pool/cryptsetup
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9563f85232
cryptsetup/cryptsetup.spec
Pedro Monreal Gonzalez 9563f85232 Accepting request 1190462 from home:pmonrealgonzalez:branches:security 
- Update to 2.7.3:
  * Do not allow formatting LUKS2 with Opal SED (hardware encryption)
    if the reported logical sector size for the block device and Opal
    encryption logical block differs.
  * Fixes to wiping LUKS2 headers after Opal locking area erase.
  * Mention the need for possible PSID revert before Opal format for some
    drives (man page).
  * Fix Bitlocker-compatible code to ignore newly seen metadata entries.
  * Fix interactive query retry if LUKS2 unbound keyslot is present.
  * Detect unsupported zoned devices for LUKS header devices.
  * Allow "capi" cipher format for benchmark command and fix parsing
    of plain IV in "capi" format.
  * Add support for HCTR2 encryption mode.
  * Source code now uses SPDX license identifiers instead of full
    license preambles.
  * Fix missing includes for cryptographic backend that could cause
    compilation errors for some systems.
  * Fix tests to work correctly in FIPS mode with recent OpenSSL 3.2.
  * Fix various (mostly false positive) issues detected by Coverity.

OBS-URL: https://build.opensuse.org/request/show/1190462
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=199
2024-07-30 11:55:40 +00:00

243 lines
8.2 KiB
RPMSpec
Raw Blame History

#
# spec file for package cryptsetup
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define so_ver 12
Name: cryptsetup
Version: 2.7.3
Release: 0
Summary: Setup program for dm-crypt Based Encrypted Block Devices
License: CC-BY-SA-4.0 AND LGPL-2.0-or-later WITH cryptsetup-OpenSSL-exception
Group: System/Base
URL: https://gitlab.com/cryptsetup/cryptsetup/
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{version}.tar.xz
# GPG signature of the uncompressed tarball.
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{version}.tar.sign
Source2: baselibs.conf
Source3: cryptsetup.keyring
# FAQ.md is CC-BY-SA-4.0
Source4: https://creativecommons.org/licenses/by-sa/4.0/legalcode.txt#/cc-by-sa-4.0.txt
# 2.6.38 has the required if_alg.h
BuildRequires: linux-glibc-devel >= 2.6.38
BuildRequires: pkgconfig
BuildRequires: suse-module-tools
BuildRequires: pkgconfig(blkid)
BuildRequires: pkgconfig(devmapper)
BuildRequires: pkgconfig(json-c)
BuildRequires: pkgconfig(libargon2)
BuildRequires: pkgconfig(libselinux)
BuildRequires: pkgconfig(libssh)
BuildRequires: pkgconfig(openssl)
BuildRequires: pkgconfig(popt)
BuildRequires: pkgconfig(pwquality)
BuildRequires: pkgconfig(uuid)
BuildRequires: rubygem(asciidoctor)
Requires(post): coreutils
Requires(postun): coreutils
Provides: integritysetup = %{version}-%{release}
Provides: veritysetup = %{version}-%{release}
%if %{?suse_version} >= 1550
# LUKS2 used as default format, which GRUB < 2.06 can't read
Conflicts: grub2 < 2.06
%endif
%lang_package(cryptsetup)
%description
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file %{_sysconfdir}/crypttab.
%package ssh
Summary: Cryptsetup LUKS2 SSH token
License: LGPL-2.0-or-later WITH cryptsetup-OpenSSL-exception
Group: System/Base
%description ssh
Experimental cryptsetup plugin for unlocking LUKS2 devices with
token connected to an SSH server.
%package doc
Summary: Cryptsetup Documentation
License: CC-BY-SA-4.0 AND LGPL-2.0-or-later WITH cryptsetup-OpenSSL-exception
Group: Documentation/Man
Supplements: (cryptsetup and man)
Supplements: (cryptsetup and patterns-base-documentation)
BuildArch: noarch
%description doc
Documentation and man pages for cryptsetup
%package -n libcryptsetup%{so_ver}
Summary: Library for setting up dm-crypt Based Encrypted Block Devices
License: LGPL-2.0-or-later WITH cryptsetup-OpenSSL-exception
Group: System/Libraries
Provides: libcryptsetup%{so_ver}-hmac = %{version}
Obsoletes: libcryptsetup%{so_ver}-hmac < %{version}
%description -n libcryptsetup%{so_ver}
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file %{_sysconfdir}/crypttab.
%package -n lib%{name}-devel
Summary: Header files for libcryptsetup
# cryptsetup-devel last used 11.1
License: LGPL-2.0-or-later WITH cryptsetup-OpenSSL-exception
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libcryptsetup%{so_ver} = %{version}
Provides: cryptsetup-devel = %{version}
Obsoletes: cryptsetup-devel < %{version}
%description -n lib%{name}-devel
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file %{_sysconfdir}/crypttab.
%prep
%autosetup -p1
cp -v %{SOURCE4} .
%build
# force regeneration of manual pages from AsciiDoc
rm -f man/*.8
%configure \
--enable-selinux \
--enable-fips \
--enable-pwquality \
--enable-gcrypt-pbkdf2 \
--enable-libargon2 \
%if %{?suse_version} < 1550
--with-default-luks-format=LUKS1 \
%endif
--with-luks2-lock-path=/run/cryptsetup \
--with-tmpfilesdir='%{_tmpfilesdir}'
%make_build
%install
%make_install
%if 0%{?suse_version} < 1550
install -dm 0755 %{buildroot}/sbin
ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin
%endif
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
find %{buildroot} -type f -name "*.la" -delete -print
%find_lang %{name} --all-name
%check
%make_build check
%post
%{?regenerate_initrd_post}
%tmpfiles_create %{_tmpfilesdir}/cryptsetup.conf
%postun
%{?regenerate_initrd_post}
%posttrans
%{?regenerate_initrd_posttrans}
%ldconfig_scriptlets -n libcryptsetup%{so_ver}
%files
%license COPYING*
%if 0%{?suse_version} < 1550
/sbin/cryptsetup
%endif
%{_sbindir}/cryptsetup
%{_sbindir}/veritysetup
%{_sbindir}/integritysetup
%{_tmpfilesdir}/cryptsetup.conf
%ghost %attr(700, -, -) %dir /run/cryptsetup
%files lang -f %{name}.lang
%license COPYING*
%files -n libcryptsetup%{so_ver}
%license COPYING*
%{_libdir}/libcryptsetup.so.%{so_ver}*
%files -n lib%{name}-devel
%license COPYING*
%doc docs/examples/
%{_includedir}/libcryptsetup.h
%{_libdir}/libcryptsetup.so
%{_libdir}/pkgconfig/*
%files ssh
%license COPYING*
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/libcryptsetup-token-ssh.so
%{_mandir}/man8/cryptsetup-ssh.8%{?ext_man}
%{_sbindir}/cryptsetup-ssh
%files doc
%license COPYING*
%license cc-by-sa-4.0.txt
%doc AUTHORS FAQ.md README.md docs/*ReleaseNotes docs/on-disk-format*.pdf
%{_mandir}/man8/cryptsetup.8%{?ext_man}
%{_mandir}/man8/cryptsetup-benchmark.8%{?ext_man}
%{_mandir}/man8/cryptsetup-bitlkDump.8%{?ext_man}
%{_mandir}/man8/cryptsetup-bitlkOpen.8%{?ext_man}
%{_mandir}/man8/cryptsetup-close.8%{?ext_man}
%{_mandir}/man8/cryptsetup-config.8%{?ext_man}
%{_mandir}/man8/cryptsetup-convert.8%{?ext_man}
%{_mandir}/man8/cryptsetup-create.8%{?ext_man}
%{_mandir}/man8/cryptsetup-erase.8%{?ext_man}
%{_mandir}/man8/cryptsetup-isLuks.8%{?ext_man}
%{_mandir}/man8/cryptsetup-loopaesOpen.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksAddKey.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksChangeKey.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksConvertKey.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksDump.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksErase.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksFormat.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksHeaderBackup.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksHeaderRestore.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksKillSlot.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksOpen.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksRemoveKey.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksResume.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksSuspend.8%{?ext_man}
%{_mandir}/man8/cryptsetup-luksUUID.8%{?ext_man}
%{_mandir}/man8/cryptsetup-open.8%{?ext_man}
%{_mandir}/man8/cryptsetup-plainOpen.8%{?ext_man}
%{_mandir}/man8/cryptsetup-reencrypt.8%{?ext_man}
%{_mandir}/man8/cryptsetup-refresh.8%{?ext_man}
%{_mandir}/man8/cryptsetup-repair.8%{?ext_man}
%{_mandir}/man8/cryptsetup-resize.8%{?ext_man}
%{_mandir}/man8/cryptsetup-status.8%{?ext_man}
%{_mandir}/man8/cryptsetup-tcryptDump.8%{?ext_man}
%{_mandir}/man8/cryptsetup-tcryptOpen.8%{?ext_man}
%{_mandir}/man8/cryptsetup-token.8%{?ext_man}
%{_mandir}/man8/integritysetup.8%{?ext_man}
%{_mandir}/man8/veritysetup.8%{?ext_man}
%{_mandir}/man8/cryptsetup-fvault2Dump.8%{?ext_man}
%{_mandir}/man8/cryptsetup-fvault2Open.8%{?ext_man}
%changelog
Reference in New Issue View Git Blame Copy Permalink