From 8ded18cf95b4f6ae6a2563f7449a41fe95cd61e5 Mon Sep 17 00:00:00 2001 From: Stefan Herbrechtsmeier Date: Tue, 9 Apr 2013 21:11:01 +0000 Subject: cryptsetup: Update to latest version and use openssl as crypto backend Cryptsetup with the command luksOpen failed with the error message: device-mapper: status ioctl failed: Permission denied The error comes from libgcrypt with drops root privileges if it is linked with libcap support [1]. Update cryptsetup to latest version, add PACKAGECONFIG for crypto backend selection (openssl / gcrypt) and change the default crypto backend to openssl as libgcrypt states the drop root privileges behaviour as a feature [2]. The license was updated to GPLv2 with OpenSSL exception. Update the RRECOMMENDS to be conistent with the package names. [1] http://code.google.com/p/cryptsetup/issues/detail?id=47 [2] https://bugs.g10code.com/gnupg/issue1181 Signed-off-by: Stefan Herbrechtsmeier Signed-off-by: Martin Jansa --- .../recipes-support/cryptsetup/cryptsetup_1.1.3.bb | 18 ------------- .../recipes-support/cryptsetup/cryptsetup_1.6.1.bb | 31 ++++++++++++++++++++++ 2 files changed, 31 insertions(+), 18 deletions(-) delete mode 100644 meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb create mode 100644 meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb (limited to 'meta-oe') diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb deleted file mode 100644 index 254f563e02..0000000000 --- a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb +++ /dev/null @@ -1,18 +0,0 @@ -DESCRIPTION = "Setup virtual encryption devices under dm-crypt Linux" -HOMEPAGE = "http://code.google.com/p/cryptsetup/" -SECTION = "console" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" - -DEPENDS = "util-linux lvm2 libgcrypt popt" -RRECOMMENDS_${PN} = "kernel-module-aes \ - kernel-module-dm-crypt \ - kernel-module-md5 \ - kernel-module-cbc \ - kernel-module-sha256 \ - " -SRC_URI = "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2" -SRC_URI[md5sum] = "318a64470861ea5b92a52f2014f1e7c1" -SRC_URI[sha256sum] = "9c8e68a272f6d9cfb6cd65cc0743f4c44a2096c61f74e0602bf40208b5e69c0a" - -inherit autotools gettext diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb new file mode 100644 index 0000000000..438d394e28 --- /dev/null +++ b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb @@ -0,0 +1,31 @@ +SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes" +DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \ +device-mapper mappings. These include plain dm-crypt volumes and \ +LUKS volumes. The difference is that LUKS uses a metadata header \ +and can hence offer more features than plain dm-crypt. On the other \ +hand, the header is visible and vulnerable to damage." +HOMEPAGE = "http://code.google.com/p/cryptsetup/" +SECTION = "console" +LICENSE = "GPL-2.0-with-OpenSSL-exception" +LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326" + +DEPENDS = "util-linux lvm2 popt" + +SRC_URI = "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2" +SRC_URI[md5sum] = "f374d11e3b0e7ca0f805756fd02e34ff" +SRC_URI[sha256sum] = "baf36e663c03eb6440482d91c486d61ed47ce5c9268ad04c18ca09082755149c" + +inherit autotools gettext + +# Use openssl because libgcrypt drops root privileges +# if libgcrypt is linked with libcap support +PACKAGECONFIG ??= "openssl" +PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl" +PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt" + +RRECOMMENDS_${PN} = "kernel-module-aes-generic \ + kernel-module-dm-crypt \ + kernel-module-md5 \ + kernel-module-cbc \ + kernel-module-sha256-generic \ + " -- cgit 1.2.3-korg