summaryrefslogtreecommitdiff
path: root/sys-apps/systemd/files/252-rc1-cryptsetup.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sys-apps/systemd/files/252-rc1-cryptsetup.patch')
-rw-r--r--sys-apps/systemd/files/252-rc1-cryptsetup.patch226
1 files changed, 226 insertions, 0 deletions
diff --git a/sys-apps/systemd/files/252-rc1-cryptsetup.patch b/sys-apps/systemd/files/252-rc1-cryptsetup.patch
new file mode 100644
index 000000000000..54b4ce1ea0aa
--- /dev/null
+++ b/sys-apps/systemd/files/252-rc1-cryptsetup.patch
@@ -0,0 +1,226 @@
+From bbf73b00697e77ca35ae60109418da77f257be52 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Tue, 11 Oct 2022 20:35:34 +0200
+Subject: [PATCH 1/2] cryptsetup-util: Always define dlopen_cryptsetup()
+
+---
+ src/shared/cryptsetup-util.c | 118 ++++++++++++++++++-----------------
+ src/shared/cryptsetup-util.h | 4 +-
+ 2 files changed, 63 insertions(+), 59 deletions(-)
+
+diff --git a/src/shared/cryptsetup-util.c b/src/shared/cryptsetup-util.c
+index da6dcb2f093a..401e7a3f9c7d 100644
+--- a/src/shared/cryptsetup-util.c
++++ b/src/shared/cryptsetup-util.c
+@@ -50,63 +50,6 @@ int (*sym_crypt_token_max)(const char *type);
+ crypt_token_info (*sym_crypt_token_status)(struct crypt_device *cd, int token, const char **type);
+ int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
+
+-int dlopen_cryptsetup(void) {
+- int r;
+-
+- r = dlopen_many_sym_or_warn(
+- &cryptsetup_dl, "libcryptsetup.so.12", LOG_DEBUG,
+- DLSYM_ARG(crypt_activate_by_passphrase),
+-#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
+- DLSYM_ARG(crypt_activate_by_signed_key),
+-#endif
+- DLSYM_ARG(crypt_activate_by_volume_key),
+- DLSYM_ARG(crypt_deactivate_by_name),
+- DLSYM_ARG(crypt_format),
+- DLSYM_ARG(crypt_free),
+- DLSYM_ARG(crypt_get_cipher),
+- DLSYM_ARG(crypt_get_cipher_mode),
+- DLSYM_ARG(crypt_get_data_offset),
+- DLSYM_ARG(crypt_get_device_name),
+- DLSYM_ARG(crypt_get_dir),
+- DLSYM_ARG(crypt_get_type),
+- DLSYM_ARG(crypt_get_uuid),
+- DLSYM_ARG(crypt_get_verity_info),
+- DLSYM_ARG(crypt_get_volume_key_size),
+- DLSYM_ARG(crypt_init),
+- DLSYM_ARG(crypt_init_by_name),
+- DLSYM_ARG(crypt_keyslot_add_by_volume_key),
+- DLSYM_ARG(crypt_keyslot_destroy),
+- DLSYM_ARG(crypt_keyslot_max),
+- DLSYM_ARG(crypt_load),
+- DLSYM_ARG(crypt_resize),
+- DLSYM_ARG(crypt_resume_by_passphrase),
+- DLSYM_ARG(crypt_set_data_device),
+- DLSYM_ARG(crypt_set_debug_level),
+- DLSYM_ARG(crypt_set_log_callback),
+-#if HAVE_CRYPT_SET_METADATA_SIZE
+- DLSYM_ARG(crypt_set_metadata_size),
+-#endif
+- DLSYM_ARG(crypt_set_pbkdf_type),
+- DLSYM_ARG(crypt_suspend),
+- DLSYM_ARG(crypt_token_json_get),
+- DLSYM_ARG(crypt_token_json_set),
+-#if HAVE_CRYPT_TOKEN_MAX
+- DLSYM_ARG(crypt_token_max),
+-#endif
+- DLSYM_ARG(crypt_token_status),
+- DLSYM_ARG(crypt_volume_key_get));
+- if (r <= 0)
+- return r;
+-
+- /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
+- * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
+- * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
+- * other code loaded into this process also changes the global log functions of libcryptsetup, who
+- * knows? And if so, we still want our own objects to log via our own infra, at the very least.) */
+- cryptsetup_enable_logging(NULL);
+- return 1;
+-}
+-
+ static void cryptsetup_log_glue(int level, const char *msg, void *usrptr) {
+
+ switch (level) {
+@@ -246,6 +189,67 @@ int cryptsetup_add_token_json(struct crypt_device *cd, JsonVariant *v) {
+ }
+ #endif
+
++int dlopen_cryptsetup(void) {
++#if HAVE_LIBCRYPTSETUP
++ int r;
++
++ r = dlopen_many_sym_or_warn(
++ &cryptsetup_dl, "libcryptsetup.so.12", LOG_DEBUG,
++ DLSYM_ARG(crypt_activate_by_passphrase),
++#if HAVE_CRYPT_ACTIVATE_BY_SIGNED_KEY
++ DLSYM_ARG(crypt_activate_by_signed_key),
++#endif
++ DLSYM_ARG(crypt_activate_by_volume_key),
++ DLSYM_ARG(crypt_deactivate_by_name),
++ DLSYM_ARG(crypt_format),
++ DLSYM_ARG(crypt_free),
++ DLSYM_ARG(crypt_get_cipher),
++ DLSYM_ARG(crypt_get_cipher_mode),
++ DLSYM_ARG(crypt_get_data_offset),
++ DLSYM_ARG(crypt_get_device_name),
++ DLSYM_ARG(crypt_get_dir),
++ DLSYM_ARG(crypt_get_type),
++ DLSYM_ARG(crypt_get_uuid),
++ DLSYM_ARG(crypt_get_verity_info),
++ DLSYM_ARG(crypt_get_volume_key_size),
++ DLSYM_ARG(crypt_init),
++ DLSYM_ARG(crypt_init_by_name),
++ DLSYM_ARG(crypt_keyslot_add_by_volume_key),
++ DLSYM_ARG(crypt_keyslot_destroy),
++ DLSYM_ARG(crypt_keyslot_max),
++ DLSYM_ARG(crypt_load),
++ DLSYM_ARG(crypt_resize),
++ DLSYM_ARG(crypt_resume_by_passphrase),
++ DLSYM_ARG(crypt_set_data_device),
++ DLSYM_ARG(crypt_set_debug_level),
++ DLSYM_ARG(crypt_set_log_callback),
++#if HAVE_CRYPT_SET_METADATA_SIZE
++ DLSYM_ARG(crypt_set_metadata_size),
++#endif
++ DLSYM_ARG(crypt_set_pbkdf_type),
++ DLSYM_ARG(crypt_suspend),
++ DLSYM_ARG(crypt_token_json_get),
++ DLSYM_ARG(crypt_token_json_set),
++#if HAVE_CRYPT_TOKEN_MAX
++ DLSYM_ARG(crypt_token_max),
++#endif
++ DLSYM_ARG(crypt_token_status),
++ DLSYM_ARG(crypt_volume_key_get));
++ if (r <= 0)
++ return r;
++
++ /* Redirect the default logging calls of libcryptsetup to our own logging infra. (Note that
++ * libcryptsetup also maintains per-"struct crypt_device" log functions, which we'll also set
++ * whenever allocating a "struct crypt_device" context. Why set both? To be defensive: maybe some
++ * other code loaded into this process also changes the global log functions of libcryptsetup, who
++ * knows? And if so, we still want our own objects to log via our own infra, at the very least.) */
++ cryptsetup_enable_logging(NULL);
++ return 1;
++#else
++ return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "cryptsetup support is not compiled in.");
++#endif
++}
++
+ int cryptsetup_get_keyslot_from_token(JsonVariant *v) {
+ int keyslot, r;
+ JsonVariant *w;
+diff --git a/src/shared/cryptsetup-util.h b/src/shared/cryptsetup-util.h
+index b1ce07ec8a50..b390dc9a5cbb 100644
+--- a/src/shared/cryptsetup-util.h
++++ b/src/shared/cryptsetup-util.h
+@@ -65,8 +65,6 @@ static inline int crypt_token_max(_unused_ const char *type) {
+ extern crypt_token_info (*sym_crypt_token_status)(struct crypt_device *cd, int token, const char **type);
+ extern int (*sym_crypt_volume_key_get)(struct crypt_device *cd, int keyslot, char *volume_key, size_t *volume_key_size, const char *passphrase, size_t passphrase_size);
+
+-int dlopen_cryptsetup(void);
+-
+ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct crypt_device *, crypt_free, NULL);
+ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(struct crypt_device *, sym_crypt_free, NULL);
+
+@@ -91,6 +89,8 @@ static inline void sym_crypt_freep(struct crypt_device** cd) {}
+
+ #endif
+
++int dlopen_cryptsetup(void);
++
+ int cryptsetup_get_keyslot_from_token(JsonVariant *v);
+
+ static inline const char *mangle_none(const char *s) {
+
+From 86bebe385f6e35ecec708e44dae2b896f5bfa770 Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Tue, 11 Oct 2022 20:36:03 +0200
+Subject: [PATCH 2/2] repart: Always define VerityMode from/to string functions
+
+---
+ src/partition/repart.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/partition/repart.c b/src/partition/repart.c
+index a0f7d4164500..dd544d6415a9 100644
+--- a/src/partition/repart.c
++++ b/src/partition/repart.c
+@@ -255,12 +255,11 @@ static const char *verity_mode_table[_VERITY_MODE_MAX] = {
+
+ #if HAVE_LIBCRYPTSETUP
+ DEFINE_PRIVATE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE);
+-DEFINE_PRIVATE_STRING_TABLE_LOOKUP(verity_mode, VerityMode);
+ #else
+ DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING_WITH_BOOLEAN(encrypt_mode, EncryptMode, ENCRYPT_KEY_FILE);
+-DEFINE_PRIVATE_STRING_TABLE_LOOKUP_FROM_STRING(verity_mode, VerityMode);
+ #endif
+
++DEFINE_PRIVATE_STRING_TABLE_LOOKUP(verity_mode, VerityMode);
+
+ static uint64_t round_down_size(uint64_t v, uint64_t p) {
+ return (v / p) * p;
+From 748367c72368031ca0ef32fadd394c4bcacc126a Mon Sep 17 00:00:00 2001
+From: David Seifert <soap@gentoo.org>
+Date: Wed, 12 Oct 2022 21:47:29 +0200
+Subject: [PATCH] gpt-auto: allow using without cryptsetup
+
+Fixes #24978
+---
+ src/gpt-auto-generator/gpt-auto-generator.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c
+index 31377d877d5c..5584eb22af1a 100644
+--- a/src/gpt-auto-generator/gpt-auto-generator.c
++++ b/src/gpt-auto-generator/gpt-auto-generator.c
+@@ -571,11 +571,15 @@ static int add_root_rw(DissectedPartition *p) {
+
+ #if ENABLE_EFI
+ static int add_root_cryptsetup(void) {
++#if HAVE_LIBCRYPTSETUP
+
+ /* If a device /dev/gpt-auto-root-luks appears, then make it pull in systemd-cryptsetup-root.service, which
+ * sets it up, and causes /dev/gpt-auto-root to appear which is all we are looking for. */
+
+ return add_cryptsetup("root", "/dev/gpt-auto-root-luks", true, false, NULL);
++#else
++ return 0;
++#endif
+ }
+ #endif
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-30 21:57:38 +0000