From 7beee0123225301bd56672d2d0fc8dbf40d0cd6b Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: May 21 2009 09:42:21 +0000 Subject: - removed executable permission from ecryptfs-dot-private (#500817) - require cryptsetup-luks for encrypted swap (#500824) - use blkid instead of vol_id (#500820) - don't rely on cryptdisks service (#500829) - add icon for Access-Your-Private-Data.desktop file --- diff --git a/.cvsignore b/.cvsignore index 35620f5..015596a 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1,2 @@ ecryptfs-utils_75.orig.tar.gz +ecryptfs-mount-private.png diff --git a/ecryptfs-utils-75-blkid.patch b/ecryptfs-utils-75-blkid.patch new file mode 100644 index 0000000..f7370b0 --- /dev/null +++ b/ecryptfs-utils-75-blkid.patch @@ -0,0 +1,13 @@ +=== modified file 'src/utils/ecryptfs-setup-swap' +--- src/utils/ecryptfs-setup-swap 2009-03-20 21:44:01 +0000 ++++ src/utils/ecryptfs-setup-swap 2009-05-18 17:02:55 +0000 +@@ -83,7 +83,7 @@ + fi + + # Make sure this is swap space +-if ! vol_id "$swap" | grep -qs "ID_FS_TYPE=swap"; then ++if ! blkid "$swap" | grep -qs "TYPE=.*swap"; then + error "[$swap] does not appear to be swap space" + fi + + diff --git a/ecryptfs-utils-75-nocryptdisks.patch b/ecryptfs-utils-75-nocryptdisks.patch new file mode 100644 index 0000000..abdc339 --- /dev/null +++ b/ecryptfs-utils-75-nocryptdisks.patch @@ -0,0 +1,20 @@ +=== modified file 'src/utils/ecryptfs-setup-swap' +--- src/utils/ecryptfs-setup-swap 2009-03-20 21:44:01 +0000 ++++ src/utils/ecryptfs-setup-swap 2009-05-19 14:50:01 +0000 +@@ -158,13 +158,5 @@ + # Add fstab entry + echo "/dev/mapper/cryptswap none swap sw 0 0" >> /etc/fstab + +-# Turn swap off +-swapoff -a +- +-# Restart cryptdisks +-/etc/init.d/cryptdisks restart +- +-# Turn the swap on +-swapon -a +- + info "Successfully setup encrypted swap!" ++info "This will take effect after reboot" +\ No newline at end of file + diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec index e1265ea..5faf954 100644 --- a/ecryptfs-utils.spec +++ b/ecryptfs-utils.spec @@ -21,8 +21,14 @@ Patch3: ecryptfs-utils-74-group.patch #required for ecryptfs-utils <= 75 Patch4: ecryptfs-utils-75-werror.patch +#taken from upstream, required for ecryptfs-utils <= 75, rhbz#500820 +Patch5: ecryptfs-utils-75-blkid.patch + +#rhbz#500829 +Patch6: ecryptfs-utils-75-nocryptdisks.patch + BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) -Requires: keyutils +Requires: keyutils, cryptsetup-luks, e2fsprogs BuildRequires: libgcrypt-devel keyutils-libs-devel openssl-devel pam-devel BuildRequires: trousers-devel nss-devel desktop-file-utils @@ -59,6 +65,8 @@ the interface supplied by the ecryptfs-utils library. %patch2 -p1 -b .build %patch3 -p1 -b .group %patch4 -p1 -b .werror +%patch5 -p0 -b .blkid +%patch6 -p0 -b .nocryptdisks %build export CFLAGS="$RPM_OPT_FLAGS -ggdb -O2 -Werror" @@ -79,16 +87,24 @@ find $RPM_BUILD_ROOT%{_libdir}/ -name '*.a' | xargs rm -f find $RPM_BUILD_ROOT%{_libdir}/ -name '*.la' | xargs rm -f rm -rf $RPM_BUILD_ROOT%{_docdir}/%{name} #install files Makefile forgot install +install -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.png printf "Encoding=UTF-8\n" >>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop printf "Encoding=UTF-8\n" >>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop +printf "Icon=%{_datadir}/%{name}/ecryptfs-mount-private.png\n" >>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop +printf "Icon=%{_datadir}/%{name}/ecryptfs-mount-private.png\n" >>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.desktop desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-setup-private.desktop +chmod +x $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.desktop +chmod +x $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-setup-private.desktop touch -r src/desktop/ecryptfs-mount-private.desktop \ $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.desktop touch -r src/desktop/ecryptfs-setup-private.desktop \ $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.desktop rm -f $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-record-passphrase +#ecryptfs-dot-private should be only sourced, not executed (#500817) +chmod -x $RPM_BUILD_ROOT%{_bindir}/ecryptfs-dot-private + %pre groupadd -r -f ecryptfs @@ -130,6 +146,7 @@ rm -rf $RPM_BUILD_ROOT %dir %{_datadir}/%{name} %{_datadir}/%{name}/ecryptfs-mount-private.txt %{_datadir}/%{name}/ecryptfs-mount-private.desktop +%{_datadir}/%{name}/ecryptfs-mount-private.png %{_datadir}/%{name}/ecryptfs-setup-private.desktop %{_mandir}/man1/ecryptfs-add-passphrase.1.gz %{_mandir}/man1/ecryptfs-generate-tpm-key.1.gz @@ -167,6 +184,13 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/ecryptfs-utils/_libecryptfs.so %changelog +* Thu May 21 2009 Michal Hlavinka 75-1 +- removed executable permission from ecryptfs-dot-private (#500817) +- require cryptsetup-luks for encrypted swap (#500824) +- use blkid instead of vol_id (#500820) +- don't rely on cryptdisks service (#500829) +- add icon for Access-Your-Private-Data.desktop file + * Mon May 04 2009 Michal Hlavinka 75-1 - updated to 75 - restrict mount.ecryptfs_private to ecryptfs group members only diff --git a/sources b/sources index 44a52e3..5196ee6 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ 2c4e8be38d1ea8cadd9f870f15430f07 ecryptfs-utils_75.orig.tar.gz +e612ddb9ccb17f8fec79df26e626a8c6 ecryptfs-mount-private.png