diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/Manifest b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/Manifest index 1025101ec9..fe76a92b75 100644 --- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/Manifest +++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/Manifest @@ -1,3 +1,2 @@ -DIST cryptsetup-2.7.5.tar.xz 11697476 BLAKE2B 7df7b53f74cbf1a009d2804b8d85c9fea27be994bb4171e1ded70e3666635fd8f265819321bee0d1977548626029ebf75b87225a68cb38b3b79910f991c813dd SHA512 13eca93cdb00a143d2ca60b6f66ede5adc4072ca0c4bfebd8454a3541e69d269fcdb4afc97ad799e87a999b2bd46c1f31fa924a3d616d72a3337970b1e718d55 -DIST cryptsetup-2.8.0.tar.xz 11794404 BLAKE2B 8f048b4ab87c46f4b459e7eccc2b3e9099a3e22040524b0513989d2a4552bc5dd8b7406ee28b25e7da00121e0d29b9f146f9b6e2384a05bc7a2abbaf14f11876 SHA512 4a41720fdf7f35693b31e68ef6dda7dbdd050252e7f33f3889f9272b708d40b8bde8ecca5e0c917d51bd3f2c82a7bd304829d56bc8ac423ca005155611f42211 DIST cryptsetup-2.8.1.tar.xz 11821036 BLAKE2B 148ff29e94c77abf66b3ebf1a6c291031a786dc2ccb23a3ccd6b816711aac56d64743b709ca6ed4378bf55946cd2c67ba300ed4b7ad831c341fcb37d580efaa5 SHA512 a5171e18c55bfbc57330f2d46ab06b5ac6957392a77aef74c3d1c5295eb39962d1db19ddd3420ea1154d730b361d09e72bf5315c7a3d56eb36cee9c2531bca5d +DIST cryptsetup-2.8.3.tar.xz 11863620 BLAKE2B 9559fb8cd0d916903c0e491c14f8d30a156672313065f4d58ca02a67293288831e6b5d12e843ae607c604d6a08bed46da887308a9ff87413e413b1cf7756810d SHA512 6aaf5a7e6d716e581b50fce417dad079022ff15d54e8a93697888b030b8defa03a39fd94725c3a8692cd07147573bd7f1c3c41571c488aabd44e4f9def9673e2 diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.7.5-r1.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.7.5-r1.ebuild deleted file mode 100644 index f2c5d6b233..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.7.5-r1.ebuild +++ /dev/null @@ -1,155 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -# TODO: meson -inherit linux-info tmpfiles - -DESCRIPTION="Tool to setup encrypted devices with dm-crypt" -HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup" -SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz" -S="${WORKDIR}"/${P/_/-} - -LICENSE="GPL-2+" -SLOT="0/12" # libcryptsetup.so version -if [[ ${PV} != *_rc* ]] ; then - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" -fi - -CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" -# we don't support nss since it doesn't allow cryptsetup to be built statically -# and it's missing ripemd160 support so it can't provide full backward compatibility -IUSE="${CRYPTO_BACKENDS} +argon2 fips nls pwquality passwdqc ssh static static-libs test +udev urandom" -RESTRICT="!test? ( test )" -# bug #496612, bug #832711, bug #843863 -REQUIRED_USE=" - ?? ( pwquality passwdqc ) - ^^ ( ${CRYPTO_BACKENDS//+/} ) - static? ( !ssh !udev !fips ) - static-libs? ( !passwdqc ) - fips? ( !kernel !nettle ) -" - -LIB_DEPEND=" - dev-libs/json-c:=[static-libs(+)] - dev-libs/popt[static-libs(+)] - >=sys-apps/util-linux-2.31-r1[static-libs(+)] - argon2? ( app-crypt/argon2:=[static-libs(+)] ) - gcrypt? ( - dev-libs/libgcrypt:0=[static-libs(+)] - dev-libs/libgpg-error[static-libs(+)] - ) - nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) - openssl? ( dev-libs/openssl:0=[static-libs(+)] ) - pwquality? ( dev-libs/libpwquality[static-libs(+)] ) - passwdqc? ( sys-auth/passwdqc ) - ssh? ( net-libs/libssh[static-libs(+)] ) - sys-fs/lvm2[static-libs(+)] -" -# We have to always depend on ${LIB_DEPEND} rather than put behind -# !static? () because we provide a shared library which links against -# these other packages. bug #414665 -RDEPEND=" - static-libs? ( ${LIB_DEPEND} ) - ${LIB_DEPEND//\[static-libs\([+-]\)\]} - udev? ( virtual/libudev:= ) -" -DEPEND=" - ${RDEPEND} - static? ( ${LIB_DEPEND} ) -" -# vim-core needed for xxd in tests -BDEPEND=" - virtual/pkgconfig - test? ( app-editors/vim-core ) -" - -PATCHES=( "${FILESDIR}"/${P}-compat-test-passwdqc.patch ) - -pkg_setup() { - local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256" - local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n" - local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n" - local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n" - local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n" - check_extra_config -} - -src_prepare() { - default - - sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die -} - -src_configure() { - local myeconfargs=( - --disable-internal-argon2 - --disable-asciidoc - --enable-shared - --sbindir="${EPREFIX}"/sbin - # for later use - --with-default-luks-format=LUKS2 - --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d" - --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done) - $(use_enable argon2 libargon2) - $(use_enable nls) - $(use_enable pwquality) - $(use_enable passwdqc) - $(use_enable !static external-tokens) - $(use_enable static static-cryptsetup) - $(use_enable static-libs static) - $(use_enable udev) - $(use_enable !urandom dev-random) - $(use_enable ssh ssh-token) - $(usev !argon2 '--with-luks2-pbkdf=pbkdf2') - $(use_enable fips) - ) - - econf "${myeconfargs[@]}" -} - -src_test() { - if [[ ! -e /dev/mapper/control ]] ; then - ewarn "No /dev/mapper/control found -- skipping tests" - return 0 - fi - - local p - for p in /dev/mapper /dev/loop* ; do - addwrite ${p} - done - - default -} - -src_install() { - default - - if use static ; then - mv "${ED}"/sbin/cryptsetup{.static,} || die - mv "${ED}"/sbin/veritysetup{.static,} || die - mv "${ED}"/sbin/integritysetup{.static,} || die - - if use ssh ; then - mv "${ED}"/sbin/cryptsetup-ssh{.static,} || die - fi - fi - - find "${ED}" -type f -name "*.la" -delete || die - - dodoc docs/v*ReleaseNotes - - newconfd "${FILESDIR}"/2.4.3-dmcrypt.confd dmcrypt - newinitd "${FILESDIR}"/2.4.3-dmcrypt.rc dmcrypt -} - -pkg_postinst() { - tmpfiles_process cryptsetup.conf - - if use kernel ; then - ewarn "Note that kernel backend is very slow for this type of operation" - ewarn "and is provided mainly for embedded systems wanting to avoid" - ewarn "userspace crypto libraries." - fi -} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.7.5.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.7.5.ebuild deleted file mode 100644 index 2a7e1e8ee9..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.7.5.ebuild +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright 1999-2025 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -# TODO: meson -inherit linux-info tmpfiles - -DESCRIPTION="Tool to setup encrypted devices with dm-crypt" -HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup" -SRC_URI="https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 1-2)/${P/_/-}.tar.xz" -S="${WORKDIR}"/${P/_/-} - -LICENSE="GPL-2+" -SLOT="0/12" # libcryptsetup.so version -if [[ ${PV} != *_rc* ]] ; then - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" -fi - -CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" -# we don't support nss since it doesn't allow cryptsetup to be built statically -# and it's missing ripemd160 support so it can't provide full backward compatibility -IUSE="${CRYPTO_BACKENDS} +argon2 fips nls pwquality ssh static static-libs test +udev urandom" -RESTRICT="!test? ( test )" -# bug #496612, bug #832711, bug #843863 -REQUIRED_USE=" - ^^ ( ${CRYPTO_BACKENDS//+/} ) - static? ( !ssh !udev !fips ) - fips? ( !kernel !nettle ) -" - -LIB_DEPEND=" - dev-libs/json-c:=[static-libs(+)] - dev-libs/popt[static-libs(+)] - >=sys-apps/util-linux-2.31-r1[static-libs(+)] - argon2? ( app-crypt/argon2:=[static-libs(+)] ) - gcrypt? ( - dev-libs/libgcrypt:0=[static-libs(+)] - dev-libs/libgpg-error[static-libs(+)] - ) - nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) - openssl? ( dev-libs/openssl:0=[static-libs(+)] ) - pwquality? ( dev-libs/libpwquality[static-libs(+)] ) - ssh? ( net-libs/libssh[static-libs(+)] ) - sys-fs/lvm2[static-libs(+)] -" -# We have to always depend on ${LIB_DEPEND} rather than put behind -# !static? () because we provide a shared library which links against -# these other packages. bug #414665 -RDEPEND=" - static-libs? ( ${LIB_DEPEND} ) - ${LIB_DEPEND//\[static-libs\([+-]\)\]} - udev? ( virtual/libudev:= ) -" -DEPEND=" - ${RDEPEND} - static? ( ${LIB_DEPEND} ) -" -# vim-core needed for xxd in tests -BDEPEND=" - virtual/pkgconfig - test? ( app-editors/vim-core ) -" - -pkg_setup() { - local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256" - local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for cryptsetup)\n" - local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set (required for cryptsetup)\n" - local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for kernel 2.6.19)\n" - local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for cryptsetup)\n" - check_extra_config -} - -src_prepare() { - default - - sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die -} - -src_configure() { - local myeconfargs=( - --disable-internal-argon2 - --disable-asciidoc - --enable-shared - --sbindir="${EPREFIX}"/sbin - # for later use - --with-default-luks-format=LUKS2 - --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d" - --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done) - $(use_enable argon2 libargon2) - $(use_enable nls) - $(use_enable pwquality) - $(use_enable !static external-tokens) - $(use_enable static static-cryptsetup) - $(use_enable static-libs static) - $(use_enable udev) - $(use_enable !urandom dev-random) - $(use_enable ssh ssh-token) - $(usev !argon2 '--with-luks2-pbkdf=pbkdf2') - $(use_enable fips) - ) - - econf "${myeconfargs[@]}" -} - -src_test() { - if [[ ! -e /dev/mapper/control ]] ; then - ewarn "No /dev/mapper/control found -- skipping tests" - return 0 - fi - - local p - for p in /dev/mapper /dev/loop* ; do - addwrite ${p} - done - - default -} - -src_install() { - default - - if use static ; then - mv "${ED}"/sbin/cryptsetup{.static,} || die - mv "${ED}"/sbin/veritysetup{.static,} || die - mv "${ED}"/sbin/integritysetup{.static,} || die - - if use ssh ; then - mv "${ED}"/sbin/cryptsetup-ssh{.static,} || die - fi - fi - - find "${ED}" -type f -name "*.la" -delete || die - - dodoc docs/v*ReleaseNotes - - newconfd "${FILESDIR}"/2.4.3-dmcrypt.confd dmcrypt - newinitd "${FILESDIR}"/2.4.3-dmcrypt.rc dmcrypt -} - -pkg_postinst() { - tmpfiles_process cryptsetup.conf - - if use kernel ; then - ewarn "Note that kernel backend is very slow for this type of operation" - ewarn "and is provided mainly for embedded systems wanting to avoid" - ewarn "userspace crypto libraries." - fi -} diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.8.0.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.8.1-r1.ebuild similarity index 98% rename from sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.8.0.ebuild rename to sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.8.1-r1.ebuild index e35551b218..8f113c0e66 100644 --- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.8.0.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.8.1-r1.ebuild @@ -44,7 +44,7 @@ LIB_DEPEND=" openssl? ( dev-libs/openssl:0=[static-libs(+)] ) pwquality? ( dev-libs/libpwquality[static-libs(+)] ) passwdqc? ( sys-auth/passwdqc ) - ssh? ( net-libs/libssh[static-libs(+)] ) + ssh? ( net-libs/libssh[static-libs(+)] net-libs/libssh[sftp(+)] ) sys-fs/lvm2[static-libs(+)] " # We have to always depend on ${LIB_DEPEND} rather than put behind diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.8.1.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.8.3.ebuild similarity index 96% rename from sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.8.1.ebuild rename to sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.8.3.ebuild index e35551b218..453959440e 100644 --- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.8.1.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/cryptsetup-2.8.3.ebuild @@ -14,7 +14,7 @@ S="${WORKDIR}"/${P/_/-} LICENSE="GPL-2+" SLOT="0/12" # libcryptsetup.so version if [[ ${PV} != *_rc* ]] ; then - KEYWORDS="~alpha amd64 arm arm64 ~hppa ~loong ~mips ppc ppc64 ~riscv ~s390 ~sparc x86" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" fi CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" @@ -44,7 +44,7 @@ LIB_DEPEND=" openssl? ( dev-libs/openssl:0=[static-libs(+)] ) pwquality? ( dev-libs/libpwquality[static-libs(+)] ) passwdqc? ( sys-auth/passwdqc ) - ssh? ( net-libs/libssh[static-libs(+)] ) + ssh? ( net-libs/libssh[static-libs(+)] net-libs/libssh[sftp(+)] ) sys-fs/lvm2[static-libs(+)] " # We have to always depend on ${LIB_DEPEND} rather than put behind diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/files/cryptsetup-2.7.5-compat-test-passwdqc.patch b/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/files/cryptsetup-2.7.5-compat-test-passwdqc.patch deleted file mode 100644 index b266f142f2..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-fs/cryptsetup/files/cryptsetup-2.7.5-compat-test-passwdqc.patch +++ /dev/null @@ -1,58 +0,0 @@ -https://gitlab.com/cryptsetup/cryptsetup/-/commit/64fb1c1b2673e7f366b789943d1627c859a70b1f.patch -https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/737 - -From 64fb1c1b2673e7f366b789943d1627c859a70b1f Mon Sep 17 00:00:00 2001 -From: Gabi Falk -Date: Sun, 22 Dec 2024 16:00:00 +0000 -Subject: [PATCH] tests/compat-test: Adjust test for compatibility with - passwdqc - -Unlike libpwquality, passwdqc does not consider 'compatkey' a strong -password and rejects 512 character long passwords. - -Closes: https://gitlab.com/cryptsetup/cryptsetup/-/issues/928 -Signed-off-by: Gabi Falk ---- - tests/compat-test | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/tests/compat-test b/tests/compat-test -index 0b2463dd..f01f3032 100755 ---- a/tests/compat-test -+++ b/tests/compat-test -@@ -250,7 +250,7 @@ echo $PWD1 | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail - echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT || fail - echo -e "$PWD0\n$PWD1" | $CRYPTSETUP luksAddKey $IMG $FAST_PBKDF_OPT 2>/dev/null && fail - echo "[4] change key" --echo -e "$PWD1\n$PWD0\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG || fail -+echo -e "$PWD1\n$PWD0\n" | $CRYPTSETUP luksChangeKey --force-password $FAST_PBKDF_OPT $IMG || fail - echo -e "$PWD1\n$PWD2\n" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT $IMG 2>/dev/null && fail - [ $? -ne 2 ] && fail "luksChangeKey should return EPERM exit code" - echo "[5] remove key" -@@ -941,7 +941,7 @@ prepare "[35] Interactive format of device." wipe - expect_run - >/dev/null <$KEYE - expect_run - >/dev/null <