1 |
commit: 46c5119fa073c4062f2950ae3b378821528bae5f |
2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Feb 7 20:09:41 2022 +0000 |
4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Feb 7 20:27:35 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=46c5119f |
7 |
|
8 |
sys-fs/cryptsetup: drop 2.3.6-r2, 2.3.7, 2.4.1-r1, 2.4.2-r1 |
9 |
|
10 |
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> |
11 |
|
12 |
sys-fs/cryptsetup/Manifest | 4 - |
13 |
sys-fs/cryptsetup/cryptsetup-2.3.6-r2.ebuild | 127 -------- |
14 |
sys-fs/cryptsetup/cryptsetup-2.3.7.ebuild | 127 -------- |
15 |
sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild | 141 --------- |
16 |
sys-fs/cryptsetup/cryptsetup-2.4.2-r1.ebuild | 133 -------- |
17 |
sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd | 111 ------- |
18 |
sys-fs/cryptsetup/files/1.6.7-dmcrypt.rc | 339 --------------------- |
19 |
...yptsetup-2.0.4-fix-static-pwquality-build.patch | 18 -- |
20 |
.../files/cryptsetup-2.4.1-external-tokens.patch | 34 --- |
21 |
...yptsetup-2.4.1-fix-static-pwquality-build.patch | 225 -------------- |
22 |
10 files changed, 1259 deletions(-) |
23 |
|
24 |
diff --git a/sys-fs/cryptsetup/Manifest b/sys-fs/cryptsetup/Manifest |
25 |
index 106cf0b15950..05710fd70925 100644 |
26 |
--- a/sys-fs/cryptsetup/Manifest |
27 |
+++ b/sys-fs/cryptsetup/Manifest |
28 |
@@ -1,5 +1 @@ |
29 |
-DIST cryptsetup-2.3.6.tar.xz 11154148 BLAKE2B 23a7d6fdeed2b8fb0492e800266a263b12dcf2b8c4304bda82e46d2de90b6c05a97a40f0f6f9c337b3dc428d51689d76953de5cc4daed210967cf0ea0ff503d2 SHA512 5b25cc806140d24181a0e4f0e7b0bd3caa8263aa502e8633b41c980f06ecba2e6acbf9c2d9cc4a785d38ce90d86dd8d22c52b28b9ca4a15824c2e8bdb3656665 |
30 |
-DIST cryptsetup-2.3.7.tar.xz 11203500 BLAKE2B 34f39e8f17c0fb44a186345d58e3ff1632fc4bd0e570bb1935181d2dfd43bc34c300f96eb70efbddb85168e6c16886b6675db2c86482b7ff7dba64c168b5920c SHA512 d209225c6f195f54c513904b71637bdadd47f3efc6227c61c15434a1467ddb76fe14123683a3d5e943ffa203ef33611f51b7c67bc1aed67d019a6aa552ea15ab |
31 |
-DIST cryptsetup-2.4.1.tar.xz 11171180 BLAKE2B 6b999a19df54276d295eb2f1729be2eefb5fb09cd29aae5f7c0b93c539b4b552f92327f2474e0f4793a3c7f8a264a4ef927178dabfc9ba56012bdf9949ef9ada SHA512 17fc73c180e41acbd4ebeddebaf54f8baeef09fce7f154aa9c55936a58bda7adcc7b1bb257336c22295d7b5af426fc8dfd0e4e644e4a52098bcb8a2adb562ca7 |
32 |
-DIST cryptsetup-2.4.2.tar.xz 11173984 BLAKE2B 33a26ac2f38750171c74cdd827317cd4bba193a6b60cc7250dc52a5117c0feb1d2fca6b52b5ae7926725d77dc6c1ab9d13e85a1c59606e80003294b90578781d SHA512 9464f180f24dffa4566450041fc88c372baa3334c62724487ccee230c16e87572439dc604766d94144cc1fc13802a4322b378185eca0cc848892821653566848 |
33 |
DIST cryptsetup-2.4.3.tar.xz 11242152 BLAKE2B f5859d794d626cb19426a2c9afc4655fac3a1bae462daa42b37b925882804d5146aadff8733799dea89dcfdc311e628e5b806754495824705709ba105f91682f SHA512 2d52498497be37a837126d9cdc9b6331236eccf857c3482fe3347eb88fccc3cd0fd3d8b4490569603e18cfaa462431ae194bce0328f3eafa8bfe3e02e135a26e |
34 |
|
35 |
diff --git a/sys-fs/cryptsetup/cryptsetup-2.3.6-r2.ebuild b/sys-fs/cryptsetup/cryptsetup-2.3.6-r2.ebuild |
36 |
deleted file mode 100644 |
37 |
index 205ef838d9bd..000000000000 |
38 |
--- a/sys-fs/cryptsetup/cryptsetup-2.3.6-r2.ebuild |
39 |
+++ /dev/null |
40 |
@@ -1,127 +0,0 @@ |
41 |
-# Copyright 1999-2021 Gentoo Authors |
42 |
-# Distributed under the terms of the GNU General Public License v2 |
43 |
- |
44 |
-EAPI=7 |
45 |
- |
46 |
-inherit autotools linux-info tmpfiles |
47 |
- |
48 |
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt" |
49 |
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md" |
50 |
-SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz" |
51 |
- |
52 |
-LICENSE="GPL-2+" |
53 |
-SLOT="0/12" # libcryptsetup.so version |
54 |
-[[ ${PV} != *_rc* ]] && \ |
55 |
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x86" |
56 |
-CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" |
57 |
-# we don't support nss since it doesn't allow cryptsetup to be built statically |
58 |
-# and it's missing ripemd160 support so it can't provide full backward compatibility |
59 |
-IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt static static-libs +udev urandom" |
60 |
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} ) |
61 |
- static? ( !gcrypt !udev )" #496612 |
62 |
- |
63 |
-LIB_DEPEND=" |
64 |
- dev-libs/json-c:=[static-libs(+)] |
65 |
- dev-libs/libgpg-error[static-libs(+)] |
66 |
- dev-libs/popt[static-libs(+)] |
67 |
- >=sys-apps/util-linux-2.31-r1[static-libs(+)] |
68 |
- argon2? ( app-crypt/argon2:=[static-libs(+)] ) |
69 |
- gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] ) |
70 |
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) |
71 |
- openssl? ( dev-libs/openssl:0=[static-libs(+)] ) |
72 |
- pwquality? ( dev-libs/libpwquality[static-libs(+)] ) |
73 |
- sys-fs/lvm2[static-libs(+)]" |
74 |
-# We have to always depend on ${LIB_DEPEND} rather than put behind |
75 |
-# !static? () because we provide a shared library which links against |
76 |
-# these other packages. #414665 |
77 |
-RDEPEND="static-libs? ( ${LIB_DEPEND} ) |
78 |
- ${LIB_DEPEND//\[static-libs\([+-]\)\]} |
79 |
- udev? ( virtual/libudev:= )" |
80 |
-DEPEND="${RDEPEND} |
81 |
- static? ( ${LIB_DEPEND} )" |
82 |
-BDEPEND=" |
83 |
- virtual/pkgconfig |
84 |
-" |
85 |
- |
86 |
-S="${WORKDIR}/${P/_/-}" |
87 |
- |
88 |
-PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch ) |
89 |
- |
90 |
-pkg_setup() { |
91 |
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256" |
92 |
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n" |
93 |
- local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n" |
94 |
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n" |
95 |
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n" |
96 |
- check_extra_config |
97 |
-} |
98 |
- |
99 |
-src_prepare() { |
100 |
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die |
101 |
- default |
102 |
- eautoreconf |
103 |
-} |
104 |
- |
105 |
-src_configure() { |
106 |
- if use kernel ; then |
107 |
- ewarn "Note that kernel backend is very slow for this type of operation" |
108 |
- ewarn "and is provided mainly for embedded systems wanting to avoid" |
109 |
- ewarn "userspace crypto libraries." |
110 |
- fi |
111 |
- |
112 |
- local myeconfargs=( |
113 |
- --disable-internal-argon2 |
114 |
- --enable-shared |
115 |
- --sbindir=/sbin |
116 |
- # for later use |
117 |
- --with-default-luks-format=LUKS2 |
118 |
- --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d" |
119 |
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done) |
120 |
- $(use_enable argon2 libargon2) |
121 |
- $(use_enable nls) |
122 |
- $(use_enable pwquality) |
123 |
- $(use_enable reencrypt cryptsetup-reencrypt) |
124 |
- $(use_enable static static-cryptsetup) |
125 |
- $(use_enable static-libs static) |
126 |
- $(use_enable udev) |
127 |
- $(use_enable !urandom dev-random) |
128 |
- $(usex argon2 '' '--with-luks2-pbkdf=pbkdf2') |
129 |
- ) |
130 |
- econf "${myeconfargs[@]}" |
131 |
-} |
132 |
- |
133 |
-src_test() { |
134 |
- if [[ ! -e /dev/mapper/control ]] ; then |
135 |
- ewarn "No /dev/mapper/control found -- skipping tests" |
136 |
- return 0 |
137 |
- fi |
138 |
- |
139 |
- local p |
140 |
- for p in /dev/mapper /dev/loop* ; do |
141 |
- addwrite ${p} |
142 |
- done |
143 |
- |
144 |
- default |
145 |
-} |
146 |
- |
147 |
-src_install() { |
148 |
- default |
149 |
- |
150 |
- if use static ; then |
151 |
- mv "${ED}"/sbin/cryptsetup{.static,} || die |
152 |
- mv "${ED}"/sbin/veritysetup{.static,} || die |
153 |
- if use reencrypt ; then |
154 |
- mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die |
155 |
- fi |
156 |
- fi |
157 |
- find "${ED}" -type f -name "*.la" -delete || die |
158 |
- |
159 |
- dodoc docs/v*ReleaseNotes |
160 |
- |
161 |
- newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt |
162 |
- newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt |
163 |
-} |
164 |
- |
165 |
-pkg_postinst() { |
166 |
- tmpfiles_process cryptsetup.conf |
167 |
-} |
168 |
|
169 |
diff --git a/sys-fs/cryptsetup/cryptsetup-2.3.7.ebuild b/sys-fs/cryptsetup/cryptsetup-2.3.7.ebuild |
170 |
deleted file mode 100644 |
171 |
index f6ad133f9546..000000000000 |
172 |
--- a/sys-fs/cryptsetup/cryptsetup-2.3.7.ebuild |
173 |
+++ /dev/null |
174 |
@@ -1,127 +0,0 @@ |
175 |
-# Copyright 1999-2022 Gentoo Authors |
176 |
-# Distributed under the terms of the GNU General Public License v2 |
177 |
- |
178 |
-EAPI=7 |
179 |
- |
180 |
-inherit autotools linux-info tmpfiles |
181 |
- |
182 |
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt" |
183 |
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md" |
184 |
-SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz" |
185 |
- |
186 |
-LICENSE="GPL-2+" |
187 |
-SLOT="0/12" # libcryptsetup.so version |
188 |
-[[ ${PV} != *_rc* ]] && \ |
189 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" |
190 |
-CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" |
191 |
-# we don't support nss since it doesn't allow cryptsetup to be built statically |
192 |
-# and it's missing ripemd160 support so it can't provide full backward compatibility |
193 |
-IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt static static-libs +udev urandom" |
194 |
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} ) |
195 |
- static? ( !gcrypt !udev )" #496612 |
196 |
- |
197 |
-LIB_DEPEND=" |
198 |
- dev-libs/json-c:=[static-libs(+)] |
199 |
- dev-libs/libgpg-error[static-libs(+)] |
200 |
- dev-libs/popt[static-libs(+)] |
201 |
- >=sys-apps/util-linux-2.31-r1[static-libs(+)] |
202 |
- argon2? ( app-crypt/argon2:=[static-libs(+)] ) |
203 |
- gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] ) |
204 |
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) |
205 |
- openssl? ( dev-libs/openssl:0=[static-libs(+)] ) |
206 |
- pwquality? ( dev-libs/libpwquality[static-libs(+)] ) |
207 |
- sys-fs/lvm2[static-libs(+)]" |
208 |
-# We have to always depend on ${LIB_DEPEND} rather than put behind |
209 |
-# !static? () because we provide a shared library which links against |
210 |
-# these other packages. #414665 |
211 |
-RDEPEND="static-libs? ( ${LIB_DEPEND} ) |
212 |
- ${LIB_DEPEND//\[static-libs\([+-]\)\]} |
213 |
- udev? ( virtual/libudev:= )" |
214 |
-DEPEND="${RDEPEND} |
215 |
- static? ( ${LIB_DEPEND} )" |
216 |
-BDEPEND=" |
217 |
- virtual/pkgconfig |
218 |
-" |
219 |
- |
220 |
-S="${WORKDIR}/${P/_/-}" |
221 |
- |
222 |
-PATCHES=( "${FILESDIR}"/${PN}-2.0.4-fix-static-pwquality-build.patch ) |
223 |
- |
224 |
-pkg_setup() { |
225 |
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256" |
226 |
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n" |
227 |
- local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n" |
228 |
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n" |
229 |
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n" |
230 |
- check_extra_config |
231 |
-} |
232 |
- |
233 |
-src_prepare() { |
234 |
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die |
235 |
- default |
236 |
- eautoreconf |
237 |
-} |
238 |
- |
239 |
-src_configure() { |
240 |
- if use kernel ; then |
241 |
- ewarn "Note that kernel backend is very slow for this type of operation" |
242 |
- ewarn "and is provided mainly for embedded systems wanting to avoid" |
243 |
- ewarn "userspace crypto libraries." |
244 |
- fi |
245 |
- |
246 |
- local myeconfargs=( |
247 |
- --disable-internal-argon2 |
248 |
- --enable-shared |
249 |
- --sbindir=/sbin |
250 |
- # for later use |
251 |
- --with-default-luks-format=LUKS2 |
252 |
- --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d" |
253 |
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done) |
254 |
- $(use_enable argon2 libargon2) |
255 |
- $(use_enable nls) |
256 |
- $(use_enable pwquality) |
257 |
- $(use_enable reencrypt cryptsetup-reencrypt) |
258 |
- $(use_enable static static-cryptsetup) |
259 |
- $(use_enable static-libs static) |
260 |
- $(use_enable udev) |
261 |
- $(use_enable !urandom dev-random) |
262 |
- $(usex argon2 '' '--with-luks2-pbkdf=pbkdf2') |
263 |
- ) |
264 |
- econf "${myeconfargs[@]}" |
265 |
-} |
266 |
- |
267 |
-src_test() { |
268 |
- if [[ ! -e /dev/mapper/control ]] ; then |
269 |
- ewarn "No /dev/mapper/control found -- skipping tests" |
270 |
- return 0 |
271 |
- fi |
272 |
- |
273 |
- local p |
274 |
- for p in /dev/mapper /dev/loop* ; do |
275 |
- addwrite ${p} |
276 |
- done |
277 |
- |
278 |
- default |
279 |
-} |
280 |
- |
281 |
-src_install() { |
282 |
- default |
283 |
- |
284 |
- if use static ; then |
285 |
- mv "${ED}"/sbin/cryptsetup{.static,} || die |
286 |
- mv "${ED}"/sbin/veritysetup{.static,} || die |
287 |
- if use reencrypt ; then |
288 |
- mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die |
289 |
- fi |
290 |
- fi |
291 |
- find "${ED}" -type f -name "*.la" -delete || die |
292 |
- |
293 |
- dodoc docs/v*ReleaseNotes |
294 |
- |
295 |
- newconfd "${FILESDIR}"/1.6.7-dmcrypt.confd dmcrypt |
296 |
- newinitd "${FILESDIR}"/1.6.7-dmcrypt.rc dmcrypt |
297 |
-} |
298 |
- |
299 |
-pkg_postinst() { |
300 |
- tmpfiles_process cryptsetup.conf |
301 |
-} |
302 |
|
303 |
diff --git a/sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild |
304 |
deleted file mode 100644 |
305 |
index 928f589b9606..000000000000 |
306 |
--- a/sys-fs/cryptsetup/cryptsetup-2.4.1-r1.ebuild |
307 |
+++ /dev/null |
308 |
@@ -1,141 +0,0 @@ |
309 |
-# Copyright 1999-2021 Gentoo Authors |
310 |
-# Distributed under the terms of the GNU General Public License v2 |
311 |
- |
312 |
-EAPI=7 |
313 |
- |
314 |
-inherit autotools linux-info tmpfiles |
315 |
- |
316 |
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt" |
317 |
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md" |
318 |
-SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz" |
319 |
- |
320 |
-LICENSE="GPL-2+" |
321 |
-SLOT="0/12" # libcryptsetup.so version |
322 |
-[[ ${PV} != *_rc* ]] && \ |
323 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" |
324 |
-CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" |
325 |
-# we don't support nss since it doesn't allow cryptsetup to be built statically |
326 |
-# and it's missing ripemd160 support so it can't provide full backward compatibility |
327 |
-IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt ssh static static-libs +udev urandom" |
328 |
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} ) |
329 |
- static? ( !gcrypt !udev )" #496612 |
330 |
- |
331 |
-LIB_DEPEND=" |
332 |
- dev-libs/json-c:=[static-libs(+)] |
333 |
- dev-libs/popt[static-libs(+)] |
334 |
- >=sys-apps/util-linux-2.31-r1[static-libs(+)] |
335 |
- argon2? ( app-crypt/argon2:=[static-libs(+)] ) |
336 |
- gcrypt? ( |
337 |
- dev-libs/libgcrypt:0=[static-libs(+)] |
338 |
- dev-libs/libgpg-error[static-libs(+)] |
339 |
- ) |
340 |
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) |
341 |
- openssl? ( dev-libs/openssl:0=[static-libs(+)] ) |
342 |
- pwquality? ( dev-libs/libpwquality[static-libs(+)] ) |
343 |
- ssh? ( net-libs/libssh[static-libs(+)] ) |
344 |
- sys-fs/lvm2[static-libs(+)]" |
345 |
-# We have to always depend on ${LIB_DEPEND} rather than put behind |
346 |
-# !static? () because we provide a shared library which links against |
347 |
-# these other packages. #414665 |
348 |
-RDEPEND="static-libs? ( ${LIB_DEPEND} ) |
349 |
- ${LIB_DEPEND//\[static-libs\([+-]\)\]} |
350 |
- udev? ( virtual/libudev:= )" |
351 |
-DEPEND="${RDEPEND} |
352 |
- static? ( ${LIB_DEPEND} )" |
353 |
-BDEPEND=" |
354 |
- virtual/pkgconfig |
355 |
-" |
356 |
- |
357 |
-S="${WORKDIR}/${P/_/-}" |
358 |
- |
359 |
-PATCHES=( |
360 |
- "${FILESDIR}"/cryptsetup-2.4.1-external-tokens.patch |
361 |
- |
362 |
- # Remove autotools/eautoreconf when this patch is dropped. |
363 |
- "${FILESDIR}"/cryptsetup-2.4.1-fix-static-pwquality-build.patch |
364 |
-) |
365 |
- |
366 |
-pkg_setup() { |
367 |
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256" |
368 |
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n" |
369 |
- local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n" |
370 |
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n" |
371 |
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n" |
372 |
- check_extra_config |
373 |
-} |
374 |
- |
375 |
-src_prepare() { |
376 |
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die |
377 |
- default |
378 |
- eautoreconf |
379 |
-} |
380 |
- |
381 |
-src_configure() { |
382 |
- if use kernel ; then |
383 |
- ewarn "Note that kernel backend is very slow for this type of operation" |
384 |
- ewarn "and is provided mainly for embedded systems wanting to avoid" |
385 |
- ewarn "userspace crypto libraries." |
386 |
- fi |
387 |
- |
388 |
- local myeconfargs=( |
389 |
- --disable-internal-argon2 |
390 |
- --enable-shared |
391 |
- --sbindir=/sbin |
392 |
- # for later use |
393 |
- --with-default-luks-format=LUKS2 |
394 |
- --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d" |
395 |
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done) |
396 |
- $(use_enable argon2 libargon2) |
397 |
- $(use_enable nls) |
398 |
- $(use_enable pwquality) |
399 |
- $(use_enable reencrypt cryptsetup-reencrypt) |
400 |
- $(use_enable !static external-tokens) |
401 |
- $(use_enable static static-cryptsetup) |
402 |
- $(use_enable static-libs static) |
403 |
- $(use_enable udev) |
404 |
- $(use_enable !urandom dev-random) |
405 |
- $(use_enable ssh ssh-token) |
406 |
- $(usex argon2 '' '--with-luks2-pbkdf=pbkdf2') |
407 |
- ) |
408 |
- econf "${myeconfargs[@]}" |
409 |
-} |
410 |
- |
411 |
-src_test() { |
412 |
- if [[ ! -e /dev/mapper/control ]] ; then |
413 |
- ewarn "No /dev/mapper/control found -- skipping tests" |
414 |
- return 0 |
415 |
- fi |
416 |
- |
417 |
- local p |
418 |
- for p in /dev/mapper /dev/loop* ; do |
419 |
- addwrite ${p} |
420 |
- done |
421 |
- |
422 |
- default |
423 |
-} |
424 |
- |
425 |
-src_install() { |
426 |
- default |
427 |
- |
428 |
- if use static ; then |
429 |
- mv "${ED}"/sbin/cryptsetup{.static,} || die |
430 |
- mv "${ED}"/sbin/veritysetup{.static,} || die |
431 |
- mv "${ED}"/sbin/integritysetup{.static,} || die |
432 |
- if use ssh ; then |
433 |
- mv "${ED}"/sbin/cryptsetup-ssh{.static,} || die |
434 |
- fi |
435 |
- if use reencrypt ; then |
436 |
- mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die |
437 |
- fi |
438 |
- fi |
439 |
- find "${ED}" -type f -name "*.la" -delete || die |
440 |
- |
441 |
- dodoc docs/v*ReleaseNotes |
442 |
- |
443 |
- newconfd "${FILESDIR}"/2.4.0-dmcrypt.confd dmcrypt |
444 |
- newinitd "${FILESDIR}"/2.4.0-dmcrypt.rc dmcrypt |
445 |
-} |
446 |
- |
447 |
-pkg_postinst() { |
448 |
- tmpfiles_process cryptsetup.conf |
449 |
-} |
450 |
|
451 |
diff --git a/sys-fs/cryptsetup/cryptsetup-2.4.2-r1.ebuild b/sys-fs/cryptsetup/cryptsetup-2.4.2-r1.ebuild |
452 |
deleted file mode 100644 |
453 |
index 9bfa24d56c8d..000000000000 |
454 |
--- a/sys-fs/cryptsetup/cryptsetup-2.4.2-r1.ebuild |
455 |
+++ /dev/null |
456 |
@@ -1,133 +0,0 @@ |
457 |
-# Copyright 1999-2021 Gentoo Authors |
458 |
-# Distributed under the terms of the GNU General Public License v2 |
459 |
- |
460 |
-EAPI=7 |
461 |
- |
462 |
-inherit linux-info tmpfiles |
463 |
- |
464 |
-DESCRIPTION="Tool to setup encrypted devices with dm-crypt" |
465 |
-HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup/blob/master/README.md" |
466 |
-SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz" |
467 |
- |
468 |
-LICENSE="GPL-2+" |
469 |
-SLOT="0/12" # libcryptsetup.so version |
470 |
-[[ ${PV} != *_rc* ]] && \ |
471 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" |
472 |
-CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" |
473 |
-# we don't support nss since it doesn't allow cryptsetup to be built statically |
474 |
-# and it's missing ripemd160 support so it can't provide full backward compatibility |
475 |
-IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt ssh static static-libs +udev urandom" |
476 |
-REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} ) |
477 |
- static? ( !gcrypt !udev )" #496612 |
478 |
- |
479 |
-LIB_DEPEND=" |
480 |
- dev-libs/json-c:=[static-libs(+)] |
481 |
- dev-libs/popt[static-libs(+)] |
482 |
- >=sys-apps/util-linux-2.31-r1[static-libs(+)] |
483 |
- argon2? ( app-crypt/argon2:=[static-libs(+)] ) |
484 |
- gcrypt? ( |
485 |
- dev-libs/libgcrypt:0=[static-libs(+)] |
486 |
- dev-libs/libgpg-error[static-libs(+)] |
487 |
- ) |
488 |
- nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) |
489 |
- openssl? ( dev-libs/openssl:0=[static-libs(+)] ) |
490 |
- pwquality? ( dev-libs/libpwquality[static-libs(+)] ) |
491 |
- ssh? ( net-libs/libssh[static-libs(+)] ) |
492 |
- sys-fs/lvm2[static-libs(+)]" |
493 |
-# We have to always depend on ${LIB_DEPEND} rather than put behind |
494 |
-# !static? () because we provide a shared library which links against |
495 |
-# these other packages. #414665 |
496 |
-RDEPEND="static-libs? ( ${LIB_DEPEND} ) |
497 |
- ${LIB_DEPEND//\[static-libs\([+-]\)\]} |
498 |
- udev? ( virtual/libudev:= )" |
499 |
-DEPEND="${RDEPEND} |
500 |
- static? ( ${LIB_DEPEND} )" |
501 |
-BDEPEND=" |
502 |
- virtual/pkgconfig |
503 |
-" |
504 |
- |
505 |
-S="${WORKDIR}/${P/_/-}" |
506 |
- |
507 |
-pkg_setup() { |
508 |
- local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256" |
509 |
- local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n" |
510 |
- local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n" |
511 |
- local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n" |
512 |
- local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n" |
513 |
- check_extra_config |
514 |
-} |
515 |
- |
516 |
-src_prepare() { |
517 |
- sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die |
518 |
- default |
519 |
-} |
520 |
- |
521 |
-src_configure() { |
522 |
- if use kernel ; then |
523 |
- ewarn "Note that kernel backend is very slow for this type of operation" |
524 |
- ewarn "and is provided mainly for embedded systems wanting to avoid" |
525 |
- ewarn "userspace crypto libraries." |
526 |
- fi |
527 |
- |
528 |
- local myeconfargs=( |
529 |
- --disable-internal-argon2 |
530 |
- --enable-shared |
531 |
- --sbindir=/sbin |
532 |
- # for later use |
533 |
- --with-default-luks-format=LUKS2 |
534 |
- --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d" |
535 |
- --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done) |
536 |
- $(use_enable argon2 libargon2) |
537 |
- $(use_enable nls) |
538 |
- $(use_enable pwquality) |
539 |
- $(use_enable reencrypt cryptsetup-reencrypt) |
540 |
- $(use_enable !static external-tokens) |
541 |
- $(use_enable static static-cryptsetup) |
542 |
- $(use_enable static-libs static) |
543 |
- $(use_enable udev) |
544 |
- $(use_enable !urandom dev-random) |
545 |
- $(use_enable ssh ssh-token) |
546 |
- $(usex argon2 '' '--with-luks2-pbkdf=pbkdf2') |
547 |
- ) |
548 |
- econf "${myeconfargs[@]}" |
549 |
-} |
550 |
- |
551 |
-src_test() { |
552 |
- if [[ ! -e /dev/mapper/control ]] ; then |
553 |
- ewarn "No /dev/mapper/control found -- skipping tests" |
554 |
- return 0 |
555 |
- fi |
556 |
- |
557 |
- local p |
558 |
- for p in /dev/mapper /dev/loop* ; do |
559 |
- addwrite ${p} |
560 |
- done |
561 |
- |
562 |
- default |
563 |
-} |
564 |
- |
565 |
-src_install() { |
566 |
- default |
567 |
- |
568 |
- if use static ; then |
569 |
- mv "${ED}"/sbin/cryptsetup{.static,} || die |
570 |
- mv "${ED}"/sbin/veritysetup{.static,} || die |
571 |
- mv "${ED}"/sbin/integritysetup{.static,} || die |
572 |
- if use ssh ; then |
573 |
- mv "${ED}"/sbin/cryptsetup-ssh{.static,} || die |
574 |
- fi |
575 |
- if use reencrypt ; then |
576 |
- mv "${ED}"/sbin/cryptsetup-reencrypt{.static,} || die |
577 |
- fi |
578 |
- fi |
579 |
- find "${ED}" -type f -name "*.la" -delete || die |
580 |
- |
581 |
- dodoc docs/v*ReleaseNotes |
582 |
- |
583 |
- newconfd "${FILESDIR}"/2.4.0-dmcrypt.confd dmcrypt |
584 |
- newinitd "${FILESDIR}"/2.4.0-dmcrypt.rc dmcrypt |
585 |
-} |
586 |
- |
587 |
-pkg_postinst() { |
588 |
- tmpfiles_process cryptsetup.conf |
589 |
-} |
590 |
|
591 |
diff --git a/sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd b/sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd |
592 |
deleted file mode 100644 |
593 |
index 642ff087078b..000000000000 |
594 |
--- a/sys-fs/cryptsetup/files/1.6.7-dmcrypt.confd |
595 |
+++ /dev/null |
596 |
@@ -1,111 +0,0 @@ |
597 |
-# /etc/conf.d/dmcrypt |
598 |
- |
599 |
-# For people who run dmcrypt on top of some other layer (like raid), |
600 |
-# use rc_need to specify that requirement. See the runscript(8) man |
601 |
-# page for more information. |
602 |
- |
603 |
-#-------------------- |
604 |
-# Instructions |
605 |
-#-------------------- |
606 |
- |
607 |
-# Note regarding the syntax of this file. This file is *almost* bash, |
608 |
-# but each line is evaluated separately. Separate swaps/targets can be |
609 |
-# specified. The init-script which reads this file assumes that a |
610 |
-# swap= or target= line starts a new section, similar to lilo or grub |
611 |
-# configuration. |
612 |
- |
613 |
-# Note when using gpg keys and /usr on a separate partition, you will |
614 |
-# have to copy /usr/bin/gpg to /bin/gpg so that it will work properly |
615 |
-# and ensure that gpg has been compiled statically. |
616 |
-# See http://bugs.gentoo.org/90482 for more information. |
617 |
- |
618 |
-# Note that the init-script which reads this file detects whether your |
619 |
-# partition is LUKS or not. No mkfs is run unless you specify a makefs |
620 |
-# option. |
621 |
- |
622 |
-# Global options: |
623 |
-#---------------- |
624 |
- |
625 |
-# How long to wait for each timeout (in seconds). |
626 |
-dmcrypt_key_timeout=1 |
627 |
- |
628 |
-# Max number of checks to perform (see dmcrypt_key_timeout). |
629 |
-#dmcrypt_max_timeout=300 |
630 |
- |
631 |
-# Number of password retries. |
632 |
-dmcrypt_retries=5 |
633 |
- |
634 |
-# Arguments: |
635 |
-#----------- |
636 |
-# target=<name> == Mapping name for partition. |
637 |
-# swap=<name> == Mapping name for swap partition. |
638 |
-# source='<dev>' == Real device for partition. |
639 |
-# Note: You can (and should) specify a tag like UUID |
640 |
-# for blkid (see -t option). This is safer than using |
641 |
-# the full path to the device. |
642 |
-# key='</path/to/keyfile>[:<mode>]' == Fullpath from / or from inside removable media. |
643 |
-# remdev='<dev>' == Device that will be assigned to removable media. |
644 |
-# gpg_options='<opts>' == Default are --quiet --decrypt |
645 |
-# options='<opts>' == cryptsetup, for LUKS you can only use --readonly |
646 |
-# loop_file='<file>' == Loopback file. |
647 |
-# Note: If you omit $source, then a free loopback will |
648 |
-# be looked up automatically. |
649 |
-# pre_mount='cmds' == commands to execute before mounting partition. |
650 |
-# post_mount='cmds' == commands to execute after mounting partition. |
651 |
-#----------- |
652 |
-# Supported Modes |
653 |
-# gpg == decrypt and pipe key into cryptsetup. |
654 |
-# Note: new-line character must not be part of key. |
655 |
-# Command to erase \n char: 'cat key | tr -d '\n' > cleanKey' |
656 |
- |
657 |
-#-------------------- |
658 |
-# dm-crypt examples |
659 |
-#-------------------- |
660 |
- |
661 |
-## swap |
662 |
-# Swap partitions. These should come first so that no keys make their |
663 |
-# way into unencrypted swap. |
664 |
-# If no options are given, they will default to: -c aes -h sha1 -d /dev/urandom |
665 |
-# If no makefs is given then mkswap will be assumed |
666 |
-#swap=crypt-swap |
667 |
-#source='/dev/hda2' |
668 |
- |
669 |
-## /home with passphrase |
670 |
-#target=crypt-home |
671 |
-#source='/dev/hda5' |
672 |
- |
673 |
-## /home with regular keyfile |
674 |
-#target=crypt-home |
675 |
-#source='/dev/hda5' |
676 |
-#key='/full/path/to/homekey' |
677 |
- |
678 |
-## /home with gpg protected key |
679 |
-#target=crypt-home |
680 |
-#source='/dev/hda5' |
681 |
-#key='/full/path/to/homekey:gpg' |
682 |
- |
683 |
-## /home with regular keyfile on removable media(such as usb-stick) |
684 |
-#target=crypt-home |
685 |
-#source='/dev/hda5' |
686 |
-#key='/full/path/to/homekey' |
687 |
-#remdev='/dev/sda1' |
688 |
- |
689 |
-## /home with gpg protected key on removable media(such as usb-stick) |
690 |
-#target=crypt-home |
691 |
-#source='/dev/hda5' |
692 |
-#key='/full/path/to/homekey:gpg' |
693 |
-#remdev='/dev/sda1' |
694 |
- |
695 |
-## /tmp with regular keyfile |
696 |
-#target=crypt-tmp |
697 |
-#source='/dev/hda6' |
698 |
-#key='/full/path/to/tmpkey' |
699 |
-#pre_mount='/sbin/mkreiserfs -f -f ${dev}' |
700 |
-#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}' |
701 |
- |
702 |
-## Loopback file example |
703 |
-#target='crypt-loop-home' |
704 |
-#source='/dev/loop0' |
705 |
-#loop_file='/mnt/crypt/home' |
706 |
- |
707 |
-# The file must be terminated by a newline. Or leave this comment last. |
708 |
|
709 |
diff --git a/sys-fs/cryptsetup/files/1.6.7-dmcrypt.rc b/sys-fs/cryptsetup/files/1.6.7-dmcrypt.rc |
710 |
deleted file mode 100644 |
711 |
index cdd20ba929d4..000000000000 |
712 |
--- a/sys-fs/cryptsetup/files/1.6.7-dmcrypt.rc |
713 |
+++ /dev/null |
714 |
@@ -1,339 +0,0 @@ |
715 |
-#!/sbin/openrc-run |
716 |
-# Copyright 1999-2015 Gentoo Foundation |
717 |
-# Distributed under the terms of the GNU General Public License v2 |
718 |
- |
719 |
-depend() { |
720 |
- before checkfs fsck |
721 |
- |
722 |
- if grep -qs ^swap= "${conf_file}" ; then |
723 |
- before swap |
724 |
- fi |
725 |
-} |
726 |
- |
727 |
-# We support multiple dmcrypt instances based on $SVCNAME |
728 |
-conf_file="/etc/conf.d/${SVCNAME}" |
729 |
- |
730 |
-# Get splash helpers if available. |
731 |
-if [ -e /sbin/splash-functions.sh ] ; then |
732 |
- . /sbin/splash-functions.sh |
733 |
-fi |
734 |
- |
735 |
-# Setup mappings for an individual target/swap |
736 |
-# Note: This relies on variables localized in the main body below. |
737 |
-dm_crypt_execute() { |
738 |
- local dev ret mode foo |
739 |
- |
740 |
- if [ -z "${target}" -a -z "${swap}" ] ; then |
741 |
- return |
742 |
- fi |
743 |
- |
744 |
- # Set up default values. |
745 |
- : ${dmcrypt_key_timeout:=1} |
746 |
- : ${dmcrypt_max_timeout:=300} |
747 |
- : ${dmcrypt_retries:=5} |
748 |
- |
749 |
- # Handle automatic look up of the source path. |
750 |
- if [ -z "${source}" -a -n "${loop_file}" ] ; then |
751 |
- source=$(losetup --show -f "${loop_file}") |
752 |
- fi |
753 |
- case ${source} in |
754 |
- *=*) |
755 |
- source=$(blkid -l -t "${source}" -o device) |
756 |
- ;; |
757 |
- esac |
758 |
- if [ -z "${source}" ] || [ ! -e "${source}" ] ; then |
759 |
- ewarn "source \"${source}\" for ${target} missing, skipping..." |
760 |
- return |
761 |
- fi |
762 |
- |
763 |
- if [ -n "${target}" ] ; then |
764 |
- # let user set options, otherwise leave empty |
765 |
- : ${options:=' '} |
766 |
- elif [ -n "${swap}" ] ; then |
767 |
- if cryptsetup isLuks ${source} 2>/dev/null ; then |
768 |
- ewarn "The swap you have defined is a LUKS partition. Aborting crypt-swap setup." |
769 |
- return |
770 |
- fi |
771 |
- target=${swap} |
772 |
- # swap contents do not need to be preserved between boots, luks not required. |
773 |
- # suspend2 users should have initramfs's init handling their swap partition either way. |
774 |
- : ${options:='-c aes -h sha1 -d /dev/urandom'} |
775 |
- : ${pre_mount:='mkswap ${dev}'} |
776 |
- fi |
777 |
- |
778 |
- if [ -n "${loop_file}" ] ; then |
779 |
- dev="/dev/mapper/${target}" |
780 |
- ebegin " Setting up loop device ${source}" |
781 |
- losetup ${source} ${loop_file} |
782 |
- fi |
783 |
- |
784 |
- # cryptsetup: |
785 |
- # open <device> <name> # <device> is $source |
786 |
- # create <name> <device> # <name> is $target |
787 |
- local arg1="create" arg2="${target}" arg3="${source}" |
788 |
- if cryptsetup isLuks ${source} 2>/dev/null ; then |
789 |
- arg1="open" |
790 |
- arg2="${source}" |
791 |
- arg3="${target}" |
792 |
- fi |
793 |
- |
794 |
- # Older versions reported: |
795 |
- # ${target} is active: |
796 |
- # Newer versions report: |
797 |
- # ${target} is active[ and is in use.] |
798 |
- if cryptsetup status ${target} | egrep -q ' is active' ; then |
799 |
- einfo "dm-crypt mapping ${target} is already configured" |
800 |
- return |
801 |
- fi |
802 |
- splash svc_input_begin ${SVCNAME} >/dev/null 2>&1 |
803 |
- |
804 |
- # Handle keys |
805 |
- if [ -n "${key}" ] ; then |
806 |
- read_abort() { |
807 |
- # some colors |
808 |
- local ans savetty resettty |
809 |
- [ -z "${NORMAL}" ] && eval $(eval_ecolors) |
810 |
- einfon " $1? (${WARN}yes${NORMAL}/${GOOD}No${NORMAL}) " |
811 |
- shift |
812 |
- # This is ugly as s**t. But POSIX doesn't provide `read -t`, so |
813 |
- # we end up having to implement our own crap with stty/etc... |
814 |
- savetty=$(stty -g) |
815 |
- resettty='stty ${savetty}; trap - EXIT HUP INT TERM' |
816 |
- trap 'eval "${resettty}"' EXIT HUP INT TERM |
817 |
- stty -icanon |
818 |
- stty min 0 time "$(( $2 * 10 ))" |
819 |
- ans=$(dd count=1 bs=1 2>/dev/null) || ans='' |
820 |
- eval "${resettty}" |
821 |
- if [ -z "${ans}" ] ; then |
822 |
- printf '\r' |
823 |
- else |
824 |
- echo |
825 |
- fi |
826 |
- case ${ans} in |
827 |
- [yY]) return 0;; |
828 |
- *) return 1;; |
829 |
- esac |
830 |
- } |
831 |
- |
832 |
- # Notes: sed not used to avoid case where /usr partition is encrypted. |
833 |
- mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg |
834 |
- key=${key%:*} |
835 |
- case "${mode}" in |
836 |
- gpg|reg) |
837 |
- # handle key on removable device |
838 |
- if [ -n "${remdev}" ] ; then |
839 |
- # temp directory to mount removable device |
840 |
- local mntrem="${RC_SVCDIR}/dm-crypt-remdev.$$" |
841 |
- if [ ! -d "${mntrem}" ] ; then |
842 |
- if ! mkdir -p "${mntrem}" ; then |
843 |
- ewarn "${source} will not be decrypted ..." |
844 |
- einfo "Reason: Unable to create temporary mount point '${mntrem}'" |
845 |
- return |
846 |
- fi |
847 |
- fi |
848 |
- i=0 |
849 |
- einfo "Please insert removable device for ${target}" |
850 |
- while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do |
851 |
- foo="" |
852 |
- if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then |
853 |
- # keyfile exists? |
854 |
- if [ ! -e "${mntrem}${key}" ] ; then |
855 |
- umount -n "${mntrem}" |
856 |
- rmdir "${mntrem}" |
857 |
- einfo "Cannot find ${key} on removable media." |
858 |
- read_abort "Abort" ${dmcrypt_key_timeout} && return |
859 |
- else |
860 |
- key="${mntrem}${key}" |
861 |
- break |
862 |
- fi |
863 |
- else |
864 |
- [ -e "${remdev}" ] \ |
865 |
- && foo="mount failed" \ |
866 |
- || foo="mount source not found" |
867 |
- fi |
868 |
- : $((i += 1)) |
869 |
- read_abort "Stop waiting after $i attempts (${foo})" -t 1 && return |
870 |
- done |
871 |
- else # keyfile ! on removable device |
872 |
- if [ ! -e "${key}" ] ; then |
873 |
- ewarn "${source} will not be decrypted ..." |
874 |
- einfo "Reason: keyfile ${key} does not exist." |
875 |
- return |
876 |
- fi |
877 |
- fi |
878 |
- ;; |
879 |
- *) |
880 |
- ewarn "${source} will not be decrypted ..." |
881 |
- einfo "Reason: mode ${mode} is invalid." |
882 |
- return |
883 |
- ;; |
884 |
- esac |
885 |
- else |
886 |
- mode=none |
887 |
- fi |
888 |
- ebegin " ${target} using: ${options} ${arg1} ${arg2} ${arg3}" |
889 |
- if [ "${mode}" = "gpg" ] ; then |
890 |
- : ${gpg_options:='-q -d'} |
891 |
- # gpg available ? |
892 |
- if command -v gpg >/dev/null ; then |
893 |
- i=0 |
894 |
- while [ ${i} -lt ${dmcrypt_retries} ] ; do |
895 |
- # paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected. |
896 |
- # save stdin stdout stderr "values" |
897 |
- timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \ |
898 |
- cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3} |
899 |
- ret=$? |
900 |
- # The timeout command exits 124 when it times out. |
901 |
- [ ${ret} -eq 0 -o ${ret} -eq 124 ] && break |
902 |
- : $(( i += 1 )) |
903 |
- done |
904 |
- eend ${ret} "failure running cryptsetup" |
905 |
- else |
906 |
- ewarn "${source} will not be decrypted ..." |
907 |
- einfo "Reason: cannot find gpg application." |
908 |
- einfo "You have to install app-crypt/gnupg first." |
909 |
- einfo "If you have /usr on its own partition, try copying gpg to /bin ." |
910 |
- fi |
911 |
- else |
912 |
- if [ "${mode}" = "reg" ] ; then |
913 |
- cryptsetup ${options} -d ${key} ${arg1} ${arg2} ${arg3} |
914 |
- ret=$? |
915 |
- eend ${ret} "failure running cryptsetup" |
916 |
- else |
917 |
- cryptsetup ${options} ${arg1} ${arg2} ${arg3} |
918 |
- ret=$? |
919 |
- eend ${ret} "failure running cryptsetup" |
920 |
- fi |
921 |
- fi |
922 |
- if [ -d "${mntrem}" ] ; then |
923 |
- umount -n ${mntrem} 2>/dev/null >/dev/null |
924 |
- rmdir ${mntrem} 2>/dev/null >/dev/null |
925 |
- fi |
926 |
- splash svc_input_end ${SVCNAME} >/dev/null 2>&1 |
927 |
- |
928 |
- if [ ${ret} -ne 0 ] ; then |
929 |
- cryptfs_status=1 |
930 |
- else |
931 |
- if [ -n "${pre_mount}" ] ; then |
932 |
- dev="/dev/mapper/${target}" |
933 |
- eval ebegin \"" pre_mount: ${pre_mount}"\" |
934 |
- eval "${pre_mount}" > /dev/null |
935 |
- ewend $? || cryptfs_status=1 |
936 |
- fi |
937 |
- fi |
938 |
-} |
939 |
- |
940 |
-# Lookup optional bootparams |
941 |
-get_bootparam_val() { |
942 |
- # We're given something like: |
943 |
- # foo=bar=cow |
944 |
- # Return the "bar=cow" part. |
945 |
- case $1 in |
946 |
- *=*) |
947 |
- echo "${1#*=}" |
948 |
- ;; |
949 |
- esac |
950 |
-} |
951 |
- |
952 |
-start() { |
953 |
- local header=true cryptfs_status=0 |
954 |
- local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev |
955 |
- |
956 |
- local x |
957 |
- for x in $(cat /proc/cmdline) ; do |
958 |
- case "${x}" in |
959 |
- key_timeout=*) |
960 |
- dmcrypt_key_timeout=$(get_bootparam_val "${x}") |
961 |
- ;; |
962 |
- esac |
963 |
- done |
964 |
- |
965 |
- while read targetline <&3 ; do |
966 |
- case ${targetline} in |
967 |
- # skip comments and blank lines |
968 |
- ""|"#"*) continue ;; |
969 |
- # skip service-specific openrc configs #377927 |
970 |
- rc_*) continue ;; |
971 |
- esac |
972 |
- |
973 |
- ${header} && ebegin "Setting up dm-crypt mappings" |
974 |
- header=false |
975 |
- |
976 |
- # check for the start of a new target/swap |
977 |
- case ${targetline} in |
978 |
- target=*|swap=*) |
979 |
- # If we have a target queued up, then execute it |
980 |
- dm_crypt_execute |
981 |
- |
982 |
- # Prepare for the next target/swap by resetting variables |
983 |
- unset gpg_options key loop_file target options pre_mount post_mount source swap remdev |
984 |
- ;; |
985 |
- |
986 |
- gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) |
987 |
- if [ -z "${target}${swap}" ] ; then |
988 |
- ewarn "Ignoring setting outside target/swap section: ${targetline}" |
989 |
- continue |
990 |
- fi |
991 |
- ;; |
992 |
- |
993 |
- dmcrypt_*=*) |
994 |
- # ignore global options |
995 |
- continue |
996 |
- ;; |
997 |
- |
998 |
- *) |
999 |
- ewarn "Skipping invalid line in ${conf_file}: ${targetline}" |
1000 |
- ;; |
1001 |
- esac |
1002 |
- |
1003 |
- # Queue this setting for the next call to dm_crypt_execute |
1004 |
- eval "${targetline}" |
1005 |
- done 3< ${conf_file} |
1006 |
- |
1007 |
- # If we have a target queued up, then execute it |
1008 |
- dm_crypt_execute |
1009 |
- |
1010 |
- ewend ${cryptfs_status} "Failed to setup dm-crypt devices" |
1011 |
-} |
1012 |
- |
1013 |
-stop() { |
1014 |
- local line header |
1015 |
- |
1016 |
- # Break down all mappings |
1017 |
- header=true |
1018 |
- egrep "^(target|swap)=" ${conf_file} | \ |
1019 |
- while read line ; do |
1020 |
- ${header} && einfo "Removing dm-crypt mappings" |
1021 |
- header=false |
1022 |
- |
1023 |
- target= swap= |
1024 |
- eval ${line} |
1025 |
- |
1026 |
- [ -n "${swap}" ] && target=${swap} |
1027 |
- if [ -z "${target}" ] ; then |
1028 |
- ewarn "invalid line in ${conf_file}: ${line}" |
1029 |
- continue |
1030 |
- fi |
1031 |
- |
1032 |
- ebegin " ${target}" |
1033 |
- cryptsetup remove ${target} |
1034 |
- eend $? |
1035 |
- done |
1036 |
- |
1037 |
- # Break down loop devices |
1038 |
- header=true |
1039 |
- grep '^source=./dev/loop' ${conf_file} | \ |
1040 |
- while read line ; do |
1041 |
- ${header} && einfo "Detaching dm-crypt loop devices" |
1042 |
- header=false |
1043 |
- |
1044 |
- source= |
1045 |
- eval ${line} |
1046 |
- |
1047 |
- ebegin " ${source}" |
1048 |
- losetup -d "${source}" |
1049 |
- eend $? |
1050 |
- done |
1051 |
- |
1052 |
- return 0 |
1053 |
-} |
1054 |
|
1055 |
diff --git a/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch b/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch |
1056 |
deleted file mode 100644 |
1057 |
index 39524ec3114b..000000000000 |
1058 |
--- a/sys-fs/cryptsetup/files/cryptsetup-2.0.4-fix-static-pwquality-build.patch |
1059 |
+++ /dev/null |
1060 |
@@ -1,18 +0,0 @@ |
1061 |
---- a/src/Makemodule.am 2018-07-31 14:32:46.000000000 +0200 |
1062 |
-+++ b/src/Makemodule.am 2018-08-12 17:13:26.000000000 +0200 |
1063 |
-@@ -64,6 +64,7 @@ |
1064 |
- $(veritysetup_LDADD) \ |
1065 |
- @CRYPTO_STATIC_LIBS@ \ |
1066 |
- @DEVMAPPER_STATIC_LIBS@ \ |
1067 |
-+ @PWQUALITY_STATIC_LIBS@ \ |
1068 |
- @UUID_LIBS@ |
1069 |
- endif |
1070 |
- endif |
1071 |
-@@ -93,6 +94,7 @@ |
1072 |
- $(integritysetup_LDADD) \ |
1073 |
- @CRYPTO_STATIC_LIBS@ \ |
1074 |
- @DEVMAPPER_STATIC_LIBS@ \ |
1075 |
-+ @PWQUALITY_STATIC_LIBS@ \ |
1076 |
- @UUID_LIBS@ |
1077 |
- endif |
1078 |
- endif |
1079 |
|
1080 |
diff --git a/sys-fs/cryptsetup/files/cryptsetup-2.4.1-external-tokens.patch b/sys-fs/cryptsetup/files/cryptsetup-2.4.1-external-tokens.patch |
1081 |
deleted file mode 100644 |
1082 |
index 1777a02652ce..000000000000 |
1083 |
--- a/sys-fs/cryptsetup/files/cryptsetup-2.4.1-external-tokens.patch |
1084 |
+++ /dev/null |
1085 |
@@ -1,34 +0,0 @@ |
1086 |
-From a1b577c085cc9ef6b95c4556ec8815070828ee6c Mon Sep 17 00:00:00 2001 |
1087 |
-From: Hector Martin <marcan@××××××.st> |
1088 |
-Date: Fri, 17 Sep 2021 05:44:18 +0000 |
1089 |
-Subject: [PATCH] Do not attempt to unload external tokens if |
1090 |
- USE_EXTERNAL_TOKENS is disabled. |
1091 |
- |
1092 |
-This allows building a static binary as long as --disable-external-tokens is used |
1093 |
---- |
1094 |
- lib/luks2/luks2_token.c | 2 ++ |
1095 |
- 1 file changed, 2 insertions(+) |
1096 |
- |
1097 |
-diff --git a/lib/luks2/luks2_token.c b/lib/luks2/luks2_token.c |
1098 |
-index d34cebf5..88d84418 100644 |
1099 |
---- a/lib/luks2/luks2_token.c |
1100 |
-+++ b/lib/luks2/luks2_token.c |
1101 |
-@@ -245,6 +245,7 @@ int crypt_token_register(const crypt_token_handler *handler) |
1102 |
- |
1103 |
- void crypt_token_unload_external_all(struct crypt_device *cd) |
1104 |
- { |
1105 |
-+#if USE_EXTERNAL_TOKENS |
1106 |
- int i; |
1107 |
- |
1108 |
- for (i = LUKS2_TOKENS_MAX - 1; i >= 0; i--) { |
1109 |
-@@ -258,6 +259,7 @@ void crypt_token_unload_external_all(struct crypt_device *cd) |
1110 |
- if (dlclose(CONST_CAST(void *)token_handlers[i].u.v2.dlhandle)) |
1111 |
- log_dbg(cd, "%s", dlerror()); |
1112 |
- } |
1113 |
-+#endif |
1114 |
- } |
1115 |
- |
1116 |
- static const void |
1117 |
--- |
1118 |
-GitLab |
1119 |
- |
1120 |
|
1121 |
diff --git a/sys-fs/cryptsetup/files/cryptsetup-2.4.1-fix-static-pwquality-build.patch b/sys-fs/cryptsetup/files/cryptsetup-2.4.1-fix-static-pwquality-build.patch |
1122 |
deleted file mode 100644 |
1123 |
index f39e88507ffd..000000000000 |
1124 |
--- a/sys-fs/cryptsetup/files/cryptsetup-2.4.1-fix-static-pwquality-build.patch |
1125 |
+++ /dev/null |
1126 |
@@ -1,225 +0,0 @@ |
1127 |
-From 26cc1644b489578c76ec6f576614ca885c00a35d Mon Sep 17 00:00:00 2001 |
1128 |
-From: Milan Broz <gmazyland@×××××.com> |
1129 |
-Date: Wed, 6 Oct 2021 12:27:25 +0200 |
1130 |
-Subject: [PATCH 1/2] Do not link integritysetup and veritysetup with |
1131 |
- pwquality. |
1132 |
- |
1133 |
-These tools do not read passphrases, no need to link to these libraries. |
1134 |
- |
1135 |
-Just move the helper code that introduced this dependence as a side-effect. |
1136 |
- |
1137 |
-Fixes: #677 |
1138 |
---- |
1139 |
- src/Makemodule.am | 6 ----- |
1140 |
- src/utils_password.c | 56 -------------------------------------------- |
1141 |
- src/utils_tools.c | 56 ++++++++++++++++++++++++++++++++++++++++++++ |
1142 |
- 3 files changed, 56 insertions(+), 62 deletions(-) |
1143 |
- |
1144 |
-diff --git a/src/Makemodule.am b/src/Makemodule.am |
1145 |
-index a6dc50cf..f2b896bf 100644 |
1146 |
---- a/src/Makemodule.am |
1147 |
-+++ b/src/Makemodule.am |
1148 |
-@@ -52,7 +52,6 @@ veritysetup_SOURCES = \ |
1149 |
- src/utils_arg_names.h \ |
1150 |
- src/utils_arg_macros.h \ |
1151 |
- src/utils_tools.c \ |
1152 |
-- src/utils_password.c \ |
1153 |
- src/veritysetup.c \ |
1154 |
- src/veritysetup_args.h \ |
1155 |
- src/veritysetup_arg_list.h \ |
1156 |
-@@ -61,8 +60,6 @@ veritysetup_SOURCES = \ |
1157 |
- veritysetup_LDADD = $(LDADD) \ |
1158 |
- libcryptsetup.la \ |
1159 |
- @POPT_LIBS@ \ |
1160 |
-- @PWQUALITY_LIBS@ \ |
1161 |
-- @PASSWDQC_LIBS@ \ |
1162 |
- @BLKID_LIBS@ |
1163 |
- |
1164 |
- sbin_PROGRAMS += veritysetup |
1165 |
-@@ -91,7 +88,6 @@ integritysetup_SOURCES = \ |
1166 |
- src/utils_arg_names.h \ |
1167 |
- src/utils_arg_macros.h \ |
1168 |
- src/utils_tools.c \ |
1169 |
-- src/utils_password.c \ |
1170 |
- src/utils_blockdev.c \ |
1171 |
- src/integritysetup.c \ |
1172 |
- src/integritysetup_args.h \ |
1173 |
-@@ -101,8 +97,6 @@ integritysetup_SOURCES = \ |
1174 |
- integritysetup_LDADD = $(LDADD) \ |
1175 |
- libcryptsetup.la \ |
1176 |
- @POPT_LIBS@ \ |
1177 |
-- @PWQUALITY_LIBS@ \ |
1178 |
-- @PASSWDQC_LIBS@ \ |
1179 |
- @UUID_LIBS@ \ |
1180 |
- @BLKID_LIBS@ |
1181 |
- |
1182 |
-diff --git a/src/utils_password.c b/src/utils_password.c |
1183 |
-index 58f3a7b3..65618b9c 100644 |
1184 |
---- a/src/utils_password.c |
1185 |
-+++ b/src/utils_password.c |
1186 |
-@@ -318,59 +318,3 @@ void tools_passphrase_msg(int r) |
1187 |
- else if (r == -ENOENT) |
1188 |
- log_err(_("No usable keyslot is available.")); |
1189 |
- } |
1190 |
-- |
1191 |
--int tools_read_mk(const char *file, char **key, int keysize) |
1192 |
--{ |
1193 |
-- int fd = -1, r = -EINVAL; |
1194 |
-- |
1195 |
-- if (keysize <= 0 || !key) |
1196 |
-- return -EINVAL; |
1197 |
-- |
1198 |
-- *key = crypt_safe_alloc(keysize); |
1199 |
-- if (!*key) |
1200 |
-- return -ENOMEM; |
1201 |
-- |
1202 |
-- fd = open(file, O_RDONLY); |
1203 |
-- if (fd == -1) { |
1204 |
-- log_err(_("Cannot read keyfile %s."), file); |
1205 |
-- goto out; |
1206 |
-- } |
1207 |
-- |
1208 |
-- if (read_buffer(fd, *key, keysize) != keysize) { |
1209 |
-- log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file); |
1210 |
-- goto out; |
1211 |
-- } |
1212 |
-- r = 0; |
1213 |
--out: |
1214 |
-- if (fd != -1) |
1215 |
-- close(fd); |
1216 |
-- |
1217 |
-- if (r) { |
1218 |
-- crypt_safe_free(*key); |
1219 |
-- *key = NULL; |
1220 |
-- } |
1221 |
-- |
1222 |
-- return r; |
1223 |
--} |
1224 |
-- |
1225 |
--int tools_write_mk(const char *file, const char *key, int keysize) |
1226 |
--{ |
1227 |
-- int fd, r = -EINVAL; |
1228 |
-- |
1229 |
-- if (keysize <= 0 || !key) |
1230 |
-- return -EINVAL; |
1231 |
-- |
1232 |
-- fd = open(file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR); |
1233 |
-- if (fd < 0) { |
1234 |
-- log_err(_("Cannot open keyfile %s for write."), file); |
1235 |
-- return r; |
1236 |
-- } |
1237 |
-- |
1238 |
-- if (write_buffer(fd, key, keysize) == keysize) |
1239 |
-- r = 0; |
1240 |
-- else |
1241 |
-- log_err(_("Cannot write to keyfile %s."), file); |
1242 |
-- |
1243 |
-- close(fd); |
1244 |
-- return r; |
1245 |
--} |
1246 |
-diff --git a/src/utils_tools.c b/src/utils_tools.c |
1247 |
-index dbd83695..cf66e4c4 100644 |
1248 |
---- a/src/utils_tools.c |
1249 |
-+++ b/src/utils_tools.c |
1250 |
-@@ -493,3 +493,59 @@ int tools_reencrypt_progress(uint64_t size, uint64_t offset, void *usrptr) |
1251 |
- |
1252 |
- return r; |
1253 |
- } |
1254 |
-+ |
1255 |
-+int tools_read_mk(const char *file, char **key, int keysize) |
1256 |
-+{ |
1257 |
-+ int fd = -1, r = -EINVAL; |
1258 |
-+ |
1259 |
-+ if (keysize <= 0 || !key) |
1260 |
-+ return -EINVAL; |
1261 |
-+ |
1262 |
-+ *key = crypt_safe_alloc(keysize); |
1263 |
-+ if (!*key) |
1264 |
-+ return -ENOMEM; |
1265 |
-+ |
1266 |
-+ fd = open(file, O_RDONLY); |
1267 |
-+ if (fd == -1) { |
1268 |
-+ log_err(_("Cannot read keyfile %s."), file); |
1269 |
-+ goto out; |
1270 |
-+ } |
1271 |
-+ |
1272 |
-+ if (read_buffer(fd, *key, keysize) != keysize) { |
1273 |
-+ log_err(_("Cannot read %d bytes from keyfile %s."), keysize, file); |
1274 |
-+ goto out; |
1275 |
-+ } |
1276 |
-+ r = 0; |
1277 |
-+out: |
1278 |
-+ if (fd != -1) |
1279 |
-+ close(fd); |
1280 |
-+ |
1281 |
-+ if (r) { |
1282 |
-+ crypt_safe_free(*key); |
1283 |
-+ *key = NULL; |
1284 |
-+ } |
1285 |
-+ |
1286 |
-+ return r; |
1287 |
-+} |
1288 |
-+ |
1289 |
-+int tools_write_mk(const char *file, const char *key, int keysize) |
1290 |
-+{ |
1291 |
-+ int fd, r = -EINVAL; |
1292 |
-+ |
1293 |
-+ if (keysize <= 0 || !key) |
1294 |
-+ return -EINVAL; |
1295 |
-+ |
1296 |
-+ fd = open(file, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR); |
1297 |
-+ if (fd < 0) { |
1298 |
-+ log_err(_("Cannot open keyfile %s for write."), file); |
1299 |
-+ return r; |
1300 |
-+ } |
1301 |
-+ |
1302 |
-+ if (write_buffer(fd, key, keysize) == keysize) |
1303 |
-+ r = 0; |
1304 |
-+ else |
1305 |
-+ log_err(_("Cannot write to keyfile %s."), file); |
1306 |
-+ |
1307 |
-+ close(fd); |
1308 |
-+ return r; |
1309 |
-+} |
1310 |
--- |
1311 |
-GitLab |
1312 |
- |
1313 |
- |
1314 |
-From d20beacba060f34e3ab0d71d191f59434031e98f Mon Sep 17 00:00:00 2001 |
1315 |
-From: Milan Broz <gmazyland@×××××.com> |
1316 |
-Date: Wed, 6 Oct 2021 12:45:20 +0200 |
1317 |
-Subject: [PATCH 2/2] Remove redundant link to uuid lib for static build. |
1318 |
- |
1319 |
-Veritysetup does not need to link this library at all, for others |
1320 |
-we have link already in flags. |
1321 |
---- |
1322 |
- src/Makemodule.am | 6 ++---- |
1323 |
- 1 file changed, 2 insertions(+), 4 deletions(-) |
1324 |
- |
1325 |
-diff --git a/src/Makemodule.am b/src/Makemodule.am |
1326 |
-index f2b896bf..49e0c5aa 100644 |
1327 |
---- a/src/Makemodule.am |
1328 |
-+++ b/src/Makemodule.am |
1329 |
-@@ -71,8 +71,7 @@ veritysetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static |
1330 |
- veritysetup_static_LDADD = \ |
1331 |
- $(veritysetup_LDADD) \ |
1332 |
- @CRYPTO_STATIC_LIBS@ \ |
1333 |
-- @DEVMAPPER_STATIC_LIBS@ \ |
1334 |
-- @UUID_LIBS@ |
1335 |
-+ @DEVMAPPER_STATIC_LIBS@ |
1336 |
- endif |
1337 |
- endif |
1338 |
- |
1339 |
-@@ -109,8 +108,7 @@ integritysetup_static_LDFLAGS = $(AM_LDFLAGS) -all-static |
1340 |
- integritysetup_static_LDADD = \ |
1341 |
- $(integritysetup_LDADD) \ |
1342 |
- @CRYPTO_STATIC_LIBS@ \ |
1343 |
-- @DEVMAPPER_STATIC_LIBS@ \ |
1344 |
-- @UUID_LIBS@ |
1345 |
-+ @DEVMAPPER_STATIC_LIBS@ |
1346 |
- endif |
1347 |
- endif |
1348 |
- |
1349 |
--- |
1350 |
-GitLab |
1351 |
- |