SHA256
1
0
forked from pool/cryptsetup
cryptsetup/cryptsetup.spec
Ludwig Nussel b9976bf5b8 - New version 2.0.4
Changes since version 2.0.3
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~
  * Use the libblkid (blockid) library to detect foreign signatures
    on a device before LUKS format and LUKS2 auto-recovery.
    This change fixes an unexpected recovery using the secondary
    LUKS2 header after a device was already overwritten with
    another format (filesystem or LVM physical volume).
    LUKS2 will not recreate a primary header if it detects a valid
    foreign signature. In this situation, a user must always
    use cryptsetup repair command for the recovery.
    Note that libcryptsetup and utilities are now linked to libblkid
    as a new dependence.
    To compile code without blockid support (strongly discouraged),
    use --disable-blkid configure switch.
  * Add prompt for format and repair actions in cryptsetup and
    integritysetup if foreign signatures are detected on the device
    through the blockid library.
    After the confirmation, all known signatures are then wiped as
    part of the format or repair procedure.
  * Print consistent verbose message about keyslot and token numbers.
    For keyslot actions: Key slot <number> unlocked/created/removed.
    For token actions: Token <number> created/removed.
  * Print error, if a non-existent token is tried to be removed.
  * Add support for LUKS2 token definition export and import.
    The token command now can export/import customized token JSON file
    directly from command line. See the man page for more details.
  * Add support for new dm-integrity superblock version 2.
  * Add an error message when nothing was read from a key file.
  * Update cryptsetup man pages, including --type option usage.

OBS-URL: https://build.opensuse.org/package/show/security/cryptsetup?expand=0&rev=141
2018-08-21 07:44:40 +00:00

182 lines
5.9 KiB
RPMSpec

#
# spec file for package cryptsetup
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%define so_ver 12
Name: cryptsetup
Version: 2.0.4
Release: 0
Summary: Set Up dm-crypt Based Encrypted Block Devices
License: SUSE-GPL-2.0-with-openssl-exception AND LGPL-2.0-or-later
Group: System/Base
Url: https://gitlab.com/cryptsetup/cryptsetup/
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.xz
# GPG signature of the uncompressed tarball.
Source1: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{version}.tar.sign
Source2: baselibs.conf
Source3: %{name}.keyring
BuildRequires: device-mapper-devel
BuildRequires: fipscheck
BuildRequires: fipscheck-devel
BuildRequires: libgcrypt-devel
BuildRequires: libjson-c-devel
BuildRequires: libpwquality-devel
BuildRequires: libselinux-devel
BuildRequires: libuuid-devel
# 2.6.38 has the required if_alg.h
BuildRequires: linux-glibc-devel >= 2.6.38
BuildRequires: pkgconfig
BuildRequires: popt-devel
BuildRequires: suse-module-tools
BuildRequires: pkgconfig(libargon2)
Requires(post): coreutils
Requires(postun): coreutils
%description
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file %{_sysconfdir}/crypttab.
%package -n libcryptsetup%{so_ver}
Summary: Set Up dm-crypt Based Encrypted Block Devices
Group: System/Libraries
%description -n libcryptsetup%{so_ver}
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file %{_sysconfdir}/crypttab.
%package -n libcryptsetup%{so_ver}-hmac
Summary: Checksums for libcryptsetup4
Group: System/Base
%description -n libcryptsetup%{so_ver}-hmac
This package contains HMAC checksums for integrity checking of libcryptsetup4,
used for FIPS.
%package -n libcryptsetup-devel
Summary: Set Up dm-crypt Based Encrypted Block Devices
Group: Development/Libraries/C and C++
Requires: glibc-devel
Requires: libcryptsetup%{so_ver} = %{version}
# cryptsetup-devel last used 11.1
Provides: cryptsetup-devel = %{version}
Obsoletes: cryptsetup-devel < %{version}
%description -n libcryptsetup-devel
cryptsetup is used to conveniently set up dm-crypt based device-mapper
targets. It allows to set up targets to read cryptoloop compatible
volumes as well as LUKS formatted ones. The package additionally
includes support for automatically setting up encrypted volumes at boot
time via the config file %{_sysconfdir}/crypttab.
%prep
%setup -q
%build
%configure \
--enable-cryptsetup-reencrypt \
--enable-selinux \
--enable-fips \
--enable-pwquality \
--enable-gcrypt-pbkdf2 \
--enable-libargon2 \
--with-luks2-lock-path=/run/cryptsetup \
--with-tmpfilesdir='%{_tmpfilesdir}'
make %{?_smp_mflags} V=1
%install
# Generate HMAC checksums (FIPS)
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%__os_install_post \
fipshmac %{buildroot}/%{_libdir}/libcryptsetup.so.* \
%{nil}
%make_install
install -dm 0755 %{buildroot}/sbin
ln -s ..%{_sbindir}/cryptsetup %{buildroot}/sbin
# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
find %{buildroot} -type f -name "*.la" -delete -print
#
%find_lang %{name} --all-name
%post
test -n "$FIRST_ARG" || FIRST_ARG="$1"
#
# convert noauto to nofail and turn on fsck (bnc#724113)
#
marker="%{_localstatedir}/adm/crypsetup.fstab.noauto_converted"
if [ "$FIRST_ARG" -gt 1 -a ! -e "$marker" ]; then
echo "updating %{_sysconfdir}/fstab ... "
tmpfstab="%{_sysconfdir}/fstab.cryptsetup.$$"
sed -e '/^\/dev\/mapper\/cr_.*,noauto\s/{s/,noauto\(\s\)/,nofail\1/;s/ 0 0$/ 0 2/}' < %{_sysconfdir}/fstab > "$tmpfstab"
if diff -u0 %{_sysconfdir}/fstab "$tmpfstab"; then
echo "no change"
rm -f "$tmpfstab"
> "$marker"
else
cp "$tmpfstab" "$marker"
mv "$tmpfstab" %{_sysconfdir}/fstab
fi
fi
%{?regenerate_initrd_post}
%tmpfiles_create %{_tmpfilesdir}/%{name}.conf
%postun
%{?regenerate_initrd_post}
%posttrans
%{?regenerate_initrd_posttrans}
%post -n libcryptsetup%{so_ver} -p /sbin/ldconfig
%postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig
%files -f %{name}.lang
%doc AUTHORS COPYING* FAQ README TODO docs/ChangeLog.old docs/*ReleaseNotes
/sbin/cryptsetup
%{_sbindir}/cryptsetup
%{_sbindir}/veritysetup
%{_sbindir}/integritysetup
%{_sbindir}/cryptsetup-reencrypt
%{_mandir}/man8/cryptsetup.8%{ext_man}
%{_mandir}/man8/cryptsetup-reencrypt.8%{ext_man}
%{_mandir}/man8/veritysetup.8%{ext_man}
%{_mandir}/man8/integritysetup.8%{ext_man}
%{_tmpfilesdir}/cryptsetup.conf
%ghost %dir /run/cryptsetup
%files -n libcryptsetup%{so_ver}
%{_libdir}/libcryptsetup.so.%{so_ver}*
%files -n libcryptsetup%{so_ver}-hmac
%{_libdir}/.libcryptsetup.so.%{so_ver}*hmac
%files -n libcryptsetup-devel
%doc docs/examples/
%{_includedir}/libcryptsetup.h
%{_libdir}/libcryptsetup.so
%{_libdir}/pkgconfig/*
%changelog