diff --git a/.volume_key.metadata b/.volume_key.metadata new file mode 100644 index 0000000..2f22f75 --- /dev/null +++ b/.volume_key.metadata @@ -0,0 +1 @@ +e5ea5eb76457d60acdfbc0e47152de044e11e54f SOURCES/volume_key-0.3.9.tar.xz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/volume_key-0.3.9-fips-crash.patch b/SOURCES/volume_key-0.3.9-fips-crash.patch new file mode 100644 index 0000000..0f79d4e --- /dev/null +++ b/SOURCES/volume_key-0.3.9-fips-crash.patch @@ -0,0 +1,33 @@ +This case can be triggered by encrypting in FIPS mode, where the default +algorithm is unsupported and gpg crashes in response. + +diff --git a/lib/crypto.c b/lib/crypto.c +index 06eb482..905d583 100644 +--- a/lib/crypto.c ++++ b/lib/crypto.c +@@ -709,6 +709,12 @@ encrypt_with_passphrase (size_t *res_size, const void *data, size_t size, + } + gpgme_data_release (src_data); + gpgme_res = gpgme_data_release_and_get_mem (dest_data, res_size); ++ if (gpgme_res == NULL) ++ { ++ g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_CRYPTO, ++ _("Unknown error getting encryption result")); ++ goto err_ctx; ++ } + res = g_memdup (gpgme_res, *res_size); + gpgme_free (gpgme_res); + +@@ -759,6 +765,12 @@ decrypt_with_passphrase (size_t *res_size, const void *data, size_t size, + } + gpgme_data_release (src_data); + gpgme_res = gpgme_data_release_and_get_mem (dest_data, res_size); ++ if (gpgme_res == NULL) ++ { ++ g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_CRYPTO, ++ _("Unknown error getting decryption result")); ++ goto err_ctx; ++ } + res = g_memdup (gpgme_res, *res_size); + gpgme_free (gpgme_res); + diff --git a/SPECS/volume_key.spec b/SPECS/volume_key.spec new file mode 100644 index 0000000..4bf656a --- /dev/null +++ b/SPECS/volume_key.spec @@ -0,0 +1,222 @@ +%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} + +Summary: An utility for manipulating storage encryption keys and passphrases +Name: volume_key +Version: 0.3.9 +Release: 3%{?dist} +License: GPLv2 +Group: Applications/System +URL: https://fedorahosted.org/volume_key/ +Requires: volume_key-libs%{?_isa} = %{version}-%{release} + +Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz +# Upstream commit 04991fe8c4f77c4e5c7874c2db8ca32fb4655f6e +Patch1: volume_key-0.3.9-fips-crash.patch +BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg +BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel + +%description +This package provides a command-line tool for manipulating storage volume +encryption keys and storing them separately from volumes. + +The main goal of the software is to allow restoring access to an encrypted +hard drive if the primary user forgets the passphrase. The encryption key +back up can also be useful for extracting data after a hardware or software +failure that corrupts the header of the encrypted volume, or to access the +company data after an employee leaves abruptly. + +%package devel +Summary: A library for manipulating storage encryption keys and passphrases +Group: Development/Libraries +Requires: volume_key-libs%{?_isa} = %{version}-%{release} + +%description devel +This package provides libvolume_key, a library for manipulating storage volume +encryption keys and storing them separately from volumes. + +The main goal of the software is to allow restoring access to an encrypted +hard drive if the primary user forgets the passphrase. The encryption key +back up can also be useful for extracting data after a hardware or software +failure that corrupts the header of the encrypted volume, or to access the +company data after an employee leaves abruptly. + +%package libs +Summary: A library for manipulating storage encryption keys and passphrases +Group: System Environment/Libraries +Requires: /usr/bin/gpg + +%description libs +This package provides libvolume_key, a library for manipulating storage volume +encryption keys and storing them separately from volumes. + +The main goal of the software is to allow restoring access to an encrypted +hard drive if the primary user forgets the passphrase. The encryption key +back up can also be useful for extracting data after a hardware or software +failure that corrupts the header of the encrypted volume, or to access the +company data after an employee leaves abruptly. + +%package -n python-volume_key +Summary: Python bindings for libvolume_key +Group: System Environment/Libraries +Requires: volume_key-libs%{?_isa} = %{version}-%{release} + +%description -n python-volume_key +This package provides Python bindings for libvolume_key, a library for +manipulating storage volume encryption keys and storing them separately from +volumes. + +The main goal of the software is to allow restoring access to an encrypted +hard drive if the primary user forgets the passphrase. The encryption key +back up can also be useful for extracting data after a hardware or software +failure that corrupts the header of the encrypted volume, or to access the +company data after an employee leaves abruptly. + +volume_key currently supports only the LUKS volume encryption format. Support +for other formats is possible, some formats are planned for future releases. + +%prep +%setup -q + +%patch1 -p1 -b .fips-crash + +%build +%configure +make %{?_smp_mflags} + +%install +make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' + +%find_lang volume_key + +%clean +rm -rf $RPM_BUILD_ROOT + +%post libs -p /sbin/ldconfig +%postun libs -p /sbin/ldconfig + +%files +%defattr(-,root,root,-) +%doc README contrib +%{_bindir}/volume_key +%{_mandir}/man8/volume_key.8* + +%files devel +%defattr(-,root,root,-) +%{_includedir}/volume_key +%exclude %{_libdir}/libvolume_key.la +%{_libdir}/libvolume_key.so + +%files libs -f volume_key.lang +%defattr(-,root,root,-) +%doc AUTHORS COPYING ChangeLog NEWS +%{_libdir}/libvolume_key.so.* + +%files -n python-volume_key +%defattr(-,root,root,-) +%exclude %{python_sitearch}/_volume_key.la +%{python_sitearch}/_volume_key.so +%{python_sitearch}/volume_key.py* + +%changelog +* Fri Feb 15 2013 Fedora Release Engineering - 0.3.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Thu Nov 22 2012 Miloslav Trmač - 0.3.9-2 +- Fix a crash when trying to use passphrase encryption in FIPS mode + +* Sat Sep 22 2012 Miloslav Trmač - 0.3.9-1 +- Update to volume_key-0.3.9 + +* Mon Aug 6 2012 Miloslav Trmač - 0.3.8-4 +- Use BuildRequires: /usr/bin/gpg instead of gnupg, for compatibility with RHEL + +* Mon Jul 23 2012 Miloslav Trmač - 0.3.8-3 +- Add Requires: /usr/bin/gpg + Resolves: #842074 + +* Sun Jul 22 2012 Fedora Release Engineering - 0.3.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sat Mar 3 2012 Miloslav Trmač - 0.3.8-1 +- Update to volume_key-0.3.8 + +* Sat Jan 14 2012 Fedora Release Engineering - 0.3.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri Oct 14 2011 Miloslav Trmač - 0.3.7-2 +- Rebuild with newer libcryptsetup + +* Wed Aug 24 2011 Miloslav Trmač - 0.3.7-1 +- Update to volume_key-0.3.7 + +* Fri Jun 10 2011 Miloslav Trmač - 0.3.6-2 +- Fix a typo + Resolves: #712256 + +* Thu Mar 31 2011 Miloslav Trmač - 0.3.6-1 +- Update to volume_key-0.3.6 + +* Mon Feb 07 2011 Fedora Release Engineering - 0.3.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Feb 4 2011 Miloslav Trmač - 0.3.5-2 +- Use %%{?_isa} in Requires: + +* Wed Nov 24 2010 Miloslav Trmač - 0.3.5-1 +- Update to volume_key-0.3.5 + +* Mon Oct 18 2010 Miloslav Trmač - 0.3.4-4 +- Tell the user if asking for the same passphrase again + Resolves: #641111 +- Check certificate file before interacting with the user + Resolves: #643897 + +* Fri Oct 8 2010 Miloslav Trmač - 0.3.4-3 +- Make it possible to interrupt password prompts + Resolves: #641111 + +* Wed Sep 29 2010 Miloslav Trmač - 0.3.4-2 +- Clarify which block device should be passed as an argument + Resolves: #636541 +- Recognize SSL error messages from NSS as well + Resolves: #638732 + +* Fri Aug 27 2010 Miloslav Trmač - 0.3.4-1 +- Update to volume_key-0.3.4 + +* Mon Jul 26 2010 Miloslav Trmač - 0.3.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Thu Jul 22 2010 Miloslav Trmač - 0.3.3-3 +- Fix build with new gpgme + +* Thu Jul 22 2010 David Malcolm - 0.3.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Fri Mar 26 2010 Miloslav Trmač - 0.3.3-1 +- Update to volume_key-0.3.3 + +* Thu Mar 4 2010 Miloslav Trmač - 0.3.2-1 +- Update to volume_key-0.3.2 +- Drop no longer necessary references to BuildRoot: + +* Fri Feb 5 2010 Miloslav Trmač - 0.3.1-2 +- Fix a crash when an empty passphrase is provided + Resolves: #558410 + +* Fri Dec 11 2009 Miloslav Trmač - 0.3.1-1 +- Update to volume_key-0.3.1. + +* Wed Sep 30 2009 Miloslav Trmač - 0.3-1 +- Update to volume_key-0.3. +- Drop bundled libcryptsetup. + +* Sat Aug 8 2009 Miloslav Trmač - 0.2-3 +- Handle changed "TYPE=crypto_LUKS" from libblkid +- Preserve file timestamps during installation + +* Sun Jul 26 2009 Fedora Release Engineering - 0.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Jun 30 2009 Miloslav Trmač - 0.2-1 +- Initial build.