nbdkit/0005-luks-Disable-filter-with-old-GnuTLS-in-Debian-10.patch

From 66daae1a7daf680e06f884e9af6a14830263c932 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Sun, 8 May 2022 12:13:39 +0100
Subject: [PATCH] luks: Disable filter with old GnuTLS in Debian 10
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

On Debian 10:

luks.c: In function ‘parse_cipher_strings’:
luks.c:574:26: error: ‘GNUTLS_CIPHER_AES_128_XTS’ undeclared (first use in this function); did you mean ‘GNUTLS_CIPHER_AES_128_CCM’?
       h->gnutls_cipher = GNUTLS_CIPHER_AES_128_XTS;
                          ^~~~~~~~~~~~~~~~~~~~~~~~~
                          GNUTLS_CIPHER_AES_128_CCM
luks.c:574:26: note: each undeclared identifier is reported only once for each function it appears in
luks.c:577:26: error: ‘GNUTLS_CIPHER_AES_256_XTS’ undeclared (first use in this function); did you mean ‘GNUTLS_CIPHER_AES_256_CCM’?
       h->gnutls_cipher = GNUTLS_CIPHER_AES_256_XTS;
                          ^~~~~~~~~~~~~~~~~~~~~~~~~
                          GNUTLS_CIPHER_AES_256_CCM
luks.c: In function ‘try_passphrase_in_keyslot’:
luks.c:728:7: error: implicit declaration of function ‘gnutls_pbkdf2’; did you mean ‘gnutls_prf’? [-Werror=implicit-function-declaration]
   r = gnutls_pbkdf2 (h->hash_alg, &key, &salt, ks->password_iterations,
       ^~~~~~~~~~~~~
       gnutls_prf

Because gnutls_pbkdf2 is missing there's no chance of making this
filter work on this platform so it's best to compile it out.

Fixes: commit 468919dce6c5eb57503eacac0f67e5dd87c58e6c
(cherry picked from commit f9f67e483f4aad19ad6101163d32562f13504ca7)
---
 configure.ac             | 5 ++++-
 filters/luks/Makefile.am | 2 +-
 tests/Makefile.am        | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index de85b4da..1d209f67 100644
--- a/configure.ac
+++ b/configure.ac
@@ -636,12 +636,15 @@ AS_IF([test "x$GNUTLS_LIBS" != "x"],[
         gnutls_certificate_set_known_dh_params \
         gnutls_group_get \
         gnutls_group_get_name \
+        gnutls_pbkdf2 \
         gnutls_session_set_verify_cert \
         gnutls_srp_server_get_username \
         gnutls_transport_is_ktls_enabled \
     ])
     LIBS="$old_LIBS"
 ])
+AM_CONDITIONAL([HAVE_GNUTLS_PBKDF2],
+    [test "x$GNUTLS_LIBS" != "x" && test "x$ac_cv_func_gnutls_pbkdf2" = xyes])
 
 AC_ARG_ENABLE([linuxdisk],
     [AS_HELP_STRING([--disable-linuxdisk],
@@ -1484,7 +1487,7 @@ echo "Optional filters:"
 echo
 feature "ext2"                test "x$HAVE_EXT2_TRUE" = "x"
 feature "gzip"                test "x$HAVE_ZLIB_TRUE" = "x"
-feature "LUKS"                test "x$HAVE_GNUTLS_TRUE" != "x"
+feature "luks"                test "x$HAVE_GNUTLS_PBKDF2_TRUE" = "x"
 feature "xz"                  test "x$HAVE_LIBLZMA_TRUE" = "x"
 
 echo
diff --git a/filters/luks/Makefile.am b/filters/luks/Makefile.am
index 30089621..622e5c3d 100644
--- a/filters/luks/Makefile.am
+++ b/filters/luks/Makefile.am
@@ -33,7 +33,7 @@ include $(top_srcdir)/common-rules.mk
 
 EXTRA_DIST = nbdkit-luks-filter.pod
 
-if HAVE_GNUTLS
+if HAVE_GNUTLS_PBKDF2
 
 filter_LTLIBRARIES = nbdkit-luks-filter.la
 
diff --git a/tests/Makefile.am b/tests/Makefile.am
index c29453ba..5585b3b7 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -1597,7 +1597,7 @@ EXTRA_DIST += \
 	$(NULL)
 
 # luks filter test.
-if HAVE_GNUTLS
+if HAVE_GNUTLS_PBKDF2
 TESTS += \
 	test-luks-info.sh \
 	test-luks-copy.sh \
-- 
2.31.1