diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..bf131f3 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libcryptsetup1 diff --git a/boot.crypto-0_200910201446.tar.bz2 b/boot.crypto-0_200910201446.tar.bz2 deleted file mode 100644 index eb51922..0000000 --- a/boot.crypto-0_200910201446.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:748209e4d765d7b66b6479f7e838e1ceca1823c00184b7732f647f9f5807d56d -size 17933 diff --git a/boot.crypto-0_200911271000.tar.bz2 b/boot.crypto-0_200911271000.tar.bz2 new file mode 100644 index 0000000..9479d41 --- /dev/null +++ b/boot.crypto-0_200911271000.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:65d653f82ff72ad2cf5e703663331c42460df5253297d149b2ff7fa2b6e4fd1b +size 17953 diff --git a/cryptsetup-1.0.7-eofpw.diff b/cryptsetup-1.0.7-eofpw.diff deleted file mode 100644 index 36ce24e..0000000 --- a/cryptsetup-1.0.7-eofpw.diff +++ /dev/null @@ -1,42 +0,0 @@ -From 6b92a27195e21e9d96ce2f324c3da593a01a7ae0 Mon Sep 17 00:00:00 2001 -From: Ludwig Nussel -Date: Tue, 29 Sep 2009 11:09:31 +0200 -Subject: [PATCH] Fail if piped input is broken. - ---- - ChangeLog | 1 + - lib/utils.c | 13 ++++++++++--- - 2 files changed, 11 insertions(+), 3 deletions(-) - -Index: cryptsetup-1.0.7/lib/utils.c -=================================================================== ---- cryptsetup-1.0.7.orig/lib/utils.c -+++ cryptsetup-1.0.7/lib/utils.c -@@ -361,6 +361,7 @@ int get_key(char *prompt, char **key, un - char *pass = NULL; - int newline_stop; - int read_horizon; -+ int regular_file = 0; - - if(key_file && !strcmp(key_file, "-")) { - /* Allow binary reading from stdin */ -@@ -435,6 +436,8 @@ int get_key(char *prompt, char **key, un - // goto out_err; - fprintf(stderr,"Warning: exhausting read requested, but key file is not a regular file, function might never return.\n"); - } -+ else -+ regular_file = 1; - } - buflen = 0; - for(i = 0; read_horizon == 0 || i < read_horizon; i++) { -@@ -452,6 +455,10 @@ int get_key(char *prompt, char **key, un - } - if(key_file) - close(fd); -+ /* Fail if piped input dies reading nothing */ -+ if(!i && !regular_file) { -+ goto out_err; -+ } - pass[i] = 0; - *key = pass; - *passLen = i; diff --git a/cryptsetup-1.0.7.tar.bz2 b/cryptsetup-1.0.7.tar.bz2 deleted file mode 100644 index a96c573..0000000 --- a/cryptsetup-1.0.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:829af59ab5bb47e4ff384a927458b4ffbb86380825de5f9ac751a89df599ed99 -size 417339 diff --git a/cryptsetup-1.1.0.tar.bz2 b/cryptsetup-1.1.0.tar.bz2 new file mode 100644 index 0000000..c96bffe --- /dev/null +++ b/cryptsetup-1.1.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b343fa6bf3c48b633e68da25e44aebd6a32a3dc21c10604acd6faa04e41f58f3 +size 465778 diff --git a/cryptsetup-1.1.0.tar.bz2.asc b/cryptsetup-1.1.0.tar.bz2.asc new file mode 100644 index 0000000..3fb7dc8 --- /dev/null +++ b/cryptsetup-1.1.0.tar.bz2.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (GNU/Linux) + +iEYEABECAAYFAktS7HYACgkQf1Jlc7shgi8PwQCfVFwnRLdjn7hILuxXq5TLtmsa +elIAn0VqeFuSEqPg3qu9BqPnmdkoMRzI +=mOAm +-----END PGP SIGNATURE----- diff --git a/cryptsetup.changes b/cryptsetup.changes index f2abde5..5055c02 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,78 @@ +------------------------------------------------------------------- +Mon Jan 18 12:18:32 UTC 2010 - lnussel@suse.de + +- cryptsetup 1.1.0: + + * IMPORTANT: the default compiled-in cipher parameters changed + plain mode: aes-cbc-essiv:sha256 (default is backward incompatible!). + LUKS mode: aes-cbc-essiv:sha256 (only key size increased) + In both modes is now default key size 256bits. + + * Default compiled-in parameters are now configurable through configure options: + --with-plain-* / --with-luks1-* (see configure --help) + + * If you need backward compatible defaults for distribution use + configure --with-plain-mode=cbc-plain --with-luks1-keybits=128 + + Default compiled-in modes are printed in "cryptsetup --help" output. + + * Change in iterations count (LUKS): + The slot and key digest iteration minimum count is now 1000. + The key digest iteration count is calculated from iteration time (approx 1/8 of req. time). + For more info about above items see discussion here: http://tinyurl.com/yaug97y + + * New libcryptsetup API (documented in libcryptsetup.h). + + The old API (using crypt_options struct) is still available but will remain + frozen and not used for new functions. + Soname of library changed to libcryptsetup.so.1.0.0. + (But only recompilation should be needed for old programs.) + + The new API provides much more flexible operation over LUKS device for + applications, it is preferred that new applications will use libcryptsetup + and not wrapper around cryptsetup binary. + + * New luksHeaderBackup and luksHeaderRestore commands. + + These commands allows binary backup of LUKS header. + Please read man page about possible security issues with backup files. + + * New luksSuspend (freeze device and wipe key) and luksResume (with provided passphrase). + + luksSuspend wipe encryption key in kernel memory and set device to suspend + (blocking all IO) state. This option can be used for situations when you need + temporary wipe encryption key (like suspend to RAM etc.) + Please read man page for more information. + + * New --master-key-file option for luksFormat and luksAddKey. + + User can now specify pre-generated master key in file, which allows regenerating + LUKS header or add key with only master key knowledge. + + * Uses libgcrypt and enables all gcrypt hash algorithms for LUKS through -h luksFormat option. + + Please note that using different hash for LUKS header make device incompatible with + old cryptsetup releases. + + * Introduces --debug parameter. + + Use when reporting bugs (just run cryptsetup with --debug and attach output + to issue report.) Sensitive data are never printed to this log. + + * Moves command successful messages to verbose level. + + * Requires device-mapper library and libgcrypt to build. + + * Uses dm-uuid for all crypt devices, contains device type and name now. + + * Removes support for dangerous non-exclusive option + (it is ignored now, LUKS device must be always opened exclusive) + +- boot.crypto: + * don't use dirty prompt override hack anymore + * wait for volume groups if resume volume is on lvm (bnc#556895) + * dynamically determine whether the cryptomgr module is neeeded + ------------------------------------------------------------------- Mon Oct 19 14:33:57 UTC 2009 - lnussel@suse.de diff --git a/cryptsetup.spec b/cryptsetup.spec index d7c59f6..10e169e 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,7 +1,7 @@ # -# spec file for package cryptsetup (Version 1.0.7) +# spec file for package cryptsetup (Version 1.1.0) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,20 +25,22 @@ BuildRequires: libselinux-devel # hashalot version %define haver 0.3 # boot.crypto version -%define bcver 0_200910201446 -License: BSD 3-clause (or similar) ; GPL v2 only ; GPL v2 or later +%define bcver 0_200911271000 +License: BSD3c(or similar) ; GPLv2 ; GPLv2+ Group: System/Base AutoReqProv: on -Version: 1.0.7 -Release: 10 +Version: 1.1.0 +Release: 1 Summary: Set Up dm-crypt Based Encrypted Block Devices -Source: cryptsetup-%{version}.tar.bz2 -Source1: hashalot-%haver.tar.bz2 -# http://www.suse.de/~lnussel/boot.crypto.git -Source2: boot.crypto-%{bcver}.tar.bz2 +Source: http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2 +Source1: http://cryptsetup.googlecode.com/files/cryptsetup-%{version}.tar.bz2.asc +Source2: baselibs.conf +Source10: hashalot-%haver.tar.bz2 +# git://gitorious.org/opensuse/boot_crypto.git +Source20: boot.crypto-%{bcver}.tar.bz2 # use this to create the tarball from svn Source99: cryptsetup-mktar -Patch0: cryptsetup-1.0.7-eofpw.diff +#Patch0: cryptsetup-svn131-noascii.diff Patch10: hashalot-fixes.diff Patch11: hashalot-libgcrypt.diff Patch12: hashalot-ctrl-d.diff @@ -68,12 +70,12 @@ Authors: Christophe Saout Ben Slusky -%package -n libcryptsetup0 -License: BSD 3-clause (or similar) ; GPL v2 only ; GPL v2 or later +%package -n libcryptsetup1 +License: GPLv2+ Summary: Set Up dm-crypt Based Encrypted Block Devices Group: System/Base -%description -n libcryptsetup0 +%description -n libcryptsetup1 cryptsetup is used to conveniently set up dm-crypt based device-mapper targets. It allows to set up targets to read cryptoloop compatible volumes as well as LUKS formatted ones. The package additionally @@ -89,13 +91,13 @@ Authors: Ben Slusky %package -n libcryptsetup-devel -License: BSD 3-clause (or similar) ; GPL v2 only ; GPL v2 or later +License: GPLv2+ Summary: Set Up dm-crypt Based Encrypted Block Devices Group: Development/Libraries/C and C++ # cryptsetup-devel last used 11.1 Provides: cryptsetup-devel = %{version} Obsoletes: cryptsetup-devel < %{version} -Requires: libcryptsetup0 = %{version} +Requires: libcryptsetup1 = %{version} Requires: device-mapper-devel libgcrypt-devel libgpg-error-devel e2fsprogs-devel glibc-devel %description -n libcryptsetup-devel @@ -114,8 +116,8 @@ Authors: Ben Slusky %prep -%setup -q -b 1 -b 2 -%patch0 -p1 +%setup -q -b 10 -b 20 +#patch0 -p1 pushd ../hashalot-%haver %patch10 -p1 %patch11 -p1 @@ -130,27 +132,29 @@ popd # cryptsetup build %{?suse_update_config:%{suse_update_config}} autoreconf -f -i +test -e po/Makevars || cp po/Makevars.template po/Makevars CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --mandir=%_mandir \ --libdir=/%_lib \ --bindir=/sbin --sbindir=/sbin \ --disable-static --enable-shared \ --enable-selinux -make +make %{?jobs:-j%jobs} # # hashalot build pushd ../hashalot-%haver autoreconf -f -i %{?suse_update_config:%{suse_update_config}} CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --sbindir=/sbin --mandir=%_mandir -make +make %{?jobs:-j%jobs} popd %install make install DESTDIR=$RPM_BUILD_ROOT -# move devel .so link to %{libdir} +# move devel stuff to %{libdir} rm -f $RPM_BUILD_ROOT/%{_lib}/libcryptsetup.so mkdir -p $RPM_BUILD_ROOT%{_libdir} -ln -s /%{_lib}/libcryptsetup.so.0.0.0 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so +ln -s /%{_lib}/libcryptsetup.so.1 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so +mv $RPM_BUILD_ROOT/%_lib/pkgconfig $RPM_BUILD_ROOT/%_libdir # don't want this file in /lib (FHS compat check), and can't move it to /usr/lib rm -f $RPM_BUILD_ROOT/%_lib/*.la # @@ -186,11 +190,9 @@ fi [ -x /sbin/mkinitrd_setup ] && mkinitrd_setup %{insserv_cleanup} -%post -n libcryptsetup0 -/sbin/ldconfig +%post -n libcryptsetup1 -p /sbin/ldconfig -%postun -n libcryptsetup0 -/sbin/ldconfig +%postun -n libcryptsetup1 -p /sbin/ldconfig %clean rm -rf $RPM_BUILD_ROOT @@ -216,14 +218,15 @@ rm -rf $RPM_BUILD_ROOT %_mandir/man5/cryptotab.5.gz /lib/cryptsetup -%files -n libcryptsetup0 +%files -n libcryptsetup1 %defattr(-,root,root) -/%_lib/libcryptsetup.so.0 -/%_lib/libcryptsetup.so.0.0.0 +/%_lib/libcryptsetup.so.1 +/%_lib/libcryptsetup.so.1.0.0 %files -n libcryptsetup-devel %defattr(-,root,root) %_includedir/libcryptsetup.h %{_libdir}/libcryptsetup.so +%{_libdir}/pkgconfig/* %changelog