From 0f83b08626faaa9c258e7ac19bd4a84179afade5 Mon Sep 17 00:00:00 2001 From: CentOS Buildsys Date: Jan 24 2014 19:46:59 +0000 Subject: import cryptsetup-1.6.3-2.el7.src.rpm --- diff --git a/.cryptsetup.metadata b/.cryptsetup.metadata index e34e4ec..332265b 100644 --- a/.cryptsetup.metadata +++ b/.cryptsetup.metadata @@ -1 +1 @@ -8d04c5c1a8cad4faf7418fc2124b31bba2d50a1e SOURCES/cryptsetup-1.6.2.tar.bz2 +73945fc1ab637ce58c1f4bd5dd9c529cf96b16e7 SOURCES/cryptsetup-1.6.3.tar.bz2 diff --git a/SOURCES/cryptsetup-reencrypt-module.patch b/SOURCES/cryptsetup-reencrypt-module.patch deleted file mode 100644 index 6afac61..0000000 --- a/SOURCES/cryptsetup-reencrypt-module.patch +++ /dev/null @@ -1,106 +0,0 @@ -diff -rupN cryptsetup-1.6.2.old/misc/dracut_90reencrypt/module-setup.sh cryptsetup-1.6.2/misc/dracut_90reencrypt/module-setup.sh ---- cryptsetup-1.6.2.old/misc/dracut_90reencrypt/module-setup.sh 2013-10-22 17:49:43.677906826 +0200 -+++ cryptsetup-1.6.2/misc/dracut_90reencrypt/module-setup.sh 2013-10-22 17:53:11.214137892 +0200 -@@ -7,14 +7,21 @@ check() { - - depends() { - echo dm rootfs-block -- return 0 - } - - installkernel() { -- instmods dm_crypt =crypto -+ # requires hostonly='' override so that loop module is pulled in initramfs -+ # even if not loaded in actual kernel. dracut bug? -+ hostonly='' instmods dm_crypt =crypto loop - } - - install() { -+ if dracut_module_included crypt; then -+ derror "'reencrypt' can't be installed together with 'crypt'." -+ derror "Add '-o crypt' option to install reencrypt module." -+ return 1 -+ fi -+ - dracut_install cryptsetup-reencrypt - - inst_hook cmdline 30 "$moddir/parse-reencrypt.sh" - inst_simple "$moddir"/reencrypt.sh /sbin/reencrypt -diff -rupN cryptsetup-1.6.2.old/misc/dracut_90reencrypt/parse-reencrypt.sh cryptsetup-1.6.2/misc/dracut_90reencrypt/parse-reencrypt.sh ---- cryptsetup-1.6.2.old/misc/dracut_90reencrypt/parse-reencrypt.sh 2013-10-22 17:49:43.677906826 +0200 -+++ cryptsetup-1.6.2/misc/dracut_90reencrypt/parse-reencrypt.sh 2013-10-22 17:57:58.391063270 +0200 -@@ -1,10 +1,10 @@ - #!/bin/sh - --REENC=$(getargs rd_REENCRYPT=) -+REENC=$(getargs rd.luks.reencrypt=) - REENC_DEV=$(echo $REENC | sed 's/:.*//') - REENC_SIZE=$(echo $REENC | sed -n 's/.*://p') - --REENC_KEY=$(getargs rd_REENCRYPT_KEY=) -+REENC_KEY=$(getargs rd.luks.reencrypt_key=) - if [ -z "$REENC_KEY" ] ; then - REENC_KEY=none - fi -diff -rupN cryptsetup-1.6.2.old/misc/dracut_90reencrypt/README cryptsetup-1.6.2/misc/dracut_90reencrypt/README ---- cryptsetup-1.6.2.old/misc/dracut_90reencrypt/README 2013-10-22 17:49:43.677906826 +0200 -+++ cryptsetup-1.6.2/misc/dracut_90reencrypt/README 2013-10-22 18:01:08.224347499 +0200 -@@ -2,10 +2,12 @@ Example of simple dracut module for reen - LUKS drive on-the-fly. - - Install in /usr/[share|lib]/dracut/modules.d/90reencrypt, then --rebuild intramfs "with dracut -f -a reencrypt". -+build special intramfs "with dracut -a reencrypt -o crypt". -+Reencrypt module doesn't work (has a conflict) with crypt module as -+of now. After successfull reencryption reboot using original initramfs. - --Dracut then recognize argument rd_REENCRYPT=name:size, --e.g. rd_REENCRYPT=sda2:52G means only 52G of device -+Dracut then recognize argument rd.luks.reencrypt=name:size, -+e.g. rd.luks.reencrypt=sda2:52G means only 52G of device - will be reencrypted (default is whole device). - (Name is kernel name of device.) - -diff -rupN cryptsetup-1.6.2.old/misc/dracut_90reencrypt/reencrypt.sh cryptsetup-1.6.2/misc/dracut_90reencrypt/reencrypt.sh ---- cryptsetup-1.6.2.old/misc/dracut_90reencrypt/reencrypt.sh 2013-10-22 17:49:43.677906826 +0200 -+++ cryptsetup-1.6.2/misc/dracut_90reencrypt/reencrypt.sh 2013-10-22 18:00:18.871533944 +0200 -@@ -5,6 +5,8 @@ - - [ -d /sys/module/dm_crypt ] || modprobe dm_crypt - -+[ -d /sys/module/loop ] || modprobe loop -+ - [ -f /tmp/reencrypted ] && exit 0 - - . /lib/dracut-lib.sh -@@ -43,6 +45,7 @@ reenc_run() { - info "REENCRYPT using key $1" - reenc_readkey "$1" | /sbin/cryptsetup-reencrypt -d - $PARAMS - fi -+ _ret=$? - cd $cwd - } - -@@ -50,9 +53,18 @@ info "REENCRYPT $device requested" - # flock against other interactive activities - { flock -s 9; - reenc_run $2 --} 9>/.console.lock -+} 9>/.console_lock -+ -+if [ $_ret -eq 0 ]; then -+ # do not ask again -+ >> /tmp/reencrypted -+ warn "Reencryption of device $device has finished successfully. Use previous" -+ warn "initramfs image (without reencrypt module) to boot the system. When" -+ warn "you leave the emergency shell, the system will reboot." - --# do not ask again -->> /tmp/reencrypted -+ emergency_shell -n "(reboot)" -+ /usr/bin/systemctl reboot -+fi - --exit 0 -+# panic the kernel otherwise -+exit 1 diff --git a/SPECS/cryptsetup.spec b/SPECS/cryptsetup.spec index e1cdcfd..7e33af5 100644 --- a/SPECS/cryptsetup.spec +++ b/SPECS/cryptsetup.spec @@ -1,6 +1,6 @@ Summary: A utility for setting up encrypted disks Name: cryptsetup -Version: 1.6.2 +Version: 1.6.3 Release: 2%{?dist} License: GPLv2+ and LGPLv2+ Group: Applications/System @@ -18,7 +18,6 @@ Requires: libpwquality >= 1.2.0 %define dracutmodulesdir %{_prefix}/lib/dracut/modules.d %define upstream_version %{version} Source0: http://cryptsetup.googlecode.com/files/cryptsetup-%{upstream_version}.tar.bz2 -Patch0: cryptsetup-reencrypt-module.patch %if 0%{?fedora} >= 19 || 0%{?rhel} >= 7 %define configure_cipher --enable-gcrypt-pbkdf2 @@ -90,7 +89,6 @@ for setting up disk encryption using dm-crypt kernel module. %prep %setup -q -n cryptsetup-%{upstream_version} -%patch0 -p1 chmod -x python/pycryptsetup-test.py %build @@ -106,7 +104,6 @@ make %{?_smp_mflags} %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ - fipshmac -d %{buildroot}/%{_libdir}/fipscheck %{buildroot}/%{_sbindir}/cryptsetup \ fipshmac -d %{buildroot}/%{_libdir}/fipscheck %{buildroot}/%{_libdir}/libcryptsetup.so.* \ %{nil} @@ -128,7 +125,6 @@ install -m755 misc/dracut_90reencrypt/reencrypt.sh %{buildroot}/%{dracutmodulesd %doc COPYING AUTHORS FAQ docs/*ReleaseNotes %{_mandir}/man8/cryptsetup.8.gz %{_sbindir}/cryptsetup -%{_libdir}/fipscheck/cryptsetup.hmac %files -n veritysetup %doc COPYING @@ -161,6 +157,21 @@ install -m755 misc/dracut_90reencrypt/reencrypt.sh %{buildroot}/%{dracutmodulesd %clean %changelog +* Fri Jan 24 2014 Daniel Mach - 1.6.3-2 +- Mass rebuild 2014-01-24 + +* Mon Jan 6 2014 Ondrej Kozina - 1.6.3-1 +- Update to cryptsetup 1.6.3. +- various fixes related to block devices with 4KiB sectors +- enable reencryption using specific keyslot (dracut module) +- fix failure in reading last keyslot from external LUKS header +- update FIPS POST to be complaint with actual requirements +- fix hash limiting if parameter is not numeric +- Resolves: #1028362 #1029032 #1029406 #1030288 #1034388 #1038097 + +* Fri Dec 27 2013 Daniel Mach - 1.6.2-3 +- Mass rebuild 2013-12-27 + * Tue Nov 5 2013 Ondrej Kozina - 1.6.2-2 - 90reencrypt: Move conflict with 90crypt to install() section. - 90reencrypt: Drop to emergency_shell after successful reencryption.