summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys-fs/cryptsetup/Manifest2
-rw-r--r--sys-fs/cryptsetup/cryptsetup-2.3.4-r10.ebuild (renamed from sys-fs/cryptsetup/cryptsetup-1.7.5-r3.ebuild)106
-rw-r--r--sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd100
-rw-r--r--sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch18
-rw-r--r--sys-fs/cryptsetup/files/setup-1.7.0.py21
5 files changed, 172 insertions, 75 deletions
diff --git a/sys-fs/cryptsetup/Manifest b/sys-fs/cryptsetup/Manifest
index 97af7c90..96ff3e3a 100644
--- a/sys-fs/cryptsetup/Manifest
+++ b/sys-fs/cryptsetup/Manifest
@@ -1 +1 @@
-DIST cryptsetup-1.7.5.tar.xz 1232696 BLAKE2B 1bd62b186564e0b902480d66f623074f8d2f06ea09f11788566e33d58f7d0dc8c79d5827e5966e1a20a5597c2cbdec76da49c8f54c0538a1ac3f869d8ef55456 SHA512 d473f7b06d705a3868a70f3767fafc664436b5897ba59025ea1268f815cb80a9076841ff9ff96cc130fb83ba18b03c1eee38cfaf1b471fdd883a3e126b771439
+DIST cryptsetup-2.3.4.tar.xz 11114004 BLAKE2B 680e6eeb594737aeb8330b0ac8638e94941bdcc56fc3441b6f1bc4f3d209d768096e23a7f840dc1012f9e63fae0fdbc0e72d735d89e92a621cec88ea59560f19 SHA512 db0bfd795343e575acb7a80ea2b9d32acf08ac970037e5b158a1e4381976552dc292107ce79e55913f49fcf643d4ea7104ed73de7c1e8d424b83d471d20ab60d
diff --git a/sys-fs/cryptsetup/cryptsetup-1.7.5-r3.ebuild b/sys-fs/cryptsetup/cryptsetup-2.3.4-r10.ebuild
index ec89c087..70488f8e 100644
--- a/sys-fs/cryptsetup/cryptsetup-1.7.5-r3.ebuild
+++ b/sys-fs/cryptsetup/cryptsetup-2.3.4-r10.ebuild
@@ -1,51 +1,55 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=5
+EAPI=7
-DISTUTILS_OPTIONAL=1
-PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
-
-inherit autotools distutils-r1 linux-info libtool eutils versionator
+inherit autotools linux-info libtool
DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md"
-SRC_URI="mirror://kernel/linux/utils/${PN}/v$(get_version_component_range 1-2)/${P}.tar.xz"
+SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="amd64"
-CRYPTO_BACKENDS="+gcrypt kernel nettle openssl"
+SLOT="0/12" # libcryptsetup.so version
+[[ ${PV} != *_rc* ]] && \
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
# we don't support nss since it doesn't allow cryptsetup to be built statically
# and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} libressl nls pwquality python reencrypt static static-libs udev urandom"
+IUSE="${CRYPTO_BACKENDS} +argon2 libressl nls pwquality reencrypt static static-libs +udev urandom"
REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
- python? ( ${PYTHON_REQUIRED_USE} )
+ libressl? ( openssl )
static? ( !gcrypt )" #496612
-LIB_DEPEND="dev-libs/libgpg-error[static-libs(+)]
+LIB_DEPEND="
+ dev-libs/json-c:=[static-libs(+)]
+ dev-libs/libgpg-error[static-libs(+)]
dev-libs/popt[static-libs(+)]
- sys-apps/util-linux[static-libs(+)]
+ >=sys-apps/util-linux-2.31-r1[static-libs(+)]
+ argon2? ( app-crypt/argon2:=[static-libs(+)] )
gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] )
nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
openssl? (
!libressl? ( dev-libs/openssl:0=[static-libs(+)] )
- libressl? ( dev-libs/libressl:=[static-libs(+)] )
+ libressl? ( dev-libs/libressl:0=[static-libs(+)] )
)
pwquality? ( dev-libs/libpwquality[static-libs(+)] )
sys-fs/lvm2[static-libs(+)]
- udev? ( virtual/libudev[static-libs(+)] )"
+ udev? ( virtual/libudev[static-libs(-)] )"
# We have to always depend on ${LIB_DEPEND} rather than put behind
# !static? () because we provide a shared library which links against
# these other packages. #414665
RDEPEND="static-libs? ( ${LIB_DEPEND} )
- ${LIB_DEPEND//\[static-libs\(+\)\]}
- python? ( ${PYTHON_DEPS} )"
+ ${LIB_DEPEND//\[static-libs\([+-]\)\]}"
DEPEND="${RDEPEND}
- virtual/pkgconfig
static? ( ${LIB_DEPEND} )"
+BDEPEND="
+ virtual/pkgconfig
+"
-#PATCHES=( )
+S="${WORKDIR}/${P/_/-}"
+
+PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch )
pkg_setup() {
local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
@@ -58,14 +62,8 @@ pkg_setup() {
src_prepare() {
sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
- #epatch "${PATCHES[@]}"
- epatch_user && eautoreconf
-
- if use python ; then
- cd python
- cp "${FILESDIR}"/setup-1.7.0.py setup.py || die
- distutils-r1_src_prepare
- fi
+ default
+ eautoreconf
}
src_configure() {
@@ -75,27 +73,24 @@ src_configure() {
ewarn "userspace crypto libraries."
fi
- # We disable autotool python integration so we can use eclasses
- # for proper integration with multiple python versions.
- econf \
- --sbindir=/sbin \
- --enable-shared \
- --disable-python \
- $(use_enable static static-cryptsetup) \
- $(use_enable static-libs static) \
- $(use_enable nls) \
- $(use_enable pwquality) \
- $(use_enable reencrypt cryptsetup-reencrypt) \
- $(use_enable udev) \
- $(use_enable !urandom dev-random) \
+ local myeconfargs=(
+ --disable-internal-argon2
+ --enable-shared
+ --sbindir=/sbin
+ # for later use
+ --with-default-luks-format=LUKS1
+ --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d"
--with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done)
-
- use python && cd python && distutils-r1_src_configure
-}
-
-src_compile() {
- default
- use python && cd python && distutils-r1_src_compile
+ $(use_enable argon2 libargon2)
+ $(use_enable nls)
+ $(use_enable pwquality)
+ $(use_enable reencrypt cryptsetup-reencrypt)
+ $(use_enable static static-cryptsetup)
+ $(use_enable static-libs static)
+ $(use_enable udev)
+ $(use_enable !urandom dev-random)
+ )
+ econf "${myeconfargs[@]}"
}
src_test() {
@@ -103,26 +98,31 @@ src_test() {
ewarn "No /dev/mapper/control found -- skipping tests"
return 0
fi
+
local p
for p in /dev/mapper /dev/loop* ; do
addwrite ${p}
done
+
default
}
src_install() {
default
+
if use static ; then
mv "${ED}"/sbin/cryptsetup{.static,} || die
mv "${ED}"/sbin/veritysetup{.static,} || die
- use reencrypt && { mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die ; }
+ if use reencrypt ; then
+ mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die
+ fi
fi
- prune_libtool_files --modules
+ find "${ED}" -type f -name "*.la" -delete || die
- newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt.example # install as example
- newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
+ dodoc docs/v*ReleaseNotes
- use python && cd python && distutils-r1_src_install
+ newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt.stub
+ newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt
}
pkg_preinst() {
diff --git a/sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd b/sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd
index 699d7e75..642ff087 100644
--- a/sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd
+++ b/sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd
@@ -1,5 +1,31 @@
# /etc/conf.d/dmcrypt
+# For people who run dmcrypt on top of some other layer (like raid),
+# use rc_need to specify that requirement. See the runscript(8) man
+# page for more information.
+
+#--------------------
+# Instructions
+#--------------------
+
+# Note regarding the syntax of this file. This file is *almost* bash,
+# but each line is evaluated separately. Separate swaps/targets can be
+# specified. The init-script which reads this file assumes that a
+# swap= or target= line starts a new section, similar to lilo or grub
+# configuration.
+
+# Note when using gpg keys and /usr on a separate partition, you will
+# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly
+# and ensure that gpg has been compiled statically.
+# See http://bugs.gentoo.org/90482 for more information.
+
+# Note that the init-script which reads this file detects whether your
+# partition is LUKS or not. No mkfs is run unless you specify a makefs
+# option.
+
+# Global options:
+#----------------
+
# How long to wait for each timeout (in seconds).
dmcrypt_key_timeout=1
@@ -9,3 +35,77 @@ dmcrypt_key_timeout=1
# Number of password retries.
dmcrypt_retries=5
+# Arguments:
+#-----------
+# target=<name> == Mapping name for partition.
+# swap=<name> == Mapping name for swap partition.
+# source='<dev>' == Real device for partition.
+# Note: You can (and should) specify a tag like UUID
+# for blkid (see -t option). This is safer than using
+# the full path to the device.
+# key='</path/to/keyfile>[:<mode>]' == Fullpath from / or from inside removable media.
+# remdev='<dev>' == Device that will be assigned to removable media.
+# gpg_options='<opts>' == Default are --quiet --decrypt
+# options='<opts>' == cryptsetup, for LUKS you can only use --readonly
+# loop_file='<file>' == Loopback file.
+# Note: If you omit $source, then a free loopback will
+# be looked up automatically.
+# pre_mount='cmds' == commands to execute before mounting partition.
+# post_mount='cmds' == commands to execute after mounting partition.
+#-----------
+# Supported Modes
+# gpg == decrypt and pipe key into cryptsetup.
+# Note: new-line character must not be part of key.
+# Command to erase \n char: 'cat key | tr -d '\n' > cleanKey'
+
+#--------------------
+# dm-crypt examples
+#--------------------
+
+## swap
+# Swap partitions. These should come first so that no keys make their
+# way into unencrypted swap.
+# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom
+# If no makefs is given then mkswap will be assumed
+#swap=crypt-swap
+#source='/dev/hda2'
+
+## /home with passphrase
+#target=crypt-home
+#source='/dev/hda5'
+
+## /home with regular keyfile
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey'
+
+## /home with gpg protected key
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey:gpg'
+
+## /home with regular keyfile on removable media(such as usb-stick)
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey'
+#remdev='/dev/sda1'
+
+## /home with gpg protected key on removable media(such as usb-stick)
+#target=crypt-home
+#source='/dev/hda5'
+#key='/full/path/to/homekey:gpg'
+#remdev='/dev/sda1'
+
+## /tmp with regular keyfile
+#target=crypt-tmp
+#source='/dev/hda6'
+#key='/full/path/to/tmpkey'
+#pre_mount='/sbin/mkreiserfs -f -f ${dev}'
+#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'
+
+## Loopback file example
+#target='crypt-loop-home'
+#source='/dev/loop0'
+#loop_file='/mnt/crypt/home'
+
+# The file must be terminated by a newline. Or leave this comment last.
diff --git a/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch b/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch
new file mode 100644
index 00000000..39524ec3
--- /dev/null
+++ b/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch
@@ -0,0 +1,18 @@
+--- a/src/Makemodule.am 2018-07-31 14:32:46.000000000 +0200
++++ b/src/Makemodule.am 2018-08-12 17:13:26.000000000 +0200
+@@ -64,6 +64,7 @@
+ $(veritysetup_LDADD) \
+ @CRYPTO_STATIC_LIBS@ \
+ @DEVMAPPER_STATIC_LIBS@ \
++ @PWQUALITY_STATIC_LIBS@ \
+ @UUID_LIBS@
+ endif
+ endif
+@@ -93,6 +94,7 @@
+ $(integritysetup_LDADD) \
+ @CRYPTO_STATIC_LIBS@ \
+ @DEVMAPPER_STATIC_LIBS@ \
++ @PWQUALITY_STATIC_LIBS@ \
+ @UUID_LIBS@
+ endif
+ endif
diff --git a/sys-fs/cryptsetup/files/setup-1.7.0.py b/sys-fs/cryptsetup/files/setup-1.7.0.py
deleted file mode 100644
index 0da063c0..00000000
--- a/sys-fs/cryptsetup/files/setup-1.7.0.py
+++ /dev/null
@@ -1,21 +0,0 @@
-import os
-from distutils.core import setup, Extension
-
-top_srcdir = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
-
-def get_ver():
- with open(os.path.join(top_srcdir, 'configure')) as f:
- for line in f:
- if line.startswith('PACKAGE_VERSION='):
- return line.split('=')[1].replace("'", '').strip()
-
-module = Extension('pycryptsetup',
- include_dirs=[os.path.join(top_srcdir, 'lib')],
- extra_compile_args=['-include', os.path.join(top_srcdir, 'config.h')],
- library_dirs=[os.path.join(top_srcdir, 'lib', '.libs')],
- libraries=['cryptsetup'],
- sources=['pycryptsetup.c'])
-
-setup(name='pycryptsetup',
- version=get_ver(),
- ext_modules=[module])