cryptsetup: Upgrade to 2.6.0

- Disable documentation as it needs asciidoctor which is not available - Rename cryptsetup-reencrypt packageconfig to luks2-reencryption to match the relevant configure option. - Add a patch to enable 64bit off_t and lfs64 Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Khem Raj <raj.khem@gmail.com> 2022-12-18 14:02:20 -0800
committer: Khem Raj <raj.khem@gmail.com> 2022-12-18 23:34:20 -0800
commit: a8e8825ee1b7ebb1c8af2bc95c64ed10c056414e (patch)
tree: 403f6ee6eb40048867760b8250036b637e87dc67
parent: 774a8ee83087985c81d32f0d48c0db23ab8c87b6 (diff)
download: meta-openembedded-a8e8825ee1b7ebb1c8af2bc95c64ed10c056414e.tar.gz
2 files changed, 109 insertions, 5 deletions
diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup/0001-Replace-off64_t-with-off_t.patch b/meta-oe/recipes-crypto/cryptsetup/cryptsetup/0001-Replace-off64_t-with-off_t.patch
new file mode 100644
index 0000000000..23aa86c0fb
--- /dev/null
+++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup/0001-Replace-off64_t-with-off_t.patch
@@ -0,0 +1,101 @@
+From 683d0c525765415be34c269edf9cc066276f9f65 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 18 Dec 2022 13:53:51 -0800
+Subject: [PATCH] Replace off64_t with off_t
+AC_SYS_LARGEFILE autoconf macro is in use in configure script which will
+add needed feature macros on commandline to enable 64bit off_t.
+Also replace lseek64 with lseek, since it will be same when
+_FILE_OFFSET_BITS=64 is defined on relevant platforms via AC_SYS_LARGEFILE
+Upstream-Status: Submitted [https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/467]
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ lib/utils.c                 |  4 ++--
+ lib/utils_wipe.c            |  4 ++--
+ src/utils_reencrypt_luks1.c | 12 ++++++------
+ 3 files changed, 10 insertions(+), 10 deletions(-)
+diff --git a/lib/utils.c b/lib/utils.c
+index 9d79ee29..be5f5287 100644
+--- a/lib/utils.c
+++ b/lib/utils.c
+@@ -102,9 +102,9 @@ static int keyfile_seek(int fd, uint64_t bytes)
+        char tmp[BUFSIZ];
+        size_t next_read;
+        ssize_t bytes_r;
+-       off64_t r;
+       off_t r;
+ 
+-       r = lseek64(fd, bytes, SEEK_CUR);
+       r = lseek(fd, bytes, SEEK_CUR);
+        if (r > 0)
+                return 0;
+        if (r < 0 && errno != ESPIPE)
+diff --git a/lib/utils_wipe.c b/lib/utils_wipe.c
+index 285a9e77..0c376f44 100644
+--- a/lib/utils_wipe.c
+++ b/lib/utils_wipe.c
+@@ -150,7 +150,7 @@ static int wipe_block(struct crypt_device *cd, int devfd, crypt_wipe_pattern pat
+        if (blockdev && pattern == CRYPT_WIPE_ZERO &&
+            !wipe_zeroout(cd, devfd, offset, wipe_block_size)) {
+                /* zeroout ioctl does not move offset */
+-               if (lseek64(devfd, offset + wipe_block_size, SEEK_SET) < 0) {
+               if (lseek(devfd, offset + wipe_block_size, SEEK_SET) < 0) {
+                        log_err(cd, _("Cannot seek to device offset."));
+                        return -EINVAL;
+                }
+@@ -221,7 +221,7 @@ int crypt_wipe_device(struct crypt_device *cd,
+        if (r)
+                goto out;
+ 
+-       if (lseek64(devfd, offset, SEEK_SET) < 0) {
+       if (lseek(devfd, offset, SEEK_SET) < 0) {
+                log_err(cd, _("Cannot seek to device offset."));
+                r = -EINVAL;
+                goto out;
+diff --git a/src/utils_reencrypt_luks1.c b/src/utils_reencrypt_luks1.c
+index 96368bdb..d83a1da4 100644
+--- a/src/utils_reencrypt_luks1.c
+++ b/src/utils_reencrypt_luks1.c
+@@ -729,8 +729,8 @@ static int copy_data_forward(struct reenc_ctx *rc, int fd_old, int fd_new,
+ 
+        log_dbg("Reencrypting in forward direction.");
+ 
+-       if (lseek64(fd_old, rc->device_offset, SEEK_SET) < 0 ||
+-           lseek64(fd_new, rc->device_offset, SEEK_SET) < 0) {
+       if (lseek(fd_old, rc->device_offset, SEEK_SET) < 0 ||
+           lseek(fd_new, rc->device_offset, SEEK_SET) < 0) {
+                log_err(_("Cannot seek to device offset."));
+                goto out;
+        }
+@@ -788,7 +788,7 @@ static int copy_data_backward(struct reenc_ctx *rc, int fd_old, int fd_new,
+                              size_t block_size, void *buf, uint64_t *bytes)
+ {
+        ssize_t s1, s2, working_block;
+-       off64_t working_offset;
+       off_t working_offset;
+        int r = -EIO;
+        char *backing_file = NULL;
+        struct tools_progress_params prog_parms = {
+@@ -827,8 +827,8 @@ static int copy_data_backward(struct reenc_ctx *rc, int fd_old, int fd_new,
+                        working_block = block_size;
+                }
+ 
+-               if (lseek64(fd_old, working_offset, SEEK_SET) < 0 ||
+-                   lseek64(fd_new, working_offset, SEEK_SET) < 0) {
+               if (lseek(fd_old, working_offset, SEEK_SET) < 0 ||
+                   lseek(fd_new, working_offset, SEEK_SET) < 0) {
+                        log_err(_("Cannot seek to device offset."));
+                        goto out;
+                }
+@@ -874,7 +874,7 @@ static void zero_rest_of_device(int fd, size_t block_size, void *buf,
+ 
+        log_dbg("Zeroing rest of device.");
+ 
+-       if (lseek64(fd, offset, SEEK_SET) < 0) {
+       if (lseek(fd, offset, SEEK_SET) < 0) {
+                log_dbg("Cannot seek to device offset.");
+                return;
+        }
diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.6.0.bb
index 652fd66614..1d4f440871 100644
--- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb
+++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.6.0.bb
@@ -19,8 +19,10 @@ DEPENDS = " \
 DEPENDS:append:libc-musl = " argp-standalone"
 LDFLAGS:append:libc-musl = " -largp"
-SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"
+SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz \
-SRC_URI[sha256sum] = "fc0df945188172264ec5bf1d0bda08264fadc8a3f856d47eba91f31fe354b507"
+           file://0001-Replace-off64_t-with-off_t.patch \
+           "
+SRC_URI[sha256sum] = "44397ba76e75a9cde5b02177bc63cd7af428a785788e3a7067733e7761842735"
 inherit autotools gettext pkgconfig
@@ -30,7 +32,7 @@ PACKAGECONFIG ??= " \
    keyring \
    cryptsetup \
    veritysetup \
-    cryptsetup-reencrypt \
+    luks2-reencryption \
    integritysetup \
    ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
    kernel_crypto \
@@ -50,7 +52,7 @@ PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality"
 PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc"
 PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup"
 PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup"
-PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-reencrypt,--disable-cryptsetup-reencrypt"
+PACKAGECONFIG[luks2-reencryption] = "--enable-luks2-reencryption,--disable-luks2-reencryption"
 PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup"
 PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
 PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules"
@@ -78,7 +80,8 @@ EXTRA_OECONF += "--enable-largefile"
 EXTRA_OECONF += "--disable-static-cryptsetup"
 # There's no recipe for libargon2 yet
 EXTRA_OECONF += "--disable-libargon2"
+# Disable documentation, there is no asciidoctor-native available in OE
+EXTRA_OECONF += "--disable-asciidoc"
 # libcryptsetup default PBKDF algorithm, Argon2 memory cost (KB), parallel threads and iteration time (ms)
 LUKS2_PBKDF ?= "argon2i"
 LUKS2_MEMORYKB ?= "1048576"
author	Khem Raj <raj.khem@gmail.com>	2022-12-18 14:02:20 -0800
committer	Khem Raj <raj.khem@gmail.com>	2022-12-18 23:34:20 -0800
commit	a8e8825ee1b7ebb1c8af2bc95c64ed10c056414e (patch)
tree	403f6ee6eb40048867760b8250036b637e87dc67
parent	774a8ee83087985c81d32f0d48c0db23ab8c87b6 (diff)
download	meta-openembedded-a8e8825ee1b7ebb1c8af2bc95c64ed10c056414e.tar.gz

diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup/0001-Replace-off64_t-with-off_t.patch b/meta-oe/recipes-crypto/cryptsetup/cryptsetup/0001-Replace-off64_t-with-off_t.patch new file mode 100644 index 0000000000..23aa86c0fb --- /dev/null +++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup/0001-Replace-off64_t-with-off_t.patch
@@ -0,0 +1,101 @@
		1	From 683d0c525765415be34c269edf9cc066276f9f65 Mon Sep 17 00:00:00 2001
		2	From: Khem Raj <raj.khem@gmail.com>
		3	Date: Sun, 18 Dec 2022 13:53:51 -0800
		4	Subject: [PATCH] Replace off64_t with off_t
		5
		6	AC_SYS_LARGEFILE autoconf macro is in use in configure script which will
		7	add needed feature macros on commandline to enable 64bit off_t.
		8
		9	Also replace lseek64 with lseek, since it will be same when
		10	_FILE_OFFSET_BITS=64 is defined on relevant platforms via AC_SYS_LARGEFILE
		11
		12	Upstream-Status: Submitted [https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/467]
		13	Signed-off-by: Khem Raj <raj.khem@gmail.com>
		14	---
		15	lib/utils.c \| 4 ++--
		16	lib/utils_wipe.c \| 4 ++--
		17	src/utils_reencrypt_luks1.c \| 12 ++++++------
		18	3 files changed, 10 insertions(+), 10 deletions(-)
		19
		20	diff --git a/lib/utils.c b/lib/utils.c
		21	index 9d79ee29..be5f5287 100644
		22	--- a/lib/utils.c
		23	+++ b/lib/utils.c
		24	@@ -102,9 +102,9 @@ static int keyfile_seek(int fd, uint64_t bytes)
		25	char tmp[BUFSIZ];
		26	size_t next_read;
		27	ssize_t bytes_r;
		28	- off64_t r;
		29	+ off_t r;
		30
		31	- r = lseek64(fd, bytes, SEEK_CUR);
		32	+ r = lseek(fd, bytes, SEEK_CUR);
		33	if (r > 0)
		34	return 0;
		35	if (r < 0 && errno != ESPIPE)
		36	diff --git a/lib/utils_wipe.c b/lib/utils_wipe.c
		37	index 285a9e77..0c376f44 100644
		38	--- a/lib/utils_wipe.c
		39	+++ b/lib/utils_wipe.c
		40	@@ -150,7 +150,7 @@ static int wipe_block(struct crypt_device *cd, int devfd, crypt_wipe_pattern pat
		41	if (blockdev && pattern == CRYPT_WIPE_ZERO &&
		42	!wipe_zeroout(cd, devfd, offset, wipe_block_size)) {
		43	/* zeroout ioctl does not move offset */
		44	- if (lseek64(devfd, offset + wipe_block_size, SEEK_SET) < 0) {
		45	+ if (lseek(devfd, offset + wipe_block_size, SEEK_SET) < 0) {
		46	log_err(cd, _("Cannot seek to device offset."));
		47	return -EINVAL;
		48	}
		49	@@ -221,7 +221,7 @@ int crypt_wipe_device(struct crypt_device *cd,
		50	if (r)
		51	goto out;
		52
		53	- if (lseek64(devfd, offset, SEEK_SET) < 0) {
		54	+ if (lseek(devfd, offset, SEEK_SET) < 0) {
		55	log_err(cd, _("Cannot seek to device offset."));
		56	r = -EINVAL;
		57	goto out;
		58	diff --git a/src/utils_reencrypt_luks1.c b/src/utils_reencrypt_luks1.c
		59	index 96368bdb..d83a1da4 100644
		60	--- a/src/utils_reencrypt_luks1.c
		61	+++ b/src/utils_reencrypt_luks1.c
		62	@@ -729,8 +729,8 @@ static int copy_data_forward(struct reenc_ctx *rc, int fd_old, int fd_new,
		63
		64	log_dbg("Reencrypting in forward direction.");
		65
		66	- if (lseek64(fd_old, rc->device_offset, SEEK_SET) < 0 \|\|
		67	- lseek64(fd_new, rc->device_offset, SEEK_SET) < 0) {
		68	+ if (lseek(fd_old, rc->device_offset, SEEK_SET) < 0 \|\|
		69	+ lseek(fd_new, rc->device_offset, SEEK_SET) < 0) {
		70	log_err(_("Cannot seek to device offset."));
		71	goto out;
		72	}
		73	@@ -788,7 +788,7 @@ static int copy_data_backward(struct reenc_ctx *rc, int fd_old, int fd_new,
		74	size_t block_size, void buf, uint64_t bytes)
		75	{
		76	ssize_t s1, s2, working_block;
		77	- off64_t working_offset;
		78	+ off_t working_offset;
		79	int r = -EIO;
		80	char *backing_file = NULL;
		81	struct tools_progress_params prog_parms = {
		82	@@ -827,8 +827,8 @@ static int copy_data_backward(struct reenc_ctx *rc, int fd_old, int fd_new,
		83	working_block = block_size;
		84	}
		85
		86	- if (lseek64(fd_old, working_offset, SEEK_SET) < 0 \|\|
		87	- lseek64(fd_new, working_offset, SEEK_SET) < 0) {
		88	+ if (lseek(fd_old, working_offset, SEEK_SET) < 0 \|\|
		89	+ lseek(fd_new, working_offset, SEEK_SET) < 0) {
		90	log_err(_("Cannot seek to device offset."));
		91	goto out;
		92	}
		93	@@ -874,7 +874,7 @@ static void zero_rest_of_device(int fd, size_t block_size, void *buf,
		94
		95	log_dbg("Zeroing rest of device.");
		96
		97	- if (lseek64(fd, offset, SEEK_SET) < 0) {
		98	+ if (lseek(fd, offset, SEEK_SET) < 0) {
		99	log_dbg("Cannot seek to device offset.");
		100	return;
		101	}


diff --git a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.6.0.bb index 652fd66614..1d4f440871 100644 --- a/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.4.3.bb +++ b/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.6.0.bb
@@ -19,8 +19,10 @@ DEPENDS = " \
19	DEPENDS:append:libc-musl = " argp-standalone"	19	DEPENDS:append:libc-musl = " argp-standalone"
20	LDFLAGS:append:libc-musl = " -largp"	20	LDFLAGS:append:libc-musl = " -largp"
21		21
22	SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz"	22	SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz \
23	SRC_URI[sha256sum] = "fc0df945188172264ec5bf1d0bda08264fadc8a3f856d47eba91f31fe354b507"	23	file://0001-Replace-off64_t-with-off_t.patch \
		24	"
		25	SRC_URI[sha256sum] = "44397ba76e75a9cde5b02177bc63cd7af428a785788e3a7067733e7761842735"
24		26
25	inherit autotools gettext pkgconfig	27	inherit autotools gettext pkgconfig
26		28
@@ -30,7 +32,7 @@ PACKAGECONFIG ??= " \
30	keyring \	32	keyring \
31	cryptsetup \	33	cryptsetup \
32	veritysetup \	34	veritysetup \
33	cryptsetup-reencrypt \	35	luks2-reencryption \
34	integritysetup \	36	integritysetup \
35	${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \	37	${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \
36	kernel_crypto \	38	kernel_crypto \
@@ -50,7 +52,7 @@ PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality"
50	PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc"	52	PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc"
51	PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup"	53	PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup"
52	PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup"	54	PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup"
53	PACKAGECONFIG[cryptsetup-reencrypt] = "--enable-cryptsetup-reencrypt,--disable-cryptsetup-reencrypt"	55	PACKAGECONFIG[luks2-reencryption] = "--enable-luks2-reencryption,--disable-luks2-reencryption"
54	PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup"	56	PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup"
55	PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"	57	PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux"
56	PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules"	58	PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules"
@@ -78,7 +80,8 @@ EXTRA_OECONF += "--enable-largefile"
78	EXTRA_OECONF += "--disable-static-cryptsetup"	80	EXTRA_OECONF += "--disable-static-cryptsetup"
79	# There's no recipe for libargon2 yet	81	# There's no recipe for libargon2 yet
80	EXTRA_OECONF += "--disable-libargon2"	82	EXTRA_OECONF += "--disable-libargon2"
81		83	# Disable documentation, there is no asciidoctor-native available in OE
		84	EXTRA_OECONF += "--disable-asciidoc"
82	# libcryptsetup default PBKDF algorithm, Argon2 memory cost (KB), parallel threads and iteration time (ms)	85	# libcryptsetup default PBKDF algorithm, Argon2 memory cost (KB), parallel threads and iteration time (ms)
83	LUKS2_PBKDF ?= "argon2i"	86	LUKS2_PBKDF ?= "argon2i"
84	LUKS2_MEMORYKB ?= "1048576"	87	LUKS2_MEMORYKB ?= "1048576"