Initialize for cryptsetup

2024-02-09 19:00:34 +08:00 · 2024-02-09 19:00:34 +08:00 · 6578bbef65
commit 6578bbef65
10 changed files with 1872 additions and 0 deletions
--- a/cryptsetup.spec
+++ b/cryptsetup.spec
@ -0,0 +1,223 @@
+#
+# spec file for package cryptsetup
+#
+# Copyright (c) 2022-2023 ZhuningOS
+#
+
+
+%define tar_version 2.4.3
+%define so_ver 12
+%if 0%{?is_backports}
+Name:           cryptsetup2
+%else
+Name:           cryptsetup
+%endif
+Version:        2.4.3
+Release:        150400.3.3.1
+Summary:        Setup program for dm-crypt Based Encrypted Block Devices
+License:        LGPL-2.0-or-later AND SUSE-GPL-2.0-with-openssl-exception
+Group:          System/Base
+URL:            https://gitlab.com/cryptsetup/cryptsetup/
+Source0:        https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{tar_version}.tar.xz
+# GPG signature of the uncompressed tarball.
+Source1:        https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{tar_version}.tar.sign
+Source2:        baselibs.conf
+Source3:        cryptsetup.keyring
+Source4:        %{name}-rpmlintrc
+#PATCH-FIX-UPSTREAM bsc#1211079 luksFormat: handle system with low memory and no swap space
+Patch0:         cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
+Patch1:         cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
+Patch2:         cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
+BuildRequires:  device-mapper-devel
+BuildRequires:  fipscheck
+BuildRequires:  fipscheck-devel
+BuildRequires:  libjson-c-devel
+BuildRequires:  libpwquality-devel
+BuildRequires:  libselinux-devel
+BuildRequires:  libuuid-devel
+# 2.6.38 has the required if_alg.h
+BuildRequires:  linux-glibc-devel >= 2.6.38
+BuildRequires:  pkgconfig
+BuildRequires:  popt-devel
+BuildRequires:  suse-module-tools
+BuildRequires:  pkgconfig(blkid)
+BuildRequires:  pkgconfig(libargon2)
+BuildRequires:  pkgconfig(libssh)
+BuildRequires:  pkgconfig(openssl)
+Requires(post): coreutils
+Requires(postun):coreutils
+%if 0%{?is_backports}
+BuildRequires:  autoconf
+BuildRequires:  automake
+BuildRequires:  libtool
+%endif
+%if %{?suse_version} >= 1550
+# LUKS2 used as default format, which GRUB < 2.06 can't read
+Conflicts:      grub2 < 2.06
+%endif
+
+%lang_package(cryptsetup)
+
+%description
+cryptsetup is used to conveniently set up dm-crypt based device-mapper
+targets. It allows to set up targets to read cryptoloop compatible
+volumes as well as LUKS formatted ones. The package additionally
+includes support for automatically setting up encrypted volumes at boot
+time via the config file %{_sysconfdir}/crypttab.
+
+%package ssh
+Summary:        Cryptsetup LUKS2 SSH token
+Group:          System/Base
+
+%description ssh
+Experimental cryptsetup plugin for unlocking LUKS2 devices with
+token connected to an SSH server.
+
+%package -n libcryptsetup%{so_ver}
+Summary:        Library for setting up dm-crypt Based Encrypted Block Devices
+Group:          System/Libraries
+Suggests:       libcryptsetup%{so_ver}-hmac = %{version}-%{release}
+
+%description -n libcryptsetup%{so_ver}
+cryptsetup is used to conveniently set up dm-crypt based device-mapper
+targets. It allows to set up targets to read cryptoloop compatible
+volumes as well as LUKS formatted ones. The package additionally
+includes support for automatically setting up encrypted volumes at boot
+time via the config file %{_sysconfdir}/crypttab.
+
+%package -n libcryptsetup%{so_ver}-hmac
+Summary:        Checksums for libcryptsetup%{so_ver}
+Group:          System/Base
+Requires:       libcryptsetup%{so_ver} = %{version}-%{release}
+
+%description -n libcryptsetup%{so_ver}-hmac
+This package contains HMAC checksums for integrity checking of libcryptsetup4,
+used for FIPS.
+
+%package -n lib%{name}-devel
+Summary:        Header files for libcryptsetup
+Group:          Development/Libraries/C and C++
+Requires:       glibc-devel
+Requires:       libcryptsetup%{so_ver} = %{version}
+# cryptsetup-devel last used 11.1
+Provides:       cryptsetup-devel = %{version}
+Obsoletes:      cryptsetup-devel < %{version}
+%if 0%{?is_backports}
+# have to conflict with main package that is in SLE
+Conflicts:      cryptsetup-devel < %{version}
+%endif
+
+%description -n lib%{name}-devel
+cryptsetup is used to conveniently set up dm-crypt based device-mapper
+targets. It allows to set up targets to read cryptoloop compatible
+volumes as well as LUKS formatted ones. The package additionally
+includes support for automatically setting up encrypted volumes at boot
+time via the config file %{_sysconfdir}/crypttab.
+
+%prep
+%autosetup -p1 -n cryptsetup-%{tar_version}
+%if 0%{?is_backports}
+sed -i -e '/AC_INIT/s/cryptsetup/cryptsetup2/' configure.ac
+autoreconf -f -i
+%endif
+
+%build
+%configure \
+  --enable-cryptsetup-reencrypt \
+  --enable-selinux \
+  --enable-fips \
+  --enable-pwquality \
+  --enable-gcrypt-pbkdf2 \
+  --enable-libargon2 \
+%if %{?suse_version} < 1550
+  --with-default-luks-format=LUKS1 \
+%endif
+  --with-luks2-lock-path=/run/cryptsetup \
+  --with-tmpfilesdir='%{_tmpfilesdir}'
+%make_build
+
+%install
+# Generate HMAC checksums (FIPS)
+%define __spec_install_post \
+  %{?__debug_package:%{__debug_install_post}} \
+  %{__arch_install_post} \
+  %__os_install_post \
+  fipshmac %{buildroot}/%{_libdir}/libcryptsetup.so.* \
+%{nil}
+
+%make_install
+%if 0%{?is_backports}
+# need to rename a files to avoid file conflict
+for i in cryptsetup integritysetup veritysetup cryptsetup-reencrypt; do
+	mv %{buildroot}%{_sbindir}/$i %{buildroot}%{_sbindir}/${i}2
+	mv %{buildroot}%{_mandir}/man8/$i.8 %{buildroot}%{_mandir}/man8/${i}2.8
+done
+rm -f %{buildroot}%{_tmpfilesdir}/cryptsetup.conf
+%endif
+%if !0%{?usrmerged}
+install -dm 0755 %{buildroot}/sbin
+ln -s ..%{_sbindir}/cryptsetup%{?is_backports:2} %{buildroot}/sbin
+%endif
+# don't want this file in /lib (FHS compat check), and can't move it to /usr/lib
+find %{buildroot} -type f -name "*.la" -delete -print
+#
+%find_lang %{name} --all-name
+
+%if !0%{?is_backports}
+#
+%post
+%{?regenerate_initrd_post}
+%tmpfiles_create %{_tmpfilesdir}/cryptsetup.conf
+
+%postun
+%{?regenerate_initrd_post}
+
+%posttrans
+%{?regenerate_initrd_posttrans}
+#
+%endif
+
+%post -n libcryptsetup%{so_ver} -p /sbin/ldconfig
+%postun -n libcryptsetup%{so_ver} -p /sbin/ldconfig
+
+%files
+%license COPYING*
+%doc AUTHORS FAQ README.md docs/*ReleaseNotes
+%if !0%{?usrmerged}
+/sbin/cryptsetup%{?is_backports:2}
+%endif
+%{_sbindir}/cryptsetup%{?is_backports:2}
+%{_sbindir}/veritysetup%{?is_backports:2}
+%{_sbindir}/integritysetup%{?is_backports:2}
+%{_sbindir}/cryptsetup-reencrypt%{?is_backports:2}
+%{_mandir}/man8/cryptsetup%{?is_backports:2}.8%{?ext_man}
+%{_mandir}/man8/cryptsetup-reencrypt%{?is_backports:2}.8%{?ext_man}
+%{_mandir}/man8/veritysetup%{?is_backports:2}.8%{?ext_man}
+%{_mandir}/man8/integritysetup%{?is_backports:2}.8%{?ext_man}
+%if !0%{?is_backports}
+%{_tmpfilesdir}/cryptsetup.conf
+%ghost %dir /run/cryptsetup
+%endif
+
+%files lang -f %{name}.lang
+
+%files -n libcryptsetup%{so_ver}
+%{_libdir}/libcryptsetup.so.%{so_ver}*
+
+%files -n libcryptsetup%{so_ver}-hmac
+%{_libdir}/.libcryptsetup.so.%{so_ver}*hmac
+
+%files -n lib%{name}-devel
+%doc docs/examples/
+%{_includedir}/libcryptsetup.h
+%{_libdir}/libcryptsetup.so
+%{_libdir}/pkgconfig/*
+
+%files ssh
+%license COPYING COPYING.LGPL
+%dir %{_libdir}/%{name}
+%{_libdir}/%{name}/libcryptsetup-token-ssh.so
+%{_mandir}/man8/cryptsetup-ssh.8.gz
+%{_sbindir}/cryptsetup-ssh
+
+%changelog