osc copypac from project:home:lnussel:Factory package:cryptsetup revision:3

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=33

baselibs.conf

@@ -0,0 +1 @@
+libcryptsetup1

boot.crypto-0_200910071414.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:bb92b934bba1e5d73d8ef91e11c6592076ab97a8126e0eaf14e659cd2f9341df
-size 17889

boot.crypto-0_200911271000.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:65d653f82ff72ad2cf5e703663331c42460df5253297d149b2ff7fa2b6e4fd1b
+size 17953

cryptsetup-1.0.7.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:829af59ab5bb47e4ff384a927458b4ffbb86380825de5f9ac751a89df599ed99
-size 417339

cryptsetup-1.1.0.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b343fa6bf3c48b633e68da25e44aebd6a32a3dc21c10604acd6faa04e41f58f3
+size 465778

cryptsetup-1.1.0.tar.bz2.asc

@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+iEYEABECAAYFAktS7HYACgkQf1Jlc7shgi8PwQCfVFwnRLdjn7hILuxXq5TLtmsa
+elIAn0VqeFuSEqPg3qu9BqPnmdkoMRzI
+=mOAm
+-----END PGP SIGNATURE-----

cryptsetup.changes

@@ -1,3 +1,84 @@
+-------------------------------------------------------------------
+Mon Jan 18 12:18:32 UTC 2010 - lnussel@suse.de
+
+- cryptsetup 1.1.0:
+
+ * IMPORTANT: the default compiled-in cipher parameters changed
+	plain mode: aes-cbc-essiv:sha256 (default is backward incompatible!).
+	LUKS mode: aes-cbc-essiv:sha256 (only key size increased)
+	In both modes is now default key size 256bits.
+
+	 * Default compiled-in parameters are now configurable through configure options:
+	   --with-plain-* / --with-luks1-* (see configure --help)
+
+	 * If you need backward compatible defaults for distribution use
+	   configure --with-plain-mode=cbc-plain --with-luks1-keybits=128
+
+	 Default compiled-in modes are printed in "cryptsetup --help" output.
+
+ * Change in iterations count (LUKS):
+	The slot and key digest iteration minimum count is now 1000.
+	The key digest iteration count is calculated from iteration time (approx 1/8 of req. time).
+	For more info about above items see discussion here: http://tinyurl.com/yaug97y
+
+ * New libcryptsetup API (documented in libcryptsetup.h).
+
+	The old API (using crypt_options struct) is still available but will remain
+	frozen and not used for new functions.
+	Soname of library changed to libcryptsetup.so.1.0.0.
+	(But only recompilation should be needed for old programs.)
+
+	The new API provides much more flexible operation over LUKS device for
+	applications, it is preferred that new applications will use libcryptsetup
+	and not wrapper around cryptsetup binary.
+
+ * New luksHeaderBackup and luksHeaderRestore commands.
+
+	These commands allows binary backup of LUKS header.
+	Please read man page about possible security issues with backup files.
+
+ * New luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase).
+
+	luksSuspend wipe encryption key in kernel memory and set device to suspend
+	(blocking all IO) state. This option can be used for situations when you need
+	temporary wipe encryption key (like suspend to RAM etc.)
+	Please read man page for more information.
+
+ * New --master-key-file option for luksFormat and luksAddKey.
+
+	User can now specify pre-generated master key in file, which allows regenerating
+	LUKS header or add key with only master key knowledge.
+
+ * Uses libgcrypt and enables all gcrypt hash algorithms for LUKS through -h luksFormat option.
+
+	Please note that using different hash for LUKS header make device incompatible with
+	old cryptsetup releases.
+
+ * Introduces --debug parameter.
+
+	Use when reporting bugs (just run cryptsetup with --debug and attach output
+	to issue report.) Sensitive data are never printed to this log.
+
+ * Moves command successful messages to verbose level.
+
+ * Requires device-mapper library and libgcrypt to build.
+
+ * Uses dm-uuid for all crypt devices, contains device type and name now.
+
+ * Removes support for dangerous non-exclusive option
+	(it is ignored now, LUKS device must be always opened exclusive)
+
+- boot.crypto:
+  * don't use dirty prompt override hack anymore
+  * wait for volume groups if resume volume is on lvm (bnc#556895)
+  * dynamically determine whether the cryptomgr module is neeeded
+
+-------------------------------------------------------------------
+Mon Oct 19 14:33:57 UTC 2009 - lnussel@suse.de
+
+- add luks script in volumemanager stage too, this way some side
+  effects are avoided (bnc#547612)
+
 -------------------------------------------------------------------
 Wed Oct  7 12:37:24 UTC 2009 - lnussel@suse.de
 

cryptsetup.spec

@@ -17,7 +17,6 @@
 
 # norootforbuild
 
-
 Name:           cryptsetup
 Url:            http://code.google.com/p/cryptsetup/
 BuildRequires:  device-mapper-devel e2fsprogs-devel libgcrypt-devel popt-devel
@@ -25,20 +24,22 @@ BuildRequires:  libselinux-devel
 # hashalot version
 %define haver 0.3 
 # boot.crypto version
-%define bcver 0_200910071414
+%define bcver 0_200911271000
 License:        BSD 3-clause (or similar) ; GPL v2 only ; GPL v2 or later
 Group:          System/Base
 AutoReqProv:    on
-Version:        1.0.7
+Version:        1.1.0
-Release:        9
+Release:        0
 Summary:        Set Up dm-crypt Based Encrypted Block Devices
-Source:         cryptsetup-%{version}.tar.bz2
+Source:         http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2
-Source1:        hashalot-%haver.tar.bz2
+Source1:        http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2.asc
-# http://www.suse.de/~lnussel/boot.crypto.git
+Source2:        baselibs.conf
-Source2:        boot.crypto-%{bcver}.tar.bz2
+Source10:        hashalot-%haver.tar.bz2
+# git://gitorious.org/opensuse/boot_crypto.git
+Source20:        boot.crypto-%{bcver}.tar.bz2
 # use this to create the tarball from svn
 Source99:       cryptsetup-mktar
-Patch0:         cryptsetup-1.0.7-eofpw.diff
+#Patch0:         cryptsetup-svn131-noascii.diff
 Patch10:        hashalot-fixes.diff
 Patch11:        hashalot-libgcrypt.diff
 Patch12:        hashalot-ctrl-d.diff
@@ -68,12 +69,12 @@ Authors:
     Christophe Saout <christophe@saout.de>
     Ben Slusky <sluskyb@paranoiacs.org>
 
-%package -n libcryptsetup0
+%package -n libcryptsetup1
-License:        BSD 3-clause (or similar) ; GPL v2 only ; GPL v2 or later
+License:        GPL v2 or later
 Summary:        Set Up dm-crypt Based Encrypted Block Devices
 Group:          System/Base
 
-%description  -n libcryptsetup0
+%description  -n libcryptsetup1
 cryptsetup is used to conveniently set up dm-crypt based device-mapper
 targets. It allows to set up targets to read cryptoloop compatible
 volumes as well as LUKS formatted ones. The package additionally
@@ -89,13 +90,13 @@ Authors:
     Ben Slusky <sluskyb@paranoiacs.org>
 
 %package -n libcryptsetup-devel
-License:        BSD 3-clause (or similar) ; GPL v2 only ; GPL v2 or later
+License:        GPL v2 or later
 Summary:        Set Up dm-crypt Based Encrypted Block Devices
 Group:          Development/Libraries/C and C++
 # cryptsetup-devel last used 11.1
 Provides:       cryptsetup-devel = %{version}
 Obsoletes:      cryptsetup-devel < %{version}
-Requires:       libcryptsetup0 = %{version}
+Requires:       libcryptsetup1 = %{version}
 Requires:       device-mapper-devel libgcrypt-devel libgpg-error-devel e2fsprogs-devel glibc-devel
 
 %description  -n libcryptsetup-devel
@@ -114,8 +115,8 @@ Authors:
     Ben Slusky <sluskyb@paranoiacs.org>
 
 %prep
-%setup -q -b 1 -b 2
+%setup -q -b 10 -b 20
-%patch0 -p1
+#patch0 -p1
 pushd ../hashalot-%haver
 %patch10 -p1
 %patch11 -p1
@@ -130,27 +131,29 @@ popd
 # cryptsetup build
 %{?suse_update_config:%{suse_update_config}}
 autoreconf -f -i
+test -e po/Makevars || cp po/Makevars.template po/Makevars
 CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --mandir=%_mandir \
 				    --libdir=/%_lib \
 				    --bindir=/sbin --sbindir=/sbin \
 				    --disable-static --enable-shared \
 				    --enable-selinux
-make
+make %{?jobs:-j%jobs}
 #
 # hashalot build
 pushd ../hashalot-%haver
 autoreconf -f -i
 %{?suse_update_config:%{suse_update_config}}
 CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --sbindir=/sbin --mandir=%_mandir 
-make
+make %{?jobs:-j%jobs}
 popd
 
 %install
 make install DESTDIR=$RPM_BUILD_ROOT
-# move devel .so link to %{libdir}
+# move devel stuff to %{libdir}
 rm -f $RPM_BUILD_ROOT/%{_lib}/libcryptsetup.so
 mkdir -p $RPM_BUILD_ROOT%{_libdir}
-ln -s /%{_lib}/libcryptsetup.so.0.0.0 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so
+ln -s /%{_lib}/libcryptsetup.so.1 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so
+mv $RPM_BUILD_ROOT/%_lib/pkgconfig $RPM_BUILD_ROOT/%_libdir
 # don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
 rm -f $RPM_BUILD_ROOT/%_lib/*.la
 #
@@ -186,11 +189,9 @@ fi
 [ -x /sbin/mkinitrd_setup ] && mkinitrd_setup
 %{insserv_cleanup}
 
-%post -n libcryptsetup0
+%post -n libcryptsetup1 -p /sbin/ldconfig
-/sbin/ldconfig
 
-%postun -n libcryptsetup0
+%postun -n libcryptsetup1 -p /sbin/ldconfig
-/sbin/ldconfig
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -205,6 +206,8 @@ rm -rf $RPM_BUILD_ROOT
 %dir /lib/mkinitrd/scripts
 /lib/mkinitrd/scripts/setup-luks.sh
 /lib/mkinitrd/scripts/boot-luks.sh
+/lib/mkinitrd/scripts/setup-luks2.sh
+/lib/mkinitrd/scripts/setup-luks_final.sh
 /sbin/cryptsetup
 /sbin/hashalot
 /sbin/rccrypto
@@ -214,14 +217,15 @@ rm -rf $RPM_BUILD_ROOT
 %_mandir/man5/cryptotab.5.gz
 /lib/cryptsetup
 
-%files -n libcryptsetup0
+%files -n libcryptsetup1
 %defattr(-,root,root)
-/%_lib/libcryptsetup.so.0
+/%_lib/libcryptsetup.so.1
-/%_lib/libcryptsetup.so.0.0.0
+/%_lib/libcryptsetup.so.1.0.0
 
 %files -n libcryptsetup-devel
 %defattr(-,root,root)
 %_includedir/libcryptsetup.h
 %{_libdir}/libcryptsetup.so
+%{_libdir}/pkgconfig/*
 
 %changelog