* [meta-oe][PATCH] cryptsetup: Update to latest version and use openssl as crypto backend
@ 2013-04-03 13:50 Stefan Herbrechtsmeier
2013-04-03 14:17 ` Khem Raj
2013-04-09 21:11 ` [meta-oe][PATCH V2] " Stefan Herbrechtsmeier
0 siblings, 2 replies; 6+ messages in thread
From: Stefan Herbrechtsmeier @ 2013-04-03 13:50 UTC (permalink / raw)
To: openembedded-devel
Cryptsetup with the command luksOpen failed with the error message:
device-mapper: status ioctl failed: Permission denied
The error comes from libgcrypt with drops root privileges if it is
linked with libcap support [1]. Update cryptsetup to latest version
and change the crypto backend to openssl as libgcrypt states this
behaviour as a feature [2].
The license was updated to GPLv2 with OpenSSL exception.
[1] http://code.google.com/p/cryptsetup/issues/detail?id=47
[2] https://bugs.g10code.com/gnupg/issue1181
Signed-off-by: Stefan Herbrechtsmeier <stefan@herbrechtsmeier.net>
---
.../recipes-support/cryptsetup/cryptsetup_1.1.3.bb | 18 --------------
.../recipes-support/cryptsetup/cryptsetup_1.6.1.bb | 25 ++++++++++++++++++++
2 files changed, 25 insertions(+), 18 deletions(-)
delete mode 100644 meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
create mode 100644 meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
deleted file mode 100644
index 254f563..0000000
--- a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
+++ /dev/null
@@ -1,18 +0,0 @@
-DESCRIPTION = "Setup virtual encryption devices under dm-crypt Linux"
-HOMEPAGE = "http://code.google.com/p/cryptsetup/"
-SECTION = "console"
-LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
-
-DEPENDS = "util-linux lvm2 libgcrypt popt"
-RRECOMMENDS_${PN} = "kernel-module-aes \
- kernel-module-dm-crypt \
- kernel-module-md5 \
- kernel-module-cbc \
- kernel-module-sha256 \
- "
-SRC_URI = "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"
-SRC_URI[md5sum] = "318a64470861ea5b92a52f2014f1e7c1"
-SRC_URI[sha256sum] = "9c8e68a272f6d9cfb6cd65cc0743f4c44a2096c61f74e0602bf40208b5e69c0a"
-
-inherit autotools gettext
diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
new file mode 100644
index 0000000..ade69f4
--- /dev/null
+++ b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
@@ -0,0 +1,25 @@
+DESCRIPTION = "Setup virtual encryption devices under dm-crypt Linux"
+HOMEPAGE = "http://code.google.com/p/cryptsetup/"
+SECTION = "console"
+LICENSE = "GPL-2.0-with-OpenSSL-exception"
+LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
+
+DEPENDS = "util-linux lvm2 openssl popt"
+RRECOMMENDS_${PN} = "kernel-module-aes-generic \
+ kernel-module-dm-crypt \
+ kernel-module-md5 \
+ kernel-module-cbc \
+ kernel-module-sha256-generic \
+ "
+
+PR = "r1"
+
+SRC_URI = "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"
+SRC_URI[md5sum] = "f374d11e3b0e7ca0f805756fd02e34ff"
+SRC_URI[sha256sum] = "baf36e663c03eb6440482d91c486d61ed47ce5c9268ad04c18ca09082755149c"
+
+inherit autotools gettext
+
+# Use openssl because libgcrypt drops root privileges
+# if libgcrypt is linked with libcap support
+EXTRA_OECONF = "--with-crypto_backend=openssl"
--
1.7.9.5
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [meta-oe][PATCH] cryptsetup: Update to latest version and use openssl as crypto backend
2013-04-03 13:50 [meta-oe][PATCH] cryptsetup: Update to latest version and use openssl as crypto backend Stefan Herbrechtsmeier
@ 2013-04-03 14:17 ` Khem Raj
2013-04-03 14:36 ` Koen Kooi
2013-04-09 21:11 ` [meta-oe][PATCH V2] " Stefan Herbrechtsmeier
1 sibling, 1 reply; 6+ messages in thread
From: Khem Raj @ 2013-04-03 14:17 UTC (permalink / raw)
To: openembedded-devel
Stefan
On Apr 3, 2013, at 6:50 AM, Stefan Herbrechtsmeier <stefan@herbrechtsmeier.net> wrote:
> Cryptsetup with the command luksOpen failed with the error message:
> device-mapper: status ioctl failed: Permission denied
>
> The error comes from libgcrypt with drops root privileges if it is
> linked with libcap support [1]. Update cryptsetup to latest version
> and change the crypto backend to openssl as libgcrypt states this
> behaviour as a feature [2].
>
> The license was updated to GPLv2 with OpenSSL exception.
>
> [1] http://code.google.com/p/cryptsetup/issues/detail?id=47
> [2] https://bugs.g10code.com/gnupg/issue1181
>
> Signed-off-by: Stefan Herbrechtsmeier <stefan@herbrechtsmeier.net>
> ---
> .../recipes-support/cryptsetup/cryptsetup_1.1.3.bb | 18 --------------
> .../recipes-support/cryptsetup/cryptsetup_1.6.1.bb | 25 ++++++++++++++++++++
> 2 files changed, 25 insertions(+), 18 deletions(-)
> delete mode 100644 meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
> create mode 100644 meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
>
would be nice if you use git format-patch -M ..
> diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
> deleted file mode 100644
> index 254f563..0000000
> --- a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
> +++ /dev/null
> @@ -1,18 +0,0 @@
> -DESCRIPTION = "Setup virtual encryption devices under dm-crypt Linux"
> -HOMEPAGE = "http://code.google.com/p/cryptsetup/"
> -SECTION = "console"
> -LICENSE = "GPLv2"
> -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
> -
> -DEPENDS = "util-linux lvm2 libgcrypt popt"
> -RRECOMMENDS_${PN} = "kernel-module-aes \
> - kernel-module-dm-crypt \
> - kernel-module-md5 \
> - kernel-module-cbc \
> - kernel-module-sha256 \
> - "
> -SRC_URI = "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"
> -SRC_URI[md5sum] = "318a64470861ea5b92a52f2014f1e7c1"
> -SRC_URI[sha256sum] = "9c8e68a272f6d9cfb6cd65cc0743f4c44a2096c61f74e0602bf40208b5e69c0a"
> -
> -inherit autotools gettext
> diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
> new file mode 100644
> index 0000000..ade69f4
> --- /dev/null
> +++ b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
> @@ -0,0 +1,25 @@
> +DESCRIPTION = "Setup virtual encryption devices under dm-crypt Linux"
> +HOMEPAGE = "http://code.google.com/p/cryptsetup/"
> +SECTION = "console"
> +LICENSE = "GPL-2.0-with-OpenSSL-exception"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
> +
> +DEPENDS = "util-linux lvm2 openssl popt"
> +RRECOMMENDS_${PN} = "kernel-module-aes-generic \
> + kernel-module-dm-crypt \
> + kernel-module-md5 \
> + kernel-module-cbc \
> + kernel-module-sha256-generic \
> + "
> +
> +PR = "r1"
You can drop PR
> +
> +SRC_URI = "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"
> +SRC_URI[md5sum] = "f374d11e3b0e7ca0f805756fd02e34ff"
> +SRC_URI[sha256sum] = "baf36e663c03eb6440482d91c486d61ed47ce5c9268ad04c18ca09082755149c"
> +
> +inherit autotools gettext
> +
> +# Use openssl because libgcrypt drops root privileges
> +# if libgcrypt is linked with libcap support
> +EXTRA_OECONF = "--with-crypto_backend=openssl"
hmmmm, may be using packageconfig here would be better
> --
> 1.7.9.5
>
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [meta-oe][PATCH] cryptsetup: Update to latest version and use openssl as crypto backend
2013-04-03 14:17 ` Khem Raj
@ 2013-04-03 14:36 ` Koen Kooi
2013-04-03 17:38 ` Stefan Herbrechtsmeier
0 siblings, 1 reply; 6+ messages in thread
From: Koen Kooi @ 2013-04-03 14:36 UTC (permalink / raw)
To: openembedded-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Op 03-04-13 16:17, Khem Raj schreef:
> Stefan
>
> On Apr 3, 2013, at 6:50 AM, Stefan Herbrechtsmeier
> <stefan@herbrechtsmeier.net> wrote:
>
>> Cryptsetup with the command luksOpen failed with the error message:
>> device-mapper: status ioctl failed: Permission denied
>>
>> The error comes from libgcrypt with drops root privileges if it is
>> linked with libcap support [1]. Update cryptsetup to latest version and
>> change the crypto backend to openssl as libgcrypt states this behaviour
>> as a feature [2].
>>
>> The license was updated to GPLv2 with OpenSSL exception.
>>
>> [1] http://code.google.com/p/cryptsetup/issues/detail?id=47 [2]
>> https://bugs.g10code.com/gnupg/issue1181
>>
>> Signed-off-by: Stefan Herbrechtsmeier <stefan@herbrechtsmeier.net> ---
>> .../recipes-support/cryptsetup/cryptsetup_1.1.3.bb | 18
>> -------------- .../recipes-support/cryptsetup/cryptsetup_1.6.1.bb |
>> 25 ++++++++++++++++++++ 2 files changed, 25 insertions(+), 18
>> deletions(-) delete mode 100644
>> meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb create mode
>> 100644 meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
>>
>
> would be nice if you use git format-patch -M ..
>
>> diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
>> b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb deleted file
>> mode 100644 index 254f563..0000000 ---
>> a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb +++ /dev/null
>> @@ -1,18 +0,0 @@ -DESCRIPTION = "Setup virtual encryption devices under
>> dm-crypt Linux" -HOMEPAGE = "http://code.google.com/p/cryptsetup/"
>> -SECTION = "console" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM =
>> "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" - -DEPENDS =
>> "util-linux lvm2 libgcrypt popt" -RRECOMMENDS_${PN} =
>> "kernel-module-aes \ - kernel-module-dm-crypt \ -
>> kernel-module-md5 \ - kernel-module-cbc \ -
>> kernel-module-sha256 \ - " -SRC_URI =
>> "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"
>> -SRC_URI[md5sum] = "318a64470861ea5b92a52f2014f1e7c1"
>> -SRC_URI[sha256sum] =
>> "9c8e68a272f6d9cfb6cd65cc0743f4c44a2096c61f74e0602bf40208b5e69c0a" -
>> -inherit autotools gettext diff --git
>> a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
>> b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb new file mode
>> 100644 index 0000000..ade69f4 --- /dev/null +++
>> b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb @@ -0,0 +1,25
>> @@ +DESCRIPTION = "Setup virtual encryption devices under dm-crypt
>> Linux" +HOMEPAGE = "http://code.google.com/p/cryptsetup/" +SECTION =
>> "console" +LICENSE = "GPL-2.0-with-OpenSSL-exception" +LIC_FILES_CHKSUM
>> = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326" + +DEPENDS =
>> "util-linux lvm2 openssl popt" +RRECOMMENDS_${PN} =
>> "kernel-module-aes-generic \ +
>> kernel-module-dm-crypt \ + kernel-module-md5 \ +
>> kernel-module-cbc \ + kernel-module-sha256-generic
>> \ + " +
R* variables go below do_install
>> +PR = "r1"
>
> You can drop PR
>
>> + +SRC_URI =
>> "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"
>> +SRC_URI[md5sum] = "f374d11e3b0e7ca0f805756fd02e34ff"
>> +SRC_URI[sha256sum] =
>> "baf36e663c03eb6440482d91c486d61ed47ce5c9268ad04c18ca09082755149c" +
>> +inherit autotools gettext + +# Use openssl because libgcrypt drops
>> root privileges +# if libgcrypt is linked with libcap support
>> +EXTRA_OECONF = "--with-crypto_backend=openssl"
>
>
> hmmmm, may be using packageconfig here would be better
>
>> -- 1.7.9.5
>>
>>
>> _______________________________________________ Openembedded-devel
>> mailing list Openembedded-devel@lists.openembedded.org
>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (Darwin)
Comment: GPGTools - http://gpgtools.org
iD8DBQFRXD5mMkyGM64RGpERAlfJAJoDvwX/cgqRMISdDNg40VSsCf6v7gCeN/qe
KJRsc0sM5nBwWsopIzLkYGo=
=nvrs
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [meta-oe][PATCH] cryptsetup: Update to latest version and use openssl as crypto backend
2013-04-03 14:36 ` Koen Kooi
@ 2013-04-03 17:38 ` Stefan Herbrechtsmeier
0 siblings, 0 replies; 6+ messages in thread
From: Stefan Herbrechtsmeier @ 2013-04-03 17:38 UTC (permalink / raw)
To: openembedded-devel
Am 03.04.2013 16:36, schrieb Koen Kooi:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Op 03-04-13 16:17, Khem Raj schreef:
>> Stefan
>>
>> On Apr 3, 2013, at 6:50 AM, Stefan Herbrechtsmeier
>> <stefan@herbrechtsmeier.net> wrote:
>>
>>> Cryptsetup with the command luksOpen failed with the error message:
>>> device-mapper: status ioctl failed: Permission denied
>>>
>>> The error comes from libgcrypt with drops root privileges if it is
>>> linked with libcap support [1]. Update cryptsetup to latest version and
>>> change the crypto backend to openssl as libgcrypt states this behaviour
>>> as a feature [2].
>>>
>>> The license was updated to GPLv2 with OpenSSL exception.
>>>
>>> [1] http://code.google.com/p/cryptsetup/issues/detail?id=47 [2]
>>> https://bugs.g10code.com/gnupg/issue1181
>>>
>>> Signed-off-by: Stefan Herbrechtsmeier <stefan@herbrechtsmeier.net> ---
>>> .../recipes-support/cryptsetup/cryptsetup_1.1.3.bb | 18
>>> -------------- .../recipes-support/cryptsetup/cryptsetup_1.6.1.bb |
>>> 25 ++++++++++++++++++++ 2 files changed, 25 insertions(+), 18
>>> deletions(-) delete mode 100644
>>> meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb create mode
>>> 100644 meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
>>>
>> would be nice if you use git format-patch -M ..
Okay, use it for my next patch.
>>> diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
>>> b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb deleted file
>>> mode 100644 index 254f563..0000000 ---
>>> a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb +++ /dev/null
>>> @@ -1,18 +0,0 @@ -DESCRIPTION = "Setup virtual encryption devices under
>>> dm-crypt Linux" -HOMEPAGE = "http://code.google.com/p/cryptsetup/"
>>> -SECTION = "console" -LICENSE = "GPLv2" -LIC_FILES_CHKSUM =
>>> "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" - -DEPENDS =
>>> "util-linux lvm2 libgcrypt popt" -RRECOMMENDS_${PN} =
>>> "kernel-module-aes \ - kernel-module-dm-crypt \ -
>>> kernel-module-md5 \ - kernel-module-cbc \ -
>>> kernel-module-sha256 \ - " -SRC_URI =
>>> "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"
>>> -SRC_URI[md5sum] = "318a64470861ea5b92a52f2014f1e7c1"
>>> -SRC_URI[sha256sum] =
>>> "9c8e68a272f6d9cfb6cd65cc0743f4c44a2096c61f74e0602bf40208b5e69c0a" -
>>> -inherit autotools gettext diff --git
>>> a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
>>> b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb new file mode
>>> 100644 index 0000000..ade69f4 --- /dev/null +++
>>> b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb @@ -0,0 +1,25
>>> @@ +DESCRIPTION = "Setup virtual encryption devices under dm-crypt
>>> Linux" +HOMEPAGE = "http://code.google.com/p/cryptsetup/" +SECTION =
>>> "console" +LICENSE = "GPL-2.0-with-OpenSSL-exception" +LIC_FILES_CHKSUM
>>> = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326" + +DEPENDS =
>>> "util-linux lvm2 openssl popt" +RRECOMMENDS_${PN} =
>>> "kernel-module-aes-generic \ +
>>> kernel-module-dm-crypt \ + kernel-module-md5 \ +
>>> kernel-module-cbc \ + kernel-module-sha256-generic
>>> \ + " +
> R* variables go below do_install
I only keep the old format, but I will update the file to the Yocto
Style Guide.
>>> +PR = "r1"
>> You can drop PR
Okay
>>> + +SRC_URI =
>>> "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"
>>> +SRC_URI[md5sum] = "f374d11e3b0e7ca0f805756fd02e34ff"
>>> +SRC_URI[sha256sum] =
>>> "baf36e663c03eb6440482d91c486d61ed47ce5c9268ad04c18ca09082755149c" +
>>> +inherit autotools gettext + +# Use openssl because libgcrypt drops
>>> root privileges +# if libgcrypt is linked with libcap support
>>> +EXTRA_OECONF = "--with-crypto_backend=openssl"
>>
>> hmmmm, may be using packageconfig here would be better
Should I then keep gcrypt as default or change it to openssl by default?
>>
>>> -- 1.7.9.5
>>>
>>>
>>> _______________________________________________ Openembedded-devel
>>> mailing list Openembedded-devel@lists.openembedded.org
>>> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (Darwin)
> Comment: GPGTools - http://gpgtools.org
>
> iD8DBQFRXD5mMkyGM64RGpERAlfJAJoDvwX/cgqRMISdDNg40VSsCf6v7gCeN/qe
> KJRsc0sM5nBwWsopIzLkYGo=
> =nvrs
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [meta-oe][PATCH V2] cryptsetup: Update to latest version and use openssl as crypto backend
2013-04-03 13:50 [meta-oe][PATCH] cryptsetup: Update to latest version and use openssl as crypto backend Stefan Herbrechtsmeier
2013-04-03 14:17 ` Khem Raj
@ 2013-04-09 21:11 ` Stefan Herbrechtsmeier
2013-04-11 14:16 ` Martin Jansa
1 sibling, 1 reply; 6+ messages in thread
From: Stefan Herbrechtsmeier @ 2013-04-09 21:11 UTC (permalink / raw)
To: openembedded-devel; +Cc: koen
Cryptsetup with the command luksOpen failed with the error message:
device-mapper: status ioctl failed: Permission denied
The error comes from libgcrypt with drops root privileges if it is
linked with libcap support [1]. Update cryptsetup to latest version,
add PACKAGECONFIG for crypto backend selection (openssl / gcrypt)
and change the default crypto backend to openssl as libgcrypt states
the drop root privileges behaviour as a feature [2].
The license was updated to GPLv2 with OpenSSL exception.
Update the RRECOMMENDS to be conistent with the package names.
[1] http://code.google.com/p/cryptsetup/issues/detail?id=47
[2] https://bugs.g10code.com/gnupg/issue1181
Signed-off-by: Stefan Herbrechtsmeier <stefan@herbrechtsmeier.net>
---
.../{cryptsetup_1.1.3.bb => cryptsetup_1.6.1.bb} | 37 +++++++++++++-------
1 file changed, 25 insertions(+), 12 deletions(-)
rename meta-oe/recipes-support/cryptsetup/{cryptsetup_1.1.3.bb => cryptsetup_1.6.1.bb} (21%)
diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
similarity index 21%
rename from meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
rename to meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
index 254f563..438d394 100644
--- a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
+++ b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
@@ -1,18 +1,31 @@
-DESCRIPTION = "Setup virtual encryption devices under dm-crypt Linux"
+SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes"
+DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \
+device-mapper mappings. These include plain dm-crypt volumes and \
+LUKS volumes. The difference is that LUKS uses a metadata header \
+and can hence offer more features than plain dm-crypt. On the other \
+hand, the header is visible and vulnerable to damage."
HOMEPAGE = "http://code.google.com/p/cryptsetup/"
SECTION = "console"
-LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+LICENSE = "GPL-2.0-with-OpenSSL-exception"
+LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
+
+DEPENDS = "util-linux lvm2 popt"
-DEPENDS = "util-linux lvm2 libgcrypt popt"
-RRECOMMENDS_${PN} = "kernel-module-aes \
- kernel-module-dm-crypt \
- kernel-module-md5 \
- kernel-module-cbc \
- kernel-module-sha256 \
- "
SRC_URI = "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"
-SRC_URI[md5sum] = "318a64470861ea5b92a52f2014f1e7c1"
-SRC_URI[sha256sum] = "9c8e68a272f6d9cfb6cd65cc0743f4c44a2096c61f74e0602bf40208b5e69c0a"
+SRC_URI[md5sum] = "f374d11e3b0e7ca0f805756fd02e34ff"
+SRC_URI[sha256sum] = "baf36e663c03eb6440482d91c486d61ed47ce5c9268ad04c18ca09082755149c"
inherit autotools gettext
+
+# Use openssl because libgcrypt drops root privileges
+# if libgcrypt is linked with libcap support
+PACKAGECONFIG ??= "openssl"
+PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
+PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
+
+RRECOMMENDS_${PN} = "kernel-module-aes-generic \
+ kernel-module-dm-crypt \
+ kernel-module-md5 \
+ kernel-module-cbc \
+ kernel-module-sha256-generic \
+ "
--
1.7.9.5
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [meta-oe][PATCH V2] cryptsetup: Update to latest version and use openssl as crypto backend
2013-04-09 21:11 ` [meta-oe][PATCH V2] " Stefan Herbrechtsmeier
@ 2013-04-11 14:16 ` Martin Jansa
0 siblings, 0 replies; 6+ messages in thread
From: Martin Jansa @ 2013-04-11 14:16 UTC (permalink / raw)
To: openembedded-devel; +Cc: koen
[-- Attachment #1: Type: text/plain, Size: 4075 bytes --]
On Tue, Apr 09, 2013 at 11:11:01PM +0200, Stefan Herbrechtsmeier wrote:
> Cryptsetup with the command luksOpen failed with the error message:
> device-mapper: status ioctl failed: Permission denied
>
> The error comes from libgcrypt with drops root privileges if it is
> linked with libcap support [1]. Update cryptsetup to latest version,
> add PACKAGECONFIG for crypto backend selection (openssl / gcrypt)
> and change the default crypto backend to openssl as libgcrypt states
> the drop root privileges behaviour as a feature [2].
>
> The license was updated to GPLv2 with OpenSSL exception.
>
> Update the RRECOMMENDS to be conistent with the package names.
Looks good to me, will apply it in later this week if nobody objects.
> [1] http://code.google.com/p/cryptsetup/issues/detail?id=47
> [2] https://bugs.g10code.com/gnupg/issue1181
>
> Signed-off-by: Stefan Herbrechtsmeier <stefan@herbrechtsmeier.net>
> ---
> .../{cryptsetup_1.1.3.bb => cryptsetup_1.6.1.bb} | 37 +++++++++++++-------
> 1 file changed, 25 insertions(+), 12 deletions(-)
> rename meta-oe/recipes-support/cryptsetup/{cryptsetup_1.1.3.bb => cryptsetup_1.6.1.bb} (21%)
>
> diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
> similarity index 21%
> rename from meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
> rename to meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
> index 254f563..438d394 100644
> --- a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
> +++ b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
> @@ -1,18 +1,31 @@
> -DESCRIPTION = "Setup virtual encryption devices under dm-crypt Linux"
> +SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes"
> +DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \
> +device-mapper mappings. These include plain dm-crypt volumes and \
> +LUKS volumes. The difference is that LUKS uses a metadata header \
> +and can hence offer more features than plain dm-crypt. On the other \
> +hand, the header is visible and vulnerable to damage."
> HOMEPAGE = "http://code.google.com/p/cryptsetup/"
> SECTION = "console"
> -LICENSE = "GPLv2"
> -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
> +LICENSE = "GPL-2.0-with-OpenSSL-exception"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
> +
> +DEPENDS = "util-linux lvm2 popt"
>
> -DEPENDS = "util-linux lvm2 libgcrypt popt"
> -RRECOMMENDS_${PN} = "kernel-module-aes \
> - kernel-module-dm-crypt \
> - kernel-module-md5 \
> - kernel-module-cbc \
> - kernel-module-sha256 \
> - "
> SRC_URI = "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"
> -SRC_URI[md5sum] = "318a64470861ea5b92a52f2014f1e7c1"
> -SRC_URI[sha256sum] = "9c8e68a272f6d9cfb6cd65cc0743f4c44a2096c61f74e0602bf40208b5e69c0a"
> +SRC_URI[md5sum] = "f374d11e3b0e7ca0f805756fd02e34ff"
> +SRC_URI[sha256sum] = "baf36e663c03eb6440482d91c486d61ed47ce5c9268ad04c18ca09082755149c"
>
> inherit autotools gettext
> +
> +# Use openssl because libgcrypt drops root privileges
> +# if libgcrypt is linked with libcap support
> +PACKAGECONFIG ??= "openssl"
> +PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl"
> +PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt"
> +
> +RRECOMMENDS_${PN} = "kernel-module-aes-generic \
> + kernel-module-dm-crypt \
> + kernel-module-md5 \
> + kernel-module-cbc \
> + kernel-module-sha256-generic \
> + "
> --
> 1.7.9.5
>
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
--
Martin 'JaMa' Jansa jabber: Martin.Jansa@gmail.com
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-04-11 14:34 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-04-03 13:50 [meta-oe][PATCH] cryptsetup: Update to latest version and use openssl as crypto backend Stefan Herbrechtsmeier
2013-04-03 14:17 ` Khem Raj
2013-04-03 14:36 ` Koen Kooi
2013-04-03 17:38 ` Stefan Herbrechtsmeier
2013-04-09 21:11 ` [meta-oe][PATCH V2] " Stefan Herbrechtsmeier
2013-04-11 14:16 ` Martin Jansa
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.