* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/files/, sys-fs/cryptsetup/
@ 2015-11-04 5:41 Lars Wendler
0 siblings, 0 replies; 9+ messages in thread
From: Lars Wendler @ 2015-11-04 5:41 UTC (permalink / raw
To: gentoo-commits
commit: 5f539dede2b6b3087d7b89bfc8fdfa7e1fc38de8
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed Nov 4 05:41:34 2015 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Nov 4 05:41:34 2015 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f539ded
sys-fs/cryptsetup: Removed old.
Package-Manager: portage-2.2.23
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
sys-fs/cryptsetup/Manifest | 2 -
sys-fs/cryptsetup/cryptsetup-1.6.2.ebuild | 122 ---------------------
sys-fs/cryptsetup/cryptsetup-1.6.7.ebuild | 103 -----------------
.../files/cryptsetup-1.6.1-openssl-static.patch | 13 ---
4 files changed, 240 deletions(-)
diff --git a/sys-fs/cryptsetup/Manifest b/sys-fs/cryptsetup/Manifest
index bdb509e..8521e7d 100644
--- a/sys-fs/cryptsetup/Manifest
+++ b/sys-fs/cryptsetup/Manifest
@@ -1,5 +1,3 @@
-DIST cryptsetup-1.6.2.tar.bz2 1189584 SHA256 15723f0198303d4bcb99d480b7a773918e2d319f0348457988c063bdd03e109a SHA512 59fb835ef8bcd6d0c704a021055032639840ef4bb7be6ade8ff91d347ae74d8e6cba4583d8ced7a4a8c6f09ebc16c4eff3549c13c4327d92fd9234db58e18c10 WHIRLPOOL 3ab24572ea42dfdd0d5176dfa4621520cd0bccda53c3a01676d400a7a841ab9643c979c4942daa774658602bd8cdf659376cbc94c553e2097c5eb3c51a7edb31
DIST cryptsetup-1.6.5.tar.xz 1136892 SHA256 267973f20be43f9d685f7193aa23954b60768c74a1d330243114d4b8bc17ca9a SHA512 c77ac590d28954e7bd430d1069b820a288c4668857a7ced7f81546ea39676f2b536abbcda06f20440e31c205b7ada68bcfa5aab220b102a2b62198a788d9b65e WHIRLPOOL 74a597abbdcc1225bb811597e53737eab2348a328f3ba30e7eb519a0621b06e6c898e320db8e24a16decfd4706b6a2e68b06894dde91124e4c089e952dbff9c1
-DIST cryptsetup-1.6.7.tar.xz 1188876 SHA256 c23c24c8d662032da8650c1c84985221be8bbedf4737c1540bba7e4517dfe820 SHA512 d6cecd2f3f5d468d4337d4e8407c8c3315e8972c0fc72cd1f93fb67f02a632b56ad293f08f6682f24c9ad0b5ad5967be751e5679413109692ade5823aafd1d19 WHIRLPOOL 95611938ddbf3520f1a2a2891e3103f6bf1699a210f7902bd65d1e61357ed44c9b6f344f567d1d5f1b88adb40154831e34014f3e22ec141f9101b707295007a0
DIST cryptsetup-1.6.8.tar.xz 1221232 SHA256 45a6ccd3c65b7d904e58e1cb3656a7e997190b6a05b5ff7c6887e4a41c5f19bc SHA512 db189a98da6329f4d4c2ae92dbdc08ccffdf6ae41c964186ebf48a612bf0aa9731653ef6b7549b5feee0043edfa171874c3609418499902e6339b48481c621d7 WHIRLPOOL 8873d14fc2a54d97ed7d065ad4a0c63b057d9085c2cfd99c0b97aba78d49566bd7c9b47e56033992ac1f3892369bebf2165aaccc6ca3f933c0c33c2e6ef8c1e4
DIST cryptsetup-1.7.0.tar.xz 1224616 SHA256 075524a7cc0db36d12119fa79116750accb1c6c8825d5faa2534b74b8ce3d148 SHA512 3c1732c8f1c18f0497c84c81777f54c398eea9300cd82a18691bf323d303687f4dfdd76010fb86114414f78193630cae4de5b665ce417dbf307f7fef4fa1bef6 WHIRLPOOL 4706317a6f2fe24e5c56df934ee3b0fb64cca2544885ce11ad567369ede1215e8a624b3f4c1e445aa4b59dbf9f644aed461ec422f627f37af4569f74b9f2a1ab
diff --git a/sys-fs/cryptsetup/cryptsetup-1.6.2.ebuild b/sys-fs/cryptsetup/cryptsetup-1.6.2.ebuild
deleted file mode 100644
index 7cb25db..0000000
--- a/sys-fs/cryptsetup/cryptsetup-1.6.2.ebuild
+++ /dev/null
@@ -1,122 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-PYTHON_COMPAT=( python2_7 )
-
-inherit autotools python-single-r1 linux-info libtool eutils
-
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://code.google.com/p/cryptsetup/"
-SRC_URI="https://cryptsetup.googlecode.com/files/${P}.tar.bz2"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 ~s390 ~sh sparc x86"
-CRYPTO_BACKENDS="+gcrypt kernel nettle openssl"
-# we don't support nss since it doesn't allow cryptsetup to be built statically
-# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} nls python reencrypt static static-libs udev urandom"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- python? ( ${PYTHON_REQUIRED_USE} )
- static? ( !gcrypt )" #496612
-
-LIB_DEPEND="dev-libs/libgpg-error[static-libs(+)]
- dev-libs/popt[static-libs(+)]
- sys-apps/util-linux[static-libs(+)]
- gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
- openssl? ( dev-libs/openssl[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]
- udev? ( virtual/libudev[static-libs(+)] )"
-# We have to always depend on ${LIB_DEPEND} rather than put behind
-# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\(+\)\]}
- python? ( ${PYTHON_DEPS} )"
-DEPEND="${RDEPEND}
- virtual/pkgconfig
- static? ( ${LIB_DEPEND} )"
-
-pkg_setup() {
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC"
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
- check_extra_config
-
- use python && python-single-r1_pkg_setup
-}
-
-src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- epatch "${FILESDIR}"/${PN}-1.6.1-openssl-static.patch
- eautoreconf
-}
-
-src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
- econf \
- --sbindir=/sbin \
- --enable-shared \
- $(use_enable static static-cryptsetup) \
- $(use_enable static-libs static) \
- $(use_enable nls) \
- $(use_enable python) \
- $(use_enable reencrypt cryptsetup-reencrypt) \
- $(use_enable udev) \
- $(use_enable !urandom dev-random) \
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/}; do use ${x} && echo ${x} ; done)
-}
-
-src_test() {
- if [[ ! -e /dev/mapper/control ]] ; then
- ewarn "No /dev/mapper/control found -- skipping tests"
- return 0
- fi
- local p
- for p in /dev/mapper /dev/loop* ; do
- addwrite ${p}
- done
- default
-}
-
-src_install() {
- default
- if use static ; then
- mv "${ED}"/sbin/cryptsetup{.static,} || die
- mv "${ED}"/sbin/veritysetup{.static,} || die
- use reencrypt && { mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die ; }
- fi
- prune_libtool_files --modules
-
- newconfd "${FILESDIR}"/1.0.6-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/1.5.1-dmcrypt.rc dmcrypt
-}
-
-pkg_postinst() {
- if [[ -z ${REPLACING_VERSIONS} ]] ; then
- elog "Please see the example for configuring a LUKS mountpoint"
- elog "in /etc/conf.d/dmcrypt"
- elog
- elog "If you are using baselayout-2 then please do:"
- elog "rc-update add dmcrypt boot"
- elog "This version introduces a command line arguement 'key_timeout'."
- elog "If you want the search for the removable key device to timeout"
- elog "after 10 seconds add the following to your bootloader config:"
- elog "key_timeout=10"
- elog "A timeout of 0 will mean it will wait indefinitely."
- elog
- elog "Users using cryptsetup-1.0.x (dm-crypt plain) volumes must use"
- elog "a compatibility mode when using cryptsetup-1.1.x. This can be"
- elog "done by specifying the cipher (-c), key size (-s) and hash (-h)."
- elog "For more info, see https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Issues_with_Specific_Versions_of_cryptsetup"
- fi
-}
diff --git a/sys-fs/cryptsetup/cryptsetup-1.6.7.ebuild b/sys-fs/cryptsetup/cryptsetup-1.6.7.ebuild
deleted file mode 100644
index 83cb5fd..0000000
--- a/sys-fs/cryptsetup/cryptsetup-1.6.7.ebuild
+++ /dev/null
@@ -1,103 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-PYTHON_COMPAT=( python{2_7,3_3,3_4} )
-
-inherit autotools python-single-r1 linux-info libtool eutils versionator
-
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
-SRC_URI="mirror://kernel/linux/utils/${PN}/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-CRYPTO_BACKENDS="+gcrypt kernel nettle openssl"
-# we don't support nss since it doesn't allow cryptsetup to be built statically
-# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} nls pwquality python reencrypt static static-libs udev urandom"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- python? ( ${PYTHON_REQUIRED_USE} )
- static? ( !gcrypt )" #496612
-
-LIB_DEPEND="dev-libs/libgpg-error[static-libs(+)]
- dev-libs/popt[static-libs(+)]
- sys-apps/util-linux[static-libs(+)]
- gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
- openssl? ( dev-libs/openssl[static-libs(+)] )
- pwquality? ( dev-libs/libpwquality[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]
- udev? ( virtual/libudev[static-libs(+)] )"
-# We have to always depend on ${LIB_DEPEND} rather than put behind
-# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\(+\)\]}
- python? ( ${PYTHON_DEPS} )"
-DEPEND="${RDEPEND}
- virtual/pkgconfig
- static? ( ${LIB_DEPEND} )"
-
-pkg_setup() {
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC"
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
- check_extra_config
-
- use python && python-single-r1_pkg_setup
-}
-
-src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- epatch_user && eautoreconf
-}
-
-src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
- econf \
- --sbindir=/sbin \
- --enable-shared \
- $(use_enable static static-cryptsetup) \
- $(use_enable static-libs static) \
- $(use_enable nls) \
- $(use_enable pwquality) \
- $(use_enable python) \
- $(use_enable reencrypt cryptsetup-reencrypt) \
- $(use_enable udev) \
- $(use_enable !urandom dev-random) \
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
-}
-
-src_test() {
- if [[ ! -e /dev/mapper/control ]] ; then
- ewarn "No /dev/mapper/control found -- skipping tests"
- return 0
- fi
- local p
- for p in /dev/mapper /dev/loop* ; do
- addwrite ${p}
- done
- default
-}
-
-src_install() {
- default
- if use static ; then
- mv "${ED}"/sbin/cryptsetup{.static,} || die
- mv "${ED}"/sbin/veritysetup{.static,} || die
- use reencrypt && { mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die ; }
- fi
- prune_libtool_files --modules
-
- newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
-}
diff --git a/sys-fs/cryptsetup/files/cryptsetup-1.6.1-openssl-static.patch b/sys-fs/cryptsetup/files/cryptsetup-1.6.1-openssl-static.patch
deleted file mode 100644
index e479a30..0000000
--- a/sys-fs/cryptsetup/files/cryptsetup-1.6.1-openssl-static.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- a/configure.ac 2013-03-24 05:02:02.000000000 -0400
-+++ b/configure.ac 2013-08-06 15:57:57.844461481 -0400
-@@ -149,8 +149,8 @@
- if test x$enable_static_cryptsetup = xyes; then
- saved_PKG_CONFIG=$PKG_CONFIG
- PKG_CONFIG="$PKG_CONFIG --static"
-- PKG_CHECK_MODULES([OPENSSL], [openssl])
-- CRYPTO_STATIC_LIBS=$OPENSSL_LIBS
-+ PKG_CHECK_MODULES([OPENSSL_STATIC], [openssl])
-+ CRYPTO_STATIC_LIBS=$OPENSSL_STATIC_LIBS
- PKG_CONFIG=$saved_PKG_CONFIG
- fi
- NO_FIPS([])
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/files/, sys-fs/cryptsetup/
@ 2016-04-19 6:17 Mike Frysinger
0 siblings, 0 replies; 9+ messages in thread
From: Mike Frysinger @ 2016-04-19 6:17 UTC (permalink / raw
To: gentoo-commits
commit: d72316f97ebcc7fe622b21574442a9ac59b9115f
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Tue Apr 19 06:17:21 2016 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Tue Apr 19 06:17:21 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d72316f9
sys-fs/cryptsetup: fix build w/newer glibc #580228
sys-fs/cryptsetup/cryptsetup-1.7.1.ebuild | 1 +
.../files/cryptsetup-1.7.1-sysmacros.patch | 60 ++++++++++++++++++++++
2 files changed, 61 insertions(+)
diff --git a/sys-fs/cryptsetup/cryptsetup-1.7.1.ebuild b/sys-fs/cryptsetup/cryptsetup-1.7.1.ebuild
index dd735e2..13b101b 100644
--- a/sys-fs/cryptsetup/cryptsetup-1.7.1.ebuild
+++ b/sys-fs/cryptsetup/cryptsetup-1.7.1.ebuild
@@ -57,6 +57,7 @@ pkg_setup() {
src_prepare() {
sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
+ epatch "${FILESDIR}"/${PN}-1.7.1-sysmacros.patch #580228
epatch_user && eautoreconf
if use python ; then
diff --git a/sys-fs/cryptsetup/files/cryptsetup-1.7.1-sysmacros.patch b/sys-fs/cryptsetup/files/cryptsetup-1.7.1-sysmacros.patch
new file mode 100644
index 0000000..459cec6
--- /dev/null
+++ b/sys-fs/cryptsetup/files/cryptsetup-1.7.1-sysmacros.patch
@@ -0,0 +1,60 @@
+https://bugs.gentoo.org/580228
+
+From ca5f8f92c161d9bd3b0c539befc13199f8a60813 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Tue, 19 Apr 2016 02:13:00 -0400
+Subject: [PATCH] include sys/sysmacros.h for major/minor/makedev
+
+These functions are defined in that header, so include it when needed.
+Otherwise we can get build failures like:
+veritysetup-utils_loop.o: In function '_sysfs_backing_file':
+utils_loop.c:(.text+0x50): undefined reference to 'minor'
+utils_loop.c:(.text+0x5e): undefined reference to 'major'
+veritysetup-utils_loop.o: In function 'crypt_loop_device':
+utils_loop.c:(.text+0x638): undefined reference to 'major'
+../lib/.libs/libcryptsetup.so: undefined reference to 'makedev'
+---
+ lib/utils_devpath.c | 1 +
+ lib/utils_loop.c | 1 +
+ lib/utils_wipe.c | 1 +
+ 3 files changed, 3 insertions(+)
+
+diff --git a/lib/utils_devpath.c b/lib/utils_devpath.c
+index 963785a..0bc0563 100644
+--- a/lib/utils_devpath.c
++++ b/lib/utils_devpath.c
+@@ -30,6 +30,7 @@
+ #include <errno.h>
+ #include <limits.h>
+ #include <sys/stat.h>
++#include <sys/sysmacros.h>
+ #include <sys/types.h>
+ #include "internal.h"
+
+diff --git a/lib/utils_loop.c b/lib/utils_loop.c
+index d7b03a1..36d4c46 100644
+--- a/lib/utils_loop.c
++++ b/lib/utils_loop.c
+@@ -27,6 +27,7 @@
+ #include <limits.h>
+ #include <sys/ioctl.h>
+ #include <sys/stat.h>
++#include <sys/sysmacros.h>
+ #include <sys/types.h>
+ #include <linux/loop.h>
+
+diff --git a/lib/utils_wipe.c b/lib/utils_wipe.c
+index 210c566..8e2a2aa 100644
+--- a/lib/utils_wipe.c
++++ b/lib/utils_wipe.c
+@@ -29,6 +29,7 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/ioctl.h>
++#include <sys/sysmacros.h>
+ #include <fcntl.h>
+
+ #include "libcryptsetup.h"
+--
+2.7.4
+
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/files/, sys-fs/cryptsetup/
@ 2016-11-23 9:27 Lars Wendler
0 siblings, 0 replies; 9+ messages in thread
From: Lars Wendler @ 2016-11-23 9:27 UTC (permalink / raw
To: gentoo-commits
commit: 4ee3e54b68eb8fab1456957822c85c49b6211839
Author: Aric Belsito <lluixhi <AT> gmail <DOT> com>
AuthorDate: Wed Nov 2 20:44:44 2016 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed Nov 23 09:27:55 2016 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ee3e54b
sys-fs/cryptsetup: Add LibreSSL patch.
Remove unused sysmacros patch.
Closes: https://github.com/gentoo/gentoo/pull/2724
sys-fs/cryptsetup/cryptsetup-1.7.3.ebuild | 3 ++
.../files/cryptsetup-1.7.1-sysmacros.patch | 60 ----------------------
.../files/cryptsetup-1.7.3-libressl.patch | 12 +++++
3 files changed, 15 insertions(+), 60 deletions(-)
diff --git a/sys-fs/cryptsetup/cryptsetup-1.7.3.ebuild b/sys-fs/cryptsetup/cryptsetup-1.7.3.ebuild
index dd735e2..894bc12 100644
--- a/sys-fs/cryptsetup/cryptsetup-1.7.3.ebuild
+++ b/sys-fs/cryptsetup/cryptsetup-1.7.3.ebuild
@@ -46,6 +46,8 @@ DEPEND="${RDEPEND}
virtual/pkgconfig
static? ( ${LIB_DEPEND} )"
+PATCHES=( "${FILESDIR}"/${P}-libressl.patch )
+
pkg_setup() {
local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
@@ -57,6 +59,7 @@ pkg_setup() {
src_prepare() {
sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
+ epatch "${PATCHES[@]}"
epatch_user && eautoreconf
if use python ; then
diff --git a/sys-fs/cryptsetup/files/cryptsetup-1.7.1-sysmacros.patch b/sys-fs/cryptsetup/files/cryptsetup-1.7.1-sysmacros.patch
deleted file mode 100644
index 459cec6..00000000
--- a/sys-fs/cryptsetup/files/cryptsetup-1.7.1-sysmacros.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-https://bugs.gentoo.org/580228
-
-From ca5f8f92c161d9bd3b0c539befc13199f8a60813 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Tue, 19 Apr 2016 02:13:00 -0400
-Subject: [PATCH] include sys/sysmacros.h for major/minor/makedev
-
-These functions are defined in that header, so include it when needed.
-Otherwise we can get build failures like:
-veritysetup-utils_loop.o: In function '_sysfs_backing_file':
-utils_loop.c:(.text+0x50): undefined reference to 'minor'
-utils_loop.c:(.text+0x5e): undefined reference to 'major'
-veritysetup-utils_loop.o: In function 'crypt_loop_device':
-utils_loop.c:(.text+0x638): undefined reference to 'major'
-../lib/.libs/libcryptsetup.so: undefined reference to 'makedev'
----
- lib/utils_devpath.c | 1 +
- lib/utils_loop.c | 1 +
- lib/utils_wipe.c | 1 +
- 3 files changed, 3 insertions(+)
-
-diff --git a/lib/utils_devpath.c b/lib/utils_devpath.c
-index 963785a..0bc0563 100644
---- a/lib/utils_devpath.c
-+++ b/lib/utils_devpath.c
-@@ -30,6 +30,7 @@
- #include <errno.h>
- #include <limits.h>
- #include <sys/stat.h>
-+#include <sys/sysmacros.h>
- #include <sys/types.h>
- #include "internal.h"
-
-diff --git a/lib/utils_loop.c b/lib/utils_loop.c
-index d7b03a1..36d4c46 100644
---- a/lib/utils_loop.c
-+++ b/lib/utils_loop.c
-@@ -27,6 +27,7 @@
- #include <limits.h>
- #include <sys/ioctl.h>
- #include <sys/stat.h>
-+#include <sys/sysmacros.h>
- #include <sys/types.h>
- #include <linux/loop.h>
-
-diff --git a/lib/utils_wipe.c b/lib/utils_wipe.c
-index 210c566..8e2a2aa 100644
---- a/lib/utils_wipe.c
-+++ b/lib/utils_wipe.c
-@@ -29,6 +29,7 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <sys/ioctl.h>
-+#include <sys/sysmacros.h>
- #include <fcntl.h>
-
- #include "libcryptsetup.h"
---
-2.7.4
-
diff --git a/sys-fs/cryptsetup/files/cryptsetup-1.7.3-libressl.patch b/sys-fs/cryptsetup/files/cryptsetup-1.7.3-libressl.patch
new file mode 100644
index 00000000..a7a708f
--- /dev/null
+++ b/sys-fs/cryptsetup/files/cryptsetup-1.7.3-libressl.patch
@@ -0,0 +1,12 @@
+diff -Naur cryptsetup-1.7.3.orig/lib/crypto_backend/crypto_openssl.c cryptsetup-1.7.3/lib/crypto_backend/crypto_openssl.c
+--- cryptsetup-1.7.3.orig/lib/crypto_backend/crypto_openssl.c 2016-10-28 01:58:10.000000000 -0700
++++ cryptsetup-1.7.3/lib/crypto_backend/crypto_openssl.c 2016-11-02 13:38:46.094483756 -0700
+@@ -73,7 +73,7 @@
+ /*
+ * Compatible wrappers for OpenSSL < 1.1.0
+ */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ static EVP_MD_CTX *EVP_MD_CTX_new(void)
+ {
+ EVP_MD_CTX *md = malloc(sizeof(*md));
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/files/, sys-fs/cryptsetup/
@ 2017-01-17 16:23 Lars Wendler
0 siblings, 0 replies; 9+ messages in thread
From: Lars Wendler @ 2017-01-17 16:23 UTC (permalink / raw
To: gentoo-commits
commit: 65964ae48569ad5b7f24a3b26f9571cc4967f89a
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 17 16:09:52 2017 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Tue Jan 17 16:23:38 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=65964ae4
sys-fs/cryptsetup: Removed old.
Package-Manager: Portage-2.3.3, Repoman-2.3.1
sys-fs/cryptsetup/Manifest | 2 -
sys-fs/cryptsetup/cryptsetup-1.6.5.ebuild | 124 ----------
sys-fs/cryptsetup/cryptsetup-1.6.8-r1.ebuild | 106 ---------
sys-fs/cryptsetup/files/1.0.6-dmcrypt.confd | 105 ---------
sys-fs/cryptsetup/files/1.5.1-dmcrypt.rc | 335 ---------------------------
5 files changed, 672 deletions(-)
diff --git a/sys-fs/cryptsetup/Manifest b/sys-fs/cryptsetup/Manifest
index a531e25..a2e8e8e 100644
--- a/sys-fs/cryptsetup/Manifest
+++ b/sys-fs/cryptsetup/Manifest
@@ -1,4 +1,2 @@
-DIST cryptsetup-1.6.5.tar.xz 1136892 SHA256 267973f20be43f9d685f7193aa23954b60768c74a1d330243114d4b8bc17ca9a SHA512 c77ac590d28954e7bd430d1069b820a288c4668857a7ced7f81546ea39676f2b536abbcda06f20440e31c205b7ada68bcfa5aab220b102a2b62198a788d9b65e WHIRLPOOL 74a597abbdcc1225bb811597e53737eab2348a328f3ba30e7eb519a0621b06e6c898e320db8e24a16decfd4706b6a2e68b06894dde91124e4c089e952dbff9c1
-DIST cryptsetup-1.6.8.tar.xz 1221232 SHA256 45a6ccd3c65b7d904e58e1cb3656a7e997190b6a05b5ff7c6887e4a41c5f19bc SHA512 db189a98da6329f4d4c2ae92dbdc08ccffdf6ae41c964186ebf48a612bf0aa9731653ef6b7549b5feee0043edfa171874c3609418499902e6339b48481c621d7 WHIRLPOOL 8873d14fc2a54d97ed7d065ad4a0c63b057d9085c2cfd99c0b97aba78d49566bd7c9b47e56033992ac1f3892369bebf2165aaccc6ca3f933c0c33c2e6ef8c1e4
DIST cryptsetup-1.7.2.tar.xz 1222688 SHA256 dbb35dbf5f0c1749168c86c913fe98e872247bfc8425314b494c2423e7e43342 SHA512 ff761bd0c5e9a7941fd27d55839804f2ce96145a45a9689d234954fc43c6172c913c59c83b37ef6cc5459ccecff63212c369077fdea70c14326372076eae7f86 WHIRLPOOL b78d91b449ea7ba325f05dc00b2005e8f6def91703cd982900682bc965eec0992a0cc21c4f44335c03dda885d4505bcf26d1bf58f991c9f60096927bcf582963
DIST cryptsetup-1.7.3.tar.xz 1228432 SHA256 af2b04e8475cf40b8d9ffd97a1acfa73aa787c890430afd89804fb544d6adc02 SHA512 616bac2ce272b8e9d1de6b71ba23f6260dfdb17e3969ff4950c3221fc9fa1b9a0a1081327d2806868045395a407452a8c8bcf4ce0faaf2bd2d51a7c9f844a767 WHIRLPOOL 82a70877abbe674cca9f97585cd54535a60191a019028907a7a7187964260f754020dc1351de48480944cb3701cb8d83a543d8ffd7c2594342d1e244d4026e3d
diff --git a/sys-fs/cryptsetup/cryptsetup-1.6.5.ebuild b/sys-fs/cryptsetup/cryptsetup-1.6.5.ebuild
deleted file mode 100644
index 339fb63..00000000
--- a/sys-fs/cryptsetup/cryptsetup-1.6.5.ebuild
+++ /dev/null
@@ -1,124 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-PYTHON_COMPAT=( python{2_7,3_4} )
-
-inherit autotools python-single-r1 linux-info libtool eutils versionator
-
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://code.google.com/p/cryptsetup/"
-SRC_URI="https://cryptsetup.googlecode.com/files/${P}.tar.xz"
-SRC_URI="mirror://kernel/linux/utils/${PN}/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 sh sparc x86"
-CRYPTO_BACKENDS="+gcrypt kernel nettle openssl"
-# we don't support nss since it doesn't allow cryptsetup to be built statically
-# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} nls pwquality python reencrypt static static-libs udev urandom"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- python? ( ${PYTHON_REQUIRED_USE} )
- static? ( !gcrypt )" #496612
-
-LIB_DEPEND="dev-libs/libgpg-error[static-libs(+)]
- dev-libs/popt[static-libs(+)]
- sys-apps/util-linux[static-libs(+)]
- gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
- openssl? ( dev-libs/openssl[static-libs(+)] )
- pwquality? ( dev-libs/libpwquality[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]
- udev? ( virtual/libudev[static-libs(+)] )"
-# We have to always depend on ${LIB_DEPEND} rather than put behind
-# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\(+\)\]}
- python? ( ${PYTHON_DEPS} )"
-DEPEND="${RDEPEND}
- virtual/pkgconfig
- static? ( ${LIB_DEPEND} )"
-
-pkg_setup() {
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC"
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
- check_extra_config
-
- use python && python-single-r1_pkg_setup
-}
-
-src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- epatch_user && eautoreconf
-}
-
-src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
- econf \
- --sbindir=/sbin \
- --enable-shared \
- $(use_enable static static-cryptsetup) \
- $(use_enable static-libs static) \
- $(use_enable nls) \
- $(use_enable pwquality) \
- $(use_enable python) \
- $(use_enable reencrypt cryptsetup-reencrypt) \
- $(use_enable udev) \
- $(use_enable !urandom dev-random) \
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/}; do use ${x} && echo ${x} ; done)
-}
-
-src_test() {
- if [[ ! -e /dev/mapper/control ]] ; then
- ewarn "No /dev/mapper/control found -- skipping tests"
- return 0
- fi
- local p
- for p in /dev/mapper /dev/loop* ; do
- addwrite ${p}
- done
- default
-}
-
-src_install() {
- default
- if use static ; then
- mv "${ED}"/sbin/cryptsetup{.static,} || die
- mv "${ED}"/sbin/veritysetup{.static,} || die
- use reencrypt && { mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die ; }
- fi
- prune_libtool_files --modules
-
- newconfd "${FILESDIR}"/1.0.6-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/1.5.1-dmcrypt.rc dmcrypt
-}
-
-pkg_postinst() {
- if [[ -z ${REPLACING_VERSIONS} ]] ; then
- elog "Please see the example for configuring a LUKS mountpoint"
- elog "in /etc/conf.d/dmcrypt"
- elog
- elog "If you are using baselayout-2 then please do:"
- elog "rc-update add dmcrypt boot"
- elog "This version introduces a command line arguement 'key_timeout'."
- elog "If you want the search for the removable key device to timeout"
- elog "after 10 seconds add the following to your bootloader config:"
- elog "key_timeout=10"
- elog "A timeout of 0 will mean it will wait indefinitely."
- elog
- elog "Users using cryptsetup-1.0.x (dm-crypt plain) volumes must use"
- elog "a compatibility mode when using cryptsetup-1.1.x. This can be"
- elog "done by specifying the cipher (-c), key size (-s) and hash (-h)."
- elog "For more info, see https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions#8-issues-with-specific-versions-of-cryptsetup"
- fi
-}
diff --git a/sys-fs/cryptsetup/cryptsetup-1.6.8-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-1.6.8-r1.ebuild
deleted file mode 100644
index e264629..00000000
--- a/sys-fs/cryptsetup/cryptsetup-1.6.8-r1.ebuild
+++ /dev/null
@@ -1,106 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-PYTHON_COMPAT=( python{2_7,3_4} )
-
-inherit autotools python-single-r1 linux-info libtool eutils versionator
-
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
-SRC_URI="mirror://kernel/linux/utils/${PN}/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-CRYPTO_BACKENDS="+gcrypt kernel nettle openssl"
-# we don't support nss since it doesn't allow cryptsetup to be built statically
-# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} libressl nls pwquality python reencrypt static static-libs udev urandom"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- python? ( ${PYTHON_REQUIRED_USE} )
- static? ( !gcrypt )" #496612
-
-LIB_DEPEND="dev-libs/libgpg-error[static-libs(+)]
- dev-libs/popt[static-libs(+)]
- sys-apps/util-linux[static-libs(+)]
- gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
- openssl? (
- !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
- libressl? ( dev-libs/libressl:=[static-libs(+)] )
- )
- pwquality? ( dev-libs/libpwquality[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]
- udev? ( virtual/libudev[static-libs(+)] )"
-# We have to always depend on ${LIB_DEPEND} rather than put behind
-# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\(+\)\]}
- python? ( ${PYTHON_DEPS} )"
-DEPEND="${RDEPEND}
- virtual/pkgconfig
- static? ( ${LIB_DEPEND} )"
-
-pkg_setup() {
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC"
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
- check_extra_config
-
- use python && python-single-r1_pkg_setup
-}
-
-src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- epatch_user && eautoreconf
-}
-
-src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
- econf \
- --sbindir=/sbin \
- --enable-shared \
- $(use_enable static static-cryptsetup) \
- $(use_enable static-libs static) \
- $(use_enable nls) \
- $(use_enable pwquality) \
- $(use_enable python) \
- $(use_enable reencrypt cryptsetup-reencrypt) \
- $(use_enable udev) \
- $(use_enable !urandom dev-random) \
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
-}
-
-src_test() {
- if [[ ! -e /dev/mapper/control ]] ; then
- ewarn "No /dev/mapper/control found -- skipping tests"
- return 0
- fi
- local p
- for p in /dev/mapper /dev/loop* ; do
- addwrite ${p}
- done
- default
-}
-
-src_install() {
- default
- if use static ; then
- mv "${ED}"/sbin/cryptsetup{.static,} || die
- mv "${ED}"/sbin/veritysetup{.static,} || die
- use reencrypt && { mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die ; }
- fi
- prune_libtool_files --modules
-
- newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
-}
diff --git a/sys-fs/cryptsetup/files/1.0.6-dmcrypt.confd b/sys-fs/cryptsetup/files/1.0.6-dmcrypt.confd
deleted file mode 100644
index 0f6b554..00000000
--- a/sys-fs/cryptsetup/files/1.0.6-dmcrypt.confd
+++ /dev/null
@@ -1,105 +0,0 @@
-# /etc/conf.d/dmcrypt
-
-# For people who run dmcrypt on top of some other layer (like raid),
-# use rc_need to specify that requirement. See the runscript(8) man
-# page for more information.
-
-#--------------------
-# Instructions
-#--------------------
-
-# Note regarding the syntax of this file. This file is *almost* bash,
-# but each line is evaluated separately. Separate swaps/targets can be
-# specified. The init-script which reads this file assumes that a
-# swap= or target= line starts a new section, similar to lilo or grub
-# configuration.
-
-# Note when using gpg keys and /usr on a separate partition, you will
-# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly
-# and ensure that gpg has been compiled statically.
-# See http://bugs.gentoo.org/90482 for more information.
-
-# Note that the init-script which reads this file detects whether your
-# partition is LUKS or not. No mkfs is run unless you specify a makefs
-# option.
-
-# Global options:
-#----------------
-
-# Max number of checks to perform (1 per second)
-#dmcrypt_max_timeout=120
-
-# Arguments:
-#-----------
-# target=<name> == Mapping name for partition.
-# swap=<name> == Mapping name for swap partition.
-# source='<dev>' == Real device for partition.
-# Note: You can (and should) specify a tag like UUID
-# for blkid (see -t option). This is safer than using
-# the full path to the device.
-# key='</path/to/keyfile>[:<mode>]' == Fullpath from / or from inside removable media.
-# remdev='<dev>' == Device that will be assigned to removable media.
-# gpg_options='<opts>' == Default are --quiet --decrypt
-# options='<opts>' == cryptsetup, for LUKS you can only use --readonly
-# loop_file='<file>' == Loopback file.
-# Note: If you omit $source, then a free loopback will
-# be looked up automatically.
-# pre_mount='cmds' == commands to execute before mounting partition.
-# post_mount='cmds' == commands to execute after mounting partition.
-#-----------
-# Supported Modes
-# gpg == decrypt and pipe key into cryptsetup.
-# Note: new-line character must not be part of key.
-# Command to erase \n char: 'cat key | tr -d '\n' > cleanKey'
-
-#--------------------
-# dm-crypt examples
-#--------------------
-
-## swap
-# Swap partitions. These should come first so that no keys make their
-# way into unencrypted swap.
-# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
-# If no makefs is given then mkswap will be assumed
-#swap=crypt-swap
-#source='/dev/hda2'
-
-## /home with passphrase
-#target=crypt-home
-#source='/dev/hda5'
-
-## /home with regular keyfile
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey'
-
-## /home with gpg protected key
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey:gpg'
-
-## /home with regular keyfile on removable media(such as usb-stick)
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey'
-#remdev='/dev/sda1'
-
-##/home with gpg protected key on removable media(such as usb-stick)
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey:gpg'
-#remdev='/dev/sda1'
-
-##/tmp with regular keyfile
-#target=crypt-tmp
-#source='/dev/hda6'
-#key='/full/path/to/tmpkey'
-#pre_mount='/sbin/mkreiserfs -f -f ${dev}'
-#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'
-
-## Loopback file example
-#target='crypt-loop-home'
-#source='/dev/loop0'
-#loop_file='/mnt/crypt/home'
-
-# The file must be terminated by a newline. Or leave this comment last.
diff --git a/sys-fs/cryptsetup/files/1.5.1-dmcrypt.rc b/sys-fs/cryptsetup/files/1.5.1-dmcrypt.rc
deleted file mode 100644
index 4c62e66..00000000
--- a/sys-fs/cryptsetup/files/1.5.1-dmcrypt.rc
+++ /dev/null
@@ -1,335 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-depend() {
- before checkfs fsck
-
- if grep -qs ^swap= "${conf_file}" ; then
- before swap
- fi
-}
-
-# We support multiple dmcrypt instances based on $SVCNAME
-conf_file="/etc/conf.d/${SVCNAME}"
-
-# Get splash helpers if available.
-if [ -e /sbin/splash-functions.sh ] ; then
- . /sbin/splash-functions.sh
-fi
-
-# Setup mappings for an individual target/swap
-# Note: This relies on variables localized in the main body below.
-dm_crypt_execute() {
- local dev ret mode foo
-
- if [ -z "${target}" -a -z "${swap}" ] ; then
- return
- fi
-
- # Handle automatic look up of the source path.
- if [ -z "${source}" -a -n "${loop_file}" ] ; then
- source=$(losetup --show -f "${loop_file}")
- fi
- case ${source} in
- *=*)
- source=$(blkid -l -t "${source}" -o device)
- ;;
- esac
- if [ -z "${source}" ] || [ ! -e "${source}" ] ; then
- ewarn "source \"${source}\" for ${target} missing, skipping..."
- return
- fi
-
- if [ -n "${target}" ] ; then
- # let user set options, otherwise leave empty
- : ${options:=' '}
- elif [ -n "${swap}" ] ; then
- if cryptsetup isLuks ${source} 2>/dev/null ; then
- ewarn "The swap you have defined is a LUKS partition. Aborting crypt-swap setup."
- return
- fi
- target=${swap}
- # swap contents do not need to be preserved between boots, luks not required.
- # suspend2 users should have initramfs's init handling their swap partition either way.
- : ${options:='-c aes -h sha1 -d /dev/urandom'}
- : ${pre_mount:='mkswap ${dev}'}
- fi
-
- if [ -n "${loop_file}" ] ; then
- dev="/dev/mapper/${target}"
- ebegin " Setting up loop device ${source}"
- losetup ${source} ${loop_file}
- fi
-
- # cryptsetup:
- # open <device> <name> # <device> is $source
- # create <name> <device> # <name> is $target
- local arg1="create" arg2="${target}" arg3="${source}"
- if cryptsetup isLuks ${source} 2>/dev/null ; then
- arg1="open"
- arg2="${source}"
- arg3="${target}"
- fi
-
- # Older versions reported:
- # ${target} is active:
- # Newer versions report:
- # ${target} is active[ and is in use.]
- if cryptsetup status ${target} | egrep -q ' is active' ; then
- einfo "dm-crypt mapping ${target} is already configured"
- return
- fi
- splash svc_input_begin ${SVCNAME} >/dev/null 2>&1
-
- # Handle keys
- if [ -n "${key}" ] ; then
- read_abort() {
- # some colors
- local ans savetty resettty
- [ -z "${NORMAL}" ] && eval $(eval_ecolors)
- einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
- shift
- # This is ugly as s**t. But POSIX doesn't provide `read -t`, so
- # we end up having to implement our own crap with stty/etc...
- savetty=$(stty -g)
- resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
- trap 'eval "${resettty}"' EXIT HUP INT TERM
- stty -icanon
- [ "${1}" = -t ] && stty min 0 time "$(( $2 * 10 ))"
- ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
- eval "${resettty}"
- if [ -z "${ans}" ] ; then
- printf '\r'
- else
- echo
- fi
- case ${ans} in
- [yY]) return 0;;
- *) return 1;;
- esac
- }
-
- # Notes: sed not used to avoid case where /usr partition is encrypted.
- mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
- key=${key%:*}
- case "${mode}" in
- gpg|reg)
- # handle key on removable device
- if [ -n "${remdev}" ] ; then
- # temp directory to mount removable device
- local mntrem="${RC_SVCDIR}/dm-crypt-remdev.$$"
- if [ ! -d "${mntrem}" ] ; then
- if ! mkdir -p "${mntrem}" ; then
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: Unable to create temporary mount point '${mntrem}'"
- return
- fi
- fi
- i=0
- einfo "Please insert removable device for ${target}"
- while [ ${i} -lt ${dmcrypt_max_timeout:-120} ] ; do
- foo=""
- if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
- # keyfile exists?
- if [ ! -e "${mntrem}${key}" ] ; then
- umount -n "${mntrem}"
- rmdir "${mntrem}"
- einfo "Cannot find ${key} on removable media."
- read_abort "Abort" ${read_timeout:--t 1} && return
- else
- key="${mntrem}${key}"
- break
- fi
- else
- [ -e "${remdev}" ] \
- && foo="mount failed" \
- || foo="mount source not found"
- fi
- : $((i += 1))
- read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
- done
- else # keyfile ! on removable device
- if [ ! -e "${key}" ] ; then
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: keyfile ${key} does not exist."
- return
- fi
- fi
- ;;
- *)
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: mode ${mode} is invalid."
- return
- ;;
- esac
- else
- mode=none
- fi
- ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3}"
- if [ "${mode}" = "gpg" ] ; then
- : ${gpg_options:='-q -d'}
- # gpg available ?
- if command -v gpg >/dev/null ; then
- for i in 0 1 2 ; do
- # paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
- # save stdin stdout stderr "values"
- gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}
- ret=$?
- [ ${ret} -eq 0 ] && break
- done
- eend ${ret} "failure running cryptsetup"
- else
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: cannot find gpg application."
- einfo "You have to install app-crypt/gnupg first."
- einfo "If you have /usr on its own partition, try copying gpg to /bin ."
- fi
- else
- if [ "${mode}" = "reg" ] ; then
- cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}
- ret=$?
- eend ${ret} "failure running cryptsetup"
- else
- cryptsetup ${options} ${arg1} ${arg2} ${arg3}
- ret=$?
- eend ${ret} "failure running cryptsetup"
- fi
- fi
- if [ -d "${mntrem}" ] ; then
- umount -n ${mntrem} 2>/dev/null >/dev/null
- rmdir ${mntrem} 2>/dev/null >/dev/null
- fi
- splash svc_input_end ${SVCNAME} >/dev/null 2>&1
-
- if [ ${ret} -ne 0 ] ; then
- cryptfs_status=1
- else
- if [ -n "${pre_mount}" ] ; then
- dev="/dev/mapper/${target}"
- eval ebegin \"" pre_mount: ${pre_mount}"\"
- eval "${pre_mount}" > /dev/null
- ewend $? || cryptfs_status=1
- fi
- fi
-}
-
-# Lookup optional bootparams
-get_bootparam_val() {
- # We're given something like:
- # foo=bar=cow
- # Return the "bar=cow" part.
- case $1 in
- *\=*)
- local key=$(echo "$1" | cut -f1 -d=)
- echo "$1" | cut -c $(( ${#key} + 2 ))
- ;;
- esac
-}
-
-start() {
- local header=true cryptfs_status=0
- local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev
-
- local x
- for x in $(cat /proc/cmdline) ; do
- case "${x}" in
- key_timeout\=*)
- local KEY_TIMEOUT=$(get_bootparam_val "${x}")
- if [ ${KEY_TIMEOUT} -gt 0 ] ; then
- read_timeout="-t ${KEY_TIMEOUT}"
- fi
- ;;
- esac
- done
-
- while read targetline <&3 ; do
- case ${targetline} in
- # skip comments and blank lines
- ""|"#"*) continue ;;
- # skip service-specific openrc configs #377927
- rc_*) continue ;;
- esac
-
- ${header} && ebegin "Setting up dm-crypt mappings"
- header=false
-
- # check for the start of a new target/swap
- case ${targetline} in
- target=*|swap=*)
- # If we have a target queued up, then execute it
- dm_crypt_execute
-
- # Prepare for the next target/swap by resetting variables
- unset gpg_options key loop_file target options pre_mount post_mount source swap remdev
- ;;
-
- gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*)
- if [ -z "${target}${swap}" ] ; then
- ewarn "Ignoring setting outside target/swap section: ${targetline}"
- continue
- fi
- ;;
-
- dmcrypt_max_timeout=*)
- # ignore global options
- continue
- ;;
-
- *)
- ewarn "Skipping invalid line in ${conf_file}: ${targetline}"
- ;;
- esac
-
- # Queue this setting for the next call to dm_crypt_execute
- eval "${targetline}"
- done 3< ${conf_file}
-
- # If we have a target queued up, then execute it
- dm_crypt_execute
-
- ewend ${cryptfs_status} "Failed to setup dm-crypt devices"
-}
-
-stop() {
- local line header
-
- # Break down all mappings
- header=true
- egrep "^(target|swap)=" ${conf_file} | \
- while read line ; do
- ${header} && einfo "Removing dm-crypt mappings"
- header=false
-
- target= swap=
- eval ${line}
-
- [ -n "${swap}" ] && target=${swap}
- if [ -z "${target}" ] ; then
- ewarn "invalid line in ${conf_file}: ${line}"
- continue
- fi
-
- ebegin " ${target}"
- cryptsetup remove ${target}
- eend $?
- done
-
- # Break down loop devices
- header=true
- grep '^source=./dev/loop' ${conf_file} | \
- while read line ; do
- ${header} && einfo "Detaching dm-crypt loop devices"
- header=false
-
- source=
- eval ${line}
-
- ebegin " ${source}"
- losetup -d "${source}"
- eend $?
- done
-
- return 0
-}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/files/, sys-fs/cryptsetup/
@ 2017-05-03 8:49 Lars Wendler
0 siblings, 0 replies; 9+ messages in thread
From: Lars Wendler @ 2017-05-03 8:49 UTC (permalink / raw
To: gentoo-commits
commit: 242f614cf4c430d448300241d796dcbf3b9d6e46
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Wed May 3 08:43:14 2017 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Wed May 3 08:48:54 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=242f614c
sys-fs/cryptsetup: Removed old.
Package-Manager: Portage-2.3.5, Repoman-2.3.2
sys-fs/cryptsetup/Manifest | 1 -
sys-fs/cryptsetup/cryptsetup-1.7.3.ebuild | 126 ---------------------
.../files/cryptsetup-1.7.3-libressl.patch | 12 --
3 files changed, 139 deletions(-)
diff --git a/sys-fs/cryptsetup/Manifest b/sys-fs/cryptsetup/Manifest
index a6ee8fb1d96..9b6d098427b 100644
--- a/sys-fs/cryptsetup/Manifest
+++ b/sys-fs/cryptsetup/Manifest
@@ -1,4 +1,3 @@
DIST cryptsetup-1.7.2.tar.xz 1222688 SHA256 dbb35dbf5f0c1749168c86c913fe98e872247bfc8425314b494c2423e7e43342 SHA512 ff761bd0c5e9a7941fd27d55839804f2ce96145a45a9689d234954fc43c6172c913c59c83b37ef6cc5459ccecff63212c369077fdea70c14326372076eae7f86 WHIRLPOOL b78d91b449ea7ba325f05dc00b2005e8f6def91703cd982900682bc965eec0992a0cc21c4f44335c03dda885d4505bcf26d1bf58f991c9f60096927bcf582963
-DIST cryptsetup-1.7.3.tar.xz 1228432 SHA256 af2b04e8475cf40b8d9ffd97a1acfa73aa787c890430afd89804fb544d6adc02 SHA512 616bac2ce272b8e9d1de6b71ba23f6260dfdb17e3969ff4950c3221fc9fa1b9a0a1081327d2806868045395a407452a8c8bcf4ce0faaf2bd2d51a7c9f844a767 WHIRLPOOL 82a70877abbe674cca9f97585cd54535a60191a019028907a7a7187964260f754020dc1351de48480944cb3701cb8d83a543d8ffd7c2594342d1e244d4026e3d
DIST cryptsetup-1.7.4.tar.xz 1232068 SHA256 7ccf893ef79a38fb92d61f03c17b964982119f5319cdaa85a1335b8558cca016 SHA512 c5f58227b38dcc2e2858c4bbcb641acead3b6bcdad0d8d76e5f46936669e4aff4dbc20a2980040341320d35d39f029725a9f20607753cad44f64ac0443b64b71 WHIRLPOOL f00d0e529a5d34460733e8110584266b42011055d81d94b0ae8d47a1f11f1639c4b658a55415241e72c431c615d896a94ae444a518a0b56f971b888a5ab7cc09
DIST cryptsetup-1.7.5.tar.xz 1232696 SHA256 2b30cd1d0dd606a53ac77b406e1d37798d4b0762fa89de6ea546201906a251bd SHA512 d473f7b06d705a3868a70f3767fafc664436b5897ba59025ea1268f815cb80a9076841ff9ff96cc130fb83ba18b03c1eee38cfaf1b471fdd883a3e126b771439 WHIRLPOOL cd2fe15a08f3202c89055e334a3c56fcb60a19bda8135c7d833f384e9beb7fcd6f31fbbd4ac29572f46199f05bd6055b89b3d6733828354d9c985b3e55da4e14
diff --git a/sys-fs/cryptsetup/cryptsetup-1.7.3.ebuild b/sys-fs/cryptsetup/cryptsetup-1.7.3.ebuild
deleted file mode 100644
index 9182d5a5ffa..00000000000
--- a/sys-fs/cryptsetup/cryptsetup-1.7.3.ebuild
+++ /dev/null
@@ -1,126 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-
-DISTUTILS_OPTIONAL=1
-PYTHON_COMPAT=( python{2_7,3_4,3_5} )
-
-inherit autotools distutils-r1 linux-info libtool eutils versionator
-
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
-SRC_URI="mirror://kernel/linux/utils/${PN}/v$(get_version_component_range 1-2)/${P}.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
-CRYPTO_BACKENDS="+gcrypt kernel nettle openssl"
-# we don't support nss since it doesn't allow cryptsetup to be built statically
-# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} libressl nls pwquality python reencrypt static static-libs udev urandom"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- python? ( ${PYTHON_REQUIRED_USE} )
- static? ( !gcrypt )" #496612
-
-LIB_DEPEND="dev-libs/libgpg-error[static-libs(+)]
- dev-libs/popt[static-libs(+)]
- sys-apps/util-linux[static-libs(+)]
- gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
- openssl? (
- !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
- libressl? ( dev-libs/libressl:=[static-libs(+)] )
- )
- pwquality? ( dev-libs/libpwquality[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]
- udev? ( virtual/libudev[static-libs(+)] )"
-# We have to always depend on ${LIB_DEPEND} rather than put behind
-# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\(+\)\]}
- python? ( ${PYTHON_DEPS} )"
-DEPEND="${RDEPEND}
- virtual/pkgconfig
- static? ( ${LIB_DEPEND} )"
-
-PATCHES=( "${FILESDIR}"/${P}-libressl.patch )
-
-pkg_setup() {
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
- check_extra_config
-}
-
-src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- epatch "${PATCHES[@]}"
- epatch_user && eautoreconf
-
- if use python ; then
- cd python
- cp "${FILESDIR}"/setup-1.7.0.py setup.py || die
- distutils-r1_src_prepare
- fi
-}
-
-src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
- # We disable autotool python integration so we can use eclasses
- # for proper integration with multiple python versions.
- econf \
- --sbindir=/sbin \
- --enable-shared \
- --disable-python \
- $(use_enable static static-cryptsetup) \
- $(use_enable static-libs static) \
- $(use_enable nls) \
- $(use_enable pwquality) \
- $(use_enable reencrypt cryptsetup-reencrypt) \
- $(use_enable udev) \
- $(use_enable !urandom dev-random) \
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
-
- use python && cd python && distutils-r1_src_configure
-}
-
-src_compile() {
- default
- use python && cd python && distutils-r1_src_compile
-}
-
-src_test() {
- if [[ ! -e /dev/mapper/control ]] ; then
- ewarn "No /dev/mapper/control found -- skipping tests"
- return 0
- fi
- local p
- for p in /dev/mapper /dev/loop* ; do
- addwrite ${p}
- done
- default
-}
-
-src_install() {
- default
- if use static ; then
- mv "${ED}"/sbin/cryptsetup{.static,} || die
- mv "${ED}"/sbin/veritysetup{.static,} || die
- use reencrypt && { mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die ; }
- fi
- prune_libtool_files --modules
-
- newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
-
- use python && cd python && distutils-r1_src_install
-}
diff --git a/sys-fs/cryptsetup/files/cryptsetup-1.7.3-libressl.patch b/sys-fs/cryptsetup/files/cryptsetup-1.7.3-libressl.patch
deleted file mode 100644
index a7a708f427a..00000000000
--- a/sys-fs/cryptsetup/files/cryptsetup-1.7.3-libressl.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -Naur cryptsetup-1.7.3.orig/lib/crypto_backend/crypto_openssl.c cryptsetup-1.7.3/lib/crypto_backend/crypto_openssl.c
---- cryptsetup-1.7.3.orig/lib/crypto_backend/crypto_openssl.c 2016-10-28 01:58:10.000000000 -0700
-+++ cryptsetup-1.7.3/lib/crypto_backend/crypto_openssl.c 2016-11-02 13:38:46.094483756 -0700
-@@ -73,7 +73,7 @@
- /*
- * Compatible wrappers for OpenSSL < 1.1.0
- */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
- static EVP_MD_CTX *EVP_MD_CTX_new(void)
- {
- EVP_MD_CTX *md = malloc(sizeof(*md));
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/files/, sys-fs/cryptsetup/
@ 2017-12-17 15:48 Lars Wendler
0 siblings, 0 replies; 9+ messages in thread
From: Lars Wendler @ 2017-12-17 15:48 UTC (permalink / raw
To: gentoo-commits
commit: fd2ec76281f46103082801ea0e485388a798f931
Author: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Sun Dec 17 15:46:42 2017 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Sun Dec 17 15:48:31 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd2ec762
sys-fs/cryptsetup: Fixed build with USE="static".
Closes: https://bugs.gentoo.org/641226
Package-Manager: Portage-2.3.19, Repoman-2.3.6
sys-fs/cryptsetup/cryptsetup-2.0.0-r1.ebuild | 6 +++--
.../files/cryptsetup-2.0.0-pwquality_static.patch | 27 ++++++++++++++++++++++
2 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/sys-fs/cryptsetup/cryptsetup-2.0.0-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.0.0-r1.ebuild
index eee71164cf0..66f994df07b 100644
--- a/sys-fs/cryptsetup/cryptsetup-2.0.0-r1.ebuild
+++ b/sys-fs/cryptsetup/cryptsetup-2.0.0-r1.ebuild
@@ -27,7 +27,7 @@ LIB_DEPEND="
dev-libs/json-c[static-libs(+)]
dev-libs/libgpg-error[static-libs(+)]
dev-libs/popt[static-libs(+)]
- sys-apps/util-linux[static-libs(+)]
+ >=sys-apps/util-linux-2.31-r1[static-libs(+)]
argon2? ( app-crypt/argon2[static-libs(+)] )
gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
@@ -50,7 +50,9 @@ DEPEND="${RDEPEND}
S="${WORKDIR}/${P/_/-}"
-#PATCHES=( )
+PATCHES=(
+ "${FILESDIR}/${P}-pwquality_static.patch" #641226
+)
pkg_setup() {
local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
diff --git a/sys-fs/cryptsetup/files/cryptsetup-2.0.0-pwquality_static.patch b/sys-fs/cryptsetup/files/cryptsetup-2.0.0-pwquality_static.patch
new file mode 100644
index 00000000000..56a2d45cb42
--- /dev/null
+++ b/sys-fs/cryptsetup/files/cryptsetup-2.0.0-pwquality_static.patch
@@ -0,0 +1,27 @@
+From 7c9312607c5b0923447175480d696b34f47f0e03 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Sun, 17 Dec 2017 15:20:49 +0100
+Subject: [PATCH] Fix cryptsetup-reencrypt static build if pwquality is enabled.
+
+In static build we need to link also to pwquality.
+
+Fixes Issue#357.
+---
+ src/Makemodule.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/Makemodule.am b/src/Makemodule.am
+index 55a388d..b6889eb 100644
+--- a/src/Makemodule.am
++++ b/src/Makemodule.am
+@@ -112,6 +112,7 @@ cryptsetup_reencrypt_static_LDFLAGS = $(AM_LDFLAGS) -all-static
+ cryptsetup_reencrypt_static_LDADD = \
+ $(cryptsetup_reencrypt_LDADD) \
+ @CRYPTO_STATIC_LIBS@ \
++ @PWQUALITY_STATIC_LIBS@ \
+ @DEVMAPPER_STATIC_LIBS@
+ endif
+ endif
+--
+libgit2 0.26.0
+
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/files/, sys-fs/cryptsetup/
@ 2018-08-13 6:42 Lars Wendler
0 siblings, 0 replies; 9+ messages in thread
From: Lars Wendler @ 2018-08-13 6:42 UTC (permalink / raw
To: gentoo-commits
commit: c9a0919b1961fa26f838d2fb69fb21247f5201f3
Author: Conrad Kostecki <conrad <AT> kostecki <DOT> com>
AuthorDate: Sun Aug 12 15:33:56 2018 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Aug 13 06:42:33 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c9a0919b
sys-fs/cryptsetup: fix static pwquality build
Closes: https://bugs.gentoo.org/663450
Package-Manager: Portage-2.3.45, Repoman-2.3.10
Closes: https://github.com/gentoo/gentoo/pull/9547
sys-fs/cryptsetup/cryptsetup-2.0.4-r1.ebuild | 130 +++++++++++++++++++++
...yptsetup-2.0.4-fix-static-pwquality-build.patch | 18 +++
2 files changed, 148 insertions(+)
diff --git a/sys-fs/cryptsetup/cryptsetup-2.0.4-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.0.4-r1.ebuild
new file mode 100644
index 00000000000..40bb64ed350
--- /dev/null
+++ b/sys-fs/cryptsetup/cryptsetup-2.0.4-r1.ebuild
@@ -0,0 +1,130 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_{4,5,6,7}} )
+
+inherit autotools python-single-r1 linux-info libtool eapi7-ver
+
+DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
+HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
+SRC_URI="mirror://kernel/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
+
+LICENSE="GPL-2+"
+SLOT="0/12" # libcryptsetup.so version
+[[ ${PV} != *_rc* ]] && \
+KEYWORDS="~amd64 ~arm64 ~mips ~s390 ~sh ~sparc ~x86"
+CRYPTO_BACKENDS="+gcrypt kernel nettle openssl"
+# we don't support nss since it doesn't allow cryptsetup to be built statically
+# and it's missing ripemd160 support so it can't provide full backward compatibility
+IUSE="${CRYPTO_BACKENDS} +argon2 libressl nls pwquality python reencrypt static static-libs +udev urandom"
+REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
+ python? ( ${PYTHON_REQUIRED_USE} )
+ static? ( !gcrypt )" #496612
+
+LIB_DEPEND="
+ dev-libs/json-c:=[static-libs(+)]
+ dev-libs/libgpg-error[static-libs(+)]
+ dev-libs/popt[static-libs(+)]
+ >=sys-apps/util-linux-2.31-r1[static-libs(+)]
+ argon2? ( app-crypt/argon2:=[static-libs(+)] )
+ gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
+ nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
+ openssl? (
+ !libressl? ( dev-libs/openssl:0=[static-libs(+)] )
+ libressl? ( dev-libs/libressl:=[static-libs(+)] )
+ )
+ pwquality? ( dev-libs/libpwquality[static-libs(+)] )
+ sys-fs/lvm2[static-libs(+)]
+ udev? ( virtual/libudev[static-libs(+)] )"
+# We have to always depend on ${LIB_DEPEND} rather than put behind
+# !static? () because we provide a shared library which links against
+# these other packages. #414665
+RDEPEND="static-libs? ( ${LIB_DEPEND} )
+ ${LIB_DEPEND//\[static-libs\(+\)\]}
+ python? ( ${PYTHON_DEPS} )"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig
+ static? ( ${LIB_DEPEND} )"
+
+S="${WORKDIR}/${P/_/-}"
+
+PATCHES=( "${FILESDIR}"/${P}-fix-static-pwquality-build.patch )
+
+pkg_setup() {
+ local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
+ local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
+ local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
+ local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
+ local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
+ check_extra_config
+}
+
+src_prepare() {
+ sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
+ default
+ eautoreconf
+}
+
+src_configure() {
+ if use kernel ; then
+ ewarn "Note that kernel backend is very slow for this type of operation"
+ ewarn "and is provided mainly for embedded systems wanting to avoid"
+ ewarn "userspace crypto libraries."
+ fi
+
+ use python && python_setup
+
+ # We disable autotool python integration so we can use eclasses
+ # for proper integration with multiple python versions.
+ local myeconfargs=(
+ --disable-internal-argon2
+ --enable-shared
+ --sbindir=/sbin
+ # for later use
+ # --with-default-luks-format=LUKS2
+ --with-tmpfilesdir="${EPREFIX%/}/usr/lib/tmpfiles.d"
+ --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
+ $(use_enable argon2 libargon2)
+ $(use_enable nls)
+ $(use_enable pwquality)
+ $(use_enable python)
+ $(use_enable reencrypt cryptsetup-reencrypt)
+ $(use_enable static static-cryptsetup)
+ $(use_enable static-libs static)
+ $(use_enable udev)
+ $(use_enable !urandom dev-random)
+ )
+ econf "${myeconfargs[@]}"
+}
+
+src_test() {
+ if [[ ! -e /dev/mapper/control ]] ; then
+ ewarn "No /dev/mapper/control found -- skipping tests"
+ return 0
+ fi
+
+ local p
+ for p in /dev/mapper /dev/loop* ; do
+ addwrite ${p}
+ done
+
+ default
+}
+
+src_install() {
+ default
+
+ if use static ; then
+ mv "${ED%}"/sbin/cryptsetup{.static,} || die
+ mv "${ED%}"/sbin/veritysetup{.static,} || die
+ use reencrypt && { mv "${ED%}"/sbin/cryptsetup-reencrypt{.static,} || die ; }
+ fi
+ find "${ED}" -name "*.la" -delete || die
+
+ dodoc docs/v*ReleaseNotes
+
+ newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt
+ newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
+}
diff --git a/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch b/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch
new file mode 100644
index 00000000000..39524ec3114
--- /dev/null
+++ b/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch
@@ -0,0 +1,18 @@
+--- a/src/Makemodule.am 2018-07-31 14:32:46.000000000 +0200
++++ b/src/Makemodule.am 2018-08-12 17:13:26.000000000 +0200
+@@ -64,6 +64,7 @@
+ $(veritysetup_LDADD) \
+ @CRYPTO_STATIC_LIBS@ \
+ @DEVMAPPER_STATIC_LIBS@ \
++ @PWQUALITY_STATIC_LIBS@ \
+ @UUID_LIBS@
+ endif
+ endif
+@@ -93,6 +94,7 @@
+ $(integritysetup_LDADD) \
+ @CRYPTO_STATIC_LIBS@ \
+ @DEVMAPPER_STATIC_LIBS@ \
++ @PWQUALITY_STATIC_LIBS@ \
+ @UUID_LIBS@
+ endif
+ endif
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/files/, sys-fs/cryptsetup/
@ 2021-08-19 8:53 Lars Wendler
0 siblings, 0 replies; 9+ messages in thread
From: Lars Wendler @ 2021-08-19 8:53 UTC (permalink / raw
To: gentoo-commits
commit: 77c740c826fc56aaec0f352aab41ee187e63312e
Author: Karel Kočí <cynerd <AT> email <DOT> cz>
AuthorDate: Sat Aug 14 07:19:40 2021 +0000
Commit: Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Thu Aug 19 08:53:38 2021 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77c740c8
sys-fs/cryptsetup: wait for source to appear
Devices that are primarily hotplug are commonly initialized little bit
later when init is already started. This can be either because they
require module or because they are just slow to initialize or because
they are just last in the line. No matter the reason the expectation
that source is always immediately available to open does not apply.
Real live example is all time plugged in SD card on some embedded
devices serving as extension storage. It is removable and thus it is
highly desirable to encrypt it but it is initialized asynchronously thus
it is not available immediately after boot.
This adds new argument `wait`. It is in default set to 5 seconds. It can
be set to zero for devices that are not expected to be present during
the boot process (although such usage seems to me like a hack). Any
other device should be present and thus wait is skipped or it benefits
from wait.
Signed-off-by: Karel Kočí <cynerd <AT> email.cz>
Closes: https://github.com/gentoo/gentoo/pull/21987
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>
...-r1.ebuild => cryptsetup-2.4.0_rc1-r100.ebuild} | 4 +-
sys-fs/cryptsetup/files/2.4.0-dmcrypt.confd | 112 +++++++
sys-fs/cryptsetup/files/2.4.0-dmcrypt.rc | 350 +++++++++++++++++++++
3 files changed, 464 insertions(+), 2 deletions(-)
diff --git a/sys-fs/cryptsetup/cryptsetup-2.4.0_rc1-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.4.0_rc1-r100.ebuild
similarity index 97%
rename from sys-fs/cryptsetup/cryptsetup-2.4.0_rc1-r1.ebuild
rename to sys-fs/cryptsetup/cryptsetup-2.4.0_rc1-r100.ebuild
index 3e204ddad19..918f7598446 100644
--- a/sys-fs/cryptsetup/cryptsetup-2.4.0_rc1-r1.ebuild
+++ b/sys-fs/cryptsetup/cryptsetup-2.4.0_rc1-r100.ebuild
@@ -124,8 +124,8 @@ src_install() {
dodoc docs/v*ReleaseNotes
- newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
+ newconfd "${FILESDIR}"/2.4.0-dmcrypt.confd dmcrypt
+ newinitd "${FILESDIR}"/2.4.0-dmcrypt.rc dmcrypt
}
pkg_postinst() {
diff --git a/sys-fs/cryptsetup/files/2.4.0-dmcrypt.confd b/sys-fs/cryptsetup/files/2.4.0-dmcrypt.confd
new file mode 100644
index 00000000000..96c523e0f95
--- /dev/null
+++ b/sys-fs/cryptsetup/files/2.4.0-dmcrypt.confd
@@ -0,0 +1,112 @@
+# /etc/conf.d/dmcrypt
+
+# For people who run dmcrypt on top of some other layer (like raid),
+# use rc_need to specify that requirement. See the runscript(8) man
+# page for more information.
+
+#--------------------
+# Instructions
+#--------------------
+
+# Note regarding the syntax of this file. This file is *almost* bash,
+# but each line is evaluated separately. Separate swaps/targets can be
+# specified. The init-script which reads this file assumes that a
+# swap= or target= line starts a new section, similar to lilo or grub
+# configuration.
+
+# Note when using gpg keys and /usr on a separate partition, you will
+# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly
+# and ensure that gpg has been compiled statically.
+# See http://bugs.gentoo.org/90482 for more information.
+
+# Note that the init-script which reads this file detects whether your
+# partition is LUKS or not. No mkfs is run unless you specify a makefs
+# option.
+
+# Global options:
+#----------------
+
+# How long to wait for each timeout (in seconds).
+dmcrypt_key_timeout=1
+
+# Max number of checks to perform (see dmcrypt_key_timeout).
+#dmcrypt_max_timeout=300
+
+# Number of password retries.
+dmcrypt_retries=5
+
+# Arguments:
+#-----------
+# target=<name> == Mapping name for partition.
+# swap=<name> == Mapping name for swap partition.
+# source='<dev>' == Real device for partition.
+# Note: You can (and should) specify a tag like UUID
+# for blkid (see -t option). This is safer than using
+# the full path to the device.
+# key='</path/to/keyfile>[:<mode>]' == Fullpath from / or from inside removable media.
+# remdev='<dev>' == Device that will be assigned to removable media.
+# gpg_options='<opts>' == Default are --quiet --decrypt
+# options='<opts>' == cryptsetup, for LUKS you can only use --readonly
+# loop_file='<file>' == Loopback file.
+# Note: If you omit $source, then a free loopback will
+# be looked up automatically.
+# pre_mount='cmds' == commands to execute before mounting partition.
+# post_mount='cmds' == commands to execute after mounting partition.
+# wait=5 == wait given amount of seconds for source to appear
+#-----------
+# Supported Modes
+# gpg == decrypt and pipe key into cryptsetup.
+# Note: new-line character must not be part of key.
+# Command to erase \n char: 'cat key | tr -d '\n' > cleanKey'
+
+#--------------------
+# dm-crypt examples
+#--------------------
+
+## swap
+# Swap partitions. These should come first so that no keys make their
+# way into unencrypted swap.
+# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
+# If no makefs is given then mkswap will be assumed
+#swap=crypt-swap
+#source='/dev/hda2'
+
+## /home with passphrase
+#target=crypt-home
+#source='/dev/hda5'
+
+## /home with regular keyfile
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey'
+
+## /home with gpg protected key
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey:gpg'
+
+## /home with regular keyfile on removable media(such as usb-stick)
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey'
+#remdev='/dev/sda1'
+
+## /home with gpg protected key on removable media(such as usb-stick)
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey:gpg'
+#remdev='/dev/sda1'
+
+## /tmp with regular keyfile
+#target=crypt-tmp
+#source='/dev/hda6'
+#key='/full/path/to/tmpkey'
+#pre_mount='/sbin/mkreiserfs -f -f ${dev}'
+#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'
+
+## Loopback file example
+#target='crypt-loop-home'
+#source='/dev/loop0'
+#loop_file='/mnt/crypt/home'
+
+# The file must be terminated by a newline. Or leave this comment last.
diff --git a/sys-fs/cryptsetup/files/2.4.0-dmcrypt.rc b/sys-fs/cryptsetup/files/2.4.0-dmcrypt.rc
new file mode 100644
index 00000000000..10257650951
--- /dev/null
+++ b/sys-fs/cryptsetup/files/2.4.0-dmcrypt.rc
@@ -0,0 +1,350 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ use modules
+ before checkfs fsck
+
+ if grep -qs ^swap= "${conf_file}" ; then
+ before swap
+ fi
+}
+
+# We support multiple dmcrypt instances based on $SVCNAME
+conf_file="/etc/conf.d/${SVCNAME}"
+
+# Get splash helpers if available.
+if [ -e /sbin/splash-functions.sh ] ; then
+ . /sbin/splash-functions.sh
+fi
+
+# Setup mappings for an individual target/swap
+# Note: This relies on variables localized in the main body below.
+dm_crypt_execute() {
+ local dev ret mode foo source_dev
+
+ if [ -z "${target}" -a -z "${swap}" ] ; then
+ return
+ fi
+
+ # Set up default values.
+ : ${dmcrypt_key_timeout:=1}
+ : ${dmcrypt_max_timeout:=300}
+ : ${dmcrypt_retries:=5}
+ : ${wait:=5}
+
+ # Handle automatic look up of the source path.
+ if [ -z "${source}" -a -n "${loop_file}" ] ; then
+ source=$(losetup --show -f "${loop_file}")
+ fi
+ case ${source} in
+ *=*)
+ i=0
+ while [ ${i} -lt ${wait} ]; do
+ if source_dev="$(blkid -l -t "${source}" -o device)"; then
+ source="${source_dev}"
+ break
+ fi
+ : $((i += 1))
+ einfo "waiting for source \"${source}\" for ${target}..."
+ sleep 1
+ done
+ ;;
+ esac
+ if [ -z "${source}" ] || [ ! -e "${source}" ] ; then
+ ewarn "source \"${source}\" for ${target} missing, skipping..."
+ return
+ fi
+
+ if [ -n "${target}" ] ; then
+ # let user set options, otherwise leave empty
+ : ${options:=' '}
+ elif [ -n "${swap}" ] ; then
+ if cryptsetup isLuks ${source} 2>/dev/null ; then
+ ewarn "The swap you have defined is a LUKS partition. Aborting crypt-swap setup."
+ return
+ fi
+ target=${swap}
+ # swap contents do not need to be preserved between boots, luks not required.
+ # suspend2 users should have initramfs's init handling their swap partition either way.
+ : ${options:='-c aes -h sha1 -d /dev/urandom'}
+ : ${pre_mount:='mkswap ${dev}'}
+ fi
+
+ if [ -n "${loop_file}" ] ; then
+ dev="/dev/mapper/${target}"
+ ebegin " Setting up loop device ${source}"
+ losetup ${source} ${loop_file}
+ fi
+
+ # cryptsetup:
+ # open <device> <name> # <device> is $source
+ # create <name> <device> # <name> is $target
+ local arg1="create" arg2="${target}" arg3="${source}"
+ if cryptsetup isLuks ${source} 2>/dev/null ; then
+ arg1="open"
+ arg2="${source}"
+ arg3="${target}"
+ fi
+
+ # Older versions reported:
+ # ${target} is active:
+ # Newer versions report:
+ # ${target} is active[ and is in use.]
+ if cryptsetup status ${target} | egrep -q ' is active' ; then
+ einfo "dm-crypt mapping ${target} is already configured"
+ return
+ fi
+ splash svc_input_begin ${SVCNAME} >/dev/null 2>&1
+
+ # Handle keys
+ if [ -n "${key}" ] ; then
+ read_abort() {
+ # some colors
+ local ans savetty resettty
+ [ -z "${NORMAL}" ] && eval $(eval_ecolors)
+ einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
+ shift
+ # This is ugly as s**t. But POSIX doesn't provide `read -t`, so
+ # we end up having to implement our own crap with stty/etc...
+ savetty=$(stty -g)
+ resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
+ trap 'eval "${resettty}"' EXIT HUP INT TERM
+ stty -icanon
+ stty min 0 time "$(( $2 * 10 ))"
+ ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
+ eval "${resettty}"
+ if [ -z "${ans}" ] ; then
+ printf '\r'
+ else
+ echo
+ fi
+ case ${ans} in
+ [yY]) return 0;;
+ *) return 1;;
+ esac
+ }
+
+ # Notes: sed not used to avoid case where /usr partition is encrypted.
+ mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
+ key=${key%:*}
+ case "${mode}" in
+ gpg|reg)
+ # handle key on removable device
+ if [ -n "${remdev}" ] ; then
+ # temp directory to mount removable device
+ local mntrem="${RC_SVCDIR}/dm-crypt-remdev.$$"
+ if [ ! -d "${mntrem}" ] ; then
+ if ! mkdir -p "${mntrem}" ; then
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: Unable to create temporary mount point '${mntrem}'"
+ return
+ fi
+ fi
+ i=0
+ einfo "Please insert removable device for ${target}"
+ while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do
+ foo=""
+ if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
+ # keyfile exists?
+ if [ ! -e "${mntrem}${key}" ] ; then
+ umount -n "${mntrem}"
+ rmdir "${mntrem}"
+ einfo "Cannot find ${key} on removable media."
+ read_abort "Abort" ${dmcrypt_key_timeout} && return
+ else
+ key="${mntrem}${key}"
+ break
+ fi
+ else
+ [ -e "${remdev}" ] \
+ && foo="mount failed" \
+ || foo="mount source not found"
+ fi
+ : $((i += 1))
+ read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
+ done
+ else # keyfile ! on removable device
+ if [ ! -e "${key}" ] ; then
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: keyfile ${key} does not exist."
+ return
+ fi
+ fi
+ ;;
+ *)
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: mode ${mode} is invalid."
+ return
+ ;;
+ esac
+ else
+ mode=none
+ fi
+ ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3}"
+ if [ "${mode}" = "gpg" ] ; then
+ : ${gpg_options:='-q -d'}
+ # gpg available ?
+ if command -v gpg >/dev/null ; then
+ i=0
+ while [ ${i} -lt ${dmcrypt_retries} ] ; do
+ # paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
+ # save stdin stdout stderr "values"
+ timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \
+ cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}
+ ret=$?
+ # The timeout command exits 124 when it times out.
+ [ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
+ : $(( i += 1 ))
+ done
+ eend ${ret} "failure running cryptsetup"
+ else
+ ewarn "${source} will not be decrypted ..."
+ einfo "Reason: cannot find gpg application."
+ einfo "You have to install app-crypt/gnupg first."
+ einfo "If you have /usr on its own partition, try copying gpg to /bin ."
+ fi
+ else
+ if [ "${mode}" = "reg" ] ; then
+ cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}
+ ret=$?
+ eend ${ret} "failure running cryptsetup"
+ else
+ cryptsetup ${options} ${arg1} ${arg2} ${arg3}
+ ret=$?
+ eend ${ret} "failure running cryptsetup"
+ fi
+ fi
+ if [ -d "${mntrem}" ] ; then
+ umount -n ${mntrem} 2>/dev/null >/dev/null
+ rmdir ${mntrem} 2>/dev/null >/dev/null
+ fi
+ splash svc_input_end ${SVCNAME} >/dev/null 2>&1
+
+ if [ ${ret} -ne 0 ] ; then
+ cryptfs_status=1
+ else
+ if [ -n "${pre_mount}" ] ; then
+ dev="/dev/mapper/${target}"
+ eval ebegin \"" pre_mount: ${pre_mount}"\"
+ eval "${pre_mount}" > /dev/null
+ ewend $? || cryptfs_status=1
+ fi
+ fi
+}
+
+# Lookup optional bootparams
+get_bootparam_val() {
+ # We're given something like:
+ # foo=bar=cow
+ # Return the "bar=cow" part.
+ case $1 in
+ *=*)
+ echo "${1#*=}"
+ ;;
+ esac
+}
+
+start() {
+ local header=true cryptfs_status=0
+ local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev
+
+ local x
+ for x in $(cat /proc/cmdline) ; do
+ case "${x}" in
+ key_timeout=*)
+ dmcrypt_key_timeout=$(get_bootparam_val "${x}")
+ ;;
+ esac
+ done
+
+ while read targetline <&3 ; do
+ case ${targetline} in
+ # skip comments and blank lines
+ ""|"#"*) continue ;;
+ # skip service-specific openrc configs #377927
+ rc_*) continue ;;
+ esac
+
+ ${header} && ebegin "Setting up dm-crypt mappings"
+ header=false
+
+ # check for the start of a new target/swap
+ case ${targetline} in
+ target=*|swap=*)
+ # If we have a target queued up, then execute it
+ dm_crypt_execute
+
+ # Prepare for the next target/swap by resetting variables
+ unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait
+ ;;
+
+ gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|wait=*|source=*)
+ if [ -z "${target}${swap}" ] ; then
+ ewarn "Ignoring setting outside target/swap section: ${targetline}"
+ continue
+ fi
+ ;;
+
+ dmcrypt_*=*)
+ # ignore global options
+ continue
+ ;;
+
+ *)
+ ewarn "Skipping invalid line in ${conf_file}: ${targetline}"
+ ;;
+ esac
+
+ # Queue this setting for the next call to dm_crypt_execute
+ eval "${targetline}"
+ done 3< ${conf_file}
+
+ # If we have a target queued up, then execute it
+ dm_crypt_execute
+
+ ewend ${cryptfs_status} "Failed to setup dm-crypt devices"
+}
+
+stop() {
+ local line header
+
+ # Break down all mappings
+ header=true
+ egrep "^(target|swap)=" ${conf_file} | \
+ while read line ; do
+ ${header} && einfo "Removing dm-crypt mappings"
+ header=false
+
+ target= swap=
+ eval ${line}
+
+ [ -n "${swap}" ] && target=${swap}
+ if [ -z "${target}" ] ; then
+ ewarn "invalid line in ${conf_file}: ${line}"
+ continue
+ fi
+
+ ebegin " ${target}"
+ cryptsetup remove ${target}
+ eend $?
+ done
+
+ # Break down loop devices
+ header=true
+ grep '^source=./dev/loop' ${conf_file} | \
+ while read line ; do
+ ${header} && einfo "Detaching dm-crypt loop devices"
+ header=false
+
+ source=
+ eval ${line}
+
+ ebegin " ${source}"
+ losetup -d "${source}"
+ eend $?
+ done
+
+ return 0
+}
^ permalink raw reply related [flat|nested] 9+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/files/, sys-fs/cryptsetup/
@ 2022-02-07 20:27 Mike Gilbert
0 siblings, 0 replies; 9+ messages in thread
From: Mike Gilbert @ 2022-02-07 20:27 UTC (permalink / raw
To: gentoo-commits
commit: 46c5119fa073c4062f2950ae3b378821528bae5f
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 7 20:09:41 2022 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Feb 7 20:27:35 2022 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46c5119f
sys-fs/cryptsetup: drop 2.3.6-r2, 2.3.7, 2.4.1-r1, 2.4.2-r1
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
sys-fs/cryptsetup/Manifest | 4 -
sys-fs/cryptsetup/cryptsetup-2.3.6-r2.ebuild | 127 --------
sys-fs/cryptsetup/cryptsetup-2.3.7.ebuild | 127 --------
sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild | 141 ---------
sys-fs/cryptsetup/cryptsetup-2.4.2-r1.ebuild | 133 --------
sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd | 111 -------
sys-fs/cryptsetup/files/1.6.7-dmcrypt.rc | 339 ---------------------
...yptsetup-2.0.4-fix-static-pwquality-build.patch | 18 --
.../files/cryptsetup-2.4.1-external-tokens.patch | 34 ---
...yptsetup-2.4.1-fix-static-pwquality-build.patch | 225 --------------
10 files changed, 1259 deletions(-)
diff --git a/sys-fs/cryptsetup/Manifest b/sys-fs/cryptsetup/Manifest
index 106cf0b15950..05710fd70925 100644
--- a/sys-fs/cryptsetup/Manifest
+++ b/sys-fs/cryptsetup/Manifest
@@ -1,5 +1 @@
-DIST cryptsetup-2.3.6.tar.xz 11154148 BLAKE2B 23a7d6fdeed2b8fb0492e800266a263b12dcf2b8c4304bda82e46d2de90b6c05a97a40f0f6f9c337b3dc428d51689d76953de5cc4daed210967cf0ea0ff503d2 SHA512 5b25cc806140d24181a0e4f0e7b0bd3caa8263aa502e8633b41c980f06ecba2e6acbf9c2d9cc4a785d38ce90d86dd8d22c52b28b9ca4a15824c2e8bdb3656665
-DIST cryptsetup-2.3.7.tar.xz 11203500 BLAKE2B 34f39e8f17c0fb44a186345d58e3ff1632fc4bd0e570bb1935181d2dfd43bc34c300f96eb70efbddb85168e6c16886b6675db2c86482b7ff7dba64c168b5920c SHA512 d209225c6f195f54c513904b71637bdadd47f3efc6227c61c15434a1467ddb76fe14123683a3d5e943ffa203ef33611f51b7c67bc1aed67d019a6aa552ea15ab
-DIST cryptsetup-2.4.1.tar.xz 11171180 BLAKE2B 6b999a19df54276d295eb2f1729be2eefb5fb09cd29aae5f7c0b93c539b4b552f92327f2474e0f4793a3c7f8a264a4ef927178dabfc9ba56012bdf9949ef9ada SHA512 17fc73c180e41acbd4ebeddebaf54f8baeef09fce7f154aa9c55936a58bda7adcc7b1bb257336c22295d7b5af426fc8dfd0e4e644e4a52098bcb8a2adb562ca7
-DIST cryptsetup-2.4.2.tar.xz 11173984 BLAKE2B 33a26ac2f38750171c74cdd827317cd4bba193a6b60cc7250dc52a5117c0feb1d2fca6b52b5ae7926725d77dc6c1ab9d13e85a1c59606e80003294b90578781d SHA512 9464f180f24dffa4566450041fc88c372baa3334c62724487ccee230c16e87572439dc604766d94144cc1fc13802a4322b378185eca0cc848892821653566848
DIST cryptsetup-2.4.3.tar.xz 11242152 BLAKE2B f5859d794d626cb19426a2c9afc4655fac3a1bae462daa42b37b925882804d5146aadff8733799dea89dcfdc311e628e5b806754495824705709ba105f91682f SHA512 2d52498497be37a837126d9cdc9b6331236eccf857c3482fe3347eb88fccc3cd0fd3d8b4490569603e18cfaa462431ae194bce0328f3eafa8bfe3e02e135a26e
diff --git a/sys-fs/cryptsetup/cryptsetup-2.3.6-r2.ebuild b/sys-fs/cryptsetup/cryptsetup-2.3.6-r2.ebuild
deleted file mode 100644
index 205ef838d9bd..000000000000
--- a/sys-fs/cryptsetup/cryptsetup-2.3.6-r2.ebuild
+++ /dev/null
@@ -1,127 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools linux-info tmpfiles
-
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
-SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0/12" # libcryptsetup.so version
-[[ ${PV} != *_rc* ]] && \
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
-# we don't support nss since it doesn't allow cryptsetup to be built statically
-# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt static static-libs +udev urandom"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- static? ( !gcrypt !udev )" #496612
-
-LIB_DEPEND="
- dev-libs/json-c:=[static-libs(+)]
- dev-libs/libgpg-error[static-libs(+)]
- dev-libs/popt[static-libs(+)]
- >=sys-apps/util-linux-2.31-r1[static-libs(+)]
- argon2? ( app-crypt/argon2:=[static-libs(+)] )
- gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
- openssl? ( dev-libs/openssl:0=[static-libs(+)] )
- pwquality? ( dev-libs/libpwquality[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]"
-# We have to always depend on ${LIB_DEPEND} rather than put behind
-# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\([+-]\)\]}
- udev? ( virtual/libudev:= )"
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )"
-BDEPEND="
- virtual/pkgconfig
-"
-
-S="${WORKDIR}/${P/_/-}"
-
-PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch )
-
-pkg_setup() {
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
- check_extra_config
-}
-
-src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- default
- eautoreconf
-}
-
-src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
- local myeconfargs=(
- --disable-internal-argon2
- --enable-shared
- --sbindir=/sbin
- # for later use
- --with-default-luks-format=LUKS2
- --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d"
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
- $(use_enable argon2 libargon2)
- $(use_enable nls)
- $(use_enable pwquality)
- $(use_enable reencrypt cryptsetup-reencrypt)
- $(use_enable static static-cryptsetup)
- $(use_enable static-libs static)
- $(use_enable udev)
- $(use_enable !urandom dev-random)
- $(usex argon2 '' '--with-luks2-pbkdf=pbkdf2')
- )
- econf "${myeconfargs[@]}"
-}
-
-src_test() {
- if [[ ! -e /dev/mapper/control ]] ; then
- ewarn "No /dev/mapper/control found -- skipping tests"
- return 0
- fi
-
- local p
- for p in /dev/mapper /dev/loop* ; do
- addwrite ${p}
- done
-
- default
-}
-
-src_install() {
- default
-
- if use static ; then
- mv "${ED}"/sbin/cryptsetup{.static,} || die
- mv "${ED}"/sbin/veritysetup{.static,} || die
- if use reencrypt ; then
- mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die
- fi
- fi
- find "${ED}" -type f -name "*.la" -delete || die
-
- dodoc docs/v*ReleaseNotes
-
- newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
-}
-
-pkg_postinst() {
- tmpfiles_process cryptsetup.conf
-}
diff --git a/sys-fs/cryptsetup/cryptsetup-2.3.7.ebuild b/sys-fs/cryptsetup/cryptsetup-2.3.7.ebuild
deleted file mode 100644
index f6ad133f9546..000000000000
--- a/sys-fs/cryptsetup/cryptsetup-2.3.7.ebuild
+++ /dev/null
@@ -1,127 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools linux-info tmpfiles
-
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
-SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0/12" # libcryptsetup.so version
-[[ ${PV} != *_rc* ]] && \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
-# we don't support nss since it doesn't allow cryptsetup to be built statically
-# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt static static-libs +udev urandom"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- static? ( !gcrypt !udev )" #496612
-
-LIB_DEPEND="
- dev-libs/json-c:=[static-libs(+)]
- dev-libs/libgpg-error[static-libs(+)]
- dev-libs/popt[static-libs(+)]
- >=sys-apps/util-linux-2.31-r1[static-libs(+)]
- argon2? ( app-crypt/argon2:=[static-libs(+)] )
- gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
- openssl? ( dev-libs/openssl:0=[static-libs(+)] )
- pwquality? ( dev-libs/libpwquality[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]"
-# We have to always depend on ${LIB_DEPEND} rather than put behind
-# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\([+-]\)\]}
- udev? ( virtual/libudev:= )"
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )"
-BDEPEND="
- virtual/pkgconfig
-"
-
-S="${WORKDIR}/${P/_/-}"
-
-PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch )
-
-pkg_setup() {
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
- check_extra_config
-}
-
-src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- default
- eautoreconf
-}
-
-src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
- local myeconfargs=(
- --disable-internal-argon2
- --enable-shared
- --sbindir=/sbin
- # for later use
- --with-default-luks-format=LUKS2
- --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d"
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
- $(use_enable argon2 libargon2)
- $(use_enable nls)
- $(use_enable pwquality)
- $(use_enable reencrypt cryptsetup-reencrypt)
- $(use_enable static static-cryptsetup)
- $(use_enable static-libs static)
- $(use_enable udev)
- $(use_enable !urandom dev-random)
- $(usex argon2 '' '--with-luks2-pbkdf=pbkdf2')
- )
- econf "${myeconfargs[@]}"
-}
-
-src_test() {
- if [[ ! -e /dev/mapper/control ]] ; then
- ewarn "No /dev/mapper/control found -- skipping tests"
- return 0
- fi
-
- local p
- for p in /dev/mapper /dev/loop* ; do
- addwrite ${p}
- done
-
- default
-}
-
-src_install() {
- default
-
- if use static ; then
- mv "${ED}"/sbin/cryptsetup{.static,} || die
- mv "${ED}"/sbin/veritysetup{.static,} || die
- if use reencrypt ; then
- mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die
- fi
- fi
- find "${ED}" -type f -name "*.la" -delete || die
-
- dodoc docs/v*ReleaseNotes
-
- newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
-}
-
-pkg_postinst() {
- tmpfiles_process cryptsetup.conf
-}
diff --git a/sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild
deleted file mode 100644
index 928f589b9606..000000000000
--- a/sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild
+++ /dev/null
@@ -1,141 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools linux-info tmpfiles
-
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
-SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0/12" # libcryptsetup.so version
-[[ ${PV} != *_rc* ]] && \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
-# we don't support nss since it doesn't allow cryptsetup to be built statically
-# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt ssh static static-libs +udev urandom"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- static? ( !gcrypt !udev )" #496612
-
-LIB_DEPEND="
- dev-libs/json-c:=[static-libs(+)]
- dev-libs/popt[static-libs(+)]
- >=sys-apps/util-linux-2.31-r1[static-libs(+)]
- argon2? ( app-crypt/argon2:=[static-libs(+)] )
- gcrypt? (
- dev-libs/libgcrypt:0=[static-libs(+)]
- dev-libs/libgpg-error[static-libs(+)]
- )
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
- openssl? ( dev-libs/openssl:0=[static-libs(+)] )
- pwquality? ( dev-libs/libpwquality[static-libs(+)] )
- ssh? ( net-libs/libssh[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]"
-# We have to always depend on ${LIB_DEPEND} rather than put behind
-# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\([+-]\)\]}
- udev? ( virtual/libudev:= )"
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )"
-BDEPEND="
- virtual/pkgconfig
-"
-
-S="${WORKDIR}/${P/_/-}"
-
-PATCHES=(
- "${FILESDIR}"/cryptsetup-2.4.1-external-tokens.patch
-
- # Remove autotools/eautoreconf when this patch is dropped.
- "${FILESDIR}"/cryptsetup-2.4.1-fix-static-pwquality-build.patch
-)
-
-pkg_setup() {
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
- check_extra_config
-}
-
-src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- default
- eautoreconf
-}
-
-src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
- local myeconfargs=(
- --disable-internal-argon2
- --enable-shared
- --sbindir=/sbin
- # for later use
- --with-default-luks-format=LUKS2
- --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d"
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
- $(use_enable argon2 libargon2)
- $(use_enable nls)
- $(use_enable pwquality)
- $(use_enable reencrypt cryptsetup-reencrypt)
- $(use_enable !static external-tokens)
- $(use_enable static static-cryptsetup)
- $(use_enable static-libs static)
- $(use_enable udev)
- $(use_enable !urandom dev-random)
- $(use_enable ssh ssh-token)
- $(usex argon2 '' '--with-luks2-pbkdf=pbkdf2')
- )
- econf "${myeconfargs[@]}"
-}
-
-src_test() {
- if [[ ! -e /dev/mapper/control ]] ; then
- ewarn "No /dev/mapper/control found -- skipping tests"
- return 0
- fi
-
- local p
- for p in /dev/mapper /dev/loop* ; do
- addwrite ${p}
- done
-
- default
-}
-
-src_install() {
- default
-
- if use static ; then
- mv "${ED}"/sbin/cryptsetup{.static,} || die
- mv "${ED}"/sbin/veritysetup{.static,} || die
- mv "${ED}"/sbin/integritysetup{.static,} || die
- if use ssh ; then
- mv "${ED}"/sbin/cryptsetup-ssh{.static,} || die
- fi
- if use reencrypt ; then
- mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die
- fi
- fi
- find "${ED}" -type f -name "*.la" -delete || die
-
- dodoc docs/v*ReleaseNotes
-
- newconfd "${FILESDIR}"/2.4.0-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/2.4.0-dmcrypt.rc dmcrypt
-}
-
-pkg_postinst() {
- tmpfiles_process cryptsetup.conf
-}
diff --git a/sys-fs/cryptsetup/cryptsetup-2.4.2-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.4.2-r1.ebuild
deleted file mode 100644
index 9bfa24d56c8d..000000000000
--- a/sys-fs/cryptsetup/cryptsetup-2.4.2-r1.ebuild
+++ /dev/null
@@ -1,133 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit linux-info tmpfiles
-
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
-SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
-
-LICENSE="GPL-2+"
-SLOT="0/12" # libcryptsetup.so version
-[[ ${PV} != *_rc* ]] && \
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
-# we don't support nss since it doesn't allow cryptsetup to be built statically
-# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt ssh static static-libs +udev urandom"
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- static? ( !gcrypt !udev )" #496612
-
-LIB_DEPEND="
- dev-libs/json-c:=[static-libs(+)]
- dev-libs/popt[static-libs(+)]
- >=sys-apps/util-linux-2.31-r1[static-libs(+)]
- argon2? ( app-crypt/argon2:=[static-libs(+)] )
- gcrypt? (
- dev-libs/libgcrypt:0=[static-libs(+)]
- dev-libs/libgpg-error[static-libs(+)]
- )
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
- openssl? ( dev-libs/openssl:0=[static-libs(+)] )
- pwquality? ( dev-libs/libpwquality[static-libs(+)] )
- ssh? ( net-libs/libssh[static-libs(+)] )
- sys-fs/lvm2[static-libs(+)]"
-# We have to always depend on ${LIB_DEPEND} rather than put behind
-# !static? () because we provide a shared library which links against
-# these other packages. #414665
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\([+-]\)\]}
- udev? ( virtual/libudev:= )"
-DEPEND="${RDEPEND}
- static? ( ${LIB_DEPEND} )"
-BDEPEND="
- virtual/pkgconfig
-"
-
-S="${WORKDIR}/${P/_/-}"
-
-pkg_setup() {
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n"
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n"
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n"
- check_extra_config
-}
-
-src_prepare() {
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- default
-}
-
-src_configure() {
- if use kernel ; then
- ewarn "Note that kernel backend is very slow for this type of operation"
- ewarn "and is provided mainly for embedded systems wanting to avoid"
- ewarn "userspace crypto libraries."
- fi
-
- local myeconfargs=(
- --disable-internal-argon2
- --enable-shared
- --sbindir=/sbin
- # for later use
- --with-default-luks-format=LUKS2
- --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d"
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
- $(use_enable argon2 libargon2)
- $(use_enable nls)
- $(use_enable pwquality)
- $(use_enable reencrypt cryptsetup-reencrypt)
- $(use_enable !static external-tokens)
- $(use_enable static static-cryptsetup)
- $(use_enable static-libs static)
- $(use_enable udev)
- $(use_enable !urandom dev-random)
- $(use_enable ssh ssh-token)
- $(usex argon2 '' '--with-luks2-pbkdf=pbkdf2')
- )
- econf "${myeconfargs[@]}"
-}
-
-src_test() {
- if [[ ! -e /dev/mapper/control ]] ; then
- ewarn "No /dev/mapper/control found -- skipping tests"
- return 0
- fi
-
- local p
- for p in /dev/mapper /dev/loop* ; do
- addwrite ${p}
- done
-
- default
-}
-
-src_install() {
- default
-
- if use static ; then
- mv "${ED}"/sbin/cryptsetup{.static,} || die
- mv "${ED}"/sbin/veritysetup{.static,} || die
- mv "${ED}"/sbin/integritysetup{.static,} || die
- if use ssh ; then
- mv "${ED}"/sbin/cryptsetup-ssh{.static,} || die
- fi
- if use reencrypt ; then
- mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die
- fi
- fi
- find "${ED}" -type f -name "*.la" -delete || die
-
- dodoc docs/v*ReleaseNotes
-
- newconfd "${FILESDIR}"/2.4.0-dmcrypt.confd dmcrypt
- newinitd "${FILESDIR}"/2.4.0-dmcrypt.rc dmcrypt
-}
-
-pkg_postinst() {
- tmpfiles_process cryptsetup.conf
-}
diff --git a/sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd b/sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd
deleted file mode 100644
index 642ff087078b..000000000000
--- a/sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd
+++ /dev/null
@@ -1,111 +0,0 @@
-# /etc/conf.d/dmcrypt
-
-# For people who run dmcrypt on top of some other layer (like raid),
-# use rc_need to specify that requirement. See the runscript(8) man
-# page for more information.
-
-#--------------------
-# Instructions
-#--------------------
-
-# Note regarding the syntax of this file. This file is *almost* bash,
-# but each line is evaluated separately. Separate swaps/targets can be
-# specified. The init-script which reads this file assumes that a
-# swap= or target= line starts a new section, similar to lilo or grub
-# configuration.
-
-# Note when using gpg keys and /usr on a separate partition, you will
-# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly
-# and ensure that gpg has been compiled statically.
-# See http://bugs.gentoo.org/90482 for more information.
-
-# Note that the init-script which reads this file detects whether your
-# partition is LUKS or not. No mkfs is run unless you specify a makefs
-# option.
-
-# Global options:
-#----------------
-
-# How long to wait for each timeout (in seconds).
-dmcrypt_key_timeout=1
-
-# Max number of checks to perform (see dmcrypt_key_timeout).
-#dmcrypt_max_timeout=300
-
-# Number of password retries.
-dmcrypt_retries=5
-
-# Arguments:
-#-----------
-# target=<name> == Mapping name for partition.
-# swap=<name> == Mapping name for swap partition.
-# source='<dev>' == Real device for partition.
-# Note: You can (and should) specify a tag like UUID
-# for blkid (see -t option). This is safer than using
-# the full path to the device.
-# key='</path/to/keyfile>[:<mode>]' == Fullpath from / or from inside removable media.
-# remdev='<dev>' == Device that will be assigned to removable media.
-# gpg_options='<opts>' == Default are --quiet --decrypt
-# options='<opts>' == cryptsetup, for LUKS you can only use --readonly
-# loop_file='<file>' == Loopback file.
-# Note: If you omit $source, then a free loopback will
-# be looked up automatically.
-# pre_mount='cmds' == commands to execute before mounting partition.
-# post_mount='cmds' == commands to execute after mounting partition.
-#-----------
-# Supported Modes
-# gpg == decrypt and pipe key into cryptsetup.
-# Note: new-line character must not be part of key.
-# Command to erase \n char: 'cat key | tr -d '\n' > cleanKey'
-
-#--------------------
-# dm-crypt examples
-#--------------------
-
-## swap
-# Swap partitions. These should come first so that no keys make their
-# way into unencrypted swap.
-# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
-# If no makefs is given then mkswap will be assumed
-#swap=crypt-swap
-#source='/dev/hda2'
-
-## /home with passphrase
-#target=crypt-home
-#source='/dev/hda5'
-
-## /home with regular keyfile
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey'
-
-## /home with gpg protected key
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey:gpg'
-
-## /home with regular keyfile on removable media(such as usb-stick)
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey'
-#remdev='/dev/sda1'
-
-## /home with gpg protected key on removable media(such as usb-stick)
-#target=crypt-home
-#source='/dev/hda5'
-#key='/full/path/to/homekey:gpg'
-#remdev='/dev/sda1'
-
-## /tmp with regular keyfile
-#target=crypt-tmp
-#source='/dev/hda6'
-#key='/full/path/to/tmpkey'
-#pre_mount='/sbin/mkreiserfs -f -f ${dev}'
-#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'
-
-## Loopback file example
-#target='crypt-loop-home'
-#source='/dev/loop0'
-#loop_file='/mnt/crypt/home'
-
-# The file must be terminated by a newline. Or leave this comment last.
diff --git a/sys-fs/cryptsetup/files/1.6.7-dmcrypt.rc b/sys-fs/cryptsetup/files/1.6.7-dmcrypt.rc
deleted file mode 100644
index cdd20ba929d4..000000000000
--- a/sys-fs/cryptsetup/files/1.6.7-dmcrypt.rc
+++ /dev/null
@@ -1,339 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-depend() {
- before checkfs fsck
-
- if grep -qs ^swap= "${conf_file}" ; then
- before swap
- fi
-}
-
-# We support multiple dmcrypt instances based on $SVCNAME
-conf_file="/etc/conf.d/${SVCNAME}"
-
-# Get splash helpers if available.
-if [ -e /sbin/splash-functions.sh ] ; then
- . /sbin/splash-functions.sh
-fi
-
-# Setup mappings for an individual target/swap
-# Note: This relies on variables localized in the main body below.
-dm_crypt_execute() {
- local dev ret mode foo
-
- if [ -z "${target}" -a -z "${swap}" ] ; then
- return
- fi
-
- # Set up default values.
- : ${dmcrypt_key_timeout:=1}
- : ${dmcrypt_max_timeout:=300}
- : ${dmcrypt_retries:=5}
-
- # Handle automatic look up of the source path.
- if [ -z "${source}" -a -n "${loop_file}" ] ; then
- source=$(losetup --show -f "${loop_file}")
- fi
- case ${source} in
- *=*)
- source=$(blkid -l -t "${source}" -o device)
- ;;
- esac
- if [ -z "${source}" ] || [ ! -e "${source}" ] ; then
- ewarn "source \"${source}\" for ${target} missing, skipping..."
- return
- fi
-
- if [ -n "${target}" ] ; then
- # let user set options, otherwise leave empty
- : ${options:=' '}
- elif [ -n "${swap}" ] ; then
- if cryptsetup isLuks ${source} 2>/dev/null ; then
- ewarn "The swap you have defined is a LUKS partition. Aborting crypt-swap setup."
- return
- fi
- target=${swap}
- # swap contents do not need to be preserved between boots, luks not required.
- # suspend2 users should have initramfs's init handling their swap partition either way.
- : ${options:='-c aes -h sha1 -d /dev/urandom'}
- : ${pre_mount:='mkswap ${dev}'}
- fi
-
- if [ -n "${loop_file}" ] ; then
- dev="/dev/mapper/${target}"
- ebegin " Setting up loop device ${source}"
- losetup ${source} ${loop_file}
- fi
-
- # cryptsetup:
- # open <device> <name> # <device> is $source
- # create <name> <device> # <name> is $target
- local arg1="create" arg2="${target}" arg3="${source}"
- if cryptsetup isLuks ${source} 2>/dev/null ; then
- arg1="open"
- arg2="${source}"
- arg3="${target}"
- fi
-
- # Older versions reported:
- # ${target} is active:
- # Newer versions report:
- # ${target} is active[ and is in use.]
- if cryptsetup status ${target} | egrep -q ' is active' ; then
- einfo "dm-crypt mapping ${target} is already configured"
- return
- fi
- splash svc_input_begin ${SVCNAME} >/dev/null 2>&1
-
- # Handle keys
- if [ -n "${key}" ] ; then
- read_abort() {
- # some colors
- local ans savetty resettty
- [ -z "${NORMAL}" ] && eval $(eval_ecolors)
- einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) "
- shift
- # This is ugly as s**t. But POSIX doesn't provide `read -t`, so
- # we end up having to implement our own crap with stty/etc...
- savetty=$(stty -g)
- resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
- trap 'eval "${resettty}"' EXIT HUP INT TERM
- stty -icanon
- stty min 0 time "$(( $2 * 10 ))"
- ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
- eval "${resettty}"
- if [ -z "${ans}" ] ; then
- printf '\r'
- else
- echo
- fi
- case ${ans} in
- [yY]) return 0;;
- *) return 1;;
- esac
- }
-
- # Notes: sed not used to avoid case where /usr partition is encrypted.
- mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
- key=${key%:*}
- case "${mode}" in
- gpg|reg)
- # handle key on removable device
- if [ -n "${remdev}" ] ; then
- # temp directory to mount removable device
- local mntrem="${RC_SVCDIR}/dm-crypt-remdev.$$"
- if [ ! -d "${mntrem}" ] ; then
- if ! mkdir -p "${mntrem}" ; then
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: Unable to create temporary mount point '${mntrem}'"
- return
- fi
- fi
- i=0
- einfo "Please insert removable device for ${target}"
- while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do
- foo=""
- if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
- # keyfile exists?
- if [ ! -e "${mntrem}${key}" ] ; then
- umount -n "${mntrem}"
- rmdir "${mntrem}"
- einfo "Cannot find ${key} on removable media."
- read_abort "Abort" ${dmcrypt_key_timeout} && return
- else
- key="${mntrem}${key}"
- break
- fi
- else
- [ -e "${remdev}" ] \
- && foo="mount failed" \
- || foo="mount source not found"
- fi
- : $((i += 1))
- read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return
- done
- else # keyfile ! on removable device
- if [ ! -e "${key}" ] ; then
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: keyfile ${key} does not exist."
- return
- fi
- fi
- ;;
- *)
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: mode ${mode} is invalid."
- return
- ;;
- esac
- else
- mode=none
- fi
- ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3}"
- if [ "${mode}" = "gpg" ] ; then
- : ${gpg_options:='-q -d'}
- # gpg available ?
- if command -v gpg >/dev/null ; then
- i=0
- while [ ${i} -lt ${dmcrypt_retries} ] ; do
- # paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
- # save stdin stdout stderr "values"
- timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \
- cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}
- ret=$?
- # The timeout command exits 124 when it times out.
- [ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
- : $(( i += 1 ))
- done
- eend ${ret} "failure running cryptsetup"
- else
- ewarn "${source} will not be decrypted ..."
- einfo "Reason: cannot find gpg application."
- einfo "You have to install app-crypt/gnupg first."
- einfo "If you have /usr on its own partition, try copying gpg to /bin ."
- fi
- else
- if [ "${mode}" = "reg" ] ; then
- cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3}
- ret=$?
- eend ${ret} "failure running cryptsetup"
- else
- cryptsetup ${options} ${arg1} ${arg2} ${arg3}
- ret=$?
- eend ${ret} "failure running cryptsetup"
- fi
- fi
- if [ -d "${mntrem}" ] ; then
- umount -n ${mntrem} 2>/dev/null >/dev/null
- rmdir ${mntrem} 2>/dev/null >/dev/null
- fi
- splash svc_input_end ${SVCNAME} >/dev/null 2>&1
-
- if [ ${ret} -ne 0 ] ; then
- cryptfs_status=1
- else
- if [ -n "${pre_mount}" ] ; then
- dev="/dev/mapper/${target}"
- eval ebegin \"" pre_mount: ${pre_mount}"\"
- eval "${pre_mount}" > /dev/null
- ewend $? || cryptfs_status=1
- fi
- fi
-}
-
-# Lookup optional bootparams
-get_bootparam_val() {
- # We're given something like:
- # foo=bar=cow
- # Return the "bar=cow" part.
- case $1 in
- *=*)
- echo "${1#*=}"
- ;;
- esac
-}
-
-start() {
- local header=true cryptfs_status=0
- local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev
-
- local x
- for x in $(cat /proc/cmdline) ; do
- case "${x}" in
- key_timeout=*)
- dmcrypt_key_timeout=$(get_bootparam_val "${x}")
- ;;
- esac
- done
-
- while read targetline <&3 ; do
- case ${targetline} in
- # skip comments and blank lines
- ""|"#"*) continue ;;
- # skip service-specific openrc configs #377927
- rc_*) continue ;;
- esac
-
- ${header} && ebegin "Setting up dm-crypt mappings"
- header=false
-
- # check for the start of a new target/swap
- case ${targetline} in
- target=*|swap=*)
- # If we have a target queued up, then execute it
- dm_crypt_execute
-
- # Prepare for the next target/swap by resetting variables
- unset gpg_options key loop_file target options pre_mount post_mount source swap remdev
- ;;
-
- gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*)
- if [ -z "${target}${swap}" ] ; then
- ewarn "Ignoring setting outside target/swap section: ${targetline}"
- continue
- fi
- ;;
-
- dmcrypt_*=*)
- # ignore global options
- continue
- ;;
-
- *)
- ewarn "Skipping invalid line in ${conf_file}: ${targetline}"
- ;;
- esac
-
- # Queue this setting for the next call to dm_crypt_execute
- eval "${targetline}"
- done 3< ${conf_file}
-
- # If we have a target queued up, then execute it
- dm_crypt_execute
-
- ewend ${cryptfs_status} "Failed to setup dm-crypt devices"
-}
-
-stop() {
- local line header
-
- # Break down all mappings
- header=true
- egrep "^(target|swap)=" ${conf_file} | \
- while read line ; do
- ${header} && einfo "Removing dm-crypt mappings"
- header=false
-
- target= swap=
- eval ${line}
-
- [ -n "${swap}" ] && target=${swap}
- if [ -z "${target}" ] ; then
- ewarn "invalid line in ${conf_file}: ${line}"
- continue
- fi
-
- ebegin " ${target}"
- cryptsetup remove ${target}
- eend $?
- done
-
- # Break down loop devices
- header=true
- grep '^source=./dev/loop' ${conf_file} | \
- while read line ; do
- ${header} && einfo "Detaching dm-crypt loop devices"
- header=false
-
- source=
- eval ${line}
-
- ebegin " ${source}"
- losetup -d "${source}"
- eend $?
- done
-
- return 0
-}
diff --git a/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch b/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch
deleted file mode 100644
index 39524ec3114b..000000000000
--- a/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch
+++ /dev/null
@@ -1,18 +0,0 @@
---- a/src/Makemodule.am 2018-07-31 14:32:46.000000000 +0200
-+++ b/src/Makemodule.am 2018-08-12 17:13:26.000000000 +0200
-@@ -64,6 +64,7 @@
- $(veritysetup_LDADD) \
- @CRYPTO_STATIC_LIBS@ \
- @DEVMAPPER_STATIC_LIBS@ \
-+ @PWQUALITY_STATIC_LIBS@ \
- @UUID_LIBS@
- endif
- endif
-@@ -93,6 +94,7 @@
- $(integritysetup_LDADD) \
- @CRYPTO_STATIC_LIBS@ \
- @DEVMAPPER_STATIC_LIBS@ \
-+ @PWQUALITY_STATIC_LIBS@ \
- @UUID_LIBS@
- endif
- endif
diff --git a/sys-fs/cryptsetup/files/cryptsetup-2.4.1-external-tokens.patch b/sys-fs/cryptsetup/files/cryptsetup-2.4.1-external-tokens.patch
deleted file mode 100644
index 1777a02652ce..000000000000
--- a/sys-fs/cryptsetup/files/cryptsetup-2.4.1-external-tokens.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From a1b577c085cc9ef6b95c4556ec8815070828ee6c Mon Sep 17 00:00:00 2001
-From: Hector Martin <marcan@marcan.st>
-Date: Fri, 17 Sep 2021 05:44:18 +0000
-Subject: [PATCH] Do not attempt to unload external tokens if
- USE_EXTERNAL_TOKENS is disabled.
-
-This allows building a static binary as long as --disable-external-tokens is used
----
- lib/luks2/luks2_token.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/lib/luks2/luks2_token.c b/lib/luks2/luks2_token.c
-index d34cebf5..88d84418 100644
---- a/lib/luks2/luks2_token.c
-+++ b/lib/luks2/luks2_token.c
-@@ -245,6 +245,7 @@ int crypt_token_register(const crypt_token_handler *handler)
-
- void crypt_token_unload_external_all(struct crypt_device *cd)
- {
-+#if USE_EXTERNAL_TOKENS
- int i;
-
- for (i = LUKS2_TOKENS_MAX - 1; i >= 0; i--) {
-@@ -258,6 +259,7 @@ void crypt_token_unload_external_all(struct crypt_device *cd)
- if (dlclose(CONST_CAST(void *)token_handlers[i].u.v2.dlhandle))
- log_dbg(cd, "%s", dlerror());
- }
-+#endif
- }
-
- static const void
---
-GitLab
-
diff --git a/sys-fs/cryptsetup/files/cryptsetup-2.4.1-fix-static-pwquality-build.patch b/sys-fs/cryptsetup/files/cryptsetup-2.4.1-fix-static-pwquality-build.patch
deleted file mode 100644
index f39e88507ffd..000000000000
--- a/sys-fs/cryptsetup/files/cryptsetup-2.4.1-fix-static-pwquality-build.patch
+++ /dev/null
@@ -1,225 +0,0 @@
-From 26cc1644b489578c76ec6f576614ca885c00a35d Mon Sep 17 00:00:00 2001
-From: Milan Broz <gmazyland@gmail.com>
-Date: Wed, 6 Oct 2021 12:27:25 +0200
-Subject: [PATCH 1/2] Do not link integritysetup and veritysetup with
- pwquality.
-
-These tools do not read passphrases, no need to link to these libraries.
-
-Just move the helper code that introduced this dependence as a side-effect.
-
-Fixes: #677
----
- src/Makemodule.am | 6 -----
- src/utils_password.c | 56 --------------------------------------------
- src/utils_tools.c | 56 ++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 56 insertions(+), 62 deletions(-)
-
-diff --git a/src/Makemodule.am b/src/Makemodule.am
-index a6dc50cf..f2b896bf 100644
---- a/src/Makemodule.am
-+++ b/src/Makemodule.am
-@@ -52,7 +52,6 @@ veritysetup_SOURCES = \
- src/utils_arg_names.h \
- src/utils_arg_macros.h \
- src/utils_tools.c \
-- src/utils_password.c \
- src/veritysetup.c \
- src/veritysetup_args.h \
- src/veritysetup_arg_list.h \
-@@ -61,8 +60,6 @@ veritysetup_SOURCES = \
- veritysetup_LDADD = $(LDADD) \
- libcryptsetup.la \
- @POPT_LIBS@ \
-- @PWQUALITY_LIBS@ \
-- @PASSWDQC_LIBS@ \
- @BLKID_LIBS@
-
- sbin_PROGRAMS += veritysetup
-@@ -91,7 +88,6 @@ integritysetup_SOURCES = \
- src/utils_arg_names.h \
- src/utils_arg_macros.h \
- src/utils_tools.c \
-- src/utils_password.c \
- src/utils_blockdev.c \
- src/integritysetup.c \
- src/integritysetup_args.h \
-@@ -101,8 +97,6 @@ integritysetup_SOURCES = \
- integritysetup_LDADD = $(LDADD) \
- libcryptsetup.la \
- @POPT_LIBS@ \
-- @PWQUALITY_LIBS@ \
-- @PASSWDQC_LIBS@ \
- @UUID_LIBS@ \
- @BLKID_LIBS@
-
-diff --git a/src/utils_password.c b/src/utils_password.c
-index 58f3a7b3..65618b9c 100644
---- a/src/utils_password.c
-+++ b/src/utils_password.c
-@@ -318,59 +318,3 @@ void tools_passphrase_msg(int r)
- else if (r == -ENOENT)
- log_err(_("No usable keyslot is available."));
- }
--
--int tools_read_mk(const char *file, char **key, int keysize)
--{
-- int fd = -1, r = -EINVAL;
--
-- if (keysize <= 0 || !key)
-- return -EINVAL;
--
-- *key = crypt_safe_alloc(keysize);
-- if (!*key)
-- return -ENOMEM;
--
-- fd = open(file, O_RDONLY);
-- if (fd == -1) {
-- log_err(_("Cannot read keyfile %s."), file);
-- goto out;
-- }
--
-- if (read_buffer(fd, *key, keysize) != keysize) {
-- log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file);
-- goto out;
-- }
-- r = 0;
--out:
-- if (fd != -1)
-- close(fd);
--
-- if (r) {
-- crypt_safe_free(*key);
-- *key = NULL;
-- }
--
-- return r;
--}
--
--int tools_write_mk(const char *file, const char *key, int keysize)
--{
-- int fd, r = -EINVAL;
--
-- if (keysize <= 0 || !key)
-- return -EINVAL;
--
-- fd = open(file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
-- if (fd < 0) {
-- log_err(_("Cannot open keyfile %s for write."), file);
-- return r;
-- }
--
-- if (write_buffer(fd, key, keysize) == keysize)
-- r = 0;
-- else
-- log_err(_("Cannot write to keyfile %s."), file);
--
-- close(fd);
-- return r;
--}
-diff --git a/src/utils_tools.c b/src/utils_tools.c
-index dbd83695..cf66e4c4 100644
---- a/src/utils_tools.c
-+++ b/src/utils_tools.c
-@@ -493,3 +493,59 @@ int tools_reencrypt_progress(uint64_t size, uint64_t offset, void *usrptr)
-
- return r;
- }
-+
-+int tools_read_mk(const char *file, char **key, int keysize)
-+{
-+ int fd = -1, r = -EINVAL;
-+
-+ if (keysize <= 0 || !key)
-+ return -EINVAL;
-+
-+ *key = crypt_safe_alloc(keysize);
-+ if (!*key)
-+ return -ENOMEM;
-+
-+ fd = open(file, O_RDONLY);
-+ if (fd == -1) {
-+ log_err(_("Cannot read keyfile %s."), file);
-+ goto out;
-+ }
-+
-+ if (read_buffer(fd, *key, keysize) != keysize) {
-+ log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file);
-+ goto out;
-+ }
-+ r = 0;
-+out:
-+ if (fd != -1)
-+ close(fd);
-+
-+ if (r) {
-+ crypt_safe_free(*key);
-+ *key = NULL;
-+ }
-+
-+ return r;
-+}
-+
-+int tools_write_mk(const char *file, const char *key, int keysize)
-+{
-+ int fd, r = -EINVAL;
-+
-+ if (keysize <= 0 || !key)
-+ return -EINVAL;
-+
-+ fd = open(file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR);
-+ if (fd < 0) {
-+ log_err(_("Cannot open keyfile %s for write."), file);
-+ return r;
-+ }
-+
-+ if (write_buffer(fd, key, keysize) == keysize)
-+ r = 0;
-+ else
-+ log_err(_("Cannot write to keyfile %s."), file);
-+
-+ close(fd);
-+ return r;
-+}
---
-GitLab
-
-
-From d20beacba060f34e3ab0d71d191f59434031e98f Mon Sep 17 00:00:00 2001
-From: Milan Broz <gmazyland@gmail.com>
-Date: Wed, 6 Oct 2021 12:45:20 +0200
-Subject: [PATCH 2/2] Remove redundant link to uuid lib for static build.
-
-Veritysetup does not need to link this library at all, for others
-we have link already in flags.
----
- src/Makemodule.am | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/src/Makemodule.am b/src/Makemodule.am
-index f2b896bf..49e0c5aa 100644
---- a/src/Makemodule.am
-+++ b/src/Makemodule.am
-@@ -71,8 +71,7 @@ veritysetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static
- veritysetup_static_LDADD = \
- $(veritysetup_LDADD) \
- @CRYPTO_STATIC_LIBS@ \
-- @DEVMAPPER_STATIC_LIBS@ \
-- @UUID_LIBS@
-+ @DEVMAPPER_STATIC_LIBS@
- endif
- endif
-
-@@ -109,8 +108,7 @@ integritysetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static
- integritysetup_static_LDADD = \
- $(integritysetup_LDADD) \
- @CRYPTO_STATIC_LIBS@ \
-- @DEVMAPPER_STATIC_LIBS@ \
-- @UUID_LIBS@
-+ @DEVMAPPER_STATIC_LIBS@
- endif
- endif
-
---
-GitLab
-
^ permalink raw reply related [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-02-07 20:27 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-02-07 20:27 [gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/files/, sys-fs/cryptsetup/ Mike Gilbert
-- strict thread matches above, loose matches on Subject: below --
2021-08-19 8:53 Lars Wendler
2018-08-13 6:42 Lars Wendler
2017-12-17 15:48 Lars Wendler
2017-05-03 8:49 Lars Wendler
2017-01-17 16:23 Lars Wendler
2016-11-23 9:27 Lars Wendler
2016-04-19 6:17 Mike Frysinger
2015-11-04 5:41 Lars Wendler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox