diff --git a/.cryptsetup.metadata b/.cryptsetup.metadata new file mode 100644 index 0000000..dbe91ee --- /dev/null +++ b/.cryptsetup.metadata @@ -0,0 +1 @@ +264a76475ed8b650d385c00cce65d592bfb9b894 SOURCES/cryptsetup-2.2.0-rc1.tar.xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fdadb81 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/cryptsetup-2.2.0-rc1.tar.xz diff --git a/SOURCES/cryptsetup-2.2.0-remove-overlooked-config-scratching-from-reencryptio.patch b/SOURCES/cryptsetup-2.2.0-remove-overlooked-config-scratching-from-reencryptio.patch new file mode 100644 index 0000000..bca8e4d --- /dev/null +++ b/SOURCES/cryptsetup-2.2.0-remove-overlooked-config-scratching-from-reencryptio.patch @@ -0,0 +1,27 @@ +From 97b112e77173a8a7bf8ab0c14669b71539f26e4d Mon Sep 17 00:00:00 2001 +From: Ondrej Kozina +Date: Sat, 15 Jun 2019 15:47:53 +0200 +Subject: [PATCH] Remove overlooked config scratching from reencryption tests. + +--- + tests/luks2-reencryption-test | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/tests/luks2-reencryption-test b/tests/luks2-reencryption-test +index 93ed86c..81a52dd 100755 +--- a/tests/luks2-reencryption-test ++++ b/tests/luks2-reencryption-test +@@ -22,10 +22,6 @@ PWD1="93R4P4pIqAH8" + PWD2="1cND4319812f" + PWD3="1-9Qu5Ejfnqv" + +-HAVE_KEYRING=$(grep -e "#define KERNEL_KEYRING" ../config.h) +-test -n "$HAVE_KEYRING" || HAVE_KEYRING=0 +-HAVE_KEYRING=${HAVE_KEYRING: -1} +- + function dm_crypt_features() + { + VER_STR=$(dmsetup targets | grep crypt | cut -f2 -dv) +-- +1.8.3.1 + diff --git a/SOURCES/cryptsetup-add-system-library-paths.patch b/SOURCES/cryptsetup-add-system-library-paths.patch new file mode 100644 index 0000000..cc22adf --- /dev/null +++ b/SOURCES/cryptsetup-add-system-library-paths.patch @@ -0,0 +1,22 @@ +diff -rupN cryptsetup-2.0.4.old/configure cryptsetup-2.0.4/configure +--- cryptsetup-2.0.4.old/configure 2018-08-03 12:31:52.000000000 +0200 ++++ cryptsetup-2.0.4/configure 2018-08-03 13:42:50.605275535 +0200 +@@ -12300,6 +12300,9 @@ fi + # before this can be enabled. + hardcode_into_libs=yes + ++ # Add ABI-specific directories to the system library path. ++ sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib" ++ + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not + # being certain /sbin/ldconfig is available, command +@@ -12308,7 +12311,7 @@ fi + # appending ld.so.conf contents (and includes) to the search path. + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` +- sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" ++ sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on diff --git a/SOURCES/cryptsetup-disable-verity-compat-test.patch b/SOURCES/cryptsetup-disable-verity-compat-test.patch new file mode 100644 index 0000000..efc3363 --- /dev/null +++ b/SOURCES/cryptsetup-disable-verity-compat-test.patch @@ -0,0 +1,13 @@ +diff --git a/tests/Makefile.localtest b/tests/Makefile.localtest +index 29a62f3..da2183e 100644 +--- a/tests/Makefile.localtest ++++ b/tests/Makefile.localtest +@@ -5,7 +5,7 @@ + CPPFLAGS=-I../lib/ -I../lib/luks1 -DHAVE_DECL_DM_TASK_RETRY_REMOVE -DKERNEL_KEYRING -DHAVE_SYS_SYSMACROS_H -DNO_CRYPTSETUP_PATH + CFLAGS=-O2 -g -Wall + LDLIBS=-lcryptsetup -ldevmapper +-TESTS=$(wildcard *-test *-test2) api-test api-test-2 ++TESTS=$(filter-out verity-compat-test, $(wildcard *-test *-test2)) api-test api-test-2 + + differ: differ.o + $(CC) -o $@ $^ diff --git a/SPECS/cryptsetup.spec b/SPECS/cryptsetup.spec new file mode 100644 index 0000000..80d160c --- /dev/null +++ b/SPECS/cryptsetup.spec @@ -0,0 +1,182 @@ +Obsoletes: python2-cryptsetup +Obsoletes: cryptsetup-python +Obsoletes: cryptsetup-python3 + +Summary: A utility for setting up encrypted disks +Name: cryptsetup +Version: 2.2.0 +Release: 0.2%{?dist} +License: GPLv2+ and LGPLv2+ +Group: Applications/System +URL: https://gitlab.com/cryptsetup/cryptsetup +BuildRequires: openssl-devel, popt-devel, device-mapper-devel +BuildRequires: libuuid-devel, gcc, libblkid-devel +BuildRequires: libpwquality-devel, json-c-devel +Provides: cryptsetup-luks = %{version}-%{release} +Obsoletes: cryptsetup-luks < 1.4.0 +Requires: cryptsetup-libs = %{version}-%{release} +Requires: libpwquality >= 1.2.0 + +%global upstream_version %{version}-rc1 +Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/cryptsetup-%{upstream_version}.tar.xz +# Following patch has to applied last +Patch0: %{name}-add-system-library-paths.patch +# Remove the patch when (if ever) osci infrastructure gets stable enough +Patch1: %{name}-disable-verity-compat-test.patch +Patch2: %{name}-2.2.0-remove-overlooked-config-scratching-from-reencryptio.patch + +%description +The cryptsetup package contains a utility for setting up +disk encryption using dm-crypt kernel module. + +%package devel +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +Requires: pkgconfig +Summary: Headers and libraries for using encrypted file systems +Provides: cryptsetup-luks-devel = %{version}-%{release} +Obsoletes: cryptsetup-luks-devel < 1.4.0 + +%description devel +The cryptsetup-devel package contains libraries and header files +used for writing code that makes use of disk encryption. + +%package libs +Group: System Environment/Libraries +Summary: Cryptsetup shared library +Provides: cryptsetup-luks-libs = %{version}-%{release} +Obsoletes: cryptsetup-luks-libs < 1.4.0 + +%description libs +This package contains the cryptsetup shared library, libcryptsetup. + +%package -n veritysetup +Group: Applications/System +Summary: A utility for setting up dm-verity volumes +Requires: cryptsetup-libs = %{version}-%{release} + +%description -n veritysetup +The veritysetup package contains a utility for setting up +disk verification using dm-verity kernel module. + +%package -n integritysetup +Group: Applications/System +Summary: A utility for setting up dm-integrity volumes +Requires: cryptsetup-libs = %{version}-%{release} + +%description -n integritysetup +The integritysetup package contains a utility for setting up +disk integrity protection using dm-integrity kernel module. + +%package reencrypt +Group: Applications/System +Summary: A utility for offline reencryption of LUKS encrypted disks. +Requires: cryptsetup-libs = %{version}-%{release} + +%description reencrypt +This package contains cryptsetup-reencrypt utility which +can be used for offline reencryption of disk in situ. + +%prep +%setup -q -n cryptsetup-%{upstream_version} +%patch1 -p1 +%patch2 -p1 +%patch0 -p1 +chmod -x misc/dracut_90reencrypt/* + +%build +%configure --enable-fips --enable-pwquality --enable-internal-sse-argon2 --with-crypto_backend=openssl --with-default-luks-format=LUKS2 +make %{?_smp_mflags} + +%install +make install DESTDIR=%{buildroot} +rm -rf %{buildroot}/%{_libdir}/*.la + +%find_lang cryptsetup + +%post -n cryptsetup-libs -p /sbin/ldconfig + +%postun -n cryptsetup-libs -p /sbin/ldconfig + +%files +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc AUTHORS FAQ docs/*ReleaseNotes +%{_mandir}/man8/cryptsetup.8.gz +%{_sbindir}/cryptsetup + +%files -n veritysetup +%{!?_licensedir:%global license %%doc} +%license COPYING +%{_mandir}/man8/veritysetup.8.gz +%{_sbindir}/veritysetup + +%files -n integritysetup +%{!?_licensedir:%global license %%doc} +%license COPYING +%{_mandir}/man8/integritysetup.8.gz +%{_sbindir}/integritysetup + +%files reencrypt +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc misc/dracut_90reencrypt +%{_mandir}/man8/cryptsetup-reencrypt.8.gz +%{_sbindir}/cryptsetup-reencrypt + +%files devel +%doc docs/examples/* +%{_includedir}/libcryptsetup.h +%{_libdir}/libcryptsetup.so +%{_libdir}/pkgconfig/libcryptsetup.pc + +%files libs -f cryptsetup.lang +%{!?_licensedir:%global license %%doc} +%license COPYING COPYING.LGPL +%{_libdir}/libcryptsetup.so.* +%{_tmpfilesdir}/cryptsetup.conf +%ghost %attr(700, -, -) %dir /run/cryptsetup + +%clean + +%changelog +* Fri Jun 14 2019 Ondrej Kozina - 2.2.0-0.2 +- Updates to reencryption feature. +- Resolves: #1676622 + +* Fri May 03 2019 Ondrej Kozina - 2.2.0-0.1 +- Update to cryptsetup 2.2.0 +- remove python bits from spec file. +- Resolves: #1676622 + +* Thu Mar 21 2019 Milan Broz - 2.0.6-2 +- Add gating tests. +- Resolves: #1682539 + +* Mon Dec 03 2018 Ondrej Kozina - 2.0.6-1 +- Update to cryptsetup 2.0.6 +- Enables all supported metadata sizes in LUKS2 validation code. +- Resolves: #1653383 + +* Fri Aug 10 2018 Ondrej Kozina - 2.0.4-2 +- patch: fix device alignment bug when processing hinted + value by device topology info. +- Resolves: #1614219 + +* Wed Aug 08 2018 Ondrej Kozina - 2.0.4-1 +- Update to cryptsetup 2.0.4. +- patch: Add RHEL system library paths in configure. +- patch: Increase default LUKS2 header size to 8 MiBs. +- patch: update tests to be compatible with larger headers. +- Set default format to LUKS2. +- Cleanup changelog. +- Resolves: #1564540 #1595257 #1595266 #1595881 #1600164 + +* Fri May 04 2018 Ondrej Kozina - 2.0.3-1 +- Update to cryptsetup 2.0.3. + +* Tue Mar 27 2018 Björn Esser - 2.0.2-2 +- Rebuilt for libjson-c.so.4 (json-c v0.13.1) on fc28 + +* Wed Mar 07 2018 Milan Broz - 2.0.2-1 +- Update to cryptsetup 2.0.2.