aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe
diff options
context:
space:
mode:
authorStefan Herbrechtsmeier <stefan@herbrechtsmeier.net>2013-04-09 21:11:01 +0000
committerMartin Jansa <Martin.Jansa@gmail.com>2013-04-15 16:16:52 +0200
commit8ded18cf95b4f6ae6a2563f7449a41fe95cd61e5 (patch)
treef29b8f443dbb52c91343eca9c657ccdc56061559 /meta-oe
parent850bf451c5871ac3855dc793a67b6469b0240ac5 (diff)
downloadmeta-openembedded-contrib-8ded18cf95b4f6ae6a2563f7449a41fe95cd61e5.tar.gz
cryptsetup: Update to latest version and use openssl as crypto backend
Cryptsetup with the command luksOpen failed with the error message: device-mapper: status ioctl failed: Permission denied The error comes from libgcrypt with drops root privileges if it is linked with libcap support [1]. Update cryptsetup to latest version, add PACKAGECONFIG for crypto backend selection (openssl / gcrypt) and change the default crypto backend to openssl as libgcrypt states the drop root privileges behaviour as a feature [2]. The license was updated to GPLv2 with OpenSSL exception. Update the RRECOMMENDS to be conistent with the package names. [1] http://code.google.com/p/cryptsetup/issues/detail?id=47 [2] https://bugs.g10code.com/gnupg/issue1181 Signed-off-by: Stefan Herbrechtsmeier <stefan@herbrechtsmeier.net> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-oe')
-rw-r--r--meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb18
-rw-r--r--meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb31
2 files changed, 31 insertions, 18 deletions
diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
deleted file mode 100644
index 254f563e02..0000000000
--- a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
+++ /dev/null
@@ -1,18 +0,0 @@
-DESCRIPTION = "Setup virtual encryption devices under dm-crypt Linux"
-HOMEPAGE = "http://code.google.com/p/cryptsetup/"
-SECTION = "console"
-LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-
-DEPENDS = "util-linux lvm2 libgcrypt popt"
-RRECOMMENDS_${PN} = "kernel-module-aes \
- kernel-module-dm-crypt \
- kernel-module-md5 \
- kernel-module-cbc \
- kernel-module-sha256 \
- "
-SRC_URI = "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"
-SRC_URI[md5sum] = "318a64470861ea5b92a52f2014f1e7c1"
-SRC_URI[sha256sum] = "9c8e68a272f6d9cfb6cd65cc0743f4c44a2096c61f74e0602bf40208b5e69c0a"
-
-inherit autotools gettext
diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
new file mode 100644
index 0000000000..438d394e28
--- /dev/null
+++ b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
@@ -0,0 +1,31 @@
+SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes"
+DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \
+device-mapper mappings. These include plain dm-crypt volumes and \
+LUKS volumes. The difference is that LUKS uses a metadata header \
+and can hence offer more features than plain dm-crypt. On the other \
+hand, the header is visible and vulnerable to damage."
+HOMEPAGE = "http://code.google.com/p/cryptsetup/"
+SECTION = "console"
+LICENSE = "GPL-2.0-with-OpenSSL-exception"
+LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
+
+DEPENDS = "util-linux lvm2 popt"
+
+SRC_URI = "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"
+SRC_URI[md5sum] = "f374d11e3b0e7ca0f805756fd02e34ff"
+SRC_URI[sha256sum] = "baf36e663c03eb6440482d91c486d61ed47ce5c9268ad04c18ca09082755149c"
+
+inherit autotools gettext
+
+# Use openssl because libgcrypt drops root privileges
+# if libgcrypt is linked with libcap support
+PACKAGECONFIG ??= "openssl"
+PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
+PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
+
+RRECOMMENDS_${PN} = "kernel-module-aes-generic \
+ kernel-module-dm-crypt \
+ kernel-module-md5 \
+ kernel-module-cbc \
+ kernel-module-sha256-generic \
+ "