.gitignore

@@ -1 +1 @@
-/volume_key-0.3.11.tar.xz
+SOURCES/volume_key-0.3.12.tar.xz

.volume_key.metadata

@@ -0,0 +1 @@
+c983123b3b7f36819d26c7421a290657a02534b7 SOURCES/volume_key-0.3.12.tar.xz

SOURCES/volume_key-0.3.12-fix_resource_leaks.patch

@@ -0,0 +1,59 @@
+diff --git a/lib/kmip.c b/lib/kmip.c
+index dda819a..333603c 100644
+--- a/lib/kmip.c
++++ b/lib/kmip.c
+@@ -1152,6 +1152,7 @@ kmip_decode_key_value (struct kmip_decoding_state *kmip,
+       break;
+ 
+     default:
++      kmip_key_value_free (res);
+       g_return_val_if_reached (-1);
+     }
+   res->attributes = g_ptr_array_new ();
+@@ -1348,6 +1349,7 @@ kmip_decode_object_symmetric_key (struct kmip_decoding_state *kmip,
+       g_snprintf (num, sizeof (num), "%" G_GUINT32_FORMAT, res->block->type);
+       g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_KMIP_UNSUPPORTED_VALUE,
+ 		   _("Unsupported symmetric key format %s"), num);
++      kmip_object_symmetric_key_free (res);
+       return -1;
+     }
+   *obj = res;
+@@ -1384,6 +1386,7 @@ kmip_decode_object_secret_data (struct kmip_decoding_state *kmip,
+       g_snprintf (num, sizeof (num), "%" G_GUINT32_FORMAT, res->block->type);
+       g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_KMIP_UNSUPPORTED_VALUE,
+ 		   _("Unsupported symmetric key format %s"), num);
++      kmip_object_secret_data_free (res);
+       return -1;
+     }
+   *obj = res;
+diff --git a/lib/volume_luks.c b/lib/volume_luks.c
+index d1c5d47..4d32d9b 100644
+--- a/lib/volume_luks.c
++++ b/lib/volume_luks.c
+@@ -547,8 +547,8 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
+     }
+   g_free (last_log_entry);
+ 
+-  g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes,
+-			-1);
++  if (vol->v.luks->key_bytes != packet->v.luks->key_bytes)
++    goto err_passphrase;
+   luks_replace_key (vol, packet->v.luks->key);
+   luks_replace_passphrase (vol, passphrase);
+   vol->v.luks->passphrase_slot = res;
+diff --git a/src/volume_key.c b/src/volume_key.c
+index 074b187..24b70d6 100644
+--- a/src/volume_key.c
++++ b/src/volume_key.c
+@@ -735,6 +735,11 @@ write_packet (struct packet_output_state *pos, const char *filename,
+       || g_file_set_contents (filename, packet, size, error) == FALSE)
+     {
+       g_prefix_error (error, _("Error creating `%s': "), filename);
++      if (packet != NULL) {
++        if (output_format_cleartext != 0)
++          memset (packet, 0, size);
++        g_free (packet);
++      }
+       return -1;
+     }
+   if (output_format_cleartext != 0)

SOURCES/volume_key-0.3.12-support_LUKS2_and_more.patch

@@ -1,12 +1,3 @@
-From d0aa966c014d8301371e693966dcac3d9e9c0ccd Mon Sep 17 00:00:00 2001
-From: Vojtech Trefny <vtrefny@redhat.com>
-Date: Mon, 10 Sep 2018 13:07:41 +0200
-Subject: [PATCH] Add suppport for opening LUKS2 devices
-
----
- lib/volume_luks.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
 diff --git a/lib/volume_luks.c b/lib/volume_luks.c
 index f4bf2c8..d1c5d47 100644
 --- a/lib/volume_luks.c
@@ -31,6 +22,3 @@ index f4bf2c8..d1c5d47 100644
    if (r < 0)
      goto err_cd;
    return cd;
--- 
-2.17.1
-

SPECS/volume_key.spec

@@ -1,104 +1,142 @@
+# Define `python3_sitearch' if there is no one:
+%{!?python3_sitearch:%global python3_sitearch %(%{__python3} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
+
+# Enable Python 3 in Fedora and RHEL > 7 as default:
+%if 0%{?fedora} || 0%{?rhel} > 7
+# Add `--without python3' option (enable python3 by default):
+%bcond_without python3
+%else
+# Add `--with python3' option (disable python3 by default):
+%bcond_with python3
+%endif
+
+# Drop Python 2 in Fedora >= 30 and RHEL > 7 as default:
+%if 0%{?fedora} >= 30 || 0%{?rhel} > 7
+%global drop_python2 1
+%global configure_with_python2 no
+%else
+# Define `python2_sitearch' if there is no one:
+%{!?python2_sitearch:%global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
+%global configure_with_python2 yes
+%endif
+
+%if %{with python3}
+%global configure_with_python3 yes
+%else
+%global configure_with_python3 no
+%endif
+
+# Additional configure options:
+%global with_pythons --with-python=%{configure_with_python2} --with-python3=%{?configure_with_python3}
+
 Summary: An utility for manipulating storage encryption keys and passphrases
 Name: volume_key
-Version: 0.3.11
+Version: 0.3.12
-Release: 7%{?dist}
+Release: 17%{?dist}
-# lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2
+License: GPLv2
-License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2)
+URL: https://pagure.io/%{name}/
-Group: Applications/System
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
-URL: https://pagure.io/volume_key/
-Requires: volume_key-libs%{?_isa} = %{version}-%{release}
 
-Source0: https://releases.pagure.org/volume_key/volume_key-%{version}.tar.xz
+Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz
-# Add support for opening all types of LUKS devices (not just LUKS1)
+# Support all LUKS devices
-# Resolves: rhbz#1626974
+# - backport of 26c09768662d8958debe8c9410dae9fda02292c3
-Patch0: volume_key-0.3.11-support_LUKS_all.patch
+Patch0: volume_key-0.3.12-support_LUKS2_and_more.patch
-# Make volume_key working in FIPS mode
+# Fix resource leaks
-# Resolves: rhbz#2143223
+# - backport of bf6618ec0b09b4e51fc97fa021e687fbd87599ba
-Patch1: volume_key-0.3.11-FIPS.patch
+Patch1: volume_key-0.3.12-fix_resource_leaks.patch
-# Diagnose patch to get more insight on whats wrong
+Patch2:  volume_key-0.3.12-FIPS.patch
-Patch2: volume_key-0.3.11-show_get_password_error.patch
+# fix getting backup password from secret the FIPS way, RHEL-113757
-# fix getting backup password from secret the FIPS way, RHEL-113242
+Patch3:  volume_key-0.3.12-fips2.patch
-Patch3: volume_key-0.3.12-fips2.patch
+BuildRequires: make
-BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg2
+BuildRequires: gcc
+BuildRequires: cryptsetup-devel, gettext-devel, glib2-devel, /usr/bin/gpg2
 BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python3-devel
+%if 0%{?drop_python2} < 1
+BuildRequires: python2-devel
+%endif
 # Needed by %%check:
 BuildRequires: nss-tools
 
-%description
+%global desc_common The main goal of the software is to allow restoring access to an encrypted\
-This package provides a command-line tool for manipulating storage volume
+hard drive if the primary user forgets the passphrase.  The encryption key\
-encryption keys and storing them separately from volumes.
+back up can also be useful for extracting data after a hardware or software\
-
+failure that corrupts the header of the encrypted volume, or to access the\
-The main goal of the software is to allow restoring access to an encrypted
-hard drive if the primary user forgets the passphrase.  The encryption key
-back up can also be useful for extracting data after a hardware or software
-failure that corrupts the header of the encrypted volume, or to access the
 company data after an employee leaves abruptly.
 
+%global desc_app This package provides a command-line tool for manipulating storage volume\
+encryption keys and storing them separately from volumes.\
+\
+%{desc_common}
+
+%global desc_lib This package provides lib%{name}, a library for manipulating storage volume\
+encryption keys and storing them separately from volumes.\
+\
+%{desc_common}
+
+%global desc_python(V:) This package provides %%{-V:Python %%{-V*}}%%{!-V:Python} bindings for lib%{name}, a library for\
+manipulating storage volume encryption keys and storing them separately from\
+volumes.\
+\
+%{desc_common}\
+\
+%{name} currently supports only the LUKS volume encryption format.  Support\
+for other formats is possible, some formats are planned for future releases.
+
+%description
+%{desc_app}
+
 %package devel
 Summary: A library for manipulating storage encryption keys and passphrases
-Group: Development/Libraries
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
-Requires: volume_key-libs%{?_isa} = %{version}-%{release}
 
 %description devel
-This package provides libvolume_key, a library for manipulating storage volume
+%{desc_lib}
-encryption keys and storing them separately from volumes.
-
-The main goal of the software is to allow restoring access to an encrypted
-hard drive if the primary user forgets the passphrase.  The encryption key
-back up can also be useful for extracting data after a hardware or software
-failure that corrupts the header of the encrypted volume, or to access the
-company data after an employee leaves abruptly.
 
 %package libs
 Summary: A library for manipulating storage encryption keys and passphrases
-Group: System Environment/Libraries
 Requires: /usr/bin/gpg2
 
 %description libs
-This package provides libvolume_key, a library for manipulating storage volume
+%{desc_lib}
-encryption keys and storing them separately from volumes.
 
-The main goal of the software is to allow restoring access to an encrypted
+%if 0%{?drop_python2} < 1
-hard drive if the primary user forgets the passphrase.  The encryption key
+%package -n python2-%{name}
-back up can also be useful for extracting data after a hardware or software
+%{?python_provide:%python_provide python2-%{name}}
-failure that corrupts the header of the encrypted volume, or to access the
+Summary: Python bindings for lib%{name}
-company data after an employee leaves abruptly.
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 
-%package -n python3-volume_key
+%description -n python2-%{name}
-%{?python_provide:%python_provide python3-volume_key}
+%desc_python
-Summary: Python bindings for libvolume_key
+%endif
-Group: System Environment/Libraries
-Requires: volume_key-libs%{?_isa} = %{version}-%{release}
 
-%description -n python3-volume_key
+%if %{with python3}
-This package provides Python bindings for libvolume_key, a library for
+%package -n python3-%{name}
-manipulating storage volume encryption keys and storing them separately from
+%{?python_provide:%python_provide python3-%{name}}
-volumes.
+Summary: Python 3 bindings for lib%{name}
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 
-The main goal of the software is to allow restoring access to an encrypted
+%description -n python3-%{name}
-hard drive if the primary user forgets the passphrase.  The encryption key
+%desc_python -V 3
-back up can also be useful for extracting data after a hardware or software
+%endif
-failure that corrupts the header of the encrypted volume, or to access the
-company data after an employee leaves abruptly.
-
-volume_key currently supports only the LUKS volume encryption format.  Support
-for other formats is possible, some formats are planned for future releases.
 
 %prep
 %setup -q
 %patch -P 0 -p1
 %patch -P 1 -p1
-%patch -P 2 -p1
+%patch -P 2 -p1 -b .FIPS
 %patch -P 3 -p1 -b .fips2
 
 %build
-%configure
+%configure %{?with_pythons}
 make %{?_smp_mflags}
 
 %install
 make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
 
-%find_lang volume_key
+# Remove libtool archive
+find %{buildroot} -type f -name "*.la" -delete
+
+%find_lang %{name}
 
 %check
 make check || { \
@@ -108,67 +146,102 @@ echo "=================================================================="; \
 exit 1; \
 }
 
-%clean
-rm -rf $RPM_BUILD_ROOT
-
 %ldconfig_scriptlets libs
 
 %files
-%defattr(-,root,root,-)
 %doc README contrib
-%{_bindir}/volume_key
+%{_bindir}/%{name}
-%{_mandir}/man8/volume_key.8*
+%{_mandir}/man8/%{name}.8*
 
 %files devel
-%defattr(-,root,root,-)
+%{_includedir}/%{name}
-%{_includedir}/volume_key
+%{_libdir}/lib%{name}.so
-%exclude %{_libdir}/libvolume_key.la
-%{_libdir}/libvolume_key.so
 
-%files libs -f volume_key.lang
+%files libs -f %{name}.lang
-%defattr(-,root,root,-)
 %doc AUTHORS COPYING ChangeLog NEWS
-%{_libdir}/libvolume_key.so.*
+%{_libdir}/lib%{name}.so.*
 
-%files -n python3-volume_key
+%if 0%{?drop_python2} < 1
-%defattr(-,root,root,-)
+%files -n python2-%{name}
-%exclude %{python3_sitearch}/_volume_key.la
+%{python2_sitearch}/_%{name}.so
-%{python3_sitearch}/_volume_key.so
+%{python2_sitearch}/%{name}.py*
-%{python3_sitearch}/volume_key.py*
+%endif
-%{python3_sitearch}/__pycache__/volume_key.*
+
+%if %{with python3}
+%files -n python3-%{name}
+%{python3_sitearch}/_%{name}.so
+%{python3_sitearch}/%{name}.py*
+%{python3_sitearch}/__pycache__/%{name}.*
+%endif
 
 %changelog
-* Thu Feb 12 2026 Michal Hlavinka <mhlavink@redhat.com> - 0.3.11-7
+* Thu Feb 12 2026 Michal Hlavinka <mhlavink@redhat.com> - 0.3.12-17
-- make getting password from backed up secret FIPS compatible (RHEL-113242)
+- ake getting password from backed up secret FIPS compatible (RHEL-113757)
 
-* Fri Jul 21 2023 Jiri Kucera <jkucera@redhat.com> - 0.3.11-6
+* Thu Feb 06 2025 Michal Hlavinka <mhlavink@redhat.com> - 0.3.12-16
-- Make volume_key working in FIPS mode
+- make volume_key FIPS compliant (RHEL-78044)
-  Resolves: #2143223
 
-* Wed Aug 14 2019 Jiri Kucera <jkucera@redhat.com> - 0.3.11-5
+* Thu Aug 26 2021 Jiri Kucera <jkucera@redhat.com> - 0.3.12-15
-- Place %%find_lang to proper place
+- Fix FTBFS
-  Resolves: #1665135
+  Related: #1986584
 
-* Tue Jan 08 2019 Jiri Kucera <jkucera@redhat.com> - 0.3.11-4
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.3.12-14
-- fixed License
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-- Requires: /usr/bin/gpg2 in libs subpackage
+  Related: rhbz#1991688
-- Added support for opening all types of LUKS devices
-  Resolves: #1626974
 
-* Thu Aug 09 2018 Jiri Kucera <jkucera@redhat.com> - 0.3.11-3
+* Fri Aug 06 2021 Jiri Kucera <jkucera@redhat.com> - 0.3.12-13
-- Added %%check
+- Adjust License tag to the effective license
-  Resolves: #1614420
+  Resolves: #1986584
 
-* Tue Jul 24 2018 Jiri Kucera <jkucera@redhat.com> - 0.3.11-2
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.3.12-12
-- added missing licenses
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
-- update to gpg2
 
-* Thu Jul 19 2018 Charalampos Stratakis <cstratak@redhat.com> - 0.3.11-1
+* Wed Mar 31 2021 Jiri Kucera <jkucera@redhat.com> - 0.3.12-11
-- Update to 3.11
+- Fix resource leaks
-- Change to Python 3
+  Resolves: #1938896
 
-* Fri Jul 13 2018 Petr Viktorin <pviktori@redhat.com> - 0.3.9-20
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-10
-- Allow Python 2 for build
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.3.12-8
+- Rebuilt for Python 3.9
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 0.3.12-6
+- Rebuilt for Python 3.8.0rc1 (#1748018)
+
+* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.3.12-5
+- Rebuilt for Python 3.8
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.12-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Jan 23 2019 Jiri Kucera <jkucera@redhat.com> - 0.3.12-2
+- Add support for LUKS2 and more
+- Fix License tag
+
+* Mon Oct 08 2018 Jiri Kucera <jkucera@redhat.com> - 0.3.12-1
+- Update to volume_key-0.3.12
+  Resolves: #1634850
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed May 16 2018 Jiri Kucera <jkucera@redhat.com> - 0.3.10-1
+- Update to volume_key-0.3.10
+  Resolves: #1479349, #1517016
+
+* Wed Feb 14 2018 Iryna Shcherbina <ishcherb@redhat.com> - 0.3.9-20
+- Update Python 2 dependency declarations to new packaging standards
+  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
 
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.9-19
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

gating.yaml

@@ -1,6 +0,0 @@
---- !Policy
-product_versions:
-  - rhel-8
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

sources

@@ -1 +0,0 @@
-SHA512 (volume_key-0.3.11.tar.xz) = b9da00578b31c96231ebde55fd91c9aafbd663e541c560460fb6c3305e1a0e1fb3115a95682dc4713027d084e14ffa39d638653384a18d69f5dc892fc4855a97

volume_key-0.3.11-show_get_password_error.patch

@@ -1,49 +0,0 @@
-diff --git a/src/volume_key.c b/src/volume_key.c
-index 24b70d6..9642072 100644
---- a/src/volume_key.c
-+++ b/src/volume_key.c
-@@ -17,6 +17,7 @@ Author: Miloslav Trmač <mitr@redhat.com> */
- #include <config.h>
- 
- #include <assert.h>
-+#include <errno.h>
- #include <langinfo.h>
- #include <locale.h>
- #include <regex.h>
-@@ -403,6 +404,7 @@ get_password (const char *prompt)
-   char buf[LINE_MAX], *p;
-   struct termios otermios;
-   gboolean echo_disabled;
-+  int saved_errno = 0;
- 
-   tty = fopen ("/dev/tty", "r+");
-   if (tty != NULL)
-@@ -430,7 +432,8 @@ get_password (const char *prompt)
-       echo_disabled = tcsetattr (fileno (in_file), TCSAFLUSH, &ntermios) == 0;
-     }
- 
--  p = fgets(buf, sizeof(buf), in_file);
-+  p = fgets (buf, sizeof (buf), in_file);
-+  saved_errno = errno;
- 
-   if (echo_disabled)
-     {
-@@ -441,13 +444,15 @@ get_password (const char *prompt)
-   if (tty != NULL)
-     fclose (tty);
- 
--  if (p == NULL)
-+  if (p == NULL) {
-+    fprintf (stderr, "fgets: %s\n", strerror (saved_errno));
-     return NULL;
-+  }
- 
--  p = strchr(buf, '\r');
-+  p = strchr (buf, '\r');
-   if (p != NULL)
-     *p = '\0';
--  p = strchr(buf, '\n');
-+  p = strchr (buf, '\n');
-   if (p != NULL)
-     *p = '\0';
-