|
 |
0f7e16 |
Summary: Utility for setting up encrypted disks
|
|
|
0f7e16 |
Name: cryptsetup
|
|
|
0f7e16 |
Version: 2.4.3
|
|
|
38c00b |
Release: 5%{?dist}.1
|
|
|
0f7e16 |
License: GPLv2+ and LGPLv2+
|
|
|
0f7e16 |
URL: https://gitlab.com/cryptsetup/cryptsetup
|
|
|
0f7e16 |
BuildRequires: openssl-devel, popt-devel, device-mapper-devel
|
|
|
0f7e16 |
BuildRequires: libuuid-devel, gcc, json-c-devel
|
|
|
0f7e16 |
BuildRequires: libpwquality-devel, libblkid-devel
|
|
|
0f7e16 |
BuildRequires: make
|
|
|
0f7e16 |
Requires: cryptsetup-libs = %{version}-%{release}
|
|
|
0f7e16 |
Requires: libpwquality >= 1.2.0
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%global upstream_version %{version}
|
|
|
0f7e16 |
Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{upstream_version}.tar.xz
|
|
|
0f7e16 |
# binary archive with updated compatimage.img.xz for testing (can not be patched via rpmbuild)
|
|
|
0f7e16 |
Source1: tests.tar.xz
|
|
|
38c00b |
Source2: tests_fips.tar.xz
|
|
|
0f7e16 |
|
|
|
0f7e16 |
# Following patch has to applied last
|
|
|
0f7e16 |
Patch0000: %{name}-2.5.0-Fix-typo-in-repair-prompt.patch
|
|
|
0f7e16 |
Patch0001: %{name}-2.5.0-Fix-PBKDF-benchmark-in-OpenSSL3-FIPS-mode.patch
|
|
|
0f7e16 |
Patch0002: %{name}-2.5.0-Get-rid-of-SHA1-in-tests.patch
|
|
|
0f7e16 |
Patch0003: %{name}-2.5.0-Do-not-use-too-small-key-in-tests.patch
|
|
|
0f7e16 |
Patch0004: %{name}-2.5.0-Fix-test-passphrase-when-device-in-reencryption.patch
|
|
|
0f7e16 |
Patch0005: %{name}-2.5.0-Add-more-tests-for-test-passphrase-parameter.patch
|
|
|
e54c5a |
Patch0006: %{name}-2.5.1-Delegate-FIPS-mode-detection-to-configured-crypto-ba.patch
|
|
|
38c00b |
Patch0007: %{name}-2.6.1-Run-PBKDF-benchmark-with-8-bytes-long-well-known-pas.patch
|
|
|
38c00b |
Patch0008: %{name}-2.6.1-Change-tests-to-use-passphrases-with-minimal-8-chars.patch
|
|
|
38c00b |
Patch9998: %{name}-Add-FIPS-related-error-message-in-keyslot-add-code.patch
|
|
|
0f7e16 |
Patch9999: %{name}-add-system-library-paths.patch
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%description
|
|
|
0f7e16 |
The cryptsetup package contains a utility for setting up
|
|
|
0f7e16 |
disk encryption using dm-crypt kernel module.
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%package devel
|
|
|
0f7e16 |
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
|
|
0f7e16 |
Requires: pkgconfig
|
|
|
0f7e16 |
Summary: Headers and libraries for using encrypted file systems
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%description devel
|
|
|
0f7e16 |
The cryptsetup-devel package contains libraries and header files
|
|
|
0f7e16 |
used for writing code that makes use of disk encryption.
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%package libs
|
|
|
0f7e16 |
Summary: Cryptsetup shared library
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%description libs
|
|
|
0f7e16 |
This package contains the cryptsetup shared library, libcryptsetup.
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%package -n veritysetup
|
|
|
0f7e16 |
Summary: A utility for setting up dm-verity volumes
|
|
|
0f7e16 |
Requires: cryptsetup-libs = %{version}-%{release}
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%description -n veritysetup
|
|
|
0f7e16 |
The veritysetup package contains a utility for setting up
|
|
|
0f7e16 |
disk verification using dm-verity kernel module.
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%package -n integritysetup
|
|
|
0f7e16 |
Summary: A utility for setting up dm-integrity volumes
|
|
|
0f7e16 |
Requires: cryptsetup-libs = %{version}-%{release}
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%description -n integritysetup
|
|
|
0f7e16 |
The integritysetup package contains a utility for setting up
|
|
|
0f7e16 |
disk integrity protection using dm-integrity kernel module.
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%package reencrypt
|
|
|
0f7e16 |
Summary: A utility for offline reencryption of LUKS encrypted disks
|
|
|
0f7e16 |
Requires: cryptsetup-libs = %{version}-%{release}
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%description reencrypt
|
|
|
0f7e16 |
This package contains cryptsetup-reencrypt utility which
|
|
|
0f7e16 |
can be used for offline reencryption of disk in situ.
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%prep
|
|
|
0f7e16 |
%autosetup -n cryptsetup-%{upstream_version} -p 1 -a 1
|
|
|
38c00b |
|
|
|
38c00b |
# workaround, since autosetup doesn't support multiple -a options (last one wins)
|
|
|
38c00b |
# https://github.com/rpm-software-management/rpm/issues/462
|
|
|
38c00b |
%autosetup -D -T -a 2 -N
|
|
|
0f7e16 |
chmod -x misc/dracut_90reencrypt/*
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%build
|
|
|
0f7e16 |
%configure --enable-fips --enable-pwquality --enable-internal-sse-argon2 --disable-ssh-token
|
|
|
0f7e16 |
%make_build
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%install
|
|
|
0f7e16 |
%make_install
|
|
|
0f7e16 |
rm -rf %{buildroot}%{_libdir}/*.la
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%find_lang cryptsetup
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%ldconfig_scriptlets -n cryptsetup-libs
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%files
|
|
|
0f7e16 |
%license COPYING
|
|
|
0f7e16 |
%doc AUTHORS FAQ docs/*ReleaseNotes
|
|
|
0f7e16 |
%{_mandir}/man8/cryptsetup.8.gz
|
|
|
0f7e16 |
%{_sbindir}/cryptsetup
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%files -n veritysetup
|
|
|
0f7e16 |
%license COPYING
|
|
|
0f7e16 |
%{_mandir}/man8/veritysetup.8.gz
|
|
|
0f7e16 |
%{_sbindir}/veritysetup
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%files -n integritysetup
|
|
|
0f7e16 |
%license COPYING
|
|
|
0f7e16 |
%{_mandir}/man8/integritysetup.8.gz
|
|
|
0f7e16 |
%{_sbindir}/integritysetup
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%files reencrypt
|
|
|
0f7e16 |
%license COPYING
|
|
|
0f7e16 |
%doc misc/dracut_90reencrypt
|
|
|
0f7e16 |
%{_mandir}/man8/cryptsetup-reencrypt.8.gz
|
|
|
0f7e16 |
%{_sbindir}/cryptsetup-reencrypt
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%files devel
|
|
|
0f7e16 |
%doc docs/examples/*
|
|
|
0f7e16 |
%{_includedir}/libcryptsetup.h
|
|
|
0f7e16 |
%{_libdir}/libcryptsetup.so
|
|
|
0f7e16 |
%{_libdir}/pkgconfig/libcryptsetup.pc
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%files libs -f cryptsetup.lang
|
|
|
0f7e16 |
%license COPYING COPYING.LGPL
|
|
|
0f7e16 |
%{_libdir}/libcryptsetup.so.*
|
|
|
0f7e16 |
%dir %{_libdir}/%{name}/
|
|
|
0f7e16 |
%{_tmpfilesdir}/cryptsetup.conf
|
|
|
0f7e16 |
%ghost %attr(700, -, -) %dir /run/cryptsetup
|
|
|
0f7e16 |
|
|
|
0f7e16 |
%changelog
|
|
|
38c00b |
* Wed Dec 21 2022 Daniel Zatovic <dzatovic@redhat.com> - 2.4.3-5.1
|
|
|
38c00b |
- patch: Run PBKDF benchmark with 8 bytes long well-known passphrase.
|
|
|
38c00b |
- patch: Change tests to use passphrases with minimal 8 chars length.
|
|
|
38c00b |
- patch: Add FIPS related error message in keyslot add code.
|
|
|
38c00b |
- Resolves: #2151576
|
|
|
38c00b |
|
|
|
a6bc65 |
* Wed Aug 10 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-5
|
|
|
e54c5a |
- patch: Delegate FIPS mode detection to crypto backend.
|
|
|
a6bc65 |
- Resolves: #2080516
|
|
|
e54c5a |
|
|
|
0f7e16 |
* Thu Feb 24 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-4
|
|
|
0f7e16 |
- patch: Fix broken upstream test.
|
|
|
0f7e16 |
- Resolves: #2056439
|
|
|
0f7e16 |
|
|
|
0f7e16 |
* Wed Feb 23 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-3
|
|
|
0f7e16 |
- patch: Fix cryptsetup --test-passphrase when device in
|
|
|
0f7e16 |
reencryption
|
|
|
0f7e16 |
- Resolves: #2056439
|
|
|
0f7e16 |
|
|
|
0f7e16 |
* Thu Feb 17 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-2
|
|
|
0f7e16 |
- Various FIPS related fixes.
|
|
|
0f7e16 |
- Resolves: #2051630
|
|
|
0f7e16 |
|
|
|
0f7e16 |
* Fri Jan 21 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-1
|
|
|
0f7e16 |
- Update to cryptsetup 2.4.3.
|
|
|
0f7e16 |
- patch: Fix typo in repair command prompt.
|
|
|
0f7e16 |
Resolves: #2022309 #2023316 #2032782
|
|
|
0f7e16 |
|
|
|
0f7e16 |
* Wed Sep 29 2021 Ondrej Kozina <okozina@redhat.com> - 2.4.1-1
|
|
|
0f7e16 |
- Update to cryptsetup 2.4.1.
|
|
|
0f7e16 |
Resolves: #2005035 #2005877
|
|
|
0f7e16 |
|
|
|
0f7e16 |
* Thu Aug 19 2021 Ondrej Kozina <okozina@redhat.com> - 2.4.0-1
|
|
|
0f7e16 |
- Update to cryptsetup 2.4.0.
|
|
|
0f7e16 |
Resolves: #1869553 #1972722 #1974271 #1975799
|
|
|
0f7e16 |
|
|
|
0f7e16 |
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.6-3
|
|
|
0f7e16 |
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
|
|
0f7e16 |
Related: rhbz#1991688
|
|
|
0f7e16 |
|
|
|
0f7e16 |
* Thu Jun 17 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.6-2
|
|
|
0f7e16 |
- Specbump for openssl 3.0
|
|
|
0f7e16 |
Related: rhbz#1971065
|
|
|
0f7e16 |
|
|
|
0f7e16 |
* Wed Jun 16 2021 Ondrej Kozina <okozina@redhat.com> - 2.3.6-1
|
|
|
0f7e16 |
- Update to cryptsetup 2.3.6.
|
|
|
0f7e16 |
- Resolves: #1961291 #1970932
|
|
|
0f7e16 |
|
|
|
0f7e16 |
* Tue Jun 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.5-5
|
|
|
0f7e16 |
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
|
|
0f7e16 |
|
|
|
0f7e16 |
Related: rhbz#1971065
|
|
|
0f7e16 |
|
|
|
0f7e16 |
* Tue Apr 27 2021 Ondrej Kozina <okozina@redhat.com> - 2.3.5-4
|
|
|
0f7e16 |
- Drop dependency on libargon2
|
|
|
0f7e16 |
- Resolves: #1936959
|
|
|
0f7e16 |
|
|
|
0f7e16 |
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.5-3
|
|
|
0f7e16 |
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
|
|
0f7e16 |
|
|
|
0f7e16 |
* Thu Mar 11 2021 Milan Broz <gmazyland@gmail.com> - 2.3.5-1
|
|
|
0f7e16 |
- Update to cryptsetup 2.3.5.
|
|
|
0f7e16 |
|
|
|
0f7e16 |
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-2
|
|
|
0f7e16 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
|
0f7e16 |
|
|
|
0f7e16 |
* Thu Sep 03 2020 Milan Broz <gmazyland@gmail.com> - 2.3.4-1
|
|
|
0f7e16 |
- Update to cryptsetup 2.3.4.
|
|
|
0f7e16 |
- Fix for CVE-2020-14382 (#1874712)
|