From 17e417b73cb3e25edbc6541bd107bc9c593d66bd Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 24 Dec 2024 06:30:58 +0000 Subject: gentoo auto-resync : 24:12:2024 - 06:30:57 --- sys-fs/Manifest.gz | Bin 22258 -> 22252 bytes sys-fs/cryptsetup/Manifest | 6 +- sys-fs/cryptsetup/cryptsetup-2.7.5-r1.ebuild | 155 +++++++++++++++++++++ sys-fs/cryptsetup/cryptsetup-2.7.5.ebuild | 2 +- .../cryptsetup-2.7.5-compat-test-passwdqc.patch | 58 ++++++++ sys-fs/cryptsetup/metadata.xml | 1 + 6 files changed, 219 insertions(+), 3 deletions(-) create mode 100644 sys-fs/cryptsetup/cryptsetup-2.7.5-r1.ebuild create mode 100644 sys-fs/cryptsetup/files/cryptsetup-2.7.5-compat-test-passwdqc.patch (limited to 'sys-fs') diff --git a/sys-fs/Manifest.gz b/sys-fs/Manifest.gz index 01b8afc27b94..749de5f81904 100644 Binary files a/sys-fs/Manifest.gz and b/sys-fs/Manifest.gz differ diff --git a/sys-fs/cryptsetup/Manifest b/sys-fs/cryptsetup/Manifest index 824b1a3399a6..1c88583a6c73 100644 --- a/sys-fs/cryptsetup/Manifest +++ b/sys-fs/cryptsetup/Manifest @@ -1,5 +1,6 @@ AUX 2.4.3-dmcrypt.confd 4306 BLAKE2B 107697c85548a8c5f1f4ffc1ae6ec785bcb9c63a55e52a97fd24c1a3c5e7867d031f494030a27be1efb8eab448a94e466c186c964b2638fd4d95250005fbf31d SHA512 d80701d1507c682d619e2ec433bebab2d64cc3e27c5ddc2e7c8408e07dcd353b4d66e9b8505719fa88fa734d7a7930fc90f5b8279e185580c3c038ac7ef7a02a AUX 2.4.3-dmcrypt.rc 9715 BLAKE2B f3ad708c4fd26e197282ca3b3289756e686663dddeed87d0cdf973e485828141a50a1eb519ce0f32e44aeb6a3675ea71e8bae31bfda97ffc5558a8c017a5cf08 SHA512 a5355f870a018d516d50152b1a09243be28ddca0578347a1bbf21f4bfd495331a1571d11922360274b07d1344b4107e9eb937bc9fcedee47d0b733ab7d6f47de +AUX cryptsetup-2.7.5-compat-test-passwdqc.patch 2960 BLAKE2B 771a18825b0db955d2855bbe08c726e682415230e670fbe907c7180aa390d6eed901677b61a7c12020d9b40560475fafc36d6191807cfcb023485ff7c1308229 SHA512 af7467b8f49bcac409c87f57caf458f0a7c5adaae10a35979acee03de7ab2a40a08096cb24703ac41bf213370535f03ff6aba64a57fec38ad62f6e253022225b DIST cryptsetup-2.6.1.tar.xz 11402380 BLAKE2B efd7a64d89d863876de68ff3e89d8c94ad5eca6a8d2236c52c234fbe51e9d9ee303a0c7fe7dac7df10e0062003b9c0aeddc8dc342582106c157ab2d1e742155e SHA512 0cbddbf33cbac2b834ed7e2dd47a9fc787131031a1c729f373f5c974600a838097e9cc0555f13719fc79c384a2a34b404f94ba4cc2f35f0bb1d70aef2233fd18 DIST cryptsetup-2.7.2.tar.xz 11637316 BLAKE2B 466d7818cf8b6e23f802291ccad205d09f128572c21a85d6ca8e518d2198e49c9d95066c58560ffcb7df5a483aa27592b0e931db1e4daeabd102db9a5543da20 SHA512 06f42f443b91d1f8af8af999dfedd4051ecb12ba5ef291cf2b44b6a5676e2c5cf1e686e19687f5cb6b1fd524dfc1a208cd25a3798367a480d80eac954aa8d6d4 DIST cryptsetup-2.7.3.tar.xz 11689300 BLAKE2B 6de2c5eb4a0e1108eedb9c81c69ef70696b166ee592641927a0f8e11e566d644e0f7db3436b0446d5df33b3fab55af9592b869bb54d5fa94e67c5003404bc9b8 SHA512 08cff21873aeb7cc5b2561abf5d33cdf0fa814eeaabf6a01f858461726ea9faeef651357da33bce7b347ca2f12d6d02bccdb279893f3749cb781ce1fe5c1571c @@ -9,5 +10,6 @@ EBUILD cryptsetup-2.6.1.ebuild 4146 BLAKE2B 23460c085e6bbde61a42de529440591a74a5 EBUILD cryptsetup-2.7.2.ebuild 4161 BLAKE2B c2cc271963d87c13487074d0d3ff1abde76d0bc3f3a65d13ad9b5e8250bae8d6c35d8012cc266761ef58bae13c40e047d6dd551a597d80828e5aa1407774a0c3 SHA512 0b041e8967e87ff383f3c044c325c2f14d7ebd43f9d434fb01b5be2dd52b20c607e37939d56c392eb55b521333d5cba636eb8c3dac4e00e5b9920a7c7793931f EBUILD cryptsetup-2.7.3.ebuild 4160 BLAKE2B f6959b6ba10257943c2885e3f9d1d00dff3e3ed8f3aa320bd1038572f5e9832f09c74c5967f0c45f36704c2c7128f7020c063f2f0fb6ed91f3823d304a253cd2 SHA512 eb0404b40636ffa1271628057de2c06a6bd1b005f929bc6a3e01172618d598aff6e515c804963a0b193515f21d3127ad03faa1e51b3263bf47f7d892b06cd56b EBUILD cryptsetup-2.7.4.ebuild 4160 BLAKE2B f6959b6ba10257943c2885e3f9d1d00dff3e3ed8f3aa320bd1038572f5e9832f09c74c5967f0c45f36704c2c7128f7020c063f2f0fb6ed91f3823d304a253cd2 SHA512 eb0404b40636ffa1271628057de2c06a6bd1b005f929bc6a3e01172618d598aff6e515c804963a0b193515f21d3127ad03faa1e51b3263bf47f7d892b06cd56b -EBUILD cryptsetup-2.7.5.ebuild 4154 BLAKE2B b52e02a63b4f7b3674d262e4cdf7f48a1f2636897278ee4ab49747154d5700471405afb4fa93e0c5014cdc0ca0185c4899afc5926073e5bef2dc3639607bdaf1 SHA512 685ee4e03b42cd5e951687402f42c9de307dbf4071e69f2a51e65e7b5c489216dc6bcb6e728c59b81f5b4b423f6c132919e71c80172b543fc2c798cc9265dde4 -MISC metadata.xml 1146 BLAKE2B e349364ad14e957f35c1fbe1fdeff46cd6a48535b45363922e071adde6342a60fb30c25e3579b908b6e0c0df80984ef26b319e70d438731d665a57fcc2aa8b81 SHA512 6cec96962ee5da4b2923e1fbce5232d014e25e01ccfdd3ca55d48e23cb8581af592ed9b061f8e24b6408e8c339b9ebfa5e2754c1ead417e41d832f777d4ccb45 +EBUILD cryptsetup-2.7.5-r1.ebuild 4341 BLAKE2B 039b5d2eca30036501302cd27c974370d9b5d1d74ca01a3f49033cab9367f9b97d11d046c3ddd556c88031fff0880431d194d500cf3bddeecf3920ea5a1bc8b3 SHA512 861f86aad0c52858be8dd0318631cf259f25169fd4dce9048c443741bcba8f0c71bec74d0cf4c160f890f6822803db831a10309988654d50338fa6f9fb4d7d73 +EBUILD cryptsetup-2.7.5.ebuild 4153 BLAKE2B 28768a9fefd06185c7eb4cf2b5bd6976b32850387f169e5ac0d9751ac753d0dc8131bbb4b042a9979c5349bba17595dbd7fcd7172b6cd6e68d0bd0c045222971 SHA512 02f862b9c7fabb44be6a2c9e7769ae3cf715437724831e694fe376242a95d0634c499798e895f6fbb4b8e8285c691e37b5fb86d857e26a8e45391072d7a38006 +MISC metadata.xml 1239 BLAKE2B b38eccd8af865e22f35f7f857f5c094dbc61bbf262d7768d2dbb6704fd914c2e6ca0b652c7f734cbf44ade8ebe3d1ac14047f4d0772b865cb3a40bc3c8803718 SHA512 56955a850fbc1deadeb25ac686a155dfa87f8051db7a79909e6b4469b00177696cb6dfe5e2885a160ae0e5e613f14a65d715a23f7e763c5c4098833c9f39af55 diff --git a/sys-fs/cryptsetup/cryptsetup-2.7.5-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.7.5-r1.ebuild new file mode 100644 index 000000000000..99ae9173e684 --- /dev/null +++ b/sys-fs/cryptsetup/cryptsetup-2.7.5-r1.ebuild @@ -0,0 +1,155 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +# TODO: meson +inherit linux-info tmpfiles + +DESCRIPTION="Tool to setup encrypted devices with dm-crypt" +HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup" +SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz" +S="${WORKDIR}"/${P/_/-} + +LICENSE="GPL-2+" +SLOT="0/12" # libcryptsetup.so version +if [[ ${PV} != *_rc* ]] ; then + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" +fi + +CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" +# we don't support nss since it doesn't allow cryptsetup to be built statically +# and it's missing ripemd160 support so it can't provide full backward compatibility +IUSE="${CRYPTO_BACKENDS} +argon2 fips nls pwquality passwdqc ssh static static-libs test +udev urandom" +RESTRICT="!test? ( test )" +# bug #496612, bug #832711, bug #843863 +REQUIRED_USE=" + ?? ( pwquality passwdqc ) + ^^ ( ${CRYPTO_BACKENDS//+/} ) + static? ( !ssh !udev !fips ) + static-libs? ( !passwdqc ) + fips? ( !kernel !nettle ) +" + +LIB_DEPEND=" + dev-libs/json-c:=[static-libs(+)] + dev-libs/popt[static-libs(+)] + >=sys-apps/util-linux-2.31-r1[static-libs(+)] + argon2? ( app-crypt/argon2:=[static-libs(+)] ) + gcrypt? ( + dev-libs/libgcrypt:0=[static-libs(+)] + dev-libs/libgpg-error[static-libs(+)] + ) + nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) + openssl? ( dev-libs/openssl:0=[static-libs(+)] ) + pwquality? ( dev-libs/libpwquality[static-libs(+)] ) + passwdqc? ( sys-auth/passwdqc ) + ssh? ( net-libs/libssh[static-libs(+)] ) + sys-fs/lvm2[static-libs(+)] +" +# We have to always depend on ${LIB_DEPEND} rather than put behind +# !static? () because we provide a shared library which links against +# these other packages. bug #414665 +RDEPEND=" + static-libs? ( ${LIB_DEPEND} ) + ${LIB_DEPEND//\[static-libs\([+-]\)\]} + udev? ( virtual/libudev:= ) +" +DEPEND=" + ${RDEPEND} + static? ( ${LIB_DEPEND} ) +" +# vim-core needed for xxd in tests +BDEPEND=" + virtual/pkgconfig + test? ( app-editors/vim-core ) +" + +PATCHES=( "${FILESDIR}"/${P}-compat-test-passwdqc.patch ) + +pkg_setup() { + local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256" + local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n" + local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n" + local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n" + local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n" + check_extra_config +} + +src_prepare() { + default + + sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die +} + +src_configure() { + local myeconfargs=( + --disable-internal-argon2 + --disable-asciidoc + --enable-shared + --sbindir="${EPREFIX}"/sbin + # for later use + --with-default-luks-format=LUKS2 + --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d" + --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done) + $(use_enable argon2 libargon2) + $(use_enable nls) + $(use_enable pwquality) + $(use_enable passwdqc) + $(use_enable !static external-tokens) + $(use_enable static static-cryptsetup) + $(use_enable static-libs static) + $(use_enable udev) + $(use_enable !urandom dev-random) + $(use_enable ssh ssh-token) + $(usev !argon2 '--with-luks2-pbkdf=pbkdf2') + $(use_enable fips) + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + if [[ ! -e /dev/mapper/control ]] ; then + ewarn "No /dev/mapper/control found -- skipping tests" + return 0 + fi + + local p + for p in /dev/mapper /dev/loop* ; do + addwrite ${p} + done + + default +} + +src_install() { + default + + if use static ; then + mv "${ED}"/sbin/cryptsetup{.static,} || die + mv "${ED}"/sbin/veritysetup{.static,} || die + mv "${ED}"/sbin/integritysetup{.static,} || die + + if use ssh ; then + mv "${ED}"/sbin/cryptsetup-ssh{.static,} || die + fi + fi + + find "${ED}" -type f -name "*.la" -delete || die + + dodoc docs/v*ReleaseNotes + + newconfd "${FILESDIR}"/2.4.3-dmcrypt.confd dmcrypt + newinitd "${FILESDIR}"/2.4.3-dmcrypt.rc dmcrypt +} + +pkg_postinst() { + tmpfiles_process cryptsetup.conf + + if use kernel ; then + ewarn "Note that kernel backend is very slow for this type of operation" + ewarn "and is provided mainly for embedded systems wanting to avoid" + ewarn "userspace crypto libraries." + fi +} diff --git a/sys-fs/cryptsetup/cryptsetup-2.7.5.ebuild b/sys-fs/cryptsetup/cryptsetup-2.7.5.ebuild index d09dd78f2b65..265a6450c1e2 100644 --- a/sys-fs/cryptsetup/cryptsetup-2.7.5.ebuild +++ b/sys-fs/cryptsetup/cryptsetup-2.7.5.ebuild @@ -14,7 +14,7 @@ S="${WORKDIR}"/${P/_/-} LICENSE="GPL-2+" SLOT="0/12" # libcryptsetup.so version if [[ ${PV} != *_rc* ]] ; then - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" + KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" fi CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" diff --git a/sys-fs/cryptsetup/files/cryptsetup-2.7.5-compat-test-passwdqc.patch b/sys-fs/cryptsetup/files/cryptsetup-2.7.5-compat-test-passwdqc.patch new file mode 100644 index 000000000000..b266f142f2f4 --- /dev/null +++ b/sys-fs/cryptsetup/files/cryptsetup-2.7.5-compat-test-passwdqc.patch @@ -0,0 +1,58 @@ +https://gitlab.com/cryptsetup/cryptsetup/-/commit/64fb1c1b2673e7f366b789943d1627c859a70b1f.patch +https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/737 + +From 64fb1c1b2673e7f366b789943d1627c859a70b1f Mon Sep 17 00:00:00 2001 +From: Gabi Falk +Date: Sun, 22 Dec 2024 16:00:00 +0000 +Subject: [PATCH] tests/compat-test: Adjust test for compatibility with + passwdqc + +Unlike libpwquality, passwdqc does not consider 'compatkey' a strong +password and rejects 512 character long passwords. + +Closes: https://gitlab.com/cryptsetup/cryptsetup/-/issues/928 +Signed-off-by: Gabi Falk +--- + tests/compat-test | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/tests/compat-test b/tests/compat-test +index 0b2463dd..f01f3032 100755 +--- a/tests/compat-test ++++ b/tests/compat-test +@@ -250,7 +250,7 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail + echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail + echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail + echo "[4] change key" +-echo -e "$PWD1\n$PWD0\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG || fail ++echo -e "$PWD1\n$PWD0\n" | $CRYPTSETUP luksChangeKey --force-password $FAST_PBKDF_OPT $IMG || fail + echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG 2>/dev/null && fail + [ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code" + echo "[5] remove key" +@@ -941,7 +941,7 @@ prepare "[35] Interactive format of device." wipe + expect_run - >/dev/null <$KEYE + expect_run - >/dev/null <Use dev-libs/nettle crypto backend Use dev-libs/openssl crypto backend Use dev-libs/libpwquality for password quality checking + Use sys-auth/passwdqc for password quality checking Build cryptsetup-ssh for experimental support of token via SSH-server Use /dev/urandom instead of /dev/random -- cgit v1.2.3