Summary: | sys-fs/cryptsetup-2.7.1 version bump | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Sergey Ilinykh <rion4ik> |
Component: | Current packages | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | UNCONFIRMED --- | ||
Severity: | enhancement | CC: | gmazyland, jerzy, rion4ik |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitlab.com/cryptsetup/cryptsetup/-/tree/v2.7.0 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Sergey Ilinykh
2024-02-14 09:37:45 UTC
--- /storage/gentoo/portage/sys-fs/cryptsetup/cryptsetup-2.6.1.ebuild 2023-10-31 22:12:25.258792554 +0300 +++ /home/rion/projects/rion-overlay/sys-fs/cryptsetup/cryptsetup-2.7.0.ebuild 2024-02-17 11:15:18.713871414 +0300 @@ -19,13 +19,14 @@ CRYPTO_BACKENDS="gcrypt kernel nettle +openssl" # we don't support nss since it doesn't allow cryptsetup to be built statically # and it's missing ripemd160 support so it can't provide full backward compatibility -IUSE="${CRYPTO_BACKENDS} +argon2 fips nls pwquality ssh static static-libs test +udev urandom" +IUSE="${CRYPTO_BACKENDS} +argon2 +hwopal fips gcryptargon2 nls pwquality ssh static static-libs test +udev urandom" RESTRICT="!test? ( test )" # bug #496612, bug #832711, bug #843863 REQUIRED_USE=" ^^ ( ${CRYPTO_BACKENDS//+/} ) static? ( !gcrypt !ssh !udev !fips ) fips? ( !kernel !nettle ) + gcryptargon2? ( gcrypt !argon2 ) " LIB_DEPEND=" @@ -33,10 +34,12 @@ dev-libs/popt[static-libs(+)] >=sys-apps/util-linux-2.31-r1[static-libs(+)] argon2? ( app-crypt/argon2:=[static-libs(+)] ) + hwopal? ( >=sys-kernel/linux-headers-6.4 ) gcrypt? ( dev-libs/libgcrypt:0=[static-libs(+)] dev-libs/libgpg-error[static-libs(+)] ) + gcryptargon2? ( >=dev-libs/libgcrypt-1.11:0=[static-libs(+)] ) nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] ) openssl? ( dev-libs/openssl:0=[static-libs(+)] ) pwquality? ( dev-libs/libpwquality[static-libs(+)] ) @@ -87,6 +90,8 @@ --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d" --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do usev ${x} ; done) $(use_enable argon2 libargon2) + $(use_enable gcryptargon2 gcrypt-argon2) + $(use_enable hwopal hw-opal) $(use_enable nls) $(use_enable pwquality) $(use_enable !static external-tokens) It's not quite good diff since new gcrypt also not in portage yet. but it's what I came up with after comparing configure.ac Unfortunately regardless my SSD (Acer Predator GM7000) supports some encryption it's not OPAL. So I didn't test the hardware part.. I had to patch this new version because of an upstream bug diff --git a/configure.ac b/configure.ac index 84cef4b..0b4f034 100644 --- a/configure.ac +++ b/configure.ac @@ -521,7 +521,7 @@ AC_ARG_ENABLE([internal-argon2], AC_ARG_ENABLE([libargon2], AS_HELP_STRING([--enable-libargon2], [enable external libargon2 (PHC) library (disables internal bundled version)])) -if test $use_internal_argon2 = 0 -o "x$enable_internal_argon2" = "xno" ; then +if test $use_internal_argon2 = 0 || ( test "x$enable_internal_argon2" = "xno" && test "x$enable_libargon2" != "xyes" ); then if test "x$enable_internal_argon2" = "xyes" -o "x$enable_libargon" = "xyes"; then AC_MSG_WARN([Argon2 in $with_crypto_backend lib is used; internal Argon2 options are ignored.]) fi @@ -535,6 +535,7 @@ elif test "x$enable_libargon2" = "xyes" ; then AC_CHECK_DECL(Argon2_id,,[AC_MSG_ERROR([You need more recent Argon2 library with support for Argon2id.])], [#include <argon2.h>]) PKG_CHECK_MODULES([LIBARGON2], [libargon2],,[LIBARGON2_LIBS="-largon2"]) enable_internal_argon2=no + use_internal_argon2=0 else AC_MSG_WARN([Argon2 bundled (slow) reference implementation will be used, please consider to use system library with --enable-libargon2.]) Tested it with cryptsetup luksFormat --pbkdf=argon2id --type=luks2 /dev/nvme0n1p4. works well. pushed to my overlay https://github.com/rion-overlay/rion-overlay/tree/master/sys-fs/cryptsetup Added upstream PR with the patch https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/611 |