* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/, sys-fs/cryptsetup/files/
@ 2018-11-02 18:21 William Hubbs
0 siblings, 0 replies; 9+ messages in thread
From: William Hubbs @ 2018-11-02 18:21 UTC (permalink / raw
To: gentoo-commits
commit: 17664fa2cfb06baec8074fc39c0f71a039db7cd3
Author: William Hubbs <williamh <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 2 18:17:40 2018 +0000
Commit: William Hubbs <williamh <AT> gentoo <DOT> org>
CommitDate: Fri Nov 2 18:21:02 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=17664fa2
sys-fs/cryptsetup: 2.0.5-r1 bump
Closes: https://bugs.gentoo.org/601448
Closes: https://bugs.gentoo.org/651998
Package-Manager: Portage-2.3.49, Repoman-2.3.11
Signed-off-by: William Hubbs <williamh <AT> gentoo.org>
sys-fs/cryptsetup/cryptsetup-2.0.5-r1.ebuild | 130 ++++++++++
sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd | 115 +++++++++
sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc | 340 +++++++++++++++++++++++++++
3 files changed, 585 insertions(+)
diff --git a/sys-fs/cryptsetup/cryptsetup-2.0.5-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.0.5-r1.ebuild
new file mode 100644
index 00000000000..5f5526582fe
--- /dev/null
+++ b/sys-fs/cryptsetup/cryptsetup-2.0.5-r1.ebuild
@@ -0,0 +1,130 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_{4,5,6,7}} )
+
+inherit autotools python-single-r1 linux-info libtool eapi7-ver
+
+DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
+HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
+SRC_URI="mirror://kernel/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
+
+LICENSE="GPL-2+"
+SLOT="0/12" # libcryptsetup.so version
+[[ ${PV} != *_rc* ]] && \
+KEYWORDS="~amd64 ~arm64 ~mips ~s390 ~sh ~sparc ~x86"
+CRYPTO_BACKENDS="+gcrypt kernel nettle openssl"
+# we don't support nss since it doesn't allow cryptsetup to be built statically
+# and it's missing ripemd160 support so it can't provide full backward compatibility
+IUSE="${CRYPTO_BACKENDS} +argon2 libressl nls pwquality python reencrypt static static-libs +udev urandom"
+REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
+ python? ( ${PYTHON_REQUIRED_USE} )
+ static? ( !gcrypt )" #496612
+
+LIB_DEPEND="
+ dev-libs/json-c:=[static-libs(+)]
+ dev-libs/libgpg-error[static-libs(+)]
+ dev-libs/popt[static-libs(+)]
+ >=sys-apps/util-linux-2.31-r1[static-libs(+)]
+ argon2? ( app-crypt/argon2:=[static-libs(+)] )
+ gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
+ nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
+ openssl? (
+ !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
+ libressl? ( dev-libs/libressl:=[static-libs(+)] )
+ )
+ pwquality? ( dev-libs/libpwquality[static-libs(+)] )
+ sys-fs/lvm2[static-libs(+)]
+ udev? ( virtual/libudev[static-libs(+)] )"
+# We have to always depend on ${LIB_DEPEND} rather than put behind
+# !static? () because we provide a shared library which links against
+# these other packages. #414665
+RDEPEND="static-libs? ( ${LIB_DEPEND} )
+ ${LIB_DEPEND//\[static-libs\(+\)\]}
+ python? ( ${PYTHON_DEPS} )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig
+ static? ( ${LIB_DEPEND} )"
+
+S="${WORKDIR}/${P/_/-}"
+
+PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch )
+
+pkg_setup() {
+ local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
+ local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
+ local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
+ local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
+ local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
+ check_extra_config
+}
+
+src_prepare() {
+ sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
+ default
+ eautoreconf
+}
+
+src_configure() {
+ if use kernel ; then
+ ewarn "Note that kernel backend is very slow for this type of operation"
+ ewarn "and is provided mainly for embedded systems wanting to avoid"
+ ewarn "userspace crypto libraries."
+ fi
+
+ use python && python_setup
+
+ # We disable autotool python integration so we can use eclasses
+ # for proper integration with multiple python versions.
+ local myeconfargs=(
+ --disable-internal-argon2
+ --enable-shared
+ --sbindir=/sbin
+ # for later use
+ # --with-default-luks-format=LUKS2
+ --with-tmpfilesdir="${EPREFIX%/}/usr/lib/tmpfiles.d"
+ --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
+ $(use_enable argon2 libargon2)
+ $(use_enable nls)
+ $(use_enable pwquality)
+ $(use_enable python)
+ $(use_enable reencrypt cryptsetup-reencrypt)
+ $(use_enable static static-cryptsetup)
+ $(use_enable static-libs static)
+ $(use_enable udev)
+ $(use_enable !urandom dev-random)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ if [[ ! -e /dev/mapper/control ]] ; then
+ ewarn "No /dev/mapper/control found -- skipping tests"
+ return 0
+ fi
+
+ local p
+ for p in /dev/mapper /dev/loop* ; do
+ addwrite ${p}
+ done
+
+ default
+}
+
+src_install() {
+ default
+
+ if use static ; then
+ mv "${ED%}"/sbin/cryptsetup{.static,} || die
+ mv "${ED%}"/sbin/veritysetup{.static,} || die
+ use reencrypt && { mv "${ED%}"/sbin/cryptsetup-reencrypt{.static,} || die ; }
+ fi
+ find "${ED}" -name "*.la" -delete || die
+
+ dodoc docs/v*ReleaseNotes
+
+ newconfd "${FILESDIR}"/2.0.5-dmcrypt.confd dmcrypt
+ newinitd "${FILESDIR}"/2.0.5-dmcrypt.rc dmcrypt
+}
diff --git a/sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd
new file mode 100644
index 00000000000..977d4b3172d
--- /dev/null
+++ b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.confd
@@ -0,0 +1,115 @@
+# /etc/conf.d/dmcrypt
+
+# For people who run dmcrypt on top of some other layer (like raid),
+# use rc_need to specify that requirement. See the runscript(8) man
+# page for more information.
+
+# Along the same lines, if dmcrypt needs to be running before
+# localmount or netmount, please use rc_before to specify this
+# requirement.
+
+#--------------------
+# Instructions
+#--------------------
+
+# Note regarding the syntax of this file. This file is *almost* bash,
+# but each line is evaluated separately. Separate swaps/targets can be
+# specified. The init-script which reads this file assumes that a
+# swap= or target= line starts a new section, similar to lilo or grub
+# configuration.
+
+# Note when using gpg keys and /usr on a separate partition, you will
+# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly
+# and ensure that gpg has been compiled statically.
+# See http://bugs.gentoo.org/90482 for more information.
+
+# Note that the init-script which reads this file detects whether your
+# partition is LUKS or not. No mkfs is run unless you specify a makefs
+# option.
+
+# Global options:
+#----------------
+
+# How long to wait for each timeout (in seconds).
+dmcrypt_key_timeout=1
+
+# Max number of checks to perform (see dmcrypt_key_timeout).
+#dmcrypt_max_timeout=300
+
+# Number of password retries.
+dmcrypt_retries=5
+
+# Arguments:
+#-----------
+# target=<name> == Mapping name for partition.
+# swap=<name> == Mapping name for swap partition.
+# source='<dev>' == Real device for partition.
+# Note: You can (and should) specify a tag like UUID
+# for blkid (see -t option). This is safer than using
+# the full path to the device.
+# key='</path/to/keyfile>[:<mode>]' == Fullpath from / or from inside removable media.
+# remdev='<dev>' == Device that will be assigned to removable media.
+# gpg_options='<opts>' == Default are --quiet --decrypt
+# options='<opts>' == cryptsetup, for LUKS you can only use --readonly
+# loop_file='<file>' == Loopback file.
+# Note: If you omit $source, then a free loopback will
+# be looked up automatically.
+# pre_mount='cmds' == commands to execute before mounting partition.
+# post_mount='cmds' == commands to execute after mounting partition.
+#-----------
+# Supported Modes
+# gpg == decrypt and pipe key into cryptsetup.
+# Note: new-line character must not be part of key.
+# Command to erase \n char: 'cat key | tr -d '\n' > cleanKey'
+
+#--------------------
+# dm-crypt examples
+#--------------------
+
+## swap
+# Swap partitions. These should come first so that no keys make their
+# way into unencrypted swap.
+# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
+# If no makefs is given then mkswap will be assumed
+#swap=crypt-swap
+#source='/dev/hda2'
+
+## /home with passphrase
+#target=crypt-home
+#source='/dev/hda5'
+
+## /home with regular keyfile
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey'
+
+## /home with gpg protected key
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey:gpg'
+
+## /home with regular keyfile on removable media(such as usb-stick)
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey'
+#remdev='/dev/sda1'
+
+## /home with gpg protected key on removable media(such as usb-stick)
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey:gpg'
+#remdev='/dev/sda1'
+
+## /tmp with regular keyfile
+#target=crypt-tmp
+#source='/dev/hda6'
+#key='/full/path/to/tmpkey'
+#pre_mount='/sbin/mkreiserfs -f -f ${dev}'
+#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'
+
+## Loopback file example
+#target='crypt-loop-home'
+#source='/dev/loop0'
+#loop_file='/mnt/crypt/home'
+
+# The file must be terminated by a newline. Or leave this comment last.
diff --git a/sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc
new file mode 100644
index 00000000000..555d216b50d
--- /dev/null
+++ b/sys-fs/cryptsetup/files/2.0.5-dmcrypt.rc
@@ -0,0 +1,340 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ after keymaps
+ before checkfs fsck
+
+ if grep -qs ^swap= "${conf_file}" ; then
+ before swap
+ fi
+}
+
+# We support multiple dmcrypt instances based on $SVCNAME
+conf_file="/etc/conf.d/${SVCNAME}"
+
+# Get splash helpers if available.
+if [ -e /sbin/splash-functions.sh ] ; then
+ . /sbin/splash-functions.sh
+fi
+
+# Setup mappings for an individual target/swap
+# Note: This relies on variables localized in the main body below.
+dm_crypt_execute() {
+ local dev ret mode foo
+
+ if [ -z "${target}" -a -z "${swap}" ] ; then
+ return
+ fi
+
+ # Set up default values.
+ : ${dmcrypt_key_timeout:=1}
+ : ${dmcrypt_max_timeout:=300}
+ : ${dmcrypt_retries:=5}
+
+ # Handle automatic look up of the source path.
+ if [ -z "${source}" -a -n "${loop_file}" ] ; then
+ source=$(losetup --show -f "${loop_file}")
+ fi
+ case ${source} in
+ *=*)
+ source=$(blkid -l -t "${source}" -o device)
+ ;;
+ esac
+ if [ -z "${source}" ] || [ ! -e "${source}" ] ; then
+ ewarn "source \"${source}\" for ${target} missing, skipping..."
+ return
+ fi
+
+ if [ -n "${target}" ] ; then
+ # let user set options, otherwise leave empty
+ : ${options:=' '}
+ elif [ -n "${swap}" ] ; then
+ if cryptsetup isLuks ${source} 2>/dev/null ; then
+ ewarn "The swap you have defined is a LUKS partition. Aborting crypt-swap setup."
+ return
+ fi
+ target=${swap}
+ # swap contents do not need to be preserved between boots, luks not required.
+ # suspend2 users should have initramfs's init handling their swap partition either way.
+ : ${options:='-c aes -h sha1 -d /dev/urandom'}
+ : ${pre_mount:='mkswap ${dev}'}
+ fi
+
+ if [ -n "${loop_file}" ] ; then
+ dev="/dev/mapper/${target}"
+ ebegin " Setting up loop device ${source}"
+ losetup ${source} ${loop_file}
+ fi
+
+ # cryptsetup:
+ # open <device> <name> # <device> is $source
+ # create <name> <device> # <name> is $target
+ local arg1="create" arg2="${target}" arg3="${source}"
+ if cryptsetup isLuks ${source} 2>/dev/null ; then
+ arg1="open"
+ arg2="${source}"
+ arg3="${target}"
+ fi
+
+ # Older versions reported:
+ # ${target} is active:
+ # Newer versions report:
+ # ${target} is active[ and is in use.]
+ if cryptsetup status ${target} | egrep -q ' is active' ; then
+ einfo "dm-crypt mapping ${target} is already configured"
+ return
+ fi
+ splash svc_input_begin ${SVCNAME} >/dev/null 2>&1
+
+ # Handle keys
+ if [ -n "${key}" ] ; then
+ read_abort() {
+ # some colors
+ local ans savetty resettty
+ [ -z "${NORMAL}" ] && eval $(eval_ecolors)
+ einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
+ shift
+ # This is ugly as s**t. But POSIX doesn't provide `read -t`, so
+ # we end up having to implement our own crap with stty/etc...
+ savetty=$(stty -g)
+ resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
+ trap 'eval "${resettty}"' EXIT HUP INT TERM
+ stty -icanon
+ stty min 0 time "$(( $2 * 10 ))"
+ ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
+ eval "${resettty}"
+ if [ -z "${ans}" ] ; then
+ printf '\r'
+ else
+ echo
+ fi
+ case ${ans} in
+ [yY]) return 0;;
+ *) return 1;;
+ esac
+ }
+
+ # Notes: sed not used to avoid case where /usr partition is encrypted.
+ mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
+ key=${key%:*}
+ case "${mode}" in
+ gpg|reg)
+ # handle key on removable device
+ if [ -n "${remdev}" ] ; then
+ # temp directory to mount removable device
+ local mntrem="${RC_SVCDIR}/dm-crypt-remdev.$$"
+ if [ ! -d "${mntrem}" ] ; then
+ if ! mkdir -p "${mntrem}" ; then
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: Unable to create temporary mount point '${mntrem}'"
+ return
+ fi
+ fi
+ i=0
+ einfo "Please insert removable device for ${target}"
+ while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do
+ foo=""
+ if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
+ # keyfile exists?
+ if [ ! -e "${mntrem}${key}" ] ; then
+ umount -n "${mntrem}"
+ rmdir "${mntrem}"
+ einfo "Cannot find ${key} on removable media."
+ read_abort "Abort" ${dmcrypt_key_timeout} && return
+ else
+ key="${mntrem}${key}"
+ break
+ fi
+ else
+ [ -e "${remdev}" ] \
+ && foo="mount failed" \
+ || foo="mount source not found"
+ fi
+ : $((i += 1))
+ read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
+ done
+ else # keyfile ! on removable device
+ if [ ! -e "${key}" ] ; then
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: keyfile ${key} does not exist."
+ return
+ fi
+ fi
+ ;;
+ *)
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: mode ${mode} is invalid."
+ return
+ ;;
+ esac
+ else
+ mode=none
+ fi
+ ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3}"
+ if [ "${mode}" = "gpg" ] ; then
+ : ${gpg_options:='-q -d'}
+ # gpg available ?
+ if command -v gpg >/dev/null ; then
+ i=0
+ while [ ${i} -lt ${dmcrypt_retries} ] ; do
+ # paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
+ # save stdin stdout stderr "values"
+ timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \
+ cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}
+ ret=$?
+ # The timeout command exits 124 when it times out.
+ [ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
+ : $(( i += 1 ))
+ done
+ eend ${ret} "failure running cryptsetup"
+ else
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: cannot find gpg application."
+ einfo "You have to install app-crypt/gnupg first."
+ einfo "If you have /usr on its own partition, try copying gpg to /bin ."
+ fi
+ else
+ if [ "${mode}" = "reg" ] ; then
+ cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}
+ ret=$?
+ eend ${ret} "failure running cryptsetup"
+ else
+ cryptsetup ${options} ${arg1} ${arg2} ${arg3}
+ ret=$?
+ eend ${ret} "failure running cryptsetup"
+ fi
+ fi
+ if [ -d "${mntrem}" ] ; then
+ umount -n ${mntrem} 2>/dev/null >/dev/null
+ rmdir ${mntrem} 2>/dev/null >/dev/null
+ fi
+ splash svc_input_end ${SVCNAME} >/dev/null 2>&1
+
+ if [ ${ret} -ne 0 ] ; then
+ cryptfs_status=1
+ else
+ if [ -n "${pre_mount}" ] ; then
+ dev="/dev/mapper/${target}"
+ eval ebegin \"" pre_mount: ${pre_mount}"\"
+ eval "${pre_mount}" > /dev/null
+ ewend $? || cryptfs_status=1
+ fi
+ fi
+}
+
+# Lookup optional bootparams
+get_bootparam_val() {
+ # We're given something like:
+ # foo=bar=cow
+ # Return the "bar=cow" part.
+ case $1 in
+ *=*)
+ echo "${1#*=}"
+ ;;
+ esac
+}
+
+start() {
+ local header=true cryptfs_status=0
+ local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev
+
+ local x
+ for x in $(cat /proc/cmdline) ; do
+ case "${x}" in
+ key_timeout=*)
+ dmcrypt_key_timeout=$(get_bootparam_val "${x}")
+ ;;
+ esac
+ done
+
+ while read targetline <&3 ; do
+ case ${targetline} in
+ # skip comments and blank lines
+ ""|"#"*) continue ;;
+ # skip service-specific openrc configs #377927
+ rc_*) continue ;;
+ esac
+
+ ${header} && ebegin "Setting up dm-crypt mappings"
+ header=false
+
+ # check for the start of a new target/swap
+ case ${targetline} in
+ target=*|swap=*)
+ # If we have a target queued up, then execute it
+ dm_crypt_execute
+
+ # Prepare for the next target/swap by resetting variables
+ unset gpg_options key loop_file target options pre_mount post_mount source swap remdev
+ ;;
+
+ gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*)
+ if [ -z "${target}${swap}" ] ; then
+ ewarn "Ignoring setting outside target/swap section: ${targetline}"
+ continue
+ fi
+ ;;
+
+ dmcrypt_*=*)
+ # ignore global options
+ continue
+ ;;
+
+ *)
+ ewarn "Skipping invalid line in ${conf_file}: ${targetline}"
+ ;;
+ esac
+
+ # Queue this setting for the next call to dm_crypt_execute
+ eval "${targetline}"
+ done 3< ${conf_file}
+
+ # If we have a target queued up, then execute it
+ dm_crypt_execute
+
+ ewend ${cryptfs_status} "Failed to setup dm-crypt devices"
+}
+
+stop() {
+ local line header
+
+ # Break down all mappings
+ header=true
+ egrep "^(target|swap)=" ${conf_file} | \
+ while read line ; do
+ ${header} && einfo "Removing dm-crypt mappings"
+ header=false
+
+ target= swap=
+ eval ${line}
+
+ [ -n "${swap}" ] && target=${swap}
+ if [ -z "${target}" ] ; then
+ ewarn "invalid line in ${conf_file}: ${line}"
+ continue
+ fi
+
+ ebegin " ${target}"
+ cryptsetup remove ${target}
+ eend $?
+ done
+
+ # Break down loop devices
+ header=true
+ grep '^source=./dev/loop' ${conf_file} | \
+ while read line ; do
+ ${header} && einfo "Detaching dm-crypt loop devices"
+ header=false
+
+ source=
+ eval ${line}
+
+ ebegin " ${source}"
+ losetup -d "${source}"
+ eend $?
+ done
+
+ return 0
+}
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/, sys-fs/cryptsetup/files/
@ 2022-10-28 20:09 Sam James
0 siblings, 0 replies; 9+ messages in thread
From: Sam James @ 2022-10-28 20:09 UTC (permalink / raw
To: gentoo-commits
commit: 53d136993ca49ab1b44ddce96648ce5f1202c15b
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 28 20:06:36 2022 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Fri Oct 28 20:09:26 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=53d13699
sys-fs/cryptsetup: drop 2.4.3
Signed-off-by: Sam James <sam <AT> gentoo.org>
sys-fs/cryptsetup/cryptsetup-2.4.3.ebuild | 136 -----------
sys-fs/cryptsetup/files/2.4.0-dmcrypt.confd | 112 ---------
sys-fs/cryptsetup/files/2.4.0-dmcrypt.rc | 350 ----------------------------
3 files changed, 598 deletions(-)
diff --git a/sys-fs/cryptsetup/cryptsetup-2.4.3.ebuild b/sys-fs/cryptsetup/cryptsetup-2.4.3.ebuild
deleted file mode 100644
index 79282c022d79..000000000000
--- a/sys-fs/cryptsetup/cryptsetup-2.4.3.ebuild
+++ /dev/null
@@ -1,136 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit linux-info tmpfiles
-
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
-SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0/12" # libcryptsetup.so version
-[[ ${PV} != *_rc* ]] && \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
-# we don't support nss since it doesn't allow cryptsetup to be built statically
-# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt ssh static static-libs test +udev urandom"
-RESTRICT="!test? ( test )"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- static? ( !gcrypt !ssh !udev )" # 496612, 832711
-
-LIB_DEPEND="
- dev-libs/json-c:=[static-libs(+)]
- dev-libs/popt[static-libs(+)]
- >=sys-apps/util-linux-2.31-r1[static-libs(+)]
- argon2? ( app-crypt/argon2:=[static-libs(+)] )
- gcrypt? (
- dev-libs/libgcrypt:0=[static-libs(+)]
- dev-libs/libgpg-error[static-libs(+)]
- )
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
- openssl? ( dev-libs/openssl:0=[static-libs(+)] )
- pwquality? ( dev-libs/libpwquality[static-libs(+)] )
- ssh? ( net-libs/libssh[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]"
-# We have to always depend on ${LIB_DEPEND} rather than put behind
-# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\([+-]\)\]}
- udev? ( virtual/libudev:= )"
-# vim-core needed for xxd in tests
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )
- test? ( app-editors/vim-core )"
-BDEPEND="
- virtual/pkgconfig
-"
-
-S="${WORKDIR}/${P/_/-}"
-
-pkg_setup() {
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
- check_extra_config
-}
-
-src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- default
-}
-
-src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
- local myeconfargs=(
- --disable-internal-argon2
- --enable-shared
- --sbindir=/sbin
- # for later use
- --with-default-luks-format=LUKS2
- --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d"
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
- $(use_enable argon2 libargon2)
- $(use_enable nls)
- $(use_enable pwquality)
- $(use_enable reencrypt cryptsetup-reencrypt)
- $(use_enable !static external-tokens)
- $(use_enable static static-cryptsetup)
- $(use_enable static-libs static)
- $(use_enable udev)
- $(use_enable !urandom dev-random)
- $(use_enable ssh ssh-token)
- $(usex argon2 '' '--with-luks2-pbkdf=pbkdf2')
- )
- econf "${myeconfargs[@]}"
-}
-
-src_test() {
- if [[ ! -e /dev/mapper/control ]] ; then
- ewarn "No /dev/mapper/control found -- skipping tests"
- return 0
- fi
-
- local p
- for p in /dev/mapper /dev/loop* ; do
- addwrite ${p}
- done
-
- default
-}
-
-src_install() {
- default
-
- if use static ; then
- mv "${ED}"/sbin/cryptsetup{.static,} || die
- mv "${ED}"/sbin/veritysetup{.static,} || die
- mv "${ED}"/sbin/integritysetup{.static,} || die
- if use ssh ; then
- mv "${ED}"/sbin/cryptsetup-ssh{.static,} || die
- fi
- if use reencrypt ; then
- mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die
- fi
- fi
- find "${ED}" -type f -name "*.la" -delete || die
-
- dodoc docs/v*ReleaseNotes
-
- newconfd "${FILESDIR}"/2.4.0-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/2.4.0-dmcrypt.rc dmcrypt
-}
-
-pkg_postinst() {
- tmpfiles_process cryptsetup.conf
-}
diff --git a/sys-fs/cryptsetup/files/2.4.0-dmcrypt.confd b/sys-fs/cryptsetup/files/2.4.0-dmcrypt.confd
deleted file mode 100644
index 96c523e0f954..000000000000
--- a/sys-fs/cryptsetup/files/2.4.0-dmcrypt.confd
+++ /dev/null
@@ -1,112 +0,0 @@
-# /etc/conf.d/dmcrypt
-
-# For people who run dmcrypt on top of some other layer (like raid),
-# use rc_need to specify that requirement. See the runscript(8) man
-# page for more information.
-
-#--------------------
-# Instructions
-#--------------------
-
-# Note regarding the syntax of this file. This file is *almost* bash,
-# but each line is evaluated separately. Separate swaps/targets can be
-# specified. The init-script which reads this file assumes that a
-# swap= or target= line starts a new section, similar to lilo or grub
-# configuration.
-
-# Note when using gpg keys and /usr on a separate partition, you will
-# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly
-# and ensure that gpg has been compiled statically.
-# See http://bugs.gentoo.org/90482 for more information.
-
-# Note that the init-script which reads this file detects whether your
-# partition is LUKS or not. No mkfs is run unless you specify a makefs
-# option.
-
-# Global options:
-#----------------
-
-# How long to wait for each timeout (in seconds).
-dmcrypt_key_timeout=1
-
-# Max number of checks to perform (see dmcrypt_key_timeout).
-#dmcrypt_max_timeout=300
-
-# Number of password retries.
-dmcrypt_retries=5
-
-# Arguments:
-#-----------
-# target=<name> == Mapping name for partition.
-# swap=<name> == Mapping name for swap partition.
-# source='<dev>' == Real device for partition.
-# Note: You can (and should) specify a tag like UUID
-# for blkid (see -t option). This is safer than using
-# the full path to the device.
-# key='</path/to/keyfile>[:<mode>]' == Fullpath from / or from inside removable media.
-# remdev='<dev>' == Device that will be assigned to removable media.
-# gpg_options='<opts>' == Default are --quiet --decrypt
-# options='<opts>' == cryptsetup, for LUKS you can only use --readonly
-# loop_file='<file>' == Loopback file.
-# Note: If you omit $source, then a free loopback will
-# be looked up automatically.
-# pre_mount='cmds' == commands to execute before mounting partition.
-# post_mount='cmds' == commands to execute after mounting partition.
-# wait=5 == wait given amount of seconds for source to appear
-#-----------
-# Supported Modes
-# gpg == decrypt and pipe key into cryptsetup.
-# Note: new-line character must not be part of key.
-# Command to erase \n char: 'cat key | tr -d '\n' > cleanKey'
-
-#--------------------
-# dm-crypt examples
-#--------------------
-
-## swap
-# Swap partitions. These should come first so that no keys make their
-# way into unencrypted swap.
-# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
-# If no makefs is given then mkswap will be assumed
-#swap=crypt-swap
-#source='/dev/hda2'
-
-## /home with passphrase
-#target=crypt-home
-#source='/dev/hda5'
-
-## /home with regular keyfile
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey'
-
-## /home with gpg protected key
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey:gpg'
-
-## /home with regular keyfile on removable media(such as usb-stick)
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey'
-#remdev='/dev/sda1'
-
-## /home with gpg protected key on removable media(such as usb-stick)
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey:gpg'
-#remdev='/dev/sda1'
-
-## /tmp with regular keyfile
-#target=crypt-tmp
-#source='/dev/hda6'
-#key='/full/path/to/tmpkey'
-#pre_mount='/sbin/mkreiserfs -f -f ${dev}'
-#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'
-
-## Loopback file example
-#target='crypt-loop-home'
-#source='/dev/loop0'
-#loop_file='/mnt/crypt/home'
-
-# The file must be terminated by a newline. Or leave this comment last.
diff --git a/sys-fs/cryptsetup/files/2.4.0-dmcrypt.rc b/sys-fs/cryptsetup/files/2.4.0-dmcrypt.rc
deleted file mode 100644
index 102576509515..000000000000
--- a/sys-fs/cryptsetup/files/2.4.0-dmcrypt.rc
+++ /dev/null
@@ -1,350 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-depend() {
- use modules
- before checkfs fsck
-
- if grep -qs ^swap= "${conf_file}" ; then
- before swap
- fi
-}
-
-# We support multiple dmcrypt instances based on $SVCNAME
-conf_file="/etc/conf.d/${SVCNAME}"
-
-# Get splash helpers if available.
-if [ -e /sbin/splash-functions.sh ] ; then
- . /sbin/splash-functions.sh
-fi
-
-# Setup mappings for an individual target/swap
-# Note: This relies on variables localized in the main body below.
-dm_crypt_execute() {
- local dev ret mode foo source_dev
-
- if [ -z "${target}" -a -z "${swap}" ] ; then
- return
- fi
-
- # Set up default values.
- : ${dmcrypt_key_timeout:=1}
- : ${dmcrypt_max_timeout:=300}
- : ${dmcrypt_retries:=5}
- : ${wait:=5}
-
- # Handle automatic look up of the source path.
- if [ -z "${source}" -a -n "${loop_file}" ] ; then
- source=$(losetup --show -f "${loop_file}")
- fi
- case ${source} in
- *=*)
- i=0
- while [ ${i} -lt ${wait} ]; do
- if source_dev="$(blkid -l -t "${source}" -o device)"; then
- source="${source_dev}"
- break
- fi
- : $((i += 1))
- einfo "waiting for source \"${source}\" for ${target}..."
- sleep 1
- done
- ;;
- esac
- if [ -z "${source}" ] || [ ! -e "${source}" ] ; then
- ewarn "source \"${source}\" for ${target} missing, skipping..."
- return
- fi
-
- if [ -n "${target}" ] ; then
- # let user set options, otherwise leave empty
- : ${options:=' '}
- elif [ -n "${swap}" ] ; then
- if cryptsetup isLuks ${source} 2>/dev/null ; then
- ewarn "The swap you have defined is a LUKS partition. Aborting crypt-swap setup."
- return
- fi
- target=${swap}
- # swap contents do not need to be preserved between boots, luks not required.
- # suspend2 users should have initramfs's init handling their swap partition either way.
- : ${options:='-c aes -h sha1 -d /dev/urandom'}
- : ${pre_mount:='mkswap ${dev}'}
- fi
-
- if [ -n "${loop_file}" ] ; then
- dev="/dev/mapper/${target}"
- ebegin " Setting up loop device ${source}"
- losetup ${source} ${loop_file}
- fi
-
- # cryptsetup:
- # open <device> <name> # <device> is $source
- # create <name> <device> # <name> is $target
- local arg1="create" arg2="${target}" arg3="${source}"
- if cryptsetup isLuks ${source} 2>/dev/null ; then
- arg1="open"
- arg2="${source}"
- arg3="${target}"
- fi
-
- # Older versions reported:
- # ${target} is active:
- # Newer versions report:
- # ${target} is active[ and is in use.]
- if cryptsetup status ${target} | egrep -q ' is active' ; then
- einfo "dm-crypt mapping ${target} is already configured"
- return
- fi
- splash svc_input_begin ${SVCNAME} >/dev/null 2>&1
-
- # Handle keys
- if [ -n "${key}" ] ; then
- read_abort() {
- # some colors
- local ans savetty resettty
- [ -z "${NORMAL}" ] && eval $(eval_ecolors)
- einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
- shift
- # This is ugly as s**t. But POSIX doesn't provide `read -t`, so
- # we end up having to implement our own crap with stty/etc...
- savetty=$(stty -g)
- resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
- trap 'eval "${resettty}"' EXIT HUP INT TERM
- stty -icanon
- stty min 0 time "$(( $2 * 10 ))"
- ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
- eval "${resettty}"
- if [ -z "${ans}" ] ; then
- printf '\r'
- else
- echo
- fi
- case ${ans} in
- [yY]) return 0;;
- *) return 1;;
- esac
- }
-
- # Notes: sed not used to avoid case where /usr partition is encrypted.
- mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
- key=${key%:*}
- case "${mode}" in
- gpg|reg)
- # handle key on removable device
- if [ -n "${remdev}" ] ; then
- # temp directory to mount removable device
- local mntrem="${RC_SVCDIR}/dm-crypt-remdev.$$"
- if [ ! -d "${mntrem}" ] ; then
- if ! mkdir -p "${mntrem}" ; then
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: Unable to create temporary mount point '${mntrem}'"
- return
- fi
- fi
- i=0
- einfo "Please insert removable device for ${target}"
- while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do
- foo=""
- if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
- # keyfile exists?
- if [ ! -e "${mntrem}${key}" ] ; then
- umount -n "${mntrem}"
- rmdir "${mntrem}"
- einfo "Cannot find ${key} on removable media."
- read_abort "Abort" ${dmcrypt_key_timeout} && return
- else
- key="${mntrem}${key}"
- break
- fi
- else
- [ -e "${remdev}" ] \
- && foo="mount failed" \
- || foo="mount source not found"
- fi
- : $((i += 1))
- read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
- done
- else # keyfile ! on removable device
- if [ ! -e "${key}" ] ; then
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: keyfile ${key} does not exist."
- return
- fi
- fi
- ;;
- *)
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: mode ${mode} is invalid."
- return
- ;;
- esac
- else
- mode=none
- fi
- ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3}"
- if [ "${mode}" = "gpg" ] ; then
- : ${gpg_options:='-q -d'}
- # gpg available ?
- if command -v gpg >/dev/null ; then
- i=0
- while [ ${i} -lt ${dmcrypt_retries} ] ; do
- # paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
- # save stdin stdout stderr "values"
- timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \
- cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}
- ret=$?
- # The timeout command exits 124 when it times out.
- [ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
- : $(( i += 1 ))
- done
- eend ${ret} "failure running cryptsetup"
- else
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: cannot find gpg application."
- einfo "You have to install app-crypt/gnupg first."
- einfo "If you have /usr on its own partition, try copying gpg to /bin ."
- fi
- else
- if [ "${mode}" = "reg" ] ; then
- cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}
- ret=$?
- eend ${ret} "failure running cryptsetup"
- else
- cryptsetup ${options} ${arg1} ${arg2} ${arg3}
- ret=$?
- eend ${ret} "failure running cryptsetup"
- fi
- fi
- if [ -d "${mntrem}" ] ; then
- umount -n ${mntrem} 2>/dev/null >/dev/null
- rmdir ${mntrem} 2>/dev/null >/dev/null
- fi
- splash svc_input_end ${SVCNAME} >/dev/null 2>&1
-
- if [ ${ret} -ne 0 ] ; then
- cryptfs_status=1
- else
- if [ -n "${pre_mount}" ] ; then
- dev="/dev/mapper/${target}"
- eval ebegin \"" pre_mount: ${pre_mount}"\"
- eval "${pre_mount}" > /dev/null
- ewend $? || cryptfs_status=1
- fi
- fi
-}
-
-# Lookup optional bootparams
-get_bootparam_val() {
- # We're given something like:
- # foo=bar=cow
- # Return the "bar=cow" part.
- case $1 in
- *=*)
- echo "${1#*=}"
- ;;
- esac
-}
-
-start() {
- local header=true cryptfs_status=0
- local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev
-
- local x
- for x in $(cat /proc/cmdline) ; do
- case "${x}" in
- key_timeout=*)
- dmcrypt_key_timeout=$(get_bootparam_val "${x}")
- ;;
- esac
- done
-
- while read targetline <&3 ; do
- case ${targetline} in
- # skip comments and blank lines
- ""|"#"*) continue ;;
- # skip service-specific openrc configs #377927
- rc_*) continue ;;
- esac
-
- ${header} && ebegin "Setting up dm-crypt mappings"
- header=false
-
- # check for the start of a new target/swap
- case ${targetline} in
- target=*|swap=*)
- # If we have a target queued up, then execute it
- dm_crypt_execute
-
- # Prepare for the next target/swap by resetting variables
- unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait
- ;;
-
- gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|wait=*|source=*)
- if [ -z "${target}${swap}" ] ; then
- ewarn "Ignoring setting outside target/swap section: ${targetline}"
- continue
- fi
- ;;
-
- dmcrypt_*=*)
- # ignore global options
- continue
- ;;
-
- *)
- ewarn "Skipping invalid line in ${conf_file}: ${targetline}"
- ;;
- esac
-
- # Queue this setting for the next call to dm_crypt_execute
- eval "${targetline}"
- done 3< ${conf_file}
-
- # If we have a target queued up, then execute it
- dm_crypt_execute
-
- ewend ${cryptfs_status} "Failed to setup dm-crypt devices"
-}
-
-stop() {
- local line header
-
- # Break down all mappings
- header=true
- egrep "^(target|swap)=" ${conf_file} | \
- while read line ; do
- ${header} && einfo "Removing dm-crypt mappings"
- header=false
-
- target= swap=
- eval ${line}
-
- [ -n "${swap}" ] && target=${swap}
- if [ -z "${target}" ] ; then
- ewarn "invalid line in ${conf_file}: ${line}"
- continue
- fi
-
- ebegin " ${target}"
- cryptsetup remove ${target}
- eend $?
- done
-
- # Break down loop devices
- header=true
- grep '^source=./dev/loop' ${conf_file} | \
- while read line ; do
- ${header} && einfo "Detaching dm-crypt loop devices"
- header=false
-
- source=
- eval ${line}
-
- ebegin " ${source}"
- losetup -d "${source}"
- eend $?
- done
-
- return 0
-}
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/, sys-fs/cryptsetup/files/
@ 2022-10-20 18:00 Mike Gilbert
0 siblings, 0 replies; 9+ messages in thread
From: Mike Gilbert @ 2022-10-20 18:00 UTC (permalink / raw
To: gentoo-commits
commit: 7b11c3a8a55ffb81ec3194545639513011c7ec54
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Thu Oct 20 17:59:25 2022 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Thu Oct 20 17:59:25 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b11c3a8
sys-fs/cryptsetup: replace egrep in init script
Closes: https://bugs.gentoo.org/877699
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
.../{cryptsetup-2.4.3-r1.ebuild => cryptsetup-2.4.3-r2.ebuild} | 0
sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc | 4 ++--
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/sys-fs/cryptsetup/cryptsetup-2.4.3-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.4.3-r2.ebuild
similarity index 100%
rename from sys-fs/cryptsetup/cryptsetup-2.4.3-r1.ebuild
rename to sys-fs/cryptsetup/cryptsetup-2.4.3-r2.ebuild
diff --git a/sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc b/sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc
index 0903ac5eabd0..3b3c57da1c00 100644
--- a/sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc
+++ b/sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc
@@ -109,7 +109,7 @@ dm_crypt_execute() {
# ${target} is active:
# Newer versions report:
# ${target} is active[ and is in use.]
- if cryptsetup ${header_opt} status ${target} | egrep -q ' is active' ; then
+ if cryptsetup ${header_opt} status ${target} | grep -E -q ' is active' ; then
einfo "dm-crypt mapping ${target} is already configured"
return
fi
@@ -329,7 +329,7 @@ stop() {
# Break down all mappings
print_header=true
- egrep "^(target|swap)=" ${conf_file} | \
+ grep -E "^(target|swap)=" ${conf_file} | \
while read line ; do
${print_header} && einfo "Removing dm-crypt mappings"
print_header=false
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/, sys-fs/cryptsetup/files/
@ 2022-01-24 17:05 Mike Gilbert
0 siblings, 0 replies; 9+ messages in thread
From: Mike Gilbert @ 2022-01-24 17:05 UTC (permalink / raw
To: gentoo-commits
commit: afaf583892dd618378dd559159777c49bb4b1b88
Author: Martin Kjær Jørgensen <mkj <AT> gotu <DOT> dk>
AuthorDate: Sat Jan 22 09:46:01 2022 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Jan 24 17:02:52 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=afaf5838
sys-fs/cryptsetup: add support for using detached LUKS headers
Closes: https://bugs.gentoo.org/831806
Closes: https://github.com/gentoo/gentoo/pull/23908
Signed-off-by: Martin Kjær Jørgensen <mkj <AT> gotu.dk>
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-fs/cryptsetup/cryptsetup-2.4.3-r1.ebuild | 136 ++++++++++
sys-fs/cryptsetup/files/2.4.3-dmcrypt.confd | 120 +++++++++
sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc | 367 +++++++++++++++++++++++++++
3 files changed, 623 insertions(+)
diff --git a/sys-fs/cryptsetup/cryptsetup-2.4.3-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.4.3-r1.ebuild
new file mode 100644
index 000000000000..3337dfaa89a0
--- /dev/null
+++ b/sys-fs/cryptsetup/cryptsetup-2.4.3-r1.ebuild
@@ -0,0 +1,136 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit linux-info tmpfiles
+
+DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
+HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
+SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
+
+LICENSE="GPL-2+"
+SLOT="0/12" # libcryptsetup.so version
+[[ ${PV} != *_rc* ]] && \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
+# we don't support nss since it doesn't allow cryptsetup to be built statically
+# and it's missing ripemd160 support so it can't provide full backward compatibility
+IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt ssh static static-libs test +udev urandom"
+RESTRICT="!test? ( test )"
+REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
+ static? ( !gcrypt !udev )" #496612
+
+LIB_DEPEND="
+ dev-libs/json-c:=[static-libs(+)]
+ dev-libs/popt[static-libs(+)]
+ >=sys-apps/util-linux-2.31-r1[static-libs(+)]
+ argon2? ( app-crypt/argon2:=[static-libs(+)] )
+ gcrypt? (
+ dev-libs/libgcrypt:0=[static-libs(+)]
+ dev-libs/libgpg-error[static-libs(+)]
+ )
+ nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
+ openssl? ( dev-libs/openssl:0=[static-libs(+)] )
+ pwquality? ( dev-libs/libpwquality[static-libs(+)] )
+ ssh? ( net-libs/libssh[static-libs(+)] )
+ sys-fs/lvm2[static-libs(+)]"
+# We have to always depend on ${LIB_DEPEND} rather than put behind
+# !static? () because we provide a shared library which links against
+# these other packages. #414665
+RDEPEND="static-libs? ( ${LIB_DEPEND} )
+ ${LIB_DEPEND//\[static-libs\([+-]\)\]}
+ udev? ( virtual/libudev:= )"
+# vim-core needed for xxd in tests
+DEPEND="${RDEPEND}
+ static? ( ${LIB_DEPEND} )
+ test? ( app-editors/vim-core )"
+BDEPEND="
+ virtual/pkgconfig
+"
+
+S="${WORKDIR}/${P/_/-}"
+
+pkg_setup() {
+ local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
+ local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
+ local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
+ local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
+ local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
+ check_extra_config
+}
+
+src_prepare() {
+ sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
+ default
+}
+
+src_configure() {
+ if use kernel ; then
+ ewarn "Note that kernel backend is very slow for this type of operation"
+ ewarn "and is provided mainly for embedded systems wanting to avoid"
+ ewarn "userspace crypto libraries."
+ fi
+
+ local myeconfargs=(
+ --disable-internal-argon2
+ --enable-shared
+ --sbindir=/sbin
+ # for later use
+ --with-default-luks-format=LUKS2
+ --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d"
+ --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
+ $(use_enable argon2 libargon2)
+ $(use_enable nls)
+ $(use_enable pwquality)
+ $(use_enable reencrypt cryptsetup-reencrypt)
+ $(use_enable !static external-tokens)
+ $(use_enable static static-cryptsetup)
+ $(use_enable static-libs static)
+ $(use_enable udev)
+ $(use_enable !urandom dev-random)
+ $(use_enable ssh ssh-token)
+ $(usex argon2 '' '--with-luks2-pbkdf=pbkdf2')
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ if [[ ! -e /dev/mapper/control ]] ; then
+ ewarn "No /dev/mapper/control found -- skipping tests"
+ return 0
+ fi
+
+ local p
+ for p in /dev/mapper /dev/loop* ; do
+ addwrite ${p}
+ done
+
+ default
+}
+
+src_install() {
+ default
+
+ if use static ; then
+ mv "${ED}"/sbin/cryptsetup{.static,} || die
+ mv "${ED}"/sbin/veritysetup{.static,} || die
+ mv "${ED}"/sbin/integritysetup{.static,} || die
+ if use ssh ; then
+ mv "${ED}"/sbin/cryptsetup-ssh{.static,} || die
+ fi
+ if use reencrypt ; then
+ mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die
+ fi
+ fi
+ find "${ED}" -type f -name "*.la" -delete || die
+
+ dodoc docs/v*ReleaseNotes
+
+ newconfd "${FILESDIR}"/2.4.3-dmcrypt.confd dmcrypt
+ newinitd "${FILESDIR}"/2.4.3-dmcrypt.rc dmcrypt
+}
+
+pkg_postinst() {
+ tmpfiles_process cryptsetup.conf
+}
diff --git a/sys-fs/cryptsetup/files/2.4.3-dmcrypt.confd b/sys-fs/cryptsetup/files/2.4.3-dmcrypt.confd
new file mode 100644
index 000000000000..8250e8268ac9
--- /dev/null
+++ b/sys-fs/cryptsetup/files/2.4.3-dmcrypt.confd
@@ -0,0 +1,120 @@
+# /etc/conf.d/dmcrypt
+
+# For people who run dmcrypt on top of some other layer (like raid),
+# use rc_need to specify that requirement. See the runscript(8) man
+# page for more information.
+
+#--------------------
+# Instructions
+#--------------------
+
+# Note regarding the syntax of this file. This file is *almost* bash,
+# but each line is evaluated separately. Separate swaps/targets can be
+# specified. The init-script which reads this file assumes that a
+# swap= or target= line starts a new section, similar to lilo or grub
+# configuration.
+
+# Note when using gpg keys and /usr on a separate partition, you will
+# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly
+# and ensure that gpg has been compiled statically.
+# See http://bugs.gentoo.org/90482 for more information.
+
+# Note that the init-script which reads this file detects whether your
+# partition is LUKS or not. No mkfs is run unless you specify a makefs
+# option.
+
+# Global options:
+#----------------
+
+# How long to wait for each timeout (in seconds).
+dmcrypt_key_timeout=1
+
+# Max number of checks to perform (see dmcrypt_key_timeout).
+#dmcrypt_max_timeout=300
+
+# Number of password retries.
+dmcrypt_retries=5
+
+# Arguments:
+#-----------
+# target=<name> == Mapping name for partition.
+# swap=<name> == Mapping name for swap partition.
+# source='<dev>' == Real device for partition.
+# Note: You can (and should) specify a tag like UUID
+# for blkid (see -t option). This is safer than using
+# the full path to the device.
+# key='</path/to/keyfile>[:<mode>]' == Fullpath from / or from inside removable media.
+# header='</path/to/header>' == Full path to detached LUKS header file.
+# remdev='<dev>' == Device that will be assigned to removable media.
+# gpg_options='<opts>' == Default are --quiet --decrypt
+# options='<opts>' == cryptsetup, for LUKS you can only use --readonly
+# loop_file='<file>' == Loopback file.
+# Note: If you omit $source, then a free loopback will
+# be looked up automatically.
+# pre_mount='cmds' == commands to execute before mounting partition.
+# post_mount='cmds' == commands to execute after mounting partition.
+# wait=5 == wait given amount of seconds for source or
+# detached header file appear.
+#-----------
+# Supported Modes
+# gpg == decrypt and pipe key into cryptsetup.
+# Note: new-line character must not be part of key.
+# Command to erase \n char: 'cat key | tr -d '\n' > cleanKey'
+
+#--------------------
+# dm-crypt examples
+#--------------------
+
+## swap
+# Swap partitions. These should come first so that no keys make their
+# way into unencrypted swap.
+# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
+# If no makefs is given then mkswap will be assumed
+#swap=crypt-swap
+#source='/dev/hda2'
+
+## /home with passphrase
+#target=crypt-home
+#source='/dev/hda5'
+
+## /home with regular keyfile
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey'
+
+## /home with regular keyfile and detached header
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey'
+#header='/full/path/to/header/file'
+
+## /home with gpg protected key
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey:gpg'
+
+## /home with regular keyfile on removable media(such as usb-stick)
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey'
+#remdev='/dev/sda1'
+
+## /home with gpg protected key on removable media(such as usb-stick)
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey:gpg'
+#remdev='/dev/sda1'
+
+## /tmp with regular keyfile
+#target=crypt-tmp
+#source='/dev/hda6'
+#key='/full/path/to/tmpkey'
+#pre_mount='/sbin/mkreiserfs -f -f ${dev}'
+#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'
+
+## Loopback file example
+#target='crypt-loop-home'
+#source='/dev/loop0'
+#loop_file='/mnt/crypt/home'
+
+# The file must be terminated by a newline. Or leave this comment last.
diff --git a/sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc b/sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc
new file mode 100644
index 000000000000..0903ac5eabd0
--- /dev/null
+++ b/sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc
@@ -0,0 +1,367 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ use modules
+ before checkfs fsck
+
+ if grep -qs ^swap= "${conf_file}" ; then
+ before swap
+ fi
+}
+
+# We support multiple dmcrypt instances based on $SVCNAME
+conf_file="/etc/conf.d/${SVCNAME}"
+
+# Get splash helpers if available.
+if [ -e /sbin/splash-functions.sh ] ; then
+ . /sbin/splash-functions.sh
+fi
+
+# Setup mappings for an individual target/swap
+# Note: This relies on variables localized in the main body below.
+dm_crypt_execute() {
+ local dev ret mode foo source_dev
+
+ if [ -z "${target}" -a -z "${swap}" ] ; then
+ return
+ fi
+
+ # Set up default values.
+ : ${dmcrypt_key_timeout:=1}
+ : ${dmcrypt_max_timeout:=300}
+ : ${dmcrypt_retries:=5}
+ : ${wait:=5}
+
+ # Handle automatic look up of the source path.
+ if [ -z "${source}" -a -n "${loop_file}" ] ; then
+ source=$(losetup --show -f "${loop_file}")
+ fi
+ case ${source} in
+ *=*)
+ i=0
+ while [ ${i} -lt ${wait} ]; do
+ if source_dev="$(blkid -l -t "${source}" -o device)"; then
+ source="${source_dev}"
+ break
+ fi
+ : $((i += 1))
+ einfo "waiting for source \"${source}\" for ${target}..."
+ sleep 1
+ done
+ ;;
+ esac
+ if [ -z "${source}" ] || [ ! -e "${source}" ] ; then
+ ewarn "source \"${source}\" for ${target} missing, skipping..."
+ return
+ fi
+
+ if [ -n "${header}" ] ; then
+ header_opt="--header=${header}"
+
+ i=0
+ while [ ! -e "${header}" ] && [ ${i} -lt ${wait} ] ; do
+ : $((i += 1))
+ einfo "Waiting for header ${header} to appear for ${target} ${i}/${dmcrypt_max_timeout} ..."
+ sleep 1
+ done
+ if [ ${i} -gt ${wait} ] || [ ${i} -eq ${wait} ] ; then
+ ewarn "Waited ${i} times for header file ${header}. Aborting ${target}."
+ return
+ fi
+ else
+ header_opt=""
+ fi
+
+ if [ -n "${target}" ] ; then
+ # let user set options, otherwise leave empty
+ : ${options:=' '}
+ elif [ -n "${swap}" ] ; then
+ if cryptsetup ${header_opt} isLuks ${source} 2>/dev/null ; then
+ ewarn "The swap you have defined is a LUKS partition. Aborting crypt-swap setup."
+ return
+ fi
+ target=${swap}
+ # swap contents do not need to be preserved between boots, luks not required.
+ # suspend2 users should have initramfs's init handling their swap partition either way.
+ : ${options:='-c aes -h sha1 -d /dev/urandom'}
+ : ${pre_mount:='mkswap ${dev}'}
+ fi
+
+ if [ -n "${loop_file}" ] ; then
+ dev="/dev/mapper/${target}"
+ ebegin " Setting up loop device ${source}"
+ losetup ${source} ${loop_file}
+ fi
+
+ # cryptsetup:
+ # open <device> <name> # <device> is $source
+ # create <name> <device> # <name> is $target
+ local arg1="create" arg2="${target}" arg3="${source}"
+ if cryptsetup ${header_opt} isLuks ${source} 2>/dev/null ; then
+ arg1="open"
+ arg2="${source}"
+ arg3="${target}"
+ fi
+
+ # Older versions reported:
+ # ${target} is active:
+ # Newer versions report:
+ # ${target} is active[ and is in use.]
+ if cryptsetup ${header_opt} status ${target} | egrep -q ' is active' ; then
+ einfo "dm-crypt mapping ${target} is already configured"
+ return
+ fi
+ splash svc_input_begin ${SVCNAME} >/dev/null 2>&1
+
+ # Handle keys
+ if [ -n "${key}" ] ; then
+ read_abort() {
+ # some colors
+ local ans savetty resettty
+ [ -z "${NORMAL}" ] && eval $(eval_ecolors)
+ einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
+ shift
+ # This is ugly as s**t. But POSIX doesn't provide `read -t`, so
+ # we end up having to implement our own crap with stty/etc...
+ savetty=$(stty -g)
+ resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
+ trap 'eval "${resettty}"' EXIT HUP INT TERM
+ stty -icanon
+ stty min 0 time "$(( $2 * 10 ))"
+ ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
+ eval "${resettty}"
+ if [ -z "${ans}" ] ; then
+ printf '\r'
+ else
+ echo
+ fi
+ case ${ans} in
+ [yY]) return 0;;
+ *) return 1;;
+ esac
+ }
+
+ # Notes: sed not used to avoid case where /usr partition is encrypted.
+ mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
+ key=${key%:*}
+ case "${mode}" in
+ gpg|reg)
+ # handle key on removable device
+ if [ -n "${remdev}" ] ; then
+ # temp directory to mount removable device
+ local mntrem="${RC_SVCDIR}/dm-crypt-remdev.$$"
+ if [ ! -d "${mntrem}" ] ; then
+ if ! mkdir -p "${mntrem}" ; then
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: Unable to create temporary mount point '${mntrem}'"
+ return
+ fi
+ fi
+ i=0
+ einfo "Please insert removable device for ${target}"
+ while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do
+ foo=""
+ if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
+ # keyfile exists?
+ if [ ! -e "${mntrem}${key}" ] ; then
+ umount -n "${mntrem}"
+ rmdir "${mntrem}"
+ einfo "Cannot find ${key} on removable media."
+ read_abort "Abort" ${dmcrypt_key_timeout} && return
+ else
+ key="${mntrem}${key}"
+ break
+ fi
+ else
+ [ -e "${remdev}" ] \
+ && foo="mount failed" \
+ || foo="mount source not found"
+ fi
+ : $((i += 1))
+ read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
+ done
+ else # keyfile ! on removable device
+ if [ ! -e "${key}" ] ; then
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: keyfile ${key} does not exist."
+ return
+ fi
+ fi
+ ;;
+ *)
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: mode ${mode} is invalid."
+ return
+ ;;
+ esac
+ else
+ mode=none
+ fi
+ ebegin " ${target} using: ${header_opt} ${options} ${arg1} ${arg2} ${arg3}"
+ if [ "${mode}" = "gpg" ] ; then
+ : ${gpg_options:='-q -d'}
+ # gpg available ?
+ if command -v gpg >/dev/null ; then
+ i=0
+ while [ ${i} -lt ${dmcrypt_retries} ] ; do
+ # paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
+ # save stdin stdout stderr "values"
+ timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \
+ cryptsetup ${header_opt} --key-file - ${options} ${arg1} ${arg2} ${arg3}
+ ret=$?
+ # The timeout command exits 124 when it times out.
+ [ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
+ : $(( i += 1 ))
+ done
+ eend ${ret} "failure running cryptsetup"
+ else
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: cannot find gpg application."
+ einfo "You have to install app-crypt/gnupg first."
+ einfo "If you have /usr on its own partition, try copying gpg to /bin ."
+ fi
+ else
+ if [ "${mode}" = "reg" ] ; then
+ cryptsetup ${header_opt} ${options} -d ${key} ${arg1} ${arg2} ${arg3}
+ ret=$?
+ eend ${ret} "failure running cryptsetup"
+ else
+ cryptsetup ${header_opt} ${options} ${arg1} ${arg2} ${arg3}
+ ret=$?
+ eend ${ret} "failure running cryptsetup"
+ fi
+ fi
+ if [ -d "${mntrem}" ] ; then
+ umount -n ${mntrem} 2>/dev/null >/dev/null
+ rmdir ${mntrem} 2>/dev/null >/dev/null
+ fi
+ splash svc_input_end ${SVCNAME} >/dev/null 2>&1
+
+ if [ ${ret} -ne 0 ] ; then
+ cryptfs_status=1
+ else
+ if [ -n "${pre_mount}" ] ; then
+ dev="/dev/mapper/${target}"
+ eval ebegin \"" pre_mount: ${pre_mount}"\"
+ eval "${pre_mount}" > /dev/null
+ ewend $? || cryptfs_status=1
+ fi
+ fi
+}
+
+# Lookup optional bootparams
+get_bootparam_val() {
+ # We're given something like:
+ # foo=bar=cow
+ # Return the "bar=cow" part.
+ case $1 in
+ *=*)
+ echo "${1#*=}"
+ ;;
+ esac
+}
+
+start() {
+ local print_header=true cryptfs_status=0
+ local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev
+
+ local x
+ for x in $(cat /proc/cmdline) ; do
+ case "${x}" in
+ key_timeout=*)
+ dmcrypt_key_timeout=$(get_bootparam_val "${x}")
+ ;;
+ esac
+ done
+
+ while read targetline <&3 ; do
+ case ${targetline} in
+ # skip comments and blank lines
+ ""|"#"*) continue ;;
+ # skip service-specific openrc configs #377927
+ rc_*) continue ;;
+ esac
+
+ ${print_header} && ebegin "Setting up dm-crypt mappings"
+ print_header=false
+
+ # check for the start of a new target/swap
+ case ${targetline} in
+ target=*|swap=*)
+ # If we have a target queued up, then execute it
+ dm_crypt_execute
+
+ # Prepare for the next target/swap by resetting variables
+ unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait header header_opt
+ ;;
+
+ gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|wait=*|source=*|header=*)
+ if [ -z "${target}${swap}" ] ; then
+ ewarn "Ignoring setting outside target/swap section: ${targetline}"
+ continue
+ fi
+ ;;
+
+ dmcrypt_*=*)
+ # ignore global options
+ continue
+ ;;
+
+ *)
+ ewarn "Skipping invalid line in ${conf_file}: ${targetline}"
+ ;;
+ esac
+
+ # Queue this setting for the next call to dm_crypt_execute
+ eval "${targetline}"
+ done 3< ${conf_file}
+
+ # If we have a target queued up, then execute it
+ dm_crypt_execute
+
+ ewend ${cryptfs_status} "Failed to setup dm-crypt devices"
+}
+
+stop() {
+ local line print_header
+
+ # Break down all mappings
+ print_header=true
+ egrep "^(target|swap)=" ${conf_file} | \
+ while read line ; do
+ ${print_header} && einfo "Removing dm-crypt mappings"
+ print_header=false
+
+ target= swap=
+ eval ${line}
+
+ [ -n "${swap}" ] && target=${swap}
+ if [ -z "${target}" ] ; then
+ ewarn "invalid line in ${conf_file}: ${line}"
+ continue
+ fi
+
+ ebegin " ${target}"
+ cryptsetup ${header_opt} remove ${target}
+ eend $?
+ done
+
+ # Break down loop devices
+ print_header=true
+ grep '^source=./dev/loop' ${conf_file} | \
+ while read line ; do
+ ${print_header} && einfo "Detaching dm-crypt loop devices"
+ print_header=false
+
+ source=
+ eval ${line}
+
+ ebegin " ${source}"
+ losetup -d "${source}"
+ eend $?
+ done
+
+ return 0
+}
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/, sys-fs/cryptsetup/files/
@ 2021-10-06 15:26 Mike Gilbert
0 siblings, 0 replies; 9+ messages in thread
From: Mike Gilbert @ 2021-10-06 15:26 UTC (permalink / raw
To: gentoo-commits
commit: 49b17379090d805437364c5ed3f3fb20f096d4b3
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 6 15:25:39 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Oct 6 15:25:39 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=49b17379
sys-fs/cryptsetup: apply upstream fix for USE=static
Closes: https://bugs.gentoo.org/816285
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild | 6 +-
...yptsetup-2.4.1-fix-static-pwquality-build.patch | 225 +++++++++++++++++++++
2 files changed, 230 insertions(+), 1 deletion(-)
diff --git a/sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild
index cd60372120e..928f589b960 100644
--- a/sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild
+++ b/sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild
@@ -3,7 +3,7 @@
EAPI=7
-inherit linux-info tmpfiles
+inherit autotools linux-info tmpfiles
DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
@@ -50,6 +50,9 @@ S="${WORKDIR}/${P/_/-}"
PATCHES=(
"${FILESDIR}"/cryptsetup-2.4.1-external-tokens.patch
+
+ # Remove autotools/eautoreconf when this patch is dropped.
+ "${FILESDIR}"/cryptsetup-2.4.1-fix-static-pwquality-build.patch
)
pkg_setup() {
@@ -64,6 +67,7 @@ pkg_setup() {
src_prepare() {
sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
default
+ eautoreconf
}
src_configure() {
diff --git a/sys-fs/cryptsetup/files/cryptsetup-2.4.1-fix-static-pwquality-build.patch b/sys-fs/cryptsetup/files/cryptsetup-2.4.1-fix-static-pwquality-build.patch
new file mode 100644
index 00000000000..f39e88507ff
--- /dev/null
+++ b/sys-fs/cryptsetup/files/cryptsetup-2.4.1-fix-static-pwquality-build.patch
@@ -0,0 +1,225 @@
+From 26cc1644b489578c76ec6f576614ca885c00a35d Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Wed, 6 Oct 2021 12:27:25 +0200
+Subject: [PATCH 1/2] Do not link integritysetup and veritysetup with
+ pwquality.
+
+These tools do not read passphrases, no need to link to these libraries.
+
+Just move the helper code that introduced this dependence as a side-effect.
+
+Fixes: #677
+---
+ src/Makemodule.am | 6 -----
+ src/utils_password.c | 56 --------------------------------------------
+ src/utils_tools.c | 56 ++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 56 insertions(+), 62 deletions(-)
+
+diff --git a/src/Makemodule.am b/src/Makemodule.am
+index a6dc50cf..f2b896bf 100644
+--- a/src/Makemodule.am
++++ b/src/Makemodule.am
+@@ -52,7 +52,6 @@ veritysetup_SOURCES = \
+ src/utils_arg_names.h \
+ src/utils_arg_macros.h \
+ src/utils_tools.c \
+- src/utils_password.c \
+ src/veritysetup.c \
+ src/veritysetup_args.h \
+ src/veritysetup_arg_list.h \
+@@ -61,8 +60,6 @@ veritysetup_SOURCES = \
+ veritysetup_LDADD = $(LDADD) \
+ libcryptsetup.la \
+ @POPT_LIBS@ \
+- @PWQUALITY_LIBS@ \
+- @PASSWDQC_LIBS@ \
+ @BLKID_LIBS@
+
+ sbin_PROGRAMS += veritysetup
+@@ -91,7 +88,6 @@ integritysetup_SOURCES = \
+ src/utils_arg_names.h \
+ src/utils_arg_macros.h \
+ src/utils_tools.c \
+- src/utils_password.c \
+ src/utils_blockdev.c \
+ src/integritysetup.c \
+ src/integritysetup_args.h \
+@@ -101,8 +97,6 @@ integritysetup_SOURCES = \
+ integritysetup_LDADD = $(LDADD) \
+ libcryptsetup.la \
+ @POPT_LIBS@ \
+- @PWQUALITY_LIBS@ \
+- @PASSWDQC_LIBS@ \
+ @UUID_LIBS@ \
+ @BLKID_LIBS@
+
+diff --git a/src/utils_password.c b/src/utils_password.c
+index 58f3a7b3..65618b9c 100644
+--- a/src/utils_password.c
++++ b/src/utils_password.c
+@@ -318,59 +318,3 @@ void tools_passphrase_msg(int r)
+ else if (r == -ENOENT)
+ log_err(_("No usable keyslot is available."));
+ }
+-
+-int tools_read_mk(const char *file, char **key, int keysize)
+-{
+- int fd = -1, r = -EINVAL;
+-
+- if (keysize <= 0 || !key)
+- return -EINVAL;
+-
+- *key = crypt_safe_alloc(keysize);
+- if (!*key)
+- return -ENOMEM;
+-
+- fd = open(file, O_RDONLY);
+- if (fd == -1) {
+- log_err(_("Cannot read keyfile %s."), file);
+- goto out;
+- }
+-
+- if (read_buffer(fd, *key, keysize) != keysize) {
+- log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file);
+- goto out;
+- }
+- r = 0;
+-out:
+- if (fd != -1)
+- close(fd);
+-
+- if (r) {
+- crypt_safe_free(*key);
+- *key = NULL;
+- }
+-
+- return r;
+-}
+-
+-int tools_write_mk(const char *file, const char *key, int keysize)
+-{
+- int fd, r = -EINVAL;
+-
+- if (keysize <= 0 || !key)
+- return -EINVAL;
+-
+- fd = open(file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
+- if (fd < 0) {
+- log_err(_("Cannot open keyfile %s for write."), file);
+- return r;
+- }
+-
+- if (write_buffer(fd, key, keysize) == keysize)
+- r = 0;
+- else
+- log_err(_("Cannot write to keyfile %s."), file);
+-
+- close(fd);
+- return r;
+-}
+diff --git a/src/utils_tools.c b/src/utils_tools.c
+index dbd83695..cf66e4c4 100644
+--- a/src/utils_tools.c
++++ b/src/utils_tools.c
+@@ -493,3 +493,59 @@ int tools_reencrypt_progress(uint64_t size, uint64_t offset, void *usrptr)
+
+ return r;
+ }
++
++int tools_read_mk(const char *file, char **key, int keysize)
++{
++ int fd = -1, r = -EINVAL;
++
++ if (keysize <= 0 || !key)
++ return -EINVAL;
++
++ *key = crypt_safe_alloc(keysize);
++ if (!*key)
++ return -ENOMEM;
++
++ fd = open(file, O_RDONLY);
++ if (fd == -1) {
++ log_err(_("Cannot read keyfile %s."), file);
++ goto out;
++ }
++
++ if (read_buffer(fd, *key, keysize) != keysize) {
++ log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file);
++ goto out;
++ }
++ r = 0;
++out:
++ if (fd != -1)
++ close(fd);
++
++ if (r) {
++ crypt_safe_free(*key);
++ *key = NULL;
++ }
++
++ return r;
++}
++
++int tools_write_mk(const char *file, const char *key, int keysize)
++{
++ int fd, r = -EINVAL;
++
++ if (keysize <= 0 || !key)
++ return -EINVAL;
++
++ fd = open(file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
++ if (fd < 0) {
++ log_err(_("Cannot open keyfile %s for write."), file);
++ return r;
++ }
++
++ if (write_buffer(fd, key, keysize) == keysize)
++ r = 0;
++ else
++ log_err(_("Cannot write to keyfile %s."), file);
++
++ close(fd);
++ return r;
++}
+--
+GitLab
+
+
+From d20beacba060f34e3ab0d71d191f59434031e98f Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Wed, 6 Oct 2021 12:45:20 +0200
+Subject: [PATCH 2/2] Remove redundant link to uuid lib for static build.
+
+Veritysetup does not need to link this library at all, for others
+we have link already in flags.
+---
+ src/Makemodule.am | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/Makemodule.am b/src/Makemodule.am
+index f2b896bf..49e0c5aa 100644
+--- a/src/Makemodule.am
++++ b/src/Makemodule.am
+@@ -71,8 +71,7 @@ veritysetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static
+ veritysetup_static_LDADD = \
+ $(veritysetup_LDADD) \
+ @CRYPTO_STATIC_LIBS@ \
+- @DEVMAPPER_STATIC_LIBS@ \
+- @UUID_LIBS@
++ @DEVMAPPER_STATIC_LIBS@
+ endif
+ endif
+
+@@ -109,8 +108,7 @@ integritysetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static
+ integritysetup_static_LDADD = \
+ $(integritysetup_LDADD) \
+ @CRYPTO_STATIC_LIBS@ \
+- @DEVMAPPER_STATIC_LIBS@ \
+- @UUID_LIBS@
++ @DEVMAPPER_STATIC_LIBS@
+ endif
+ endif
+
+--
+GitLab
+
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/, sys-fs/cryptsetup/files/
@ 2021-09-17 16:24 Mike Gilbert
0 siblings, 0 replies; 9+ messages in thread
From: Mike Gilbert @ 2021-09-17 16:24 UTC (permalink / raw
To: gentoo-commits
commit: cb18b96260b1940f67c4f1e3a99136215c0684ee
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Fri Sep 17 16:21:10 2021 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Sep 17 16:23:37 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb18b962
sys-fs/cryptsetup: fix link error with USE=static
Closes: https://bugs.gentoo.org/813441
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
...tup-2.4.1.ebuild => cryptsetup-2.4.1-r1.ebuild} | 6 +++-
.../files/cryptsetup-2.4.1-external-tokens.patch | 34 ++++++++++++++++++++++
2 files changed, 39 insertions(+), 1 deletion(-)
diff --git a/sys-fs/cryptsetup/cryptsetup-2.4.1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild
similarity index 95%
rename from sys-fs/cryptsetup/cryptsetup-2.4.1.ebuild
rename to sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild
index 09141d7320f..214b5c462e3 100644
--- a/sys-fs/cryptsetup/cryptsetup-2.4.1.ebuild
+++ b/sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild
@@ -46,7 +46,10 @@ BDEPEND="
S="${WORKDIR}/${P/_/-}"
-PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch )
+PATCHES=(
+ "${FILESDIR}"/cryptsetup-2.0.4-fix-static-pwquality-build.patch
+ "${FILESDIR}"/cryptsetup-2.4.1-external-tokens.patch
+)
pkg_setup() {
local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
@@ -82,6 +85,7 @@ src_configure() {
$(use_enable nls)
$(use_enable pwquality)
$(use_enable reencrypt cryptsetup-reencrypt)
+ $(use_enable !static external-tokens)
$(use_enable static static-cryptsetup)
$(use_enable static-libs static)
$(use_enable udev)
diff --git a/sys-fs/cryptsetup/files/cryptsetup-2.4.1-external-tokens.patch b/sys-fs/cryptsetup/files/cryptsetup-2.4.1-external-tokens.patch
new file mode 100644
index 00000000000..1777a02652c
--- /dev/null
+++ b/sys-fs/cryptsetup/files/cryptsetup-2.4.1-external-tokens.patch
@@ -0,0 +1,34 @@
+From a1b577c085cc9ef6b95c4556ec8815070828ee6c Mon Sep 17 00:00:00 2001
+From: Hector Martin <marcan@marcan.st>
+Date: Fri, 17 Sep 2021 05:44:18 +0000
+Subject: [PATCH] Do not attempt to unload external tokens if
+ USE_EXTERNAL_TOKENS is disabled.
+
+This allows building a static binary as long as --disable-external-tokens is used
+---
+ lib/luks2/luks2_token.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/lib/luks2/luks2_token.c b/lib/luks2/luks2_token.c
+index d34cebf5..88d84418 100644
+--- a/lib/luks2/luks2_token.c
++++ b/lib/luks2/luks2_token.c
+@@ -245,6 +245,7 @@ int crypt_token_register(const crypt_token_handler *handler)
+
+ void crypt_token_unload_external_all(struct crypt_device *cd)
+ {
++#if USE_EXTERNAL_TOKENS
+ int i;
+
+ for (i = LUKS2_TOKENS_MAX - 1; i >= 0; i--) {
+@@ -258,6 +259,7 @@ void crypt_token_unload_external_all(struct crypt_device *cd)
+ if (dlclose(CONST_CAST(void *)token_handlers[i].u.v2.dlhandle))
+ log_dbg(cd, "%s", dlerror());
+ }
++#endif
+ }
+
+ static const void
+--
+GitLab
+
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/, sys-fs/cryptsetup/files/
@ 2020-05-29 8:51 Lars Wendler
0 siblings, 0 replies; 9+ messages in thread
From: Lars Wendler @ 2020-05-29 8:51 UTC (permalink / raw
To: gentoo-commits
commit: 677ced54ce991f13362b177069b0a53cda19b0d6
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Fri May 29 08:51:04 2020 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Fri May 29 08:51:18 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=677ced54
sys-fs/cryptsetup: Removed old
Package-Manager: Portage-2.3.100, Repoman-2.3.22
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
sys-fs/cryptsetup/Manifest | 2 -
sys-fs/cryptsetup/cryptsetup-1.7.5-r1.ebuild | 126 -------------------------
sys-fs/cryptsetup/cryptsetup-2.2.2.ebuild | 135 ---------------------------
sys-fs/cryptsetup/files/setup-1.7.0.py | 21 -----
4 files changed, 284 deletions(-)
diff --git a/sys-fs/cryptsetup/Manifest b/sys-fs/cryptsetup/Manifest
index 07e55781c5d..bc14ac43704 100644
--- a/sys-fs/cryptsetup/Manifest
+++ b/sys-fs/cryptsetup/Manifest
@@ -1,4 +1,2 @@
-DIST cryptsetup-1.7.5.tar.xz 1232696 BLAKE2B 1bd62b186564e0b902480d66f623074f8d2f06ea09f11788566e33d58f7d0dc8c79d5827e5966e1a20a5597c2cbdec76da49c8f54c0538a1ac3f869d8ef55456 SHA512 d473f7b06d705a3868a70f3767fafc664436b5897ba59025ea1268f815cb80a9076841ff9ff96cc130fb83ba18b03c1eee38cfaf1b471fdd883a3e126b771439
-DIST cryptsetup-2.2.2.tar.xz 10808684 BLAKE2B d8d864d9ec2a5d646706d3ba003a21aa83d2373ca7afed5663c5167172116ea9342704483559f49c06979cbe0f6ac5670f4e9baae88ab908423b793043ba4a68 SHA512 d04123a622438ecbee28145cbdc71886b6f13db87df1c67522bff6e6e3cba817e895e2d085bdb08c78f9cafba557b1203177811a0c316ccd9b7c19939f3fc851
DIST cryptsetup-2.3.2.tar.xz 11037076 BLAKE2B b0f8a1a274e6b95b12aa7172dbdd41e512aea2c87a98d62b8b4d4cbb898b2d4b82e250368e385c4d4acc8e77046ea4b4f7be730750587569572c4b9490815bc1 SHA512 c5eb41751ca64ff906187f40805705570c261816b014dfcdbf2777f42e53668e32966197092a2235b8f6a7a4e7f9c3f301d82f17c45cfbcff96b9818631d7e5f
DIST cryptsetup-2.3.3.tar.xz 11104768 BLAKE2B 54aa6f087c5366e843c1f9b649fd77ec8be8c4e65c783a2a84a036b4ef460c9d070bdd8aff72f87a7a3136f13581e84534940b435f0b49eb1951d1a755cab47a SHA512 d613efb80e003364a21832da3fefe3891d36a891119cc0efa970aad40ba135dfcd42b32a0c19c31ad879d4eddf27864beccbea1d4b31a47a4e075bc0f756365c
diff --git a/sys-fs/cryptsetup/cryptsetup-1.7.5-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-1.7.5-r1.ebuild
deleted file mode 100644
index 309bb43a6de..00000000000
--- a/sys-fs/cryptsetup/cryptsetup-1.7.5-r1.ebuild
+++ /dev/null
@@ -1,126 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-DISTUTILS_OPTIONAL=1
-PYTHON_COMPAT=( python{3_6,3_7} )
-
-inherit autotools distutils-r1 linux-info libtool ltprune eutils versionator
-
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
-SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86"
-CRYPTO_BACKENDS="+gcrypt kernel nettle openssl"
-# we don't support nss since it doesn't allow cryptsetup to be built statically
-# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} libressl nls pwquality python reencrypt static static-libs +udev urandom"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- python? ( ${PYTHON_REQUIRED_USE} )
- static? ( !gcrypt )" #496612
-
-LIB_DEPEND="dev-libs/libgpg-error[static-libs(+)]
- dev-libs/popt[static-libs(+)]
- sys-apps/util-linux[static-libs(+)]
- gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
- openssl? (
- !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
- libressl? ( dev-libs/libressl:=[static-libs(+)] )
- )
- pwquality? ( dev-libs/libpwquality[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]
- udev? ( virtual/libudev[static-libs(-)] )"
-# We have to always depend on ${LIB_DEPEND} rather than put behind
-# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\([+-]\)\]}
- python? ( ${PYTHON_DEPS} )"
-DEPEND="${RDEPEND}
- virtual/pkgconfig
- static? ( ${LIB_DEPEND} )"
-
-#PATCHES=( )
-
-pkg_setup() {
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
- check_extra_config
-}
-
-src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- #epatch "${PATCHES[@]}"
- epatch_user && eautoreconf
-
- if use python ; then
- cd python
- cp "${FILESDIR}"/setup-1.7.0.py setup.py || die
- distutils-r1_src_prepare
- fi
-}
-
-src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
- # We disable autotool python integration so we can use eclasses
- # for proper integration with multiple python versions.
- econf \
- --sbindir=/sbin \
- --enable-shared \
- --disable-python \
- $(use_enable static static-cryptsetup) \
- $(use_enable static-libs static) \
- $(use_enable nls) \
- $(use_enable pwquality) \
- $(use_enable reencrypt cryptsetup-reencrypt) \
- $(use_enable udev) \
- $(use_enable !urandom dev-random) \
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
-
- use python && cd python && distutils-r1_src_configure
-}
-
-src_compile() {
- default
- use python && cd python && distutils-r1_src_compile
-}
-
-src_test() {
- if [[ ! -e /dev/mapper/control ]] ; then
- ewarn "No /dev/mapper/control found -- skipping tests"
- return 0
- fi
- local p
- for p in /dev/mapper /dev/loop* ; do
- addwrite ${p}
- done
- default
-}
-
-src_install() {
- default
- if use static ; then
- mv "${ED}"/sbin/cryptsetup{.static,} || die
- mv "${ED}"/sbin/veritysetup{.static,} || die
- use reencrypt && { mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die ; }
- fi
- prune_libtool_files --modules
-
- newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
-
- use python && cd python && distutils-r1_src_install
-}
diff --git a/sys-fs/cryptsetup/cryptsetup-2.2.2.ebuild b/sys-fs/cryptsetup/cryptsetup-2.2.2.ebuild
deleted file mode 100644
index e48c4ff99e6..00000000000
--- a/sys-fs/cryptsetup/cryptsetup-2.2.2.ebuild
+++ /dev/null
@@ -1,135 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools linux-info libtool
-
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
-SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0/12" # libcryptsetup.so version
-[[ ${PV} != *_rc* ]] && \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 s390 sparc x86"
-CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
-# we don't support nss since it doesn't allow cryptsetup to be built statically
-# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} +argon2 libressl +luks1_default nls pwquality reencrypt static static-libs +udev urandom"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- libressl? ( openssl )
- static? ( !gcrypt )" #496612
-
-LIB_DEPEND="
- dev-libs/json-c:=[static-libs(+)]
- dev-libs/libgpg-error[static-libs(+)]
- dev-libs/popt[static-libs(+)]
- >=sys-apps/util-linux-2.31-r1[static-libs(+)]
- argon2? ( app-crypt/argon2:=[static-libs(+)] )
- gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
- openssl? (
- !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
- libressl? ( dev-libs/libressl:0=[static-libs(+)] )
- )
- pwquality? ( dev-libs/libpwquality[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]
- udev? ( virtual/libudev[static-libs(-)] )"
-# We have to always depend on ${LIB_DEPEND} rather than put behind
-# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\([+-]\)\]}"
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )"
-BDEPEND="
- virtual/pkgconfig
-"
-
-S="${WORKDIR}/${P/_/-}"
-
-PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch )
-
-pkg_pretend() {
- if ! use luks1_default ; then
- ewarn "WARNING! WARNING! WARNING!"
- ewarn "You have chosen LUKS2 as your default format."
- ewarn "This can break LUKS1 backwards compatibility."
- ewarn "Enable \"luks1_default\" USE flag if you need backwards compatibility."
- fi
-}
-
-pkg_setup() {
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
- check_extra_config
-}
-
-src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- default
- eautoreconf
-}
-
-src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
- local myeconfargs=(
- --disable-internal-argon2
- --enable-shared
- --sbindir=/sbin
- # for later use
- --with-default-luks-format=LUKS$(usex luks1_default 1 2)
- --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d"
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
- $(use_enable argon2 libargon2)
- $(use_enable nls)
- $(use_enable pwquality)
- $(use_enable reencrypt cryptsetup-reencrypt)
- $(use_enable static static-cryptsetup)
- $(use_enable static-libs static)
- $(use_enable udev)
- $(use_enable !urandom dev-random)
- )
- econf "${myeconfargs[@]}"
-}
-
-src_test() {
- if [[ ! -e /dev/mapper/control ]] ; then
- ewarn "No /dev/mapper/control found -- skipping tests"
- return 0
- fi
-
- local p
- for p in /dev/mapper /dev/loop* ; do
- addwrite ${p}
- done
-
- default
-}
-
-src_install() {
- default
-
- if use static ; then
- mv "${ED}"/sbin/cryptsetup{.static,} || die
- mv "${ED}"/sbin/veritysetup{.static,} || die
- if use reencrypt ; then
- mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die
- fi
- fi
- find "${ED}" -type f -name "*.la" -delete || die
-
- dodoc docs/v*ReleaseNotes
-
- newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
-}
diff --git a/sys-fs/cryptsetup/files/setup-1.7.0.py b/sys-fs/cryptsetup/files/setup-1.7.0.py
deleted file mode 100644
index 0da063c0b1c..00000000000
--- a/sys-fs/cryptsetup/files/setup-1.7.0.py
+++ /dev/null
@@ -1,21 +0,0 @@
-import os
-from distutils.core import setup, Extension
-
-top_srcdir = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
-
-def get_ver():
- with open(os.path.join(top_srcdir, 'configure')) as f:
- for line in f:
- if line.startswith('PACKAGE_VERSION='):
- return line.split('=')[1].replace("'", '').strip()
-
-module = Extension('pycryptsetup',
- include_dirs=[os.path.join(top_srcdir, 'lib')],
- extra_compile_args=['-include', os.path.join(top_srcdir, 'config.h')],
- library_dirs=[os.path.join(top_srcdir, 'lib', '.libs')],
- libraries=['cryptsetup'],
- sources=['pycryptsetup.c'])
-
-setup(name='pycryptsetup',
- version=get_ver(),
- ext_modules=[module])
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/, sys-fs/cryptsetup/files/
@ 2018-03-08 9:06 Lars Wendler
0 siblings, 0 replies; 9+ messages in thread
From: Lars Wendler @ 2018-03-08 9:06 UTC (permalink / raw
To: gentoo-commits
commit: 794be47e1ae0ec163e3c7e1426dd7ebbbf9ddd0b
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Thu Mar 8 08:35:26 2018 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Mar 8 09:05:42 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=794be47e
sys-fs/cryptsetup: Removed old.
Package-Manager: Portage-2.3.24, Repoman-2.3.6
sys-fs/cryptsetup/Manifest | 2 -
sys-fs/cryptsetup/cryptsetup-1.7.4.ebuild | 126 --------------------
sys-fs/cryptsetup/cryptsetup-2.0.0-r1.ebuild | 130 ---------------------
.../files/cryptsetup-2.0.0-pwquality_static.patch | 27 -----
4 files changed, 285 deletions(-)
diff --git a/sys-fs/cryptsetup/Manifest b/sys-fs/cryptsetup/Manifest
index 56b621e4c25..68c07801ee3 100644
--- a/sys-fs/cryptsetup/Manifest
+++ b/sys-fs/cryptsetup/Manifest
@@ -1,5 +1,3 @@
-DIST cryptsetup-1.7.4.tar.xz 1232068 BLAKE2B a65295d023f611ac57abf25fe21b4b6b6f64d8cfdcc01f2e008eea8141423e9d364af42fa3b58f9f8a76f898a01b3918a2a3ff98bc62ab105fa85feb3c1d55cd SHA512 c5f58227b38dcc2e2858c4bbcb641acead3b6bcdad0d8d76e5f46936669e4aff4dbc20a2980040341320d35d39f029725a9f20607753cad44f64ac0443b64b71
DIST cryptsetup-1.7.5.tar.xz 1232696 BLAKE2B 1bd62b186564e0b902480d66f623074f8d2f06ea09f11788566e33d58f7d0dc8c79d5827e5966e1a20a5597c2cbdec76da49c8f54c0538a1ac3f869d8ef55456 SHA512 d473f7b06d705a3868a70f3767fafc664436b5897ba59025ea1268f815cb80a9076841ff9ff96cc130fb83ba18b03c1eee38cfaf1b471fdd883a3e126b771439
-DIST cryptsetup-2.0.0.tar.xz 10079936 BLAKE2B 6e5f1bb20571cf7a66f988e50b2cc88d152a2cd414a9b760ad845cafac3d0aa5b5a1fbd871117b91a78b7cbf1d8a849608221f8a35d1faf26f901518c2d00c6e SHA512 195e9c0b6429d21ec0cc7c5faddfde85cb71eee09d348fa50df6779693a2dc05fce04bada4c835150964e08b2e8af30e4194155e0f6366b24c7812f48477a249
DIST cryptsetup-2.0.1.tar.xz 10110424 BLAKE2B b3becffcb7000e40e1f47da4013998de557259f64dfdb24def953a375ed89dd8b4f1f3b95d7f1150638f29bc018ecb282db9f06ef7ba63b77a68ddfdfccd0c1a SHA512 b0c16de67169aefe861e0d6692dfa7ff1d7cf34990611c71edb82606ebf39a529511b36f7c452da591bdc39c4125a4355b7444d268680458219f2cad63e0f74b
DIST cryptsetup-2.0.2.tar.xz 10122404 BLAKE2B ac2391cdef387c403a8477467fb8fa36850d38ad3759639326f10ecd2b475bbd3df63162aafa1886e389a5a6b4ff1f94c2906e31538501d3be36267fbee12f6a SHA512 1c37b81b1dcb1223293b30ddc7096e074d01e2dd978b543fbda7ae11ecc29c1c461d12e4b22288bb382a188e9e679bf1ad3e281e77428374b7c605c8902c1b17
diff --git a/sys-fs/cryptsetup/cryptsetup-1.7.4.ebuild b/sys-fs/cryptsetup/cryptsetup-1.7.4.ebuild
deleted file mode 100644
index c3027e72aae..00000000000
--- a/sys-fs/cryptsetup/cryptsetup-1.7.4.ebuild
+++ /dev/null
@@ -1,126 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-DISTUTILS_OPTIONAL=1
-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
-
-inherit autotools distutils-r1 linux-info libtool eutils versionator
-
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
-SRC_URI="mirror://kernel/linux/utils/${PN}/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86"
-CRYPTO_BACKENDS="+gcrypt kernel nettle openssl"
-# we don't support nss since it doesn't allow cryptsetup to be built statically
-# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} libressl nls pwquality python reencrypt static static-libs udev urandom"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- python? ( ${PYTHON_REQUIRED_USE} )
- static? ( !gcrypt )" #496612
-
-LIB_DEPEND="dev-libs/libgpg-error[static-libs(+)]
- dev-libs/popt[static-libs(+)]
- sys-apps/util-linux[static-libs(+)]
- gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
- openssl? (
- !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
- libressl? ( dev-libs/libressl:=[static-libs(+)] )
- )
- pwquality? ( dev-libs/libpwquality[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]
- udev? ( virtual/libudev[static-libs(+)] )"
-# We have to always depend on ${LIB_DEPEND} rather than put behind
-# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\(+\)\]}
- python? ( ${PYTHON_DEPS} )"
-DEPEND="${RDEPEND}
- virtual/pkgconfig
- static? ( ${LIB_DEPEND} )"
-
-#PATCHES=( )
-
-pkg_setup() {
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
- check_extra_config
-}
-
-src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- #epatch "${PATCHES[@]}"
- epatch_user && eautoreconf
-
- if use python ; then
- cd python
- cp "${FILESDIR}"/setup-1.7.0.py setup.py || die
- distutils-r1_src_prepare
- fi
-}
-
-src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
- # We disable autotool python integration so we can use eclasses
- # for proper integration with multiple python versions.
- econf \
- --sbindir=/sbin \
- --enable-shared \
- --disable-python \
- $(use_enable static static-cryptsetup) \
- $(use_enable static-libs static) \
- $(use_enable nls) \
- $(use_enable pwquality) \
- $(use_enable reencrypt cryptsetup-reencrypt) \
- $(use_enable udev) \
- $(use_enable !urandom dev-random) \
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
-
- use python && cd python && distutils-r1_src_configure
-}
-
-src_compile() {
- default
- use python && cd python && distutils-r1_src_compile
-}
-
-src_test() {
- if [[ ! -e /dev/mapper/control ]] ; then
- ewarn "No /dev/mapper/control found -- skipping tests"
- return 0
- fi
- local p
- for p in /dev/mapper /dev/loop* ; do
- addwrite ${p}
- done
- default
-}
-
-src_install() {
- default
- if use static ; then
- mv "${ED}"/sbin/cryptsetup{.static,} || die
- mv "${ED}"/sbin/veritysetup{.static,} || die
- use reencrypt && { mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die ; }
- fi
- prune_libtool_files --modules
-
- newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
-
- use python && cd python && distutils-r1_src_install
-}
diff --git a/sys-fs/cryptsetup/cryptsetup-2.0.0-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.0.0-r1.ebuild
deleted file mode 100644
index 14e340bb400..00000000000
--- a/sys-fs/cryptsetup/cryptsetup-2.0.0-r1.ebuild
+++ /dev/null
@@ -1,130 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-
-inherit autotools python-single-r1 linux-info libtool ltprune versionator
-
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
-SRC_URI="mirror://kernel/linux/utils/${PN}/v$(get_version_component_range 1-2)/${P/_/-}.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0/12" # libcryptsetup.so version
-[[ ${PV} != *_rc* ]] && \
-KEYWORDS="~amd64 ~arm64 ~mips ~s390 ~sh ~sparc ~x86"
-CRYPTO_BACKENDS="+gcrypt kernel nettle openssl"
-# we don't support nss since it doesn't allow cryptsetup to be built statically
-# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} +argon2 libressl nls pwquality python reencrypt static static-libs udev urandom"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- python? ( ${PYTHON_REQUIRED_USE} )
- static? ( !gcrypt )" #496612
-
-LIB_DEPEND="
- dev-libs/json-c:=[static-libs(+)]
- dev-libs/libgpg-error[static-libs(+)]
- dev-libs/popt[static-libs(+)]
- >=sys-apps/util-linux-2.31-r1[static-libs(+)]
- argon2? ( app-crypt/argon2:=[static-libs(+)] )
- gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
- openssl? (
- !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
- libressl? ( dev-libs/libressl:=[static-libs(+)] )
- )
- pwquality? ( dev-libs/libpwquality[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]
- udev? ( virtual/libudev[static-libs(+)] )"
-# We have to always depend on ${LIB_DEPEND} rather than put behind
-# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\(+\)\]}
- python? ( ${PYTHON_DEPS} )"
-DEPEND="${RDEPEND}
- virtual/pkgconfig
- static? ( ${LIB_DEPEND} )"
-
-S="${WORKDIR}/${P/_/-}"
-
-PATCHES=(
- "${FILESDIR}/${P}-pwquality_static.patch" #641226
-)
-
-pkg_setup() {
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
- check_extra_config
-}
-
-src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- default
- eautoreconf
-}
-
-src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
- use python && python_setup
-
- # We disable autotool python integration so we can use eclasses
- # for proper integration with multiple python versions.
- local myeconfargs=(
- --disable-internal-argon2
- --enable-shared
- --sbindir=/sbin
- --with-tmpfilesdir="${EPREFIX%/}/usr/lib/tmpfiles.d"
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
- $(use_enable argon2 libargon2)
- $(use_enable nls)
- $(use_enable pwquality)
- $(use_enable python)
- $(use_enable reencrypt cryptsetup-reencrypt)
- $(use_enable static static-cryptsetup)
- $(use_enable static-libs static)
- $(use_enable udev)
- $(use_enable !urandom dev-random)
- )
- econf "${myeconfargs[@]}"
-}
-
-src_test() {
- if [[ ! -e /dev/mapper/control ]] ; then
- ewarn "No /dev/mapper/control found -- skipping tests"
- return 0
- fi
-
- local p
- for p in /dev/mapper /dev/loop* ; do
- addwrite ${p}
- done
-
- default
-}
-
-src_install() {
- default
-
- if use static ; then
- mv "${ED%}"/sbin/cryptsetup{.static,} || die
- mv "${ED%}"/sbin/veritysetup{.static,} || die
- use reencrypt && { mv "${ED%}"/sbin/cryptsetup-reencrypt{.static,} || die ; }
- fi
- prune_libtool_files --modules
-
- dodoc docs/v*ReleaseNotes
-
- newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
-}
diff --git a/sys-fs/cryptsetup/files/cryptsetup-2.0.0-pwquality_static.patch b/sys-fs/cryptsetup/files/cryptsetup-2.0.0-pwquality_static.patch
deleted file mode 100644
index 56a2d45cb42..00000000000
--- a/sys-fs/cryptsetup/files/cryptsetup-2.0.0-pwquality_static.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 7c9312607c5b0923447175480d696b34f47f0e03 Mon Sep 17 00:00:00 2001
-From: Milan Broz <gmazyland@gmail.com>
-Date: Sun, 17 Dec 2017 15:20:49 +0100
-Subject: [PATCH] Fix cryptsetup-reencrypt static build if pwquality is enabled.
-
-In static build we need to link also to pwquality.
-
-Fixes Issue#357.
----
- src/Makemodule.am | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/Makemodule.am b/src/Makemodule.am
-index 55a388d..b6889eb 100644
---- a/src/Makemodule.am
-+++ b/src/Makemodule.am
-@@ -112,6 +112,7 @@ cryptsetup_reencrypt_static_LDFLAGS = $(AM_LDFLAGS) -all-static
- cryptsetup_reencrypt_static_LDADD = \
- $(cryptsetup_reencrypt_LDADD) \
- @CRYPTO_STATIC_LIBS@ \
-+ @PWQUALITY_STATIC_LIBS@ \
- @DEVMAPPER_STATIC_LIBS@
- endif
- endif
---
-libgit2 0.26.0
-
^ permalink raw reply related [flat|nested] 9+ messages in thread* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/, sys-fs/cryptsetup/files/
@ 2015-12-09 23:23 Mike Frysinger
0 siblings, 0 replies; 9+ messages in thread
From: Mike Frysinger @ 2015-12-09 23:23 UTC (permalink / raw
To: gentoo-commits
commit: 3d06eccaf2ceca30befa28389e559a2d43eb57b7
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Wed Dec 9 23:03:30 2015 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Wed Dec 9 23:19:35 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d06ecca
sys-fs/cryptsetup: add multiple python version support #567378
sys-fs/cryptsetup/cryptsetup-1.7.0-r1.ebuild | 124 +++++++++++++++++++++++++++
sys-fs/cryptsetup/files/setup-1.7.0.py | 21 +++++
2 files changed, 145 insertions(+)
diff --git a/sys-fs/cryptsetup/cryptsetup-1.7.0-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-1.7.0-r1.ebuild
new file mode 100644
index 0000000..62f432a
--- /dev/null
+++ b/sys-fs/cryptsetup/cryptsetup-1.7.0-r1.ebuild
@@ -0,0 +1,124 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+DISTUTILS_OPTIONAL=1
+PYTHON_COMPAT=( python{2_7,3_4,3_5} )
+
+inherit autotools distutils-r1 linux-info libtool eutils versionator
+
+DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
+HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
+SRC_URI="mirror://kernel/linux/utils/${PN}/v$(get_version_component_range 1-2)/${P}.tar.xz"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+CRYPTO_BACKENDS="+gcrypt kernel nettle openssl"
+# we don't support nss since it doesn't allow cryptsetup to be built statically
+# and it's missing ripemd160 support so it can't provide full backward compatibility
+IUSE="${CRYPTO_BACKENDS} libressl nls pwquality python reencrypt static static-libs udev urandom"
+REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
+ python? ( ${PYTHON_REQUIRED_USE} )
+ static? ( !gcrypt )" #496612
+
+LIB_DEPEND="dev-libs/libgpg-error[static-libs(+)]
+ dev-libs/popt[static-libs(+)]
+ sys-apps/util-linux[static-libs(+)]
+ gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
+ nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
+ openssl? (
+ !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
+ libressl? ( dev-libs/libressl:=[static-libs(+)] )
+ )
+ pwquality? ( dev-libs/libpwquality[static-libs(+)] )
+ sys-fs/lvm2[static-libs(+)]
+ udev? ( virtual/libudev[static-libs(+)] )"
+# We have to always depend on ${LIB_DEPEND} rather than put behind
+# !static? () because we provide a shared library which links against
+# these other packages. #414665
+RDEPEND="static-libs? ( ${LIB_DEPEND} )
+ ${LIB_DEPEND//\[static-libs\(+\)\]}
+ python? ( ${PYTHON_DEPS} )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig
+ static? ( ${LIB_DEPEND} )"
+
+pkg_setup() {
+ local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
+ local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
+ local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
+ local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
+ local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
+ check_extra_config
+}
+
+src_prepare() {
+ sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
+ epatch_user && eautoreconf
+
+ if use python ; then
+ cd python
+ cp "${FILESDIR}"/setup-1.7.0.py setup.py || die
+ distutils-r1_src_prepare
+ fi
+}
+
+src_configure() {
+ if use kernel ; then
+ ewarn "Note that kernel backend is very slow for this type of operation"
+ ewarn "and is provided mainly for embedded systems wanting to avoid"
+ ewarn "userspace crypto libraries."
+ fi
+
+ # We disable autotool python integration so we can use eclasses
+ # for proper integration with multiple python versions.
+ econf \
+ --sbindir=/sbin \
+ --enable-shared \
+ --disable-python \
+ $(use_enable static static-cryptsetup) \
+ $(use_enable static-libs static) \
+ $(use_enable nls) \
+ $(use_enable pwquality) \
+ $(use_enable reencrypt cryptsetup-reencrypt) \
+ $(use_enable udev) \
+ $(use_enable !urandom dev-random) \
+ --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
+
+ use python && cd python && distutils-r1_src_configure
+}
+
+src_compile() {
+ default
+ use python && cd python && distutils-r1_src_compile
+}
+
+src_test() {
+ if [[ ! -e /dev/mapper/control ]] ; then
+ ewarn "No /dev/mapper/control found -- skipping tests"
+ return 0
+ fi
+ local p
+ for p in /dev/mapper /dev/loop* ; do
+ addwrite ${p}
+ done
+ default
+}
+
+src_install() {
+ default
+ if use static ; then
+ mv "${ED}"/sbin/cryptsetup{.static,} || die
+ mv "${ED}"/sbin/veritysetup{.static,} || die
+ use reencrypt && { mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die ; }
+ fi
+ prune_libtool_files --modules
+
+ newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt
+ newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
+
+ use python && cd python && distutils-r1_src_install
+}
diff --git a/sys-fs/cryptsetup/files/setup-1.7.0.py b/sys-fs/cryptsetup/files/setup-1.7.0.py
new file mode 100644
index 0000000..0da063c
--- /dev/null
+++ b/sys-fs/cryptsetup/files/setup-1.7.0.py
@@ -0,0 +1,21 @@
+import os
+from distutils.core import setup, Extension
+
+top_srcdir = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
+
+def get_ver():
+ with open(os.path.join(top_srcdir, 'configure')) as f:
+ for line in f:
+ if line.startswith('PACKAGE_VERSION='):
+ return line.split('=')[1].replace("'", '').strip()
+
+module = Extension('pycryptsetup',
+ include_dirs=[os.path.join(top_srcdir, 'lib')],
+ extra_compile_args=['-include', os.path.join(top_srcdir, 'config.h')],
+ library_dirs=[os.path.join(top_srcdir, 'lib', '.libs')],
+ libraries=['cryptsetup'],
+ sources=['pycryptsetup.c'])
+
+setup(name='pycryptsetup',
+ version=get_ver(),
+ ext_modules=[module])
^ permalink raw reply related [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-10-28 20:09 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-11-02 18:21 [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/, sys-fs/cryptsetup/files/ William Hubbs
-- strict thread matches above, loose matches on Subject: below --
2022-10-28 20:09 Sam James
2022-10-20 18:00 Mike Gilbert
2022-01-24 17:05 Mike Gilbert
2021-10-06 15:26 Mike Gilbert
2021-09-17 16:24 Mike Gilbert
2020-05-29 8:51 Lars Wendler
2018-03-08 9:06 Lars Wendler
2015-12-09 23:23 Mike Frysinger
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox