mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2026-05-06 04:36:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #312 from flatcar-linux/tormath1/cryptsetup

Browse Source 
enable fips
This commit is contained in:
Mathieu Tortuyaux 2022-03-23 18:49:25 +01:00 committed by GitHub
commit 3b710f90e1
3 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sdk_container/src/third_party/portage-stable/changelog/changes/2022-03-22-fips.md vendored Normal file
View File

@ -0,0 +1 @@
- Enabled FIPS mode for cryptsetup ([portage-stable#312](https://github.com/flatcar-linux/portage-stable/pull/312))

5
sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.3.6.ebuild vendored
View File

@ -16,9 +16,9 @@ KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 ~riscv ~s390 sparc x
CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
# we don't support nss since it doesn't allow cryptsetup to be built statically
# and it's missing ripemd160 support so it can't provide full backward compatibility
IUSE="${CRYPTO_BACKENDS} +argon2 nls pwquality reencrypt static static-libs +udev urandom"
IUSE="${CRYPTO_BACKENDS} +argon2 +fips nls pwquality reencrypt static static-libs +udev urandom"
REQUIRED_USE="^^ ( ${CRYPTO_BACKENDS//+/} )
static? ( !gcrypt )" #496612
static? ( !gcrypt !fips )" #496612
LIB_DEPEND="
dev-libs/json-c:=[static-libs(+)]
@ -86,6 +86,7 @@ src_configure() {
$(use_enable udev)
$(use_enable !urandom dev-random)
$(usex argon2 '' '--with-luks2-pbkdf=pbkdf2')
$(use_enable fips)
)
econf "${myeconfargs[@]}"
}

1
sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/metadata.xml vendored
View File

@ -7,6 +7,7 @@
</maintainer>
<use>
<flag name="argon2">Enable password hashing algorithm from <pkg>app-crypt/argon2</pkg></flag>
<flag name="fips">Enable FIPS mode restrictions</flag>
<flag name="gcrypt">Use <pkg>dev-libs/libgcrypt</pkg> crypto backend</flag>
<flag name="kernel">Use kernel crypto backend (mainly for embedded systems)</flag>
<flag name="nettle">Use <pkg>dev-libs/nettle</pkg> crypto backend</flag>