Update to version 2.4.0-rc1.

2021-07-30 00:08:43 +02:00 · 2021-07-30 00:08:43 +02:00 · dd64a27081
commit dd64a27081
parent 2408d4ef92
7 changed files with 23 additions and 300 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-/cryptsetup-2.4.0-rc0.tar.xz
+/cryptsetup-2.4.0-rc1.tar.xz
--- a/cryptsetup-2.4.0-Fix-ssh-plugin-test.patch
+++ b/cryptsetup-2.4.0-Fix-ssh-plugin-test.patch
@ -1,24 +0,0 @@
-From 0eb84931560a833d06fd99bfcbaeaec7ad3b6d13 Mon Sep 17 00:00:00 2001
-From: Ondrej Kozina <okozina@redhat.com>
-Date: Fri, 2 Jul 2021 22:56:45 +0200
-Subject: [PATCH] Fix ssh-plugin test.
-
---
- tests/ssh-plugin-test | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tests/ssh-plugin-test b/tests/ssh-plugin-test
-index 70f04be1..e4a3c3b7 100755
--- a/tests/ssh-plugin-test
-+++ b/tests/ssh-plugin-test
-@@ -1,6 +1,6 @@
- #!/bin/bash
- 
-[ -z "$CRUPTSETUP_PATH" ] && {
-+[ -z "$CRYPTSETUP_PATH" ] && {
- 	export LD_PRELOAD=./fake_token_path.so
- 	CRYPTSETUP_PATH=".."
- }
-- 
-2.27.0
-
--- a/cryptsetup-2.4.0-rc0.tar.sign
+++ b/cryptsetup-2.4.0-rc0.tar.sign
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmDe/aoACgkQ2bBXe9k+
-mPwLDg/+JV8o1uQf6uWbwtW8u7UiiIf6v/q+2T/CVgxyqZsc48yWb/Ug89AMDXVL
-EKawvzjZXlMZyEYLET52wP9GWDpF3S08feaqZ51ECskwhe4CRSNPQ8kfAP6i7YPm
-f/hJjU5b7ZU0syDaiqN0lXDRwJP16zSA7unp8XOMHteDsgxHVzY+b/+o9tw3bkKM
-a4hbUjxAPNIIrypU9mTuEEu+53TB7bAROXDJytwAr7GZDb1nZ64z3rD5Mzoh49S8
-4TQlm92mA72hiVho+TJwxlLdQ3Ckq4IBTUvoMfzWuWAL5VX/gCtCrc3kKh/ZUW1B
-oTSDwmKKUl6AAnkap25oVqERZaRc281cCsUl4uE+UbO1BhzwPW3oJlmCiRIm8q/I
-/0TELqPyhyxMOka5hbSxo/LQMaazb+dTmiAitBc4FbkW3dUaxLxewEZ3aSwNtcvR
-gW1rxhkWy7nCT3wM9fK2ftkX5+Tlq0ii0W9M7OcwG0bEx9zpyc9RngIwcn1R7+KZ
-sPNoLEOw6vKnTWhsWqrEB7le8vOHII0oFqhtmc6xIUB2d1BHSPuwKieWGLhLvs6A
-zNwvPl3pSiY+2vRDN7GPylfaKeQMGDRdpGMyHGpQOWm7qHNdYLDEbU023aHK89cK
-5R9Sz6qzzR/hzaSt/HN5cMZBVNCKhjqTVdmeYSp7bHWWUXl7XyQ=
-=OATs
-----END PGP SIGNATURE-----
--- a/cryptsetup-2.4.0-rc1.tar.sign
+++ b/cryptsetup-2.4.0-rc1.tar.sign
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEKikYJD/eRmSNBob52bBXe9k+mPwFAmEDH9gACgkQ2bBXe9k+
+mPwgSw//cRgUyjZ0bjPSQo1S6dVbNPTh2bMjcAgZ7Y+MJWBLFmS7ltHOw+7JxpZM
+KXvo5MDXqCtl1WC5tfqsfCEEbEW/MjeC94hjc3Yl/9yFJVlFh75OcuKzp6vpNcXr
+5LAo4nHAp92W+pw9xLsDDc4N3CkaKxmxO0JUwkiHFFv9oic4BwYOCRmG0r0OPkuf
+wzFsUBfn+7POQ34qdkpJmaJFo35ellTVbC5tYW1PdHOmB70i4bqFeQ1r3KNfVZa0
+ZHD5ulWBagxfn2bnAaGvoCYofa4V12ZcJz+U4o744R0lqS2rbjKGqa0mpd4w/bxa
+5zjT7eJqe6rLqjMbo//jTLB3G47828s3M6U0uBquJZ8sJk5MkdJK2M7Jprwq4eK4
+wZdRRpXtYiprR24DeE3lR7/83UcMH12IDQRwFPaihOmQxESw3c+qn37X0P6rXtJ
+NpX4ux+TT/YJiO8L/u7f6OkC0Zn6p4icEGfo684VNHEhqIUvMueKGYLwsWjHEnHY
+/WWTYz5TJcqrWoxxTnD/0/Fpgawa1Dquv7gda0gibYhVpCy9Ti8QBI+0IvnyZ4iW
+K2rs3bavygh1GEpVjbOxbgt2cRIhEz1+hyM8RlZnQrHkSGMI/moL5FlFeL28WUkD
+DLCWjpXU0jNyrBev4IWuc+fuDaWOElu3AB8vjcoSCA7tTbHGfuE=
+=YNRk
+-----END PGP SIGNATURE-----
--- a/cryptsetup-2.4.0-tests-Do-not-guess-default-pbkdf-anymore.patch
+++ b/cryptsetup-2.4.0-tests-Do-not-guess-default-pbkdf-anymore.patch
@ -1,254 +0,0 @@
-From 9736f533bb90557e4522451b95e357920786f869 Mon Sep 17 00:00:00 2001
-From: Ondrej Kozina <okozina@redhat.com>
-Date: Fri, 2 Jul 2021 21:55:40 +0200
-Subject: [PATCH] tests: Do not guess default pbkdf anymore.
-
-Instead of guessing get pbkdf defaults via libcryptsetup
-API.
---
- tests/api-test-2.c | 109 +++++++++++++++++++++++++++------------------
- 1 file changed, 66 insertions(+), 43 deletions(-)
-
-diff --git a/tests/api-test-2.c b/tests/api-test-2.c
-index fe7363e1..c769e2ed 100644
--- a/tests/api-test-2.c
-+++ b/tests/api-test-2.c
-@@ -119,16 +119,6 @@ typedef int32_t key_serial_t;
- #define PASS7 "bbb"
- #define PASS8 "iii"
- 
-/* Allow to run without config.h */
-#ifndef DEFAULT_LUKS1_HASH
-  #define DEFAULT_LUKS1_HASH "sha256"
-  #define DEFAULT_LUKS1_ITER_TIME 2000
-  #define DEFAULT_LUKS2_ITER_TIME 2000
-  #define DEFAULT_LUKS2_MEMORY_KB 1048576
-  #define DEFAULT_LUKS2_PARALLEL_THREADS 4
-  #define DEFAULT_LUKS2_PBKDF "argon2i"
-#endif
-
- static int _fips_mode = 0;
- 
- static char *DEVICE_1 = NULL;
-@@ -145,6 +135,14 @@ unsigned int test_progress_steps;
- 
- struct crypt_device *cd = NULL, *cd2 = NULL;
- 
-+static const char *default_luks1_hash = NULL;
-+static uint32_t default_luks1_iter_time = 0;
-+
-+static const char *default_luks2_pbkdf = NULL;
-+static uint32_t default_luks2_iter_time = 0;
-+static uint32_t default_luks2_memory_kb = 0;
-+static uint32_t default_luks2_parallel_threads = 0;
-+
- // Helpers
- 
- static unsigned cpus_online(void)
-@@ -167,14 +165,14 @@ static uint32_t adjusted_pbkdf_memory(void)
- 	uint64_t memory_kb;
- 
- 	if (pagesize <= 0 || pages <= 0)
-		return DEFAULT_LUKS2_MEMORY_KB;
-+		return default_luks2_memory_kb;
- 
- 	memory_kb = pagesize / 1024 * pages / 2;
- 
-	if (memory_kb < DEFAULT_LUKS2_MEMORY_KB)
-+	if (memory_kb < default_luks2_memory_kb)
- 		return (uint32_t)memory_kb;
- 
-	return DEFAULT_LUKS2_MEMORY_KB;
-+	return default_luks2_memory_kb;
- }
- 
- static unsigned _min(unsigned a, unsigned b)
-@@ -225,6 +223,28 @@ static int get_luks2_offsets(int metadata_device,
- 	return 0;
- }
- 
-+static bool get_luks_pbkdf_defaults(void)
-+{
-+	const struct crypt_pbkdf_type *pbkdf_defaults = crypt_get_pbkdf_default(CRYPT_LUKS1);
-+
-+	if (!pbkdf_defaults)
-+		return false;
-+
-+	default_luks1_hash = pbkdf_defaults->hash;
-+	default_luks1_iter_time = pbkdf_defaults->time_ms;
-+
-+	pbkdf_defaults = crypt_get_pbkdf_default(CRYPT_LUKS2);
-+	if (!pbkdf_defaults)
-+		return false;
-+
-+	default_luks2_pbkdf = pbkdf_defaults->type;
-+	default_luks2_iter_time = pbkdf_defaults->time_ms;
-+	default_luks2_memory_kb = pbkdf_defaults->max_memory_kb;
-+	default_luks2_parallel_threads = pbkdf_defaults->parallel_threads;
-+
-+	return true;
-+}
-+
- static void _remove_keyfiles(void)
- {
- 	remove(KEYFILE1);
-@@ -413,6 +433,9 @@ static int _setup(void)
- 	/* Use default log callback */
- 	crypt_set_log_callback(NULL, &global_log_callback, NULL);
- 
-+	if (!get_luks_pbkdf_defaults())
-+		return 1;
-+
- 	return 0;
- }
- 
-@@ -2541,17 +2564,17 @@ static void Pbkdf(void)
- 	const char *cipher = "aes", *mode="xts-plain64";
- 	struct crypt_pbkdf_type argon2 = {
- 		.type = CRYPT_KDF_ARGON2I,
-		.hash = DEFAULT_LUKS1_HASH,
-+		.hash = default_luks1_hash,
- 		.time_ms = 6,
- 		.max_memory_kb = 1024,
- 		.parallel_threads = 1
- 	}, pbkdf2 = {
- 		.type = CRYPT_KDF_PBKDF2,
-		.hash = DEFAULT_LUKS1_HASH,
-+		.hash = default_luks1_hash,
- 		.time_ms = 9
- 	}, bad = {
- 		.type = "hamster_pbkdf",
-		.hash = DEFAULT_LUKS1_HASH
-+		.hash = default_luks1_hash
- 	};
- 	struct crypt_params_plain params = {
- 		.hash = "sha1",
-@@ -2607,7 +2630,7 @@ static void Pbkdf(void)
- 	OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
- 	OK_(crypt_set_pbkdf_type(cd, NULL));
- 	NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
-	EQ_(pbkdf->time_ms, DEFAULT_LUKS1_ITER_TIME);
-+	EQ_(pbkdf->time_ms, default_luks1_iter_time);
- 	CRYPT_FREE(cd);
- 	// test value set in crypt_set_iteration_time() can be obtained via following crypt_get_pbkdf_type()
- 	OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
-@@ -2617,7 +2640,7 @@ static void Pbkdf(void)
- 	EQ_(pbkdf->time_ms, 42);
- 	// test crypt_get_pbkdf_type() returns expected values for LUKSv1
- 	OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
-	OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
-+	OK_(strcmp(pbkdf->hash, default_luks1_hash));
- 	EQ_(pbkdf->max_memory_kb, 0);
- 	EQ_(pbkdf->parallel_threads, 0);
- 	crypt_set_iteration_time(cd, 43);
-@@ -2648,11 +2671,11 @@ static void Pbkdf(void)
- 	OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
- 	OK_(crypt_format(cd, CRYPT_LUKS2, cipher, mode, NULL, NULL, 32, NULL));
- 	NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
-	OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
-	OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
-	EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME);
-+	OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
-+	OK_(strcmp(pbkdf->hash, default_luks1_hash));
-+	EQ_(pbkdf->time_ms, default_luks2_iter_time);
- 	EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
-	EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS));
-+	EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
- 	// set and verify argon2 type
- 	OK_(crypt_set_pbkdf_type(cd, &argon2));
- 	NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
-@@ -2673,11 +2696,11 @@ static void Pbkdf(void)
- 	crypt_set_iteration_time(cd, 1); // it's supposed to override this call
- 	OK_(crypt_set_pbkdf_type(cd, NULL));
- 	NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
-	OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
-	OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
-	EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME);
-+	OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
-+	OK_(strcmp(pbkdf->hash, default_luks1_hash));
-+	EQ_(pbkdf->time_ms, default_luks2_iter_time);
- 	EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
-	EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS));
-+	EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
- 	// try to pass illegal values
- 	argon2.parallel_threads = 0;
- 	FAIL_(crypt_set_pbkdf_type(cd, &argon2), "Parallel threads can't be 0");
-@@ -2695,7 +2718,7 @@ static void Pbkdf(void)
- 	bad.hash = NULL;
- 	FAIL_(crypt_set_pbkdf_type(cd, &bad), "Hash member is empty");
- 	bad.type = NULL;
-	bad.hash = DEFAULT_LUKS1_HASH;
-+	bad.hash = default_luks1_hash;
- 	FAIL_(crypt_set_pbkdf_type(cd, &bad), "Pbkdf type member is empty");
- 	bad.hash = "hamster_hash";
- 	FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Unknown hash member");
-@@ -2704,18 +2727,18 @@ static void Pbkdf(void)
- 	OK_(crypt_init(&cd, DMDIR L_DEVICE_OK));
- 	OK_(crypt_load(cd, CRYPT_LUKS, NULL));
- 	NOTNULL_(pbkdf = crypt_get_pbkdf_type(cd));
-	OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
-	OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
-	EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME);
-+	OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
-+	OK_(strcmp(pbkdf->hash, default_luks1_hash));
-+	EQ_(pbkdf->time_ms, default_luks2_iter_time);
- 	EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
-	EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS));
-+	EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
- 	crypt_set_iteration_time(cd, 1);
- 	OK_(crypt_load(cd, CRYPT_LUKS, NULL));
-	OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
-	OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
-+	OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
-+	OK_(strcmp(pbkdf->hash, default_luks1_hash));
- 	EQ_(pbkdf->time_ms, 1);
- 	EQ_(pbkdf->max_memory_kb, adjusted_pbkdf_memory());
-	EQ_(pbkdf->parallel_threads, _min(cpus_online(), DEFAULT_LUKS2_PARALLEL_THREADS));
-+	EQ_(pbkdf->parallel_threads, _min(cpus_online(), default_luks2_parallel_threads));
- 	CRYPT_FREE(cd);
- 
- 	// test crypt_set_pbkdf_type() overwrites invalid value set by crypt_set_iteration_time()
-@@ -2766,17 +2789,17 @@ static void Pbkdf(void)
- 
- 	NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS1));
- 	OK_(strcmp(pbkdf->type, CRYPT_KDF_PBKDF2));
-	EQ_(pbkdf->time_ms, DEFAULT_LUKS1_ITER_TIME);
-	OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
-+	EQ_(pbkdf->time_ms, default_luks1_iter_time);
-+	OK_(strcmp(pbkdf->hash, default_luks1_hash));
- 	EQ_(pbkdf->max_memory_kb, 0);
- 	EQ_(pbkdf->parallel_threads, 0);
- 
- 	NOTNULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_LUKS2));
-	OK_(strcmp(pbkdf->type, DEFAULT_LUKS2_PBKDF));
-	EQ_(pbkdf->time_ms, DEFAULT_LUKS2_ITER_TIME);
-	OK_(strcmp(pbkdf->hash, DEFAULT_LUKS1_HASH));
-	EQ_(pbkdf->max_memory_kb, DEFAULT_LUKS2_MEMORY_KB);
-	EQ_(pbkdf->parallel_threads, DEFAULT_LUKS2_PARALLEL_THREADS);
-+	OK_(strcmp(pbkdf->type, default_luks2_pbkdf));
-+	EQ_(pbkdf->time_ms, default_luks2_iter_time);
-+	OK_(strcmp(pbkdf->hash, default_luks1_hash));
-+	EQ_(pbkdf->max_memory_kb, default_luks2_memory_kb);
-+	EQ_(pbkdf->parallel_threads, default_luks2_parallel_threads);
- 
- 	NULL_(pbkdf = crypt_get_pbkdf_default(CRYPT_PLAIN));
- 
-@@ -3149,13 +3172,13 @@ static void Luks2Requirements(void)
- 	const char *token, *json = "{\"type\":\"test_token\",\"keyslots\":[]}";
- 	struct crypt_pbkdf_type argon2 = {
- 		.type = CRYPT_KDF_ARGON2I,
-		.hash = DEFAULT_LUKS1_HASH,
-+		.hash = default_luks1_hash,
- 		.time_ms = 6,
- 		.max_memory_kb = 1024,
- 		.parallel_threads = 1
- 	}, pbkdf2 = {
- 		.type = CRYPT_KDF_PBKDF2,
-		.hash = DEFAULT_LUKS1_HASH,
-+		.hash = default_luks1_hash,
- 		.time_ms = 9
- 	};
- 	struct crypt_token_params_luks2_keyring params_get, params = {
-- 
-2.27.0
-
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@ -1,7 +1,7 @@
 Summary: Utility for setting up encrypted disks
 Name: cryptsetup
-Version: 2.4.0~rc0
-Release: 3%{?dist}
+Version: 2.4.0~rc1
+Release: 1%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: https://gitlab.com/cryptsetup/cryptsetup
 BuildRequires: openssl-devel, popt-devel, device-mapper-devel
@ -13,8 +13,6 @@ Requires: libpwquality >= 1.2.0

 %global upstream_version %{version_no_tilde}
 Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{upstream_version}.tar.xz
-Patch0: %{name}-2.4.0-tests-Do-not-guess-default-pbkdf-anymore.patch
-Patch1: %{name}-2.4.0-Fix-ssh-plugin-test.patch
 # Following patch has to applied last
 Patch9999: %{name}-add-system-library-paths.patch

@ -126,6 +124,9 @@ rm -rf %{buildroot}%{_libdir}/%{name}/*.la
 %{_sbindir}/cryptsetup-ssh

 %changelog
+* Fri Jul 30 2021 Milan Broz <gmazyland@gmail.com> - 2.4.0~rc1-1
+- Update to cryptsetup 2.4.0-rc1.
+
 * Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.0~rc0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (cryptsetup-2.4.0-rc0.tar.xz) = ed80cc7a1763cf0e788bd72eee979640d6133b98a7b294a3fa09c608273eef172c2d56d80802433143d01063a0c142e68ea06465392b273fc2615b8f90273b25
+SHA512 (cryptsetup-2.4.0-rc1.tar.xz) = 73f07e7963624111d916f9791617af52bdf614be04da8462603aa17e0b10f28f681eca2bc991c74c9c3804a4ffc9714f7d075242631f5b77a86462bc57bade93