mirror of
https://github.com/flatcar/scripts.git
synced 2026-04-19 12:32:37 +02:00
sys-fs/cryptsetup: Sync with Gentoo
It's from Gentoo commit f73db21d04fa213827d9e93a621be66c1dced8d8. Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
This commit is contained in:
Flatcar Buildbot
Krzesimir Nowak
parent
ef7e5ec785
commit
07eb11e177
@ -1,2 +1,4 @@
|
||||
DIST cryptsetup-2.8.1.tar.xz 11821036 BLAKE2B 148ff29e94c77abf66b3ebf1a6c291031a786dc2ccb23a3ccd6b816711aac56d64743b709ca6ed4378bf55946cd2c67ba300ed4b7ad831c341fcb37d580efaa5 SHA512 a5171e18c55bfbc57330f2d46ab06b5ac6957392a77aef74c3d1c5295eb39962d1db19ddd3420ea1154d730b361d09e72bf5315c7a3d56eb36cee9c2531bca5d
|
||||
DIST cryptsetup-2.8.3.tar.sign 833 BLAKE2B f03bb85dfdcc3b22ab7141478fb289fb6ff8bc2000da62a952266e47e894b611439f32456db7fb0340f124af33e05932f4ebeae1b4f985e8cb42ed58302d5f67 SHA512 893215ec657b73608ff7d97313b4f0b56126ee20a9f7cd2d5c69b844dac06a3ac5cdac470b358d3920c51afd72047012948b71200b8b2d4f437856657f82d37a
|
||||
DIST cryptsetup-2.8.3.tar.xz 11863620 BLAKE2B 9559fb8cd0d916903c0e491c14f8d30a156672313065f4d58ca02a67293288831e6b5d12e843ae607c604d6a08bed46da887308a9ff87413e413b1cf7756810d SHA512 6aaf5a7e6d716e581b50fce417dad079022ff15d54e8a93697888b030b8defa03a39fd94725c3a8692cd07147573bd7f1c3c41571c488aabd44e4f9def9673e2
|
||||
DIST cryptsetup-2.8.4.tar.sign 833 BLAKE2B 22264d6a314cb14cabf1614225cc339261ec7dc44c280547a00ee552f6723243591260e0aa793330f4a2a8460840e687847d08923ab3abfea2e11d81a8e3e805 SHA512 b568ea6272960f186c83247c95c666355c44deb9be7508202ec56d0bca8dcfe660ef175f0f0792ebf9c1219f15cd3f24536dffff5e131142c1ead408a5350274
|
||||
DIST cryptsetup-2.8.4.tar.xz 11880632 BLAKE2B 135721fe1daca13bf5c1116dfe9888d50e617d06f8c2c3cff60bb76ab9d2ef4f91524d8c4185c5f673290b5a7f9dcd83b9ab9c25112500fea9100e30d8a8caf0 SHA512 cf9923552f93d3ca047fa17e2d73923b782e0f5146d9721fb8e1196374185524c2642c1243ea72107aef03a0b0b9d967576a58b1a680dd9b6a17dbf4a4430489
|
||||
|
||||
@ -1,14 +1,18 @@
|
||||
# Copyright 1999-2025 Gentoo Authors
|
||||
# Copyright 1999-2026 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=8
|
||||
|
||||
# TODO: meson (not just yet as of 2.8.0, see https://gitlab.com/cryptsetup/cryptsetup/-/issues/949#note_2585304492)
|
||||
inherit linux-info tmpfiles
|
||||
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/milanbroz.asc
|
||||
inherit linux-info tmpfiles verify-sig
|
||||
|
||||
DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
|
||||
HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup"
|
||||
SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
|
||||
SRC_URI="
|
||||
https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz
|
||||
verify-sig? ( https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.sign )
|
||||
"
|
||||
S="${WORKDIR}"/${P/_/-}
|
||||
|
||||
LICENSE="GPL-2+"
|
||||
@ -63,8 +67,13 @@ DEPEND="
|
||||
BDEPEND="
|
||||
virtual/pkgconfig
|
||||
test? ( app-editors/vim-core )
|
||||
verify-sig? ( sec-keys/openpgp-keys-milanbroz )
|
||||
"
|
||||
|
||||
PATCHES=(
|
||||
"${FILESDIR}/cryptsetup-2.8.3-bitlocker.patch"
|
||||
)
|
||||
|
||||
pkg_setup() {
|
||||
local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
|
||||
local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n"
|
||||
@ -74,6 +83,15 @@ pkg_setup() {
|
||||
check_extra_config
|
||||
}
|
||||
|
||||
src_unpack() {
|
||||
if use verify-sig; then
|
||||
verify-sig_uncompress_verify_unpack "${DISTDIR}"/${P/_/-}.tar.xz \
|
||||
"${DISTDIR}"/${P/_/-}.tar.sign
|
||||
else
|
||||
default
|
||||
fi
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
default
|
||||
|
||||
@ -1,14 +1,18 @@
|
||||
# Copyright 1999-2025 Gentoo Authors
|
||||
# Copyright 1999-2026 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=8
|
||||
|
||||
# TODO: meson (not just yet as of 2.8.0, see https://gitlab.com/cryptsetup/cryptsetup/-/issues/949#note_2585304492)
|
||||
inherit linux-info tmpfiles
|
||||
VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/milanbroz.asc
|
||||
inherit linux-info tmpfiles verify-sig
|
||||
|
||||
DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
|
||||
HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup"
|
||||
SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz"
|
||||
SRC_URI="
|
||||
https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz
|
||||
verify-sig? ( https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.sign )
|
||||
"
|
||||
S="${WORKDIR}"/${P/_/-}
|
||||
|
||||
LICENSE="GPL-2+"
|
||||
@ -63,6 +67,7 @@ DEPEND="
|
||||
BDEPEND="
|
||||
virtual/pkgconfig
|
||||
test? ( app-editors/vim-core )
|
||||
verify-sig? ( sec-keys/openpgp-keys-milanbroz )
|
||||
"
|
||||
|
||||
pkg_setup() {
|
||||
@ -74,6 +79,15 @@ pkg_setup() {
|
||||
check_extra_config
|
||||
}
|
||||
|
||||
src_unpack() {
|
||||
if use verify-sig; then
|
||||
verify-sig_uncompress_verify_unpack "${DISTDIR}"/${P/_/-}.tar.xz \
|
||||
"${DISTDIR}"/${P/_/-}.tar.sign
|
||||
else
|
||||
default
|
||||
fi
|
||||
}
|
||||
|
||||
src_prepare() {
|
||||
default
|
||||
|
||||
@ -0,0 +1,45 @@
|
||||
https://bugs.gentoo.org/969153
|
||||
https://gitlab.com/cryptsetup/cryptsetup/-/issues/973
|
||||
https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/883
|
||||
|
||||
From 4eb729da3f46642d6fe1fabbbedb127078eccb95 Mon Sep 17 00:00:00 2001
|
||||
From: Vojtech Trefny <vtrefny@redhat.com>
|
||||
Date: Sun, 11 Jan 2026 14:31:29 +0100
|
||||
Subject: [PATCH] bitlk: Do not try to use empty password for password keyslots
|
||||
|
||||
Passing empty password means we want to try to open the device
|
||||
using the clear key so we can skip all other keyslots in this case.
|
||||
|
||||
This also fixes unlocking a BitLocker device where recovery
|
||||
passphrase is in the first keyslot where we try to use the empty
|
||||
passhrase first, hoping for a clear key, and never actually prompt
|
||||
user for an actual (recovery) passphrase after.
|
||||
|
||||
Fixes: #973
|
||||
---
|
||||
lib/bitlk/bitlk.c | 11 +++++++++++
|
||||
tests/bitlk-images.tar.xz | Bin 355720 -> 376840 bytes
|
||||
2 files changed, 11 insertions(+)
|
||||
|
||||
diff --git a/lib/bitlk/bitlk.c b/lib/bitlk/bitlk.c
|
||||
index 3b7b093d..0e8f9d1d 100644
|
||||
--- a/lib/bitlk/bitlk.c
|
||||
+++ b/lib/bitlk/bitlk.c
|
||||
@@ -1300,6 +1300,17 @@ int BITLK_get_volume_key(struct crypt_device *cd,
|
||||
next_vmk = params->vmks;
|
||||
while (next_vmk) {
|
||||
bool is_decrypted = false;
|
||||
+
|
||||
+ if (password == NULL && next_vmk->protection != BITLK_PROTECTION_CLEAR_KEY) {
|
||||
+ /*
|
||||
+ * Clearkey is the only slot that doesn't require password so no password
|
||||
+ * means we are trying to use clearkey and we can skip all other key slots.
|
||||
+ */
|
||||
+ r = -EPERM;
|
||||
+ next_vmk = next_vmk->next;
|
||||
+ continue;
|
||||
+ }
|
||||
+
|
||||
if (next_vmk->protection == BITLK_PROTECTION_PASSPHRASE) {
|
||||
r = bitlk_kdf(password, passwordLen, false, next_vmk->salt, &vmk_dec_key);
|
||||
if (r) {
|
||||
Loading…
x
Reference in New Issue
Block a user