mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
From: Clemens Gruber <clemens.gruber@pqgruber.com>
To: ptxdist@pengutronix.de
Cc: Clemens Gruber <clemens.gruber@pqgruber.com>
Subject: [ptxdist] [PATCH 02/22] cryptsetup: version bump 1.7.5 -> 2.0.0
Date: Tue, 16 Jan 2018 16:50:20 +0100	[thread overview]
Message-ID: <20180116155040.10061-2-clemens.gruber@pqgruber.com> (raw)
In-Reply-To: <20180116155040.10061-1-clemens.gruber@pqgruber.com>

Now includes support for dm-integrity via new integritysetup tool.
---
 rules/cryptsetup.in   | 10 +++++++++-
 rules/cryptsetup.make | 28 +++++++++++++++++++---------
 2 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/rules/cryptsetup.in b/rules/cryptsetup.in
index 2cd898058..67ce41beb 100644
--- a/rules/cryptsetup.in
+++ b/rules/cryptsetup.in
@@ -1,6 +1,7 @@
 ## SECTION=disk_and_file
 
 menuconfig CRYPTSETUP
+	select JSON_C
 	select LVM2
 	select LIBUUID
 	select LIBPOPT
@@ -11,7 +12,10 @@ menuconfig CRYPTSETUP
 	prompt "cryptsetup                    "
 	help
 	  Cryptsetup is a utility used to conveniently setup disk encryption
-	  based on DMCrypt kernel module.
+	  based on the dm-crypt kernel module.
+	  It also includes veritysetup, used to setup dm-verity block integrity
+	  checking of read-only targets, as well as integritysetup to setup
+	  dm-integrity block integrity checking of read-write targets.
 
 if CRYPTSETUP
 
@@ -42,6 +46,10 @@ config CRYPTSETUP_CRYPTSETUP
 	bool
 	prompt "install cryptsetup"
 
+config CRYPTSETUP_INTEGRITYSETUP
+	bool
+	prompt "install integritysetup"
+
 config CRYPTSETUP_VERITYSETUP
 	bool
 	prompt "install veritysetup"
diff --git a/rules/cryptsetup.make b/rules/cryptsetup.make
index 9975e72f3..bb865aa9a 100644
--- a/rules/cryptsetup.make
+++ b/rules/cryptsetup.make
@@ -16,11 +16,11 @@ PACKAGES-$(PTXCONF_CRYPTSETUP) += cryptsetup
 #
 # Paths and names
 #
-CRYPTSETUP_VERSION	:= 1.7.5
-CRYPTSETUP_MD5		:= dde798a883b06a2903379dcd593480e1
+CRYPTSETUP_VERSION	:= 2.0.0
+CRYPTSETUP_MD5		:= 0f44b7535b2cdabbf0c4adf523fbceeb
 CRYPTSETUP		:= cryptsetup-$(CRYPTSETUP_VERSION)
 CRYPTSETUP_SUFFIX	:= tar.gz
-CRYPTSETUP_URL		:= https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7//$(CRYPTSETUP).$(CRYPTSETUP_SUFFIX)
+CRYPTSETUP_URL		:= https://www.kernel.org/pub/linux/utils/cryptsetup/v$(basename $(CRYPTSETUP_VERSION))/$(CRYPTSETUP).$(CRYPTSETUP_SUFFIX)
 CRYPTSETUP_SOURCE	:= $(SRCDIR)/$(CRYPTSETUP).$(CRYPTSETUP_SUFFIX)
 CRYPTSETUP_DIR		:= $(BUILDDIR)/$(CRYPTSETUP)
 CRYPTSETUP_LICENSE	:= GPL-2.0+
@@ -35,20 +35,27 @@ CRYPTSETUP_LICENSE	:= GPL-2.0+
 CRYPTSETUP_CONF_TOOL	:= autoconf
 CRYPTSETUP_CONF_OPT	:= \
 	$(CROSS_AUTOCONF_USR) \
+	--enable-keyring \
 	$(GLOBAL_LARGE_FILE_OPTION) \
 	--disable-nls \
 	--disable-rpath \
+	--disable-fips \
 	--disable-pwquality \
 	--disable-static-cryptsetup \
-	--enable-veritysetup \
-	--enable-cryptsetup-reencrypt \
+	--$(call ptx/endis, PTXCONF_CRYPTSETUP_CRYPTSETUP)-cryptsetup \
+	--$(call ptx/endis, PTXCONF_CRYPTSETUP_VERITYSETUP)-veritysetup \
+	--$(call ptx/endis, PTXCONF_CRYPTSETUP_CRYPTSETUP)-cryptsetup-reencrypt \
+	--$(call ptx/endis, PTXCONF_CRYPTSETUP_INTEGRITYSETUP)-integritysetup \
 	--disable-selinux \
 	--enable-udev \
 	--$(call ptx/endis, PTXCONF_CRYPTSETUP_CRYPT_BACKEND_KERNEL)-kernel_crypto \
 	--$(call ptx/endis, PTXCONF_CRYPTSETUP_CRYPT_BACKEND_GCRYPT)-gcrypt-pbkdf2 \
+	--enable-internal-argon2 \
+	--disable-libargon2 \
 	--enable-dev-random \
 	--disable-python \
-	--with-crypto_backend=$(PTXCONF_CRYPTSETUP_CRYPT_BACKEND)
+	--with-crypto_backend=$(PTXCONF_CRYPTSETUP_CRYPT_BACKEND) \
+	--with-luks2-lock-path=/run/cryptsetup
 
 # ----------------------------------------------------------------------------
 # Target-Install
@@ -65,12 +72,15 @@ $(STATEDIR)/cryptsetup.targetinstall:
 
 	@$(call install_lib, cryptsetup, 0, 0, 0644, libcryptsetup)
 
-ifdef PTXCONF_CRYPTSETUP_VERITYSETUP
-	@$(call install_copy, cryptsetup, 0, 0, 0755, -, /usr/sbin/veritysetup)
-endif
 ifdef PTXCONF_CRYPTSETUP_CRYPTSETUP
 	@$(call install_copy, cryptsetup, 0, 0, 0755, -, /usr/sbin/cryptsetup)
 endif
+ifdef PTXCONF_CRYPTSETUP_INTEGRITYSETUP
+	@$(call install_copy, cryptsetup, 0, 0, 0755, -, /usr/sbin/integritysetup)
+endif
+ifdef PTXCONF_CRYPTSETUP_VERITYSETUP
+	@$(call install_copy, cryptsetup, 0, 0, 0755, -, /usr/sbin/veritysetup)
+endif
 
 	@$(call install_finish, cryptsetup)
 
-- 
2.15.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

  reply	other threads:[~2018-01-16 15:51 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-01-16 15:50 [ptxdist] [PATCH 01/22] coreutils: version bump 8.27 -> 8.29 Clemens Gruber
2018-01-16 15:50 ` Clemens Gruber [this message]
2018-01-16 15:50 ` [ptxdist] [PATCH 03/22] dbus: version bump 1.10.24 -> 1.12.2 Clemens Gruber
2018-01-24 14:40   ` Michael Olbrich
2018-01-16 15:50 ` [ptxdist] [PATCH 04/22] dbus: add upstream patches for OOM conditions Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 05/22] e2fsprogs: version bump 1.43.6 -> 1.43.8 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 06/22] expat: version bump 2.2.4 -> 2.2.5 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 07/22] file: version bump 5.30 -> 5.32 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 08/22] host-meson: version bump 0.43.0 -> 0.44.0 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 09/22] iproute2: version bump 4.13 -> 4.14.1 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 10/22] json-c: version bump 0.12.1 -> 0.13 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 11/22] kexec-tools: version bump 2.0.14 -> 2.0.16 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 12/22] libsodium: version bump 1.0.11 -> 1.0.16 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 13/22] lvm2: version bump 2.02.66 -> 2.02.177 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 14/22] mpg123: version bump 1.25.6 -> 1.25.8 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 15/22] nano: version bump 2.8.4 -> 2.9.2 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 16/22] ninja: version bump 1.7.2 -> 1.8.2 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 17/22] nginx: update pkg-config patches from buildroot Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 18/22] protobuf: version bump 3.3.2 -> 3.5.1 Clemens Gruber
2018-01-25 14:38   ` Michael Olbrich
2018-01-25 15:04     ` Clemens Gruber
2018-01-25 15:24       ` Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 19/22] strace: version bump 4.18 -> 4.20 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 20/22] trace-cmd: version bump 2.6.1 -> 2.6.2 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 21/22] u-boot-tools: version bump 2017.07 -> 2018.01 Clemens Gruber
2018-01-16 15:50 ` [ptxdist] [PATCH 22/22] util-linux-ng: version bump 2.30.2 -> 2.31.1 Clemens Gruber

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180116155040.10061-2-clemens.gruber@pqgruber.com \
    --to=clemens.gruber@pqgruber.com \
    --cc=ptxdist@pengutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox