# # spec file for package cryptsetup # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define so_ver 4 Name: cryptsetup Version: 1.7.5 Release: 0 Summary: Set Up dm-crypt Based Encrypted Block Devices License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+ Group: System/Base Url: https://gitlab.com/cryptsetup/cryptsetup/ Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-%{version}.tar.xz # GPG signature of the uncompressed tarball. Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-%{version}.tar.sign Source2: baselibs.conf Source3: %{name}.keyring BuildRequires: device-mapper-devel BuildRequires: fipscheck BuildRequires: fipscheck-devel BuildRequires: libgcrypt-devel BuildRequires: libpwquality-devel BuildRequires: libselinux-devel BuildRequires: libuuid-devel # 2.6.38 has the required if_alg.h BuildRequires: linux-glibc-devel >= 2.6.38 BuildRequires: pkgconfig BuildRequires: popt-devel BuildRequires: suse-module-tools Requires(post): coreutils Requires(postun): coreutils %description cryptsetup is used to conveniently set up dm-crypt based device-mapper targets. It allows to set up targets to read cryptoloop compatible volumes as well as LUKS formatted ones. The package additionally includes support for automatically setting up encrypted volumes at boot time via the config file %{_sysconfdir}/crypttab. %package -n libcryptsetup%{so_ver} Summary: Set Up dm-crypt Based Encrypted Block Devices Group: System/Libraries %description -n libcryptsetup%{so_ver} cryptsetup is used to conveniently set up dm-crypt based device-mapper targets. It allows to set up targets to read cryptoloop compatible volumes as well as LUKS formatted ones. The package additionally includes support for automatically setting up encrypted volumes at boot time via the config file %{_sysconfdir}/crypttab. %package -n libcryptsetup%{so_ver}-hmac Summary: Checksums for libcryptsetup4 Group: System/Base %description -n libcryptsetup%{so_ver}-hmac This package contains HMAC checksums for integrity checking of libcryptsetup4, used for FIPS. %package -n libcryptsetup-devel Summary: Set Up dm-crypt Based Encrypted Block Devices Group: Development/Libraries/C and C++ Requires: glibc-devel Requires: libcryptsetup%{so_ver} = %{version} # cryptsetup-devel last used 11.1 Provides: cryptsetup-devel = %{version} Obsoletes: cryptsetup-devel < %{version} %description -n libcryptsetup-devel cryptsetup is used to conveniently set up dm-crypt based device-mapper targets. It allows to set up targets to read cryptoloop compatible volumes as well as LUKS formatted ones. The package additionally includes support for automatically setting up encrypted volumes at boot time via the config file %{_sysconfdir}/crypttab. %prep %setup -q %build %configure \ --enable-cryptsetup-reencrypt \ --enable-selinux \ --enable-fips \ --enable-pwquality \ --enable-gcrypt-pbkdf2 make %{?_smp_mflags} V=1 %install # Generate HMAC checksums (FIPS) %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ fipshmac %{buildroot}/%{_libdir}/libcryptsetup.so.* \ %{nil} %make_install install -dm 0755 %{buildroot}/sbin ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin # don't want this file in /lib (FHS compat check), and can't move it to /usr/lib find %{buildroot} -type f -name "*.la" -delete -print # %find_lang %{name} --all-name %post test -n "$FIRST_ARG" || FIRST_ARG="$1" # # convert noauto to nofail and turn on fsck (bnc#724113) # marker="%{_localstatedir}/adm/crypsetup.fstab.noauto_converted" if [ "$FIRST_ARG" -gt 1 -a ! -e "$marker" ]; then echo "updating %{_sysconfdir}/fstab ... " tmpfstab="%{_sysconfdir}/fstab.cryptsetup.$$" sed -e '/^\/dev\/mapper\/cr_.*,noauto\s/{s/,noauto\(\s\)/,nofail\1/;s/ 0 0$/ 0 2/}' < %{_sysconfdir}/fstab > "$tmpfstab" if diff -u0 %{_sysconfdir}/fstab "$tmpfstab"; then echo "no change" rm -f "$tmpfstab" > "$marker" else cp "$tmpfstab" "$marker" mv "$tmpfstab" %{_sysconfdir}/fstab fi fi %{?regenerate_initrd_post} %postun %{?regenerate_initrd_post} %posttrans %{?regenerate_initrd_posttrans} %post -n libcryptsetup%{so_ver} -p /sbin/ldconfig %postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig %files -f %{name}.lang %defattr(-,root,root) %doc AUTHORS COPYING* FAQ README TODO docs/ChangeLog.old docs/*ReleaseNotes #ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab #ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/cryptotab /sbin/cryptsetup %{_sbindir}/cryptsetup %{_sbindir}/veritysetup %{_sbindir}/cryptsetup-reencrypt %{_mandir}/man8/cryptsetup.8%{ext_man} %{_mandir}/man8/cryptsetup-reencrypt.8%{ext_man} %{_mandir}/man8/veritysetup.8%{ext_man} %files -n libcryptsetup%{so_ver} %defattr(-,root,root) %{_libdir}/libcryptsetup.so.%{so_ver}* %files -n libcryptsetup%{so_ver}-hmac %defattr(-,root,root) %{_libdir}/.libcryptsetup.so.%{so_ver}*hmac %files -n libcryptsetup-devel %defattr(-,root,root) %doc docs/examples/ %{_includedir}/libcryptsetup.h %{_libdir}/libcryptsetup.so %{_libdir}/pkgconfig/* %changelog