diff options
| -rw-r--r-- | metadata/md5-cache/sys-fs/cryfs-1.0.1-r1 | 16 | ||||
| -rw-r--r-- | metadata/pkg_desc_index | 1 | ||||
| -rw-r--r-- | sys-fs/cryfs/Manifest | 1 | ||||
| -rw-r--r-- | sys-fs/cryfs/cryfs-1.0.1-r1.ebuild | 173 | ||||
| -rw-r--r-- | sys-fs/cryfs/files/cryfs-1.0.1-unbundle-vendored-libs.patch | 209 |
5 files changed, 400 insertions, 0 deletions
diff --git a/metadata/md5-cache/sys-fs/cryfs-1.0.1-r1 b/metadata/md5-cache/sys-fs/cryfs-1.0.1-r1 new file mode 100644 index 00000000..2b616931 --- /dev/null +++ b/metadata/md5-cache/sys-fs/cryfs-1.0.1-r1 @@ -0,0 +1,16 @@ +BDEPEND=|| ( dev-lang/python:3.13 dev-lang/python:3.12 dev-lang/python:3.11 dev-lang/python:3.10 ) virtual/pkgconfig || ( ( dev-lang/python:3.13 dev-python/versioneer[python_targets_python3_13(-)] ) ( dev-lang/python:3.12 dev-python/versioneer[python_targets_python3_12(-)] ) ( dev-lang/python:3.11 dev-python/versioneer[python_targets_python3_11(-)] ) ( dev-lang/python:3.10 dev-python/versioneer[python_targets_python3_10(-)] ) ) app-alternatives/ninja >=dev-build/cmake-3.20.5 +DEFINED_PHASES=compile configure install postinst prepare setup test +DEPEND=dev-libs/boost:= dev-libs/crypto++:= dev-libs/libfmt:= dev-libs/spdlog:= >=sys-fs/fuse-2.8.6:0 dev-cpp/range-v3 net-misc/curl test? ( dev-cpp/gtest ) +DESCRIPTION=Encrypted FUSE filesystem that conceals metadata +EAPI=8 +HOMEPAGE=https://www.cryfs.org/ +INHERIT=cmake eapi9-ver flag-o-matic linux-info python-any-r1 +IUSE=test +KEYWORDS=~amd64 ~arm64 ~loong ~ppc64 ~riscv ~x86 +LICENSE=LGPL-3 MIT +RDEPEND=dev-libs/boost:= dev-libs/crypto++:= dev-libs/libfmt:= dev-libs/spdlog:= >=sys-fs/fuse-2.8.6:0 +RESTRICT=!test? ( test ) +SLOT=0 +SRC_URI=https://github.com/cryfs/cryfs/archive/refs/tags/1.0.1.tar.gz -> cryfs-1.0.1.tar.gz +_eclasses_=cmake 10a50dfaf728b802fcfd37f8d0da9056 eapi9-ver 6a71fa30cdb3fe445114fdeab156c1f0 flag-o-matic 357f1a896fbedcd06e5ce55419c49eb9 linux-info ea4122ba1d8791a12b78e53f9510a2e3 multilib b2a329026f2e404e9e371097dda47f96 multiprocessing 1e32df7deee68372153dca65f4a7c21f ninja-utils 2df4e452cea39a9ec8fb543ce059f8d6 python-any-r1 891415dfe39ad9b41b461f2b86354af0 python-utils-r1 b7726144f5af59e186d66746d0f513e5 toolchain-funcs 6afdb6107430c1832ca7e16aacbf8fa1 xdg-utils 42869b3c8d86a70ef3cf75165a395e09 +_md5_=07960d3dc2f4e0a6f6b77567a6523ecc diff --git a/metadata/pkg_desc_index b/metadata/pkg_desc_index index b8fd2c60..8e48223a 100644 --- a/metadata/pkg_desc_index +++ b/metadata/pkg_desc_index @@ -58,6 +58,7 @@ sys-boot/plymouth 0.9.4-r11: Graphical boot animation (splash) and logger sys-boot/rpi-imager 1.8.5: Raspberry Pi Imaging Utility sys-boot/unetbootin-static 625-r5: Universal Netboot Installer creates Live USB systems for various OS distributions sys-devel/gcc 13.2.1_p20240210-r5: The GNU Compiler Collection +sys-fs/cryfs 1.0.1-r1: Encrypted FUSE filesystem that conceals metadata sys-fs/cryptsetup 2.6.1-r5: Tool to setup encrypted devices with dm-crypt sys-fs/vhba 20240917: Virtual (SCSI) Host Bus Adapter kernel module for the CDEmu suite sys-fs/zfs 2.3.0: ZFS meta-package (Gentoo compatibility ebuild) diff --git a/sys-fs/cryfs/Manifest b/sys-fs/cryfs/Manifest new file mode 100644 index 00000000..5075d78d --- /dev/null +++ b/sys-fs/cryfs/Manifest @@ -0,0 +1 @@ +DIST cryfs-1.0.1.tar.gz 9527514 BLAKE2B 6bf6d82bcca46e7db1583e997e979fb8977202f24ee113f137f301849c806ffb8120de002e92e1c15040bb5b74a78f7ce535f22c1c59874530c053257031d8fa SHA512 04877832ad155806720fbfe27508ce546dd9dfdd4a44382412152459c24f509e5ae47447b85676acd26df800996893662b74c996da1edd52aa890ddb05cd34db diff --git a/sys-fs/cryfs/cryfs-1.0.1-r1.ebuild b/sys-fs/cryfs/cryfs-1.0.1-r1.ebuild new file mode 100644 index 00000000..9841e149 --- /dev/null +++ b/sys-fs/cryfs/cryfs-1.0.1-r1.ebuild @@ -0,0 +1,173 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) +inherit cmake eapi9-ver flag-o-matic linux-info python-any-r1 + +if [[ ${PV} == 9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/cryfs/cryfs" +else + SRC_URI=" + https://github.com/cryfs/cryfs/archive/refs/tags/${PV}.tar.gz + -> ${P}.tar.gz + " + KEYWORDS="~amd64 ~arm64 ~loong ~ppc64 ~riscv ~x86" +fi + +DESCRIPTION="Encrypted FUSE filesystem that conceals metadata" +HOMEPAGE="https://www.cryfs.org/" + +LICENSE="LGPL-3 MIT" +SLOT="0" +IUSE="test" +RESTRICT="!test? ( test )" + +RDEPEND=" + dev-libs/boost:= + dev-libs/crypto++:= + dev-libs/libfmt:= + dev-libs/spdlog:= + >=sys-fs/fuse-2.8.6:0 +" +DEPEND=" + ${RDEPEND} + dev-cpp/range-v3 + net-misc/curl + test? ( + dev-cpp/gtest + ) +" +BDEPEND=" + ${PYTHON_DEPS} + virtual/pkgconfig + $(python_gen_any_dep ' + dev-python/versioneer[${PYTHON_USEDEP}] + ') +" + +PATCHES=( + # TODO: upstream: + "${FILESDIR}"/cryfs-1.0.1-unbundle-vendored-libs.patch +) + +python_check_deps() { + python_has_version "dev-python/versioneer[${PYTHON_USEDEP}]" +} + +pkg_setup() { + local CONFIG_CHECK="~FUSE_FS" + local WARNING_FUSE_FS="CONFIG_FUSE_FS is required for cryfs support." + + check_extra_config + python-any-r1_pkg_setup +} + +src_prepare() { + cmake_src_prepare + + # don't install compressed manpage + cmake_comment_add_subdirectory doc + + # We use the package instead for >=py3.12 compat, bug #908997 + rm src/gitversion/versioneer.py || die + + # Hook up ctest properly for better maintainer quality of life + sed -i -e '/option(BUILD_TESTING/aenable_testing()' CMakeLists.txt || die + sed -i -e '/BUILD_TESTING/a include(GoogleTest)' test/CMakeLists.txt || die + sed -i -e 's/add_test/gtest_discover_tests/' test/*/CMakeLists.txt || die +} + +src_configure() { + # ODR violations (bug #880563) + # ./CMakeLists.txt + # """ + # We don't use LTO because crypto++ has problems with it, + # see https://github.com/weidai11/cryptopp/issues/1031 and + # https://www.cryptopp.com/wiki/Link_Time_Optimization + # """ + filter-lto + + local mycmakeargs=( + # Upstream inconsistently specifies their libraries as STATIC + # Leading to issues when static libraries without PIC are linked + # with PIC shared libraries. + -DBUILD_SHARED_LIBS=OFF + -DBUILD_TESTING=$(usex test) + -DCRYFS_UPDATE_CHECKS=OFF + -DUSE_SYSTEM_LIBS=ON + ) + + append-cppflags -DNDEBUG + + # bug 907096 + use elibc_musl && append-flags -D_LARGEFILE64_SOURCE + + cmake_src_configure +} + +src_test() { + local TMPDIR="${T}" + + local CMAKE_SKIP_TESTS=( + # Cannot test mounting filesystems in sandbox + # Filesystem did not call onMounted callback, probably wasn't successfully mounted. + # bug #808849 + CliTest.WorksWithCommasInBasedir + CliTest_IntegrityCheck.givenIncorrectFilesystemId_thenFails + CliTest_IntegrityCheck.givenIncorrectFilesystemKey_thenFails + CliTest_Setup.AutocreateBasedir + CliTest_Setup.AutocreateMountpoint + CliTest_Setup.ConfigfileGiven + CliTest_Setup.ExistingLogfileGiven + CliTest_Setup.NoSpecialOptions + CliTest_Setup.NotexistingLogfileGiven + CliTest_Unmount.givenMountedFilesystem_whenUnmounting_thenSucceeds + RunningInForeground/CliTest_WrongEnvironment.BaseDir_AllPermissions + RunningInForeground/CliTest_WrongEnvironment.BaseDir_DoesntExist_Create + RunningInForeground/CliTest_WrongEnvironment.MountDir_AllPermissions + RunningInForeground/CliTest_WrongEnvironment.MountDir_DoesntExist_Create + RunningInForeground/CliTest_WrongEnvironment.NoErrorCondition + RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.BaseDir_AllPermissions + RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.BaseDir_DoesntExist_Create + RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.MountDir_AllPermissions + RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.MountDir_DoesntExist_Create + RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.NoErrorCondition + RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.BaseDir_AllPermissions + RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.BaseDir_DoesntExist_Create + RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.MountDir_AllPermissions + RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.MountDir_DoesntExist_Create + RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.NoErrorCondition + RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.BaseDir_AllPermissions + RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.BaseDir_DoesntExist_Create + RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.MountDir_AllPermissions + RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.MountDir_DoesntExist_Create + RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.NoErrorCondition + # Filesystem did not call onMounted callback, probably wasn't successfully mounted. + # fuse: failed to open /dev/fuse: Permission denied + CliTest_IntegrityCheck.givenFilesystemWithRolledBackBasedir_whenMounting_thenFails + CliTest_IntegrityCheck.whenRollingBackBasedirWhileMounted_thenUnmounts + # Tests that hang due to being unable to open fuse + # bug #699044 + # fuse: failed to open /dev/fuse: Permission denied + Fuse* + ) + + cmake_src_test +} + +src_install() { + cmake_src_install + doman doc/man/cryfs.1 + doman doc/man/cryfs-unmount.1 +} + +pkg_postinst() { + elog "Filesystems created with CryFS 0.11.x and CryFS 1.0.0 are fully compatible with each other." + elog "This means filesystems created with 0.10.x or 0.11.x can be mounted without requiring a migration." + elog "Filesystems created with 1.0.0 or 0.11.x can be mounted by CryFS 0.10.x," + elog "but only if you configure it to use a cipher supported by CryFS 0.10.x, e.g. AES-256-GCM." + elog "The new default, XChaCha20-Poly1305, is not supported by CryFS 0.10.x." +} diff --git a/sys-fs/cryfs/files/cryfs-1.0.1-unbundle-vendored-libs.patch b/sys-fs/cryfs/files/cryfs-1.0.1-unbundle-vendored-libs.patch new file mode 100644 index 00000000..bfb5d497 --- /dev/null +++ b/sys-fs/cryfs/files/cryfs-1.0.1-unbundle-vendored-libs.patch @@ -0,0 +1,209 @@ +From a1973df742bbdac335b28786f4d429e522bcf411 Mon Sep 17 00:00:00 2001 +From: Alfred Wingate <parona@protonmail.com> +Date: Mon, 3 Jun 2024 15:05:01 +0300 +Subject: [PATCH] Add USE_SYSTEM_LIBS option to build without bundled libs + +* Based on a patch by Andreas Sturmlechner. +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -16,6 +16,7 @@ require_clang_version(7.0) + option(BUILD_TESTING "build test cases" OFF) + option(CRYFS_UPDATE_CHECKS "let cryfs check for updates and security vulnerabilities" ON) + option(DISABLE_OPENMP "allow building without OpenMP libraries. This will cause performance degradations." OFF) ++option(USE_SYSTEM_LIBS "build with system libs instead of bundled libs" OFF) + + # The following options are helpful for development and/or CI + option(USE_WERROR "build with -Werror flag") +@@ -41,7 +42,15 @@ endif() + + include(cmake-utils/Dependencies.cmake) + +-add_subdirectory(vendor EXCLUDE_FROM_ALL) ++if(USE_SYSTEM_LIBS) ++ include(FindPkgConfig) ++ pkg_check_modules(CRYPTOPP REQUIRED IMPORTED_TARGET libcryptopp>=8.9) ++ add_library(cryfs_vendor_cryptopp ALIAS PkgConfig::CRYPTOPP) ++ add_definitions(-DUSE_SYSTEM_LIBS) ++else() ++ add_subdirectory(vendor EXCLUDE_FROM_ALL) ++endif() ++ + add_subdirectory(src) + add_subdirectory(doc) + add_subdirectory(test) +--- a/src/blockstore/implementations/compressing/compressors/Gzip.cpp ++++ b/src/blockstore/implementations/compressing/compressors/Gzip.cpp +@@ -1,5 +1,9 @@ + #include "Gzip.h" ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/gzip.h> ++#else + #include <vendor_cryptopp/gzip.h> ++#endif + + using cpputils::Data; + +--- a/src/cpp-utils/crypto/hash/Hash.cpp ++++ b/src/cpp-utils/crypto/hash/Hash.cpp +@@ -1,6 +1,10 @@ + #include "Hash.h" + #include <cpp-utils/random/Random.h> ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/sha.h> ++#else + #include <vendor_cryptopp/sha.h> ++#endif + + using CryptoPP::SHA512; + +--- a/src/cpp-utils/crypto/kdf/Scrypt.cpp ++++ b/src/cpp-utils/crypto/kdf/Scrypt.cpp +@@ -1,5 +1,9 @@ + #include "Scrypt.h" ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/scrypt.h> ++#else + #include <vendor_cryptopp/scrypt.h> ++#endif + + using std::string; + +--- a/src/cpp-utils/crypto/symmetric/CFB_Cipher.h ++++ b/src/cpp-utils/crypto/symmetric/CFB_Cipher.h +@@ -6,7 +6,11 @@ + #include "../../data/Data.h" + #include "../../random/Random.h" + #include <boost/optional.hpp> ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/modes.h> ++#else + #include <vendor_cryptopp/modes.h> ++#endif + #include "Cipher.h" + #include "EncryptionKey.h" + +--- a/src/cpp-utils/crypto/symmetric/GCM_Cipher.h ++++ b/src/cpp-utils/crypto/symmetric/GCM_Cipher.h +@@ -3,7 +3,12 @@ + #define MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_GCMCIPHER_H_ + + #include "AEAD_Cipher.h" ++ ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/gcm.h> ++#else + #include <vendor_cryptopp/gcm.h> ++#endif + + namespace cpputils { + +--- a/src/cpp-utils/crypto/symmetric/ciphers.h ++++ b/src/cpp-utils/crypto/symmetric/ciphers.h +@@ -2,12 +2,21 @@ + #ifndef MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_CIPHERS_H_ + #define MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_CIPHERS_H_ + ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/aes.h> ++#include <cryptopp/twofish.h> ++#include <cryptopp/serpent.h> ++#include <cryptopp/cast.h> ++#include <cryptopp/mars.h> ++#include <cryptopp/chachapoly.h> ++#else + #include <vendor_cryptopp/aes.h> + #include <vendor_cryptopp/twofish.h> + #include <vendor_cryptopp/serpent.h> + #include <vendor_cryptopp/cast.h> + #include <vendor_cryptopp/mars.h> + #include <vendor_cryptopp/chachapoly.h> ++#endif + #include "GCM_Cipher.h" + #include "CFB_Cipher.h" + +--- a/src/cpp-utils/data/Data.cpp ++++ b/src/cpp-utils/data/Data.cpp +@@ -1,6 +1,10 @@ + #include "Data.h" + #include <stdexcept> ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/hex.h> ++#else + #include <vendor_cryptopp/hex.h> ++#endif + + using std::istream; + using std::ofstream; +--- a/src/cpp-utils/data/FixedSizeData.h ++++ b/src/cpp-utils/data/FixedSizeData.h +@@ -2,7 +2,11 @@ + #ifndef MESSMER_CPPUTILS_DATA_FIXEDSIZEDATA_H_ + #define MESSMER_CPPUTILS_DATA_FIXEDSIZEDATA_H_ + ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/hex.h> ++#else + #include <vendor_cryptopp/hex.h> ++#endif + #include <string> + #include <array> + #include <cstring> +--- a/src/cpp-utils/random/OSRandomGenerator.h ++++ b/src/cpp-utils/random/OSRandomGenerator.h +@@ -3,7 +3,11 @@ + #define MESSMER_CPPUTILS_RANDOM_OSRANDOMGENERATOR_H + + #include "RandomGenerator.h" ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/osrng.h> ++#else + #include <vendor_cryptopp/osrng.h> ++#endif + + namespace cpputils { + class OSRandomGenerator final : public RandomGenerator { +--- a/src/cpp-utils/random/RandomGeneratorThread.h ++++ b/src/cpp-utils/random/RandomGeneratorThread.h +@@ -4,7 +4,11 @@ + + #include "../thread/LoopThread.h" + #include "ThreadsafeRandomDataBuffer.h" ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/osrng.h> ++#else + #include <vendor_cryptopp/osrng.h> ++#endif + + namespace cpputils { + //TODO Test +--- a/src/cryfs/impl/localstate/BasedirMetadata.cpp ++++ b/src/cryfs/impl/localstate/BasedirMetadata.cpp +@@ -1,7 +1,11 @@ + #include "BasedirMetadata.h" + #include <boost/property_tree/ptree.hpp> + #include <boost/property_tree/json_parser.hpp> ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/sha.h> ++#else + #include <vendor_cryptopp/sha.h> ++#endif + #include <boost/filesystem/operations.hpp> + #include "LocalStateDir.h" + #include <cpp-utils/logging/logging.h> +--- a/test/cryfs/impl/config/CompatibilityTest.cpp ++++ b/test/cryfs/impl/config/CompatibilityTest.cpp +@@ -2,7 +2,11 @@ + #include <vector> + #include <boost/filesystem.hpp> + #include <cpp-utils/data/Data.h> ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/hex.h> ++#else + #include <vendor_cryptopp/hex.h> ++#endif + #include <cpp-utils/crypto/symmetric/ciphers.h> + #include <cpp-utils/tempfile/TempFile.h> + #include <cryfs/impl/config/CryConfigFile.h> +-- +2.48.0 + |