import cryptsetup-2.0.6-1.el8
This commit is contained in:
commit
1b5c1c1cb9
1
.cryptsetup.metadata
Normal file
1
.cryptsetup.metadata
Normal file
@ -0,0 +1 @@
|
||||
a2590635ff89a7c2fdb2fbbaaecfb2a27617efef SOURCES/cryptsetup-2.0.6.tar.xz
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
SOURCES/cryptsetup-2.0.6.tar.xz
|
22
SOURCES/cryptsetup-add-system-library-paths.patch
Normal file
22
SOURCES/cryptsetup-add-system-library-paths.patch
Normal file
@ -0,0 +1,22 @@
|
||||
diff -rupN cryptsetup-2.0.4.old/configure cryptsetup-2.0.4/configure
|
||||
--- cryptsetup-2.0.4.old/configure 2018-08-03 12:31:52.000000000 +0200
|
||||
+++ cryptsetup-2.0.4/configure 2018-08-03 13:42:50.605275535 +0200
|
||||
@@ -12300,6 +12300,9 @@ fi
|
||||
# before this can be enabled.
|
||||
hardcode_into_libs=yes
|
||||
|
||||
+ # Add ABI-specific directories to the system library path.
|
||||
+ sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib"
|
||||
+
|
||||
# Ideally, we could use ldconfig to report *all* directores which are
|
||||
# searched for libraries, however this is still not possible. Aside from not
|
||||
# being certain /sbin/ldconfig is available, command
|
||||
@@ -12308,7 +12311,7 @@ fi
|
||||
# appending ld.so.conf contents (and includes) to the search path.
|
||||
if test -f /etc/ld.so.conf; then
|
||||
lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
|
||||
- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
|
||||
+ sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra"
|
||||
fi
|
||||
|
||||
# We used to test for /lib/ld.so.1 and disable shared libraries on
|
@ -0,0 +1,24 @@
|
||||
From 620f0cc8c0b69f9c9c56b5d13f3411f217ae9925 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Kozina <okozina@redhat.com>
|
||||
Date: Wed, 8 Aug 2018 11:40:55 +0200
|
||||
Subject: [PATCH 6/7] Disable luks2-integrity-test until next usptream release.
|
||||
|
||||
---
|
||||
tests/luks2-integrity-test | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/tests/luks2-integrity-test b/tests/luks2-integrity-test
|
||||
index 0b7ddf0..d69df1c 100755
|
||||
--- a/tests/luks2-integrity-test
|
||||
+++ b/tests/luks2-integrity-test
|
||||
@@ -114,6 +114,7 @@ intformat() # alg integrity integrity_out key_size int_key_size sector_size csum
|
||||
}
|
||||
|
||||
|
||||
+skip "WARNING: This test can't be run with current build due to some hard coded values bound to old LUKS2 header size."
|
||||
[ $(id -u) != 0 ] && skip "WARNING: You must be root to run this test, test skipped."
|
||||
[ ! -x "$CRYPTSETUP" ] && skip "Cannot find $CRYPTSETUP, test skipped."
|
||||
modprobe dm-integrity >/dev/null 2>&1
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -0,0 +1,25 @@
|
||||
From 18ec689f77a66f4d0632ee2829efccb542ba5f3b Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Kozina <okozina@redhat.com>
|
||||
Date: Fri, 3 Aug 2018 15:42:00 +0200
|
||||
Subject: [PATCH 7/7] Increase default LUKS2 header size to 8MiBs.
|
||||
|
||||
---
|
||||
lib/luks2/luks2.h | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/luks2/luks2.h b/lib/luks2/luks2.h
|
||||
index 2a49618..892e847 100644
|
||||
--- a/lib/luks2/luks2.h
|
||||
+++ b/lib/luks2/luks2.h
|
||||
@@ -124,7 +124,7 @@ struct luks2_keyslot_params {
|
||||
|
||||
#define LUKS2_HDR_BIN_LEN sizeof(struct luks2_hdr_disk)
|
||||
|
||||
-#define LUKS2_HDR_DEFAULT_LEN 0x400000 /* 4 MiB */
|
||||
+#define LUKS2_HDR_DEFAULT_LEN 0x800000 /* 8 MiB */
|
||||
|
||||
#define LUKS2_MAX_KEYSLOTS_SIZE 0x8000000 /* 128 MiB */
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -0,0 +1,14 @@
|
||||
diff -rupN cryptsetup-2.0.6.old/tests/align-test2 cryptsetup-2.0.6/tests/align-test2
|
||||
--- cryptsetup-2.0.6.old/tests/align-test2 2018-12-03 12:53:41.293185399 +0100
|
||||
+++ cryptsetup-2.0.6/tests/align-test2 2018-12-03 12:54:27.821936718 +0100
|
||||
@@ -9,7 +9,9 @@ PWD1="93R4P4pIqAH8"
|
||||
PWD2="mymJeD8ivEhE"
|
||||
FAST_PBKDF="--pbkdf pbkdf2 --pbkdf-force-iterations 1000"
|
||||
|
||||
-EXPCT=8192
|
||||
+# FIXME: we need some sane API to get this information. This is hack.
|
||||
+LUKS2_HDR_DEFAULT_LEN=$(grep -e "#define LUKS2_HDR_DEFAULT_LEN" ../lib/luks2/luks2.h | cut -d ' ' -f 3)
|
||||
+EXPCT=$((LUKS2_HDR_DEFAULT_LEN/512))
|
||||
|
||||
cleanup() {
|
||||
udevadm settle >/dev/null 2>&1
|
@ -0,0 +1,439 @@
|
||||
diff -rupN cryptsetup-2.0.4.old/tests/api-test-2.c cryptsetup-2.0.4/tests/api-test-2.c
|
||||
--- cryptsetup-2.0.4.old/tests/api-test-2.c 2018-08-08 14:05:02.000387826 +0200
|
||||
+++ cryptsetup-2.0.4/tests/api-test-2.c 2018-08-08 14:05:35.946311814 +0200
|
||||
@@ -41,6 +41,7 @@ typedef int32_t key_serial_t;
|
||||
|
||||
#include "api_test.h"
|
||||
#include "luks.h"
|
||||
+#include "luks2.h"
|
||||
#include "libcryptsetup.h"
|
||||
|
||||
#define DMDIR "/dev/mapper/"
|
||||
@@ -165,31 +166,18 @@ static unsigned _min(unsigned a, unsigne
|
||||
return a < b ? a : b;
|
||||
}
|
||||
|
||||
-/* FIXME: will fail with various LUKS2 header sizes */
|
||||
-static int get_luks2_offsets(int metadata_device,
|
||||
- unsigned int alignpayload_sec,
|
||||
- unsigned int alignoffset_sec, /* unused in LUKS2, bug? */
|
||||
- unsigned int sector_size,
|
||||
+static int get_luks2_offsets(unsigned int alignpayload_sec,
|
||||
uint64_t *r_header_size,
|
||||
uint64_t *r_payload_offset)
|
||||
{
|
||||
- if (!sector_size)
|
||||
- sector_size = 512; /* default? */
|
||||
-
|
||||
- if ((sector_size % 512) && (sector_size % 4096))
|
||||
- return -1;
|
||||
-
|
||||
if (r_payload_offset) {
|
||||
- if (metadata_device)
|
||||
- *r_payload_offset = DIV_ROUND_UP_MODULO(4*1024*1024, (alignpayload_sec ?: 1) * sector_size);
|
||||
- else
|
||||
- *r_payload_offset = alignpayload_sec * sector_size;
|
||||
+ *r_payload_offset = DIV_ROUND_UP_MODULO(LUKS2_HDR_DEFAULT_LEN, (alignpayload_sec ?: 1) * SECTOR_SIZE);
|
||||
|
||||
- *r_payload_offset /= sector_size;
|
||||
+ *r_payload_offset >>= SECTOR_SHIFT;
|
||||
}
|
||||
|
||||
if (r_header_size)
|
||||
- *r_header_size = (4*1024*1024) / sector_size;
|
||||
+ *r_header_size = LUKS2_HDR_DEFAULT_LEN >> SECTOR_SHIFT;
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -585,7 +573,7 @@ static void AddDeviceLuks2(void)
|
||||
crypt_decode_key(key3, mk_hex2, key_size);
|
||||
|
||||
// init test devices
|
||||
- OK_(get_luks2_offsets(1, 0, 0, 0, &r_header_size, &r_payload_offset));
|
||||
+ OK_(get_luks2_offsets(0, &r_header_size, &r_payload_offset));
|
||||
OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
|
||||
OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_size - 1));
|
||||
|
||||
@@ -613,8 +601,8 @@ static void AddDeviceLuks2(void)
|
||||
/*
|
||||
* test limit values for backing device size
|
||||
*/
|
||||
- params.data_alignment = 8192;
|
||||
- OK_(get_luks2_offsets(0, params.data_alignment, 0, 0, NULL, &r_payload_offset));
|
||||
+ params.data_alignment = LUKS2_HDR_DEFAULT_LEN >> SECTOR_SHIFT;
|
||||
+ OK_(get_luks2_offsets(params.data_alignment, NULL, &r_payload_offset));
|
||||
OK_(create_dmdevice_over_loop(L_DEVICE_0S, r_payload_offset));
|
||||
OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
|
||||
OK_(create_dmdevice_over_loop(L_DEVICE_WRONG, r_payload_offset - 1));
|
||||
@@ -767,7 +755,7 @@ static void AddDeviceLuks2(void)
|
||||
OK_(strcmp(cipher, crypt_get_cipher(cd)));
|
||||
OK_(strcmp(cipher_mode, crypt_get_cipher_mode(cd)));
|
||||
EQ_((int)key_size, crypt_get_volume_key_size(cd));
|
||||
- EQ_(8192, crypt_get_data_offset(cd));
|
||||
+ EQ_((LUKS2_HDR_DEFAULT_LEN >> SECTOR_SHIFT), crypt_get_data_offset(cd));
|
||||
OK_(strcmp(DEVICE_2, crypt_get_device_name(cd)));
|
||||
|
||||
reset_log();
|
||||
@@ -809,7 +797,7 @@ static void AddDeviceLuks2(void)
|
||||
FAIL_(crypt_keyslot_add_by_volume_key(cd, 1, key, key_size, PASSPHRASE, strlen(PASSPHRASE)), "VK doesn't match any digest");
|
||||
crypt_free(cd);
|
||||
|
||||
- OK_(create_dmdevice_over_loop(L_DEVICE_1S, 8193));
|
||||
+ OK_(create_dmdevice_over_loop(L_DEVICE_1S, (LUKS2_HDR_DEFAULT_LEN >> SECTOR_SHIFT) + 1));
|
||||
OK_(crypt_init(&cd, DMDIR L_DEVICE_1S));
|
||||
crypt_set_iteration_time(cd, 1);
|
||||
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
|
||||
@@ -900,7 +888,7 @@ static void Luks2HeaderRestore(void)
|
||||
|
||||
crypt_decode_key(key, mk_hex, key_size);
|
||||
|
||||
- OK_(get_luks2_offsets(0, params.data_alignment, 0, 0, NULL, &r_payload_offset));
|
||||
+ OK_(get_luks2_offsets(params.data_alignment, NULL, &r_payload_offset));
|
||||
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 5000));
|
||||
|
||||
// do not restore header over plain device
|
||||
@@ -976,18 +964,20 @@ static void Luks2HeaderLoad(void)
|
||||
size_t key_size = strlen(mk_hex) / 2;
|
||||
const char *cipher = "aes";
|
||||
const char *cipher_mode = "cbc-essiv:sha256";
|
||||
- uint64_t r_payload_offset, r_header_size;
|
||||
+ uint64_t r_payload_offset, r_header_size, r_header_size_compat;
|
||||
|
||||
crypt_decode_key(key, mk_hex, key_size);
|
||||
|
||||
// prepare test env
|
||||
- OK_(get_luks2_offsets(0, params.data_alignment, 0, 0, &r_header_size, &r_payload_offset));
|
||||
+ OK_(t_device_size(IMAGE1, &r_header_size_compat));
|
||||
+ r_header_size_compat >>= SECTOR_SHIFT;
|
||||
+ OK_(get_luks2_offsets(params.data_alignment, &r_header_size, &r_payload_offset));
|
||||
// external header device
|
||||
OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
|
||||
// prepared header on a device too small to contain header and payload
|
||||
- //OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_payload_offset - 1));
|
||||
- OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_size - 1));
|
||||
- snprintf(cmd, sizeof(cmd), "dd if=" IMAGE1 " of=" DMDIR H_DEVICE_WRONG " bs=%" PRIu32 " count=%" PRIu64 " 2>/dev/null", params.sector_size, r_header_size - 1);
|
||||
+ // compatimage2.img contains one sector of data. to create wrong device we need one sector less than the header size
|
||||
+ OK_(create_dmdevice_over_loop(H_DEVICE_WRONG, r_header_size_compat - 2));
|
||||
+ snprintf(cmd, sizeof(cmd), "dd if=" IMAGE1 " of=" DMDIR H_DEVICE_WRONG " bs=%" PRIu32 " count=%" PRIu64 " 2>/dev/null", params.sector_size, r_header_size_compat - 2);
|
||||
OK_(_system(cmd, 1));
|
||||
// some device
|
||||
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
|
||||
@@ -1092,7 +1082,7 @@ static void Luks2HeaderBackup(void)
|
||||
|
||||
crypt_decode_key(key, mk_hex, key_size);
|
||||
|
||||
- OK_(get_luks2_offsets(0, params.data_alignment, 0, 0, NULL, &r_payload_offset));
|
||||
+ OK_(get_luks2_offsets(params.data_alignment, NULL, &r_payload_offset));
|
||||
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1));
|
||||
|
||||
// create LUKS device and backup the header
|
||||
@@ -1180,8 +1170,8 @@ static void ResizeDeviceLuks2(void)
|
||||
crypt_decode_key(key, mk_hex, key_size);
|
||||
|
||||
// prepare env
|
||||
- OK_(get_luks2_offsets(0, params.data_alignment, 0, 0, NULL, &r_payload_offset));
|
||||
- OK_(get_luks2_offsets(1, 0, 0, 0, &r_header_size, NULL));
|
||||
+ OK_(get_luks2_offsets(params.data_alignment, NULL, &r_payload_offset));
|
||||
+ OK_(get_luks2_offsets(0, &r_header_size, NULL));
|
||||
OK_(create_dmdevice_over_loop(H_DEVICE, r_header_size));
|
||||
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 1000));
|
||||
OK_(create_dmdevice_over_loop(L_DEVICE_0S, 1000));
|
||||
@@ -1303,7 +1293,7 @@ static void TokenActivationByKeyring(voi
|
||||
}
|
||||
|
||||
// prepare the device
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
crypt_set_iteration_time(cd, 1);
|
||||
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
|
||||
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
|
||||
@@ -1312,7 +1302,7 @@ static void TokenActivationByKeyring(voi
|
||||
crypt_free(cd);
|
||||
|
||||
// test thread keyring key in token 0
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
|
||||
EQ_(crypt_activate_by_token(cd, CDEVICE_1, 3, NULL, 0), 0);
|
||||
FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 3, NULL, 0), "already open");
|
||||
@@ -1331,7 +1321,7 @@ static void TokenActivationByKeyring(voi
|
||||
}
|
||||
|
||||
// add token 1 with process keyring key
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
|
||||
EQ_(crypt_token_json_set(cd, 3, NULL), 3);
|
||||
EQ_(crypt_token_luks2_keyring_set(cd, 1, ¶ms), 1);
|
||||
@@ -1339,7 +1329,7 @@ static void TokenActivationByKeyring(voi
|
||||
crypt_free(cd);
|
||||
|
||||
// test process keyring key in token 1
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
|
||||
EQ_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), 0);
|
||||
FAIL_(crypt_activate_by_token(cd, CDEVICE_1, 1, NULL, 0), "already open");
|
||||
@@ -1364,7 +1354,7 @@ static void TokenActivationByKeyring(voi
|
||||
exit(1);
|
||||
}
|
||||
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
|
||||
EQ_(crypt_token_luks2_keyring_set(cd, 0, ¶ms), 0);
|
||||
EQ_(crypt_token_assign_keyslot(cd, 0, 0), 0);
|
||||
@@ -1376,7 +1366,7 @@ static void TokenActivationByKeyring(voi
|
||||
crypt_free(cd);
|
||||
|
||||
// activate by specific token
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
|
||||
EQ_(crypt_activate_by_token(cd, CDEVICE_1, 0, NULL, 0), 0);
|
||||
OK_(crypt_deactivate(cd, CDEVICE_1));
|
||||
@@ -1390,7 +1380,7 @@ static void TokenActivationByKeyring(voi
|
||||
}
|
||||
|
||||
// activate by any token with token 0 having absent pass from keyring
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
|
||||
EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
|
||||
OK_(crypt_deactivate(cd, CDEVICE_1));
|
||||
@@ -1403,7 +1393,7 @@ static void TokenActivationByKeyring(voi
|
||||
}
|
||||
|
||||
// replace pass for keyslot 0 making token 0 invalid
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
|
||||
OK_(crypt_keyslot_destroy(cd, 0));
|
||||
crypt_set_iteration_time(cd, 1);
|
||||
@@ -1411,7 +1401,7 @@ static void TokenActivationByKeyring(voi
|
||||
crypt_free(cd);
|
||||
|
||||
// activate by any token with token 0 having wrong pass for keyslot 0
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
|
||||
EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
|
||||
OK_(crypt_deactivate(cd, CDEVICE_1));
|
||||
@@ -1420,7 +1410,7 @@ static void TokenActivationByKeyring(voi
|
||||
// create new device, with two tokens:
|
||||
// 1st token being invalid (missing key in keyring)
|
||||
// 2nd token can activate keyslot 1 after failing to do so w/ keyslot 0 (wrong pass)
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
crypt_set_iteration_time(cd, 1);
|
||||
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
|
||||
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
|
||||
@@ -1442,7 +1432,7 @@ static void TokenActivationByKeyring(voi
|
||||
exit(1);
|
||||
}
|
||||
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
|
||||
EQ_(crypt_activate_by_token(cd, CDEVICE_1, CRYPT_ANY_TOKEN, NULL, 0), 1);
|
||||
OK_(crypt_deactivate(cd, CDEVICE_1));
|
||||
@@ -1507,7 +1497,7 @@ static void Tokens(void)
|
||||
FAIL_(crypt_token_register(&th_reserved), "luks2- is reserved prefix");
|
||||
|
||||
// basic token API tests
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
crypt_set_iteration_time(cd, 1);
|
||||
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
|
||||
EQ_(crypt_token_status(cd, -1, NULL), CRYPT_TOKEN_INVALID);
|
||||
@@ -1706,7 +1696,7 @@ static void LuksConvert(void)
|
||||
crypt_free(cd);
|
||||
|
||||
// exercice non-pbkdf2 LUKSv2 conversion
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
|
||||
OK_(crypt_set_pbkdf_type(cd, &argon));
|
||||
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
|
||||
@@ -1714,7 +1704,7 @@ static void LuksConvert(void)
|
||||
crypt_free(cd);
|
||||
|
||||
// exercice non LUKS1 compatible keyslot
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
|
||||
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
|
||||
EQ_(crypt_keyslot_add_by_key(cd, 1, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
|
||||
@@ -1723,7 +1713,7 @@ static void LuksConvert(void)
|
||||
crypt_free(cd);
|
||||
|
||||
// exercice LUKSv2 conversion with single pbkdf2 keyslot being active
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
|
||||
offset = crypt_get_data_offset(cd);
|
||||
OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
|
||||
@@ -1731,13 +1721,13 @@ static void LuksConvert(void)
|
||||
OK_(crypt_convert(cd, CRYPT_LUKS1, NULL));
|
||||
EQ_(crypt_get_data_offset(cd), offset);
|
||||
crypt_free(cd);
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_load(cd, CRYPT_LUKS, NULL));
|
||||
EQ_(crypt_get_data_offset(cd), offset);
|
||||
crypt_free(cd);
|
||||
|
||||
// do not allow conversion on keyslot No > 7
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
|
||||
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
|
||||
EQ_(crypt_keyslot_add_by_volume_key(cd, 8, NULL, 32, PASSPHRASE1, strlen(PASSPHRASE1)), 8);
|
||||
@@ -1745,14 +1735,14 @@ static void LuksConvert(void)
|
||||
crypt_free(cd);
|
||||
|
||||
// do not allow conversion with token
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, &luks2));
|
||||
OK_(crypt_token_json_set(cd, CRYPT_ANY_TOKEN, json));
|
||||
FAIL_(crypt_convert(cd, CRYPT_LUKS1, NULL), "Can't convert header with token.");
|
||||
crypt_free(cd);
|
||||
|
||||
// should be enough for both luks1 and luks2 devices with all vk lengths
|
||||
- OK_(get_luks2_offsets(1, 0, 0, 0, NULL, &r_payload_offset));
|
||||
+ OK_(get_luks2_offsets(0, NULL, &r_payload_offset));
|
||||
OK_(create_dmdevice_over_loop(L_DEVICE_1S, r_payload_offset + 1));
|
||||
|
||||
// do not allow conversion for legacy luks1 device (non-aligned keyslot offset)
|
||||
@@ -2202,7 +2192,7 @@ static void Pbkdf(void)
|
||||
|
||||
// test LUKSv2 device
|
||||
// test default values are set
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, NULL, 32, NULL));
|
||||
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
|
||||
OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
|
||||
@@ -2259,7 +2249,7 @@ static void Pbkdf(void)
|
||||
FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member");
|
||||
crypt_free(cd);
|
||||
// test whether crypt_get_pbkdf_type() behaves accordingly after second crypt_load() call
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_load(cd, CRYPT_LUKS, NULL));
|
||||
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
|
||||
OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
|
||||
@@ -2277,7 +2267,7 @@ static void Pbkdf(void)
|
||||
crypt_free(cd);
|
||||
|
||||
// test crypt_set_pbkdf_type() overwrites invalid value set by crypt_set_iteration_time()
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
crypt_set_iteration_time(cd, 0);
|
||||
OK_(crypt_set_pbkdf_type(cd, &argon2));
|
||||
NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
|
||||
@@ -2352,7 +2342,7 @@ static void Luks2KeyslotAdd(void)
|
||||
crypt_decode_key(key2, mk_hex2, key_size);
|
||||
|
||||
/* test crypt_keyslot_add_by_key */
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
crypt_set_iteration_time(cd, 1);
|
||||
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, key, key_size, NULL));
|
||||
EQ_(crypt_keyslot_add_by_key(cd, 1, key2, key_size, PASSPHRASE1, strlen(PASSPHRASE1), CRYPT_VOLUME_KEY_NO_SEGMENT), 1);
|
||||
@@ -2432,7 +2422,7 @@ static void Luks2ActivateByKeyring(void)
|
||||
}
|
||||
|
||||
// prepare the device
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
crypt_set_iteration_time(cd, 1);
|
||||
OK_(crypt_format(cd, CRYPT_LUKS2, cipher, cipher_mode, NULL, NULL, 32, NULL));
|
||||
EQ_(crypt_keyslot_add_by_volume_key(cd, 0, NULL, 32, PASSPHRASE, strlen(PASSPHRASE)), 0);
|
||||
@@ -2442,7 +2432,7 @@ static void Luks2ActivateByKeyring(void)
|
||||
|
||||
// FIXME: all following tests work as expected but most error messages are missing
|
||||
// check activate by keyring works exactly same as by passphrase
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
|
||||
EQ_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, 0, 0), 0);
|
||||
EQ_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, 0, 0), 0);
|
||||
@@ -2472,7 +2462,7 @@ static void Luks2ActivateByKeyring(void)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
|
||||
FAIL_(crypt_activate_by_keyring(cd, NULL, KEY_DESC_TEST0, CRYPT_ANY_SLOT, 0), "no such key in keyring");
|
||||
FAIL_(crypt_activate_by_keyring(cd, CDEVICE_1, KEY_DESC_TEST0, CRYPT_ANY_SLOT, 0), "no such key in keyring");
|
||||
@@ -2718,7 +2708,7 @@ static void Luks2Requirements(void)
|
||||
OK_(crypt_activate_by_token(cd, NULL, 1, NULL, 0));
|
||||
OK_(crypt_activate_by_token(cd, NULL, 1, NULL, t_dm_crypt_keyring_support() ? CRYPT_ACTIVATE_KEYRING_KEY : 0));
|
||||
#endif
|
||||
- OK_(get_luks2_offsets(1, 8192, 0, 0, NULL, &r_payload_offset));
|
||||
+ OK_(get_luks2_offsets(8192, NULL, &r_payload_offset));
|
||||
OK_(create_dmdevice_over_loop(L_DEVICE_OK, r_payload_offset + 2));
|
||||
//OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" NO_REQS_LUKS2_HEADER " bs=4096 2>/dev/null", 1));
|
||||
OK_(_system("dd if=" NO_REQS_LUKS2_HEADER " of=" DMDIR L_DEVICE_OK " bs=1M count=4 oflag=direct 2>/dev/null", 1));
|
||||
@@ -2863,7 +2853,7 @@ static void Luks2Flags(void)
|
||||
struct crypt_device *cd;
|
||||
uint32_t flags = 42;
|
||||
|
||||
- OK_(crypt_init(&cd, DEVICE_1));
|
||||
+ OK_(crypt_init(&cd, DEVICE_2));
|
||||
OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
|
||||
|
||||
/* check library erase passed variable on success when no flags set */
|
||||
diff -rupN cryptsetup-2.0.4.old/tests/Makefile.am cryptsetup-2.0.4/tests/Makefile.am
|
||||
--- cryptsetup-2.0.4.old/tests/Makefile.am 2018-08-08 14:05:02.008387808 +0200
|
||||
+++ cryptsetup-2.0.4/tests/Makefile.am 2018-08-08 14:05:35.944311818 +0200
|
||||
@@ -80,7 +80,7 @@ api_test_CPPFLAGS = $(AM_CPPFLAGS) -incl
|
||||
api_test_2_SOURCES = api-test-2.c api_test.h test_utils.c
|
||||
api_test_2_LDADD = ../libcryptsetup.la
|
||||
api_test_2_LDFLAGS = $(AM_LDFLAGS) -static
|
||||
-api_test_2_CFLAGS = -g -Wall -O0 $(AM_CFLAGS) -I$(top_srcdir)/lib/ -I$(top_srcdir)/lib/luks1
|
||||
+api_test_2_CFLAGS = -g -Wall -O0 $(AM_CFLAGS) -I$(top_srcdir)/lib/ -I$(top_srcdir)/lib/luks1 -I$(top_srcdir)/lib/luks2
|
||||
api_test_2_CPPFLAGS = $(AM_CPPFLAGS) -include config.h
|
||||
|
||||
vectors_test_SOURCES = crypto-vectors.c
|
||||
diff -rupN cryptsetup-2.0.4.old/tests/Makefile.in cryptsetup-2.0.4/tests/Makefile.in
|
||||
--- cryptsetup-2.0.4.old/tests/Makefile.in 2018-08-08 14:05:02.000387826 +0200
|
||||
+++ cryptsetup-2.0.4/tests/Makefile.in 2018-08-08 14:08:28.749924872 +0200
|
||||
@@ -466,7 +466,7 @@ api_test_CPPFLAGS = $(AM_CPPFLAGS) -incl
|
||||
api_test_2_SOURCES = api-test-2.c api_test.h test_utils.c
|
||||
api_test_2_LDADD = ../libcryptsetup.la
|
||||
api_test_2_LDFLAGS = $(AM_LDFLAGS) -static
|
||||
-api_test_2_CFLAGS = -g -Wall -O0 $(AM_CFLAGS) -I$(top_srcdir)/lib/ -I$(top_srcdir)/lib/luks1
|
||||
+api_test_2_CFLAGS = -g -Wall -O0 $(AM_CFLAGS) -I$(top_srcdir)/lib/ -I$(top_srcdir)/lib/luks1 -I$(top_srcdir)/lib/luks2
|
||||
api_test_2_CPPFLAGS = $(AM_CPPFLAGS) -include config.h
|
||||
vectors_test_SOURCES = crypto-vectors.c
|
||||
vectors_test_LDADD = ../libcrypto_backend.la @CRYPTO_LIBS@ @LIBARGON2_LIBS@
|
||||
diff -rupN cryptsetup-2.0.4.old/tests/test_utils.c cryptsetup-2.0.4/tests/test_utils.c
|
||||
--- cryptsetup-2.0.4.old/tests/test_utils.c 2018-08-08 14:05:02.008387808 +0200
|
||||
+++ cryptsetup-2.0.4/tests/test_utils.c 2018-08-08 14:05:35.947311812 +0200
|
||||
@@ -118,13 +118,21 @@ void xlog(const char *msg, const char *t
|
||||
|
||||
int t_device_size(const char *device, uint64_t *size)
|
||||
{
|
||||
+ struct stat st;
|
||||
int devfd, r = 0;
|
||||
|
||||
devfd = open(device, O_RDONLY);
|
||||
if(devfd == -1)
|
||||
return -EINVAL;
|
||||
|
||||
- if (ioctl(devfd, BLKGETSIZE64, size) < 0)
|
||||
+ if (fstat(devfd, &st) < 0) {
|
||||
+ close(devfd);
|
||||
+ return -EINVAL;
|
||||
+ }
|
||||
+
|
||||
+ if (S_ISREG(st.st_mode))
|
||||
+ *size = (uint64_t)st.st_size;
|
||||
+ else if (ioctl(devfd, BLKGETSIZE64, size) < 0)
|
||||
r = -EINVAL;
|
||||
close(devfd);
|
||||
return r;
|
@ -0,0 +1,123 @@
|
||||
From 619b533bfbb8e6782687eda9e2ba16fc2f73bd15 Mon Sep 17 00:00:00 2001
|
||||
From: Ondrej Kozina <okozina@redhat.com>
|
||||
Date: Tue, 7 Aug 2018 10:17:31 +0200
|
||||
Subject: [PATCH 5/7] Make reencryption-compat-test2 ready for different LUKS2
|
||||
hdr size.
|
||||
|
||||
---
|
||||
tests/reencryption-compat-test2 | 40 +++++++++++++++++++++++++++++-----------
|
||||
1 file changed, 29 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/tests/reencryption-compat-test2 b/tests/reencryption-compat-test2
|
||||
index 411df1f..9656c7b 100755
|
||||
--- a/tests/reencryption-compat-test2
|
||||
+++ b/tests/reencryption-compat-test2
|
||||
@@ -19,6 +19,10 @@ PWD3="1-9Qu5Ejfnqv"
|
||||
MNT_DIR=./mnt_luks
|
||||
START_DIR=$(pwd)
|
||||
|
||||
+# FIXME: we need some sane API to get this information. This is hack.
|
||||
+LUKS2_HDR_DEFAULT_LEN=$(grep -e "#define LUKS2_HDR_DEFAULT_LEN" ../lib/luks2/luks2.h | cut -d ' ' -f 3)
|
||||
+LUKS2_HDR_DEFAULT_LEN_SECTORS=$((LUKS2_HDR_DEFAULT_LEN/512))
|
||||
+
|
||||
function dm_crypt_features()
|
||||
{
|
||||
local VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv)
|
||||
@@ -48,6 +52,7 @@ function remove_mapping()
|
||||
umount $MNT_DIR > /dev/null 2>&1
|
||||
rmdir $MNT_DIR > /dev/null 2>&1
|
||||
del_scsi_device
|
||||
+ test -z "$TMP_LOOP" || losetup -d "$TMP_LOOP"
|
||||
}
|
||||
|
||||
function fail()
|
||||
@@ -113,9 +118,21 @@ function prepare() # $1 dev1_siz
|
||||
fi
|
||||
}
|
||||
|
||||
-function check_hash_dev() # $1 dev, $2 hash
|
||||
+function check_hash_dev() # $1 dev, $2 hash, [$3 optional max size in KiBs]
|
||||
{
|
||||
- HASH=$(sha256sum $1 | cut -d' ' -f 1)
|
||||
+ local _dev=$1
|
||||
+ if [ $# -gt 2 ]; then
|
||||
+ _dev=$(losetup -f)
|
||||
+ losetup -f --sizelimit $3K $1 || fail
|
||||
+ TMP_LOOP=$_dev
|
||||
+ test -b $TMP_LOOP || fail
|
||||
+ fi
|
||||
+
|
||||
+ HASH=$(sha256sum $_dev | cut -d' ' -f 1)
|
||||
+ test -b "$TMP_LOOP" && {
|
||||
+ losetup -d "$TMP_LOOP"
|
||||
+ unset TMP_LOOP
|
||||
+ }
|
||||
[ $HASH != "$2" ] && fail "HASH differs ($HASH)"
|
||||
}
|
||||
|
||||
@@ -218,7 +235,7 @@ HASH5=bb9f8df61474d25e71fa00722318cd387396ca1736605e1248821cc0de3d3af8
|
||||
HASH6=4d9cbaf3aa0935a8c113f139691b3daf9c94c8d6c278aedc8eec66a4b9f6c8ae
|
||||
|
||||
echo "[1] Reencryption"
|
||||
-prepare 8192
|
||||
+prepare $((4096+LUKS2_HDR_DEFAULT_LEN_SECTORS/2))
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 -s 128 -c aes-cbc-plain $FAST_PBKDF_ARGON --align-payload 4096 $IMG || fail
|
||||
wipe $PWD1
|
||||
check_hash $PWD1 $HASH5
|
||||
@@ -260,9 +277,9 @@ $CRYPTSETUP luksDump $IMG | grep -q "luks2" > /dev/null || fail
|
||||
|
||||
echo "[4] Encryption of not yet encrypted device"
|
||||
# well, movin' zeroes :-)
|
||||
-OFFSET=8192 # default LUKS2 header size
|
||||
-prepare 8192
|
||||
-check_hash_dev $IMG $HASH4
|
||||
+OFFSET=$LUKS2_HDR_DEFAULT_LEN_SECTORS # default LUKS2 header size
|
||||
+prepare $((4096+$OFFSET/2)) # in KiBs
|
||||
+check_hash_dev $IMG $HASH4 8192
|
||||
echo $PWD1 | $REENC --type luks2 $IMG -c aes-cbc-essiv:sha256 -s 128 --new --reduce-device-size "$OFFSET"S -q $FAST_PBKDF_ARGON
|
||||
check_hash $PWD1 $HASH5
|
||||
$CRYPTSETUP luksDump $IMG | grep -q "luks2" > /dev/null || fail
|
||||
@@ -299,11 +316,11 @@ echo -e "$PWD2\n$PWD1\n$PWD2\n$PWD1\n$PWD2\n$PWD1\n$PWD2\n$PWD3" | $REENC -q $IM
|
||||
check_slot 0 1 2 3 4 5 6 22 || fail "All keyslots expected to be enabled"
|
||||
|
||||
echo "[7] Reencryption of block devices with different block size"
|
||||
-add_scsi_device sector_size=512 dev_size_mb=8
|
||||
+add_scsi_device sector_size=512 dev_size_mb=16
|
||||
simple_scsi_reenc "[512 sector]"
|
||||
-add_scsi_device sector_size=4096 dev_size_mb=8
|
||||
+add_scsi_device sector_size=4096 dev_size_mb=16
|
||||
simple_scsi_reenc "[4096 sector]"
|
||||
-add_scsi_device sector_size=512 physblk_exp=3 dev_size_mb=8
|
||||
+add_scsi_device sector_size=512 physblk_exp=3 dev_size_mb=16
|
||||
simple_scsi_reenc "[4096/512 sector]"
|
||||
echo "[OK]"
|
||||
|
||||
@@ -350,7 +367,7 @@ echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fa
|
||||
wipe $PWD1
|
||||
check_hash $PWD1 $HASH5
|
||||
echo $PWD1 | $REENC $IMG -q --decrypt
|
||||
-check_hash_dev $IMG $HASH4
|
||||
+check_hash_dev $IMG $HASH4 8192
|
||||
|
||||
echo "[11] Reencryption with tokens"
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fail
|
||||
@@ -403,7 +420,7 @@ $CRYPTSETUP isLuks $IMG_HDR || fail
|
||||
$CRYPTSETUP luksDump $IMG_HDR | grep -q "0: luks2" || fail
|
||||
|
||||
echo "[14] Reencryption with unbound keyslot"
|
||||
-prepare 8192
|
||||
+prepare $((4096+LUKS2_HDR_DEFAULT_LEN_SECTORS/2))
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_ARGON $IMG || fail
|
||||
echo $PWD2 | $CRYPTSETUP -q luksAddKey -S 3 --unbound --key-size 64 $FAST_PBKDF_ARGON $IMG || fail
|
||||
wipe $PWD1
|
||||
@@ -421,6 +438,7 @@ check_hash $PWD1 $HASH1
|
||||
$CRYPTSETUP -q convert --type luks2 $IMG || fail
|
||||
echo $PWD1 | $REENC $IMG -q $FAST_PBKDF_PBKDF2 || fail
|
||||
check_hash $PWD1 $HASH1
|
||||
+prepare $((4096+LUKS2_HDR_DEFAULT_LEN_SECTORS/2))
|
||||
echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks2 $FAST_PBKDF_PBKDF2 $IMG || fail
|
||||
wipe $PWD1
|
||||
check_hash $PWD1 $HASH5
|
||||
--
|
||||
1.8.3.1
|
||||
|
270
SPECS/cryptsetup.spec
Normal file
270
SPECS/cryptsetup.spec
Normal file
@ -0,0 +1,270 @@
|
||||
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
|
||||
|
||||
%if 0%{?fedora}
|
||||
%if 0%{?fedora} >= 29
|
||||
Obsoletes: python2-cryptsetup
|
||||
Obsoletes: cryptsetup-python3
|
||||
%global python2_enable 0
|
||||
%global python3_enable 0
|
||||
%else
|
||||
%global python2_enable 1
|
||||
%global python3_enable 1
|
||||
%endif
|
||||
%else
|
||||
Obsoletes: cryptsetup-python3
|
||||
%global python3_enable 0
|
||||
%if 0%{?rhel} == 7
|
||||
%global python2_enable 1
|
||||
%else
|
||||
Obsoletes: cryptsetup-python
|
||||
Obsoletes: python2-cryptsetup
|
||||
%global python2_enable 0
|
||||
%endif
|
||||
%endif
|
||||
|
||||
Summary: A utility for setting up encrypted disks
|
||||
Name: cryptsetup
|
||||
Version: 2.0.6
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+ and LGPLv2+
|
||||
Group: Applications/System
|
||||
URL: https://gitlab.com/cryptsetup/cryptsetup
|
||||
BuildRequires: openssl-devel, popt-devel, device-mapper-devel
|
||||
BuildRequires: libuuid-devel, gcc, libblkid-devel
|
||||
%if %{python2_enable}
|
||||
BuildRequires: python2-devel
|
||||
%endif
|
||||
%if %{python3_enable}
|
||||
BuildRequires: python3-devel
|
||||
%endif
|
||||
BuildRequires: libpwquality-devel, json-c-devel
|
||||
Provides: cryptsetup-luks = %{version}-%{release}
|
||||
Obsoletes: cryptsetup-luks < 1.4.0
|
||||
Requires: cryptsetup-libs = %{version}-%{release}
|
||||
Requires: libpwquality >= 1.2.0
|
||||
|
||||
%global upstream_version %{version}
|
||||
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{upstream_version}.tar.xz
|
||||
Patch0: %{name}-make-api-test-2-default-LUKS2-hdr-size-aware.patch
|
||||
Patch1: %{name}-make-reencryption-compat-test2-ready-for-different-L.patch
|
||||
Patch2: %{name}-disable-luks2-integrity-test-until-next-usptream-rel.patch
|
||||
Patch3: %{name}-increase-default-LUKS2-header-size-to-8MiBs.patch
|
||||
Patch4: %{name}-make-align-test-ready-for-larger-LUKS2-hdr.patch
|
||||
# Following patch has to applied last
|
||||
Patch5: %{name}-add-system-library-paths.patch
|
||||
|
||||
%description
|
||||
The cryptsetup package contains a utility for setting up
|
||||
disk encryption using dm-crypt kernel module.
|
||||
|
||||
%package devel
|
||||
Group: Development/Libraries
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Requires: pkgconfig
|
||||
Summary: Headers and libraries for using encrypted file systems
|
||||
Provides: cryptsetup-luks-devel = %{version}-%{release}
|
||||
Obsoletes: cryptsetup-luks-devel < 1.4.0
|
||||
|
||||
%description devel
|
||||
The cryptsetup-devel package contains libraries and header files
|
||||
used for writing code that makes use of disk encryption.
|
||||
|
||||
%package libs
|
||||
Group: System Environment/Libraries
|
||||
Summary: Cryptsetup shared library
|
||||
Provides: cryptsetup-luks-libs = %{version}-%{release}
|
||||
Obsoletes: cryptsetup-luks-libs < 1.4.0
|
||||
|
||||
%description libs
|
||||
This package contains the cryptsetup shared library, libcryptsetup.
|
||||
|
||||
%package -n veritysetup
|
||||
Group: Applications/System
|
||||
Summary: A utility for setting up dm-verity volumes
|
||||
Requires: cryptsetup-libs = %{version}-%{release}
|
||||
|
||||
%description -n veritysetup
|
||||
The veritysetup package contains a utility for setting up
|
||||
disk verification using dm-verity kernel module.
|
||||
|
||||
%package -n integritysetup
|
||||
Group: Applications/System
|
||||
Summary: A utility for setting up dm-integrity volumes
|
||||
Requires: cryptsetup-libs = %{version}-%{release}
|
||||
|
||||
%description -n integritysetup
|
||||
The integritysetup package contains a utility for setting up
|
||||
disk integrity protection using dm-integrity kernel module.
|
||||
|
||||
%package reencrypt
|
||||
Group: Applications/System
|
||||
Summary: A utility for offline reencryption of LUKS encrypted disks.
|
||||
Requires: cryptsetup-libs = %{version}-%{release}
|
||||
|
||||
%description reencrypt
|
||||
This package contains cryptsetup-reencrypt utility which
|
||||
can be used for offline reencryption of disk in situ.
|
||||
|
||||
%if %{python2_enable}
|
||||
%package -n python2-cryptsetup
|
||||
Group: System Environment/Libraries
|
||||
Summary: Python bindings for libcryptsetup
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
%{?python_provide:%python_provide python2-cryptsetup}
|
||||
# Remove before F30
|
||||
Provides: %{name}-python = %{version}-%{release}
|
||||
Provides: %{name}-python%{?_isa} = %{version}-%{release}
|
||||
Obsoletes: %{name}-python < %{version}-%{release}
|
||||
Obsoletes: python-cryptsetup < 1.4.0
|
||||
|
||||
%description -n python2-cryptsetup
|
||||
This package provides Python bindings for libcryptsetup, a library
|
||||
for setting up disk encryption using dm-crypt kernel module.
|
||||
%endif
|
||||
|
||||
%if %{python3_enable}
|
||||
%package python3
|
||||
Group: System Environment/Libraries
|
||||
Summary: Python3 bindings for libcryptsetup
|
||||
Requires: %{name}-libs = %{version}-%{release}
|
||||
Provides: python3-cryptsetup = %{version}-%{release}
|
||||
|
||||
%description python3
|
||||
This package provides Python bindings for libcryptsetup, a library
|
||||
for setting up disk encryption using dm-crypt kernel module.
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q -n cryptsetup-%{upstream_version}
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
chmod -x python/pycryptsetup-test.py
|
||||
chmod -x misc/dracut_90reencrypt/*
|
||||
|
||||
# copy the whole directory for the python3 build
|
||||
%if %{python3_enable}
|
||||
cp -a . %{py3dir}
|
||||
%endif
|
||||
|
||||
%build
|
||||
%if %{python2_enable} || %{python3_enable}
|
||||
%configure --enable-python --enable-fips --enable-pwquality --enable-internal-sse-argon2 --with-crypto_backend=openssl --with-default-luks-format=LUKS2
|
||||
%else
|
||||
%configure --enable-fips --enable-pwquality --enable-internal-sse-argon2 --with-crypto_backend=openssl --with-default-luks-format=LUKS2
|
||||
%endif
|
||||
make %{?_smp_mflags}
|
||||
|
||||
%if %{python3_enable}
|
||||
pushd %{py3dir}
|
||||
%configure --enable-python --with-python_version=3 --enable-fips --enable-pwquality --enable-internal-sse-argon2 --with-crypto_backend=openssl --with-default-luks-format=LUKS2
|
||||
make %{?_smp_mflags}
|
||||
popd
|
||||
%endif
|
||||
|
||||
%install
|
||||
make install DESTDIR=%{buildroot}
|
||||
rm -rf %{buildroot}/%{_libdir}/*.la
|
||||
|
||||
%if %{python3_enable}
|
||||
pushd %{py3dir}
|
||||
make install DESTDIR=%{buildroot}
|
||||
rm -rf %{buildroot}/%{_libdir}/*.la
|
||||
popd
|
||||
%endif
|
||||
%find_lang cryptsetup
|
||||
|
||||
%post -n cryptsetup-libs -p /sbin/ldconfig
|
||||
|
||||
%postun -n cryptsetup-libs -p /sbin/ldconfig
|
||||
|
||||
%files
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING
|
||||
%doc AUTHORS FAQ docs/*ReleaseNotes
|
||||
%{_mandir}/man8/cryptsetup.8.gz
|
||||
%{_sbindir}/cryptsetup
|
||||
|
||||
%files -n veritysetup
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING
|
||||
%{_mandir}/man8/veritysetup.8.gz
|
||||
%{_sbindir}/veritysetup
|
||||
|
||||
%files -n integritysetup
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING
|
||||
%{_mandir}/man8/integritysetup.8.gz
|
||||
%{_sbindir}/integritysetup
|
||||
|
||||
%files reencrypt
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING
|
||||
%doc misc/dracut_90reencrypt
|
||||
%{_mandir}/man8/cryptsetup-reencrypt.8.gz
|
||||
%{_sbindir}/cryptsetup-reencrypt
|
||||
|
||||
%files devel
|
||||
%doc docs/examples/*
|
||||
%{_includedir}/libcryptsetup.h
|
||||
%{_libdir}/libcryptsetup.so
|
||||
%{_libdir}/pkgconfig/libcryptsetup.pc
|
||||
|
||||
%files libs -f cryptsetup.lang
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING COPYING.LGPL
|
||||
%{_libdir}/libcryptsetup.so.*
|
||||
%{_tmpfilesdir}/cryptsetup.conf
|
||||
%ghost %attr(700, -, -) %dir /run/cryptsetup
|
||||
|
||||
%if %{python2_enable}
|
||||
%files -n python2-cryptsetup
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING.LGPL
|
||||
%doc python/pycryptsetup-test.py
|
||||
%exclude %{python_sitearch}/pycryptsetup.la
|
||||
%{python_sitearch}/pycryptsetup.so
|
||||
%endif
|
||||
|
||||
%if %{python3_enable}
|
||||
%files python3
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING.LGPL
|
||||
%doc python/pycryptsetup-test.py
|
||||
%exclude %{python3_sitearch}/pycryptsetup.la
|
||||
%{python3_sitearch}/pycryptsetup.so
|
||||
%endif
|
||||
|
||||
%clean
|
||||
|
||||
%changelog
|
||||
* Mon Dec 03 2018 Ondrej Kozina <okozina@redhat.com> - 2.0.6-1
|
||||
- Update to cryptsetup 2.0.6
|
||||
- Enables all supported metadata sizes in LUKS2 validation code.
|
||||
- Resolves: #1653383
|
||||
|
||||
* Fri Aug 10 2018 Ondrej Kozina <okozina@redhat.com> - 2.0.4-2
|
||||
- patch: fix device alignment bug when processing hinted
|
||||
value by device topology info.
|
||||
- Resolves: #1614219
|
||||
|
||||
* Wed Aug 08 2018 Ondrej Kozina <okozina@redhat.com> - 2.0.4-1
|
||||
- Update to cryptsetup 2.0.4.
|
||||
- patch: Add RHEL system library paths in configure.
|
||||
- patch: Increase default LUKS2 header size to 8 MiBs.
|
||||
- patch: update tests to be compatible with larger headers.
|
||||
- Set default format to LUKS2.
|
||||
- Cleanup changelog.
|
||||
- Resolves: #1564540 #1595257 #1595266 #1595881 #1600164
|
||||
|
||||
* Fri May 04 2018 Ondrej Kozina <okozina@redhat.com> - 2.0.3-1
|
||||
- Update to cryptsetup 2.0.3.
|
||||
|
||||
* Tue Mar 27 2018 Björn Esser <besser82@fedoraproject.org> - 2.0.2-2
|
||||
- Rebuilt for libjson-c.so.4 (json-c v0.13.1) on fc28
|
||||
|
||||
* Wed Mar 07 2018 Milan Broz <gmazyland@gmail.com> - 2.0.2-1
|
||||
- Update to cryptsetup 2.0.2.
|
Loading…
Reference in New Issue
Block a user