SHA256
1
0
forked from pool/cryptsetup

osc copypac from project:home:lnussel:Factory package:cryptsetup revision:3

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=33
This commit is contained in:
Ludwig Nussel 2010-01-18 13:07:23 +00:00 committed by Git OBS Bridge
parent bf3542977a
commit 6658141e6e
8 changed files with 126 additions and 33 deletions

1
baselibs.conf Normal file
View File

@ -0,0 +1 @@
libcryptsetup1

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bb92b934bba1e5d73d8ef91e11c6592076ab97a8126e0eaf14e659cd2f9341df
size 17889

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:65d653f82ff72ad2cf5e703663331c42460df5253297d149b2ff7fa2b6e4fd1b
size 17953

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:829af59ab5bb47e4ff384a927458b4ffbb86380825de5f9ac751a89df599ed99
size 417339

3
cryptsetup-1.1.0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b343fa6bf3c48b633e68da25e44aebd6a32a3dc21c10604acd6faa04e41f58f3
size 465778

View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEABECAAYFAktS7HYACgkQf1Jlc7shgi8PwQCfVFwnRLdjn7hILuxXq5TLtmsa
elIAn0VqeFuSEqPg3qu9BqPnmdkoMRzI
=mOAm
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,84 @@
-------------------------------------------------------------------
Mon Jan 18 12:18:32 UTC 2010 - lnussel@suse.de
- cryptsetup 1.1.0:
* IMPORTANT: the default compiled-in cipher parameters changed
plain mode: aes-cbc-essiv:sha256 (default is backward incompatible!).
LUKS mode: aes-cbc-essiv:sha256 (only key size increased)
In both modes is now default key size 256bits.
* Default compiled-in parameters are now configurable through configure options:
--with-plain-* / --with-luks1-* (see configure --help)
* If you need backward compatible defaults for distribution use
configure --with-plain-mode=cbc-plain --with-luks1-keybits=128
Default compiled-in modes are printed in "cryptsetup --help" output.
* Change in iterations count (LUKS):
The slot and key digest iteration minimum count is now 1000.
The key digest iteration count is calculated from iteration time (approx 1/8 of req. time).
For more info about above items see discussion here: http://tinyurl.com/yaug97y
* New libcryptsetup API (documented in libcryptsetup.h).
The old API (using crypt_options struct) is still available but will remain
frozen and not used for new functions.
Soname of library changed to libcryptsetup.so.1.0.0.
(But only recompilation should be needed for old programs.)
The new API provides much more flexible operation over LUKS device for
applications, it is preferred that new applications will use libcryptsetup
and not wrapper around cryptsetup binary.
* New luksHeaderBackup and luksHeaderRestore commands.
These commands allows binary backup of LUKS header.
Please read man page about possible security issues with backup files.
* New luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase).
luksSuspend wipe encryption key in kernel memory and set device to suspend
(blocking all IO) state. This option can be used for situations when you need
temporary wipe encryption key (like suspend to RAM etc.)
Please read man page for more information.
* New --master-key-file option for luksFormat and luksAddKey.
User can now specify pre-generated master key in file, which allows regenerating
LUKS header or add key with only master key knowledge.
* Uses libgcrypt and enables all gcrypt hash algorithms for LUKS through -h luksFormat option.
Please note that using different hash for LUKS header make device incompatible with
old cryptsetup releases.
* Introduces --debug parameter.
Use when reporting bugs (just run cryptsetup with --debug and attach output
to issue report.) Sensitive data are never printed to this log.
* Moves command successful messages to verbose level.
* Requires device-mapper library and libgcrypt to build.
* Uses dm-uuid for all crypt devices, contains device type and name now.
* Removes support for dangerous non-exclusive option
(it is ignored now, LUKS device must be always opened exclusive)
- boot.crypto:
* don't use dirty prompt override hack anymore
* wait for volume groups if resume volume is on lvm (bnc#556895)
* dynamically determine whether the cryptomgr module is neeeded
-------------------------------------------------------------------
Mon Oct 19 14:33:57 UTC 2009 - lnussel@suse.de
- add luks script in volumemanager stage too, this way some side
effects are avoided (bnc#547612)
-------------------------------------------------------------------
Wed Oct 7 12:37:24 UTC 2009 - lnussel@suse.de

View File

@ -17,7 +17,6 @@
# norootforbuild
Name: cryptsetup
Url: http://code.google.com/p/cryptsetup/
BuildRequires: device-mapper-devel e2fsprogs-devel libgcrypt-devel popt-devel
@ -25,20 +24,22 @@ BuildRequires: libselinux-devel
# hashalot version
%define haver 0.3
# boot.crypto version
%define bcver 0_200910071414
%define bcver 0_200911271000
License: BSD 3-clause (or similar) ; GPL v2 only ; GPL v2 or later
Group: System/Base
AutoReqProv: on
Version: 1.0.7
Release: 9
Version: 1.1.0
Release: 0
Summary: Set Up dm-crypt Based Encrypted Block Devices
Source: cryptsetup-%{version}.tar.bz2
Source1: hashalot-%haver.tar.bz2
# http://www.suse.de/~lnussel/boot.crypto.git
Source2: boot.crypto-%{bcver}.tar.bz2
Source: http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2
Source1: http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2.asc
Source2: baselibs.conf
Source10: hashalot-%haver.tar.bz2
# git://gitorious.org/opensuse/boot_crypto.git
Source20: boot.crypto-%{bcver}.tar.bz2
# use this to create the tarball from svn
Source99: cryptsetup-mktar
Patch0: cryptsetup-1.0.7-eofpw.diff
#Patch0: cryptsetup-svn131-noascii.diff
Patch10: hashalot-fixes.diff
Patch11: hashalot-libgcrypt.diff
Patch12: hashalot-ctrl-d.diff
@ -68,12 +69,12 @@ Authors:
Christophe Saout <christophe@saout.de>
Ben Slusky <sluskyb@paranoiacs.org>
%package -n libcryptsetup0
License: BSD 3-clause (or similar) ; GPL v2 only ; GPL v2 or later
%package -n libcryptsetup1
License: GPL v2 or later
Summary: Set Up dm-crypt Based Encrypted Block Devices
Group: System/Base
%description -n libcryptsetup0
%description -n libcryptsetup1
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
@ -89,13 +90,13 @@ Authors:
Ben Slusky <sluskyb@paranoiacs.org>
%package -n libcryptsetup-devel
License: BSD 3-clause (or similar) ; GPL v2 only ; GPL v2 or later
License: GPL v2 or later
Summary: Set Up dm-crypt Based Encrypted Block Devices
Group: Development/Libraries/C and C++
# cryptsetup-devel last used 11.1
Provides: cryptsetup-devel = %{version}
Obsoletes: cryptsetup-devel < %{version}
Requires: libcryptsetup0 = %{version}
Requires: libcryptsetup1 = %{version}
Requires: device-mapper-devel libgcrypt-devel libgpg-error-devel e2fsprogs-devel glibc-devel
%description -n libcryptsetup-devel
@ -114,8 +115,8 @@ Authors:
Ben Slusky <sluskyb@paranoiacs.org>
%prep
%setup -q -b 1 -b 2
%patch0 -p1
%setup -q -b 10 -b 20
#patch0 -p1
pushd ../hashalot-%haver
%patch10 -p1
%patch11 -p1
@ -130,27 +131,29 @@ popd
# cryptsetup build
%{?suse_update_config:%{suse_update_config}}
autoreconf -f -i
test -e po/Makevars || cp po/Makevars.template po/Makevars
CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --mandir=%_mandir \
--libdir=/%_lib \
--bindir=/sbin --sbindir=/sbin \
--disable-static --enable-shared \
--enable-selinux
make
make %{?jobs:-j%jobs}
#
# hashalot build
pushd ../hashalot-%haver
autoreconf -f -i
%{?suse_update_config:%{suse_update_config}}
CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --sbindir=/sbin --mandir=%_mandir
make
make %{?jobs:-j%jobs}
popd
%install
make install DESTDIR=$RPM_BUILD_ROOT
# move devel .so link to %{libdir}
# move devel stuff to %{libdir}
rm -f $RPM_BUILD_ROOT/%{_lib}/libcryptsetup.so
mkdir -p $RPM_BUILD_ROOT%{_libdir}
ln -s /%{_lib}/libcryptsetup.so.0.0.0 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so
ln -s /%{_lib}/libcryptsetup.so.1 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so
mv $RPM_BUILD_ROOT/%_lib/pkgconfig $RPM_BUILD_ROOT/%_libdir
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
rm -f $RPM_BUILD_ROOT/%_lib/*.la
#
@ -186,11 +189,9 @@ fi
[ -x /sbin/mkinitrd_setup ] && mkinitrd_setup
%{insserv_cleanup}
%post -n libcryptsetup0
/sbin/ldconfig
%post -n libcryptsetup1 -p /sbin/ldconfig
%postun -n libcryptsetup0
/sbin/ldconfig
%postun -n libcryptsetup1 -p /sbin/ldconfig
%clean
rm -rf $RPM_BUILD_ROOT
@ -205,6 +206,8 @@ rm -rf $RPM_BUILD_ROOT
%dir /lib/mkinitrd/scripts
/lib/mkinitrd/scripts/setup-luks.sh
/lib/mkinitrd/scripts/boot-luks.sh
/lib/mkinitrd/scripts/setup-luks2.sh
/lib/mkinitrd/scripts/setup-luks_final.sh
/sbin/cryptsetup
/sbin/hashalot
/sbin/rccrypto
@ -214,14 +217,15 @@ rm -rf $RPM_BUILD_ROOT
%_mandir/man5/cryptotab.5.gz
/lib/cryptsetup
%files -n libcryptsetup0
%files -n libcryptsetup1
%defattr(-,root,root)
/%_lib/libcryptsetup.so.0
/%_lib/libcryptsetup.so.0.0.0
/%_lib/libcryptsetup.so.1
/%_lib/libcryptsetup.so.1.0.0
%files -n libcryptsetup-devel
%defattr(-,root,root)
%_includedir/libcryptsetup.h
%{_libdir}/libcryptsetup.so
%{_libdir}/pkgconfig/*
%changelog