diff --git a/baselibs.conf b/baselibs.conf index 7819b67..44b405c 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1 +1,2 @@ libcryptsetup4 +libcryptsetup4-hmac diff --git a/cryptsetup-1.6.4.tar.sign b/cryptsetup-1.6.4.tar.sign deleted file mode 100644 index 7dbe8af..0000000 --- a/cryptsetup-1.6.4.tar.sign +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iQIcBAABCAAGBQJTD0ctAAoJENmwV3vZPpj8WAkQAKo2flibcxZAR7lW6NfW2SUo -VysNEylCPRQbPbDOrWRGQMrjNlQWz0YU504P+GwVFOrALW7K2v71oVa+8AE3dukh -0aogPTzso6HlNFnnjbd2IkCAbhgejn6gshhd2rF64YxLx5QOnX744aS5HgEb3QC4 -rkSGIih/rJz0GEsNb4gpuTceO9BnBINbmbV4172CbyOWvndkgArazkB5f1Qi5d2r -SUQVZQIzGmW+qVmsGElS4AtCsYz59qfeL6+REVHEY0YV9M1MkWF3ZCsflW6t0Qgb -MUzNb3MEYYh2NaQoF4Ul1ZbHNgnx6as9B/uCIuV6LPQiJvl7PkBlN56vO6FI2nE5 -x2yXed8Y2OJBGstHsGtMoP8DP96U0IKcEPpSwttKVwl6+qCqu3Wns27eAvrkKnD/ -8/PGrk1F9H+iB4JLez/WyrWEveQQKugkJPf8HUSNW4J5/Q/joD0/2sKfIBTYbEG1 -Hf0jvcfhnsMf4cr06K1VeOVkr596/EEQRyEKAEQHdRdSDXvZeprjA+yBai6v6V+W -OCm4DK3D6o9jhCLeotFSlOsMfA9gxWJ9uKrEnR7ITh7PmTf8PiZbX+VkexuwP8vT -PaDjBCRZ2mm1nIfYxohcEMNz/WgRdFKx4vmb13OyY1tEcQYjIk/EoP7EZrGNS1tJ -5X1fSnePI1PuO+WuyaHy -=jEBe ------END PGP SIGNATURE----- diff --git a/cryptsetup-1.6.4.tar.xz b/cryptsetup-1.6.4.tar.xz deleted file mode 100644 index b4df0c0..0000000 --- a/cryptsetup-1.6.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:70b8e86eef94bbb4441ad38460d87138130d7aaaafe5d01131c3ba50b9f0dca0 -size 1081492 diff --git a/cryptsetup-1.6.5.tar.sign b/cryptsetup-1.6.5.tar.sign new file mode 100644 index 0000000..70e5967 --- /dev/null +++ b/cryptsetup-1.6.5.tar.sign @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIcBAABCAAGBQJTsAB+AAoJENmwV3vZPpj8bh0P/3MhINlKtwNZUIpBmutuioiN +TSZBXnC08oriTWll3LaUtT18q4gfdNZ0nmetew9AcdAHtaYEiSgdiuVkx4TVmXNV +I7oAE1GCopYt7KCBBS06ql3RylrqEdpt0dscb0WDvvbtc5G0WFh9rDflsPXZpaEt +heqpLG6mNUHnkfl9SOc3h0X9/H6G6bITvn1nJdNvfoZFJdqVI28d059Ax4dsx9ag +x/smj/TyvfxpJ897g0Ta+j8PPXLm3vanZZW/eBYujJd/ks6dGY9oeqyU3xZ/Uiwx +D6qDSbrkD8kzXoj7YyyMWkK3QtL3vhBSJoRC9Icf8hCg3jHS2FZ5ZYS6hzYvJQp7 +qsiOBxAyMgl1u0hYYldv0WRyi3Dv+C7HQdVHZicLdK30KqN3DKyJEPTnVt4+1nj2 +xNyZKM0kkHHMK+Cws2p17Y/ESH8TocJzaYdOehA5avRix7F9Ygg1g9BUGMGo3GDb +DsrTes35A9GGnQ6M+/YIFmzfaG92SLDUHzxCBtZ6I1GPAsxK41qSJ5CMbfxN0w3/ +SGa3Xybi2ZTyDJf5pSJdnnRsU51dayG3ensXPwc56/thkLGiapIVziWWVTA9TsaS +4B9emIPFkpkyX3mrfMsW3ap+lkkZ/KuqSeTkQep+Y24a/yaRX4YBjJCvAuu3DaZc +tGJBiO00fS647Vw/KP5w +=E6bJ +-----END PGP SIGNATURE----- diff --git a/cryptsetup-1.6.5.tar.xz b/cryptsetup-1.6.5.tar.xz new file mode 100644 index 0000000..80aad09 --- /dev/null +++ b/cryptsetup-1.6.5.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:267973f20be43f9d685f7193aa23954b60768c74a1d330243114d4b8bc17ca9a +size 1136892 diff --git a/cryptsetup.changes b/cryptsetup.changes index 0858125..d6b4a84 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,35 @@ +------------------------------------------------------------------- +Tue Aug 12 16:34:04 UTC 2014 - asterios.dramis@gmail.com + +- version 1.6.5 + * Allow LUKS header operation handling without requiring root privilege. + It means that you can manipulate with keyslots as a regular user, only + write access to device (or image) is required. + * Fix internal PBKDF2 key derivation function implementation for alternative + crypto backends (kernel, NSS) which do not support PBKDF2 directly and have + issues with longer HMAC keys. + * Support for Python3 for simple Python binding. + Python >= 2.6 is now required. You can set Python compiled version by setting + --with-python_version configure option (together with --enable-python). + * Use internal PBKDF2 in Nettle library for Nettle crypto backend. + Cryptsetup compilation requires Nettle >= 2.6 (if using Nettle crypto backend). + * Allow simple status of crypt device without providing metadata header. + The command "cryptsetup status" will print basic info, even if you + do not provide detached header argument. + * Allow to specify ECB mode in cryptsetup benchmark. + * Add some LUKS images for regression testing. + Note that if image with Whirlpool fails, the most probable cause is that + you have old gcrypt library with flawed whirlpool hash. + Read FAQ section 8.3 for more info. +- Removed e2fsprogs-devel and libtool build requirements (not needed). +- Added libpwquality-devel and libuuid-devel build requirements. + +------------------------------------------------------------------- +Mon Aug 11 15:21:03 UTC 2014 - meissner@suse.com + +- libcryptsetup4-hmac split off contain the hmac for FIPS certification + +------------------------------------------------------------------- Tue May 27 14:38:57 UTC 2014 - meissner@suse.com - version 1.6.4 diff --git a/cryptsetup.spec b/cryptsetup.spec index 2b29584..0ce0302 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -16,31 +16,32 @@ # +%define so_ver 4 + Name: cryptsetup -Url: http://code.google.com/p/cryptsetup/ -Version: 1.6.4 +Version: 1.6.5 Release: 0 Summary: Set Up dm-crypt Based Encrypted Block Devices License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ Group: System/Base - -Source: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.xz -# this is the signature of the uncompressed tarball +Url: http://code.google.com/p/cryptsetup/ +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.xz +# GPG signature of the uncompressed tarball. Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.sign Source2: baselibs.conf Source3: %{name}.keyring -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: device-mapper-devel -BuildRequires: e2fsprogs-devel BuildRequires: fipscheck BuildRequires: fipscheck-devel BuildRequires: libgcrypt-devel +BuildRequires: libpwquality-devel BuildRequires: libselinux-devel -BuildRequires: libtool +BuildRequires: libuuid-devel # 2.6.38 has the required if_alg.h BuildRequires: linux-glibc-devel >= 2.6.38 BuildRequires: pkgconfig BuildRequires: popt-devel +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description cryptsetup is used to conveniently set up dm-crypt based device-mapper @@ -49,27 +50,35 @@ volumes as well as LUKS formatted ones. The package additionally includes support for automatically setting up encrypted volumes at boot time via the config file /etc/crypttab. -%package -n libcryptsetup4 +%package -n libcryptsetup%{so_ver} Summary: Set Up dm-crypt Based Encrypted Block Devices -Group: System/Base +Group: System/Libraries -%description -n libcryptsetup4 +%description -n libcryptsetup%{so_ver} cryptsetup is used to conveniently set up dm-crypt based device-mapper targets. It allows to set up targets to read cryptoloop compatible volumes as well as LUKS formatted ones. The package additionally includes support for automatically setting up encrypted volumes at boot time via the config file /etc/crypttab. +%package -n libcryptsetup4-hmac +Summary: Checksums for libcryptsetup4 +Group: System/Base + +%description -n libcryptsetup4-hmac +This package contains HMAC checksums for integrity checking of libcryptsetup4, +used for FIPS. + %package -n libcryptsetup-devel Summary: Set Up dm-crypt Based Encrypted Block Devices Group: Development/Libraries/C and C++ +Requires: glibc-devel +Requires: libcryptsetup%{so_ver} = %{version} # cryptsetup-devel last used 11.1 Provides: cryptsetup-devel = %{version} Obsoletes: cryptsetup-devel < %{version} -Requires: glibc-devel -Requires: libcryptsetup4 = %{version} -%description -n libcryptsetup-devel +%description -n libcryptsetup-devel cryptsetup is used to conveniently set up dm-crypt based device-mapper targets. It allows to set up targets to read cryptoloop compatible volumes as well as LUKS formatted ones. The package additionally @@ -80,14 +89,10 @@ time via the config file /etc/crypttab. %setup -q %build -# cryptsetup build -%{?suse_update_config:%{suse_update_config}} -autoreconf -f -i -test -e po/Makevars || cp po/Makevars.template po/Makevars -%configure \ - --disable-static --enable-shared \ - --enable-cryptsetup-reencrypt \ - --enable-selinux --enable-fips +%configure --enable-cryptsetup-reencrypt \ + --enable-selinux \ + --enable-fips \ + --enable-pwquality make %{?_smp_mflags} %install @@ -99,13 +104,13 @@ make %{?_smp_mflags} fipshmac %{buildroot}/%{_libdir}/libcryptsetup.so.* \ %{nil} -make install DESTDIR=$RPM_BUILD_ROOT -install -d -m 755 $RPM_BUILD_ROOT/sbin -ln -s ..%{_sbindir}/cryptsetup $RPM_BUILD_ROOT/sbin +make install DESTDIR=%{buildroot} +install -dm 0755 %{buildroot}/sbin +ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin # don't want this file in /lib (FHS compat check), and can't move it to /usr/lib -rm -f $RPM_BUILD_ROOT/%_libdir/*.la +rm -f %{buildroot}/%{_libdir}/*.la # -%find_lang %name --all-name +%find_lang %{name} --all-name %post test -n "$FIRST_ARG" || FIRST_ARG="$1" @@ -127,30 +132,35 @@ if [ "$FIRST_ARG" -gt 1 -a ! -e "$marker" ]; then fi fi -%post -n libcryptsetup4 -p /sbin/ldconfig +%post -n libcryptsetup%{so_ver} -p /sbin/ldconfig -%postun -n libcryptsetup4 -p /sbin/ldconfig +%postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig -%files -f %name.lang +%files -f %{name}.lang %defattr(-,root,root) +%doc AUTHORS COPYING* FAQ README TODO docs/ChangeLog.old docs/*ReleaseNotes #ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab #ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/cryptotab /sbin/cryptsetup %{_sbindir}/cryptsetup %{_sbindir}/veritysetup %{_sbindir}/cryptsetup-reencrypt -%_mandir/man8/cryptsetup.8.gz -%_mandir/man8/cryptsetup-reencrypt.8.gz -%_mandir/man8/veritysetup.8.gz +%{_mandir}/man8/cryptsetup.8.gz +%{_mandir}/man8/cryptsetup-reencrypt.8.gz +%{_mandir}/man8/veritysetup.8.gz -%files -n libcryptsetup4 +%files -n libcryptsetup%{so_ver} %defattr(-,root,root) -/%{_libdir}/libcryptsetup.so.4* -/%{_libdir}/.libcryptsetup.so.4*hmac +%{_libdir}/libcryptsetup.so.%{so_ver}* + +%files -n libcryptsetup4-hmac +%defattr(-,root,root) +%{_libdir}/.libcryptsetup.so.%{so_ver}*hmac %files -n libcryptsetup-devel %defattr(-,root,root) -%_includedir/libcryptsetup.h +%doc docs/examples/ +%{_includedir}/libcryptsetup.h %{_libdir}/libcryptsetup.so %{_libdir}/pkgconfig/*