cryptsetup/cryptsetup.spec

#
# spec file for package cryptsetup
#
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


%define so_ver 4
Name:           cryptsetup
Version:        1.7.5
Release:        0
Summary:        Set Up dm-crypt Based Encrypted Block Devices
License:        SUSE-GPL-2.0-with-openssl-exception and LGPL-2.0+
Group:          System/Base
Url:            https://gitlab.com/cryptsetup/cryptsetup/
Source0:        https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-%{version}.tar.xz
# GPG signature of the uncompressed tarball.
Source1:        https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-%{version}.tar.sign
Source2:        baselibs.conf
Source3:        %{name}.keyring
BuildRequires:  device-mapper-devel
BuildRequires:  fipscheck
BuildRequires:  fipscheck-devel
BuildRequires:  libgcrypt-devel
BuildRequires:  libpwquality-devel
BuildRequires:  libselinux-devel
BuildRequires:  libuuid-devel
# 2.6.38 has the required if_alg.h
BuildRequires:  linux-glibc-devel >= 2.6.38
BuildRequires:  pkgconfig
BuildRequires:  popt-devel
BuildRequires:  suse-module-tools
Requires(post): coreutils
Requires(postun): coreutils

%description
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file %{_sysconfdir}/crypttab.

%package -n libcryptsetup%{so_ver}
Summary:        Set Up dm-crypt Based Encrypted Block Devices
Group:          System/Libraries

%description -n libcryptsetup%{so_ver}
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file %{_sysconfdir}/crypttab.

%package -n libcryptsetup%{so_ver}-hmac
Summary:        Checksums for libcryptsetup4
Group:          System/Base

%description -n libcryptsetup%{so_ver}-hmac
This package contains HMAC checksums for integrity checking of libcryptsetup4,
used for FIPS.

%package -n libcryptsetup-devel
Summary:        Set Up dm-crypt Based Encrypted Block Devices
Group:          Development/Libraries/C and C++
Requires:       glibc-devel
Requires:       libcryptsetup%{so_ver} = %{version}
# cryptsetup-devel last used 11.1
Provides:       cryptsetup-devel = %{version}
Obsoletes:      cryptsetup-devel < %{version}

%description -n libcryptsetup-devel
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file %{_sysconfdir}/crypttab.

%prep
%setup -q

%build
%configure \
  --enable-cryptsetup-reencrypt \
  --enable-selinux \
  --enable-fips \
  --enable-pwquality \
  --enable-gcrypt-pbkdf2
make %{?_smp_mflags} V=1

%install
# Generate HMAC checksums (FIPS)
%define __spec_install_post \
  %{?__debug_package:%{__debug_install_post}} \
  %{__arch_install_post} \
  %{__os_install_post} \
  fipshmac %{buildroot}/%{_libdir}/libcryptsetup.so.* \
%{nil}

%make_install
install -dm 0755 %{buildroot}/sbin
ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
find %{buildroot} -type f -name "*.la" -delete -print
#
%find_lang %{name} --all-name

%post
test -n "$FIRST_ARG" || FIRST_ARG="$1"
#
# convert noauto to nofail and turn on fsck (bnc#724113)
#
marker="%{_localstatedir}/adm/crypsetup.fstab.noauto_converted"
if [ "$FIRST_ARG" -gt 1 -a ! -e "$marker" ]; then
	echo "updating %{_sysconfdir}/fstab ... "
	tmpfstab="%{_sysconfdir}/fstab.cryptsetup.$$"
	sed -e '/^\/dev\/mapper\/cr_.*,noauto\s/{s/,noauto\(\s\)/,nofail\1/;s/ 0 0$/ 0 2/}' < %{_sysconfdir}/fstab > "$tmpfstab"
	if diff -u0 %{_sysconfdir}/fstab "$tmpfstab"; then
		echo "no change"
		rm -f "$tmpfstab"
		> "$marker"
	else
		cp "$tmpfstab" "$marker"
		mv "$tmpfstab" %{_sysconfdir}/fstab
	fi
fi

%{?regenerate_initrd_post}

%postun
%{?regenerate_initrd_post}

%posttrans
%{?regenerate_initrd_posttrans}

%post -n libcryptsetup%{so_ver} -p /sbin/ldconfig
%postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig

%files -f %{name}.lang
%defattr(-,root,root)
%doc AUTHORS COPYING* FAQ README TODO docs/ChangeLog.old docs/*ReleaseNotes
#ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/crypttab
#ghost %verify(not md5 size mtime) %config(noreplace,missingok) /etc/cryptotab
/sbin/cryptsetup
%{_sbindir}/cryptsetup
%{_sbindir}/veritysetup
%{_sbindir}/cryptsetup-reencrypt
%{_mandir}/man8/cryptsetup.8%{ext_man}
%{_mandir}/man8/cryptsetup-reencrypt.8%{ext_man}
%{_mandir}/man8/veritysetup.8%{ext_man}

%files -n libcryptsetup%{so_ver}
%defattr(-,root,root)
%{_libdir}/libcryptsetup.so.%{so_ver}*

%files -n libcryptsetup%{so_ver}-hmac
%defattr(-,root,root)
%{_libdir}/.libcryptsetup.so.%{so_ver}*hmac

%files -n libcryptsetup-devel
%defattr(-,root,root)
%doc docs/examples/
%{_includedir}/libcryptsetup.h
%{_libdir}/libcryptsetup.so
%{_libdir}/pkgconfig/*

%changelog