2007-06-05 04:29:16 +02:00
|
|
|
#
|
2011-02-02 01:35:12 +01:00
|
|
|
# spec file for package cryptsetup
|
2007-06-05 04:29:16 +02:00
|
|
|
#
|
2021-03-15 08:59:10 +01:00
|
|
|
# Copyright (c) 2021 SUSE LLC
|
2007-06-05 04:29:16 +02:00
|
|
|
#
|
2008-08-08 17:19:08 +02:00
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
2019-12-11 16:11:37 +01:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2007-06-05 04:29:16 +02:00
|
|
|
#
|
|
|
|
|
|
|
|
|
2021-09-16 17:25:13 +02:00
|
|
|
%define tar_version 2.4.1
|
2018-01-09 09:52:58 +01:00
|
|
|
%define so_ver 12
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%if 0%{?is_backports}
|
|
|
|
Name: cryptsetup2
|
|
|
|
%else
|
2007-06-05 04:29:16 +02:00
|
|
|
Name: cryptsetup
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%endif
|
2021-09-16 17:25:13 +02:00
|
|
|
Version: 2.4.1
|
2013-03-26 12:48:10 +01:00
|
|
|
Release: 0
|
2019-02-18 13:27:45 +01:00
|
|
|
Summary: Setup program for dm-crypt Based Encrypted Block Devices
|
2021-08-02 17:43:50 +02:00
|
|
|
License: LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception
|
2013-03-26 12:48:10 +01:00
|
|
|
Group: System/Base
|
2020-02-04 17:53:39 +01:00
|
|
|
URL: https://gitlab.com/cryptsetup/cryptsetup/
|
2021-08-02 17:10:27 +02:00
|
|
|
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{tar_version}.tar.xz
|
2014-08-12 15:38:20 +02:00
|
|
|
# GPG signature of the uncompressed tarball.
|
2021-08-02 17:10:27 +02:00
|
|
|
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{tar_version}.tar.sign
|
2013-03-26 12:48:10 +01:00
|
|
|
Source2: baselibs.conf
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
Source3: cryptsetup.keyring
|
2021-03-15 08:59:10 +01:00
|
|
|
Source4: %{name}-rpmlintrc
|
2012-07-10 08:28:35 +02:00
|
|
|
BuildRequires: device-mapper-devel
|
2014-07-08 13:55:23 +02:00
|
|
|
BuildRequires: fipscheck
|
|
|
|
BuildRequires: fipscheck-devel
|
2018-01-09 09:52:58 +01:00
|
|
|
BuildRequires: libjson-c-devel
|
2014-08-13 09:59:19 +02:00
|
|
|
BuildRequires: libpwquality-devel
|
2012-07-10 08:28:35 +02:00
|
|
|
BuildRequires: libselinux-devel
|
2014-08-13 09:59:19 +02:00
|
|
|
BuildRequires: libuuid-devel
|
2013-03-26 12:48:10 +01:00
|
|
|
# 2.6.38 has the required if_alg.h
|
|
|
|
BuildRequires: linux-glibc-devel >= 2.6.38
|
2012-07-10 08:28:35 +02:00
|
|
|
BuildRequires: pkgconfig
|
|
|
|
BuildRequires: popt-devel
|
2015-04-13 11:46:51 +02:00
|
|
|
BuildRequires: suse-module-tools
|
2018-08-21 11:23:54 +02:00
|
|
|
BuildRequires: pkgconfig(blkid)
|
2018-02-09 16:48:12 +01:00
|
|
|
BuildRequires: pkgconfig(libargon2)
|
2021-08-02 17:10:27 +02:00
|
|
|
BuildRequires: pkgconfig(libssh)
|
2021-03-15 08:59:10 +01:00
|
|
|
BuildRequires: pkgconfig(openssl)
|
|
|
|
Requires(post): coreutils
|
|
|
|
Requires(postun): coreutils
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%if 0%{?is_backports}
|
|
|
|
BuildRequires: autoconf
|
|
|
|
BuildRequires: automake
|
|
|
|
BuildRequires: libtool
|
|
|
|
%endif
|
2021-08-02 17:43:50 +02:00
|
|
|
%if %{?suse_version} >= 1550
|
|
|
|
# LUKS2 used as default format, which GRUB < 2.06 can't read
|
|
|
|
Conflicts: grub2 < 2.06
|
|
|
|
%endif
|
2007-06-05 04:29:16 +02:00
|
|
|
|
2020-04-02 16:37:41 +02:00
|
|
|
%lang_package(cryptsetup)
|
|
|
|
|
2007-06-05 04:29:16 +02:00
|
|
|
%description
|
2007-08-27 17:34:37 +02:00
|
|
|
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
|
|
|
targets. It allows to set up targets to read cryptoloop compatible
|
|
|
|
volumes as well as LUKS formatted ones. The package additionally
|
|
|
|
includes support for automatically setting up encrypted volumes at boot
|
2015-04-08 14:54:34 +02:00
|
|
|
time via the config file %{_sysconfdir}/crypttab.
|
2007-06-05 04:29:16 +02:00
|
|
|
|
2021-08-02 17:10:27 +02:00
|
|
|
|
|
|
|
%package ssh
|
|
|
|
Summary: Cryptsetup LUKS2 SSH token
|
|
|
|
Group: System/Base
|
|
|
|
|
|
|
|
%description ssh
|
|
|
|
Experimental cryptsetup plugin for unlocking LUKS2 devices with
|
|
|
|
token connected to an SSH server.
|
|
|
|
|
2014-08-13 09:59:19 +02:00
|
|
|
%package -n libcryptsetup%{so_ver}
|
2019-02-18 13:27:45 +01:00
|
|
|
Summary: Library for setting up dm-crypt Based Encrypted Block Devices
|
2014-08-13 09:59:19 +02:00
|
|
|
Group: System/Libraries
|
2019-12-11 16:11:37 +01:00
|
|
|
Suggests: libcryptsetup%{so_ver}-hmac = %{version}-%{release}
|
2008-09-15 16:32:21 +02:00
|
|
|
|
2014-08-13 09:59:19 +02:00
|
|
|
%description -n libcryptsetup%{so_ver}
|
2008-09-15 16:32:21 +02:00
|
|
|
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
|
|
|
targets. It allows to set up targets to read cryptoloop compatible
|
|
|
|
volumes as well as LUKS formatted ones. The package additionally
|
|
|
|
includes support for automatically setting up encrypted volumes at boot
|
2015-04-08 14:54:34 +02:00
|
|
|
time via the config file %{_sysconfdir}/crypttab.
|
2008-09-15 16:32:21 +02:00
|
|
|
|
2015-10-12 11:14:03 +02:00
|
|
|
%package -n libcryptsetup%{so_ver}-hmac
|
2019-02-18 13:27:45 +01:00
|
|
|
Summary: Checksums for libcryptsetup%{so_ver}
|
2014-08-12 15:38:20 +02:00
|
|
|
Group: System/Base
|
2019-12-11 16:11:37 +01:00
|
|
|
Requires: libcryptsetup%{so_ver} = %{version}-%{release}
|
2014-08-12 15:38:20 +02:00
|
|
|
|
2015-10-12 11:14:03 +02:00
|
|
|
%description -n libcryptsetup%{so_ver}-hmac
|
2014-08-12 15:38:20 +02:00
|
|
|
This package contains HMAC checksums for integrity checking of libcryptsetup4,
|
|
|
|
used for FIPS.
|
|
|
|
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%package -n lib%{name}-devel
|
2019-02-18 13:27:45 +01:00
|
|
|
Summary: Header files for libcryptsetup
|
2008-09-15 16:32:21 +02:00
|
|
|
Group: Development/Libraries/C and C++
|
2014-08-13 09:59:19 +02:00
|
|
|
Requires: glibc-devel
|
|
|
|
Requires: libcryptsetup%{so_ver} = %{version}
|
2008-09-15 16:32:21 +02:00
|
|
|
# cryptsetup-devel last used 11.1
|
|
|
|
Provides: cryptsetup-devel = %{version}
|
|
|
|
Obsoletes: cryptsetup-devel < %{version}
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%if 0%{?is_backports}
|
|
|
|
# have to conflict with main package that is in SLE
|
|
|
|
Conflicts: cryptsetup-devel < %{version}
|
|
|
|
%endif
|
2007-06-05 04:29:16 +02:00
|
|
|
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%description -n lib%{name}-devel
|
2007-08-27 17:34:37 +02:00
|
|
|
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
|
|
|
targets. It allows to set up targets to read cryptoloop compatible
|
|
|
|
volumes as well as LUKS formatted ones. The package additionally
|
|
|
|
includes support for automatically setting up encrypted volumes at boot
|
2015-04-08 14:54:34 +02:00
|
|
|
time via the config file %{_sysconfdir}/crypttab.
|
2007-06-05 04:29:16 +02:00
|
|
|
|
|
|
|
%prep
|
2021-08-02 17:10:27 +02:00
|
|
|
%autosetup -n cryptsetup-%{tar_version}
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%if 0%{?is_backports}
|
|
|
|
sed -i -e '/AC_INIT/s/cryptsetup/cryptsetup2/' configure.ac
|
|
|
|
autoreconf -f -i
|
|
|
|
%endif
|
2007-06-05 04:29:16 +02:00
|
|
|
|
|
|
|
%build
|
2017-03-21 12:44:43 +01:00
|
|
|
%configure \
|
|
|
|
--enable-cryptsetup-reencrypt \
|
|
|
|
--enable-selinux \
|
|
|
|
--enable-fips \
|
|
|
|
--enable-pwquality \
|
2018-01-09 09:52:58 +01:00
|
|
|
--enable-gcrypt-pbkdf2 \
|
|
|
|
--enable-libargon2 \
|
2021-08-02 17:43:50 +02:00
|
|
|
%if %{?suse_version} < 1550
|
|
|
|
--with-default-luks-format=LUKS1 \
|
|
|
|
%endif
|
2018-01-09 09:52:58 +01:00
|
|
|
--with-luks2-lock-path=/run/cryptsetup \
|
|
|
|
--with-tmpfilesdir='%{_tmpfilesdir}'
|
2021-03-15 08:59:10 +01:00
|
|
|
%make_build
|
2007-06-05 04:29:16 +02:00
|
|
|
|
|
|
|
%install
|
2014-07-08 13:55:23 +02:00
|
|
|
# Generate HMAC checksums (FIPS)
|
|
|
|
%define __spec_install_post \
|
|
|
|
%{?__debug_package:%{__debug_install_post}} \
|
|
|
|
%{__arch_install_post} \
|
2018-02-09 16:48:12 +01:00
|
|
|
%__os_install_post \
|
2014-07-08 13:55:23 +02:00
|
|
|
fipshmac %{buildroot}/%{_libdir}/libcryptsetup.so.* \
|
|
|
|
%{nil}
|
|
|
|
|
2017-03-21 12:44:43 +01:00
|
|
|
%make_install
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%if 0%{?is_backports}
|
|
|
|
# need to rename a files to avoid file conflict
|
|
|
|
for i in cryptsetup integritysetup veritysetup cryptsetup-reencrypt; do
|
|
|
|
mv %{buildroot}%{_sbindir}/$i %{buildroot}%{_sbindir}/${i}2
|
|
|
|
mv %{buildroot}%{_mandir}/man8/$i.8 %{buildroot}%{_mandir}/man8/${i}2.8
|
|
|
|
done
|
|
|
|
rm -f %{buildroot}%{_tmpfilesdir}/cryptsetup.conf
|
|
|
|
%endif
|
2020-11-20 10:26:02 +01:00
|
|
|
%if !0%{?usrmerged}
|
2014-08-13 09:59:19 +02:00
|
|
|
install -dm 0755 %{buildroot}/sbin
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
ln -s ..%{_sbindir}/cryptsetup%{?is_backports:2} %{buildroot}/sbin
|
2020-11-20 10:26:02 +01:00
|
|
|
%endif
|
2012-02-10 13:56:38 +01:00
|
|
|
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
|
2015-04-08 14:54:34 +02:00
|
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
2007-06-05 04:29:16 +02:00
|
|
|
#
|
2014-08-13 09:59:19 +02:00
|
|
|
%find_lang %{name} --all-name
|
2007-06-05 04:29:16 +02:00
|
|
|
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%if !0%{?is_backports}
|
2011-10-27 17:53:38 +02:00
|
|
|
#
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%post
|
2015-04-13 11:46:51 +02:00
|
|
|
%{?regenerate_initrd_post}
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%tmpfiles_create %{_tmpfilesdir}/cryptsetup.conf
|
2015-12-21 12:53:09 +01:00
|
|
|
|
|
|
|
%postun
|
|
|
|
%{?regenerate_initrd_post}
|
2015-04-13 11:46:51 +02:00
|
|
|
|
|
|
|
%posttrans
|
|
|
|
%{?regenerate_initrd_posttrans}
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
#
|
|
|
|
%endif
|
2015-04-13 11:46:51 +02:00
|
|
|
|
2014-08-13 09:59:19 +02:00
|
|
|
%post -n libcryptsetup%{so_ver} -p /sbin/ldconfig
|
|
|
|
%postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig
|
2008-09-15 16:32:21 +02:00
|
|
|
|
2020-04-02 16:37:41 +02:00
|
|
|
%files
|
2021-03-15 08:59:10 +01:00
|
|
|
%license COPYING*
|
2021-08-02 17:10:27 +02:00
|
|
|
%doc AUTHORS FAQ README.md docs/*ReleaseNotes
|
2020-11-20 10:26:02 +01:00
|
|
|
%if !0%{?usrmerged}
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
/sbin/cryptsetup%{?is_backports:2}
|
2020-11-20 10:26:02 +01:00
|
|
|
%endif
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%{_sbindir}/cryptsetup%{?is_backports:2}
|
|
|
|
%{_sbindir}/veritysetup%{?is_backports:2}
|
|
|
|
%{_sbindir}/integritysetup%{?is_backports:2}
|
|
|
|
%{_sbindir}/cryptsetup-reencrypt%{?is_backports:2}
|
2021-03-15 08:59:10 +01:00
|
|
|
%{_mandir}/man8/cryptsetup%{?is_backports:2}.8%{?ext_man}
|
|
|
|
%{_mandir}/man8/cryptsetup-reencrypt%{?is_backports:2}.8%{?ext_man}
|
|
|
|
%{_mandir}/man8/veritysetup%{?is_backports:2}.8%{?ext_man}
|
|
|
|
%{_mandir}/man8/integritysetup%{?is_backports:2}.8%{?ext_man}
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%if !0%{?is_backports}
|
2018-01-09 09:52:58 +01:00
|
|
|
%{_tmpfilesdir}/cryptsetup.conf
|
2018-02-09 16:48:12 +01:00
|
|
|
%ghost %dir /run/cryptsetup
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%endif
|
2008-09-15 16:32:21 +02:00
|
|
|
|
2020-04-02 16:37:41 +02:00
|
|
|
%files lang -f %{name}.lang
|
|
|
|
|
2014-08-13 09:59:19 +02:00
|
|
|
%files -n libcryptsetup%{so_ver}
|
|
|
|
%{_libdir}/libcryptsetup.so.%{so_ver}*
|
2014-08-12 15:38:20 +02:00
|
|
|
|
2014-09-15 11:54:57 +02:00
|
|
|
%files -n libcryptsetup%{so_ver}-hmac
|
2014-08-13 09:59:19 +02:00
|
|
|
%{_libdir}/.libcryptsetup.so.%{so_ver}*hmac
|
2007-06-05 04:29:16 +02:00
|
|
|
|
Accepting request 645498 from home:lnussel:branches:security
- Suggest hmac package (boo#1090768)
- remove old upgrade hack for upgrades from 12.1
- New version 2.0.5
Changes since version 2.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~
* Wipe full header areas (including unused) during LUKS format.
Since this version, the whole area up to the data offset is zeroed,
and subsequently, all keyslots areas are wiped with random data.
This ensures that no remaining old data remains in the LUKS header
areas, but it could slow down format operation on some devices.
Previously only first 4k (or 32k for LUKS2) and the used keyslot
was overwritten in the format operation.
* Several fixes to error messages that were unintentionally replaced
in previous versions with a silent exit code.
More descriptive error messages were added, including error
messages if
- a device is unusable (not a block device, no access, etc.),
- a LUKS device is not detected,
- LUKS header load code detects unsupported version,
- a keyslot decryption fails (also happens in the cipher check),
- converting an inactive keyslot.
* Device activation fails if data area overlaps with LUKS header.
* Code now uses explicit_bzero to wipe memory if available
(instead of own implementation).
* Additional VeraCrypt modes are now supported, including Camellia
and Kuznyechik symmetric ciphers (and cipher chains) and Streebog
hash function. These were introduced in a recent VeraCrypt upstream.
Note that Kuznyechik requires out-of-tree kernel module and
Streebog hash function is available only with the gcrypt cryptographic
backend for now.
OBS-URL: https://build.opensuse.org/request/show/645498
OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=144
2018-10-31 09:59:56 +01:00
|
|
|
%files -n lib%{name}-devel
|
2014-08-13 09:59:19 +02:00
|
|
|
%doc docs/examples/
|
|
|
|
%{_includedir}/libcryptsetup.h
|
2007-06-05 04:29:16 +02:00
|
|
|
%{_libdir}/libcryptsetup.so
|
2010-01-18 14:07:23 +01:00
|
|
|
%{_libdir}/pkgconfig/*
|
2007-11-29 18:20:01 +01:00
|
|
|
|
2021-08-02 17:10:27 +02:00
|
|
|
%files ssh
|
|
|
|
%license COPYING COPYING.LGPL
|
|
|
|
%dir %{_libdir}/%{name}
|
|
|
|
%{_libdir}/%{name}/libcryptsetup-token-ssh.so
|
|
|
|
%{_mandir}/man8/cryptsetup-ssh.8.gz
|
|
|
|
%{_sbindir}/cryptsetup-ssh
|
|
|
|
|
2007-06-05 04:29:16 +02:00
|
|
|
%changelog
|