# # spec file for package cryptsetup (Version 1.0.5_SVNr31) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: cryptsetup Url: http://luks.endorphin.org/dm-crypt BuildRequires: device-mapper-devel e2fsprogs-devel libgcrypt-devel popt-devel # hashalot version %define haver 0.3 License: BSD 3-Clause; GPL v2 or later Group: System/Base AutoReqProv: on Version: 1.0.5_SVNr31 Release: 1 Summary: Set Up dm-crypt Based Encrypted Block Devices Source: cryptsetup-1.0.5_SVNr31.tar.bz2 Source1: hashalot-%haver.tar.bz2 Source50: boot.crypto Source90: Makefile.doc Source91: crypttab.5.txt # make -f Makefile.doc Source92: crypttab.5 # use this to create the tarball from svn Source99: cryptsetup-mktar Patch2: cryptsetup-luks-implicit-declarations.diff Patch3: cryptsetup-luks-warnings.diff Patch4: cryptsetup-luks-libnostderr.diff Patch5: cryptsetup-1.0.5-run_udevsettle.patch Patch10: hashalot-fixes.diff Patch11: hashalot-libgcrypt.diff Patch12: hashalot-ctrl-d.diff Patch13: hashalot-timeout.diff Patch14: hashalot-manpage.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build Provides: aaa_base:/etc/init.d/boot.crypto Obsoletes: util-linux-crypto <= 2.12r # we need losetup Requires: util-linux %description cryptsetup is used to conveniently set up dm-crypt based device-mapper targets. It allows to set up targets to read cryptoloop compatible volumes as well as LUKS formatted ones. The package additionally includes support for automatically setting up encrypted volumes at boot time via the config file /etc/crypttab. Authors: -------- Clemens Fruhwirth Christophe Saout Ben Slusky %package devel Summary: Set Up dm-crypt Based Encrypted Block Devices Group: System/Base Requires: %name = %version Requires: device-mapper-devel libgcrypt-devel libgpg-error-devel e2fsprogs-devel glibc-devel %description devel cryptsetup is used to conveniently set up dm-crypt based device-mapper targets. It allows to set up targets to read cryptoloop compatible volumes as well as LUKS formatted ones. The package additionally includes support for automatically setting up encrypted volumes at boot time via the config file /etc/crypttab. Authors: -------- Clemens Fruhwirth Christophe Saout Ben Slusky %prep %setup -q -b 1 #%patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 pushd ../hashalot-%haver %patch10 -p1 %patch11 -p1 %patch12 -p1 %patch13 -p1 %patch14 -p1 popd %build # cryptsetup build %{?suse_update_config:%{suse_update_config}} autoreconf -f -i CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --mandir=%_mandir \ --libdir=/%_lib \ --bindir=/sbin --sbindir=/sbin \ --disable-static --enable-shared make # # hashalot build pushd ../hashalot-%haver autoreconf -f -i %{?suse_update_config:%{suse_update_config}} CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%_prefix --sbindir=/sbin --mandir=%_mandir make popd %install make install DESTDIR=$RPM_BUILD_ROOT # move devel .so link to %{libdir} rm -f $RPM_BUILD_ROOT/%{_lib}/libcryptsetup.so mkdir -p $RPM_BUILD_ROOT%{_libdir} ln -s /%{_lib}/libcryptsetup.so.0.0.0 $RPM_BUILD_ROOT%{_libdir}/libcryptsetup.so # don't want this file in /lib (FHS compat check), and can't move it to /usr/lib rm -f $RPM_BUILD_ROOT/%_lib/*.la # # hashalot install pushd ../hashalot-%haver make install DESTDIR=$RPM_BUILD_ROOT popd # remove unwanted symlinks rm -f $RPM_BUILD_ROOT/sbin/{rmd160,sha256,sha384,sha512} # # # boot.crypto install -d -m 755 %{buildroot}/etc/init.d install -m 755 %{SOURCE50} %{buildroot}/etc/init.d/boot.crypto # maybe install templates instead? install -m 644 /dev/null %{buildroot}/etc/cryptotab install -m 644 /dev/null %{buildroot}/etc/crypttab # man page install -d -m755 %{buildroot}%{_mandir}/man5 install -m644 %{SOURCE92} %{buildroot}%{_mandir}/man5 # %find_lang %name --all-name %pre # hack to catch update case from aaa_base/util-linux-crypto if [ -f /etc/init.d/boot.d/S??boot.crypto ]; then touch /var/run/cryptsetup.boot.crypto.enabled fi %post /sbin/ldconfig %{fillup_and_insserv boot.crypto} if [ -e /var/run/cryptsetup.boot.crypto.enabled ]; then rm -f /var/run/cryptsetup.boot.crypto.enabled %{fillup_and_insserv -fY boot.crypto} fi %postun /sbin/ldconfig %{insserv_cleanup} %clean rm -rf $RPM_BUILD_ROOT %files -f %name.lang %defattr(-,root,root) %ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab %ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/cryptotab /etc/init.d/boot.crypto /sbin/cryptsetup /sbin/hashalot %_datadir/locale/de/LC_MESSAGES/cryptsetup.mo %_mandir/man1/hashalot.1.gz %_mandir/man8/cryptsetup.8.gz %_mandir/man5/crypttab.5.gz /%_lib/libcryptsetup.so.0 /%_lib/libcryptsetup.so.0.0.0 %files devel %defattr(-,root,root) %_includedir/libcryptsetup.h %{_libdir}/libcryptsetup.so %changelog * Tue Oct 16 2007 - lnussel@suse.de - upgrade to svn revision 31 * Rename luksDelKey into luksKillSlot * Add luksRemoveKey that queries a given key before removal * Fix segfault in luksOpen. * Add LUKS_device_ready check for most LUKS calls, so that cryptsetup dies before password querying in case a blockdev is unavailable * For LUKS key material access require exclusive access to the underlying device. This will prevent multiple mappings onto a single LUKS device. dm*crypt doesn't feature any syncing capabilities, hence there is no real application for this as it will likely lead to disk corruption. * Add signal handler to keyencryption to free the temporary mapping in case the user hits ctrl-c. * Mon Aug 27 2007 - lnussel@suse.de - remove /var/run/keymap from previous boot to make /etc/init.d/kbd work (#296409) * Mon Aug 27 2007 - lnussel@suse.de - run fsck with progressbar (#304750) * Thu Jun 21 2007 - mkoenig@suse.de - run udevsettle to avoid problems with busy temporary device mapper devices [#285478] * Mon Jun 11 2007 - lnussel@suse.de - rephrase error message (#279169) * Fri Jun 01 2007 - lnussel@suse.de - rename util-linux-crypto to cryptsetup - remove dmconvert - replace svn snapshot with official 1.0.5 release - don't enable boot.crypto by default * Tue May 29 2007 - lnussel@suse.de - fix segfault when trying to open a non existing device - fix gcc warnings - add Short-Description to boot.crypto - use %%find_lang * Wed May 09 2007 - lnussel@suse.de - boot.crypto: implement 'status' - boot.crypto: accept argument to start/stop single devices * Wed May 09 2007 - lnussel@suse.de - hashalot: add timeout option * Wed May 09 2007 - lnussel@suse.de - fix build * Tue May 08 2007 - lnussel@suse.de - boot.crypto: switch off splash screen only when needed - boot.crypto: report status for individual volumes instead of using one global exit status - hashalot: exit unsucessfully on empty passphrase * Tue May 08 2007 - lnussel@suse.de - boot.crypto: sleep a bit longer before overwriting the prompt - boot.crypto: add support for pseed and itercountk options - boot.crypto: skip entries with unsupported/unknown options - hashalot: add support for itercountk * Fri May 04 2007 - lnussel@suse.de - upgrade cryptsetup to current svn revision 30 which includes previous patches. - fix background prompt process not getting killed on ctrl-d in boot.crypto * Fri Apr 27 2007 - lnussel@suse.de - upgrade cryptsetup to current svn revision 26. Does no longer hang when a file is specified instead of a device. - remove obsolete cryptsetup.sh script - boot.crypto: * drop support for cryptoloop, use cryptsetup also for cryptotab * refactor code and create reusable components for use in cryptotab and crypttab code path * run sulogin only during boot if fsck failed * support crypttab's 'tries' option - add crypttab manpage based on Debian one * Tue Apr 24 2007 - lnussel@suse.de - add boot.crypto (#257884) - add crypttab and cryptotab as %%ghost to filelist * Tue Mar 27 2007 - mkoenig@suse.de - move devel .so link to %%{libdir} - run ldconfig, since we have now a shared lib installed * Fri Mar 23 2007 - dmueller@suse.de - cryptsetup can now link shared since libpopt is no longer under /usr * Fri Mar 09 2007 - lnussel@suse.de - add patch to support old loop_fish2 key hash method * Thu Dec 07 2006 - mkoenig@suse.de - update cryptsetup to version 1.0.4: * added terminal timeout rewrite * allow user selection of key slot * reading binary keys from stdin using the "-" as key file * fix 64 bit compiler warning issues. * fix getline problem for 64-bit archs. * Fri Oct 13 2006 - mkoenig@suse.de - fix build failure due to missing pthreads * Wed Sep 13 2006 - hvogel@suse.de - use the LUKS version of cryptsetup - split -devel subpackage for libcryptsetup - remove patches because they are in the new cryptsetup * cryptsetup-0.1-static.patch * cryptsetup-0.1-retval.patch * cryptsetup-0.1-dmi.exists.patch * cryptsetup-0.1-timeout.patch - use man page from the new cryptsetup * Tue May 16 2006 - hvogel@suse.de - Fix cryptsetup to work when the device does not exist yet [#175931] * Wed Jan 25 2006 - mls@suse.de - converted neededforbuild to BuildRequires * Mon Dec 19 2005 - mmj@suse.de - Remove symlinks to hashalot we don't want * Thu Oct 13 2005 - hvogel@suse.de - Fix uninitialized var in dmconvert. Add * dmconvert-0.2-uninitialized.patch - Fix return value in cryptsetup. Add * cryptsetup-0.1-retval.patch * Wed Jun 29 2005 - hvogel@suse.de - Link cryptsetup static so it can be in /sbin and you can get /usr over nfs or even crypted * Mon May 09 2005 - hvogel@suse.de - New package, Version 2.12q