|
|
5d0898 |
Obsoletes: python2-cryptsetup
|
|
|
5d0898 |
Obsoletes: cryptsetup-python
|
|
|
0bd263 |
Obsoletes: cryptsetup-python3
|
|
|
5d0898 |
|
|
|
5d0898 |
Summary: A utility for setting up encrypted disks
|
|
|
5d0898 |
Name: cryptsetup
|
|
|
128b95 |
Version: 2.3.3
|
|
|
33f49e |
Release: 4%{?dist}.1
|
|
|
5d0898 |
License: GPLv2+ and LGPLv2+
|
|
|
5d0898 |
Group: Applications/System
|
|
|
5d0898 |
URL: https://gitlab.com/cryptsetup/cryptsetup
|
|
|
5d0898 |
BuildRequires: openssl-devel, popt-devel, device-mapper-devel
|
|
|
5d0898 |
BuildRequires: libuuid-devel, gcc, libblkid-devel
|
|
|
5d0898 |
BuildRequires: libpwquality-devel, json-c-devel
|
|
|
5d0898 |
Provides: cryptsetup-luks = %{version}-%{release}
|
|
|
5d0898 |
Obsoletes: cryptsetup-luks < 1.4.0
|
|
|
5d0898 |
Requires: cryptsetup-libs = %{version}-%{release}
|
|
|
5d0898 |
Requires: libpwquality >= 1.2.0
|
|
|
5d0898 |
|
|
|
5d0898 |
%global upstream_version %{version}
|
|
|
5d0898 |
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{upstream_version}.tar.xz
|
|
|
5d0898 |
# Following patch has to applied last
|
|
|
0bd263 |
Patch0: %{name}-add-system-library-paths.patch
|
|
|
0bd263 |
# Remove the patch when (if ever) osci infrastructure gets stable enough
|
|
|
0bd263 |
Patch1: %{name}-disable-verity-compat-test.patch
|
|
|
128b95 |
Patch2: %{name}-2.3.4-luks2-validation-32bit-fix.patch
|
|
|
c44dd4 |
Patch3: %{name}-2.3.4-fix-crypto-backend-to-properly-handle-ECB-mode.patch
|
|
|
c44dd4 |
Patch4: %{name}-2.3.5-fix-reencryption-cipher_null.patch
|
|
|
5d0898 |
|
|
|
33f49e |
# CVE-2021-4122 fix
|
|
|
33f49e |
Patch5: %{name}-2.3.7-Fix-CVE-2021-4122-LUKS2-reencryption-crash-recovery-.patch
|
|
|
33f49e |
Patch6: %{name}-2.3.7-Reenc-keyslot-must-have-key_size-1.patch
|
|
|
33f49e |
Patch7: %{name}-2.3.7-Do-not-run-reencryption-recovery-when-not-needed.patch
|
|
|
33f49e |
Patch8: %{name}-2.3.7-Move-requirement-helpers-for-later-changes.patch
|
|
|
33f49e |
Patch9: %{name}-2.3.7-Expose-json_segment_contains_flag-to-internal-librar.patch
|
|
|
33f49e |
Patch10: %{name}-2.3.7-Split-requirements-validation-from-config-section-va.patch
|
|
|
33f49e |
Patch11: %{name}-2.3.7-Add-segments-validation-for-reencryption.patch
|
|
|
33f49e |
Patch12: %{name}-2.3.7-Rename-LUKS2_keyslot_reencrypt_create-function.patch
|
|
|
33f49e |
Patch13: %{name}-2.3.7-Make-reencryption-flag-and-keyslot-inseparable.patch
|
|
|
33f49e |
Patch14: %{name}-2.3.7-Add-reencryption-mangle-test.patch
|
|
|
33f49e |
# cryptsetup manual repair command able to upgrade/verify reencryption metadata
|
|
|
33f49e |
Patch15: %{name}-2.3.7-Add-CRYPT_REENCRYPT_REPAIR_NEEDED-flag.patch
|
|
|
33f49e |
Patch16: %{name}-2.3.7-Allow-reencryption-metadata-repair-from-cryptsetup.patch
|
|
|
33f49e |
Patch17: %{name}-2.3.7-Fix-reencrypt-mangle-test-for-older-jq.patch
|
|
|
33f49e |
Patch18: %{name}-Makefile-in.patch
|
|
|
33f49e |
Patch19: %{name}-tests-Makefile-in.patch
|
|
|
33f49e |
|
|
|
5d0898 |
%description
|
|
|
5d0898 |
The cryptsetup package contains a utility for setting up
|
|
|
5d0898 |
disk encryption using dm-crypt kernel module.
|
|
|
5d0898 |
|
|
|
5d0898 |
%package devel
|
|
|
5d0898 |
Group: Development/Libraries
|
|
|
5d0898 |
Requires: %{name} = %{version}-%{release}
|
|
|
5d0898 |
Requires: pkgconfig
|
|
|
5d0898 |
Summary: Headers and libraries for using encrypted file systems
|
|
|
5d0898 |
Provides: cryptsetup-luks-devel = %{version}-%{release}
|
|
|
5d0898 |
Obsoletes: cryptsetup-luks-devel < 1.4.0
|
|
|
5d0898 |
|
|
|
5d0898 |
%description devel
|
|
|
5d0898 |
The cryptsetup-devel package contains libraries and header files
|
|
|
5d0898 |
used for writing code that makes use of disk encryption.
|
|
|
5d0898 |
|
|
|
5d0898 |
%package libs
|
|
|
5d0898 |
Group: System Environment/Libraries
|
|
|
5d0898 |
Summary: Cryptsetup shared library
|
|
|
5d0898 |
Provides: cryptsetup-luks-libs = %{version}-%{release}
|
|
|
5d0898 |
Obsoletes: cryptsetup-luks-libs < 1.4.0
|
|
|
5d0898 |
|
|
|
5d0898 |
%description libs
|
|
|
5d0898 |
This package contains the cryptsetup shared library, libcryptsetup.
|
|
|
5d0898 |
|
|
|
5d0898 |
%package -n veritysetup
|
|
|
5d0898 |
Group: Applications/System
|
|
|
5d0898 |
Summary: A utility for setting up dm-verity volumes
|
|
|
5d0898 |
Requires: cryptsetup-libs = %{version}-%{release}
|
|
|
5d0898 |
|
|
|
5d0898 |
%description -n veritysetup
|
|
|
5d0898 |
The veritysetup package contains a utility for setting up
|
|
|
5d0898 |
disk verification using dm-verity kernel module.
|
|
|
5d0898 |
|
|
|
5d0898 |
%package -n integritysetup
|
|
|
5d0898 |
Group: Applications/System
|
|
|
5d0898 |
Summary: A utility for setting up dm-integrity volumes
|
|
|
5d0898 |
Requires: cryptsetup-libs = %{version}-%{release}
|
|
|
5d0898 |
|
|
|
5d0898 |
%description -n integritysetup
|
|
|
5d0898 |
The integritysetup package contains a utility for setting up
|
|
|
5d0898 |
disk integrity protection using dm-integrity kernel module.
|
|
|
5d0898 |
|
|
|
5d0898 |
%package reencrypt
|
|
|
5d0898 |
Group: Applications/System
|
|
|
5d0898 |
Summary: A utility for offline reencryption of LUKS encrypted disks.
|
|
|
5d0898 |
Requires: cryptsetup-libs = %{version}-%{release}
|
|
|
5d0898 |
|
|
|
5d0898 |
%description reencrypt
|
|
|
5d0898 |
This package contains cryptsetup-reencrypt utility which
|
|
|
5d0898 |
can be used for offline reencryption of disk in situ.
|
|
|
5d0898 |
|
|
|
5d0898 |
%prep
|
|
|
5d0898 |
%setup -q -n cryptsetup-%{upstream_version}
|
|
|
5d0898 |
%patch1 -p1
|
|
|
128b95 |
%patch2 -p1
|
|
|
c44dd4 |
%patch3 -p1
|
|
|
c44dd4 |
%patch4 -p1
|
|
|
33f49e |
%patch5 -p1
|
|
|
33f49e |
%patch6 -p1
|
|
|
33f49e |
%patch7 -p1
|
|
|
33f49e |
%patch8 -p1
|
|
|
33f49e |
%patch9 -p1
|
|
|
33f49e |
%patch10 -p1
|
|
|
33f49e |
%patch11 -p1
|
|
|
33f49e |
%patch12 -p1
|
|
|
33f49e |
%patch13 -p1
|
|
|
33f49e |
%patch14 -p1
|
|
|
33f49e |
%patch15 -p1
|
|
|
33f49e |
%patch16 -p1
|
|
|
33f49e |
%patch17 -p1
|
|
|
33f49e |
%patch18 -p1
|
|
|
33f49e |
%patch19 -p1
|
|
|
0bd263 |
%patch0 -p1
|
|
|
5d0898 |
chmod -x misc/dracut_90reencrypt/*
|
|
|
33f49e |
chmod +x tests/luks2-reencryption-mangle-test
|
|
|
5d0898 |
|
|
|
5d0898 |
%build
|
|
|
5d0898 |
%configure --enable-fips --enable-pwquality --enable-internal-sse-argon2 --with-crypto_backend=openssl --with-default-luks-format=LUKS2
|
|
|
5d0898 |
make %{?_smp_mflags}
|
|
|
5d0898 |
|
|
|
5d0898 |
%install
|
|
|
5d0898 |
make install DESTDIR=%{buildroot}
|
|
|
5d0898 |
rm -rf %{buildroot}/%{_libdir}/*.la
|
|
|
5d0898 |
|
|
|
5d0898 |
%find_lang cryptsetup
|
|
|
5d0898 |
|
|
|
5d0898 |
%post -n cryptsetup-libs -p /sbin/ldconfig
|
|
|
5d0898 |
|
|
|
5d0898 |
%postun -n cryptsetup-libs -p /sbin/ldconfig
|
|
|
5d0898 |
|
|
|
5d0898 |
%files
|
|
|
5d0898 |
%{!?_licensedir:%global license %%doc}
|
|
|
5d0898 |
%license COPYING
|
|
|
5d0898 |
%doc AUTHORS FAQ docs/*ReleaseNotes
|
|
|
5d0898 |
%{_mandir}/man8/cryptsetup.8.gz
|
|
|
5d0898 |
%{_sbindir}/cryptsetup
|
|
|
5d0898 |
|
|
|
5d0898 |
%files -n veritysetup
|
|
|
5d0898 |
%{!?_licensedir:%global license %%doc}
|
|
|
5d0898 |
%license COPYING
|
|
|
5d0898 |
%{_mandir}/man8/veritysetup.8.gz
|
|
|
5d0898 |
%{_sbindir}/veritysetup
|
|
|
5d0898 |
|
|
|
5d0898 |
%files -n integritysetup
|
|
|
5d0898 |
%{!?_licensedir:%global license %%doc}
|
|
|
5d0898 |
%license COPYING
|
|
|
5d0898 |
%{_mandir}/man8/integritysetup.8.gz
|
|
|
5d0898 |
%{_sbindir}/integritysetup
|
|
|
5d0898 |
|
|
|
5d0898 |
%files reencrypt
|
|
|
5d0898 |
%{!?_licensedir:%global license %%doc}
|
|
|
5d0898 |
%license COPYING
|
|
|
5d0898 |
%doc misc/dracut_90reencrypt
|
|
|
5d0898 |
%{_mandir}/man8/cryptsetup-reencrypt.8.gz
|
|
|
5d0898 |
%{_sbindir}/cryptsetup-reencrypt
|
|
|
5d0898 |
|
|
|
5d0898 |
%files devel
|
|
|
5d0898 |
%doc docs/examples/*
|
|
|
5d0898 |
%{_includedir}/libcryptsetup.h
|
|
|
5d0898 |
%{_libdir}/libcryptsetup.so
|
|
|
5d0898 |
%{_libdir}/pkgconfig/libcryptsetup.pc
|
|
|
5d0898 |
|
|
|
5d0898 |
%files libs -f cryptsetup.lang
|
|
|
5d0898 |
%{!?_licensedir:%global license %%doc}
|
|
|
5d0898 |
%license COPYING COPYING.LGPL
|
|
|
5d0898 |
%{_libdir}/libcryptsetup.so.*
|
|
|
5d0898 |
%{_tmpfilesdir}/cryptsetup.conf
|
|
|
5d0898 |
%ghost %attr(700, -, -) %dir /run/cryptsetup
|
|
|
5d0898 |
|
|
|
5d0898 |
%clean
|
|
|
5d0898 |
|
|
|
5d0898 |
%changelog
|
|
|
33f49e |
* Fri Jan 14 2022 Ondrej Kozina <okozina@redhat.com> - 2.3.3-4.1
|
|
|
33f49e |
- patch: fix CVE-2021-4122.
|
|
|
33f49e |
- Resolves: #2036906
|
|
|
33f49e |
|
|
|
c44dd4 |
* Wed Feb 17 2021 Ondrej Kozina <okozina@redhat.com> - 2.3.3-4
|
|
|
c44dd4 |
- patch: Fix reencryption for custom devices with data segments
|
|
|
c44dd4 |
set to use cipher_null.
|
|
|
c44dd4 |
- Resolves: #1927409
|
|
|
c44dd4 |
|
|
|
c44dd4 |
* Wed Feb 03 2021 Ondrej Kozina <okozina@redhat.com> - 2.3.3-3
|
|
|
c44dd4 |
- patch: Fix crypto backend to properly handle ECB mode.
|
|
|
c44dd4 |
- Resolves: #1859091
|
|
|
c44dd4 |
|
|
|
128b95 |
* Thu Aug 27 2020 Ondrej Kozina <okozina@redhat.com> - 2.3.3-2
|
|
|
128b95 |
- patch: Fix possible memory corruption in LUKS2 validation
|
|
|
128b95 |
code in 32bit library.
|
|
|
128b95 |
- Resolves: #1872294
|
|
|
128b95 |
|
|
|
128b95 |
* Thu May 28 2020 Ondrej Kozina <okozina@redhat.com> - 2.3.3-1
|
|
|
128b95 |
- Update to cryptsetup 2.3.3
|
|
|
128b95 |
- Resolves: #1796826 #1743891 #1785748
|
|
|
128b95 |
|
|
|
128b95 |
* Fri Apr 03 2020 Ondrej Kozina <okozina@redhat.com> - 2.3.1-1
|
|
|
128b95 |
- Update to cryptsetup 2.3.1
|
|
|
128b95 |
- Resolves: #1796826 #1743891 #1785748
|
|
|
128b95 |
|
|
|
bd04a7 |
* Mon Nov 18 2019 Ondrej Kozina <okozina@redhat.com> - 2.2.2-1
|
|
|
bd04a7 |
- Update to cryptsetup 2.2.2
|
|
|
bd04a7 |
- LUKS2 reencryption honors activation flags (one time and persistent).
|
|
|
bd04a7 |
- LUKS2 reencryption works also without volume keys put in kernel
|
|
|
bd04a7 |
keyring service.
|
|
|
bd04a7 |
- Resolves: #1757783 #1750680 #1753597 #1743399
|
|
|
bd04a7 |
|
|
|
0bd263 |
* Fri Aug 30 2019 Ondrej Kozina <okozina@redhat.com> - 2.2.0-2
|
|
|
0bd263 |
- patch: Fix mapped segments overflow on 32bit architectures.
|
|
|
0bd263 |
- patch: Take optimal io size in account with LUKS2 reencryption.
|
|
|
0bd263 |
- Resolves: #1742815 #1746532
|
|
|
0bd263 |
|
|
|
0bd263 |
* Thu Aug 15 2019 Ondrej Kozina <okozina@redhat.com> - 2.2.0-1
|
|
|
0bd263 |
- Update to cryptsetup 2.2.0 (final)
|
|
|
0bd263 |
- Resolves: #1738263 #1740342 #1733391 #1729600 #1733390
|
|
|
0bd263 |
|
|
|
0bd263 |
* Fri Jun 14 2019 Ondrej Kozina <okozina@redhat.com> - 2.2.0-0.2
|
|
|
0bd263 |
- Updates to reencryption feature.
|
|
|
0bd263 |
- Resolves: #1676622
|
|
|
0bd263 |
|
|
|
0bd263 |
* Fri May 03 2019 Ondrej Kozina <okozina@redhat.com> - 2.2.0-0.1
|
|
|
0bd263 |
- Update to cryptsetup 2.2.0
|
|
|
0bd263 |
- remove python bits from spec file.
|
|
|
0bd263 |
- Resolves: #1676622
|
|
|
0bd263 |
|
|
|
0bd263 |
* Thu Mar 21 2019 Milan Broz <mbroz@redhat.com> - 2.0.6-2
|
|
|
0bd263 |
- Add gating tests.
|
|
|
0bd263 |
- Resolves: #1682539
|
|
|
0bd263 |
|
|
|
5d0898 |
* Mon Dec 03 2018 Ondrej Kozina <okozina@redhat.com> - 2.0.6-1
|
|
|
5d0898 |
- Update to cryptsetup 2.0.6
|
|
|
5d0898 |
- Enables all supported metadata sizes in LUKS2 validation code.
|
|
|
5d0898 |
- Resolves: #1653383
|
|
|
5d0898 |
|
|
|
5d0898 |
* Fri Aug 10 2018 Ondrej Kozina <okozina@redhat.com> - 2.0.4-2
|
|
|
5d0898 |
- patch: fix device alignment bug when processing hinted
|
|
|
5d0898 |
value by device topology info.
|
|
|
5d0898 |
- Resolves: #1614219
|
|
|
5d0898 |
|
|
|
5d0898 |
* Wed Aug 08 2018 Ondrej Kozina <okozina@redhat.com> - 2.0.4-1
|
|
|
5d0898 |
- Update to cryptsetup 2.0.4.
|
|
|
5d0898 |
- patch: Add RHEL system library paths in configure.
|
|
|
5d0898 |
- patch: Increase default LUKS2 header size to 8 MiBs.
|
|
|
5d0898 |
- patch: update tests to be compatible with larger headers.
|
|
|
5d0898 |
- Set default format to LUKS2.
|
|
|
5d0898 |
- Cleanup changelog.
|
|
|
5d0898 |
- Resolves: #1564540 #1595257 #1595266 #1595881 #1600164
|
|
|
5d0898 |
|
|
|
5d0898 |
* Fri May 04 2018 Ondrej Kozina <okozina@redhat.com> - 2.0.3-1
|
|
|
5d0898 |
- Update to cryptsetup 2.0.3.
|
|
|
5d0898 |
|
|
|
5d0898 |
* Tue Mar 27 2018 Björn Esser <besser82@fedoraproject.org> - 2.0.2-2
|
|
|
5d0898 |
- Rebuilt for libjson-c.so.4 (json-c v0.13.1) on fc28
|
|
|
5d0898 |
|
|
|
5d0898 |
* Wed Mar 07 2018 Milan Broz <gmazyland@gmail.com> - 2.0.2-1
|
|
|
5d0898 |
- Update to cryptsetup 2.0.2.
|