diff --git a/ecryptfs-utils-83-splitnss.patch b/ecryptfs-utils-83-splitnss.patch new file mode 100644 index 0000000..5041d3a --- /dev/null +++ b/ecryptfs-utils-83-splitnss.patch @@ -0,0 +1,86 @@ +diff -up ecryptfs-utils-83/src/libecryptfs/key_management.c.splitnss ecryptfs-utils-83/src/libecryptfs/key_management.c +--- ecryptfs-utils-83/src/libecryptfs/key_management.c.splitnss 2010-02-16 17:59:21.000000000 +0100 ++++ ecryptfs-utils-83/src/libecryptfs/key_management.c 2010-05-04 11:08:19.875872481 +0200 +@@ -133,28 +133,8 @@ out: + } + + +-int ecryptfs_remove_auth_tok_from_keyring(char *auth_tok_sig) +-{ +- int rc; ++#include "key_management.inc.c" + +- rc = (int)keyctl_search(KEY_SPEC_USER_KEYRING, "user", auth_tok_sig, 0); +- if (rc < 0) { +- rc = errno; +- syslog(LOG_ERR, "Failed to find key with sig [%s]: %m\n", +- auth_tok_sig); +- goto out; +- } +- rc = keyctl_unlink(rc, KEY_SPEC_USER_KEYRING); +- if (rc < 0) { +- rc = errno; +- syslog(LOG_ERR, "Failed to unlink key with sig [%s]: %s\n", +- auth_tok_sig, strerror(rc)); +- goto out; +- } +- rc = 0; +-out: +- return rc; +-} + int ecryptfs_add_auth_tok_to_keyring(struct ecryptfs_auth_tok *auth_tok, + char *auth_tok_sig) + { +diff -up ecryptfs-utils-83/src/libecryptfs/key_management.inc.c.splitnss ecryptfs-utils-83/src/libecryptfs/key_management.inc.c +--- ecryptfs-utils-83/src/libecryptfs/key_management.inc.c.splitnss 2010-05-04 11:08:19.875872481 +0200 ++++ ecryptfs-utils-83/src/libecryptfs/key_management.inc.c 2010-05-04 11:08:19.875872481 +0200 +@@ -0,0 +1,22 @@ ++int ecryptfs_remove_auth_tok_from_keyring(char *auth_tok_sig) ++{ ++ int rc; ++ ++ rc = (int)keyctl_search(KEY_SPEC_USER_KEYRING, "user", auth_tok_sig, 0); ++ if (rc < 0) { ++ rc = errno; ++ syslog(LOG_ERR, "Failed to find key with sig [%s]: %m\n", ++ auth_tok_sig); ++ goto out; ++ } ++ rc = keyctl_unlink(rc, KEY_SPEC_USER_KEYRING); ++ if (rc < 0) { ++ rc = errno; ++ syslog(LOG_ERR, "Failed to unlink key with sig [%s]: %s\n", ++ auth_tok_sig, strerror(rc)); ++ goto out; ++ } ++ rc = 0; ++out: ++ return rc; ++} +diff -up ecryptfs-utils-83/src/utils/Makefile.am.splitnss ecryptfs-utils-83/src/utils/Makefile.am +--- ecryptfs-utils-83/src/utils/Makefile.am.splitnss 2010-05-04 11:09:05.176554494 +0200 ++++ ecryptfs-utils-83/src/utils/Makefile.am 2010-05-04 11:09:05.200991500 +0200 +@@ -36,7 +36,7 @@ mount_ecryptfs_CFLAGS = $(AM_CFLAGS) $(K + mount_ecryptfs_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la $(KEYUTILS_LIBS) $(LIBGCRYPT_LIBS) + umount_ecryptfs_SOURCES = umount.ecryptfs.c + umount_ecryptfs_CFLAGS = $(AM_CFLAGS) $(KEYUTILS_CFLAGS) +-umount_ecryptfs_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la ++umount_ecryptfs_LDADD = -lkeyutils + ecryptfs_manager_SOURCES = manager.c io.c io.h gen_key.c + ecryptfs_manager_CFLAGS = $(AM_CFLAGS) $(KEYUTILS_CFLAGS) $(LIBGCRYPT_CFLAGS) + ecryptfs_manager_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la $(KEYUTILS_LIBS) $(LIBGCRYPT_LIBS) +diff -up ecryptfs-utils-83/src/utils/umount.ecryptfs.c.splitnss ecryptfs-utils-83/src/utils/umount.ecryptfs.c +--- ecryptfs-utils-83/src/utils/umount.ecryptfs.c.splitnss 2009-10-20 20:49:55.000000000 +0200 ++++ ecryptfs-utils-83/src/utils/umount.ecryptfs.c 2010-05-04 11:08:19.893867192 +0200 +@@ -24,7 +24,10 @@ + #include + #include + #include +-#include "ecryptfs.h" ++#include ++#include ++ ++#include "../libecryptfs/key_management.inc.c" + + static void usage() + { diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec index 5947286..fefc6fb 100644 --- a/ecryptfs-utils.spec +++ b/ecryptfs-utils.spec @@ -5,7 +5,7 @@ Name: ecryptfs-utils Version: 83 -Release: 4%{?dist} +Release: 5%{?dist} Summary: The eCryptfs mount helper and support libraries Group: System Environment/Base License: GPLv2+ @@ -23,11 +23,15 @@ Patch2: ecryptfs-utils-75-nocryptdisks.patch # rhbz#553629, fix usage of salt together with file_passwd Patch3: ecryptfs-utils-83-fixsalt.patch +# fedora/rhel specific, rhbz#486139, remove nss dependency from umount.ecryptfs +Patch4: ecryptfs-utils-83-splitnss.patch + BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Requires: keyutils, cryptsetup-luks, util-linux-ng BuildRequires: libgcrypt-devel keyutils-libs-devel openssl-devel pam-devel BuildRequires: trousers-devel nss-devel desktop-file-utils intltool BuildRequires: pkcs11-helper-devel +BuildRequires: automake autoconf libtool glib2-devel gettext-devel %description eCryptfs is a stacked cryptographic filesystem that ships in Linux @@ -62,9 +66,12 @@ the interface supplied by the ecryptfs-utils library. %patch1 -p1 -b .werror %patch2 -p1 -b .nocryptdisks %patch3 -p1 -b .fixsalt +%patch4 -p1 -b .splitnss %build export CFLAGS="$RPM_OPT_FLAGS -ggdb -O2 -Werror" +#we're modifing Makefile.am +autoreconf -fiv %configure --disable-rpath --enable-tspi --enable-nss --enable-pkcs11-helper make clean #disable rpath @@ -98,6 +105,12 @@ rm -f $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-record-passphrase %find_lang %{name} +%check +if ldd $RPM_BUILD_ROOT%{_sbindir}/umount.ecryptfs | grep -q '/usr/' +then + exit 1 +fi + %pre groupadd -r -f ecryptfs @@ -179,6 +192,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/ecryptfs-utils/_libecryptfs.so %changelog +* Tue May 04 2010 Michal Hlavinka - 83-5 +- remove nss dependency from umount.ecryptfs + * Fri Apr 16 2010 Michal Hlavinka - 83-4 - make salt working together with passwd_file