diff --git a/cryptsetup-2.4.3.tar.sign b/cryptsetup-2.4.3.tar.sign deleted file mode 100644 index d2aa1e9..0000000 --- a/cryptsetup-2.4.3.tar.sign +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmHf9akACgkQ2bBXe9k+ -mPz0zw//cqAJh3wE0zxtfb+2al4cH2oTtPR+/VnnW8s5z9hyBztNZo8ChOXEQqEQ -3l+S0qvJSkCmQT2RNEAdyqMjolU3NKKYi+iZwKUfcYPAABnc0/df9p1l4ykKYmuZ -6EiQCCZITrFkiRl0jVsZ/U92FAU+EdI7dXPVr+H8Ai6eA4HW3NIrZlsUUMdsmkCE -6eqSX3WX1WVpFkv3453JSNG5/byHP4iPEnXdy00+n5qDoWrOEqDL6MDFaljBS2gq -XKIeDfKTe3tQAelPEnIc/Is5Tus2uMkxn+bW9KPviS3tOSW5iDVUNL2DBVdMcuxV -e26mEud9BYyKvajj3wP2TR/BD+ctmwnYSLrfs8aMzE109YI2NuxHD6sWI9d2jrtx -2fMDV20AKGvvt2q4RkIqAkML7S1RQUVdma33I/iBojFu4bXleLBUcwi1vT+G1NMX -rz+bVo5zKa7bfTjjX/T8ATL302Lhpr3yReAR6m2KqX3xbxinwG3BV88fyZjJEFft -zW2JYT3gntkp7GqrxMWjZYNc8AAcpRcabXqb/7NcCBPmS33Kk+/eQiBGEQCw85g7 -MQk7oLKFKT31yJ0TipJExWLOpaWR592wBMl/vx3jAyJjWR1IxajzKD60ZNJHavsn -5PCPtLxXGdbyyagI45Jm1Pa6Me0vcXzYSHnYdPy5tprOfJgzMT4= -=yURq ------END PGP SIGNATURE----- diff --git a/cryptsetup-2.4.3.tar.xz b/cryptsetup-2.4.3.tar.xz deleted file mode 100644 index 6938c43..0000000 --- a/cryptsetup-2.4.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fc0df945188172264ec5bf1d0bda08264fadc8a3f856d47eba91f31fe354b507 -size 11242152 diff --git a/cryptsetup-2.5.0.tar.sign b/cryptsetup-2.5.0.tar.sign new file mode 100644 index 0000000..e1b88c4 --- /dev/null +++ b/cryptsetup-2.5.0.tar.sign @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmLir6MACgkQ2bBXe9k+ +mPz0aRAA1NvR+v5YBgq0+VxkNLWN76sIiFOZ46ASepos5bvzV6QgfHf2Pm4Tdi2j +CHc9Vc6D32w3oww6qQQ3j4XjqDxtRbxa17YEcsoQHT7J0sezaPknv+OM+vT+B8WT +PmoOF6ZoxqmA4hf2psap/4sWB+TNVlJoyksOy/yF5pLdSFT9w/A6DIO+FiufVCxg +Sg8HNcU0rFkLTnHNQiZGFx9lNAy+FJ+5mm+8A8IIbTB4cxuohaz8ZwNjJjIO36jm +H0t4yDQTL7JoV1ONPJ+Fq9OaQP6MBCnSr3uFXwkQoV99geaHmGVbv+jUqqFjosu3 +Usm1hHkqFp+BW8f+XZ0lYYGyGz1bFZHsiCnEdjFLmmMiSqjW+Jo0AdGtqEjx5Ahc +/6D8XyRpb+Wwg9cQyzvcOXgBysWp4dINWQSjsyWqN4AlEOy4UtEbAW4Pm/t2SCnV +xw7eNbCdqa2+tAJTMV5AlQgkk1dYDY9KFNvNkrgkEMlzoeq/3QgkqPo7PqCqixrL +cTlMm8g5IDV95Mnyd2uNng7T/M4E6PLfhApjpSbP0Sk6Hyp1Mp959AKTHJFPE4ZO +R9dTYQ+Jy/2DUKDQoeYtiosq1Yoi4NKueazGAbjvbQT8NXx7DDcS3AYIfxBsdGnv +xmsAHiM8LgjJmFYZNWHHBpWakCUM7LhqbrfLkVlMyprN4ZCzyLM= +=Rmfd +-----END PGP SIGNATURE----- diff --git a/cryptsetup-2.5.0.tar.xz b/cryptsetup-2.5.0.tar.xz new file mode 100644 index 0000000..cbeede4 --- /dev/null +++ b/cryptsetup-2.5.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9184a6ebbd9ce7eb211152e7f741a6c82f2d1cc0e24a84ec9c52939eee0f0542 +size 11304256 diff --git a/cryptsetup.changes b/cryptsetup.changes index ad9b80f..c9c4cb3 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,51 @@ +------------------------------------------------------------------- +Mon Aug 22 08:38:16 UTC 2022 - Ludwig Nussel + +- cryptsetup 2.5.0: + * Split manual pages into per-action pages and use AsciiDoc format. + * Remove cryptsetup-reencrypt tool from the project and move reencryption + to already existing "cryptsetup reencrypt" command. + If you need to emulate the old cryptsetup-reencrypt binary, use simple + wrappers script running "exec cryptsetup reencrypt $@". + * LUKS2: implement --decryption option that allows LUKS removal. + * Fix decryption operation with --active-name option and restrict + it to be used only with LUKS2. + * Do not refresh reencryption digest when not needed. + This should speed up the reencryption resume process. + * Store proper resilience data in LUKS2 reencrypt initialization. + Resuming reencryption now does not require specification of resilience + type parameters if these are the same as during initialization. + * Properly wipe the unused area after reencryption with datashift in + the forward direction. + * Check datashift value against larger sector size. + For example, it could cause an issue if misaligned 4K sector appears + during decryption. + * Do not allow sector size increase reencryption in offline mode. + * Do not allow dangerous sector size change during reencryption. + * Ask the user for confirmation before resuming reencryption. + * Do not resume reencryption with conflicting parameters. + * Add --force-offline-reencrypt option. + * Do not allow nested encryption in LUKS reencrypt. + * Support all options allowed with luksFormat with encrypt action. + * Add resize action to integritysetup. + * Remove obsolete dracut plugin reencryption example. + * Fix possible keyslot area size overflow during conversion to LUKS2. + * Allow use of --header option for cryptsetup close. + * Fix activation of LUKS2 device with integrity and detached header. + * Add ZEROOUT IOCTL support for crypt_wipe API call. + * VERITY: set loopback sector size according to dm-verity block sizes. + * veritysetup: dump device sizes. + * LUKS2 token: prefer token PIN query before passphrase in some cases. + When a user provides --token-type or specific --token-id, a token PIN + query is preferred to a passphrase query. + * LUKS2 token: allow tokens to be replaced with --token-replace option + for cryptsetup token command. + * LUKS2 token: do not continue operation when interrupted in PIN prompt. + * Add --progress-json parameter to utilities. + * Add support for --key-slot option in luksResume action. +- move man pages to separate subpackage +- drop backports handling + ------------------------------------------------------------------- Fri Jan 14 19:19:43 UTC 2022 - Andreas Stieger diff --git a/cryptsetup.spec b/cryptsetup.spec index e6ed7c0..2217fd3 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,5 +1,5 @@ # -# spec file for package cryptsetup2 +# spec file for package cryptsetup # # Copyright (c) 2022 SUSE LLC # @@ -16,22 +16,18 @@ # -%define tar_version 2.4.3 +%define tar_version 2.5.0 %define so_ver 12 -%if 0%{?is_backports} -Name: cryptsetup2 -%else Name: cryptsetup -%endif -Version: 2.4.3 +Version: 2.5.0 Release: 0 Summary: Setup program for dm-crypt Based Encrypted Block Devices License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception Group: System/Base URL: https://gitlab.com/cryptsetup/cryptsetup/ -Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{tar_version}.tar.xz +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-%{tar_version}.tar.xz # GPG signature of the uncompressed tarball. -Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{tar_version}.tar.sign +Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.5/cryptsetup-%{tar_version}.tar.sign Source2: baselibs.conf Source3: cryptsetup.keyring Source4: %{name}-rpmlintrc @@ -51,13 +47,9 @@ BuildRequires: pkgconfig(blkid) BuildRequires: pkgconfig(libargon2) BuildRequires: pkgconfig(libssh) BuildRequires: pkgconfig(openssl) +BuildRequires: rubygem(asciidoctor) Requires(post): coreutils Requires(postun):coreutils -%if 0%{?is_backports} -BuildRequires: autoconf -BuildRequires: automake -BuildRequires: libtool -%endif %if %{?suse_version} >= 1550 # LUKS2 used as default format, which GRUB < 2.06 can't read Conflicts: grub2 < 2.06 @@ -80,6 +72,15 @@ Group: System/Base Experimental cryptsetup plugin for unlocking LUKS2 devices with token connected to an SSH server. +%package doc +Summary: Cryptsetup Documentation +Group: Documentation/Man +Supplements: (cryptsetup and man) +Supplements: (cryptsetup and patterns-base-documentation) + +%description doc +Documentation and man pages for cryptsetup + %package -n libcryptsetup%{so_ver} Summary: Library for setting up dm-crypt Based Encrypted Block Devices Group: System/Libraries @@ -109,10 +110,6 @@ Requires: libcryptsetup%{so_ver} = %{version} # cryptsetup-devel last used 11.1 Provides: cryptsetup-devel = %{version} Obsoletes: cryptsetup-devel < %{version} -%if 0%{?is_backports} -# have to conflict with main package that is in SLE -Conflicts: cryptsetup-devel < %{version} -%endif %description -n lib%{name}-devel cryptsetup is used to conveniently set up dm-crypt based device-mapper @@ -123,14 +120,9 @@ time via the config file %{_sysconfdir}/crypttab. %prep %autosetup -n cryptsetup-%{tar_version} -%if 0%{?is_backports} -sed -i -e '/AC_INIT/s/cryptsetup/cryptsetup2/' configure.ac -autoreconf -f -i -%endif %build %configure \ - --enable-cryptsetup-reencrypt \ --enable-selinux \ --enable-fips \ --enable-pwquality \ @@ -153,25 +145,15 @@ autoreconf -f -i %{nil} %make_install -%if 0%{?is_backports} -# need to rename a files to avoid file conflict -for i in cryptsetup integritysetup veritysetup cryptsetup-reencrypt; do - mv %{buildroot}%{_sbindir}/$i %{buildroot}%{_sbindir}/${i}2 - mv %{buildroot}%{_mandir}/man8/$i.8 %{buildroot}%{_mandir}/man8/${i}2.8 -done -rm -f %{buildroot}%{_tmpfilesdir}/cryptsetup.conf -%endif %if !0%{?usrmerged} install -dm 0755 %{buildroot}/sbin -ln -s ..%{_sbindir}/cryptsetup%{?is_backports:2} %{buildroot}/sbin +ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin %endif # don't want this file in /lib (FHS compat check), and can't move it to /usr/lib find %{buildroot} -type f -name "*.la" -delete -print # %find_lang %{name} --all-name -%if !0%{?is_backports} -# %post %{?regenerate_initrd_post} %tmpfiles_create %{_tmpfilesdir}/cryptsetup.conf @@ -181,30 +163,20 @@ find %{buildroot} -type f -name "*.la" -delete -print %posttrans %{?regenerate_initrd_posttrans} -# -%endif %post -n libcryptsetup%{so_ver} -p /sbin/ldconfig + %postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig %files %license COPYING* -%doc AUTHORS FAQ README.md docs/*ReleaseNotes %if !0%{?usrmerged} -/sbin/cryptsetup%{?is_backports:2} +/sbin/cryptsetup %endif -%{_sbindir}/cryptsetup%{?is_backports:2} -%{_sbindir}/veritysetup%{?is_backports:2} -%{_sbindir}/integritysetup%{?is_backports:2} -%{_sbindir}/cryptsetup-reencrypt%{?is_backports:2} -%{_mandir}/man8/cryptsetup%{?is_backports:2}.8%{?ext_man} -%{_mandir}/man8/cryptsetup-reencrypt%{?is_backports:2}.8%{?ext_man} -%{_mandir}/man8/veritysetup%{?is_backports:2}.8%{?ext_man} -%{_mandir}/man8/integritysetup%{?is_backports:2}.8%{?ext_man} -%if !0%{?is_backports} +%{_sbindir}/cryptsetup +%{_sbindir}/veritysetup +%{_sbindir}/integritysetup %{_tmpfilesdir}/cryptsetup.conf -%ghost %dir /run/cryptsetup -%endif %files lang -f %{name}.lang @@ -227,4 +199,44 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_mandir}/man8/cryptsetup-ssh.8.gz %{_sbindir}/cryptsetup-ssh +%files doc +%doc AUTHORS FAQ.md README.md docs/*ReleaseNotes +%{_mandir}/man8/cryptsetup.8.gz +%{_mandir}/man8/cryptsetup-benchmark.8.gz +%{_mandir}/man8/cryptsetup-bitlkDump.8.gz +%{_mandir}/man8/cryptsetup-bitlkOpen.8.gz +%{_mandir}/man8/cryptsetup-close.8.gz +%{_mandir}/man8/cryptsetup-config.8.gz +%{_mandir}/man8/cryptsetup-convert.8.gz +%{_mandir}/man8/cryptsetup-create.8.gz +%{_mandir}/man8/cryptsetup-erase.8.gz +%{_mandir}/man8/cryptsetup-isLuks.8.gz +%{_mandir}/man8/cryptsetup-loopaesOpen.8.gz +%{_mandir}/man8/cryptsetup-luksAddKey.8.gz +%{_mandir}/man8/cryptsetup-luksChangeKey.8.gz +%{_mandir}/man8/cryptsetup-luksConvertKey.8.gz +%{_mandir}/man8/cryptsetup-luksDump.8.gz +%{_mandir}/man8/cryptsetup-luksErase.8.gz +%{_mandir}/man8/cryptsetup-luksFormat.8.gz +%{_mandir}/man8/cryptsetup-luksHeaderBackup.8.gz +%{_mandir}/man8/cryptsetup-luksHeaderRestore.8.gz +%{_mandir}/man8/cryptsetup-luksKillSlot.8.gz +%{_mandir}/man8/cryptsetup-luksOpen.8.gz +%{_mandir}/man8/cryptsetup-luksRemoveKey.8.gz +%{_mandir}/man8/cryptsetup-luksResume.8.gz +%{_mandir}/man8/cryptsetup-luksSuspend.8.gz +%{_mandir}/man8/cryptsetup-luksUUID.8.gz +%{_mandir}/man8/cryptsetup-open.8.gz +%{_mandir}/man8/cryptsetup-plainOpen.8.gz +%{_mandir}/man8/cryptsetup-reencrypt.8.gz +%{_mandir}/man8/cryptsetup-refresh.8.gz +%{_mandir}/man8/cryptsetup-repair.8.gz +%{_mandir}/man8/cryptsetup-resize.8.gz +%{_mandir}/man8/cryptsetup-status.8.gz +%{_mandir}/man8/cryptsetup-tcryptDump.8.gz +%{_mandir}/man8/cryptsetup-tcryptOpen.8.gz +%{_mandir}/man8/cryptsetup-token.8.gz +%{_mandir}/man8/integritysetup.8.gz +%{_mandir}/man8/veritysetup.8.gz + %changelog