[oe] [meta-oe][PATCH] cryptsetup: Update to latest version and use openssl as crypto backend
Khem Raj
raj.khem at gmail.com
Wed Apr 3 14:17:38 UTC 2013
Stefan
On Apr 3, 2013, at 6:50 AM, Stefan Herbrechtsmeier <stefan at herbrechtsmeier.net> wrote:
> Cryptsetup with the command luksOpen failed with the error message:
> device-mapper: status ioctl failed: Permission denied
>
> The error comes from libgcrypt with drops root privileges if it is
> linked with libcap support [1]. Update cryptsetup to latest version
> and change the crypto backend to openssl as libgcrypt states this
> behaviour as a feature [2].
>
> The license was updated to GPLv2 with OpenSSL exception.
>
> [1] http://code.google.com/p/cryptsetup/issues/detail?id=47
> [2] https://bugs.g10code.com/gnupg/issue1181
>
> Signed-off-by: Stefan Herbrechtsmeier <stefan at herbrechtsmeier.net>
> ---
> .../recipes-support/cryptsetup/cryptsetup_1.1.3.bb | 18 --------------
> .../recipes-support/cryptsetup/cryptsetup_1.6.1.bb | 25 ++++++++++++++++++++
> 2 files changed, 25 insertions(+), 18 deletions(-)
> delete mode 100644 meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
> create mode 100644 meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
>
would be nice if you use git format-patch -M ..
> diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
> deleted file mode 100644
> index 254f563..0000000
> --- a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb
> +++ /dev/null
> @@ -1,18 +0,0 @@
> -DESCRIPTION = "Setup virtual encryption devices under dm-crypt Linux"
> -HOMEPAGE = "http://code.google.com/p/cryptsetup/"
> -SECTION = "console"
> -LICENSE = "GPLv2"
> -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
> -
> -DEPENDS = "util-linux lvm2 libgcrypt popt"
> -RRECOMMENDS_${PN} = "kernel-module-aes \
> - kernel-module-dm-crypt \
> - kernel-module-md5 \
> - kernel-module-cbc \
> - kernel-module-sha256 \
> - "
> -SRC_URI = "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"
> -SRC_URI[md5sum] = "318a64470861ea5b92a52f2014f1e7c1"
> -SRC_URI[sha256sum] = "9c8e68a272f6d9cfb6cd65cc0743f4c44a2096c61f74e0602bf40208b5e69c0a"
> -
> -inherit autotools gettext
> diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
> new file mode 100644
> index 0000000..ade69f4
> --- /dev/null
> +++ b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb
> @@ -0,0 +1,25 @@
> +DESCRIPTION = "Setup virtual encryption devices under dm-crypt Linux"
> +HOMEPAGE = "http://code.google.com/p/cryptsetup/"
> +SECTION = "console"
> +LICENSE = "GPL-2.0-with-OpenSSL-exception"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326"
> +
> +DEPENDS = "util-linux lvm2 openssl popt"
> +RRECOMMENDS_${PN} = "kernel-module-aes-generic \
> + kernel-module-dm-crypt \
> + kernel-module-md5 \
> + kernel-module-cbc \
> + kernel-module-sha256-generic \
> + "
> +
> +PR = "r1"
You can drop PR
> +
> +SRC_URI = "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"
> +SRC_URI[md5sum] = "f374d11e3b0e7ca0f805756fd02e34ff"
> +SRC_URI[sha256sum] = "baf36e663c03eb6440482d91c486d61ed47ce5c9268ad04c18ca09082755149c"
> +
> +inherit autotools gettext
> +
> +# Use openssl because libgcrypt drops root privileges
> +# if libgcrypt is linked with libcap support
> +EXTRA_OECONF = "--with-crypto_backend=openssl"
hmmmm, may be using packageconfig here would be better
> --
> 1.7.9.5
>
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
More information about the Openembedded-devel
mailing list