From 126d1f42bc416e598d2e09dde54ad1bd9effcd9e Mon Sep 17 00:00:00 2001
From: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Date: Wed, 23 Mar 2022 17:19:34 +0100
Subject: [PATCH] sys-fs/cryptsetup: apply flatcar changes

enable FIPS mode

Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
---
 .../portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.6.ebuild | 5 +++--
 .../portage-stable/sys-fs/cryptsetup/metadata.xml            | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.6.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.6.ebuild
index e96df12d24..cbe28613d0 100644
--- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.6.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.6.ebuild
@@ -16,9 +16,9 @@ KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x
 CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
 # we don't support nss since it doesn't allow cryptsetup to be built statically
 # and it's missing ripemd160 support so it can't provide full backward compatibility
-IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt static static-libs +udev urandom"
+IUSE="${CRYPTO_BACKENDS} +argon2 +fips nls pwquality reencrypt static static-libs +udev urandom"
 REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
-	static? ( !gcrypt )" #496612
+	static? ( !gcrypt !fips )" #496612
 
 LIB_DEPEND="
 	dev-libs/json-c:=[static-libs(+)]
@@ -86,6 +86,7 @@ src_configure() {
 		$(use_enable udev)
 		$(use_enable !urandom dev-random)
 		$(usex argon2 '' '--with-luks2-pbkdf=pbkdf2')
+		$(use_enable fips)
 	)
 	econf "${myeconfargs[@]}"
 }
diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/metadata.xml
index d2968cbd56..20e84e9162 100644
--- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/metadata.xml
@@ -7,6 +7,7 @@
 </maintainer>
 <use>
 	<flag name="argon2">Enable password hashing algorithm from <pkg>app-crypt/argon2</pkg></flag>
+	<flag name="fips">Enable FIPS mode restrictions</flag>
 	<flag name="gcrypt">Use <pkg>dev-libs/libgcrypt</pkg> crypto backend</flag>
 	<flag name="kernel">Use kernel crypto backend (mainly for embedded systems)</flag>
 	<flag name="nettle">Use <pkg>dev-libs/nettle</pkg> crypto backend</flag>