Blame SPECS/cryptsetup.spec

5d0898
Obsoletes: python2-cryptsetup
5d0898
Obsoletes: cryptsetup-python
0bd263
Obsoletes: cryptsetup-python3
5d0898
5d0898
Summary: A utility for setting up encrypted disks
5d0898
Name: cryptsetup
128b95
Version: 2.3.3
33f49e
Release: 4%{?dist}.1
5d0898
License: GPLv2+ and LGPLv2+
5d0898
Group: Applications/System
5d0898
URL: https://gitlab.com/cryptsetup/cryptsetup
5d0898
BuildRequires: openssl-devel, popt-devel, device-mapper-devel
5d0898
BuildRequires: libuuid-devel, gcc, libblkid-devel
5d0898
BuildRequires: libpwquality-devel, json-c-devel
5d0898
Provides: cryptsetup-luks = %{version}-%{release}
5d0898
Obsoletes: cryptsetup-luks < 1.4.0
5d0898
Requires: cryptsetup-libs = %{version}-%{release}
5d0898
Requires: libpwquality >= 1.2.0
5d0898
5d0898
%global upstream_version %{version}
5d0898
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{upstream_version}.tar.xz
5d0898
# Following patch has to applied last
0bd263
Patch0:  %{name}-add-system-library-paths.patch
0bd263
# Remove the patch when (if ever) osci infrastructure gets stable enough
0bd263
Patch1:  %{name}-disable-verity-compat-test.patch
128b95
Patch2:  %{name}-2.3.4-luks2-validation-32bit-fix.patch
c44dd4
Patch3:  %{name}-2.3.4-fix-crypto-backend-to-properly-handle-ECB-mode.patch
c44dd4
Patch4:  %{name}-2.3.5-fix-reencryption-cipher_null.patch
5d0898
33f49e
# CVE-2021-4122 fix
33f49e
Patch5:  %{name}-2.3.7-Fix-CVE-2021-4122-LUKS2-reencryption-crash-recovery-.patch
33f49e
Patch6:  %{name}-2.3.7-Reenc-keyslot-must-have-key_size-1.patch
33f49e
Patch7:  %{name}-2.3.7-Do-not-run-reencryption-recovery-when-not-needed.patch
33f49e
Patch8:  %{name}-2.3.7-Move-requirement-helpers-for-later-changes.patch
33f49e
Patch9:  %{name}-2.3.7-Expose-json_segment_contains_flag-to-internal-librar.patch
33f49e
Patch10:  %{name}-2.3.7-Split-requirements-validation-from-config-section-va.patch
33f49e
Patch11:  %{name}-2.3.7-Add-segments-validation-for-reencryption.patch
33f49e
Patch12:  %{name}-2.3.7-Rename-LUKS2_keyslot_reencrypt_create-function.patch
33f49e
Patch13:  %{name}-2.3.7-Make-reencryption-flag-and-keyslot-inseparable.patch
33f49e
Patch14:  %{name}-2.3.7-Add-reencryption-mangle-test.patch
33f49e
# cryptsetup manual repair command able to upgrade/verify reencryption metadata
33f49e
Patch15:  %{name}-2.3.7-Add-CRYPT_REENCRYPT_REPAIR_NEEDED-flag.patch
33f49e
Patch16:  %{name}-2.3.7-Allow-reencryption-metadata-repair-from-cryptsetup.patch
33f49e
Patch17:  %{name}-2.3.7-Fix-reencrypt-mangle-test-for-older-jq.patch
33f49e
Patch18:  %{name}-Makefile-in.patch
33f49e
Patch19:  %{name}-tests-Makefile-in.patch
33f49e
5d0898
%description
5d0898
The cryptsetup package contains a utility for setting up
5d0898
disk encryption using dm-crypt kernel module.
5d0898
5d0898
%package devel
5d0898
Group: Development/Libraries
5d0898
Requires: %{name} = %{version}-%{release}
5d0898
Requires: pkgconfig
5d0898
Summary: Headers and libraries for using encrypted file systems
5d0898
Provides: cryptsetup-luks-devel = %{version}-%{release}
5d0898
Obsoletes: cryptsetup-luks-devel < 1.4.0
5d0898
5d0898
%description devel
5d0898
The cryptsetup-devel package contains libraries and header files
5d0898
used for writing code that makes use of disk encryption.
5d0898
5d0898
%package libs
5d0898
Group: System Environment/Libraries
5d0898
Summary: Cryptsetup shared library
5d0898
Provides: cryptsetup-luks-libs = %{version}-%{release}
5d0898
Obsoletes: cryptsetup-luks-libs < 1.4.0
5d0898
5d0898
%description libs
5d0898
This package contains the cryptsetup shared library, libcryptsetup.
5d0898
5d0898
%package -n veritysetup
5d0898
Group: Applications/System
5d0898
Summary: A utility for setting up dm-verity volumes
5d0898
Requires: cryptsetup-libs = %{version}-%{release}
5d0898
5d0898
%description -n veritysetup
5d0898
The veritysetup package contains a utility for setting up
5d0898
disk verification using dm-verity kernel module.
5d0898
5d0898
%package -n integritysetup
5d0898
Group: Applications/System
5d0898
Summary: A utility for setting up dm-integrity volumes
5d0898
Requires: cryptsetup-libs = %{version}-%{release}
5d0898
5d0898
%description -n integritysetup
5d0898
The integritysetup package contains a utility for setting up
5d0898
disk integrity protection using dm-integrity kernel module.
5d0898
5d0898
%package reencrypt
5d0898
Group: Applications/System
5d0898
Summary: A utility for offline reencryption of LUKS encrypted disks.
5d0898
Requires: cryptsetup-libs = %{version}-%{release}
5d0898
5d0898
%description reencrypt
5d0898
This package contains cryptsetup-reencrypt utility which
5d0898
can be used for offline reencryption of disk in situ.
5d0898
5d0898
%prep
5d0898
%setup -q -n cryptsetup-%{upstream_version}
5d0898
%patch1 -p1
128b95
%patch2 -p1
c44dd4
%patch3 -p1
c44dd4
%patch4 -p1
33f49e
%patch5 -p1
33f49e
%patch6 -p1
33f49e
%patch7 -p1
33f49e
%patch8 -p1
33f49e
%patch9 -p1
33f49e
%patch10 -p1
33f49e
%patch11 -p1
33f49e
%patch12 -p1
33f49e
%patch13 -p1
33f49e
%patch14 -p1
33f49e
%patch15 -p1
33f49e
%patch16 -p1
33f49e
%patch17 -p1
33f49e
%patch18 -p1
33f49e
%patch19 -p1
0bd263
%patch0 -p1
5d0898
chmod -x misc/dracut_90reencrypt/*
33f49e
chmod +x tests/luks2-reencryption-mangle-test
5d0898
5d0898
%build
5d0898
%configure --enable-fips --enable-pwquality --enable-internal-sse-argon2 --with-crypto_backend=openssl --with-default-luks-format=LUKS2
5d0898
make %{?_smp_mflags}
5d0898
5d0898
%install
5d0898
make install DESTDIR=%{buildroot}
5d0898
rm -rf %{buildroot}/%{_libdir}/*.la
5d0898
5d0898
%find_lang cryptsetup
5d0898
5d0898
%post -n cryptsetup-libs -p /sbin/ldconfig
5d0898
5d0898
%postun -n cryptsetup-libs -p /sbin/ldconfig
5d0898
5d0898
%files
5d0898
%{!?_licensedir:%global license %%doc}
5d0898
%license COPYING
5d0898
%doc AUTHORS FAQ docs/*ReleaseNotes
5d0898
%{_mandir}/man8/cryptsetup.8.gz
5d0898
%{_sbindir}/cryptsetup
5d0898
5d0898
%files -n veritysetup
5d0898
%{!?_licensedir:%global license %%doc}
5d0898
%license COPYING
5d0898
%{_mandir}/man8/veritysetup.8.gz
5d0898
%{_sbindir}/veritysetup
5d0898
5d0898
%files -n integritysetup
5d0898
%{!?_licensedir:%global license %%doc}
5d0898
%license COPYING
5d0898
%{_mandir}/man8/integritysetup.8.gz
5d0898
%{_sbindir}/integritysetup
5d0898
5d0898
%files reencrypt
5d0898
%{!?_licensedir:%global license %%doc}
5d0898
%license COPYING
5d0898
%doc misc/dracut_90reencrypt
5d0898
%{_mandir}/man8/cryptsetup-reencrypt.8.gz
5d0898
%{_sbindir}/cryptsetup-reencrypt
5d0898
5d0898
%files devel
5d0898
%doc docs/examples/*
5d0898
%{_includedir}/libcryptsetup.h
5d0898
%{_libdir}/libcryptsetup.so
5d0898
%{_libdir}/pkgconfig/libcryptsetup.pc
5d0898
5d0898
%files libs -f cryptsetup.lang
5d0898
%{!?_licensedir:%global license %%doc}
5d0898
%license COPYING COPYING.LGPL
5d0898
%{_libdir}/libcryptsetup.so.*
5d0898
%{_tmpfilesdir}/cryptsetup.conf
5d0898
%ghost %attr(700, -, -) %dir /run/cryptsetup
5d0898
5d0898
%clean
5d0898
5d0898
%changelog
33f49e
* Fri Jan 14 2022 Ondrej Kozina <okozina@redhat.com> - 2.3.3-4.1
33f49e
- patch: fix CVE-2021-4122.
33f49e
- Resolves: #2036906
33f49e
c44dd4
* Wed Feb 17 2021 Ondrej Kozina <okozina@redhat.com> - 2.3.3-4
c44dd4
- patch: Fix reencryption for custom devices with data segments
c44dd4
  set to use cipher_null.
c44dd4
- Resolves: #1927409
c44dd4
c44dd4
* Wed Feb 03 2021 Ondrej Kozina <okozina@redhat.com> - 2.3.3-3
c44dd4
- patch: Fix crypto backend to properly handle ECB mode.
c44dd4
- Resolves: #1859091
c44dd4
128b95
* Thu Aug 27 2020 Ondrej Kozina <okozina@redhat.com> - 2.3.3-2
128b95
- patch: Fix possible memory corruption in LUKS2 validation
128b95
	 code in 32bit library.
128b95
- Resolves: #1872294
128b95
128b95
* Thu May 28 2020 Ondrej Kozina <okozina@redhat.com> - 2.3.3-1
128b95
- Update to cryptsetup 2.3.3
128b95
- Resolves: #1796826 #1743891 #1785748
128b95
128b95
* Fri Apr 03 2020 Ondrej Kozina <okozina@redhat.com> - 2.3.1-1
128b95
- Update to cryptsetup 2.3.1
128b95
- Resolves: #1796826 #1743891 #1785748
128b95
bd04a7
* Mon Nov 18 2019 Ondrej Kozina <okozina@redhat.com> - 2.2.2-1
bd04a7
- Update to cryptsetup 2.2.2
bd04a7
- LUKS2 reencryption honors activation flags (one time and persistent).
bd04a7
- LUKS2 reencryption works also without volume keys put in kernel
bd04a7
  keyring service.
bd04a7
- Resolves: #1757783 #1750680 #1753597 #1743399
bd04a7
0bd263
* Fri Aug 30 2019 Ondrej Kozina <okozina@redhat.com> - 2.2.0-2
0bd263
- patch: Fix mapped segments overflow on 32bit architectures.
0bd263
- patch: Take optimal io size in account with LUKS2 reencryption.
0bd263
- Resolves: #1742815 #1746532
0bd263
0bd263
* Thu Aug 15 2019 Ondrej Kozina <okozina@redhat.com> - 2.2.0-1
0bd263
- Update to cryptsetup 2.2.0 (final)
0bd263
- Resolves: #1738263 #1740342 #1733391 #1729600 #1733390
0bd263
0bd263
* Fri Jun 14 2019 Ondrej Kozina <okozina@redhat.com> - 2.2.0-0.2
0bd263
- Updates to reencryption feature.
0bd263
- Resolves: #1676622
0bd263
0bd263
* Fri May 03 2019 Ondrej Kozina <okozina@redhat.com> - 2.2.0-0.1
0bd263
- Update to cryptsetup 2.2.0
0bd263
- remove python bits from spec file.
0bd263
- Resolves: #1676622
0bd263
0bd263
* Thu Mar 21 2019 Milan Broz <mbroz@redhat.com> - 2.0.6-2
0bd263
- Add gating tests.
0bd263
- Resolves: #1682539
0bd263
5d0898
* Mon Dec 03 2018 Ondrej Kozina <okozina@redhat.com> - 2.0.6-1
5d0898
- Update to cryptsetup 2.0.6
5d0898
- Enables all supported metadata sizes in LUKS2 validation code.
5d0898
- Resolves: #1653383
5d0898
5d0898
* Fri Aug 10 2018 Ondrej Kozina <okozina@redhat.com> - 2.0.4-2
5d0898
- patch: fix device alignment bug when processing hinted
5d0898
  value by device topology info.
5d0898
- Resolves: #1614219
5d0898
5d0898
* Wed Aug 08 2018 Ondrej Kozina <okozina@redhat.com> - 2.0.4-1
5d0898
- Update to cryptsetup 2.0.4.
5d0898
- patch: Add RHEL system library paths in configure.
5d0898
- patch: Increase default LUKS2 header size to 8 MiBs.
5d0898
- patch: update tests to be compatible with larger headers.
5d0898
- Set default format to LUKS2.
5d0898
- Cleanup changelog.
5d0898
- Resolves: #1564540 #1595257 #1595266 #1595881 #1600164
5d0898
5d0898
* Fri May 04 2018 Ondrej Kozina <okozina@redhat.com> - 2.0.3-1
5d0898
- Update to cryptsetup 2.0.3.
5d0898
5d0898
* Tue Mar 27 2018 Björn Esser <besser82@fedoraproject.org> - 2.0.2-2
5d0898
- Rebuilt for libjson-c.so.4 (json-c v0.13.1) on fc28
5d0898
5d0898
* Wed Mar 07 2018 Milan Broz <gmazyland@gmail.com> - 2.0.2-1
5d0898
- Update to cryptsetup 2.0.2.