From 5986ab5735b24557718ed7189cffd9e64c24d32a Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 18 Jul 2023 15:45:16 +0100 Subject: sys-fs/cryptsetup : version bump --- metadata/md5-cache/sys-apps/baselayout-2.13-r4 | 15 - metadata/md5-cache/sys-apps/baselayout-2.13-r5 | 15 + metadata/md5-cache/sys-fs/cryptsetup-2.3.4-r10 | 16 - metadata/md5-cache/sys-fs/cryptsetup-2.6.1-r5 | 17 + metadata/pkg_desc_index | 4 +- sys-apps/baselayout/baselayout-2.13-r4.ebuild | 442 --------------------- sys-apps/baselayout/baselayout-2.13-r5.ebuild | 442 +++++++++++++++++++++ sys-apps/baselayout/files/dmcryptcfg | 9 + sys-fs/cryptsetup/Manifest | 2 +- sys-fs/cryptsetup/cryptsetup-2.3.4-r10.ebuild | 138 ------- sys-fs/cryptsetup/cryptsetup-2.6.1-r5.ebuild | 147 +++++++ sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd | 111 ------ sys-fs/cryptsetup/files/1.6.7-dmcrypt.rc | 339 ---------------- sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc | 368 +++++++++++++++++ ...yptsetup-2.0.4-fix-static-pwquality-build.patch | 18 - 15 files changed, 1001 insertions(+), 1082 deletions(-) delete mode 100644 metadata/md5-cache/sys-apps/baselayout-2.13-r4 create mode 100644 metadata/md5-cache/sys-apps/baselayout-2.13-r5 delete mode 100644 metadata/md5-cache/sys-fs/cryptsetup-2.3.4-r10 create mode 100644 metadata/md5-cache/sys-fs/cryptsetup-2.6.1-r5 delete mode 100644 sys-apps/baselayout/baselayout-2.13-r4.ebuild create mode 100644 sys-apps/baselayout/baselayout-2.13-r5.ebuild delete mode 100644 sys-fs/cryptsetup/cryptsetup-2.3.4-r10.ebuild create mode 100644 sys-fs/cryptsetup/cryptsetup-2.6.1-r5.ebuild delete mode 100644 sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd delete mode 100644 sys-fs/cryptsetup/files/1.6.7-dmcrypt.rc create mode 100644 sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc delete mode 100644 sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch diff --git a/metadata/md5-cache/sys-apps/baselayout-2.13-r4 b/metadata/md5-cache/sys-apps/baselayout-2.13-r4 deleted file mode 100644 index 989aefd7..00000000 --- a/metadata/md5-cache/sys-apps/baselayout-2.13-r4 +++ /dev/null @@ -1,15 +0,0 @@ -BDEPEND=virtual/pkgconfig -DEFINED_PHASES=install postinst postrm preinst prepare setup -DEPEND=acct-group/smbshare sys-apps/fakeroot !net-fs/sambacfg !sys-boot/grubcfg !sys-kernel/dracutcfg -DESCRIPTION=Filesystem baselayout and init scripts -EAPI=7 -HOMEPAGE=https://wiki.gentoo.org/wiki/No_homepage -INHERIT=multilib prefix udev -IUSE=build +split-usr -KEYWORDS=~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt -LICENSE=GPL-2 -RDEPEND=acct-group/smbshare sys-apps/fakeroot !net-fs/sambacfg !sys-boot/grubcfg !sys-kernel/dracutcfg !sys-apps/baselayout-prefix -SLOT=0 -SRC_URI=https://gitweb.gentoo.org/proj/baselayout.git/snapshot/baselayout-2.13.tar.bz2 -_eclasses_=multilib c19072c3cd7ac5cb21de013f7e9832e0 prefix eab3c99d77fe00506c109c8a736186f7 toolchain-funcs 513c31b3346458ed1f3878b57da6d61c udev eec0bbab06977f1cfc5597269c1fa152 -_md5_=c1bdabf12e133e71aaba1809105bb9bb diff --git a/metadata/md5-cache/sys-apps/baselayout-2.13-r5 b/metadata/md5-cache/sys-apps/baselayout-2.13-r5 new file mode 100644 index 00000000..989aefd7 --- /dev/null +++ b/metadata/md5-cache/sys-apps/baselayout-2.13-r5 @@ -0,0 +1,15 @@ +BDEPEND=virtual/pkgconfig +DEFINED_PHASES=install postinst postrm preinst prepare setup +DEPEND=acct-group/smbshare sys-apps/fakeroot !net-fs/sambacfg !sys-boot/grubcfg !sys-kernel/dracutcfg +DESCRIPTION=Filesystem baselayout and init scripts +EAPI=7 +HOMEPAGE=https://wiki.gentoo.org/wiki/No_homepage +INHERIT=multilib prefix udev +IUSE=build +split-usr +KEYWORDS=~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt +LICENSE=GPL-2 +RDEPEND=acct-group/smbshare sys-apps/fakeroot !net-fs/sambacfg !sys-boot/grubcfg !sys-kernel/dracutcfg !sys-apps/baselayout-prefix +SLOT=0 +SRC_URI=https://gitweb.gentoo.org/proj/baselayout.git/snapshot/baselayout-2.13.tar.bz2 +_eclasses_=multilib c19072c3cd7ac5cb21de013f7e9832e0 prefix eab3c99d77fe00506c109c8a736186f7 toolchain-funcs 513c31b3346458ed1f3878b57da6d61c udev eec0bbab06977f1cfc5597269c1fa152 +_md5_=c1bdabf12e133e71aaba1809105bb9bb diff --git a/metadata/md5-cache/sys-fs/cryptsetup-2.3.4-r10 b/metadata/md5-cache/sys-fs/cryptsetup-2.3.4-r10 deleted file mode 100644 index d6953386..00000000 --- a/metadata/md5-cache/sys-fs/cryptsetup-2.3.4-r10 +++ /dev/null @@ -1,16 +0,0 @@ -BDEPEND=virtual/pkgconfig sys-devel/gnuconfig >=app-portage/elt-patches-20170815 || ( >=sys-devel/automake-1.16.5:1.16 ) >=sys-devel/autoconf-2.71-r5 >=sys-devel/libtool-2.4.7 -DEFINED_PHASES=configure install postinst preinst prepare setup test -DEPEND=static-libs? ( dev-libs/json-c:=[static-libs(+)] dev-libs/libgpg-error[static-libs(+)] dev-libs/popt[static-libs(+)] >=sys-apps/util-linux-2.31-r1[static-libs(+)] argon2? ( app-crypt/argon2:=[static-libs(+)] ) gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] ) nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) openssl? ( !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) libressl? ( dev-libs/libressl:0=[static-libs(+)] ) ) pwquality? ( dev-libs/libpwquality[static-libs(+)] ) sys-fs/lvm2[static-libs(+)] udev? ( virtual/libudev[static-libs(-)] ) ) dev-libs/json-c:= dev-libs/libgpg-error dev-libs/popt >=sys-apps/util-linux-2.31-r1 argon2? ( app-crypt/argon2:= ) gcrypt? ( dev-libs/libgcrypt:0= ) nettle? ( >=dev-libs/nettle-2.4 ) openssl? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl:0= ) ) pwquality? ( dev-libs/libpwquality ) sys-fs/lvm2 udev? ( virtual/libudev ) static? ( dev-libs/json-c:=[static-libs(+)] dev-libs/libgpg-error[static-libs(+)] dev-libs/popt[static-libs(+)] >=sys-apps/util-linux-2.31-r1[static-libs(+)] argon2? ( app-crypt/argon2:=[static-libs(+)] ) gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] ) nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) openssl? ( !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) libressl? ( dev-libs/libressl:0=[static-libs(+)] ) ) pwquality? ( dev-libs/libpwquality[static-libs(+)] ) sys-fs/lvm2[static-libs(+)] udev? ( virtual/libudev[static-libs(-)] ) ) -DESCRIPTION=Tool to setup encrypted devices with dm-crypt -EAPI=7 -HOMEPAGE=https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md -INHERIT=autotools linux-info libtool -IUSE=gcrypt kernel nettle +openssl +argon2 libressl nls pwquality reencrypt static static-libs +udev urandom -KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 -LICENSE=GPL-2+ -RDEPEND=static-libs? ( dev-libs/json-c:=[static-libs(+)] dev-libs/libgpg-error[static-libs(+)] dev-libs/popt[static-libs(+)] >=sys-apps/util-linux-2.31-r1[static-libs(+)] argon2? ( app-crypt/argon2:=[static-libs(+)] ) gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] ) nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) openssl? ( !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) libressl? ( dev-libs/libressl:0=[static-libs(+)] ) ) pwquality? ( dev-libs/libpwquality[static-libs(+)] ) sys-fs/lvm2[static-libs(+)] udev? ( virtual/libudev[static-libs(-)] ) ) dev-libs/json-c:= dev-libs/libgpg-error dev-libs/popt >=sys-apps/util-linux-2.31-r1 argon2? ( app-crypt/argon2:= ) gcrypt? ( dev-libs/libgcrypt:0= ) nettle? ( >=dev-libs/nettle-2.4 ) openssl? ( !libressl? ( dev-libs/openssl:0= ) libressl? ( dev-libs/libressl:0= ) ) pwquality? ( dev-libs/libpwquality ) sys-fs/lvm2 udev? ( virtual/libudev ) -REQUIRED_USE=^^ ( gcrypt kernel nettle openssl ) libressl? ( openssl ) static? ( !gcrypt ) -SLOT=0/12 -SRC_URI=https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/cryptsetup-2.3.4.tar.xz -_eclasses_=autotools 6ae9a4347149b19a112caa1182d03bde gnuconfig b6b3e92f8b8c996400074b5f61a59256 libtool 9d3a9a889a6fa62ae794f817c156491b linux-info c4f1201b96a8a2c1f3b86cc8b2c71c91 multilib c19072c3cd7ac5cb21de013f7e9832e0 toolchain-funcs 513c31b3346458ed1f3878b57da6d61c -_md5_=09fda009fa5d1885b97c3f6447cfff12 diff --git a/metadata/md5-cache/sys-fs/cryptsetup-2.6.1-r5 b/metadata/md5-cache/sys-fs/cryptsetup-2.6.1-r5 new file mode 100644 index 00000000..c5561ff8 --- /dev/null +++ b/metadata/md5-cache/sys-fs/cryptsetup-2.6.1-r5 @@ -0,0 +1,17 @@ +BDEPEND=virtual/pkgconfig test? ( app-editors/vim-core ) +DEFINED_PHASES=configure install postinst prepare setup test +DEPEND=static-libs? ( dev-libs/json-c:=[static-libs(+)] dev-libs/popt[static-libs(+)] >=sys-apps/util-linux-2.31-r1[static-libs(+)] argon2? ( app-crypt/argon2:=[static-libs(+)] ) gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] dev-libs/libgpg-error[static-libs(+)] ) nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) openssl? ( dev-libs/openssl:0=[static-libs(+)] ) pwquality? ( dev-libs/libpwquality[static-libs(+)] ) ssh? ( net-libs/libssh[static-libs(+)] ) sys-fs/lvm2[static-libs(+)] ) dev-libs/json-c:= dev-libs/popt >=sys-apps/util-linux-2.31-r1 argon2? ( app-crypt/argon2:= ) gcrypt? ( dev-libs/libgcrypt:0= dev-libs/libgpg-error ) nettle? ( >=dev-libs/nettle-2.4 ) openssl? ( dev-libs/openssl:0= ) pwquality? ( dev-libs/libpwquality ) ssh? ( net-libs/libssh ) sys-fs/lvm2 udev? ( virtual/libudev:= ) static? ( dev-libs/json-c:=[static-libs(+)] dev-libs/popt[static-libs(+)] >=sys-apps/util-linux-2.31-r1[static-libs(+)] argon2? ( app-crypt/argon2:=[static-libs(+)] ) gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] dev-libs/libgpg-error[static-libs(+)] ) nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) openssl? ( dev-libs/openssl:0=[static-libs(+)] ) pwquality? ( dev-libs/libpwquality[static-libs(+)] ) ssh? ( net-libs/libssh[static-libs(+)] ) sys-fs/lvm2[static-libs(+)] ) +DESCRIPTION=Tool to setup encrypted devices with dm-crypt +EAPI=8 +HOMEPAGE=https://gitlab.com/cryptsetup/cryptsetup +INHERIT=linux-info tmpfiles +IUSE=gcrypt kernel nettle +openssl +argon2 fips nls pwquality ssh static static-libs test +udev urandom +KEYWORDS=~alpha amd64 arm arm64 hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86 +LICENSE=GPL-2+ +RDEPEND=static-libs? ( dev-libs/json-c:=[static-libs(+)] dev-libs/popt[static-libs(+)] >=sys-apps/util-linux-2.31-r1[static-libs(+)] argon2? ( app-crypt/argon2:=[static-libs(+)] ) gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] dev-libs/libgpg-error[static-libs(+)] ) nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) openssl? ( dev-libs/openssl:0=[static-libs(+)] ) pwquality? ( dev-libs/libpwquality[static-libs(+)] ) ssh? ( net-libs/libssh[static-libs(+)] ) sys-fs/lvm2[static-libs(+)] ) dev-libs/json-c:= dev-libs/popt >=sys-apps/util-linux-2.31-r1 argon2? ( app-crypt/argon2:= ) gcrypt? ( dev-libs/libgcrypt:0= dev-libs/libgpg-error ) nettle? ( >=dev-libs/nettle-2.4 ) openssl? ( dev-libs/openssl:0= ) pwquality? ( dev-libs/libpwquality ) ssh? ( net-libs/libssh ) sys-fs/lvm2 udev? ( virtual/libudev:= ) virtual/tmpfiles +REQUIRED_USE=^^ ( gcrypt kernel nettle openssl ) static? ( !gcrypt !ssh !udev !fips ) fips? ( !kernel !nettle ) +RESTRICT=!test? ( test ) +SLOT=0/12 +SRC_URI=https://www.kernel.org/pub/linux/utils/cryptsetup/v2.6/cryptsetup-2.6.1.tar.xz +_eclasses_=linux-info c4f1201b96a8a2c1f3b86cc8b2c71c91 multilib c19072c3cd7ac5cb21de013f7e9832e0 tmpfiles 216aa76c3a6fcb5d893c23a0de86048f toolchain-funcs 513c31b3346458ed1f3878b57da6d61c +_md5_=ffd97a42af384b00fad98655d08345e3 diff --git a/metadata/pkg_desc_index b/metadata/pkg_desc_index index 79b01ead..a2b35313 100644 --- a/metadata/pkg_desc_index +++ b/metadata/pkg_desc_index @@ -38,7 +38,7 @@ net-dialup/rp-pppoe 4.0-r5: A user-mode PPPoE client and server suite for Linux net-misc/warpinator 1.4.5: Share files across the LAN net-print/lexmark-upd-ppd 1.0.0.20210304-r1: Lexmark universal printer driver PPDs net-wireless/broadcom-sta 6.30.223.271-r4: Broadcom's IEEE 802.11a/b/g/n hybrid Linux device driver -sys-apps/baselayout 2.13-r4: Filesystem baselayout and init scripts +sys-apps/baselayout 2.13-r5: Filesystem baselayout and init scripts sys-apps/firetools 0.9.64: Graphical user interface of app-emulation/firejail sys-apps/lsb-release 3.2-r2: LSB version query program sys-apps/openrc 0.47.1-r1: OpenRC manages the services, startup and shutdown of a host @@ -49,7 +49,7 @@ sys-boot/grub 2.04-r13: GNU GRUB boot loader sys-boot/os-prober 1.77-r10: Utility to detect other OSs on a set of drives sys-boot/plymouth 0.9.4-r11: Graphical boot animation (splash) and logger sys-boot/unetbootin-static 625-r3: Universal Netboot Installer creates Live USB systems for various OS distributions -sys-fs/cryptsetup 2.3.4-r10: Tool to setup encrypted devices with dm-crypt +sys-fs/cryptsetup 2.6.1-r5: Tool to setup encrypted devices with dm-crypt sys-fs/gocryptfs 2.0.1-r1: Encrypted overlay filesystem written in Go sys-fs/vhba 20211218: Virtual (SCSI) Host Bus Adapter kernel module for the CDEmu suite sys-fs/zfs 2.1.12: ZFS meta-package (Gentoo compatibility ebuild) diff --git a/sys-apps/baselayout/baselayout-2.13-r4.ebuild b/sys-apps/baselayout/baselayout-2.13-r4.ebuild deleted file mode 100644 index cbfd0b2c..00000000 --- a/sys-apps/baselayout/baselayout-2.13-r4.ebuild +++ /dev/null @@ -1,442 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit multilib prefix udev - -DESCRIPTION="Filesystem baselayout and init scripts" -HOMEPAGE="https://wiki.gentoo.org/wiki/No_homepage" -if [[ ${PV} = 9999 ]]; then - EGIT_REPO_URI="https://anongit.gentoo.org/git/proj/${PN}.git" - inherit git-r3 -else - SRC_URI="https://gitweb.gentoo.org/proj/${PN}.git/snapshot/${P}.tar.bz2" - KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" -fi - -LICENSE="GPL-2" -SLOT="0" -IUSE="build +split-usr" - -DEPEND="acct-group/smbshare - sys-apps/fakeroot - !net-fs/sambacfg - !sys-boot/grubcfg - !sys-kernel/dracutcfg" -RDEPEND="${DEPEND} - !sys-apps/baselayout-prefix" - -pkg_setup() { - multilib_layout -} - -riscv_compat_symlink() { - # Here we apply some special sauce for riscv. - # Two multilib layouts exist for now: - # 1) one level libdirs, (32bit) "lib" and (64bit) "lib64" - # these are chosen by us to closely resemble other arches - # 2) two level libdirs, "lib64/lp64d" "lib64/lp64" "lib32/ilp32d" ... - # this is the glibc/gcc default - # Unfortunately, the default has only one fallback, which is "lib" - # for both 32bit and 64bit. So things do not break in 1), we need - # to provide compatibility symlinks... - - # This function has exactly two parameters: - # - the default libdir, to determine if 1) or 2) applies - # - the location of the symlink (which points to ".") - - # Note: we call this only in the ${SYMLINK_LIB} = no codepath, since - # there never was a ${SYMLINK_LIB} = yes riscv profile. - - case ${CHOST} in - riscv*) - # are we on a one level libdir profile? is there no symlink yet? - if [[ ${1} != */* && ! -L ${2} ]] ; then - ln -s . $2 || die "Unable to make $2 riscv compatibility symlink" - fi - ;; - esac -} - -# Create our multilib dirs - the Makefile has no knowledge of this -multilib_layout() { - local dir def_libdir libdir libdirs - local prefix prefix_lst - def_libdir=$(get_abi_LIBDIR $DEFAULT_ABI) - libdirs=$(get_all_libdirs) - - if [[ -z "${SYMLINK_LIB}" || ${SYMLINK_LIB} = no ]] ; then - prefix_lst=( "${EROOT}"/{,usr/,usr/local/} ) - for prefix in "${prefix_lst[@]}"; do - for libdir in ${libdirs}; do - dir="${prefix}${libdir}" - if [[ -e "${dir}" ]]; then - [[ ! -d "${dir}" ]] && - die "${dir} exists but is not a directory" - continue - fi - if ! use split-usr && [[ ${prefix} = ${EROOT}/ ]]; then - libdir="${libdir%%/*}" - dir="${prefix}${libdir}" - einfo "symlinking ${dir} to usr/${libdir}" - ln -s usr/${libdir} ${dir} || - die "Unable to make ${dir} symlink" - else - einfo "creating directory ${dir}" - mkdir -p "${dir}" || - die "Unable to create ${dir} directory" - fi - done - [[ -d "${prefix}${def_libdir}" ]] && riscv_compat_symlink "${def_libdir}" "${prefix}${def_libdir}/${DEFAULT_ABI}" - done - return 0 - fi - - [ -z "${def_libdir}" ] && - die "your DEFAULT_ABI=$DEFAULT_ABI appears to be invalid" - - # figure out which paths should be symlinks and which should be directories - local dirs syms exp d - for libdir in ${libdirs} ; do - if use split-usr ; then - exp=( {,usr/,usr/local/}${libdir} ) - else - exp=( {usr/,usr/local/}${libdir} ) - fi - for d in "${exp[@]}" ; do - # most things should be dirs - if [ "${SYMLINK_LIB}" = "yes" ] && [ "${libdir}" = "lib" ] ; then - [ ! -h "${d}" ] && [ -e "${d}" ] && dirs+=" ${d}" - else - [ -h "${d}" ] && syms+=" ${d}" - fi - done - done - if [ -n "${syms}${dirs}" ] ; then - ewarn "Your system profile has SYMLINK_LIB=${SYMLINK_LIB:-no}, so that means you need to" - ewarn "have these paths configured as follows:" - [ -n "${dirs}" ] && ewarn "symlinks to '${def_libdir}':${dirs}" - [ -n "${syms}" ] && ewarn "directories:${syms}" - ewarn "The ebuild will attempt to fix these, but only for trivial conversions." - ewarn "If things fail, you will need to manually create/move the directories." - echo - fi - - # setup symlinks and dirs where we expect them to be; do not migrate - # data ... just fall over in that case. - if use split-usr ; then - prefix_lst=( "${EROOT}"/{,usr/,usr/local/} ) - else - prefix_lst=( "${EROOT}"/{usr/,usr/local/} ) - fi - for prefix in "${prefix_lst[@]}"; do - if [ "${SYMLINK_LIB}" = yes ] ; then - # we need to make sure "lib" points to the native libdir - if [ -h "${prefix}lib" ] ; then - # it's already a symlink! assume it's pointing to right place ... - continue - elif [ -d "${prefix}lib" ] ; then - # "lib" is a dir, so need to convert to a symlink - ewarn "Converting ${prefix}lib from a dir to a symlink" - rm -f "${prefix}lib"/.keep || die - if rmdir "${prefix}lib" 2>/dev/null ; then - ln -s ${def_libdir} "${prefix}lib" || die - else - die "non-empty dir found where we needed a symlink: ${prefix}lib" - fi - else - # nothing exists, so just set it up sanely - ewarn "Initializing ${prefix}lib as a symlink" - mkdir -p "${prefix}" || die - rm -f "${prefix}lib" || die - ln -s ${def_libdir} "${prefix}lib" || die - mkdir -p "${prefix}${def_libdir}" || die #423571 - fi - else - # we need to make sure "lib" is a dir - if [ -h "${prefix}lib" ] ; then - # "lib" is a symlink, so need to convert to a dir - ewarn "Converting ${prefix}lib from a symlink to a dir" - rm -f "${prefix}lib" || die - if [ -d "${prefix}lib32" ] ; then - ewarn "Migrating ${prefix}lib32 to ${prefix}lib" - mv "${prefix}lib32" "${prefix}lib" || die - else - mkdir -p "${prefix}lib" || die - fi - elif [ -d "${prefix}lib" ] && ! has lib32 ${libdirs} ; then - # make sure the old "lib" ABI location does not exist; we - # only symlinked the lib dir on systems where we moved it - # to "lib32" ... - case ${CHOST} in - i?86*|x86_64*|powerpc*|sparc*|s390*) - if [[ -d ${prefix}lib32 && ! -h ${prefix}lib32 ]] ; then - rm -f "${prefix}lib32"/.keep || die - if ! rmdir "${prefix}lib32" 2>/dev/null ; then - ewarn "You need to merge ${prefix}lib32 into ${prefix}lib" - die "non-empty dir found where there should be none: ${prefix}lib32" - fi - fi - ;; - esac - else - # nothing exists, so just set it up sanely - ewarn "Initializing ${prefix}lib as a dir" - mkdir -p "${prefix}lib" || die - fi - fi - done - if ! use split-usr ; then - for libdir in ${libdirs}; do - if [[ ! -e "${EROOT}${libdir}" ]]; then - ln -s usr/"${libdir}" "${EROOT}${libdir}" || - die "Unable to make ${EROOT}${libdir} symlink" - fi - done - fi -} - -pkg_preinst() { - # We need to install directories and maybe some dev nodes when building - # stages, but they cannot be in CONTENTS. - # Also, we cannot reference $S as binpkg will break so we do this. - multilib_layout - if use build ; then - if use split-usr ; then - emake -C "${ED}/usr/share/${PN}" DESTDIR="${EROOT}" layout - else - emake -C "${ED}/usr/share/${PN}" DESTDIR="${EROOT}" layout-usrmerge - fi - fi - rm -f "${ED}"/usr/share/${PN}/Makefile || die - - # Create symlinks in pkg_preinst to avoid Portage collision check. - # Create the symlinks in ${ED} via dosym so that we own it. - # Only create the symlinks if it wont cause a conflict in ${EROOT}. - if [[ -L ${EROOT}/var/lock || ! -e ${EROOT}/var/lock ]]; then - dosym ../run/lock /var/lock - fi - if [[ -L ${EROOT}/var/run || ! -e ${EROOT}/var/run ]]; then - dosym ../run /var/run - fi -} - -src_prepare() { - default - eapply "${FILESDIR}"/"${P}"-redcore.patch - - # don't want symlinked directories in PATH on systems with usr-merge - if ! use split-usr && ! use prefix-guest; then - sed \ - -e 's|:/usr/sbin:|:|g' \ - -e 's|:/sbin:|:|g' \ - -e 's|:/bin:|:|g' \ - -i etc/env.d/50baselayout || die - fi - - if use prefix; then - hprefixify -e "/EUID/s,0,${EUID}," -q '"' etc/profile - hprefixify etc/shells share/passwd - hprefixify -w '/PATH=/' etc/env.d/50baselayout - hprefixify -w 1 etc/env.d/50baselayout - echo PATH=/usr/sbin:/sbin:/usr/bin:/bin >> etc/env.d/99host - - # change branding - sed -i \ - -e '/gentoo-release/s/Gentoo Base/Gentoo Prefix Base/' \ - -e '/make_os_release/s/${OS}/Prefix/' \ - Makefile || die - fi - - # handle multilib paths. do it here because we want this behavior - # regardless of the C library that you're using. we do explicitly - # list paths which the native ldconfig searches, but this isn't - # problematic as it doesn't change the resulting ld.so.cache or - # take longer to generate. similarly, listing both the native - # path and the symlinked path doesn't change the resulting cache. - local libdir ldpaths - for libdir in $(get_all_libdirs) ; do - if use split-usr || use prefix-guest; then - ldpaths+=":${EPREFIX}/${libdir}" - fi - ldpaths+=":${EPREFIX}/usr/${libdir}" - ldpaths+=":${EPREFIX}/usr/local/${libdir}" - done - echo "LDPATH='${ldpaths#:}'" >> etc/env.d/50baselayout - - # rc-scripts version for testing of features that *should* be present - echo "Redcore Linux Hardened - rolling_boulder_uphill" > etc/redcore-release -} - -src_install() { - emake \ - DESTDIR="${ED}" \ - install - - if [[ ${CHOST} == *-darwin* ]] ; then - # add SDK path which contains development manpages - echo "MANPATH=${EPREFIX}/MacOSX.sdk/usr/share/man" \ - > "${ED}"/etc/env.d/98macos-sdk - fi - - # need the makefile in pkg_preinst - insinto /usr/share/${PN} - doins Makefile - - dodoc ChangeLog - - # bug 858596 - if use prefix-guest ; then - dodir sbin - cat > "${ED}"/sbin/runscript <<- EOF - #!/usr/bin/env sh - source "${EPREFIX}/lib/gentoo/functions.sh" - - eerror "runscript/openrc-run not supported by Gentoo Prefix Base System release ${PV}" 1>&2 - exit 1 - EOF - chmod 755 "${ED}"/sbin/runscript || die - cp "${ED}"/sbin/{runscript,openrc-run} || die - fi - - ############### Redcore Linux ############### - # - # issue.logo - rm "${ED}"/etc/issue.logo - # - # NetworkManager - dodir /etc/NetworkManager - insinto /etc/NetworkManager - newins "${FILESDIR}"/nmcfg NetworkManager.conf - # - # dracut - dodir /etc/dracut.conf.d - insinto /etc/dracut.conf.d - newins "${FILESDIR}"/dracutcfg dracut-redcore.conf - # - # grub - dodir /etc/default - insinto /etc/default - newins "${FILESDIR}"/grubcfg grub - # - # samba - dodir /etc/samba - insinto /etc/samba - newins "${FILESDIR}"/smbcfg smb.conf - keepdir var/lib/samba/usershare - # cryptsetup - dodir /etc/conf.d - insinto /etc/conf.d - newins ${FILESDIR}/dmcryptcfg dmcrypt - # - # esync - dodir /etc/security/limits.d - insinto /etc/security/limits.d - newins ${FILESDIR}/esynccfg 50-esync.conf - # - # IOsched - dodir /lib/udev/rules.d/ - insinto /lib/udev/rules.d - newins ${FILESDIR}/ioschedcfg 60-iosched.rules - # - # Xorg - dodir /usr/share/X11/xorg.conf.d - insinto /usr/share/X11/xorg.conf.d - newins ${FILESDIR}/xorgcfg 80-synaptics-overrides.conf - ############################################## -} - -pkg_postinst() { - local x - - # We installed some files to /usr/share/baselayout instead of /etc to stop - # (1) overwriting the user's settings - # (2) screwing things up when attempting to merge files - # (3) accidentally packaging up personal files with quickpkg - # If they don't exist then we install them - for x in master.passwd passwd shadow group fstab ; do - [ -e "${EROOT}/etc/${x}" ] && continue - [ -e "${EROOT}/usr/share/baselayout/${x}" ] || continue - cp -p "${EROOT}/usr/share/baselayout/${x}" "${EROOT}"/etc || die - done - - # Force shadow permissions to not be world-readable #260993 - for x in shadow ; do - if [ -e "${EROOT}/etc/${x}" ] ; then - chmod o-rwx "${EROOT}/etc/${x}" || die - fi - done - # whine about users that lack passwords #193541 - if [[ -e "${EROOT}"/etc/shadow ]] ; then - local bad_users=$(sed -n '/^[^:]*::/s|^\([^:]*\)::.*|\1|p' "${EROOT}"/etc/shadow) - if [[ -n ${bad_users} ]] ; then - echo - ewarn "The following users lack passwords!" - ewarn ${bad_users} - fi - fi - - # whine about users with invalid shells #215698 - if [[ -e "${EROOT}"/etc/passwd ]] ; then - local bad_shells=$(awk -F: 'system("test -e ${ROOT}" $7) { print $1 " - " $7}' "${EROOT}"/etc/passwd | sort) - if [[ -n ${bad_shells} ]] ; then - echo - ewarn "The following users have non-existent shells!" - ewarn "${bad_shells}" - fi - fi - - # https://bugs.gentoo.org/361349 - if use kernel_linux; then - mkdir -p "${EROOT}"/run || die - - local found fstype mountpoint - while read -r _ mountpoint fstype _; do - [[ ${mountpoint} = /run ]] && [[ ${fstype} = tmpfs ]] && found=1 - done < "${ROOT}"/proc/mounts - [[ -z ${found} ]] && - ewarn "You should reboot now to get /run mounted with tmpfs!" - fi - - for x in ${REPLACING_VERSIONS}; do - if ver_test 2.4 -lt ${x}; then - ewarn "After updating ${EROOT}/etc/profile, please run" - ewarn "env-update && . /etc/profile" - fi - - if ver_test 2.6 -lt ${x}; then - ewarn "Please run env-update then log out and back in to" - ewarn "update your path." - fi - # clean up after 2.5 typos - # https://bugs.gentoo.org/show_bug.cgi?id=656380 - if [[ ${x} == 2.5 ]]; then - rm -fr "${EROOT}/{,usr" || die - fi - done - - if [[ -e "${EROOT}"/etc/env.d/00basic ]]; then - ewarn "${EROOT}/etc/env.d/00basic is now ${EROOT}/etc/env.d/50baselayout" - ewarn "Please migrate your changes." - fi - - - ############### Redcore Linux ############### - rm -rf "${EROOT}"etc/dracut.conf.d/._cfg????_dracut-redcore.conf - rm -rf "${EROOT}"etc/default/._cfg????_grub - rm -rf "${EROOT}"etc/samba/._cfg????_smb.conf - rm -rf "${EROOT}"etc/conf.d/._cfg???_dmcrypt - rm -rf "${EROOT}"etc/security/limits.d/._cfg???_50-esync.conf - rm -rf "${EROOT}"lib/udev/rules.d/._cfg???_60-iosched.rules - chown root:smbshare /var/lib/samba/usershare - chmod 1770 /var/lib/samba/usershare - udev_reload - ############################################ -} - -pkg_postrm() { - ############### Redcore Linux ############### - udev_reload - ############################################ -} diff --git a/sys-apps/baselayout/baselayout-2.13-r5.ebuild b/sys-apps/baselayout/baselayout-2.13-r5.ebuild new file mode 100644 index 00000000..cbfd0b2c --- /dev/null +++ b/sys-apps/baselayout/baselayout-2.13-r5.ebuild @@ -0,0 +1,442 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit multilib prefix udev + +DESCRIPTION="Filesystem baselayout and init scripts" +HOMEPAGE="https://wiki.gentoo.org/wiki/No_homepage" +if [[ ${PV} = 9999 ]]; then + EGIT_REPO_URI="https://anongit.gentoo.org/git/proj/${PN}.git" + inherit git-r3 +else + SRC_URI="https://gitweb.gentoo.org/proj/${PN}.git/snapshot/${P}.tar.bz2" + KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" +fi + +LICENSE="GPL-2" +SLOT="0" +IUSE="build +split-usr" + +DEPEND="acct-group/smbshare + sys-apps/fakeroot + !net-fs/sambacfg + !sys-boot/grubcfg + !sys-kernel/dracutcfg" +RDEPEND="${DEPEND} + !sys-apps/baselayout-prefix" + +pkg_setup() { + multilib_layout +} + +riscv_compat_symlink() { + # Here we apply some special sauce for riscv. + # Two multilib layouts exist for now: + # 1) one level libdirs, (32bit) "lib" and (64bit) "lib64" + # these are chosen by us to closely resemble other arches + # 2) two level libdirs, "lib64/lp64d" "lib64/lp64" "lib32/ilp32d" ... + # this is the glibc/gcc default + # Unfortunately, the default has only one fallback, which is "lib" + # for both 32bit and 64bit. So things do not break in 1), we need + # to provide compatibility symlinks... + + # This function has exactly two parameters: + # - the default libdir, to determine if 1) or 2) applies + # - the location of the symlink (which points to ".") + + # Note: we call this only in the ${SYMLINK_LIB} = no codepath, since + # there never was a ${SYMLINK_LIB} = yes riscv profile. + + case ${CHOST} in + riscv*) + # are we on a one level libdir profile? is there no symlink yet? + if [[ ${1} != */* && ! -L ${2} ]] ; then + ln -s . $2 || die "Unable to make $2 riscv compatibility symlink" + fi + ;; + esac +} + +# Create our multilib dirs - the Makefile has no knowledge of this +multilib_layout() { + local dir def_libdir libdir libdirs + local prefix prefix_lst + def_libdir=$(get_abi_LIBDIR $DEFAULT_ABI) + libdirs=$(get_all_libdirs) + + if [[ -z "${SYMLINK_LIB}" || ${SYMLINK_LIB} = no ]] ; then + prefix_lst=( "${EROOT}"/{,usr/,usr/local/} ) + for prefix in "${prefix_lst[@]}"; do + for libdir in ${libdirs}; do + dir="${prefix}${libdir}" + if [[ -e "${dir}" ]]; then + [[ ! -d "${dir}" ]] && + die "${dir} exists but is not a directory" + continue + fi + if ! use split-usr && [[ ${prefix} = ${EROOT}/ ]]; then + libdir="${libdir%%/*}" + dir="${prefix}${libdir}" + einfo "symlinking ${dir} to usr/${libdir}" + ln -s usr/${libdir} ${dir} || + die "Unable to make ${dir} symlink" + else + einfo "creating directory ${dir}" + mkdir -p "${dir}" || + die "Unable to create ${dir} directory" + fi + done + [[ -d "${prefix}${def_libdir}" ]] && riscv_compat_symlink "${def_libdir}" "${prefix}${def_libdir}/${DEFAULT_ABI}" + done + return 0 + fi + + [ -z "${def_libdir}" ] && + die "your DEFAULT_ABI=$DEFAULT_ABI appears to be invalid" + + # figure out which paths should be symlinks and which should be directories + local dirs syms exp d + for libdir in ${libdirs} ; do + if use split-usr ; then + exp=( {,usr/,usr/local/}${libdir} ) + else + exp=( {usr/,usr/local/}${libdir} ) + fi + for d in "${exp[@]}" ; do + # most things should be dirs + if [ "${SYMLINK_LIB}" = "yes" ] && [ "${libdir}" = "lib" ] ; then + [ ! -h "${d}" ] && [ -e "${d}" ] && dirs+=" ${d}" + else + [ -h "${d}" ] && syms+=" ${d}" + fi + done + done + if [ -n "${syms}${dirs}" ] ; then + ewarn "Your system profile has SYMLINK_LIB=${SYMLINK_LIB:-no}, so that means you need to" + ewarn "have these paths configured as follows:" + [ -n "${dirs}" ] && ewarn "symlinks to '${def_libdir}':${dirs}" + [ -n "${syms}" ] && ewarn "directories:${syms}" + ewarn "The ebuild will attempt to fix these, but only for trivial conversions." + ewarn "If things fail, you will need to manually create/move the directories." + echo + fi + + # setup symlinks and dirs where we expect them to be; do not migrate + # data ... just fall over in that case. + if use split-usr ; then + prefix_lst=( "${EROOT}"/{,usr/,usr/local/} ) + else + prefix_lst=( "${EROOT}"/{usr/,usr/local/} ) + fi + for prefix in "${prefix_lst[@]}"; do + if [ "${SYMLINK_LIB}" = yes ] ; then + # we need to make sure "lib" points to the native libdir + if [ -h "${prefix}lib" ] ; then + # it's already a symlink! assume it's pointing to right place ... + continue + elif [ -d "${prefix}lib" ] ; then + # "lib" is a dir, so need to convert to a symlink + ewarn "Converting ${prefix}lib from a dir to a symlink" + rm -f "${prefix}lib"/.keep || die + if rmdir "${prefix}lib" 2>/dev/null ; then + ln -s ${def_libdir} "${prefix}lib" || die + else + die "non-empty dir found where we needed a symlink: ${prefix}lib" + fi + else + # nothing exists, so just set it up sanely + ewarn "Initializing ${prefix}lib as a symlink" + mkdir -p "${prefix}" || die + rm -f "${prefix}lib" || die + ln -s ${def_libdir} "${prefix}lib" || die + mkdir -p "${prefix}${def_libdir}" || die #423571 + fi + else + # we need to make sure "lib" is a dir + if [ -h "${prefix}lib" ] ; then + # "lib" is a symlink, so need to convert to a dir + ewarn "Converting ${prefix}lib from a symlink to a dir" + rm -f "${prefix}lib" || die + if [ -d "${prefix}lib32" ] ; then + ewarn "Migrating ${prefix}lib32 to ${prefix}lib" + mv "${prefix}lib32" "${prefix}lib" || die + else + mkdir -p "${prefix}lib" || die + fi + elif [ -d "${prefix}lib" ] && ! has lib32 ${libdirs} ; then + # make sure the old "lib" ABI location does not exist; we + # only symlinked the lib dir on systems where we moved it + # to "lib32" ... + case ${CHOST} in + i?86*|x86_64*|powerpc*|sparc*|s390*) + if [[ -d ${prefix}lib32 && ! -h ${prefix}lib32 ]] ; then + rm -f "${prefix}lib32"/.keep || die + if ! rmdir "${prefix}lib32" 2>/dev/null ; then + ewarn "You need to merge ${prefix}lib32 into ${prefix}lib" + die "non-empty dir found where there should be none: ${prefix}lib32" + fi + fi + ;; + esac + else + # nothing exists, so just set it up sanely + ewarn "Initializing ${prefix}lib as a dir" + mkdir -p "${prefix}lib" || die + fi + fi + done + if ! use split-usr ; then + for libdir in ${libdirs}; do + if [[ ! -e "${EROOT}${libdir}" ]]; then + ln -s usr/"${libdir}" "${EROOT}${libdir}" || + die "Unable to make ${EROOT}${libdir} symlink" + fi + done + fi +} + +pkg_preinst() { + # We need to install directories and maybe some dev nodes when building + # stages, but they cannot be in CONTENTS. + # Also, we cannot reference $S as binpkg will break so we do this. + multilib_layout + if use build ; then + if use split-usr ; then + emake -C "${ED}/usr/share/${PN}" DESTDIR="${EROOT}" layout + else + emake -C "${ED}/usr/share/${PN}" DESTDIR="${EROOT}" layout-usrmerge + fi + fi + rm -f "${ED}"/usr/share/${PN}/Makefile || die + + # Create symlinks in pkg_preinst to avoid Portage collision check. + # Create the symlinks in ${ED} via dosym so that we own it. + # Only create the symlinks if it wont cause a conflict in ${EROOT}. + if [[ -L ${EROOT}/var/lock || ! -e ${EROOT}/var/lock ]]; then + dosym ../run/lock /var/lock + fi + if [[ -L ${EROOT}/var/run || ! -e ${EROOT}/var/run ]]; then + dosym ../run /var/run + fi +} + +src_prepare() { + default + eapply "${FILESDIR}"/"${P}"-redcore.patch + + # don't want symlinked directories in PATH on systems with usr-merge + if ! use split-usr && ! use prefix-guest; then + sed \ + -e 's|:/usr/sbin:|:|g' \ + -e 's|:/sbin:|:|g' \ + -e 's|:/bin:|:|g' \ + -i etc/env.d/50baselayout || die + fi + + if use prefix; then + hprefixify -e "/EUID/s,0,${EUID}," -q '"' etc/profile + hprefixify etc/shells share/passwd + hprefixify -w '/PATH=/' etc/env.d/50baselayout + hprefixify -w 1 etc/env.d/50baselayout + echo PATH=/usr/sbin:/sbin:/usr/bin:/bin >> etc/env.d/99host + + # change branding + sed -i \ + -e '/gentoo-release/s/Gentoo Base/Gentoo Prefix Base/' \ + -e '/make_os_release/s/${OS}/Prefix/' \ + Makefile || die + fi + + # handle multilib paths. do it here because we want this behavior + # regardless of the C library that you're using. we do explicitly + # list paths which the native ldconfig searches, but this isn't + # problematic as it doesn't change the resulting ld.so.cache or + # take longer to generate. similarly, listing both the native + # path and the symlinked path doesn't change the resulting cache. + local libdir ldpaths + for libdir in $(get_all_libdirs) ; do + if use split-usr || use prefix-guest; then + ldpaths+=":${EPREFIX}/${libdir}" + fi + ldpaths+=":${EPREFIX}/usr/${libdir}" + ldpaths+=":${EPREFIX}/usr/local/${libdir}" + done + echo "LDPATH='${ldpaths#:}'" >> etc/env.d/50baselayout + + # rc-scripts version for testing of features that *should* be present + echo "Redcore Linux Hardened - rolling_boulder_uphill" > etc/redcore-release +} + +src_install() { + emake \ + DESTDIR="${ED}" \ + install + + if [[ ${CHOST} == *-darwin* ]] ; then + # add SDK path which contains development manpages + echo "MANPATH=${EPREFIX}/MacOSX.sdk/usr/share/man" \ + > "${ED}"/etc/env.d/98macos-sdk + fi + + # need the makefile in pkg_preinst + insinto /usr/share/${PN} + doins Makefile + + dodoc ChangeLog + + # bug 858596 + if use prefix-guest ; then + dodir sbin + cat > "${ED}"/sbin/runscript <<- EOF + #!/usr/bin/env sh + source "${EPREFIX}/lib/gentoo/functions.sh" + + eerror "runscript/openrc-run not supported by Gentoo Prefix Base System release ${PV}" 1>&2 + exit 1 + EOF + chmod 755 "${ED}"/sbin/runscript || die + cp "${ED}"/sbin/{runscript,openrc-run} || die + fi + + ############### Redcore Linux ############### + # + # issue.logo + rm "${ED}"/etc/issue.logo + # + # NetworkManager + dodir /etc/NetworkManager + insinto /etc/NetworkManager + newins "${FILESDIR}"/nmcfg NetworkManager.conf + # + # dracut + dodir /etc/dracut.conf.d + insinto /etc/dracut.conf.d + newins "${FILESDIR}"/dracutcfg dracut-redcore.conf + # + # grub + dodir /etc/default + insinto /etc/default + newins "${FILESDIR}"/grubcfg grub + # + # samba + dodir /etc/samba + insinto /etc/samba + newins "${FILESDIR}"/smbcfg smb.conf + keepdir var/lib/samba/usershare + # cryptsetup + dodir /etc/conf.d + insinto /etc/conf.d + newins ${FILESDIR}/dmcryptcfg dmcrypt + # + # esync + dodir /etc/security/limits.d + insinto /etc/security/limits.d + newins ${FILESDIR}/esynccfg 50-esync.conf + # + # IOsched + dodir /lib/udev/rules.d/ + insinto /lib/udev/rules.d + newins ${FILESDIR}/ioschedcfg 60-iosched.rules + # + # Xorg + dodir /usr/share/X11/xorg.conf.d + insinto /usr/share/X11/xorg.conf.d + newins ${FILESDIR}/xorgcfg 80-synaptics-overrides.conf + ############################################## +} + +pkg_postinst() { + local x + + # We installed some files to /usr/share/baselayout instead of /etc to stop + # (1) overwriting the user's settings + # (2) screwing things up when attempting to merge files + # (3) accidentally packaging up personal files with quickpkg + # If they don't exist then we install them + for x in master.passwd passwd shadow group fstab ; do + [ -e "${EROOT}/etc/${x}" ] && continue + [ -e "${EROOT}/usr/share/baselayout/${x}" ] || continue + cp -p "${EROOT}/usr/share/baselayout/${x}" "${EROOT}"/etc || die + done + + # Force shadow permissions to not be world-readable #260993 + for x in shadow ; do + if [ -e "${EROOT}/etc/${x}" ] ; then + chmod o-rwx "${EROOT}/etc/${x}" || die + fi + done + # whine about users that lack passwords #193541 + if [[ -e "${EROOT}"/etc/shadow ]] ; then + local bad_users=$(sed -n '/^[^:]*::/s|^\([^:]*\)::.*|\1|p' "${EROOT}"/etc/shadow) + if [[ -n ${bad_users} ]] ; then + echo + ewarn "The following users lack passwords!" + ewarn ${bad_users} + fi + fi + + # whine about users with invalid shells #215698 + if [[ -e "${EROOT}"/etc/passwd ]] ; then + local bad_shells=$(awk -F: 'system("test -e ${ROOT}" $7) { print $1 " - " $7}' "${EROOT}"/etc/passwd | sort) + if [[ -n ${bad_shells} ]] ; then + echo + ewarn "The following users have non-existent shells!" + ewarn "${bad_shells}" + fi + fi + + # https://bugs.gentoo.org/361349 + if use kernel_linux; then + mkdir -p "${EROOT}"/run || die + + local found fstype mountpoint + while read -r _ mountpoint fstype _; do + [[ ${mountpoint} = /run ]] && [[ ${fstype} = tmpfs ]] && found=1 + done < "${ROOT}"/proc/mounts + [[ -z ${found} ]] && + ewarn "You should reboot now to get /run mounted with tmpfs!" + fi + + for x in ${REPLACING_VERSIONS}; do + if ver_test 2.4 -lt ${x}; then + ewarn "After updating ${EROOT}/etc/profile, please run" + ewarn "env-update && . /etc/profile" + fi + + if ver_test 2.6 -lt ${x}; then + ewarn "Please run env-update then log out and back in to" + ewarn "update your path." + fi + # clean up after 2.5 typos + # https://bugs.gentoo.org/show_bug.cgi?id=656380 + if [[ ${x} == 2.5 ]]; then + rm -fr "${EROOT}/{,usr" || die + fi + done + + if [[ -e "${EROOT}"/etc/env.d/00basic ]]; then + ewarn "${EROOT}/etc/env.d/00basic is now ${EROOT}/etc/env.d/50baselayout" + ewarn "Please migrate your changes." + fi + + + ############### Redcore Linux ############### + rm -rf "${EROOT}"etc/dracut.conf.d/._cfg????_dracut-redcore.conf + rm -rf "${EROOT}"etc/default/._cfg????_grub + rm -rf "${EROOT}"etc/samba/._cfg????_smb.conf + rm -rf "${EROOT}"etc/conf.d/._cfg???_dmcrypt + rm -rf "${EROOT}"etc/security/limits.d/._cfg???_50-esync.conf + rm -rf "${EROOT}"lib/udev/rules.d/._cfg???_60-iosched.rules + chown root:smbshare /var/lib/samba/usershare + chmod 1770 /var/lib/samba/usershare + udev_reload + ############################################ +} + +pkg_postrm() { + ############### Redcore Linux ############### + udev_reload + ############################################ +} diff --git a/sys-apps/baselayout/files/dmcryptcfg b/sys-apps/baselayout/files/dmcryptcfg index 642ff087..8250e826 100644 --- a/sys-apps/baselayout/files/dmcryptcfg +++ b/sys-apps/baselayout/files/dmcryptcfg @@ -44,6 +44,7 @@ dmcrypt_retries=5 # for blkid (see -t option). This is safer than using # the full path to the device. # key='[:]' == Fullpath from / or from inside removable media. +# header='' == Full path to detached LUKS header file. # remdev='' == Device that will be assigned to removable media. # gpg_options='' == Default are --quiet --decrypt # options='' == cryptsetup, for LUKS you can only use --readonly @@ -52,6 +53,8 @@ dmcrypt_retries=5 # be looked up automatically. # pre_mount='cmds' == commands to execute before mounting partition. # post_mount='cmds' == commands to execute after mounting partition. +# wait=5 == wait given amount of seconds for source or +# detached header file appear. #----------- # Supported Modes # gpg == decrypt and pipe key into cryptsetup. @@ -79,6 +82,12 @@ dmcrypt_retries=5 #source='/dev/hda5' #key='/full/path/to/homekey' +## /home with regular keyfile and detached header +#target=crypt-home +#source='/dev/hda5' +#key='/full/path/to/homekey' +#header='/full/path/to/header/file' + ## /home with gpg protected key #target=crypt-home #source='/dev/hda5' diff --git a/sys-fs/cryptsetup/Manifest b/sys-fs/cryptsetup/Manifest index 96ff3e3a..12d3d773 100644 --- a/sys-fs/cryptsetup/Manifest +++ b/sys-fs/cryptsetup/Manifest @@ -1 +1 @@ -DIST cryptsetup-2.3.4.tar.xz 11114004 BLAKE2B 680e6eeb594737aeb8330b0ac8638e94941bdcc56fc3441b6f1bc4f3d209d768096e23a7f840dc1012f9e63fae0fdbc0e72d735d89e92a621cec88ea59560f19 SHA512 db0bfd795343e575acb7a80ea2b9d32acf08ac970037e5b158a1e4381976552dc292107ce79e55913f49fcf643d4ea7104ed73de7c1e8d424b83d471d20ab60d +DIST cryptsetup-2.6.1.tar.xz 11402380 BLAKE2B efd7a64d89d863876de68ff3e89d8c94ad5eca6a8d2236c52c234fbe51e9d9ee303a0c7fe7dac7df10e0062003b9c0aeddc8dc342582106c157ab2d1e742155e SHA512 0cbddbf33cbac2b834ed7e2dd47a9fc787131031a1c729f373f5c974600a838097e9cc0555f13719fc79c384a2a34b404f94ba4cc2f35f0bb1d70aef2233fd18 diff --git a/sys-fs/cryptsetup/cryptsetup-2.3.4-r10.ebuild b/sys-fs/cryptsetup/cryptsetup-2.3.4-r10.ebuild deleted file mode 100644 index 70488f8e..00000000 --- a/sys-fs/cryptsetup/cryptsetup-2.3.4-r10.ebuild +++ /dev/null @@ -1,138 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools linux-info libtool - -DESCRIPTION="Tool to setup encrypted devices with dm-crypt" -HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md" -SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz" - -LICENSE="GPL-2+" -SLOT="0/12" # libcryptsetup.so version -[[ ${PV} != *_rc* ]] && \ -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" -CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" -# we don't support nss since it doesn't allow cryptsetup to be built statically -# and it's missing ripemd160 support so it can't provide full backward compatibility -IUSE="${CRYPTO_BACKENDS} +argon2 libressl nls pwquality reencrypt static static-libs +udev urandom" -REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} ) - libressl? ( openssl ) - static? ( !gcrypt )" #496612 - -LIB_DEPEND=" - dev-libs/json-c:=[static-libs(+)] - dev-libs/libgpg-error[static-libs(+)] - dev-libs/popt[static-libs(+)] - >=sys-apps/util-linux-2.31-r1[static-libs(+)] - argon2? ( app-crypt/argon2:=[static-libs(+)] ) - gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] ) - nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) - openssl? ( - !libressl? ( dev-libs/openssl:0=[static-libs(+)] ) - libressl? ( dev-libs/libressl:0=[static-libs(+)] ) - ) - pwquality? ( dev-libs/libpwquality[static-libs(+)] ) - sys-fs/lvm2[static-libs(+)] - udev? ( virtual/libudev[static-libs(-)] )" -# We have to always depend on ${LIB_DEPEND} rather than put behind -# !static? () because we provide a shared library which links against -# these other packages. #414665 -RDEPEND="static-libs? ( ${LIB_DEPEND} ) - ${LIB_DEPEND//\[static-libs\([+-]\)\]}" -DEPEND="${RDEPEND} - static? ( ${LIB_DEPEND} )" -BDEPEND=" - virtual/pkgconfig -" - -S="${WORKDIR}/${P/_/-}" - -PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch ) - -pkg_setup() { - local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256" - local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n" - local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n" - local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n" - local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n" - check_extra_config -} - -src_prepare() { - sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die - default - eautoreconf -} - -src_configure() { - if use kernel ; then - ewarn "Note that kernel backend is very slow for this type of operation" - ewarn "and is provided mainly for embedded systems wanting to avoid" - ewarn "userspace crypto libraries." - fi - - local myeconfargs=( - --disable-internal-argon2 - --enable-shared - --sbindir=/sbin - # for later use - --with-default-luks-format=LUKS1 - --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d" - --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done) - $(use_enable argon2 libargon2) - $(use_enable nls) - $(use_enable pwquality) - $(use_enable reencrypt cryptsetup-reencrypt) - $(use_enable static static-cryptsetup) - $(use_enable static-libs static) - $(use_enable udev) - $(use_enable !urandom dev-random) - ) - econf "${myeconfargs[@]}" -} - -src_test() { - if [[ ! -e /dev/mapper/control ]] ; then - ewarn "No /dev/mapper/control found -- skipping tests" - return 0 - fi - - local p - for p in /dev/mapper /dev/loop* ; do - addwrite ${p} - done - - default -} - -src_install() { - default - - if use static ; then - mv "${ED}"/sbin/cryptsetup{.static,} || die - mv "${ED}"/sbin/veritysetup{.static,} || die - if use reencrypt ; then - mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die - fi - fi - find "${ED}" -type f -name "*.la" -delete || die - - dodoc docs/v*ReleaseNotes - - newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt.stub - newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt -} - -pkg_preinst() { - if [[ -f ""${ROOT}"etc/conf.d/dmcrypt" ]]; then - mv ""${ROOT}"etc/conf.d/dmcrypt" ""${ROOT}"etc/conf.d/dmcrypt.bak" - fi -} - -pkg_postinst() { - if [[ -f ""${ROOT}"etc/conf.d/dmcrypt.bak" ]]; then - mv ""${ROOT}"etc/conf.d/dmcrypt.bak" ""${ROOT}"etc/conf.d/dmcrypt" - fi -} diff --git a/sys-fs/cryptsetup/cryptsetup-2.6.1-r5.ebuild b/sys-fs/cryptsetup/cryptsetup-2.6.1-r5.ebuild new file mode 100644 index 00000000..0b2fdcb1 --- /dev/null +++ b/sys-fs/cryptsetup/cryptsetup-2.6.1-r5.ebuild @@ -0,0 +1,147 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit linux-info tmpfiles + +DESCRIPTION="Tool to setup encrypted devices with dm-crypt" +HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup" +SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz" +S="${WORKDIR}"/${P/_/-} + +LICENSE="GPL-2+" +SLOT="0/12" # libcryptsetup.so version +if [[ ${PV} != *_rc* ]] ; then + KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv ~s390 sparc x86" +fi + +CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" +# we don't support nss since it doesn't allow cryptsetup to be built statically +# and it's missing ripemd160 support so it can't provide full backward compatibility +IUSE="${CRYPTO_BACKENDS} +argon2 fips nls pwquality ssh static static-libs test +udev urandom" +RESTRICT="!test? ( test )" +# bug #496612, bug #832711, bug #843863 +REQUIRED_USE=" + ^^ ( ${CRYPTO_BACKENDS//+/} ) + static? ( !gcrypt !ssh !udev !fips ) + fips? ( !kernel !nettle ) +" + +LIB_DEPEND=" + dev-libs/json-c:=[static-libs(+)] + dev-libs/popt[static-libs(+)] + >=sys-apps/util-linux-2.31-r1[static-libs(+)] + argon2? ( app-crypt/argon2:=[static-libs(+)] ) + gcrypt? ( + dev-libs/libgcrypt:0=[static-libs(+)] + dev-libs/libgpg-error[static-libs(+)] + ) + nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) + openssl? ( dev-libs/openssl:0=[static-libs(+)] ) + pwquality? ( dev-libs/libpwquality[static-libs(+)] ) + ssh? ( net-libs/libssh[static-libs(+)] ) + sys-fs/lvm2[static-libs(+)] +" +# We have to always depend on ${LIB_DEPEND} rather than put behind +# !static? () because we provide a shared library which links against +# these other packages. bug #414665 +RDEPEND=" + static-libs? ( ${LIB_DEPEND} ) + ${LIB_DEPEND//\[static-libs\([+-]\)\]} + udev? ( virtual/libudev:= ) +" +DEPEND=" + ${RDEPEND} + static? ( ${LIB_DEPEND} ) +" +# vim-core needed for xxd in tests +BDEPEND=" + virtual/pkgconfig + test? ( app-editors/vim-core ) +" + +pkg_setup() { + local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256" + local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n" + local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n" + local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n" + local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n" + check_extra_config +} + +src_prepare() { + default + + sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die +} + +src_configure() { + local myeconfargs=( + --disable-internal-argon2 + --disable-asciidoc + --enable-shared + --sbindir="${EPREFIX}"/sbin + # for later use + --with-default-luks-format=LUKS1 + --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d" + --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done) + $(use_enable argon2 libargon2) + $(use_enable nls) + $(use_enable pwquality) + $(use_enable !static external-tokens) + $(use_enable static static-cryptsetup) + $(use_enable static-libs static) + $(use_enable udev) + $(use_enable !urandom dev-random) + $(use_enable ssh ssh-token) + $(usev !argon2 '--with-luks2-pbkdf=pbkdf2') + $(use_enable fips) + ) + + econf "${myeconfargs[@]}" +} + +src_test() { + if [[ ! -e /dev/mapper/control ]] ; then + ewarn "No /dev/mapper/control found -- skipping tests" + return 0 + fi + + local p + for p in /dev/mapper /dev/loop* ; do + addwrite ${p} + done + + default +} + +src_install() { + default + + if use static ; then + mv "${ED}"/sbin/cryptsetup{.static,} || die + mv "${ED}"/sbin/veritysetup{.static,} || die + mv "${ED}"/sbin/integritysetup{.static,} || die + + if use ssh ; then + mv "${ED}"/sbin/cryptsetup-ssh{.static,} || die + fi + fi + + find "${ED}" -type f -name "*.la" -delete || die + + dodoc docs/v*ReleaseNotes + + newinitd "${FILESDIR}"/2.4.3-dmcrypt.rc dmcrypt +} + +pkg_postinst() { + tmpfiles_process cryptsetup.conf + + if use kernel ; then + ewarn "Note that kernel backend is very slow for this type of operation" + ewarn "and is provided mainly for embedded systems wanting to avoid" + ewarn "userspace crypto libraries." + fi +} diff --git a/sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd b/sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd deleted file mode 100644 index 642ff087..00000000 --- a/sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd +++ /dev/null @@ -1,111 +0,0 @@ -# /etc/conf.d/dmcrypt - -# For people who run dmcrypt on top of some other layer (like raid), -# use rc_need to specify that requirement. See the runscript(8) man -# page for more information. - -#-------------------- -# Instructions -#-------------------- - -# Note regarding the syntax of this file. This file is *almost* bash, -# but each line is evaluated separately. Separate swaps/targets can be -# specified. The init-script which reads this file assumes that a -# swap= or target= line starts a new section, similar to lilo or grub -# configuration. - -# Note when using gpg keys and /usr on a separate partition, you will -# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly -# and ensure that gpg has been compiled statically. -# See http://bugs.gentoo.org/90482 for more information. - -# Note that the init-script which reads this file detects whether your -# partition is LUKS or not. No mkfs is run unless you specify a makefs -# option. - -# Global options: -#---------------- - -# How long to wait for each timeout (in seconds). -dmcrypt_key_timeout=1 - -# Max number of checks to perform (see dmcrypt_key_timeout). -#dmcrypt_max_timeout=300 - -# Number of password retries. -dmcrypt_retries=5 - -# Arguments: -#----------- -# target= == Mapping name for partition. -# swap= == Mapping name for swap partition. -# source='' == Real device for partition. -# Note: You can (and should) specify a tag like UUID -# for blkid (see -t option). This is safer than using -# the full path to the device. -# key='[:]' == Fullpath from / or from inside removable media. -# remdev='' == Device that will be assigned to removable media. -# gpg_options='' == Default are --quiet --decrypt -# options='' == cryptsetup, for LUKS you can only use --readonly -# loop_file='' == Loopback file. -# Note: If you omit $source, then a free loopback will -# be looked up automatically. -# pre_mount='cmds' == commands to execute before mounting partition. -# post_mount='cmds' == commands to execute after mounting partition. -#----------- -# Supported Modes -# gpg == decrypt and pipe key into cryptsetup. -# Note: new-line character must not be part of key. -# Command to erase \n char: 'cat key | tr -d '\n' > cleanKey' - -#-------------------- -# dm-crypt examples -#-------------------- - -## swap -# Swap partitions. These should come first so that no keys make their -# way into unencrypted swap. -# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom -# If no makefs is given then mkswap will be assumed -#swap=crypt-swap -#source='/dev/hda2' - -## /home with passphrase -#target=crypt-home -#source='/dev/hda5' - -## /home with regular keyfile -#target=crypt-home -#source='/dev/hda5' -#key='/full/path/to/homekey' - -## /home with gpg protected key -#target=crypt-home -#source='/dev/hda5' -#key='/full/path/to/homekey:gpg' - -## /home with regular keyfile on removable media(such as usb-stick) -#target=crypt-home -#source='/dev/hda5' -#key='/full/path/to/homekey' -#remdev='/dev/sda1' - -## /home with gpg protected key on removable media(such as usb-stick) -#target=crypt-home -#source='/dev/hda5' -#key='/full/path/to/homekey:gpg' -#remdev='/dev/sda1' - -## /tmp with regular keyfile -#target=crypt-tmp -#source='/dev/hda6' -#key='/full/path/to/tmpkey' -#pre_mount='/sbin/mkreiserfs -f -f ${dev}' -#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}' - -## Loopback file example -#target='crypt-loop-home' -#source='/dev/loop0' -#loop_file='/mnt/crypt/home' - -# The file must be terminated by a newline. Or leave this comment last. diff --git a/sys-fs/cryptsetup/files/1.6.7-dmcrypt.rc b/sys-fs/cryptsetup/files/1.6.7-dmcrypt.rc deleted file mode 100644 index cdd20ba9..00000000 --- a/sys-fs/cryptsetup/files/1.6.7-dmcrypt.rc +++ /dev/null @@ -1,339 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -depend() { - before checkfs fsck - - if grep -qs ^swap= "${conf_file}" ; then - before swap - fi -} - -# We support multiple dmcrypt instances based on $SVCNAME -conf_file="/etc/conf.d/${SVCNAME}" - -# Get splash helpers if available. -if [ -e /sbin/splash-functions.sh ] ; then - . /sbin/splash-functions.sh -fi - -# Setup mappings for an individual target/swap -# Note: This relies on variables localized in the main body below. -dm_crypt_execute() { - local dev ret mode foo - - if [ -z "${target}" -a -z "${swap}" ] ; then - return - fi - - # Set up default values. - : ${dmcrypt_key_timeout:=1} - : ${dmcrypt_max_timeout:=300} - : ${dmcrypt_retries:=5} - - # Handle automatic look up of the source path. - if [ -z "${source}" -a -n "${loop_file}" ] ; then - source=$(losetup --show -f "${loop_file}") - fi - case ${source} in - *=*) - source=$(blkid -l -t "${source}" -o device) - ;; - esac - if [ -z "${source}" ] || [ ! -e "${source}" ] ; then - ewarn "source \"${source}\" for ${target} missing, skipping..." - return - fi - - if [ -n "${target}" ] ; then - # let user set options, otherwise leave empty - : ${options:=' '} - elif [ -n "${swap}" ] ; then - if cryptsetup isLuks ${source} 2>/dev/null ; then - ewarn "The swap you have defined is a LUKS partition. Aborting crypt-swap setup." - return - fi - target=${swap} - # swap contents do not need to be preserved between boots, luks not required. - # suspend2 users should have initramfs's init handling their swap partition either way. - : ${options:='-c aes -h sha1 -d /dev/urandom'} - : ${pre_mount:='mkswap ${dev}'} - fi - - if [ -n "${loop_file}" ] ; then - dev="/dev/mapper/${target}" - ebegin " Setting up loop device ${source}" - losetup ${source} ${loop_file} - fi - - # cryptsetup: - # open # is $source - # create # is $target - local arg1="create" arg2="${target}" arg3="${source}" - if cryptsetup isLuks ${source} 2>/dev/null ; then - arg1="open" - arg2="${source}" - arg3="${target}" - fi - - # Older versions reported: - # ${target} is active: - # Newer versions report: - # ${target} is active[ and is in use.] - if cryptsetup status ${target} | egrep -q ' is active' ; then - einfo "dm-crypt mapping ${target} is already configured" - return - fi - splash svc_input_begin ${SVCNAME} >/dev/null 2>&1 - - # Handle keys - if [ -n "${key}" ] ; then - read_abort() { - # some colors - local ans savetty resettty - [ -z "${NORMAL}" ] && eval $(eval_ecolors) - einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) " - shift - # This is ugly as s**t. But POSIX doesn't provide `read -t`, so - # we end up having to implement our own crap with stty/etc... - savetty=$(stty -g) - resettty='stty ${savetty}; trap - EXIT HUP INT TERM' - trap 'eval "${resettty}"' EXIT HUP INT TERM - stty -icanon - stty min 0 time "$(( $2 * 10 ))" - ans=$(dd count=1 bs=1 2>/dev/null) || ans='' - eval "${resettty}" - if [ -z "${ans}" ] ; then - printf '\r' - else - echo - fi - case ${ans} in - [yY]) return 0;; - *) return 1;; - esac - } - - # Notes: sed not used to avoid case where /usr partition is encrypted. - mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg - key=${key%:*} - case "${mode}" in - gpg|reg) - # handle key on removable device - if [ -n "${remdev}" ] ; then - # temp directory to mount removable device - local mntrem="${RC_SVCDIR}/dm-crypt-remdev.$$" - if [ ! -d "${mntrem}" ] ; then - if ! mkdir -p "${mntrem}" ; then - ewarn "${source} will not be decrypted ..." - einfo "Reason: Unable to create temporary mount point '${mntrem}'" - return - fi - fi - i=0 - einfo "Please insert removable device for ${target}" - while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do - foo="" - if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then - # keyfile exists? - if [ ! -e "${mntrem}${key}" ] ; then - umount -n "${mntrem}" - rmdir "${mntrem}" - einfo "Cannot find ${key} on removable media." - read_abort "Abort" ${dmcrypt_key_timeout} && return - else - key="${mntrem}${key}" - break - fi - else - [ -e "${remdev}" ] \ - && foo="mount failed" \ - || foo="mount source not found" - fi - : $((i += 1)) - read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return - done - else # keyfile ! on removable device - if [ ! -e "${key}" ] ; then - ewarn "${source} will not be decrypted ..." - einfo "Reason: keyfile ${key} does not exist." - return - fi - fi - ;; - *) - ewarn "${source} will not be decrypted ..." - einfo "Reason: mode ${mode} is invalid." - return - ;; - esac - else - mode=none - fi - ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3}" - if [ "${mode}" = "gpg" ] ; then - : ${gpg_options:='-q -d'} - # gpg available ? - if command -v gpg >/dev/null ; then - i=0 - while [ ${i} -lt ${dmcrypt_retries} ] ; do - # paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. - # save stdin stdout stderr "values" - timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \ - cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3} - ret=$? - # The timeout command exits 124 when it times out. - [ ${ret} -eq 0 -o ${ret} -eq 124 ] && break - : $(( i += 1 )) - done - eend ${ret} "failure running cryptsetup" - else - ewarn "${source} will not be decrypted ..." - einfo "Reason: cannot find gpg application." - einfo "You have to install app-crypt/gnupg first." - einfo "If you have /usr on its own partition, try copying gpg to /bin ." - fi - else - if [ "${mode}" = "reg" ] ; then - cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} - ret=$? - eend ${ret} "failure running cryptsetup" - else - cryptsetup ${options} ${arg1} ${arg2} ${arg3} - ret=$? - eend ${ret} "failure running cryptsetup" - fi - fi - if [ -d "${mntrem}" ] ; then - umount -n ${mntrem} 2>/dev/null >/dev/null - rmdir ${mntrem} 2>/dev/null >/dev/null - fi - splash svc_input_end ${SVCNAME} >/dev/null 2>&1 - - if [ ${ret} -ne 0 ] ; then - cryptfs_status=1 - else - if [ -n "${pre_mount}" ] ; then - dev="/dev/mapper/${target}" - eval ebegin \"" pre_mount: ${pre_mount}"\" - eval "${pre_mount}" > /dev/null - ewend $? || cryptfs_status=1 - fi - fi -} - -# Lookup optional bootparams -get_bootparam_val() { - # We're given something like: - # foo=bar=cow - # Return the "bar=cow" part. - case $1 in - *=*) - echo "${1#*=}" - ;; - esac -} - -start() { - local header=true cryptfs_status=0 - local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev - - local x - for x in $(cat /proc/cmdline) ; do - case "${x}" in - key_timeout=*) - dmcrypt_key_timeout=$(get_bootparam_val "${x}") - ;; - esac - done - - while read targetline <&3 ; do - case ${targetline} in - # skip comments and blank lines - ""|"#"*) continue ;; - # skip service-specific openrc configs #377927 - rc_*) continue ;; - esac - - ${header} && ebegin "Setting up dm-crypt mappings" - header=false - - # check for the start of a new target/swap - case ${targetline} in - target=*|swap=*) - # If we have a target queued up, then execute it - dm_crypt_execute - - # Prepare for the next target/swap by resetting variables - unset gpg_options key loop_file target options pre_mount post_mount source swap remdev - ;; - - gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) - if [ -z "${target}${swap}" ] ; then - ewarn "Ignoring setting outside target/swap section: ${targetline}" - continue - fi - ;; - - dmcrypt_*=*) - # ignore global options - continue - ;; - - *) - ewarn "Skipping invalid line in ${conf_file}: ${targetline}" - ;; - esac - - # Queue this setting for the next call to dm_crypt_execute - eval "${targetline}" - done 3< ${conf_file} - - # If we have a target queued up, then execute it - dm_crypt_execute - - ewend ${cryptfs_status} "Failed to setup dm-crypt devices" -} - -stop() { - local line header - - # Break down all mappings - header=true - egrep "^(target|swap)=" ${conf_file} | \ - while read line ; do - ${header} && einfo "Removing dm-crypt mappings" - header=false - - target= swap= - eval ${line} - - [ -n "${swap}" ] && target=${swap} - if [ -z "${target}" ] ; then - ewarn "invalid line in ${conf_file}: ${line}" - continue - fi - - ebegin " ${target}" - cryptsetup remove ${target} - eend $? - done - - # Break down loop devices - header=true - grep '^source=./dev/loop' ${conf_file} | \ - while read line ; do - ${header} && einfo "Detaching dm-crypt loop devices" - header=false - - source= - eval ${line} - - ebegin " ${source}" - losetup -d "${source}" - eend $? - done - - return 0 -} diff --git a/sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc b/sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc new file mode 100644 index 00000000..ea9a5ca4 --- /dev/null +++ b/sys-fs/cryptsetup/files/2.4.3-dmcrypt.rc @@ -0,0 +1,368 @@ +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + use modules + before checkfs fsck + after dev-settle + + if grep -qs ^swap= "${conf_file}" ; then + before swap + fi +} + +# We support multiple dmcrypt instances based on $SVCNAME +conf_file="/etc/conf.d/${SVCNAME}" + +# Get splash helpers if available. +if [ -e /sbin/splash-functions.sh ] ; then + . /sbin/splash-functions.sh +fi + +# Setup mappings for an individual target/swap +# Note: This relies on variables localized in the main body below. +dm_crypt_execute() { + local dev ret mode foo source_dev + + if [ -z "${target}" -a -z "${swap}" ] ; then + return + fi + + # Set up default values. + : ${dmcrypt_key_timeout:=1} + : ${dmcrypt_max_timeout:=300} + : ${dmcrypt_retries:=5} + : ${wait:=5} + + # Handle automatic look up of the source path. + if [ -z "${source}" -a -n "${loop_file}" ] ; then + source=$(losetup --show -f "${loop_file}") + fi + case ${source} in + *=*) + i=0 + while [ ${i} -lt ${wait} ]; do + if source_dev="$(blkid -l -t "${source}" -o device)"; then + source="${source_dev}" + break + fi + : $((i += 1)) + einfo "waiting for source \"${source}\" for ${target}..." + sleep 1 + done + ;; + esac + if [ -z "${source}" ] || [ ! -e "${source}" ] ; then + ewarn "source \"${source}\" for ${target} missing, skipping..." + return + fi + + if [ -n "${header}" ] ; then + header_opt="--header=${header}" + + i=0 + while [ ! -e "${header}" ] && [ ${i} -lt ${wait} ] ; do + : $((i += 1)) + einfo "Waiting for header ${header} to appear for ${target} ${i}/${dmcrypt_max_timeout} ..." + sleep 1 + done + if [ ${i} -gt ${wait} ] || [ ${i} -eq ${wait} ] ; then + ewarn "Waited ${i} times for header file ${header}. Aborting ${target}." + return + fi + else + header_opt="" + fi + + if [ -n "${target}" ] ; then + # let user set options, otherwise leave empty + : ${options:=' '} + elif [ -n "${swap}" ] ; then + if cryptsetup ${header_opt} isLuks ${source} 2>/dev/null ; then + ewarn "The swap you have defined is a LUKS partition. Aborting crypt-swap setup." + return + fi + target=${swap} + # swap contents do not need to be preserved between boots, luks not required. + # suspend2 users should have initramfs's init handling their swap partition either way. + : ${options:='-c aes -h sha1 -d /dev/urandom'} + : ${pre_mount:='mkswap ${dev}'} + fi + + if [ -n "${loop_file}" ] ; then + dev="/dev/mapper/${target}" + ebegin " Setting up loop device ${source}" + losetup ${source} ${loop_file} + fi + + # cryptsetup: + # open # is $source + # create # is $target + local arg1="create" arg2="${target}" arg3="${source}" + if cryptsetup ${header_opt} isLuks ${source} 2>/dev/null ; then + arg1="open" + arg2="${source}" + arg3="${target}" + fi + + # Older versions reported: + # ${target} is active: + # Newer versions report: + # ${target} is active[ and is in use.] + if cryptsetup ${header_opt} status ${target} | grep -E -q ' is active' ; then + einfo "dm-crypt mapping ${target} is already configured" + return + fi + splash svc_input_begin ${SVCNAME} >/dev/null 2>&1 + + # Handle keys + if [ -n "${key}" ] ; then + read_abort() { + # some colors + local ans savetty resettty + [ -z "${NORMAL}" ] && eval $(eval_ecolors) + einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) " + shift + # This is ugly as s**t. But POSIX doesn't provide `read -t`, so + # we end up having to implement our own crap with stty/etc... + savetty=$(stty -g) + resettty='stty ${savetty}; trap - EXIT HUP INT TERM' + trap 'eval "${resettty}"' EXIT HUP INT TERM + stty -icanon + stty min 0 time "$(( $2 * 10 ))" + ans=$(dd count=1 bs=1 2>/dev/null) || ans='' + eval "${resettty}" + if [ -z "${ans}" ] ; then + printf '\r' + else + echo + fi + case ${ans} in + [yY]) return 0;; + *) return 1;; + esac + } + + # Notes: sed not used to avoid case where /usr partition is encrypted. + mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg + key=${key%:*} + case "${mode}" in + gpg|reg) + # handle key on removable device + if [ -n "${remdev}" ] ; then + # temp directory to mount removable device + local mntrem="${RC_SVCDIR}/dm-crypt-remdev.$$" + if [ ! -d "${mntrem}" ] ; then + if ! mkdir -p "${mntrem}" ; then + ewarn "${source} will not be decrypted ..." + einfo "Reason: Unable to create temporary mount point '${mntrem}'" + return + fi + fi + i=0 + einfo "Please insert removable device for ${target}" + while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do + foo="" + if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then + # keyfile exists? + if [ ! -e "${mntrem}${key}" ] ; then + umount -n "${mntrem}" + rmdir "${mntrem}" + einfo "Cannot find ${key} on removable media." + read_abort "Abort" ${dmcrypt_key_timeout} && return + else + key="${mntrem}${key}" + break + fi + else + [ -e "${remdev}" ] \ + && foo="mount failed" \ + || foo="mount source not found" + fi + : $((i += 1)) + read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return + done + else # keyfile ! on removable device + if [ ! -e "${key}" ] ; then + ewarn "${source} will not be decrypted ..." + einfo "Reason: keyfile ${key} does not exist." + return + fi + fi + ;; + *) + ewarn "${source} will not be decrypted ..." + einfo "Reason: mode ${mode} is invalid." + return + ;; + esac + else + mode=none + fi + ebegin " ${target} using: ${header_opt} ${options} ${arg1} ${arg2} ${arg3}" + if [ "${mode}" = "gpg" ] ; then + : ${gpg_options:='-q -d'} + # gpg available ? + if command -v gpg >/dev/null ; then + i=0 + while [ ${i} -lt ${dmcrypt_retries} ] ; do + # paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. + # save stdin stdout stderr "values" + timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \ + cryptsetup ${header_opt} --key-file - ${options} ${arg1} ${arg2} ${arg3} + ret=$? + # The timeout command exits 124 when it times out. + [ ${ret} -eq 0 -o ${ret} -eq 124 ] && break + : $(( i += 1 )) + done + eend ${ret} "failure running cryptsetup" + else + ewarn "${source} will not be decrypted ..." + einfo "Reason: cannot find gpg application." + einfo "You have to install app-crypt/gnupg first." + einfo "If you have /usr on its own partition, try copying gpg to /bin ." + fi + else + if [ "${mode}" = "reg" ] ; then + cryptsetup ${header_opt} ${options} -d ${key} ${arg1} ${arg2} ${arg3} + ret=$? + eend ${ret} "failure running cryptsetup" + else + cryptsetup ${header_opt} ${options} ${arg1} ${arg2} ${arg3} + ret=$? + eend ${ret} "failure running cryptsetup" + fi + fi + if [ -d "${mntrem}" ] ; then + umount -n ${mntrem} 2>/dev/null >/dev/null + rmdir ${mntrem} 2>/dev/null >/dev/null + fi + splash svc_input_end ${SVCNAME} >/dev/null 2>&1 + + if [ ${ret} -ne 0 ] ; then + cryptfs_status=1 + else + if [ -n "${pre_mount}" ] ; then + dev="/dev/mapper/${target}" + eval ebegin \"" pre_mount: ${pre_mount}"\" + eval "${pre_mount}" > /dev/null + ewend $? || cryptfs_status=1 + fi + fi +} + +# Lookup optional bootparams +get_bootparam_val() { + # We're given something like: + # foo=bar=cow + # Return the "bar=cow" part. + case $1 in + *=*) + echo "${1#*=}" + ;; + esac +} + +start() { + local print_header=true cryptfs_status=0 + local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev + + local x + for x in $(cat /proc/cmdline) ; do + case "${x}" in + key_timeout=*) + dmcrypt_key_timeout=$(get_bootparam_val "${x}") + ;; + esac + done + + while read targetline <&3 ; do + case ${targetline} in + # skip comments and blank lines + ""|"#"*) continue ;; + # skip service-specific openrc configs #377927 + rc_*) continue ;; + esac + + ${print_header} && ebegin "Setting up dm-crypt mappings" + print_header=false + + # check for the start of a new target/swap + case ${targetline} in + target=*|swap=*) + # If we have a target queued up, then execute it + dm_crypt_execute + + # Prepare for the next target/swap by resetting variables + unset gpg_options key loop_file target options pre_mount post_mount source swap remdev wait header header_opt + ;; + + gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|wait=*|source=*|header=*) + if [ -z "${target}${swap}" ] ; then + ewarn "Ignoring setting outside target/swap section: ${targetline}" + continue + fi + ;; + + dmcrypt_*=*) + # ignore global options + continue + ;; + + *) + ewarn "Skipping invalid line in ${conf_file}: ${targetline}" + ;; + esac + + # Queue this setting for the next call to dm_crypt_execute + eval "${targetline}" + done 3< ${conf_file} + + # If we have a target queued up, then execute it + dm_crypt_execute + + ewend ${cryptfs_status} "Failed to setup dm-crypt devices" +} + +stop() { + local line print_header + + # Break down all mappings + print_header=true + grep -E "^(target|swap)=" ${conf_file} | \ + while read line ; do + ${print_header} && einfo "Removing dm-crypt mappings" + print_header=false + + target= swap= + eval ${line} + + [ -n "${swap}" ] && target=${swap} + if [ -z "${target}" ] ; then + ewarn "invalid line in ${conf_file}: ${line}" + continue + fi + + ebegin " ${target}" + cryptsetup ${header_opt} remove ${target} + eend $? + done + + # Break down loop devices + print_header=true + grep '^source=./dev/loop' ${conf_file} | \ + while read line ; do + ${print_header} && einfo "Detaching dm-crypt loop devices" + print_header=false + + source= + eval ${line} + + ebegin " ${source}" + losetup -d "${source}" + eend $? + done + + return 0 +} diff --git a/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch b/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch deleted file mode 100644 index 39524ec3..00000000 --- a/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- a/src/Makemodule.am 2018-07-31 14:32:46.000000000 +0200 -+++ b/src/Makemodule.am 2018-08-12 17:13:26.000000000 +0200 -@@ -64,6 +64,7 @@ - $(veritysetup_LDADD) \ - @CRYPTO_STATIC_LIBS@ \ - @DEVMAPPER_STATIC_LIBS@ \ -+ @PWQUALITY_STATIC_LIBS@ \ - @UUID_LIBS@ - endif - endif -@@ -93,6 +94,7 @@ - $(integritysetup_LDADD) \ - @CRYPTO_STATIC_LIBS@ \ - @DEVMAPPER_STATIC_LIBS@ \ -+ @PWQUALITY_STATIC_LIBS@ \ - @UUID_LIBS@ - endif - endif -- cgit v1.2.3