIPS mode. * Remove FIPS mode restriction for crypt_volume_key_get. * Reduce keyslots area size in luksFormat when the header device is too small. * Make resize action accept --device-size parameter (supports units suffix). OBS-URL: https://build.opensuse.org/request/show/769866 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=153
2020-02-04 17:53:39 +01:00
URL: https://gitlab.com/cryptsetup/cryptsetup/
Accepting request 1142596 from home:pmonrealgonzalez:branches:security - Update to 2.7.0: * Full changelog in: mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes * Introduce support for hardware OPAL disk encryption. * plain mode: Set default cipher to aes-xts-plain64 and password hashing to sha256. * Allow activation (open), luksResume, and luksAddKey to use the volume key stored in a keyring. * Allow to store volume key to a user-specified keyring in open and luksResume commands. * Do not flush IO operations if resize grows the device. This can help performance in specific cases where the encrypted device is extended automatically while running many IO operations. * Use only half of detected free memory for Argon2 PBKDF on systems without swap (for LUKS2 new keyslot or format operations). * Add the possibility to specify a directory for external LUKS2 token handlers (plugins). * Do not allow reencryption/decryption on LUKS2 devices with authenticated encryption or hardware (OPAL) encryption. * Do not fail LUKS format if the operation was interrupted on subsequent device wipe. * Fix the LUKS2 keyslot option to be used while activating the device by a token. * Properly report if the dm-verity device cannot be activated due to the inability to verify the signed root hash (ENOKEY). * Fix to check passphrase for selected keyslot only when adding new keyslot. * Fix to not wipe the keyslot area before in-place overwrite. * bitlk: Fix segfaults when attempting to verify the volume key. * Add --disable-blkid command line option to avoid blkid device check. OBS-URL: https://build.opensuse.org/request/show/1142596 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=192
2024-01-29 18:02:57 +01:00
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{version}.tar.xz
Accepting request 244329 from home:msmeissn:branches:security - libcryptsetup4-hmac split off contain the hmac for FIPS certification OBS-URL: https://build.opensuse.org/request/show/244329 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=113
2014-08-12 15:38:20 +02:00
# GPG signature of the uncompressed tarball.
Accepting request 1142596 from home:pmonrealgonzalez:branches:security - Update to 2.7.0: * Full changelog in: mirrors.edge.kernel.org/pub/linux/utils/cryptsetup/v2.7/v2.7.0-ReleaseNotes * Introduce support for hardware OPAL disk encryption. * plain mode: Set default cipher to aes-xts-plain64 and password hashing to sha256. * Allow activation (open), luksResume, and luksAddKey to use the volume key stored in a keyring. * Allow to store volume key to a user-specified keyring in open and luksResume commands. * Do not flush IO operations if resize grows the device. This can help performance in specific cases where the encrypted device is extended automatically while running many IO operations. * Use only half of detected free memory for Argon2 PBKDF on systems without swap (for LUKS2 new keyslot or format operations). * Add the possibility to specify a directory for external LUKS2 token handlers (plugins). * Do not allow reencryption/decryption on LUKS2 devices with authenticated encryption or hardware (OPAL) encryption. * Do not fail LUKS format if the operation was interrupted on subsequent device wipe. * Fix the LUKS2 keyslot option to be used while activating the device by a token. * Properly report if the dm-verity device cannot be activated due to the inability to verify the signed root hash (ENOKEY). * Fix to check passphrase for selected keyslot only when adding new keyslot. * Fix to not wipe the keyslot area before in-place overwrite. * bitlk: Fix segfaults when attempting to verify the volume key. * Add --disable-blkid command line option to avoid blkid device check. OBS-URL: https://build.opensuse.org/request/show/1142596 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=192
2024-01-29 18:02:57 +01:00
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{version}.tar.sign
Accepting request 160813 from home:jengelh:branches:security - Remove excessive dependencies of libcryptsetup-devel (it does not require any of these) - Mark 2.6.38 as needed N.B.: You can now use the tilde syntax when procuring beta versions in future, e.g. "Version: 2.0~beta1" OBS-URL: https://build.opensuse.org/request/show/160813 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=101
2013-03-26 12:48:10 +01:00
Source2: baselibs.conf
Accepting request 645498 from home:lnussel:branches:security - Suggest hmac package (boo#1090768) - remove old upgrade hack for upgrades from 12.1 - New version 2.0.5 Changes since version 2.0.4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Wipe full header areas (including unused) during LUKS format. Since this version, the whole area up to the data offset is zeroed, and subsequently, all keyslots areas are wiped with random data. This ensures that no remaining old data remains in the LUKS header areas, but it could slow down format operation on some devices. Previously only first 4k (or 32k for LUKS2) and the used keyslot was overwritten in the format operation. * Several fixes to error messages that were unintentionally replaced in previous versions with a silent exit code. More descriptive error messages were added, including error messages if - a device is unusable (not a block device, no access, etc.), - a LUKS device is not detected, - LUKS header load code detects unsupported version, - a keyslot decryption fails (also happens in the cipher check), - converting an inactive keyslot. * Device activation fails if data area overlaps with LUKS header. * Code now uses explicit_bzero to wipe memory if available (instead of own implementation). * Additional VeraCrypt modes are now supported, including Camellia and Kuznyechik symmetric ciphers (and cipher chains) and Streebog hash function. These were introduced in a recent VeraCrypt upstream. Note that Kuznyechik requires out-of-tree kernel module and Streebog hash function is available only with the gcrypt cryptographic backend for now. OBS-URL: https://build.opensuse.org/request/show/645498 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
Source3: cryptsetup.keyring
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
# FAQ.md is CC-BY-SA-4.0
Source4: https://creativecommons.org/licenses/by-sa/4.0/legalcode.txt#/cc-by-sa-4.0.txt
Accepting request 160813 from home:jengelh:branches:security - Remove excessive dependencies of libcryptsetup-devel (it does not require any of these) - Mark 2.6.38 as needed N.B.: You can now use the tilde syntax when procuring beta versions in future, e.g. "Version: 2.0~beta1" OBS-URL: https://build.opensuse.org/request/show/160813 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=101
2013-03-26 12:48:10 +01:00
# 2.6.38 has the required if_alg.h
BuildRequires: linux-glibc-devel >= 2.6.38
cryptsetup developers use a special exception to link against openSSL OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=89
2012-07-10 08:28:35 +02:00
BuildRequires: pkgconfig
Accepting request 295595 from home:elvigia:branches:security - Enable verbose build log. - regenerate the initrd if cryptsetup tool changes (wanted by 90crypt dracut module) OBS-URL: https://build.opensuse.org/request/show/295595 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=122
2015-04-13 11:46:51 +02:00
BuildRequires: suse-module-tools
fix OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=142
2018-08-21 11:23:54 +02:00
BuildRequires: pkgconfig(blkid)
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
BuildRequires: pkgconfig(devmapper)
BuildRequires: pkgconfig(json-c)
Accepting request 574741 from home:AndreasStieger:branches:security untested 2.0.1 OBS-URL: https://build.opensuse.org/request/show/574741 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=139
2018-02-09 16:48:12 +01:00
BuildRequires: pkgconfig(libargon2)
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
BuildRequires: pkgconfig(libselinux)
- crypsetup 2.4.0~rc1 * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id * Increase minimal memory cost for Argon2 benchmark to 64MiB. * Autodetect optimal encryption sector size on LUKS2 format. * Use VeraCrypt option by default and add --disable-veracrypt option. * Support --hash and --cipher to limit opening time for TCRYPT type * Fixed default OpenSSL crypt backend support for OpenSSL3. * integritysetup: add integrity-recalculate-reset flag. * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. * Fix cryptsetup resize using LUKS2 tokens. * Add close --deferred and --cancel-deferred options. * Rewritten command-line option parsing to avoid libpopt arguments memory leaks. * Add --test-args option. - switch to LUKS2 default format OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=170
2021-08-02 17:10:27 +02:00
BuildRequires: pkgconfig(libssh)
Accepting request 878732 from home:AndreasStieger:branches:security cryptsetup 2.3.5 OBS-URL: https://build.opensuse.org/request/show/878732 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=167
2021-03-15 08:59:10 +01:00
BuildRequires: pkgconfig(openssl)
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
BuildRequires: pkgconfig(popt)
BuildRequires: pkgconfig(pwquality)
BuildRequires: pkgconfig(uuid)
Accepting request 999046 from home:lnussel:branches:security - cryptsetup 2.5.0: * Split manual pages into per-action pages and use AsciiDoc format. * Remove cryptsetup-reencrypt tool from the project and move reencryption to already existing "cryptsetup reencrypt" command. If you need to emulate the old cryptsetup-reencrypt binary, use simple wrappers script running "exec cryptsetup reencrypt $@". * LUKS2: implement --decryption option that allows LUKS removal. * Fix decryption operation with --active-name option and restrict it to be used only with LUKS2. * Do not refresh reencryption digest when not needed. This should speed up the reencryption resume process. * Store proper resilience data in LUKS2 reencrypt initialization. Resuming reencryption now does not require specification of resilience type parameters if these are the same as during initialization. * Properly wipe the unused area after reencryption with datashift in the forward direction. * Check datashift value against larger sector size. For example, it could cause an issue if misaligned 4K sector appears during decryption. * Do not allow sector size increase reencryption in offline mode. * Do not allow dangerous sector size change during reencryption. * Ask the user for confirmation before resuming reencryption. * Do not resume reencryption with conflicting parameters. * Add --force-offline-reencrypt option. * Do not allow nested encryption in LUKS reencrypt. * Support all options allowed with luksFormat with encrypt action. * Add resize action to integritysetup. * Remove obsolete dracut plugin reencryption example. * Fix possible keyslot area size overflow during conversion to LUKS2. * Allow use of --header option for cryptsetup close. OBS-URL: https://build.opensuse.org/request/show/999046 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=178
2022-08-24 13:32:11 +02:00
BuildRequires: rubygem(asciidoctor)
Accepting request 878732 from home:AndreasStieger:branches:security cryptsetup 2.3.5 OBS-URL: https://build.opensuse.org/request/show/878732 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=167
2021-03-15 08:59:10 +01:00
Requires(post): coreutils
Accepting request 1157608 from home:pmonrealgonzalez:branches:security - Update to 2.7.1: * Fix interrupted LUKS1 decryption resume. With the replacement of the cryptsetup-reencrypt tool by the cryptsetup reencrypt command, resuming the interrupted LUKS1 decryption operation could fail. LUKS2 was not affected. * Allow --link-vk-to-keyring with --test-passphrase option. This option allows uploading the volume key in a user-specified kernel keyring without activating the device. * Fix crash when --active-name was used in decryption initialization. * Updates and changes to man pages, including indentation, sorting options alphabetically, fixing mistakes in crypt_set_keyring_to_link, and fixing some typos. * Fix compilation with libargon2 when --disable-internal-argon2 was used. * Do not require installed argon2.h header and never compile internal libargon2 code if the crypto library directly supports Argon2. * Fixes to regression tests to support older Linux distributions. OBS-URL: https://build.opensuse.org/request/show/1157608 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=194
2024-03-15 12:46:26 +01:00
Requires(postun): coreutils
Accepting request 1003354 from home:bluca:branches:security - Add virtual provides for 'integritysetup' and 'veritysetup' to match package names provided by Fedora/RHEL, to allow the same set of dependencies to be used across all RPM distributions. OBS-URL: https://build.opensuse.org/request/show/1003354 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=180
2022-09-14 09:18:13 +02:00
Provides: integritysetup = %{version}-%{release}
Provides: veritysetup = %{version}-%{release}
merge OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=171
2021-08-02 17:43:50 +02:00
%if %{?suse_version} >= 1550
# LUKS2 used as default format, which GRUB < 2.06 can't read
Conflicts: grub2 < 2.06
%endif
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
- Split translations to -lang package OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=156
2020-04-02 16:37:41 +02:00
%lang_package(cryptsetup)
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
%description
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=4
2007-08-27 17:34:37 +02:00
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
Accepting request 294152 from home:pluskalm:branches:security - Update to 1.6.7 OBS-URL: https://build.opensuse.org/request/show/294152 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=120
2015-04-08 14:54:34 +02:00
time via the config file %{_sysconfdir}/crypttab.
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
- crypsetup 2.4.0~rc1 * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id * Increase minimal memory cost for Argon2 benchmark to 64MiB. * Autodetect optimal encryption sector size on LUKS2 format. * Use VeraCrypt option by default and add --disable-veracrypt option. * Support --hash and --cipher to limit opening time for TCRYPT type * Fixed default OpenSSL crypt backend support for OpenSSL3. * integritysetup: add integrity-recalculate-reset flag. * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. * Fix cryptsetup resize using LUKS2 tokens. * Add close --deferred and --cancel-deferred options. * Rewritten command-line option parsing to avoid libpopt arguments memory leaks. * Add --test-args option. - switch to LUKS2 default format OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=170
2021-08-02 17:10:27 +02:00
%package ssh
Summary: Cryptsetup LUKS2 SSH token
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception
- crypsetup 2.4.0~rc1 * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id * Increase minimal memory cost for Argon2 benchmark to 64MiB. * Autodetect optimal encryption sector size on LUKS2 format. * Use VeraCrypt option by default and add --disable-veracrypt option. * Support --hash and --cipher to limit opening time for TCRYPT type * Fixed default OpenSSL crypt backend support for OpenSSL3. * integritysetup: add integrity-recalculate-reset flag. * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. * Fix cryptsetup resize using LUKS2 tokens. * Add close --deferred and --cancel-deferred options. * Rewritten command-line option parsing to avoid libpopt arguments memory leaks. * Add --test-args option. - switch to LUKS2 default format OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=170
2021-08-02 17:10:27 +02:00
Group: System/Base
%description ssh
Experimental cryptsetup plugin for unlocking LUKS2 devices with
token connected to an SSH server.
Accepting request 999046 from home:lnussel:branches:security - cryptsetup 2.5.0: * Split manual pages into per-action pages and use AsciiDoc format. * Remove cryptsetup-reencrypt tool from the project and move reencryption to already existing "cryptsetup reencrypt" command. If you need to emulate the old cryptsetup-reencrypt binary, use simple wrappers script running "exec cryptsetup reencrypt $@". * LUKS2: implement --decryption option that allows LUKS removal. * Fix decryption operation with --active-name option and restrict it to be used only with LUKS2. * Do not refresh reencryption digest when not needed. This should speed up the reencryption resume process. * Store proper resilience data in LUKS2 reencrypt initialization. Resuming reencryption now does not require specification of resilience type parameters if these are the same as during initialization. * Properly wipe the unused area after reencryption with datashift in the forward direction. * Check datashift value against larger sector size. For example, it could cause an issue if misaligned 4K sector appears during decryption. * Do not allow sector size increase reencryption in offline mode. * Do not allow dangerous sector size change during reencryption. * Ask the user for confirmation before resuming reencryption. * Do not resume reencryption with conflicting parameters. * Add --force-offline-reencrypt option. * Do not allow nested encryption in LUKS reencrypt. * Support all options allowed with luksFormat with encrypt action. * Add resize action to integritysetup. * Remove obsolete dracut plugin reencryption example. * Fix possible keyslot area size overflow during conversion to LUKS2. * Allow use of --header option for cryptsetup close. OBS-URL: https://build.opensuse.org/request/show/999046 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=178
2022-08-24 13:32:11 +02:00
%package doc
Summary: Cryptsetup Documentation
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
License: CC-BY-SA-4.0 AND LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception
Accepting request 999046 from home:lnussel:branches:security - cryptsetup 2.5.0: * Split manual pages into per-action pages and use AsciiDoc format. * Remove cryptsetup-reencrypt tool from the project and move reencryption to already existing "cryptsetup reencrypt" command. If you need to emulate the old cryptsetup-reencrypt binary, use simple wrappers script running "exec cryptsetup reencrypt $@". * LUKS2: implement --decryption option that allows LUKS removal. * Fix decryption operation with --active-name option and restrict it to be used only with LUKS2. * Do not refresh reencryption digest when not needed. This should speed up the reencryption resume process. * Store proper resilience data in LUKS2 reencrypt initialization. Resuming reencryption now does not require specification of resilience type parameters if these are the same as during initialization. * Properly wipe the unused area after reencryption with datashift in the forward direction. * Check datashift value against larger sector size. For example, it could cause an issue if misaligned 4K sector appears during decryption. * Do not allow sector size increase reencryption in offline mode. * Do not allow dangerous sector size change during reencryption. * Ask the user for confirmation before resuming reencryption. * Do not resume reencryption with conflicting parameters. * Add --force-offline-reencrypt option. * Do not allow nested encryption in LUKS reencrypt. * Support all options allowed with luksFormat with encrypt action. * Add resize action to integritysetup. * Remove obsolete dracut plugin reencryption example. * Fix possible keyslot area size overflow during conversion to LUKS2. * Allow use of --header option for cryptsetup close. OBS-URL: https://build.opensuse.org/request/show/999046 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=178
2022-08-24 13:32:11 +02:00
Group: Documentation/Man
Supplements: (cryptsetup and man)
Supplements: (cryptsetup and patterns-base-documentation)
Accepting request 1093121 from home:pmonrealgonzalez:branches:security - Enable running the regression test suite. - Force a regeneration of the man pages from AsciiDoc. - Add LUKS1 and LUKS2 On-Disk Format Specification pdfs to doc. - FIPS: Remove not needed libcryptsetup12-hmac package that contains the HMAC checksums for integrity checking for FIPS. [bsc#1185116] * Remove the cryptsetup-rpmlintrc file. * Remove not needed fipscheck dependency. OBS-URL: https://build.opensuse.org/request/show/1093121 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=188
2023-06-15 14:05:44 +02:00
BuildArch: noarch
Accepting request 999046 from home:lnussel:branches:security - cryptsetup 2.5.0: * Split manual pages into per-action pages and use AsciiDoc format. * Remove cryptsetup-reencrypt tool from the project and move reencryption to already existing "cryptsetup reencrypt" command. If you need to emulate the old cryptsetup-reencrypt binary, use simple wrappers script running "exec cryptsetup reencrypt $@". * LUKS2: implement --decryption option that allows LUKS removal. * Fix decryption operation with --active-name option and restrict it to be used only with LUKS2. * Do not refresh reencryption digest when not needed. This should speed up the reencryption resume process. * Store proper resilience data in LUKS2 reencrypt initialization. Resuming reencryption now does not require specification of resilience type parameters if these are the same as during initialization. * Properly wipe the unused area after reencryption with datashift in the forward direction. * Check datashift value against larger sector size. For example, it could cause an issue if misaligned 4K sector appears during decryption. * Do not allow sector size increase reencryption in offline mode. * Do not allow dangerous sector size change during reencryption. * Ask the user for confirmation before resuming reencryption. * Do not resume reencryption with conflicting parameters. * Add --force-offline-reencrypt option. * Do not allow nested encryption in LUKS reencrypt. * Support all options allowed with luksFormat with encrypt action. * Add resize action to integritysetup. * Remove obsolete dracut plugin reencryption example. * Fix possible keyslot area size overflow during conversion to LUKS2. * Allow use of --header option for cryptsetup close. OBS-URL: https://build.opensuse.org/request/show/999046 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=178
2022-08-24 13:32:11 +02:00
%description doc
Documentation and man pages for cryptsetup
Accepting request 244369 from home:adra:branches:security version 1.6.5, Updated build requirements OBS-URL: https://build.opensuse.org/request/show/244369 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=114
2014-08-13 09:59:19 +02:00
%package -n libcryptsetup%{so_ver}
Accepting request 676570 from home:jengelh:branches:security - Use noun phrase in summary. OBS-URL: https://build.opensuse.org/request/show/676570 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=147
2019-02-18 13:27:45 +01:00
Summary: Library for setting up dm-crypt Based Encrypted Block Devices
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception
Accepting request 244369 from home:adra:branches:security version 1.6.5, Updated build requirements OBS-URL: https://build.opensuse.org/request/show/244369 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=114
2014-08-13 09:59:19 +02:00
Group: System/Libraries
Accepting request 1093121 from home:pmonrealgonzalez:branches:security - Enable running the regression test suite. - Force a regeneration of the man pages from AsciiDoc. - Add LUKS1 and LUKS2 On-Disk Format Specification pdfs to doc. - FIPS: Remove not needed libcryptsetup12-hmac package that contains the HMAC checksums for integrity checking for FIPS. [bsc#1185116] * Remove the cryptsetup-rpmlintrc file. * Remove not needed fipscheck dependency. OBS-URL: https://build.opensuse.org/request/show/1093121 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=188
2023-06-15 14:05:44 +02:00
Provides: libcryptsetup%{so_ver}-hmac = %{version}
Obsoletes: libcryptsetup%{so_ver}-hmac < %{version}
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=18
2008-09-15 16:32:21 +02:00
Accepting request 244369 from home:adra:branches:security version 1.6.5, Updated build requirements OBS-URL: https://build.opensuse.org/request/show/244369 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=114
2014-08-13 09:59:19 +02:00
%description -n libcryptsetup%{so_ver}
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=18
2008-09-15 16:32:21 +02:00
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
Accepting request 294152 from home:pluskalm:branches:security - Update to 1.6.7 OBS-URL: https://build.opensuse.org/request/show/294152 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=120
2015-04-08 14:54:34 +02:00
time via the config file %{_sysconfdir}/crypttab.
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=18
2008-09-15 16:32:21 +02:00
Accepting request 645498 from home:lnussel:branches:security - Suggest hmac package (boo#1090768) - remove old upgrade hack for upgrades from 12.1 - New version 2.0.5 Changes since version 2.0.4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Wipe full header areas (including unused) during LUKS format. Since this version, the whole area up to the data offset is zeroed, and subsequently, all keyslots areas are wiped with random data. This ensures that no remaining old data remains in the LUKS header areas, but it could slow down format operation on some devices. Previously only first 4k (or 32k for LUKS2) and the used keyslot was overwritten in the format operation. * Several fixes to error messages that were unintentionally replaced in previous versions with a silent exit code. More descriptive error messages were added, including error messages if - a device is unusable (not a block device, no access, etc.), - a LUKS device is not detected, - LUKS header load code detects unsupported version, - a keyslot decryption fails (also happens in the cipher check), - converting an inactive keyslot. * Device activation fails if data area overlaps with LUKS header. * Code now uses explicit_bzero to wipe memory if available (instead of own implementation). * Additional VeraCrypt modes are now supported, including Camellia and Kuznyechik symmetric ciphers (and cipher chains) and Streebog hash function. These were introduced in a recent VeraCrypt upstream. Note that Kuznyechik requires out-of-tree kernel module and Streebog hash function is available only with the gcrypt cryptographic backend for now. OBS-URL: https://build.opensuse.org/request/show/645498 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
%package -n lib%{name}-devel
Accepting request 676570 from home:jengelh:branches:security - Use noun phrase in summary. OBS-URL: https://build.opensuse.org/request/show/676570 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=147
2019-02-18 13:27:45 +01:00
Summary: Header files for libcryptsetup
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
# cryptsetup-devel last used 11.1
License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=18
2008-09-15 16:32:21 +02:00
Group: Development/Libraries/C and C++
Accepting request 244369 from home:adra:branches:security version 1.6.5, Updated build requirements OBS-URL: https://build.opensuse.org/request/show/244369 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=114
2014-08-13 09:59:19 +02:00
Requires: glibc-devel
Requires: libcryptsetup%{so_ver} = %{version}
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=18
2008-09-15 16:32:21 +02:00
Provides: cryptsetup-devel = %{version}
Obsoletes: cryptsetup-devel < %{version}
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
Accepting request 645498 from home:lnussel:branches:security - Suggest hmac package (boo#1090768) - remove old upgrade hack for upgrades from 12.1 - New version 2.0.5 Changes since version 2.0.4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Wipe full header areas (including unused) during LUKS format. Since this version, the whole area up to the data offset is zeroed, and subsequently, all keyslots areas are wiped with random data. This ensures that no remaining old data remains in the LUKS header areas, but it could slow down format operation on some devices. Previously only first 4k (or 32k for LUKS2) and the used keyslot was overwritten in the format operation. * Several fixes to error messages that were unintentionally replaced in previous versions with a silent exit code. More descriptive error messages were added, including error messages if - a device is unusable (not a block device, no access, etc.), - a LUKS device is not detected, - LUKS header load code detects unsupported version, - a keyslot decryption fails (also happens in the cipher check), - converting an inactive keyslot. * Device activation fails if data area overlaps with LUKS header. * Code now uses explicit_bzero to wipe memory if available (instead of own implementation). * Additional VeraCrypt modes are now supported, including Camellia and Kuznyechik symmetric ciphers (and cipher chains) and Streebog hash function. These were introduced in a recent VeraCrypt upstream. Note that Kuznyechik requires out-of-tree kernel module and Streebog hash function is available only with the gcrypt cryptographic backend for now. OBS-URL: https://build.opensuse.org/request/show/645498 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
%description -n lib%{name}-devel
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=4
2007-08-27 17:34:37 +02:00
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
Accepting request 294152 from home:pluskalm:branches:security - Update to 1.6.7 OBS-URL: https://build.opensuse.org/request/show/294152 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=120
2015-04-08 14:54:34 +02:00
time via the config file %{_sysconfdir}/crypttab.
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
%prep
Accepting request 1064729 from home:AndreasStieger:branches:security cryptsetup 2.6.1 OBS-URL: https://build.opensuse.org/request/show/1064729 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=186
2023-02-12 22:21:51 +01:00
%autosetup -p1
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
cp -v %{SOURCE4} .
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
%build
Accepting request 1093121 from home:pmonrealgonzalez:branches:security - Enable running the regression test suite. - Force a regeneration of the man pages from AsciiDoc. - Add LUKS1 and LUKS2 On-Disk Format Specification pdfs to doc. - FIPS: Remove not needed libcryptsetup12-hmac package that contains the HMAC checksums for integrity checking for FIPS. [bsc#1185116] * Remove the cryptsetup-rpmlintrc file. * Remove not needed fipscheck dependency. OBS-URL: https://build.opensuse.org/request/show/1093121 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=188
2023-06-15 14:05:44 +02:00
# force regeneration of manual pages from AsciiDoc
rm -f man/*.8
Accepting request 480910 from home:pluskalm:branches:security - Update to version 1.7.4: OBS-URL: https://build.opensuse.org/request/show/480910 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=132
2017-03-21 12:44:43 +01:00
%configure \
--enable-selinux \
--enable-fips \
--enable-pwquality \
Accepting request 561151 from home:archie172:branches:security - Update to version 2.0.0: * Add support for new on-disk LUKS2 format * Enable to use system libargon2 instead of bundled version * Install tmpfiles.d configuration for LUKS2 locking directory * New command integritysetup: support for the new dm-integrity kernel target * Support for larger sector sizes for crypt devices * Miscellaneous fixes and improvements OBS-URL: https://build.opensuse.org/request/show/561151 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=136
2018-01-09 09:52:58 +01:00
--enable-gcrypt-pbkdf2 \
--enable-libargon2 \
merge OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=171
2021-08-02 17:43:50 +02:00
%if %{?suse_version} < 1550
--with-default-luks-format=LUKS1 \
%endif
Accepting request 561151 from home:archie172:branches:security - Update to version 2.0.0: * Add support for new on-disk LUKS2 format * Enable to use system libargon2 instead of bundled version * Install tmpfiles.d configuration for LUKS2 locking directory * New command integritysetup: support for the new dm-integrity kernel target * Support for larger sector sizes for crypt devices * Miscellaneous fixes and improvements OBS-URL: https://build.opensuse.org/request/show/561151 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=136
2018-01-09 09:52:58 +01:00
--with-luks2-lock-path=/run/cryptsetup \
--with-tmpfilesdir='%{_tmpfilesdir}'
Accepting request 878732 from home:AndreasStieger:branches:security cryptsetup 2.3.5 OBS-URL: https://build.opensuse.org/request/show/878732 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=167
2021-03-15 08:59:10 +01:00
%make_build
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
%install
Accepting request 235564 from home:msmeissn:branches:security - version 1.6.4 - new tarball / signature location * Implement new erase (with alias luksErase) command. * Add internal "whirlpool_gcryptbug hash" for accessing flawed Whirlpool hash in gcrypt (requires gcrypt 1.6.1 or above). * Allow to use --disable-gcrypt-pbkdf2 during configuration to force use internal PBKDF2 code. * Require gcrypt 1.6.1 for imported implementation of PBKDF2 (PBKDF2 in gcrypt 1.6.0 is too slow). * Add --keep-key to cryptsetup-reencrypt. * By default verify new passphrase in luksChangeKey and luksAddKey commands (if input is from terminal). * Fix memory leak in Nettle crypto backend. * Support --tries option even for TCRYPT devices in cryptsetup. * Support --allow-discards option even for TCRYPT devices. (Note that this could destroy hidden volume and it is not suggested by original TrueCrypt security model.) * Link against -lrt for clock_gettime to fix undefined reference to clock_gettime error (introduced in 1.6.2). * Fix misleading error message when some algorithms are not available. * Count system time in PBKDF2 benchmark if kernel returns no self usage info. OBS-URL: https://build.opensuse.org/request/show/235564 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=111
2014-07-08 13:55:23 +02:00
Accepting request 480910 from home:pluskalm:branches:security - Update to version 1.7.4: OBS-URL: https://build.opensuse.org/request/show/480910 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=132
2017-03-21 12:44:43 +01:00
%make_install
Accepting request 1052843 from home:lnussel:usrmerge Replace transitional %usrmerged macro with regular version check (boo#1206798) OBS-URL: https://build.opensuse.org/request/show/1052843 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=184
2023-01-04 17:08:29 +01:00
%if 0%{?suse_version} < 1550
Accepting request 244369 from home:adra:branches:security version 1.6.5, Updated build requirements OBS-URL: https://build.opensuse.org/request/show/244369 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=114
2014-08-13 09:59:19 +02:00
install -dm 0755 %{buildroot}/sbin
Accepting request 999046 from home:lnussel:branches:security - cryptsetup 2.5.0: * Split manual pages into per-action pages and use AsciiDoc format. * Remove cryptsetup-reencrypt tool from the project and move reencryption to already existing "cryptsetup reencrypt" command. If you need to emulate the old cryptsetup-reencrypt binary, use simple wrappers script running "exec cryptsetup reencrypt $@". * LUKS2: implement --decryption option that allows LUKS removal. * Fix decryption operation with --active-name option and restrict it to be used only with LUKS2. * Do not refresh reencryption digest when not needed. This should speed up the reencryption resume process. * Store proper resilience data in LUKS2 reencrypt initialization. Resuming reencryption now does not require specification of resilience type parameters if these are the same as during initialization. * Properly wipe the unused area after reencryption with datashift in the forward direction. * Check datashift value against larger sector size. For example, it could cause an issue if misaligned 4K sector appears during decryption. * Do not allow sector size increase reencryption in offline mode. * Do not allow dangerous sector size change during reencryption. * Ask the user for confirmation before resuming reencryption. * Do not resume reencryption with conflicting parameters. * Add --force-offline-reencrypt option. * Do not allow nested encryption in LUKS reencrypt. * Support all options allowed with luksFormat with encrypt action. * Add resize action to integritysetup. * Remove obsolete dracut plugin reencryption example. * Fix possible keyslot area size overflow during conversion to LUKS2. * Allow use of --header option for cryptsetup close. OBS-URL: https://build.opensuse.org/request/show/999046 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=178
2022-08-24 13:32:11 +02:00
ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin
Accepting request 849583 from home:lnussel:usrmove - prepare usrmerge (boo#1029961) OBS-URL: https://build.opensuse.org/request/show/849583 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=162
2020-11-20 10:26:02 +01:00
%endif
osc copypac from project:security package:cryptsetup revision:79 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=81
2012-02-10 13:56:38 +01:00
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
Accepting request 294152 from home:pluskalm:branches:security - Update to 1.6.7 OBS-URL: https://build.opensuse.org/request/show/294152 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=120
2015-04-08 14:54:34 +02:00
find %{buildroot} -type f -name "*.la" -delete -print
Accepting request 1093121 from home:pmonrealgonzalez:branches:security - Enable running the regression test suite. - Force a regeneration of the man pages from AsciiDoc. - Add LUKS1 and LUKS2 On-Disk Format Specification pdfs to doc. - FIPS: Remove not needed libcryptsetup12-hmac package that contains the HMAC checksums for integrity checking for FIPS. [bsc#1185116] * Remove the cryptsetup-rpmlintrc file. * Remove not needed fipscheck dependency. OBS-URL: https://build.opensuse.org/request/show/1093121 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=188
2023-06-15 14:05:44 +02:00
Accepting request 244369 from home:adra:branches:security version 1.6.5, Updated build requirements OBS-URL: https://build.opensuse.org/request/show/244369 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=114
2014-08-13 09:59:19 +02:00
%find_lang %{name} --all-name
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
Accepting request 1093121 from home:pmonrealgonzalez:branches:security - Enable running the regression test suite. - Force a regeneration of the man pages from AsciiDoc. - Add LUKS1 and LUKS2 On-Disk Format Specification pdfs to doc. - FIPS: Remove not needed libcryptsetup12-hmac package that contains the HMAC checksums for integrity checking for FIPS. [bsc#1185116] * Remove the cryptsetup-rpmlintrc file. * Remove not needed fipscheck dependency. OBS-URL: https://build.opensuse.org/request/show/1093121 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=188
2023-06-15 14:05:44 +02:00
%check
%make_build check
Accepting request 645498 from home:lnussel:branches:security - Suggest hmac package (boo#1090768) - remove old upgrade hack for upgrades from 12.1 - New version 2.0.5 Changes since version 2.0.4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Wipe full header areas (including unused) during LUKS format. Since this version, the whole area up to the data offset is zeroed, and subsequently, all keyslots areas are wiped with random data. This ensures that no remaining old data remains in the LUKS header areas, but it could slow down format operation on some devices. Previously only first 4k (or 32k for LUKS2) and the used keyslot was overwritten in the format operation. * Several fixes to error messages that were unintentionally replaced in previous versions with a silent exit code. More descriptive error messages were added, including error messages if - a device is unusable (not a block device, no access, etc.), - a LUKS device is not detected, - LUKS header load code detects unsupported version, - a keyslot decryption fails (also happens in the cipher check), - converting an inactive keyslot. * Device activation fails if data area overlaps with LUKS header. * Code now uses explicit_bzero to wipe memory if available (instead of own implementation). * Additional VeraCrypt modes are now supported, including Camellia and Kuznyechik symmetric ciphers (and cipher chains) and Streebog hash function. These were introduced in a recent VeraCrypt upstream. Note that Kuznyechik requires out-of-tree kernel module and Streebog hash function is available only with the gcrypt cryptographic backend for now. OBS-URL: https://build.opensuse.org/request/show/645498 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
%post
Accepting request 295595 from home:elvigia:branches:security - Enable verbose build log. - regenerate the initrd if cryptsetup tool changes (wanted by 90crypt dracut module) OBS-URL: https://build.opensuse.org/request/show/295595 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=122
2015-04-13 11:46:51 +02:00
%{?regenerate_initrd_post}
Accepting request 645498 from home:lnussel:branches:security - Suggest hmac package (boo#1090768) - remove old upgrade hack for upgrades from 12.1 - New version 2.0.5 Changes since version 2.0.4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Wipe full header areas (including unused) during LUKS format. Since this version, the whole area up to the data offset is zeroed, and subsequently, all keyslots areas are wiped with random data. This ensures that no remaining old data remains in the LUKS header areas, but it could slow down format operation on some devices. Previously only first 4k (or 32k for LUKS2) and the used keyslot was overwritten in the format operation. * Several fixes to error messages that were unintentionally replaced in previous versions with a silent exit code. More descriptive error messages were added, including error messages if - a device is unusable (not a block device, no access, etc.), - a LUKS device is not detected, - LUKS header load code detects unsupported version, - a keyslot decryption fails (also happens in the cipher check), - converting an inactive keyslot. * Device activation fails if data area overlaps with LUKS header. * Code now uses explicit_bzero to wipe memory if available (instead of own implementation). * Additional VeraCrypt modes are now supported, including Camellia and Kuznyechik symmetric ciphers (and cipher chains) and Streebog hash function. These were introduced in a recent VeraCrypt upstream. Note that Kuznyechik requires out-of-tree kernel module and Streebog hash function is available only with the gcrypt cryptographic backend for now. OBS-URL: https://build.opensuse.org/request/show/645498 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
%tmpfiles_create %{_tmpfilesdir}/cryptsetup.conf
Accepting request 349019 from home:tiwai:branches:security - Fix missing dependency on coreutils for initrd macros (boo#958562) - Call missing initrd macro at postun (boo#958562) OBS-URL: https://build.opensuse.org/request/show/349019 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=126
2015-12-21 12:53:09 +01:00
%postun
%{?regenerate_initrd_post}
Accepting request 295595 from home:elvigia:branches:security - Enable verbose build log. - regenerate the initrd if cryptsetup tool changes (wanted by 90crypt dracut module) OBS-URL: https://build.opensuse.org/request/show/295595 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=122
2015-04-13 11:46:51 +02:00
%posttrans
%{?regenerate_initrd_posttrans}
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
%ldconfig_scriptlets -n libcryptsetup%{so_ver}
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=18
2008-09-15 16:32:21 +02:00
- Split translations to -lang package OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=156
2020-04-02 16:37:41 +02:00
%files
Accepting request 878732 from home:AndreasStieger:branches:security cryptsetup 2.3.5 OBS-URL: https://build.opensuse.org/request/show/878732 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=167
2021-03-15 08:59:10 +01:00
%license COPYING*
Accepting request 1052843 from home:lnussel:usrmerge Replace transitional %usrmerged macro with regular version check (boo#1206798) OBS-URL: https://build.opensuse.org/request/show/1052843 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=184
2023-01-04 17:08:29 +01:00
%if 0%{?suse_version} < 1550
Accepting request 999046 from home:lnussel:branches:security - cryptsetup 2.5.0: * Split manual pages into per-action pages and use AsciiDoc format. * Remove cryptsetup-reencrypt tool from the project and move reencryption to already existing "cryptsetup reencrypt" command. If you need to emulate the old cryptsetup-reencrypt binary, use simple wrappers script running "exec cryptsetup reencrypt $@". * LUKS2: implement --decryption option that allows LUKS removal. * Fix decryption operation with --active-name option and restrict it to be used only with LUKS2. * Do not refresh reencryption digest when not needed. This should speed up the reencryption resume process. * Store proper resilience data in LUKS2 reencrypt initialization. Resuming reencryption now does not require specification of resilience type parameters if these are the same as during initialization. * Properly wipe the unused area after reencryption with datashift in the forward direction. * Check datashift value against larger sector size. For example, it could cause an issue if misaligned 4K sector appears during decryption. * Do not allow sector size increase reencryption in offline mode. * Do not allow dangerous sector size change during reencryption. * Ask the user for confirmation before resuming reencryption. * Do not resume reencryption with conflicting parameters. * Add --force-offline-reencrypt option. * Do not allow nested encryption in LUKS reencrypt. * Support all options allowed with luksFormat with encrypt action. * Add resize action to integritysetup. * Remove obsolete dracut plugin reencryption example. * Fix possible keyslot area size overflow during conversion to LUKS2. * Allow use of --header option for cryptsetup close. OBS-URL: https://build.opensuse.org/request/show/999046 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=178
2022-08-24 13:32:11 +02:00
/sbin/cryptsetup
Accepting request 849583 from home:lnussel:usrmove - prepare usrmerge (boo#1029961) OBS-URL: https://build.opensuse.org/request/show/849583 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=162
2020-11-20 10:26:02 +01:00
%endif
Accepting request 999046 from home:lnussel:branches:security - cryptsetup 2.5.0: * Split manual pages into per-action pages and use AsciiDoc format. * Remove cryptsetup-reencrypt tool from the project and move reencryption to already existing "cryptsetup reencrypt" command. If you need to emulate the old cryptsetup-reencrypt binary, use simple wrappers script running "exec cryptsetup reencrypt $@". * LUKS2: implement --decryption option that allows LUKS removal. * Fix decryption operation with --active-name option and restrict it to be used only with LUKS2. * Do not refresh reencryption digest when not needed. This should speed up the reencryption resume process. * Store proper resilience data in LUKS2 reencrypt initialization. Resuming reencryption now does not require specification of resilience type parameters if these are the same as during initialization. * Properly wipe the unused area after reencryption with datashift in the forward direction. * Check datashift value against larger sector size. For example, it could cause an issue if misaligned 4K sector appears during decryption. * Do not allow sector size increase reencryption in offline mode. * Do not allow dangerous sector size change during reencryption. * Ask the user for confirmation before resuming reencryption. * Do not resume reencryption with conflicting parameters. * Add --force-offline-reencrypt option. * Do not allow nested encryption in LUKS reencrypt. * Support all options allowed with luksFormat with encrypt action. * Add resize action to integritysetup. * Remove obsolete dracut plugin reencryption example. * Fix possible keyslot area size overflow during conversion to LUKS2. * Allow use of --header option for cryptsetup close. OBS-URL: https://build.opensuse.org/request/show/999046 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=178
2022-08-24 13:32:11 +02:00
%{_sbindir}/cryptsetup
%{_sbindir}/veritysetup
%{_sbindir}/integritysetup
Accepting request 561151 from home:archie172:branches:security - Update to version 2.0.0: * Add support for new on-disk LUKS2 format * Enable to use system libargon2 instead of bundled version * Install tmpfiles.d configuration for LUKS2 locking directory * New command integritysetup: support for the new dm-integrity kernel target * Support for larger sector sizes for crypt devices * Miscellaneous fixes and improvements OBS-URL: https://build.opensuse.org/request/show/561151 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=136
2018-01-09 09:52:58 +01:00
%{_tmpfilesdir}/cryptsetup.conf
Accepting request 1093121 from home:pmonrealgonzalez:branches:security - Enable running the regression test suite. - Force a regeneration of the man pages from AsciiDoc. - Add LUKS1 and LUKS2 On-Disk Format Specification pdfs to doc. - FIPS: Remove not needed libcryptsetup12-hmac package that contains the HMAC checksums for integrity checking for FIPS. [bsc#1185116] * Remove the cryptsetup-rpmlintrc file. * Remove not needed fipscheck dependency. OBS-URL: https://build.opensuse.org/request/show/1093121 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=188
2023-06-15 14:05:44 +02:00
%ghost %attr(700, -, -) %dir /run/cryptsetup
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=18
2008-09-15 16:32:21 +02:00
- Split translations to -lang package OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=156
2020-04-02 16:37:41 +02:00
%files lang -f %{name}.lang
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
%license COPYING*
- Split translations to -lang package OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=156
2020-04-02 16:37:41 +02:00
Accepting request 244369 from home:adra:branches:security version 1.6.5, Updated build requirements OBS-URL: https://build.opensuse.org/request/show/244369 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=114
2014-08-13 09:59:19 +02:00
%files -n libcryptsetup%{so_ver}
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
%license COPYING*
Accepting request 244369 from home:adra:branches:security version 1.6.5, Updated build requirements OBS-URL: https://build.opensuse.org/request/show/244369 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=114
2014-08-13 09:59:19 +02:00
%{_libdir}/libcryptsetup.so.%{so_ver}*
Accepting request 244329 from home:msmeissn:branches:security - libcryptsetup4-hmac split off contain the hmac for FIPS certification OBS-URL: https://build.opensuse.org/request/show/244329 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=113
2014-08-12 15:38:20 +02:00
Accepting request 645498 from home:lnussel:branches:security - Suggest hmac package (boo#1090768) - remove old upgrade hack for upgrades from 12.1 - New version 2.0.5 Changes since version 2.0.4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Wipe full header areas (including unused) during LUKS format. Since this version, the whole area up to the data offset is zeroed, and subsequently, all keyslots areas are wiped with random data. This ensures that no remaining old data remains in the LUKS header areas, but it could slow down format operation on some devices. Previously only first 4k (or 32k for LUKS2) and the used keyslot was overwritten in the format operation. * Several fixes to error messages that were unintentionally replaced in previous versions with a silent exit code. More descriptive error messages were added, including error messages if - a device is unusable (not a block device, no access, etc.), - a LUKS device is not detected, - LUKS header load code detects unsupported version, - a keyslot decryption fails (also happens in the cipher check), - converting an inactive keyslot. * Device activation fails if data area overlaps with LUKS header. * Code now uses explicit_bzero to wipe memory if available (instead of own implementation). * Additional VeraCrypt modes are now supported, including Camellia and Kuznyechik symmetric ciphers (and cipher chains) and Streebog hash function. These were introduced in a recent VeraCrypt upstream. Note that Kuznyechik requires out-of-tree kernel module and Streebog hash function is available only with the gcrypt cryptographic backend for now. OBS-URL: https://build.opensuse.org/request/show/645498 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
%files -n lib%{name}-devel
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
%license COPYING*
Accepting request 244369 from home:adra:branches:security version 1.6.5, Updated build requirements OBS-URL: https://build.opensuse.org/request/show/244369 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=114
2014-08-13 09:59:19 +02:00
%doc docs/examples/
%{_includedir}/libcryptsetup.h
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
%{_libdir}/libcryptsetup.so
osc copypac from project:home:lnussel:Factory package:cryptsetup revision:3 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=33
2010-01-18 14:07:23 +01:00
%{_libdir}/pkgconfig/*
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=7
2007-11-29 18:20:01 +01:00
- crypsetup 2.4.0~rc1 * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id * Increase minimal memory cost for Argon2 benchmark to 64MiB. * Autodetect optimal encryption sector size on LUKS2 format. * Use VeraCrypt option by default and add --disable-veracrypt option. * Support --hash and --cipher to limit opening time for TCRYPT type * Fixed default OpenSSL crypt backend support for OpenSSL3. * integritysetup: add integrity-recalculate-reset flag. * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. * Fix cryptsetup resize using LUKS2 tokens. * Add close --deferred and --cancel-deferred options. * Rewritten command-line option parsing to avoid libpopt arguments memory leaks. * Add --test-args option. - switch to LUKS2 default format OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=170
2021-08-02 17:10:27 +02:00
%files ssh
Accepting request 1093121 from home:pmonrealgonzalez:branches:security - Enable running the regression test suite. - Force a regeneration of the man pages from AsciiDoc. - Add LUKS1 and LUKS2 On-Disk Format Specification pdfs to doc. - FIPS: Remove not needed libcryptsetup12-hmac package that contains the HMAC checksums for integrity checking for FIPS. [bsc#1185116] * Remove the cryptsetup-rpmlintrc file. * Remove not needed fipscheck dependency. OBS-URL: https://build.opensuse.org/request/show/1093121 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=188
2023-06-15 14:05:44 +02:00
%license COPYING*
- crypsetup 2.4.0~rc1 * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id * Increase minimal memory cost for Argon2 benchmark to 64MiB. * Autodetect optimal encryption sector size on LUKS2 format. * Use VeraCrypt option by default and add --disable-veracrypt option. * Support --hash and --cipher to limit opening time for TCRYPT type * Fixed default OpenSSL crypt backend support for OpenSSL3. * integritysetup: add integrity-recalculate-reset flag. * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. * Fix cryptsetup resize using LUKS2 tokens. * Add close --deferred and --cancel-deferred options. * Rewritten command-line option parsing to avoid libpopt arguments memory leaks. * Add --test-args option. - switch to LUKS2 default format OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=170
2021-08-02 17:10:27 +02:00
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/libcryptsetup-token-ssh.so
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
%{_mandir}/man8/cryptsetup-ssh.8%{?ext_man}
- crypsetup 2.4.0~rc1 * External LUKS token plugins * Experimental SSH token * Default LUKS2 PBKDF is now Argon2id * Increase minimal memory cost for Argon2 benchmark to 64MiB. * Autodetect optimal encryption sector size on LUKS2 format. * Use VeraCrypt option by default and add --disable-veracrypt option. * Support --hash and --cipher to limit opening time for TCRYPT type * Fixed default OpenSSL crypt backend support for OpenSSL3. * integritysetup: add integrity-recalculate-reset flag. * cryptsetup: retains keyslot number in luksChangeKey for LUKS2. * Fix cryptsetup resize using LUKS2 tokens. * Add close --deferred and --cancel-deferred options. * Rewritten command-line option parsing to avoid libpopt arguments memory leaks. * Add --test-args option. - switch to LUKS2 default format OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=170
2021-08-02 17:10:27 +02:00
%{_sbindir}/cryptsetup-ssh
Accepting request 999046 from home:lnussel:branches:security - cryptsetup 2.5.0: * Split manual pages into per-action pages and use AsciiDoc format. * Remove cryptsetup-reencrypt tool from the project and move reencryption to already existing "cryptsetup reencrypt" command. If you need to emulate the old cryptsetup-reencrypt binary, use simple wrappers script running "exec cryptsetup reencrypt $@". * LUKS2: implement --decryption option that allows LUKS removal. * Fix decryption operation with --active-name option and restrict it to be used only with LUKS2. * Do not refresh reencryption digest when not needed. This should speed up the reencryption resume process. * Store proper resilience data in LUKS2 reencrypt initialization. Resuming reencryption now does not require specification of resilience type parameters if these are the same as during initialization. * Properly wipe the unused area after reencryption with datashift in the forward direction. * Check datashift value against larger sector size. For example, it could cause an issue if misaligned 4K sector appears during decryption. * Do not allow sector size increase reencryption in offline mode. * Do not allow dangerous sector size change during reencryption. * Ask the user for confirmation before resuming reencryption. * Do not resume reencryption with conflicting parameters. * Add --force-offline-reencrypt option. * Do not allow nested encryption in LUKS reencrypt. * Support all options allowed with luksFormat with encrypt action. * Add resize action to integritysetup. * Remove obsolete dracut plugin reencryption example. * Fix possible keyslot area size overflow during conversion to LUKS2. * Allow use of --header option for cryptsetup close. OBS-URL: https://build.opensuse.org/request/show/999046 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=178
2022-08-24 13:32:11 +02:00
%files doc
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
%license COPYING*
%license cc-by-sa-4.0.txt
Accepting request 1093121 from home:pmonrealgonzalez:branches:security - Enable running the regression test suite. - Force a regeneration of the man pages from AsciiDoc. - Add LUKS1 and LUKS2 On-Disk Format Specification pdfs to doc. - FIPS: Remove not needed libcryptsetup12-hmac package that contains the HMAC checksums for integrity checking for FIPS. [bsc#1185116] * Remove the cryptsetup-rpmlintrc file. * Remove not needed fipscheck dependency. OBS-URL: https://build.opensuse.org/request/show/1093121 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=188
2023-06-15 14:05:44 +02:00
%doc AUTHORS FAQ.md README.md docs/*ReleaseNotes docs/on-disk-format*.pdf
Accepting request 1166516 from home:AndreasStieger:branches:security cryptsetup 2.7.2 OBS-URL: https://build.opensuse.org/request/show/1166516 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=196
2024-04-10 09:32:59 +02:00
%{_mandir}/man8/cryptsetup.8%{?ext_man}
%{_mandir}/man8/cryptsetup-benchmark.8%{?ext_man}
%{_mandir}/man8/cryptsetup-bitlkDump.8%{?ext_man}
%{_mandir}/man8/cryptsetup-bitlkOpen.8%{?ext_man}
%{_mandir}/man8/cryptsetup-close.8%{?ext_man}
%{_mandir}/man8/cryptsetup-config.8%{?ext_man}
%{_mandir}/man8/cryptsetup-convert.8%{?ext_man}
%{_mandir}/man8/cryptsetup-create.8%{?ext_man}
%{_mandir}/man8/cryptsetup-erase.8%{?ext_man}
%{_mandir}/man8/cryptsetup-isLuks.8%{?ext_man}
%{_mandir}/man8/cryptsetup-loopaesOpen.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksAddKey.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksChangeKey.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksConvertKey.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksDump.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksErase.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksFormat.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksHeaderBackup.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksHeaderRestore.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksKillSlot.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksOpen.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksRemoveKey.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksResume.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksSuspend.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksUUID.8%{?ext_man}
%{_mandir}/man8/cryptsetup-open.8%{?ext_man}
%{_mandir}/man8/cryptsetup-plainOpen.8%{?ext_man}
%{_mandir}/man8/cryptsetup-reencrypt.8%{?ext_man}
%{_mandir}/man8/cryptsetup-refresh.8%{?ext_man}
%{_mandir}/man8/cryptsetup-repair.8%{?ext_man}
%{_mandir}/man8/cryptsetup-resize.8%{?ext_man}
%{_mandir}/man8/cryptsetup-status.8%{?ext_man}
%{_mandir}/man8/cryptsetup-tcryptDump.8%{?ext_man}
%{_mandir}/man8/cryptsetup-tcryptOpen.8%{?ext_man}
%{_mandir}/man8/cryptsetup-token.8%{?ext_man}
%{_mandir}/man8/integritysetup.8%{?ext_man}
%{_mandir}/man8/veritysetup.8%{?ext_man}
%{_mandir}/man8/cryptsetup-fvault2Dump.8%{?ext_man}
%{_mandir}/man8/cryptsetup-fvault2Open.8%{?ext_man}
Accepting request 999046 from home:lnussel:branches:security - cryptsetup 2.5.0: * Split manual pages into per-action pages and use AsciiDoc format. * Remove cryptsetup-reencrypt tool from the project and move reencryption to already existing "cryptsetup reencrypt" command. If you need to emulate the old cryptsetup-reencrypt binary, use simple wrappers script running "exec cryptsetup reencrypt $@". * LUKS2: implement --decryption option that allows LUKS removal. * Fix decryption operation with --active-name option and restrict it to be used only with LUKS2. * Do not refresh reencryption digest when not needed. This should speed up the reencryption resume process. * Store proper resilience data in LUKS2 reencrypt initialization. Resuming reencryption now does not require specification of resilience type parameters if these are the same as during initialization. * Properly wipe the unused area after reencryption with datashift in the forward direction. * Check datashift value against larger sector size. For example, it could cause an issue if misaligned 4K sector appears during decryption. * Do not allow sector size increase reencryption in offline mode. * Do not allow dangerous sector size change during reencryption. * Ask the user for confirmation before resuming reencryption. * Do not resume reencryption with conflicting parameters. * Add --force-offline-reencrypt option. * Do not allow nested encryption in LUKS reencrypt. * Support all options allowed with luksFormat with encrypt action. * Add resize action to integritysetup. * Remove obsolete dracut plugin reencryption example. * Fix possible keyslot area size overflow during conversion to LUKS2. * Allow use of --header option for cryptsetup close. OBS-URL: https://build.opensuse.org/request/show/999046 OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=178
2022-08-24 13:32:11 +02:00
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=1
2007-06-05 04:29:16 +02:00
%changelog
Reference in New Issue Copy Permalink