forked from pool/cryptsetup
Ludwig Nussel
b9976bf5b8
Changes since version 2.0.3 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ * Use the libblkid (blockid) library to detect foreign signatures on a device before LUKS format and LUKS2 auto-recovery. This change fixes an unexpected recovery using the secondary LUKS2 header after a device was already overwritten with another format (filesystem or LVM physical volume). LUKS2 will not recreate a primary header if it detects a valid foreign signature. In this situation, a user must always use cryptsetup repair command for the recovery. Note that libcryptsetup and utilities are now linked to libblkid as a new dependence. To compile code without blockid support (strongly discouraged), use --disable-blkid configure switch. * Add prompt for format and repair actions in cryptsetup and integritysetup if foreign signatures are detected on the device through the blockid library. After the confirmation, all known signatures are then wiped as part of the format or repair procedure. * Print consistent verbose message about keyslot and token numbers. For keyslot actions: Key slot <number> unlocked/created/removed. For token actions: Token <number> created/removed. * Print error, if a non-existent token is tried to be removed. * Add support for LUKS2 token definition export and import. The token command now can export/import customized token JSON file directly from command line. See the man page for more details. * Add support for new dm-integrity superblock version 2. * Add an error message when nothing was read from a key file. * Update cryptsetup man pages, including --type option usage. OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=141
182 lines
5.9 KiB
RPMSpec
182 lines
5.9 KiB
RPMSpec
#
|
|
# spec file for package cryptsetup
|
|
#
|
|
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%define so_ver 12
|
|
Name: cryptsetup
|
|
Version: 2.0.4
|
|
Release: 0
|
|
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
|
License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later
|
|
Group: System/Base
|
|
Url: https://gitlab.com/cryptsetup/cryptsetup/
|
|
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.xz
|
|
# GPG signature of the uncompressed tarball.
|
|
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.sign
|
|
Source2: baselibs.conf
|
|
Source3: %{name}.keyring
|
|
BuildRequires: device-mapper-devel
|
|
BuildRequires: fipscheck
|
|
BuildRequires: fipscheck-devel
|
|
BuildRequires: libgcrypt-devel
|
|
BuildRequires: libjson-c-devel
|
|
BuildRequires: libpwquality-devel
|
|
BuildRequires: libselinux-devel
|
|
BuildRequires: libuuid-devel
|
|
# 2.6.38 has the required if_alg.h
|
|
BuildRequires: linux-glibc-devel >= 2.6.38
|
|
BuildRequires: pkgconfig
|
|
BuildRequires: popt-devel
|
|
BuildRequires: suse-module-tools
|
|
BuildRequires: pkgconfig(libargon2)
|
|
Requires(post): coreutils
|
|
Requires(postun): coreutils
|
|
|
|
%description
|
|
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
|
targets. It allows to set up targets to read cryptoloop compatible
|
|
volumes as well as LUKS formatted ones. The package additionally
|
|
includes support for automatically setting up encrypted volumes at boot
|
|
time via the config file %{_sysconfdir}/crypttab.
|
|
|
|
%package -n libcryptsetup%{so_ver}
|
|
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
|
Group: System/Libraries
|
|
|
|
%description -n libcryptsetup%{so_ver}
|
|
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
|
targets. It allows to set up targets to read cryptoloop compatible
|
|
volumes as well as LUKS formatted ones. The package additionally
|
|
includes support for automatically setting up encrypted volumes at boot
|
|
time via the config file %{_sysconfdir}/crypttab.
|
|
|
|
%package -n libcryptsetup%{so_ver}-hmac
|
|
Summary: Checksums for libcryptsetup4
|
|
Group: System/Base
|
|
|
|
%description -n libcryptsetup%{so_ver}-hmac
|
|
This package contains HMAC checksums for integrity checking of libcryptsetup4,
|
|
used for FIPS.
|
|
|
|
%package -n libcryptsetup-devel
|
|
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
|
Group: Development/Libraries/C and C++
|
|
Requires: glibc-devel
|
|
Requires: libcryptsetup%{so_ver} = %{version}
|
|
# cryptsetup-devel last used 11.1
|
|
Provides: cryptsetup-devel = %{version}
|
|
Obsoletes: cryptsetup-devel < %{version}
|
|
|
|
%description -n libcryptsetup-devel
|
|
cryptsetup is used to conveniently set up dm-crypt based device-mapper
|
|
targets. It allows to set up targets to read cryptoloop compatible
|
|
volumes as well as LUKS formatted ones. The package additionally
|
|
includes support for automatically setting up encrypted volumes at boot
|
|
time via the config file %{_sysconfdir}/crypttab.
|
|
|
|
%prep
|
|
%setup -q
|
|
|
|
%build
|
|
%configure \
|
|
--enable-cryptsetup-reencrypt \
|
|
--enable-selinux \
|
|
--enable-fips \
|
|
--enable-pwquality \
|
|
--enable-gcrypt-pbkdf2 \
|
|
--enable-libargon2 \
|
|
--with-luks2-lock-path=/run/cryptsetup \
|
|
--with-tmpfilesdir='%{_tmpfilesdir}'
|
|
make %{?_smp_mflags} V=1
|
|
|
|
%install
|
|
# Generate HMAC checksums (FIPS)
|
|
%define __spec_install_post \
|
|
%{?__debug_package:%{__debug_install_post}} \
|
|
%{__arch_install_post} \
|
|
%__os_install_post \
|
|
fipshmac %{buildroot}/%{_libdir}/libcryptsetup.so.* \
|
|
%{nil}
|
|
|
|
%make_install
|
|
install -dm 0755 %{buildroot}/sbin
|
|
ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin
|
|
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
|
|
find %{buildroot} -type f -name "*.la" -delete -print
|
|
#
|
|
%find_lang %{name} --all-name
|
|
|
|
%post
|
|
test -n "$FIRST_ARG" || FIRST_ARG="$1"
|
|
#
|
|
# convert noauto to nofail and turn on fsck (bnc#724113)
|
|
#
|
|
marker="%{_localstatedir}/adm/crypsetup.fstab.noauto_converted"
|
|
if [ "$FIRST_ARG" -gt 1 -a ! -e "$marker" ]; then
|
|
echo "updating %{_sysconfdir}/fstab ... "
|
|
tmpfstab="%{_sysconfdir}/fstab.cryptsetup.$$"
|
|
sed -e '/^\/dev\/mapper\/cr_.*,noauto\s/{s/,noauto\(\s\)/,nofail\1/;s/ 0 0$/ 0 2/}' < %{_sysconfdir}/fstab > "$tmpfstab"
|
|
if diff -u0 %{_sysconfdir}/fstab "$tmpfstab"; then
|
|
echo "no change"
|
|
rm -f "$tmpfstab"
|
|
> "$marker"
|
|
else
|
|
cp "$tmpfstab" "$marker"
|
|
mv "$tmpfstab" %{_sysconfdir}/fstab
|
|
fi
|
|
fi
|
|
|
|
%{?regenerate_initrd_post}
|
|
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
|
|
|
|
%postun
|
|
%{?regenerate_initrd_post}
|
|
|
|
%posttrans
|
|
%{?regenerate_initrd_posttrans}
|
|
|
|
%post -n libcryptsetup%{so_ver} -p /sbin/ldconfig
|
|
%postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig
|
|
|
|
%files -f %{name}.lang
|
|
%doc AUTHORS COPYING* FAQ README TODO docs/ChangeLog.old docs/*ReleaseNotes
|
|
/sbin/cryptsetup
|
|
%{_sbindir}/cryptsetup
|
|
%{_sbindir}/veritysetup
|
|
%{_sbindir}/integritysetup
|
|
%{_sbindir}/cryptsetup-reencrypt
|
|
%{_mandir}/man8/cryptsetup.8%{ext_man}
|
|
%{_mandir}/man8/cryptsetup-reencrypt.8%{ext_man}
|
|
%{_mandir}/man8/veritysetup.8%{ext_man}
|
|
%{_mandir}/man8/integritysetup.8%{ext_man}
|
|
%{_tmpfilesdir}/cryptsetup.conf
|
|
%ghost %dir /run/cryptsetup
|
|
|
|
%files -n libcryptsetup%{so_ver}
|
|
%{_libdir}/libcryptsetup.so.%{so_ver}*
|
|
|
|
%files -n libcryptsetup%{so_ver}-hmac
|
|
%{_libdir}/.libcryptsetup.so.%{so_ver}*hmac
|
|
|
|
%files -n libcryptsetup-devel
|
|
%doc docs/examples/
|
|
%{_includedir}/libcryptsetup.h
|
|
%{_libdir}/libcryptsetup.so
|
|
%{_libdir}/pkgconfig/*
|
|
|
|
%changelog
|