SHA256
1
0
forked from pool/cryptsetup
cryptsetup/cryptsetup.spec

426 lines
15 KiB
RPMSpec
Raw Normal View History

#
# spec file for package cryptsetup (Version 1.0.5_SVNr46)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: cryptsetup
Url: http://code.google.com/p/cryptsetup/
BuildRequires: device-mapper-devel e2fsprogs-devel libgcrypt-devel popt-devel
BuildRequires: libselinux-devel
# hashalot version
%define haver 0.3
# boot.crypto version
%define bcver 0_200904020930
License: BSD 3-Clause; GPL v2 only; GPL v2 or later
Group: System/Base
AutoReqProv: on
Version: 1.0.5_SVNr46
Release: 64
Summary: Set Up dm-crypt Based Encrypted Block Devices
Source: cryptsetup-%{version}.tar.bz2
Source1: hashalot-%haver.tar.bz2
# http://www.suse.de/~lnussel/boot.crypto.git
Source2: boot.crypto-%{bcver}.tar.bz2
# use this to create the tarball from svn
Source99: cryptsetup-mktar
Patch1: cryptsetup-1.0.5-udevadm.patch
Patch10: hashalot-fixes.diff
Patch11: hashalot-libgcrypt.diff
Patch12: hashalot-ctrl-d.diff
Patch13: hashalot-timeout.diff
Patch14: hashalot-manpage.diff
Patch15: bug-476290_hashalot-hashlen.diff
Patch16: hashalot-glibc210.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Provides: aaa_base:/etc/init.d/boot.crypto
Obsoletes: util-linux-crypto <= 2.12r
# we need losetup
Requires: util-linux
PreReq: %fillup_prereq %insserv_prereq
%description
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file /etc/crypttab.
Authors:
--------
Clemens Fruhwirth <clemens@endorphin.org>
Christophe Saout <christophe@saout.de>
Ben Slusky <sluskyb@paranoiacs.org>
%package -n libcryptsetup0
License: BSD 3-Clause; GPL v2 only; GPL v2 or later
Summary: Set Up dm-crypt Based Encrypted Block Devices
Group: System/Base
%description -n libcryptsetup0
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file /etc/crypttab.
Authors:
--------
Clemens Fruhwirth <clemens@endorphin.org>
Christophe Saout <christophe@saout.de>
Ben Slusky <sluskyb@paranoiacs.org>
%package -n libcryptsetup-devel
License: BSD 3-Clause; GPL v2 only; GPL v2 or later
Summary: Set Up dm-crypt Based Encrypted Block Devices
Group: Development/Libraries/C and C++
# cryptsetup-devel last used 11.1
Provides: cryptsetup-devel = %{version}
Obsoletes: cryptsetup-devel < %{version}
Requires: libcryptsetup0 = %{version}
Requires: device-mapper-devel libgcrypt-devel libgpg-error-devel e2fsprogs-devel glibc-devel
%description -n libcryptsetup-devel
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file /etc/crypttab.
Authors:
--------
Clemens Fruhwirth <clemens@endorphin.org>
Christophe Saout <christophe@saout.de>
Ben Slusky <sluskyb@paranoiacs.org>
%prep
%setup -q -b 1 -b 2
%patch1 -p1
pushd ../hashalot-%haver
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
popd
%build
# cryptsetup build
%{?suse_update_config:%{suse_update_config}}
autoreconf -f -i
CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --mandir=%_mandir \
--libdir=/%_lib \
--bindir=/sbin --sbindir=/sbin \
--disable-static --enable-shared \
--enable-selinux
make
#
# hashalot build
pushd ../hashalot-%haver
autoreconf -f -i
%{?suse_update_config:%{suse_update_config}}
CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --sbindir=/sbin --mandir=%_mandir
make
popd
%install
make install DESTDIR=$RPM_BUILD_ROOT
# move devel .so link to %{libdir}
rm -f $RPM_BUILD_ROOT/%{_lib}/libcryptsetup.so
mkdir -p $RPM_BUILD_ROOT%{_libdir}
ln -s /%{_lib}/libcryptsetup.so.0.0.0 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
rm -f $RPM_BUILD_ROOT/%_lib/*.la
#
# hashalot install
pushd ../hashalot-%haver
make install DESTDIR=$RPM_BUILD_ROOT
popd
# remove unwanted symlinks
rm -f $RPM_BUILD_ROOT/sbin/{rmd160,sha256,sha384,sha512}
#
# boot.crypto
make -C ../boot.crypto-* install DESTDIR=$RPM_BUILD_ROOT
ln -s /etc/init.d/boot.crypto $RPM_BUILD_ROOT/sbin/rccrypto
#
%find_lang %name --all-name
%pre
# hack to catch update case from aaa_base/util-linux-crypto
if [ -f /etc/init.d/boot.d/S??boot.crypto ]; then
touch /var/run/cryptsetup.boot.crypto.enabled
fi
%post
[ -x /sbin/mkinitrd_setup ] && mkinitrd_setup
%{fillup_and_insserv boot.crypto}
if [ -e /var/run/cryptsetup.boot.crypto.enabled ]; then
rm -f /var/run/cryptsetup.boot.crypto.enabled
%{fillup_and_insserv -fY boot.crypto}
fi
%{fillup_and_insserv boot.crypto-early}
%postun
[ -x /sbin/mkinitrd_setup ] && mkinitrd_setup
%{insserv_cleanup}
%post -n libcryptsetup0
/sbin/ldconfig
%postun -n libcryptsetup0
/sbin/ldconfig
%clean
rm -rf $RPM_BUILD_ROOT
%files -f %name.lang
%defattr(-,root,root)
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab
%ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/cryptotab
/etc/init.d/boot.crypto
/etc/init.d/boot.crypto-early
%dir /lib/mkinitrd
%dir /lib/mkinitrd/scripts
/lib/mkinitrd/scripts/setup-luks.sh
/lib/mkinitrd/scripts/boot-luks.sh
/sbin/cryptsetup
/sbin/hashalot
/sbin/rccrypto
%_mandir/man1/hashalot.1.gz
%_mandir/man8/cryptsetup.8.gz
%_mandir/man5/crypttab.5.gz
%_mandir/man5/cryptotab.5.gz
/lib/cryptsetup
%files -n libcryptsetup0
%defattr(-,root,root)
/%_lib/libcryptsetup.so.0
/%_lib/libcryptsetup.so.0.0.0
%files -n libcryptsetup-devel
%defattr(-,root,root)
%_includedir/libcryptsetup.h
%{_libdir}/libcryptsetup.so
%changelog
* Thu Jun 11 2009 coolo@novell.com
- fix compile with glibc 2.10
* Thu Apr 02 2009 lnussel@suse.de
- boot.crypto:
* resolve symlinks when searching for loop devices (bnc#490170)
* add extra man page tags to avoid FIXME output of docbook
* don't pipe password if there's only one device to open
* update copyright information
* fix spelling and actually stop in pre_stop_hook
* introduce initrd option in crypttab (bnc#465711)
* Fri Mar 06 2009 lnussel@suse.de
- boot.crypto:
* print dm name instead of physdev (bnc#456664)
* make prompt work with infinite timeout (bnc#466405)
* implement pre-stop hook (bnc#481870)
* remove hardcoded loop device number limit (bnc#481872)
* Warn if using a non-absolute path for physdev in crypttab
- hashalot: compute hash of empty passphrase if not interactive
(bnc#475135)
* Tue Mar 03 2009 lnussel@suse.de
- fix boot.crypto doesn't care on tries flag in crypttab (bnc#480741)
- mkinitrd scripts now included in boot.crypto git
* Thu Feb 26 2009 mhopf@suse.de
- Fix segfault with oversized hashes (bnc #476290).
* Wed Feb 25 2009 jsmeix@suse.de
- Fixed initrd LUKS password annoyance in mkinitrd-boot.sh and
mkinitrd-setup.sh when the same password is used for all
partitions. In this case the password is now only asked
once (bnc#465711).
* Sun Dec 14 2008 bwalle@suse.de
- Fix LUKS root partition residing on a soft raid (bnc#358341)
* Mon Nov 03 2008 mkoenig@suse.de
- boot.crypto-early: explicitly start before boot.localfs
* Fri Sep 12 2008 mkoenig@suse.de
- branch off shlib to subpackage libcryptsetup0
- rename cryptsetup-devel to libcryptsetup-devel
* Wed Sep 03 2008 hare@suse.de
- Call mkinitrd_setup during %%post and %%postun (bnc#413709)
* Wed Aug 20 2008 mkoenig@suse.de
- enable SELinux support (fate#303662)
* Wed Aug 13 2008 mkoenig@suse.de
- boot.crypto:
* Fix init script tags
* Fri Aug 08 2008 mkoenig@suse.de
- boot.crypto:
* Provide some reasonable exit status (bnc#409502)
* Wed Jul 23 2008 hare@suse.de
- Include mkinitrd scriptlets.
* Wed Jul 23 2008 mkoenig@suse.de
- use /sbin/udevadm settle instead of /sbin/udevsettle (bnc#404875)
* Tue May 06 2008 mkoenig@suse.de
- load loop module in boot.crypto-early as it might be needed.
It is previously initially loaded by boot.localfs.
* Wed Apr 09 2008 mkoenig@suse.de
- add support for boot.crypto-early (bnc#355824)
needed to encrypt block devices for usage with LVM or MD
adds a new option 'noearly' for crypttab, which will skip
the device in boot.crypto-early.
* Wed Feb 27 2008 mkoenig@suse.de
- update to svn revision 46:
* fix out of bound for key index in delKey (bnc#360041)
* Add typo fixes to the cryptsetup.8 manpage
* Add key-slot patch
* Remove O_EXCL requirement for certain LUKS operations
* mention luksKillSlot in the manpage
* Mon Feb 04 2008 lnussel@suse.de
- boot.crypto:
* check for columns of terminal (bnc#337614)
* enhance crypttab manpage (bnc#351061)
* check for fs_passno (bnc#345339)
* Wed Jan 09 2008 lnussel@suse.de
- upgrade to svn revision 42 which includes previous patches
- boot.crypto:
* don't mount read-only as safety check (bnc#345338)
* implement precheck scripts
* allow restarting of single volumes (bnc#345605)
* status query of individual devices (bnc#345605)
* add vol_id check script
* maintain boot.crypto stuff in revision control and use tarball
snapshots of it
* Thu Nov 29 2007 lnussel@suse.de
- upgrade to svn revision 38
* Wed Nov 07 2007 mkoenig@suse.de
- add %%fillup_prereq and %%insserv_prereq to PreReq
* Tue Oct 16 2007 lnussel@suse.de
- upgrade to svn revision 31
* Rename luksDelKey into luksKillSlot
* Add luksRemoveKey that queries a given key before removal
* Fix segfault in luksOpen.
* Add LUKS_device_ready check for most LUKS calls, so that
cryptsetup dies before password querying in case a blockdev is
unavailable
* For LUKS key material access require exclusive access to the
underlying device. This will prevent multiple mappings onto a
single LUKS device. dm*crypt doesn't feature any syncing
capabilities, hence there is no real application for this as it
will likely lead to disk corruption.
* Add signal handler to keyencryption to free the temporary
mapping in case the user hits ctrl-c.
* Mon Aug 27 2007 lnussel@suse.de
- remove /var/run/keymap from previous boot to make /etc/init.d/kbd
work (#296409)
* Mon Aug 27 2007 lnussel@suse.de
- run fsck with progressbar (#304750)
* Thu Jun 21 2007 mkoenig@suse.de
- run udevsettle to avoid problems with busy temporary
device mapper devices [#285478]
* Mon Jun 11 2007 lnussel@suse.de
- rephrase error message (#279169)
* Fri Jun 01 2007 lnussel@suse.de
- rename util-linux-crypto to cryptsetup
- remove dmconvert
- replace svn snapshot with official 1.0.5 release
- don't enable boot.crypto by default
* Tue May 29 2007 lnussel@suse.de
- fix segfault when trying to open a non existing device
- fix gcc warnings
- add Short-Description to boot.crypto
- use %%find_lang
* Wed May 09 2007 lnussel@suse.de
- boot.crypto: implement 'status'
- boot.crypto: accept argument to start/stop single devices
* Wed May 09 2007 lnussel@suse.de
- hashalot: add timeout option
* Wed May 09 2007 lnussel@suse.de
- fix build
* Tue May 08 2007 lnussel@suse.de
- boot.crypto: switch off splash screen only when needed
- boot.crypto: report status for individual volumes instead of using one global
exit status
- hashalot: exit unsucessfully on empty passphrase
* Tue May 08 2007 lnussel@suse.de
- boot.crypto: sleep a bit longer before overwriting the prompt
- boot.crypto: add support for pseed and itercountk options
- boot.crypto: skip entries with unsupported/unknown options
- hashalot: add support for itercountk
* Fri May 04 2007 lnussel@suse.de
- upgrade cryptsetup to current svn revision 30 which includes
previous patches.
- fix background prompt process not getting killed on ctrl-d in
boot.crypto
* Fri Apr 27 2007 lnussel@suse.de
- upgrade cryptsetup to current svn revision 26. Does no longer hang
when a file is specified instead of a device.
- remove obsolete cryptsetup.sh script
- boot.crypto:
* drop support for cryptoloop, use cryptsetup also for cryptotab
* refactor code and create reusable components for use in cryptotab
and crypttab code path
* run sulogin only during boot if fsck failed
* support crypttab's 'tries' option
- add crypttab manpage based on Debian one
* Tue Apr 24 2007 lnussel@suse.de
- add boot.crypto (#257884)
- add crypttab and cryptotab as %%ghost to filelist
* Tue Mar 27 2007 mkoenig@suse.de
- move devel .so link to %%{libdir}
- run ldconfig, since we have now a shared lib installed
* Fri Mar 23 2007 dmueller@suse.de
- cryptsetup can now link shared since libpopt is
no longer under /usr
* Fri Mar 09 2007 lnussel@suse.de
- add patch to support old loop_fish2 key hash method
* Thu Dec 07 2006 mkoenig@suse.de
- update cryptsetup to version 1.0.4:
* added terminal timeout rewrite
* allow user selection of key slot
* reading binary keys from stdin using the "-" as key file
* fix 64 bit compiler warning issues.
* fix getline problem for 64-bit archs.
* Fri Oct 13 2006 mkoenig@suse.de
- fix build failure due to missing pthreads
* Wed Sep 13 2006 hvogel@suse.de
- use the LUKS version of cryptsetup
- split -devel subpackage for libcryptsetup
- remove patches because they are in the new cryptsetup
* cryptsetup-0.1-static.patch
* cryptsetup-0.1-retval.patch
* cryptsetup-0.1-dmi.exists.patch
* cryptsetup-0.1-timeout.patch
- use man page from the new cryptsetup
* Tue May 16 2006 hvogel@suse.de
- Fix cryptsetup to work when the device does not exist yet
[#175931]
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Mon Dec 19 2005 mmj@suse.de
- Remove symlinks to hashalot we don't want
* Thu Oct 13 2005 hvogel@suse.de
- Fix uninitialized var in dmconvert. Add
* dmconvert-0.2-uninitialized.patch
- Fix return value in cryptsetup. Add
* cryptsetup-0.1-retval.patch
* Wed Jun 29 2005 hvogel@suse.de
- Link cryptsetup static so it can be in /sbin and you can get
/usr over nfs or even crypted
* Mon May 09 2005 hvogel@suse.de
- New package, Version 2.12q