Ludwig Nussel
5c09e34343
- version 1.6.4
- new tarball / signature location
* Implement new erase (with alias luksErase) command.
* Add internal "whirlpool_gcryptbug hash" for accessing flawed
Whirlpool hash in gcrypt (requires gcrypt 1.6.1 or above).
* Allow to use --disable-gcrypt-pbkdf2 during configuration
to force use internal PBKDF2 code.
* Require gcrypt 1.6.1 for imported implementation of PBKDF2
(PBKDF2 in gcrypt 1.6.0 is too slow).
* Add --keep-key to cryptsetup-reencrypt.
* By default verify new passphrase in luksChangeKey and luksAddKey
commands (if input is from terminal).
* Fix memory leak in Nettle crypto backend.
* Support --tries option even for TCRYPT devices in cryptsetup.
* Support --allow-discards option even for TCRYPT devices.
(Note that this could destroy hidden volume and it is not suggested
by original TrueCrypt security model.)
* Link against -lrt for clock_gettime to fix undefined reference
to clock_gettime error (introduced in 1.6.2).
* Fix misleading error message when some algorithms are not available.
* Count system time in PBKDF2 benchmark if kernel returns no self
usage info.
OBS-URL: https://build.opensuse.org/request/show/235564
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=111
158 lines
5.2 KiB
RPMSpec
158 lines
5.2 KiB
RPMSpec
#
|
|
# spec file for package cryptsetup
|
|
#
|
|
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
Name: cryptsetup
|
|
Url: http://code.google.com/p/cryptsetup/
|
|
Version: 1.6.4
|
|
Release: 0
|
|
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
|
License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+
|
|
Group: System/Base
|
|
|
|
Source: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.xz
|
|
# this is the signature of the uncompressed tarball
|
|
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-%{version}.tar.sign
|
|
Source2: baselibs.conf
|
|
Source3: %{name}.keyring
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
BuildRequires: device-mapper-devel
|
|
BuildRequires: e2fsprogs-devel
|
|
BuildRequires: fipscheck
|
|
BuildRequires: fipscheck-devel
|
|
BuildRequires: libgcrypt-devel
|
|
BuildRequires: libselinux-devel
|
|
BuildRequires: libtool
|
|
# 2.6.38 has the required if_alg.h
|
|
BuildRequires: linux-glibc-devel >= 2.6.38
|
|
BuildRequires: pkgconfig
|
|
BuildRequires: popt-devel
|
|
|
|
%description
|
|
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
|
targets. It allows to set up targets to read cryptoloop compatible
|
|
volumes as well as LUKS formatted ones. The package additionally
|
|
includes support for automatically setting up encrypted volumes at boot
|
|
time via the config file /etc/crypttab.
|
|
|
|
%package -n libcryptsetup4
|
|
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
|
Group: System/Base
|
|
|
|
%description -n libcryptsetup4
|
|
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
|
targets. It allows to set up targets to read cryptoloop compatible
|
|
volumes as well as LUKS formatted ones. The package additionally
|
|
includes support for automatically setting up encrypted volumes at boot
|
|
time via the config file /etc/crypttab.
|
|
|
|
%package -n libcryptsetup-devel
|
|
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
|
Group: Development/Libraries/C and C++
|
|
# cryptsetup-devel last used 11.1
|
|
Provides: cryptsetup-devel = %{version}
|
|
Obsoletes: cryptsetup-devel < %{version}
|
|
Requires: glibc-devel
|
|
Requires: libcryptsetup4 = %{version}
|
|
|
|
%description -n libcryptsetup-devel
|
|
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
|
targets. It allows to set up targets to read cryptoloop compatible
|
|
volumes as well as LUKS formatted ones. The package additionally
|
|
includes support for automatically setting up encrypted volumes at boot
|
|
time via the config file /etc/crypttab.
|
|
|
|
%prep
|
|
%setup -q
|
|
|
|
%build
|
|
# cryptsetup build
|
|
%{?suse_update_config:%{suse_update_config}}
|
|
autoreconf -f -i
|
|
test -e po/Makevars || cp po/Makevars.template po/Makevars
|
|
%configure \
|
|
--disable-static --enable-shared \
|
|
--enable-cryptsetup-reencrypt \
|
|
--enable-selinux --enable-fips
|
|
make %{?_smp_mflags}
|
|
|
|
%install
|
|
# Generate HMAC checksums (FIPS)
|
|
%define __spec_install_post \
|
|
%{?__debug_package:%{__debug_install_post}} \
|
|
%{__arch_install_post} \
|
|
%{__os_install_post} \
|
|
fipshmac %{buildroot}/%{_libdir}/libcryptsetup.so.* \
|
|
%{nil}
|
|
|
|
make install DESTDIR=$RPM_BUILD_ROOT
|
|
install -d -m 755 $RPM_BUILD_ROOT/sbin
|
|
ln -s ..%{_sbindir}/cryptsetup $RPM_BUILD_ROOT/sbin
|
|
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
|
|
rm -f $RPM_BUILD_ROOT/%_libdir/*.la
|
|
#
|
|
%find_lang %name --all-name
|
|
|
|
%post
|
|
test -n "$FIRST_ARG" || FIRST_ARG="$1"
|
|
#
|
|
# convert noauto to nofail and turn on fsck (bnc#724113)
|
|
#
|
|
marker="/var/adm/crypsetup.fstab.noauto_converted"
|
|
if [ "$FIRST_ARG" -gt 1 -a ! -e "$marker" ]; then
|
|
echo "updating /etc/fstab ... "
|
|
tmpfstab="/etc/fstab.cryptsetup.$$"
|
|
sed -e '/^\/dev\/mapper\/cr_.*,noauto\s/{s/,noauto\(\s\)/,nofail\1/;s/ 0 0$/ 0 2/}' < /etc/fstab > "$tmpfstab"
|
|
if diff -u0 /etc/fstab "$tmpfstab"; then
|
|
echo "no change"
|
|
rm -f "$tmpfstab"
|
|
> "$marker"
|
|
else
|
|
cp "$tmpfstab" "$marker"
|
|
mv "$tmpfstab" /etc/fstab
|
|
fi
|
|
fi
|
|
|
|
%post -n libcryptsetup4 -p /sbin/ldconfig
|
|
|
|
%postun -n libcryptsetup4 -p /sbin/ldconfig
|
|
|
|
%files -f %name.lang
|
|
%defattr(-,root,root)
|
|
#ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab
|
|
#ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/cryptotab
|
|
/sbin/cryptsetup
|
|
%{_sbindir}/cryptsetup
|
|
%{_sbindir}/veritysetup
|
|
%{_sbindir}/cryptsetup-reencrypt
|
|
%_mandir/man8/cryptsetup.8.gz
|
|
%_mandir/man8/cryptsetup-reencrypt.8.gz
|
|
%_mandir/man8/veritysetup.8.gz
|
|
|
|
%files -n libcryptsetup4
|
|
%defattr(-,root,root)
|
|
/%{_libdir}/libcryptsetup.so.4*
|
|
/%{_libdir}/.libcryptsetup.so.4*hmac
|
|
|
|
%files -n libcryptsetup-devel
|
|
%defattr(-,root,root)
|
|
%_includedir/libcryptsetup.h
|
|
%{_libdir}/libcryptsetup.so
|
|
%{_libdir}/pkgconfig/*
|
|
|
|
%changelog
|