From 2d0c1342accddaa58715f36ac22407859d500bcc Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Wed, 17 Feb 2010 03:25:53 +0000 Subject: [PATCH 001/101] Initialize branch F-13 for volume_key --- branch | 1 + 1 file changed, 1 insertion(+) create mode 100644 branch diff --git a/branch b/branch new file mode 100644 index 0000000..baa94ef --- /dev/null +++ b/branch @@ -0,0 +1 @@ +F-13 From 4128c34ecc644f7096a8f7bdddc3da160b272161 Mon Sep 17 00:00:00 2001 From: Miloslav Trmac Date: Thu, 4 Mar 2010 21:27:11 +0000 Subject: [PATCH 002/101] - Update to volume_key-0.3.2 - Drop no longer necessary references to BuildRoot: --- .cvsignore | 2 +- sources | 2 +- volume_key-0.3.1-empty-passphrase.patch | 56 ------------------------- volume_key.spec | 16 ++++--- 4 files changed, 9 insertions(+), 67 deletions(-) delete mode 100644 volume_key-0.3.1-empty-passphrase.patch diff --git a/.cvsignore b/.cvsignore index 81ed7bc..efa1903 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -volume_key-0.3.1.tar.bz2 +volume_key-0.3.2.tar.xz diff --git a/sources b/sources index df7c4d2..6934e43 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c5fc7956e691db0ca428a8686bfa47db volume_key-0.3.1.tar.bz2 +5e68ec939794f5a254cf2056cf06625f volume_key-0.3.2.tar.xz diff --git a/volume_key-0.3.1-empty-passphrase.patch b/volume_key-0.3.1-empty-passphrase.patch deleted file mode 100644 index 3782bf8..0000000 --- a/volume_key-0.3.1-empty-passphrase.patch +++ /dev/null @@ -1,56 +0,0 @@ -commit 02ba974efaf3b12f548d83f0584917dfcfd1cb1b -Author: Miloslav Trmač -Date: Fri Feb 5 17:53:21 2010 +0100 - - Fix crash if passphrase_ui_cb () fails. - - 2010-02-05 Miloslav Trmač - - * src/volume_key.c (pos_init): Set *error if passphrase_ui_cb () fails. - -diff --git a/ChangeLog b/ChangeLog -index 72f053b..1ab28d0 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,3 +1,7 @@ -+2010-02-05 Miloslav Trmač -+ -+ * src/volume_key.c (pos_init): Set *error if passphrase_ui_cb () fails. -+ - 2009-12-11 Miloslav Trmač - - * configure.ac: Release 0.3.1. -diff --git a/src/volume_key.c b/src/volume_key.c -index 361aa86..68c837a 100644 ---- a/src/volume_key.c -+++ b/src/volume_key.c -@@ -581,7 +581,7 @@ pos_init (struct packet_output_state *pos, GError **error) - : _("Passphrases do not match. " - "New packet passphrase"), failed); - if (passphrase == NULL) -- return -1; -+ goto no_passphrase; - passphrase2 = passphrase_ui_cb (NULL, - _("Repeat new packet passphrase"), - failed); -@@ -589,7 +589,7 @@ pos_init (struct packet_output_state *pos, GError **error) - { - memset (passphrase, 0, strlen (passphrase)); - g_free (passphrase); -- return -1; -+ goto no_passphrase; - } - passphrase_ok = strcmp (passphrase, passphrase2) == 0; - memset (passphrase2, 0, strlen (passphrase2)); -@@ -607,6 +607,11 @@ pos_init (struct packet_output_state *pos, GError **error) - pos->passphrase = passphrase; - } - return 0; -+ -+ no_passphrase: -+ g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_UI_NO_RESPONSE, -+ _("Passphrase not provided")); -+ return -1; - } - - /* Free data in POS */ diff --git a/volume_key.spec b/volume_key.spec index 630d6ab..de228c2 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -2,17 +2,14 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key -Version: 0.3.1 -Release: 2%{?dist} +Version: 0.3.2 +Release: 1%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ Requires: volume_key-libs = %{version}-%{release} -Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.bz2 -# Committed upstrean -Patch0: volume_key-0.3.1-empty-passphrase.patch -BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, gnupg BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel @@ -76,15 +73,12 @@ for other formats is possible, some formats are planned for future releases. %prep %setup -q -%patch0 -p1 -b .empty-passphrase %build %configure make %{?_smp_mflags} %install -rm -rf $RPM_BUILD_ROOT - make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' %find_lang volume_key @@ -119,6 +113,10 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Thu Mar 4 2010 Miloslav Trmač - 0.3.2-1 +- Update to volume_key-0.3.2 +- Drop no longer necessary references to BuildRoot: + * Fri Feb 5 2010 Miloslav Trmač - 0.3.1-2 - Fix a crash when an empty passphrase is provided Resolves: #558410 From 7fff111735838f3d5807022eb73ceb5b7f1bd05a Mon Sep 17 00:00:00 2001 From: Miloslav Trmac Date: Thu, 4 Mar 2010 21:28:41 +0000 Subject: [PATCH 003/101] - Update to volume_key-0.3.2 - Drop no longer necessary references to BuildRoot: --- .cvsignore | 2 +- sources | 2 +- volume_key-0.3.1-empty-passphrase.patch | 56 ------------------------- volume_key.spec | 16 ++++--- 4 files changed, 9 insertions(+), 67 deletions(-) delete mode 100644 volume_key-0.3.1-empty-passphrase.patch diff --git a/.cvsignore b/.cvsignore index 81ed7bc..efa1903 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -volume_key-0.3.1.tar.bz2 +volume_key-0.3.2.tar.xz diff --git a/sources b/sources index df7c4d2..6934e43 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c5fc7956e691db0ca428a8686bfa47db volume_key-0.3.1.tar.bz2 +5e68ec939794f5a254cf2056cf06625f volume_key-0.3.2.tar.xz diff --git a/volume_key-0.3.1-empty-passphrase.patch b/volume_key-0.3.1-empty-passphrase.patch deleted file mode 100644 index 3782bf8..0000000 --- a/volume_key-0.3.1-empty-passphrase.patch +++ /dev/null @@ -1,56 +0,0 @@ -commit 02ba974efaf3b12f548d83f0584917dfcfd1cb1b -Author: Miloslav Trmač -Date: Fri Feb 5 17:53:21 2010 +0100 - - Fix crash if passphrase_ui_cb () fails. - - 2010-02-05 Miloslav Trmač - - * src/volume_key.c (pos_init): Set *error if passphrase_ui_cb () fails. - -diff --git a/ChangeLog b/ChangeLog -index 72f053b..1ab28d0 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,3 +1,7 @@ -+2010-02-05 Miloslav Trmač -+ -+ * src/volume_key.c (pos_init): Set *error if passphrase_ui_cb () fails. -+ - 2009-12-11 Miloslav Trmač - - * configure.ac: Release 0.3.1. -diff --git a/src/volume_key.c b/src/volume_key.c -index 361aa86..68c837a 100644 ---- a/src/volume_key.c -+++ b/src/volume_key.c -@@ -581,7 +581,7 @@ pos_init (struct packet_output_state *pos, GError **error) - : _("Passphrases do not match. " - "New packet passphrase"), failed); - if (passphrase == NULL) -- return -1; -+ goto no_passphrase; - passphrase2 = passphrase_ui_cb (NULL, - _("Repeat new packet passphrase"), - failed); -@@ -589,7 +589,7 @@ pos_init (struct packet_output_state *pos, GError **error) - { - memset (passphrase, 0, strlen (passphrase)); - g_free (passphrase); -- return -1; -+ goto no_passphrase; - } - passphrase_ok = strcmp (passphrase, passphrase2) == 0; - memset (passphrase2, 0, strlen (passphrase2)); -@@ -607,6 +607,11 @@ pos_init (struct packet_output_state *pos, GError **error) - pos->passphrase = passphrase; - } - return 0; -+ -+ no_passphrase: -+ g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_UI_NO_RESPONSE, -+ _("Passphrase not provided")); -+ return -1; - } - - /* Free data in POS */ diff --git a/volume_key.spec b/volume_key.spec index 630d6ab..de228c2 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -2,17 +2,14 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key -Version: 0.3.1 -Release: 2%{?dist} +Version: 0.3.2 +Release: 1%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ Requires: volume_key-libs = %{version}-%{release} -Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.bz2 -# Committed upstrean -Patch0: volume_key-0.3.1-empty-passphrase.patch -BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, gnupg BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel @@ -76,15 +73,12 @@ for other formats is possible, some formats are planned for future releases. %prep %setup -q -%patch0 -p1 -b .empty-passphrase %build %configure make %{?_smp_mflags} %install -rm -rf $RPM_BUILD_ROOT - make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' %find_lang volume_key @@ -119,6 +113,10 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Thu Mar 4 2010 Miloslav Trmač - 0.3.2-1 +- Update to volume_key-0.3.2 +- Drop no longer necessary references to BuildRoot: + * Fri Feb 5 2010 Miloslav Trmač - 0.3.1-2 - Fix a crash when an empty passphrase is provided Resolves: #558410 From a710b21d0fc457ba9670c8a7025c083c2a21a967 Mon Sep 17 00:00:00 2001 From: Miloslav Trmac Date: Fri, 26 Mar 2010 15:48:36 +0000 Subject: [PATCH 004/101] - Update to volume_key-0.3.3 --- .cvsignore | 2 +- sources | 2 +- volume_key.spec | 5 ++++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index efa1903..3e1711d 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -volume_key-0.3.2.tar.xz +volume_key-0.3.3.tar.xz diff --git a/sources b/sources index 6934e43..7222df6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5e68ec939794f5a254cf2056cf06625f volume_key-0.3.2.tar.xz +9d2d902e9f17d5c4a0d8fe7e907660a0 volume_key-0.3.3.tar.xz diff --git a/volume_key.spec b/volume_key.spec index de228c2..9db1dd5 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -2,7 +2,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key -Version: 0.3.2 +Version: 0.3.3 Release: 1%{?dist} License: GPLv2 Group: Applications/System @@ -113,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Fri Mar 26 2010 Miloslav Trmač - 0.3.3-1 +- Update to volume_key-0.3.3 + * Thu Mar 4 2010 Miloslav Trmač - 0.3.2-1 - Update to volume_key-0.3.2 - Drop no longer necessary references to BuildRoot: From dee637681c8f889d1e3261fc100b666d8d231ef6 Mon Sep 17 00:00:00 2001 From: Miloslav Trmac Date: Fri, 26 Mar 2010 15:59:07 +0000 Subject: [PATCH 005/101] - Update to volume_key-0.3.3 --- .cvsignore | 2 +- sources | 2 +- volume_key.spec | 5 ++++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index efa1903..3e1711d 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -volume_key-0.3.2.tar.xz +volume_key-0.3.3.tar.xz diff --git a/sources b/sources index 6934e43..7222df6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5e68ec939794f5a254cf2056cf06625f volume_key-0.3.2.tar.xz +9d2d902e9f17d5c4a0d8fe7e907660a0 volume_key-0.3.3.tar.xz diff --git a/volume_key.spec b/volume_key.spec index de228c2..9db1dd5 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -2,7 +2,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key -Version: 0.3.2 +Version: 0.3.3 Release: 1%{?dist} License: GPLv2 Group: Applications/System @@ -113,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Fri Mar 26 2010 Miloslav Trmač - 0.3.3-1 +- Update to volume_key-0.3.3 + * Thu Mar 4 2010 Miloslav Trmač - 0.3.2-1 - Update to volume_key-0.3.2 - Drop no longer necessary references to BuildRoot: From 25078df2b24c02e8a48f7f0f8f4e24ad9d00d6fb Mon Sep 17 00:00:00 2001 From: dmalcolm Date: Thu, 22 Jul 2010 07:11:45 +0000 Subject: [PATCH 006/101] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 9db1dd5..5dd2bf2 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.3 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -113,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Thu Jul 22 2010 David Malcolm - 0.3.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + * Fri Mar 26 2010 Miloslav Trmač - 0.3.3-1 - Update to volume_key-0.3.3 From b4b07aac459e33f06de242d63181d9ad267b76ad Mon Sep 17 00:00:00 2001 From: Miloslav Trmac Date: Thu, 22 Jul 2010 12:58:14 +0000 Subject: [PATCH 007/101] - Fix build with new gpgme --- volume_key-0.3.3-off_t.patch | 20 ++++++++++++++++++++ volume_key.spec | 11 ++++++++++- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 volume_key-0.3.3-off_t.patch diff --git a/volume_key-0.3.3-off_t.patch b/volume_key-0.3.3-off_t.patch new file mode 100644 index 0000000..98a84dc --- /dev/null +++ b/volume_key-0.3.3-off_t.patch @@ -0,0 +1,20 @@ +2010-07-22 Miloslav Trmač + + * configure.ac: Use AC_SYS_LARGEFILE, required by gpgme. + +diff --git a/configure.ac b/configure.ac +index e39ce62..7d8220e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -59,6 +59,8 @@ AC_DEFINE([GETTEXT_PACKAGE], ["volume_key"], [Package name for ]) + # Checks for library functions. + + # Checks for system services. ++dnl We don't use off_t, but gpgme requires this. ++AC_SYS_LARGEFILE + + # Miscellaneous hackery. + +-- +1.7.1.1 + diff --git a/volume_key.spec b/volume_key.spec index 5dd2bf2..071fed0 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,15 +3,19 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.3 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ Requires: volume_key-libs = %{version}-%{release} Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz +# Upstream commit 6c31fc813c5329b343a44822eb04ef27f07b3367 +Patch0: volume_key-0.3.3-off_t.patch BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, gnupg BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel +# For patch0 +BuildRequires: autoconf automake gettext-autopoint libtool %description This package provides a command-line tool for manipulating storage volume @@ -73,6 +77,8 @@ for other formats is possible, some formats are planned for future releases. %prep %setup -q +%patch0 -p1 +autoreconf -fis %build %configure @@ -113,6 +119,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Thu Jul 22 2010 Miloslav Trmač - 0.3.3-3 +- Fix build with new gpgme + * Thu Jul 22 2010 David Malcolm - 0.3.3-2 - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild From 14d952f359843dc87d68705efd73339989c18799 Mon Sep 17 00:00:00 2001 From: Miloslav Trmac Date: Mon, 26 Jul 2010 13:29:23 +0000 Subject: [PATCH 008/101] - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 071fed0..7831bc1 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.3 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -119,6 +119,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Mon Jul 26 2010 Miloslav Trmač - 0.3.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + * Thu Jul 22 2010 Miloslav Trmač - 0.3.3-3 - Fix build with new gpgme From 0ea4bb2312fddd82f14b5792bbb3107f96d42da3 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 29 Jul 2010 15:07:47 +0000 Subject: [PATCH 009/101] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- branch | 1 - 3 files changed, 22 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile delete mode 100644 branch diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index f8004e4..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: volume_key -# $Id: Makefile,v 1.1 2009/07/21 15:25:19 tibbs Exp $ -NAME := volume_key -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attept a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) diff --git a/branch b/branch deleted file mode 100644 index baa94ef..0000000 --- a/branch +++ /dev/null @@ -1 +0,0 @@ -F-13 From 3895626cc2a1027b627a668f82982643d3b26830 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 29 Jul 2010 15:07:48 +0000 Subject: [PATCH 010/101] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- 2 files changed, 21 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index f8004e4..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: volume_key -# $Id: Makefile,v 1.1 2009/07/21 15:25:19 tibbs Exp $ -NAME := volume_key -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attept a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) From 62a674eb0bf22e3a75609511d8e164dd32fd9707 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Fri, 27 Aug 2010 00:42:46 +0200 Subject: [PATCH 011/101] Update to volume_key-0.3.4 --- .gitignore | 1 + sources | 2 +- volume_key-0.3.3-off_t.patch | 20 -------------------- volume_key.spec | 13 +++++-------- 4 files changed, 7 insertions(+), 29 deletions(-) delete mode 100644 volume_key-0.3.3-off_t.patch diff --git a/.gitignore b/.gitignore index 3e1711d..b241d2b 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ volume_key-0.3.3.tar.xz +/volume_key-0.3.4.tar.xz diff --git a/sources b/sources index 7222df6..f895001 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -9d2d902e9f17d5c4a0d8fe7e907660a0 volume_key-0.3.3.tar.xz +d11c119ae250b771fa24796df096ac49 volume_key-0.3.4.tar.xz diff --git a/volume_key-0.3.3-off_t.patch b/volume_key-0.3.3-off_t.patch deleted file mode 100644 index 98a84dc..0000000 --- a/volume_key-0.3.3-off_t.patch +++ /dev/null @@ -1,20 +0,0 @@ -2010-07-22 Miloslav Trmač - - * configure.ac: Use AC_SYS_LARGEFILE, required by gpgme. - -diff --git a/configure.ac b/configure.ac -index e39ce62..7d8220e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -59,6 +59,8 @@ AC_DEFINE([GETTEXT_PACKAGE], ["volume_key"], [Package name for ]) - # Checks for library functions. - - # Checks for system services. -+dnl We don't use off_t, but gpgme requires this. -+AC_SYS_LARGEFILE - - # Miscellaneous hackery. - --- -1.7.1.1 - diff --git a/volume_key.spec b/volume_key.spec index 7831bc1..e6eccf9 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -2,20 +2,16 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key -Version: 0.3.3 -Release: 4%{?dist} +Version: 0.3.4 +Release: 1%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ Requires: volume_key-libs = %{version}-%{release} Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz -# Upstream commit 6c31fc813c5329b343a44822eb04ef27f07b3367 -Patch0: volume_key-0.3.3-off_t.patch BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, gnupg BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel -# For patch0 -BuildRequires: autoconf automake gettext-autopoint libtool %description This package provides a command-line tool for manipulating storage volume @@ -77,8 +73,6 @@ for other formats is possible, some formats are planned for future releases. %prep %setup -q -%patch0 -p1 -autoreconf -fis %build %configure @@ -119,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Fri Aug 27 2010 Miloslav Trmač - 0.3.4-1 +- Update to volume_key-0.3.4 + * Mon Jul 26 2010 Miloslav Trmač - 0.3.3-4 - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild From 2e6d0e53e85a3cbdee1de854942e0a55afb0d565 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 29 Sep 2010 21:37:53 +0200 Subject: [PATCH 012/101] =?UTF-8?q?*=20Wed=20Sep=2029=202010=20Miloslav=20?= =?UTF-8?q?Trma=C4=8D=20=20-=200.3.4-2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Clarify which block device should be passed as an argument Resolves: #636541 - Recognize SSL error messages from NSS as well Resolves: #638732 --- volume_key-0.3.4-ssl-errors.patch | 460 ++++++++++++++++++++++++++++++ volume_key-0.3.4-volume-doc.patch | 64 +++++ volume_key.spec | 14 +- 3 files changed, 537 insertions(+), 1 deletion(-) create mode 100644 volume_key-0.3.4-ssl-errors.patch create mode 100644 volume_key-0.3.4-volume-doc.patch diff --git a/volume_key-0.3.4-ssl-errors.patch b/volume_key-0.3.4-ssl-errors.patch new file mode 100644 index 0000000..e15caa2 --- /dev/null +++ b/volume_key-0.3.4-ssl-errors.patch @@ -0,0 +1,460 @@ +2010-09-29 Miloslav Trmač + + * lib/SSLerrs.h: New file. + * Makefile.am (lib_libvolume_key_la_SOURCES): Add lib/SSLerrs.h. + * lib/nss_error.c (mapping): Use SSLerrs.h. + +diff --git a/Makefile.am b/Makefile.am +index 9874ff1..fc06d95 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -48,7 +48,7 @@ python/volume_key_wrap.c python/volume_key.py: python/volume_key.i + python/volume_key.py: python/volume_key_wrap.c + + ## Dependency data +-lib_libvolume_key_la_SOURCES = lib/SECerrs.h \ ++lib_libvolume_key_la_SOURCES = lib/SECerrs.h lib/SSLerrs.h \ + lib/crypto.c lib/crypto.h \ + lib/kmip.c lib/kmip.h \ + lib/libvolume_key.c lib/libvolume_key.h \ +diff --git a/lib/SSLerrs.h b/lib/SSLerrs.h +new file mode 100644 +index 0000000..4ae90f6 +--- /dev/null ++++ b/lib/SSLerrs.h +@@ -0,0 +1,407 @@ ++/* copied from nss-3.12.6/mozilla/security/nss/cmd/lib because NSS does not ++ provide any API for error number => string translation: ++ https://bugzilla.mozilla.org/show_bug.cgi?id=329017 */ ++/* ***** BEGIN LICENSE BLOCK ***** ++ * Version: MPL 1.1/GPL 2.0/LGPL 2.1 ++ * ++ * The contents of this file are subject to the Mozilla Public License Version ++ * 1.1 (the "License"); you may not use this file except in compliance with ++ * the License. You may obtain a copy of the License at ++ * http://www.mozilla.org/MPL/ ++ * ++ * Software distributed under the License is distributed on an "AS IS" basis, ++ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License ++ * for the specific language governing rights and limitations under the ++ * License. ++ * ++ * The Original Code is the Netscape security libraries. ++ * ++ * The Initial Developer of the Original Code is ++ * Netscape Communications Corporation. ++ * Portions created by the Initial Developer are Copyright (C) 1994-2000 ++ * the Initial Developer. All Rights Reserved. ++ * ++ * Contributor(s): ++ * ++ * Alternatively, the contents of this file may be used under the terms of ++ * either the GNU General Public License Version 2 or later (the "GPL"), or ++ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), ++ * in which case the provisions of the GPL or the LGPL are applicable instead ++ * of those above. If you wish to allow use of your version of this file only ++ * under the terms of either the GPL or the LGPL, and not to allow others to ++ * use your version of this file under the terms of the MPL, indicate your ++ * decision by deleting the provisions above and replace them with the notice ++ * and other provisions required by the GPL or the LGPL. If you do not delete ++ * the provisions above, a recipient may use your version of this file under ++ * the terms of any one of the MPL, the GPL or the LGPL. ++ * ++ * ***** END LICENSE BLOCK ***** */ ++ ++/* SSL-specific security error codes */ ++/* caller must include "sslerr.h" */ ++ ++ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0, ++"Unable to communicate securely. Peer does not support high-grade encryption.") ++ ++ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1, ++"Unable to communicate securely. Peer requires high-grade encryption which is not supported.") ++ ++ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2, ++"Cannot communicate securely with peer: no common encryption algorithm(s).") ++ ++ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3, ++"Unable to find the certificate or key necessary for authentication.") ++ ++ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4, ++"Unable to communicate securely with peer: peers's certificate was rejected.") ++ ++/* unused (SSL_ERROR_BASE + 5),*/ ++ ++ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6, ++"The server has encountered bad data from the client.") ++ ++ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7, ++"The client has encountered bad data from the server.") ++ ++ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8, ++"Unsupported certificate type.") ++ ++ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9, ++"Peer using unsupported version of security protocol.") ++ ++/* unused (SSL_ERROR_BASE + 10),*/ ++ ++ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11, ++"Client authentication failed: private key in key database does not match public key in certificate database.") ++ ++ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12, ++"Unable to communicate securely with peer: requested domain name does not match the server's certificate.") ++ ++/* SSL_ERROR_POST_WARNING (SSL_ERROR_BASE + 13), ++ defined in sslerr.h ++*/ ++ ++ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14), ++"Peer only supports SSL version 2, which is locally disabled.") ++ ++ ++ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15), ++"SSL received a record with an incorrect Message Authentication Code.") ++ ++ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16), ++"SSL peer reports incorrect Message Authentication Code.") ++ ++ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17), ++"SSL peer cannot verify your certificate.") ++ ++ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18), ++"SSL peer rejected your certificate as revoked.") ++ ++ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19), ++"SSL peer rejected your certificate as expired.") ++ ++ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20), ++"Cannot connect: SSL is disabled.") ++ ++ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21), ++"Cannot connect: SSL peer is in another FORTEZZA domain.") ++ ++ ++ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22), ++"An unknown SSL cipher suite has been requested.") ++ ++ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23), ++"No cipher suites are present and enabled in this program.") ++ ++ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24), ++"SSL received a record with bad block padding.") ++ ++ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25), ++"SSL received a record that exceeded the maximum permissible length.") ++ ++ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26), ++"SSL attempted to send a record that exceeded the maximum permissible length.") ++ ++/* ++ * Received a malformed (too long or short or invalid content) SSL handshake. ++ */ ++ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27), ++"SSL received a malformed Hello Request handshake message.") ++ ++ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28), ++"SSL received a malformed Client Hello handshake message.") ++ ++ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29), ++"SSL received a malformed Server Hello handshake message.") ++ ++ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30), ++"SSL received a malformed Certificate handshake message.") ++ ++ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31), ++"SSL received a malformed Server Key Exchange handshake message.") ++ ++ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32), ++"SSL received a malformed Certificate Request handshake message.") ++ ++ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33), ++"SSL received a malformed Server Hello Done handshake message.") ++ ++ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34), ++"SSL received a malformed Certificate Verify handshake message.") ++ ++ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35), ++"SSL received a malformed Client Key Exchange handshake message.") ++ ++ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36), ++"SSL received a malformed Finished handshake message.") ++ ++/* ++ * Received a malformed (too long or short) SSL record. ++ */ ++ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37), ++"SSL received a malformed Change Cipher Spec record.") ++ ++ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38), ++"SSL received a malformed Alert record.") ++ ++ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39), ++"SSL received a malformed Handshake record.") ++ ++ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40), ++"SSL received a malformed Application Data record.") ++ ++/* ++ * Received an SSL handshake that was inappropriate for the state we're in. ++ * E.g. Server received message from server, or wrong state in state machine. ++ */ ++ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41), ++"SSL received an unexpected Hello Request handshake message.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42), ++"SSL received an unexpected Client Hello handshake message.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43), ++"SSL received an unexpected Server Hello handshake message.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44), ++"SSL received an unexpected Certificate handshake message.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45), ++"SSL received an unexpected Server Key Exchange handshake message.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46), ++"SSL received an unexpected Certificate Request handshake message.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47), ++"SSL received an unexpected Server Hello Done handshake message.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48), ++"SSL received an unexpected Certificate Verify handshake message.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49), ++"SSL received an unexpected Client Key Exchange handshake message.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50), ++"SSL received an unexpected Finished handshake message.") ++ ++/* ++ * Received an SSL record that was inappropriate for the state we're in. ++ */ ++ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51), ++"SSL received an unexpected Change Cipher Spec record.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52), ++"SSL received an unexpected Alert record.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53), ++"SSL received an unexpected Handshake record.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54), ++"SSL received an unexpected Application Data record.") ++ ++/* ++ * Received record/message with unknown discriminant. ++ */ ++ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55), ++"SSL received a record with an unknown content type.") ++ ++ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56), ++"SSL received a handshake message with an unknown message type.") ++ ++ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57), ++"SSL received an alert record with an unknown alert description.") ++ ++/* ++ * Received an alert reporting what we did wrong. (more alerts above) ++ */ ++ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58), ++"SSL peer has closed this connection.") ++ ++ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59), ++"SSL peer was not expecting a handshake message it received.") ++ ++ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60), ++"SSL peer was unable to successfully decompress an SSL record it received.") ++ ++ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61), ++"SSL peer was unable to negotiate an acceptable set of security parameters.") ++ ++ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62), ++"SSL peer rejected a handshake message for unacceptable content.") ++ ++ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63), ++"SSL peer does not support certificates of the type it received.") ++ ++ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64), ++"SSL peer had some unspecified issue with the certificate it received.") ++ ++ ++ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65), ++"SSL experienced a failure of its random number generator.") ++ ++ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66), ++"Unable to digitally sign data required to verify your certificate.") ++ ++ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67), ++"SSL was unable to extract the public key from the peer's certificate.") ++ ++ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68), ++"Unspecified failure while processing SSL Server Key Exchange handshake.") ++ ++ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69), ++"Unspecified failure while processing SSL Client Key Exchange handshake.") ++ ++ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70), ++"Bulk data encryption algorithm failed in selected cipher suite.") ++ ++ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71), ++"Bulk data decryption algorithm failed in selected cipher suite.") ++ ++ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72), ++"Attempt to write encrypted data to underlying socket failed.") ++ ++ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73), ++"MD5 digest function failed.") ++ ++ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74), ++"SHA-1 digest function failed.") ++ ++ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75), ++"MAC computation failed.") ++ ++ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76), ++"Failure to create Symmetric Key context.") ++ ++ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77), ++"Failure to unwrap the Symmetric key in Client Key Exchange message.") ++ ++ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78), ++"SSL Server attempted to use domestic-grade public key with export cipher suite.") ++ ++ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79), ++"PKCS11 code failed to translate an IV into a param.") ++ ++ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80), ++"Failed to initialize the selected cipher suite.") ++ ++ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81), ++"Client failed to generate session keys for SSL session.") ++ ++ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82), ++"Server has no key for the attempted key exchange algorithm.") ++ ++ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83), ++"PKCS#11 token was inserted or removed while operation was in progress.") ++ ++ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84), ++"No PKCS#11 token could be found to do a required operation.") ++ ++ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85), ++"Cannot communicate securely with peer: no common compression algorithm(s).") ++ ++ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86), ++"Cannot initiate another SSL handshake until current handshake is complete.") ++ ++ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87), ++"Received incorrect handshakes hash values from peer.") ++ ++ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88), ++"The certificate provided cannot be used with the selected key exchange algorithm.") ++ ++ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA , (SSL_ERROR_BASE + 89), ++"No certificate authority is trusted for SSL client authentication.") ++ ++ER3(SSL_ERROR_SESSION_NOT_FOUND , (SSL_ERROR_BASE + 90), ++"Client's SSL session ID not found in server's session cache.") ++ ++ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT , (SSL_ERROR_BASE + 91), ++"Peer was unable to decrypt an SSL record it received.") ++ ++ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT , (SSL_ERROR_BASE + 92), ++"Peer received an SSL record that was longer than is permitted.") ++ ++ER3(SSL_ERROR_UNKNOWN_CA_ALERT , (SSL_ERROR_BASE + 93), ++"Peer does not recognize and trust the CA that issued your certificate.") ++ ++ER3(SSL_ERROR_ACCESS_DENIED_ALERT , (SSL_ERROR_BASE + 94), ++"Peer received a valid certificate, but access was denied.") ++ ++ER3(SSL_ERROR_DECODE_ERROR_ALERT , (SSL_ERROR_BASE + 95), ++"Peer could not decode an SSL handshake message.") ++ ++ER3(SSL_ERROR_DECRYPT_ERROR_ALERT , (SSL_ERROR_BASE + 96), ++"Peer reports failure of signature verification or key exchange.") ++ ++ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT , (SSL_ERROR_BASE + 97), ++"Peer reports negotiation not in compliance with export regulations.") ++ ++ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT , (SSL_ERROR_BASE + 98), ++"Peer reports incompatible or unsupported protocol version.") ++ ++ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99), ++"Server requires ciphers more secure than those supported by client.") ++ ++ER3(SSL_ERROR_INTERNAL_ERROR_ALERT , (SSL_ERROR_BASE + 100), ++"Peer reports it experienced an internal error.") ++ ++ER3(SSL_ERROR_USER_CANCELED_ALERT , (SSL_ERROR_BASE + 101), ++"Peer user canceled handshake.") ++ ++ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT , (SSL_ERROR_BASE + 102), ++"Peer does not permit renegotiation of SSL security parameters.") ++ ++ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED , (SSL_ERROR_BASE + 103), ++"SSL server cache not configured and not disabled for this socket.") ++ ++ER3(SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT , (SSL_ERROR_BASE + 104), ++"SSL peer does not support requested TLS hello extension.") ++ ++ER3(SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT , (SSL_ERROR_BASE + 105), ++"SSL peer could not obtain your certificate from the supplied URL.") ++ ++ER3(SSL_ERROR_UNRECOGNIZED_NAME_ALERT , (SSL_ERROR_BASE + 106), ++"SSL peer has no certificate for the requested DNS name.") ++ ++ER3(SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT , (SSL_ERROR_BASE + 107), ++"SSL peer was unable to get an OCSP response for its certificate.") ++ ++ER3(SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT , (SSL_ERROR_BASE + 108), ++"SSL peer reported bad certificate hash value.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 109), ++"SSL received an unexpected New Session Ticket handshake message.") ++ ++ER3(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 110), ++"SSL received a malformed New Session Ticket handshake message.") ++ ++ER3(SSL_ERROR_DECOMPRESSION_FAILURE, (SSL_ERROR_BASE + 111), ++"SSL received a compressed record that could not be decompressed.") ++ ++ER3(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, (SSL_ERROR_BASE + 112), ++"Renegotiation is not allowed on this SSL socket.") ++ ++ER3(SSL_ERROR_UNSAFE_NEGOTIATION, (SSL_ERROR_BASE + 113), ++"Peer attempted old style (potentially vulnerable) handshake.") ++ ++ER3(SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD, (SSL_ERROR_BASE + 114), ++"SSL received an unexpected uncompressed record.") +diff --git a/lib/nss_error.c b/lib/nss_error.c +index 211f2db..ea7f9ca 100644 +--- a/lib/nss_error.c ++++ b/lib/nss_error.c +@@ -1,6 +1,6 @@ + /* Internal (library + application) error reporting utilities. + +-Copyright (C) 2009 Red Hat, Inc. All rights reserved. ++Copyright (C) 2009, 2010 Red Hat, Inc. All rights reserved. + This copyrighted material is made available to anyone wishing to use, modify, + copy, or redistribute it subject to the terms and conditions of the GNU General + Public License v.2. +@@ -20,6 +20,7 @@ Author: Miloslav Trmač */ + #include + #include + #include ++#include + + #include "nss_error.h" + +@@ -32,6 +33,7 @@ struct mapping + static const struct mapping mapping[] = { + #define ER3(A, B, C) { (A), (C) }, + #include "SECerrs.h" ++ #include "SSLerrs.h" + #undef ER3 + }; + diff --git a/volume_key-0.3.4-volume-doc.patch b/volume_key-0.3.4-volume-doc.patch new file mode 100644 index 0000000..898d9fd --- /dev/null +++ b/volume_key-0.3.4-volume-doc.patch @@ -0,0 +1,64 @@ +2010-09-29 Miloslav Trmač + + * README + * doc/volume_key.8: Clarify which block device should be passed to + volume_key(8). + +diff --git a/README b/README +index a57bb02..ac58f51 100644 +--- a/README ++++ b/README +@@ -27,6 +27,11 @@ this: + * Run + volume_key --save /path/to/volume -o escrow-packet + You will be prompted for an escrow packet passphrase to protect the key. ++ ++ In all examples in this file, /path/to/volume is a LUKS device, not the ++ plaintext device containted within: (blkid -s TYPE /path/to/volume) should ++ report TYPE="crypto_LUKS". ++ + * Save the generated `escrow-packet' file, make sure you won't forget the + passphrase. + +@@ -87,6 +92,10 @@ Saving encryption keys + volume_key --save /path/to/volume -c /path/to/cert -o escrow-packet + where /path/to/cert points to the certificate distributed in the preparation + phase. ++ ++ In all examples in this file, /path/to/volume is a LUKS device, not the ++ plaintext device containted within: (blkid -s TYPE /path/to/volume) should ++ report TYPE="crypto_LUKS". + * Save the generated `escrow-packet' file in the prepared storage, associating + it with the system and the volume. + +diff --git a/doc/volume_key.8 b/doc/volume_key.8 +index b4a2000..be75b99 100644 +--- a/doc/volume_key.8 ++++ b/doc/volume_key.8 +@@ -16,7 +16,7 @@ + .\" Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + .\" + .\" Author: Miloslav Trmač ]) +-.TH volume_key 8 "May 2009" volume_key ++.TH volume_key 8 "Sep 2010" volume_key + + .SH NAME + volume_key \- work with volume encryption secrets and escrow packets +@@ -45,6 +45,17 @@ options. + See the OPTIONS sections for details. + + .SH OPTIONS ++ ++In all options described below, ++.I VOLUME ++is a LUKS device, ++not the plaintext device containted within: ++.RS ++.B blkid \-s TYPE ++.I VOLUME ++.RE ++should report \fBTYPE="crypto_LUKS"\fP. ++ + The following options determine the mode of operation and expected operands of + \fBvolume_key\fP: + diff --git a/volume_key.spec b/volume_key.spec index e6eccf9..9112e80 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,13 +3,17 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.4 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ Requires: volume_key-libs = %{version}-%{release} Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz +# Upstream commit 3486c1c8112bd625bfe6bde55c337c4edbd75277 +Patch0: volume_key-0.3.4-volume-doc.patch +# Upstream commit a2ab2a3546f3ee5937bb4272f4f26650f31f42bb +Patch1: volume_key-0.3.4-ssl-errors.patch BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, gnupg BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel @@ -73,6 +77,8 @@ for other formats is possible, some formats are planned for future releases. %prep %setup -q +%patch0 -p1 -b .volume-doc +%patch1 -p1 -b .ssl-errors %build %configure @@ -113,6 +119,12 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Wed Sep 29 2010 Miloslav Trmač - 0.3.4-2 +- Clarify which block device should be passed as an argument + Resolves: #636541 +- Recognize SSL error messages from NSS as well + Resolves: #638732 + * Fri Aug 27 2010 Miloslav Trmač - 0.3.4-1 - Update to volume_key-0.3.4 From f93fc197bb38db68811c410e3479694b0d027785 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Fri, 8 Oct 2010 19:30:21 +0200 Subject: [PATCH 013/101] Make it possible to interrupt password prompts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fri Oct 8 2010 Miloslav Trmač - 0.3.4-3 - Make it possible to interrupt password prompts Resolves: #641111 --- volume_key-0.3.4-getpass.patch | 161 +++++++++++++++++++++++++++++++++ volume_key.spec | 9 +- 2 files changed, 169 insertions(+), 1 deletion(-) create mode 100644 volume_key-0.3.4-getpass.patch diff --git a/volume_key-0.3.4-getpass.patch b/volume_key-0.3.4-getpass.patch new file mode 100644 index 0000000..18dd31a --- /dev/null +++ b/volume_key-0.3.4-getpass.patch @@ -0,0 +1,161 @@ +Subject: [PATCH] Don't use getpass (), it is difficult to interrupt + +2010-10-08 Miloslav Trmač + + * src/volume_key.c (get_password): New function. + (nss_password_fn, generic_ui_cb, passphrase_ui_cb): Use get_password () + instead of getpass (). + +diff --git a/src/volume_key.c b/src/volume_key.c +index abdd838..7f9f391 100644 +--- a/src/volume_key.c ++++ b/src/volume_key.c +@@ -24,6 +24,7 @@ Author: Miloslav Trmač */ + #include + #include + #include ++#include + #include + + #include +@@ -391,36 +392,93 @@ read_batch_string (void) + return res; + } + ++/* Read a password (from /dev/tty if possible). ++ Return a password for g_free (), or NULL on error. ++ Unlike getpass(), does not block SIGINT and other signals. (We rely on the ++ shell to re-enable ECHO on SIGINT.) */ ++static char * ++get_password (const char *prompt) ++{ ++ FILE *tty, *in_file, *out_file; ++ char buf[LINE_MAX], *p; ++ struct termios otermios; ++ gboolean echo_disabled; ++ ++ tty = fopen ("/dev/tty", "r+"); ++ if (tty != NULL) ++ { ++ in_file = tty; ++ out_file = tty; ++ } ++ else ++ { ++ in_file = stdin; ++ out_file = stderr; ++ } ++ ++ fputs (prompt, out_file); ++ fflush (out_file); ++ ++ if (tcgetattr (fileno (in_file), &otermios) != 0) ++ echo_disabled = FALSE; ++ else ++ { ++ struct termios ntermios; ++ ++ ntermios = otermios; ++ ntermios.c_lflag &= ~ECHO; ++ echo_disabled = tcsetattr (fileno (in_file), TCSAFLUSH, &ntermios) == 0; ++ } ++ ++ p = fgets(buf, sizeof(buf), in_file); ++ ++ if (echo_disabled) ++ { ++ (void)tcsetattr (fileno (in_file), TCSAFLUSH, &otermios); ++ putc ('\n', out_file); ++ } ++ ++ if (tty != NULL) ++ fclose (tty); ++ ++ if (p == NULL) ++ return NULL; ++ ++ p = strchr(buf, '\r'); ++ if (p != NULL) ++ *p = '\0'; ++ p = strchr(buf, '\n'); ++ if (p != NULL) ++ *p = '\0'; ++ ++ return g_strdup (buf); ++} ++ + /* A PK11_SetPaswordFunc handler */ + static char * + nss_password_fn (PK11SlotInfo *slot, PRBool retry, void *arg) + { ++ char *s, *res; ++ ++ (void)arg; + if (batch_mode == 0) + { +- char *prompt, *s; ++ char *prompt; + +- (void)arg; + if (retry) + fprintf (stderr, _("Error, try again.\n")); + prompt = g_strdup_printf (_("Enter password for `%s': "), + PK11_GetTokenName (slot)); +- s = getpass (prompt); ++ s = get_password (prompt); + g_free (prompt); +- if (s == NULL) +- return NULL; +- return PL_strdup (s); + } + else +- { +- char *s, *res; +- +- s = read_batch_string (); +- if (s == NULL) +- return NULL; +- res = PL_strdup (s); +- g_free (s); +- return res; +- } ++ s = read_batch_string (); ++ if (s == NULL) ++ return NULL; ++ res = PL_strdup (s); ++ g_free (s); ++ return res; + } + + /* A "generic" struct libvk_ui callback. */ +@@ -435,10 +493,11 @@ generic_ui_cb (void *id, const char *prompt, int echo) + char *s, *res; + + s = g_strdup_printf (_("%s: "), prompt); +- res = getpass (s); ++ res = get_password (s); + g_free (s); + if (res != NULL && res[0] != '\0') +- return g_strdup (res); ++ return res; ++ g_free (res); + return NULL; + } + else +@@ -487,10 +546,11 @@ passphrase_ui_cb (void *data, const char *prompt, unsigned failed_attempts) + return read_batch_string (); + } + s = g_strdup_printf (_("%s: "), prompt); +- res = getpass (s); ++ res = get_password (s); + g_free (s); + if (res != NULL && res[0] != '\0') +- return g_strdup (res); ++ return res; ++ g_free (res); + return NULL; + } + +-- +1.7.2.3 + diff --git a/volume_key.spec b/volume_key.spec index 9112e80..1bcb906 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.4 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -14,6 +14,8 @@ Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}. Patch0: volume_key-0.3.4-volume-doc.patch # Upstream commit a2ab2a3546f3ee5937bb4272f4f26650f31f42bb Patch1: volume_key-0.3.4-ssl-errors.patch +# Upstream commit 82f476f614ff8492231e730b6ceffaa7242481cc +Patch2: volume_key-0.3.4-getpass.patch BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, gnupg BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel @@ -79,6 +81,7 @@ for other formats is possible, some formats are planned for future releases. %setup -q %patch0 -p1 -b .volume-doc %patch1 -p1 -b .ssl-errors +%patch2 -p1 -b .getpass %build %configure @@ -119,6 +122,10 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Fri Oct 8 2010 Miloslav Trmač - 0.3.4-3 +- Make it possible to interrupt password prompts + Resolves: #641111 + * Wed Sep 29 2010 Miloslav Trmač - 0.3.4-2 - Clarify which block device should be passed as an argument Resolves: #636541 From 4886de908b384d03ae2405c97a9245831005894d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 18 Oct 2010 17:45:07 +0200 Subject: [PATCH 014/101] Two UI improvements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Mon Oct 18 2010 Miloslav Trmač - 0.3.4-4 - Tell the user if asking for the same passphrase again Resolves: #641111 - Check certificate file before interacting with the user Resolves: #643897 --- volume_key-0.3.4-cert-errors.patch | 79 ++++++++++++++++++++++++++++ volume_key-0.3.4-passphrase-ui.patch | 59 +++++++++++++++++++++ volume_key.spec | 15 +++++- 3 files changed, 152 insertions(+), 1 deletion(-) create mode 100644 volume_key-0.3.4-cert-errors.patch create mode 100644 volume_key-0.3.4-passphrase-ui.patch diff --git a/volume_key-0.3.4-cert-errors.patch b/volume_key-0.3.4-cert-errors.patch new file mode 100644 index 0000000..6bc2aa9 --- /dev/null +++ b/volume_key-0.3.4-cert-errors.patch @@ -0,0 +1,79 @@ +Subject: [PATCH] Report certificate errors sooner. + +2010-10-18 Miloslav Trmač + + * src/volume_key.c (pos_interact): Split from pos_init (). + (do_save, do_reencrypt): Call pos_init () as early as possible. Use + pos_interact () at the original location. +diff --git a/src/volume_key.c b/src/volume_key.c +index 855956f..83d9a02 100644 +--- a/src/volume_key.c ++++ b/src/volume_key.c +@@ -601,7 +601,7 @@ struct packet_output_state + char *passphrase; + }; + +-/* Init POS. ++/* Init POS, without user interaction. + Return 0 if OK, -1 on error. */ + static int + pos_init (struct packet_output_state *pos, GError **error) +@@ -635,6 +635,22 @@ pos_init (struct packet_output_state *pos, GError **error) + } + else + { ++ /* Will ask for passphrase in pos_interact */ ++ } ++ return 0; ++} ++ ++/* Interact with the user about POS. ++ Return 0 if OK, -1 on error. */ ++static int ++pos_interact (struct packet_output_state *pos, GError **error) ++{ ++ if (output_format_cleartext != 0 || output_certificate != NULL) ++ { ++ /* Nothing - pos_init () is enough. */ ++ } ++ else ++ { + char *passphrase; + unsigned failed; + +@@ -805,6 +821,9 @@ do_save (int argc, char *argv[]) + error_exit (_("Usage: %s --save VOLUME [PACKET]"), g_get_prgname ()); + + error = NULL; ++ if (pos_init (&pos, &error) != 0) ++ error_exit ("%s", error->message); ++ + v = libvk_volume_open (argv[1], &error); + if (v == NULL) + error_exit (_("Error opening `%s': %s"), argv[1], error->message); +@@ -824,7 +843,7 @@ do_save (int argc, char *argv[]) + else if (libvk_volume_get_secret (v, LIBVK_SECRET_DEFAULT, ui, &error) != 0) + error_exit (_("Error opening `%s': %s"), argv[1], error->message); + +- if (pos_init (&pos, &error) != 0 ++ if (pos_interact (&pos, &error) != 0 + || output_packet (&pos, v, ui, &error) != 0) + error_exit ("%s", error->message); + if (output_created_random_passphrase != NULL) +@@ -1007,12 +1026,15 @@ do_reencrypt (int argc, char *argv[]) + error_exit (_("Usage: %s --%s PACKET"), g_get_prgname (), "reencrypt"); + + error = NULL; ++ if (pos_init (&pos, &error) != 0) ++ error_exit ("%s", error->message); ++ + ui = create_ui (); + pack = open_packet_file (argv[1], ui, &error); + if (pack == NULL) + error_exit ("%s", error->message); + +- if (pos_init (&pos, &error) != 0 ++ if (pos_interact (&pos, &error) != 0 + || output_packet (&pos, pack, ui, &error) != 0) + error_exit ("%s", error->message); + pos_free (&pos); diff --git a/volume_key-0.3.4-passphrase-ui.patch b/volume_key-0.3.4-passphrase-ui.patch new file mode 100644 index 0000000..3ac9c7c --- /dev/null +++ b/volume_key-0.3.4-passphrase-ui.patch @@ -0,0 +1,59 @@ +Subject: [PATCH 1/2] Tell the user when a non-NSS passphrase is incorrect. + +2010-10-18 Miloslav Trmač + + * src/volume_key.c (passphrase_ui_cb): Tell the user when a non-NSS + passphrase is incorrect. +diff --git a/src/volume_key.c b/src/volume_key.c +index 7f9f391..c9c4bca 100644 +--- a/src/volume_key.c ++++ b/src/volume_key.c +@@ -545,6 +545,8 @@ passphrase_ui_cb (void *data, const char *prompt, unsigned failed_attempts) + return NULL; + return read_batch_string (); + } ++ if (failed_attempts != 0) ++ fprintf (stderr, _("Error, try again.\n")); + s = g_strdup_printf (_("%s: "), prompt); + res = get_password (s); + g_free (s); +-- + +2010-10-18 Miloslav Trmač + + * lib/volume_luks.c (luks_apply_secret) + * src/volume_key.c (pos_interact): Only tell the user about an incorrect + passphrase once. +diff --git a/lib/volume_luks.c b/lib/volume_luks.c +index 4561a43..4650464 100644 +--- a/lib/volume_luks.c ++++ b/lib/volume_luks.c +@@ -481,7 +481,9 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet, + failed, error); + if (passphrase == NULL) + goto err_prompts; +- passphrase2 = ui_get_passphrase (ui, prompt2, failed, error); ++ /* The repeated passphrase is always considered a first attempt - ++ otherwise src/volume_key.c would prepend "Error, try again". */ ++ passphrase2 = ui_get_passphrase (ui, prompt2, 0, error); + if (passphrase2 == NULL) + goto err_passphrase; + passphrase_ok = strcmp (passphrase, passphrase2) == 0; +diff --git a/src/volume_key.c b/src/volume_key.c +index c9c4bca..855956f 100644 +--- a/src/volume_key.c ++++ b/src/volume_key.c +@@ -652,9 +652,10 @@ pos_init (struct packet_output_state *pos, GError **error) + "New packet passphrase"), failed); + if (passphrase == NULL) + goto no_passphrase; ++ /* The repeated passphrase is always considered a first attempt - ++ otherwise passphrase_ui_cb would prepend "Error, try again". */ + passphrase2 = passphrase_ui_cb (NULL, +- _("Repeat new packet passphrase"), +- failed); ++ _("Repeat new packet passphrase"), 0); + if (passphrase2 == NULL) + { + memset (passphrase, 0, strlen (passphrase)); +-- diff --git a/volume_key.spec b/volume_key.spec index 1bcb906..24cc446 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.4 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -16,6 +16,11 @@ Patch0: volume_key-0.3.4-volume-doc.patch Patch1: volume_key-0.3.4-ssl-errors.patch # Upstream commit 82f476f614ff8492231e730b6ceffaa7242481cc Patch2: volume_key-0.3.4-getpass.patch +# Upstream commits b66602b8ef4e6ef8325c0b97fce821e183a2ae84, +# 1dcafdcd6f3097487b92f86e9db3e5412c266ee5 +Patch3: volume_key-0.3.4-passphrase-ui.patch +# Upstream commit 40e5330c076f9f4e149c2091900602d3de41b119 +Patch4: volume_key-0.3.4-cert-errors.patch BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, gnupg BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel @@ -82,6 +87,8 @@ for other formats is possible, some formats are planned for future releases. %patch0 -p1 -b .volume-doc %patch1 -p1 -b .ssl-errors %patch2 -p1 -b .getpass +%patch3 -p1 -b .passphrase-ui +%patch4 -p1 -b .cert-errors %build %configure @@ -122,6 +129,12 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Mon Oct 18 2010 Miloslav Trmač - 0.3.4-4 +- Tell the user if asking for the same passphrase again + Resolves: #641111 +- Check certificate file before interacting with the user + Resolves: #643897 + * Fri Oct 8 2010 Miloslav Trmač - 0.3.4-3 - Make it possible to interrupt password prompts Resolves: #641111 From 82c37079610c9f128d61e17366bb99e03b72a0c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 24 Nov 2010 16:52:33 +0100 Subject: [PATCH 015/101] Update to volume_key-0.3.5 --- .gitignore | 1 + sources | 2 +- volume_key-0.3.4-cert-errors.patch | 79 ----- volume_key-0.3.4-getpass.patch | 161 ---------- volume_key-0.3.4-passphrase-ui.patch | 59 ---- volume_key-0.3.4-ssl-errors.patch | 460 --------------------------- volume_key-0.3.4-volume-doc.patch | 64 ---- volume_key.spec | 25 +- 8 files changed, 8 insertions(+), 843 deletions(-) delete mode 100644 volume_key-0.3.4-cert-errors.patch delete mode 100644 volume_key-0.3.4-getpass.patch delete mode 100644 volume_key-0.3.4-passphrase-ui.patch delete mode 100644 volume_key-0.3.4-ssl-errors.patch delete mode 100644 volume_key-0.3.4-volume-doc.patch diff --git a/.gitignore b/.gitignore index b241d2b..9d41b4b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ volume_key-0.3.3.tar.xz /volume_key-0.3.4.tar.xz +/volume_key-0.3.5.tar.xz diff --git a/sources b/sources index f895001..05fd495 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d11c119ae250b771fa24796df096ac49 volume_key-0.3.4.tar.xz +f0f82a4ccb7b78c5ef10ca7b73ce5496 volume_key-0.3.5.tar.xz diff --git a/volume_key-0.3.4-cert-errors.patch b/volume_key-0.3.4-cert-errors.patch deleted file mode 100644 index 6bc2aa9..0000000 --- a/volume_key-0.3.4-cert-errors.patch +++ /dev/null @@ -1,79 +0,0 @@ -Subject: [PATCH] Report certificate errors sooner. - -2010-10-18 Miloslav Trmač - - * src/volume_key.c (pos_interact): Split from pos_init (). - (do_save, do_reencrypt): Call pos_init () as early as possible. Use - pos_interact () at the original location. -diff --git a/src/volume_key.c b/src/volume_key.c -index 855956f..83d9a02 100644 ---- a/src/volume_key.c -+++ b/src/volume_key.c -@@ -601,7 +601,7 @@ struct packet_output_state - char *passphrase; - }; - --/* Init POS. -+/* Init POS, without user interaction. - Return 0 if OK, -1 on error. */ - static int - pos_init (struct packet_output_state *pos, GError **error) -@@ -635,6 +635,22 @@ pos_init (struct packet_output_state *pos, GError **error) - } - else - { -+ /* Will ask for passphrase in pos_interact */ -+ } -+ return 0; -+} -+ -+/* Interact with the user about POS. -+ Return 0 if OK, -1 on error. */ -+static int -+pos_interact (struct packet_output_state *pos, GError **error) -+{ -+ if (output_format_cleartext != 0 || output_certificate != NULL) -+ { -+ /* Nothing - pos_init () is enough. */ -+ } -+ else -+ { - char *passphrase; - unsigned failed; - -@@ -805,6 +821,9 @@ do_save (int argc, char *argv[]) - error_exit (_("Usage: %s --save VOLUME [PACKET]"), g_get_prgname ()); - - error = NULL; -+ if (pos_init (&pos, &error) != 0) -+ error_exit ("%s", error->message); -+ - v = libvk_volume_open (argv[1], &error); - if (v == NULL) - error_exit (_("Error opening `%s': %s"), argv[1], error->message); -@@ -824,7 +843,7 @@ do_save (int argc, char *argv[]) - else if (libvk_volume_get_secret (v, LIBVK_SECRET_DEFAULT, ui, &error) != 0) - error_exit (_("Error opening `%s': %s"), argv[1], error->message); - -- if (pos_init (&pos, &error) != 0 -+ if (pos_interact (&pos, &error) != 0 - || output_packet (&pos, v, ui, &error) != 0) - error_exit ("%s", error->message); - if (output_created_random_passphrase != NULL) -@@ -1007,12 +1026,15 @@ do_reencrypt (int argc, char *argv[]) - error_exit (_("Usage: %s --%s PACKET"), g_get_prgname (), "reencrypt"); - - error = NULL; -+ if (pos_init (&pos, &error) != 0) -+ error_exit ("%s", error->message); -+ - ui = create_ui (); - pack = open_packet_file (argv[1], ui, &error); - if (pack == NULL) - error_exit ("%s", error->message); - -- if (pos_init (&pos, &error) != 0 -+ if (pos_interact (&pos, &error) != 0 - || output_packet (&pos, pack, ui, &error) != 0) - error_exit ("%s", error->message); - pos_free (&pos); diff --git a/volume_key-0.3.4-getpass.patch b/volume_key-0.3.4-getpass.patch deleted file mode 100644 index 18dd31a..0000000 --- a/volume_key-0.3.4-getpass.patch +++ /dev/null @@ -1,161 +0,0 @@ -Subject: [PATCH] Don't use getpass (), it is difficult to interrupt - -2010-10-08 Miloslav Trmač - - * src/volume_key.c (get_password): New function. - (nss_password_fn, generic_ui_cb, passphrase_ui_cb): Use get_password () - instead of getpass (). - -diff --git a/src/volume_key.c b/src/volume_key.c -index abdd838..7f9f391 100644 ---- a/src/volume_key.c -+++ b/src/volume_key.c -@@ -24,6 +24,7 @@ Author: Miloslav Trmač */ - #include - #include - #include -+#include - #include - - #include -@@ -391,36 +392,93 @@ read_batch_string (void) - return res; - } - -+/* Read a password (from /dev/tty if possible). -+ Return a password for g_free (), or NULL on error. -+ Unlike getpass(), does not block SIGINT and other signals. (We rely on the -+ shell to re-enable ECHO on SIGINT.) */ -+static char * -+get_password (const char *prompt) -+{ -+ FILE *tty, *in_file, *out_file; -+ char buf[LINE_MAX], *p; -+ struct termios otermios; -+ gboolean echo_disabled; -+ -+ tty = fopen ("/dev/tty", "r+"); -+ if (tty != NULL) -+ { -+ in_file = tty; -+ out_file = tty; -+ } -+ else -+ { -+ in_file = stdin; -+ out_file = stderr; -+ } -+ -+ fputs (prompt, out_file); -+ fflush (out_file); -+ -+ if (tcgetattr (fileno (in_file), &otermios) != 0) -+ echo_disabled = FALSE; -+ else -+ { -+ struct termios ntermios; -+ -+ ntermios = otermios; -+ ntermios.c_lflag &= ~ECHO; -+ echo_disabled = tcsetattr (fileno (in_file), TCSAFLUSH, &ntermios) == 0; -+ } -+ -+ p = fgets(buf, sizeof(buf), in_file); -+ -+ if (echo_disabled) -+ { -+ (void)tcsetattr (fileno (in_file), TCSAFLUSH, &otermios); -+ putc ('\n', out_file); -+ } -+ -+ if (tty != NULL) -+ fclose (tty); -+ -+ if (p == NULL) -+ return NULL; -+ -+ p = strchr(buf, '\r'); -+ if (p != NULL) -+ *p = '\0'; -+ p = strchr(buf, '\n'); -+ if (p != NULL) -+ *p = '\0'; -+ -+ return g_strdup (buf); -+} -+ - /* A PK11_SetPaswordFunc handler */ - static char * - nss_password_fn (PK11SlotInfo *slot, PRBool retry, void *arg) - { -+ char *s, *res; -+ -+ (void)arg; - if (batch_mode == 0) - { -- char *prompt, *s; -+ char *prompt; - -- (void)arg; - if (retry) - fprintf (stderr, _("Error, try again.\n")); - prompt = g_strdup_printf (_("Enter password for `%s': "), - PK11_GetTokenName (slot)); -- s = getpass (prompt); -+ s = get_password (prompt); - g_free (prompt); -- if (s == NULL) -- return NULL; -- return PL_strdup (s); - } - else -- { -- char *s, *res; -- -- s = read_batch_string (); -- if (s == NULL) -- return NULL; -- res = PL_strdup (s); -- g_free (s); -- return res; -- } -+ s = read_batch_string (); -+ if (s == NULL) -+ return NULL; -+ res = PL_strdup (s); -+ g_free (s); -+ return res; - } - - /* A "generic" struct libvk_ui callback. */ -@@ -435,10 +493,11 @@ generic_ui_cb (void *id, const char *prompt, int echo) - char *s, *res; - - s = g_strdup_printf (_("%s: "), prompt); -- res = getpass (s); -+ res = get_password (s); - g_free (s); - if (res != NULL && res[0] != '\0') -- return g_strdup (res); -+ return res; -+ g_free (res); - return NULL; - } - else -@@ -487,10 +546,11 @@ passphrase_ui_cb (void *data, const char *prompt, unsigned failed_attempts) - return read_batch_string (); - } - s = g_strdup_printf (_("%s: "), prompt); -- res = getpass (s); -+ res = get_password (s); - g_free (s); - if (res != NULL && res[0] != '\0') -- return g_strdup (res); -+ return res; -+ g_free (res); - return NULL; - } - --- -1.7.2.3 - diff --git a/volume_key-0.3.4-passphrase-ui.patch b/volume_key-0.3.4-passphrase-ui.patch deleted file mode 100644 index 3ac9c7c..0000000 --- a/volume_key-0.3.4-passphrase-ui.patch +++ /dev/null @@ -1,59 +0,0 @@ -Subject: [PATCH 1/2] Tell the user when a non-NSS passphrase is incorrect. - -2010-10-18 Miloslav Trmač - - * src/volume_key.c (passphrase_ui_cb): Tell the user when a non-NSS - passphrase is incorrect. -diff --git a/src/volume_key.c b/src/volume_key.c -index 7f9f391..c9c4bca 100644 ---- a/src/volume_key.c -+++ b/src/volume_key.c -@@ -545,6 +545,8 @@ passphrase_ui_cb (void *data, const char *prompt, unsigned failed_attempts) - return NULL; - return read_batch_string (); - } -+ if (failed_attempts != 0) -+ fprintf (stderr, _("Error, try again.\n")); - s = g_strdup_printf (_("%s: "), prompt); - res = get_password (s); - g_free (s); --- - -2010-10-18 Miloslav Trmač - - * lib/volume_luks.c (luks_apply_secret) - * src/volume_key.c (pos_interact): Only tell the user about an incorrect - passphrase once. -diff --git a/lib/volume_luks.c b/lib/volume_luks.c -index 4561a43..4650464 100644 ---- a/lib/volume_luks.c -+++ b/lib/volume_luks.c -@@ -481,7 +481,9 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet, - failed, error); - if (passphrase == NULL) - goto err_prompts; -- passphrase2 = ui_get_passphrase (ui, prompt2, failed, error); -+ /* The repeated passphrase is always considered a first attempt - -+ otherwise src/volume_key.c would prepend "Error, try again". */ -+ passphrase2 = ui_get_passphrase (ui, prompt2, 0, error); - if (passphrase2 == NULL) - goto err_passphrase; - passphrase_ok = strcmp (passphrase, passphrase2) == 0; -diff --git a/src/volume_key.c b/src/volume_key.c -index c9c4bca..855956f 100644 ---- a/src/volume_key.c -+++ b/src/volume_key.c -@@ -652,9 +652,10 @@ pos_init (struct packet_output_state *pos, GError **error) - "New packet passphrase"), failed); - if (passphrase == NULL) - goto no_passphrase; -+ /* The repeated passphrase is always considered a first attempt - -+ otherwise passphrase_ui_cb would prepend "Error, try again". */ - passphrase2 = passphrase_ui_cb (NULL, -- _("Repeat new packet passphrase"), -- failed); -+ _("Repeat new packet passphrase"), 0); - if (passphrase2 == NULL) - { - memset (passphrase, 0, strlen (passphrase)); --- diff --git a/volume_key-0.3.4-ssl-errors.patch b/volume_key-0.3.4-ssl-errors.patch deleted file mode 100644 index e15caa2..0000000 --- a/volume_key-0.3.4-ssl-errors.patch +++ /dev/null @@ -1,460 +0,0 @@ -2010-09-29 Miloslav Trmač - - * lib/SSLerrs.h: New file. - * Makefile.am (lib_libvolume_key_la_SOURCES): Add lib/SSLerrs.h. - * lib/nss_error.c (mapping): Use SSLerrs.h. - -diff --git a/Makefile.am b/Makefile.am -index 9874ff1..fc06d95 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -48,7 +48,7 @@ python/volume_key_wrap.c python/volume_key.py: python/volume_key.i - python/volume_key.py: python/volume_key_wrap.c - - ## Dependency data --lib_libvolume_key_la_SOURCES = lib/SECerrs.h \ -+lib_libvolume_key_la_SOURCES = lib/SECerrs.h lib/SSLerrs.h \ - lib/crypto.c lib/crypto.h \ - lib/kmip.c lib/kmip.h \ - lib/libvolume_key.c lib/libvolume_key.h \ -diff --git a/lib/SSLerrs.h b/lib/SSLerrs.h -new file mode 100644 -index 0000000..4ae90f6 ---- /dev/null -+++ b/lib/SSLerrs.h -@@ -0,0 +1,407 @@ -+/* copied from nss-3.12.6/mozilla/security/nss/cmd/lib because NSS does not -+ provide any API for error number => string translation: -+ https://bugzilla.mozilla.org/show_bug.cgi?id=329017 */ -+/* ***** BEGIN LICENSE BLOCK ***** -+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1 -+ * -+ * The contents of this file are subject to the Mozilla Public License Version -+ * 1.1 (the "License"); you may not use this file except in compliance with -+ * the License. You may obtain a copy of the License at -+ * http://www.mozilla.org/MPL/ -+ * -+ * Software distributed under the License is distributed on an "AS IS" basis, -+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -+ * for the specific language governing rights and limitations under the -+ * License. -+ * -+ * The Original Code is the Netscape security libraries. -+ * -+ * The Initial Developer of the Original Code is -+ * Netscape Communications Corporation. -+ * Portions created by the Initial Developer are Copyright (C) 1994-2000 -+ * the Initial Developer. All Rights Reserved. -+ * -+ * Contributor(s): -+ * -+ * Alternatively, the contents of this file may be used under the terms of -+ * either the GNU General Public License Version 2 or later (the "GPL"), or -+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -+ * in which case the provisions of the GPL or the LGPL are applicable instead -+ * of those above. If you wish to allow use of your version of this file only -+ * under the terms of either the GPL or the LGPL, and not to allow others to -+ * use your version of this file under the terms of the MPL, indicate your -+ * decision by deleting the provisions above and replace them with the notice -+ * and other provisions required by the GPL or the LGPL. If you do not delete -+ * the provisions above, a recipient may use your version of this file under -+ * the terms of any one of the MPL, the GPL or the LGPL. -+ * -+ * ***** END LICENSE BLOCK ***** */ -+ -+/* SSL-specific security error codes */ -+/* caller must include "sslerr.h" */ -+ -+ER3(SSL_ERROR_EXPORT_ONLY_SERVER, SSL_ERROR_BASE + 0, -+"Unable to communicate securely. Peer does not support high-grade encryption.") -+ -+ER3(SSL_ERROR_US_ONLY_SERVER, SSL_ERROR_BASE + 1, -+"Unable to communicate securely. Peer requires high-grade encryption which is not supported.") -+ -+ER3(SSL_ERROR_NO_CYPHER_OVERLAP, SSL_ERROR_BASE + 2, -+"Cannot communicate securely with peer: no common encryption algorithm(s).") -+ -+ER3(SSL_ERROR_NO_CERTIFICATE, SSL_ERROR_BASE + 3, -+"Unable to find the certificate or key necessary for authentication.") -+ -+ER3(SSL_ERROR_BAD_CERTIFICATE, SSL_ERROR_BASE + 4, -+"Unable to communicate securely with peer: peers's certificate was rejected.") -+ -+/* unused (SSL_ERROR_BASE + 5),*/ -+ -+ER3(SSL_ERROR_BAD_CLIENT, SSL_ERROR_BASE + 6, -+"The server has encountered bad data from the client.") -+ -+ER3(SSL_ERROR_BAD_SERVER, SSL_ERROR_BASE + 7, -+"The client has encountered bad data from the server.") -+ -+ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE, SSL_ERROR_BASE + 8, -+"Unsupported certificate type.") -+ -+ER3(SSL_ERROR_UNSUPPORTED_VERSION, SSL_ERROR_BASE + 9, -+"Peer using unsupported version of security protocol.") -+ -+/* unused (SSL_ERROR_BASE + 10),*/ -+ -+ER3(SSL_ERROR_WRONG_CERTIFICATE, SSL_ERROR_BASE + 11, -+"Client authentication failed: private key in key database does not match public key in certificate database.") -+ -+ER3(SSL_ERROR_BAD_CERT_DOMAIN, SSL_ERROR_BASE + 12, -+"Unable to communicate securely with peer: requested domain name does not match the server's certificate.") -+ -+/* SSL_ERROR_POST_WARNING (SSL_ERROR_BASE + 13), -+ defined in sslerr.h -+*/ -+ -+ER3(SSL_ERROR_SSL2_DISABLED, (SSL_ERROR_BASE + 14), -+"Peer only supports SSL version 2, which is locally disabled.") -+ -+ -+ER3(SSL_ERROR_BAD_MAC_READ, (SSL_ERROR_BASE + 15), -+"SSL received a record with an incorrect Message Authentication Code.") -+ -+ER3(SSL_ERROR_BAD_MAC_ALERT, (SSL_ERROR_BASE + 16), -+"SSL peer reports incorrect Message Authentication Code.") -+ -+ER3(SSL_ERROR_BAD_CERT_ALERT, (SSL_ERROR_BASE + 17), -+"SSL peer cannot verify your certificate.") -+ -+ER3(SSL_ERROR_REVOKED_CERT_ALERT, (SSL_ERROR_BASE + 18), -+"SSL peer rejected your certificate as revoked.") -+ -+ER3(SSL_ERROR_EXPIRED_CERT_ALERT, (SSL_ERROR_BASE + 19), -+"SSL peer rejected your certificate as expired.") -+ -+ER3(SSL_ERROR_SSL_DISABLED, (SSL_ERROR_BASE + 20), -+"Cannot connect: SSL is disabled.") -+ -+ER3(SSL_ERROR_FORTEZZA_PQG, (SSL_ERROR_BASE + 21), -+"Cannot connect: SSL peer is in another FORTEZZA domain.") -+ -+ -+ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE , (SSL_ERROR_BASE + 22), -+"An unknown SSL cipher suite has been requested.") -+ -+ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED , (SSL_ERROR_BASE + 23), -+"No cipher suites are present and enabled in this program.") -+ -+ER3(SSL_ERROR_BAD_BLOCK_PADDING , (SSL_ERROR_BASE + 24), -+"SSL received a record with bad block padding.") -+ -+ER3(SSL_ERROR_RX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 25), -+"SSL received a record that exceeded the maximum permissible length.") -+ -+ER3(SSL_ERROR_TX_RECORD_TOO_LONG , (SSL_ERROR_BASE + 26), -+"SSL attempted to send a record that exceeded the maximum permissible length.") -+ -+/* -+ * Received a malformed (too long or short or invalid content) SSL handshake. -+ */ -+ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST , (SSL_ERROR_BASE + 27), -+"SSL received a malformed Hello Request handshake message.") -+ -+ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO , (SSL_ERROR_BASE + 28), -+"SSL received a malformed Client Hello handshake message.") -+ -+ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO , (SSL_ERROR_BASE + 29), -+"SSL received a malformed Server Hello handshake message.") -+ -+ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE , (SSL_ERROR_BASE + 30), -+"SSL received a malformed Certificate handshake message.") -+ -+ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 31), -+"SSL received a malformed Server Key Exchange handshake message.") -+ -+ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST , (SSL_ERROR_BASE + 32), -+"SSL received a malformed Certificate Request handshake message.") -+ -+ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE , (SSL_ERROR_BASE + 33), -+"SSL received a malformed Server Hello Done handshake message.") -+ -+ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY , (SSL_ERROR_BASE + 34), -+"SSL received a malformed Certificate Verify handshake message.") -+ -+ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 35), -+"SSL received a malformed Client Key Exchange handshake message.") -+ -+ER3(SSL_ERROR_RX_MALFORMED_FINISHED , (SSL_ERROR_BASE + 36), -+"SSL received a malformed Finished handshake message.") -+ -+/* -+ * Received a malformed (too long or short) SSL record. -+ */ -+ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER , (SSL_ERROR_BASE + 37), -+"SSL received a malformed Change Cipher Spec record.") -+ -+ER3(SSL_ERROR_RX_MALFORMED_ALERT , (SSL_ERROR_BASE + 38), -+"SSL received a malformed Alert record.") -+ -+ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE , (SSL_ERROR_BASE + 39), -+"SSL received a malformed Handshake record.") -+ -+ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40), -+"SSL received a malformed Application Data record.") -+ -+/* -+ * Received an SSL handshake that was inappropriate for the state we're in. -+ * E.g. Server received message from server, or wrong state in state machine. -+ */ -+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST , (SSL_ERROR_BASE + 41), -+"SSL received an unexpected Hello Request handshake message.") -+ -+ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO , (SSL_ERROR_BASE + 42), -+"SSL received an unexpected Client Hello handshake message.") -+ -+ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO , (SSL_ERROR_BASE + 43), -+"SSL received an unexpected Server Hello handshake message.") -+ -+ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE , (SSL_ERROR_BASE + 44), -+"SSL received an unexpected Certificate handshake message.") -+ -+ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45), -+"SSL received an unexpected Server Key Exchange handshake message.") -+ -+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST , (SSL_ERROR_BASE + 46), -+"SSL received an unexpected Certificate Request handshake message.") -+ -+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE , (SSL_ERROR_BASE + 47), -+"SSL received an unexpected Server Hello Done handshake message.") -+ -+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY , (SSL_ERROR_BASE + 48), -+"SSL received an unexpected Certificate Verify handshake message.") -+ -+ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49), -+"SSL received an unexpected Client Key Exchange handshake message.") -+ -+ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED , (SSL_ERROR_BASE + 50), -+"SSL received an unexpected Finished handshake message.") -+ -+/* -+ * Received an SSL record that was inappropriate for the state we're in. -+ */ -+ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER , (SSL_ERROR_BASE + 51), -+"SSL received an unexpected Change Cipher Spec record.") -+ -+ER3(SSL_ERROR_RX_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 52), -+"SSL received an unexpected Alert record.") -+ -+ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE , (SSL_ERROR_BASE + 53), -+"SSL received an unexpected Handshake record.") -+ -+ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54), -+"SSL received an unexpected Application Data record.") -+ -+/* -+ * Received record/message with unknown discriminant. -+ */ -+ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE , (SSL_ERROR_BASE + 55), -+"SSL received a record with an unknown content type.") -+ -+ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE , (SSL_ERROR_BASE + 56), -+"SSL received a handshake message with an unknown message type.") -+ -+ER3(SSL_ERROR_RX_UNKNOWN_ALERT , (SSL_ERROR_BASE + 57), -+"SSL received an alert record with an unknown alert description.") -+ -+/* -+ * Received an alert reporting what we did wrong. (more alerts above) -+ */ -+ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT , (SSL_ERROR_BASE + 58), -+"SSL peer has closed this connection.") -+ -+ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT , (SSL_ERROR_BASE + 59), -+"SSL peer was not expecting a handshake message it received.") -+ -+ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT , (SSL_ERROR_BASE + 60), -+"SSL peer was unable to successfully decompress an SSL record it received.") -+ -+ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT , (SSL_ERROR_BASE + 61), -+"SSL peer was unable to negotiate an acceptable set of security parameters.") -+ -+ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT , (SSL_ERROR_BASE + 62), -+"SSL peer rejected a handshake message for unacceptable content.") -+ -+ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT , (SSL_ERROR_BASE + 63), -+"SSL peer does not support certificates of the type it received.") -+ -+ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT , (SSL_ERROR_BASE + 64), -+"SSL peer had some unspecified issue with the certificate it received.") -+ -+ -+ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE , (SSL_ERROR_BASE + 65), -+"SSL experienced a failure of its random number generator.") -+ -+ER3(SSL_ERROR_SIGN_HASHES_FAILURE , (SSL_ERROR_BASE + 66), -+"Unable to digitally sign data required to verify your certificate.") -+ -+ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE , (SSL_ERROR_BASE + 67), -+"SSL was unable to extract the public key from the peer's certificate.") -+ -+ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 68), -+"Unspecified failure while processing SSL Server Key Exchange handshake.") -+ -+ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE , (SSL_ERROR_BASE + 69), -+"Unspecified failure while processing SSL Client Key Exchange handshake.") -+ -+ER3(SSL_ERROR_ENCRYPTION_FAILURE , (SSL_ERROR_BASE + 70), -+"Bulk data encryption algorithm failed in selected cipher suite.") -+ -+ER3(SSL_ERROR_DECRYPTION_FAILURE , (SSL_ERROR_BASE + 71), -+"Bulk data decryption algorithm failed in selected cipher suite.") -+ -+ER3(SSL_ERROR_SOCKET_WRITE_FAILURE , (SSL_ERROR_BASE + 72), -+"Attempt to write encrypted data to underlying socket failed.") -+ -+ER3(SSL_ERROR_MD5_DIGEST_FAILURE , (SSL_ERROR_BASE + 73), -+"MD5 digest function failed.") -+ -+ER3(SSL_ERROR_SHA_DIGEST_FAILURE , (SSL_ERROR_BASE + 74), -+"SHA-1 digest function failed.") -+ -+ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE , (SSL_ERROR_BASE + 75), -+"MAC computation failed.") -+ -+ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE , (SSL_ERROR_BASE + 76), -+"Failure to create Symmetric Key context.") -+ -+ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE , (SSL_ERROR_BASE + 77), -+"Failure to unwrap the Symmetric key in Client Key Exchange message.") -+ -+ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED , (SSL_ERROR_BASE + 78), -+"SSL Server attempted to use domestic-grade public key with export cipher suite.") -+ -+ER3(SSL_ERROR_IV_PARAM_FAILURE , (SSL_ERROR_BASE + 79), -+"PKCS11 code failed to translate an IV into a param.") -+ -+ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE , (SSL_ERROR_BASE + 80), -+"Failed to initialize the selected cipher suite.") -+ -+ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE , (SSL_ERROR_BASE + 81), -+"Client failed to generate session keys for SSL session.") -+ -+ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG , (SSL_ERROR_BASE + 82), -+"Server has no key for the attempted key exchange algorithm.") -+ -+ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL , (SSL_ERROR_BASE + 83), -+"PKCS#11 token was inserted or removed while operation was in progress.") -+ -+ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND , (SSL_ERROR_BASE + 84), -+"No PKCS#11 token could be found to do a required operation.") -+ -+ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP , (SSL_ERROR_BASE + 85), -+"Cannot communicate securely with peer: no common compression algorithm(s).") -+ -+ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED , (SSL_ERROR_BASE + 86), -+"Cannot initiate another SSL handshake until current handshake is complete.") -+ -+ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE , (SSL_ERROR_BASE + 87), -+"Received incorrect handshakes hash values from peer.") -+ -+ER3(SSL_ERROR_CERT_KEA_MISMATCH , (SSL_ERROR_BASE + 88), -+"The certificate provided cannot be used with the selected key exchange algorithm.") -+ -+ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA , (SSL_ERROR_BASE + 89), -+"No certificate authority is trusted for SSL client authentication.") -+ -+ER3(SSL_ERROR_SESSION_NOT_FOUND , (SSL_ERROR_BASE + 90), -+"Client's SSL session ID not found in server's session cache.") -+ -+ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT , (SSL_ERROR_BASE + 91), -+"Peer was unable to decrypt an SSL record it received.") -+ -+ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT , (SSL_ERROR_BASE + 92), -+"Peer received an SSL record that was longer than is permitted.") -+ -+ER3(SSL_ERROR_UNKNOWN_CA_ALERT , (SSL_ERROR_BASE + 93), -+"Peer does not recognize and trust the CA that issued your certificate.") -+ -+ER3(SSL_ERROR_ACCESS_DENIED_ALERT , (SSL_ERROR_BASE + 94), -+"Peer received a valid certificate, but access was denied.") -+ -+ER3(SSL_ERROR_DECODE_ERROR_ALERT , (SSL_ERROR_BASE + 95), -+"Peer could not decode an SSL handshake message.") -+ -+ER3(SSL_ERROR_DECRYPT_ERROR_ALERT , (SSL_ERROR_BASE + 96), -+"Peer reports failure of signature verification or key exchange.") -+ -+ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT , (SSL_ERROR_BASE + 97), -+"Peer reports negotiation not in compliance with export regulations.") -+ -+ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT , (SSL_ERROR_BASE + 98), -+"Peer reports incompatible or unsupported protocol version.") -+ -+ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99), -+"Server requires ciphers more secure than those supported by client.") -+ -+ER3(SSL_ERROR_INTERNAL_ERROR_ALERT , (SSL_ERROR_BASE + 100), -+"Peer reports it experienced an internal error.") -+ -+ER3(SSL_ERROR_USER_CANCELED_ALERT , (SSL_ERROR_BASE + 101), -+"Peer user canceled handshake.") -+ -+ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT , (SSL_ERROR_BASE + 102), -+"Peer does not permit renegotiation of SSL security parameters.") -+ -+ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED , (SSL_ERROR_BASE + 103), -+"SSL server cache not configured and not disabled for this socket.") -+ -+ER3(SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT , (SSL_ERROR_BASE + 104), -+"SSL peer does not support requested TLS hello extension.") -+ -+ER3(SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT , (SSL_ERROR_BASE + 105), -+"SSL peer could not obtain your certificate from the supplied URL.") -+ -+ER3(SSL_ERROR_UNRECOGNIZED_NAME_ALERT , (SSL_ERROR_BASE + 106), -+"SSL peer has no certificate for the requested DNS name.") -+ -+ER3(SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT , (SSL_ERROR_BASE + 107), -+"SSL peer was unable to get an OCSP response for its certificate.") -+ -+ER3(SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT , (SSL_ERROR_BASE + 108), -+"SSL peer reported bad certificate hash value.") -+ -+ER3(SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 109), -+"SSL received an unexpected New Session Ticket handshake message.") -+ -+ER3(SSL_ERROR_RX_MALFORMED_NEW_SESSION_TICKET, (SSL_ERROR_BASE + 110), -+"SSL received a malformed New Session Ticket handshake message.") -+ -+ER3(SSL_ERROR_DECOMPRESSION_FAILURE, (SSL_ERROR_BASE + 111), -+"SSL received a compressed record that could not be decompressed.") -+ -+ER3(SSL_ERROR_RENEGOTIATION_NOT_ALLOWED, (SSL_ERROR_BASE + 112), -+"Renegotiation is not allowed on this SSL socket.") -+ -+ER3(SSL_ERROR_UNSAFE_NEGOTIATION, (SSL_ERROR_BASE + 113), -+"Peer attempted old style (potentially vulnerable) handshake.") -+ -+ER3(SSL_ERROR_RX_UNEXPECTED_UNCOMPRESSED_RECORD, (SSL_ERROR_BASE + 114), -+"SSL received an unexpected uncompressed record.") -diff --git a/lib/nss_error.c b/lib/nss_error.c -index 211f2db..ea7f9ca 100644 ---- a/lib/nss_error.c -+++ b/lib/nss_error.c -@@ -1,6 +1,6 @@ - /* Internal (library + application) error reporting utilities. - --Copyright (C) 2009 Red Hat, Inc. All rights reserved. -+Copyright (C) 2009, 2010 Red Hat, Inc. All rights reserved. - This copyrighted material is made available to anyone wishing to use, modify, - copy, or redistribute it subject to the terms and conditions of the GNU General - Public License v.2. -@@ -20,6 +20,7 @@ Author: Miloslav Trmač */ - #include - #include - #include -+#include - - #include "nss_error.h" - -@@ -32,6 +33,7 @@ struct mapping - static const struct mapping mapping[] = { - #define ER3(A, B, C) { (A), (C) }, - #include "SECerrs.h" -+ #include "SSLerrs.h" - #undef ER3 - }; - diff --git a/volume_key-0.3.4-volume-doc.patch b/volume_key-0.3.4-volume-doc.patch deleted file mode 100644 index 898d9fd..0000000 --- a/volume_key-0.3.4-volume-doc.patch +++ /dev/null @@ -1,64 +0,0 @@ -2010-09-29 Miloslav Trmač - - * README - * doc/volume_key.8: Clarify which block device should be passed to - volume_key(8). - -diff --git a/README b/README -index a57bb02..ac58f51 100644 ---- a/README -+++ b/README -@@ -27,6 +27,11 @@ this: - * Run - volume_key --save /path/to/volume -o escrow-packet - You will be prompted for an escrow packet passphrase to protect the key. -+ -+ In all examples in this file, /path/to/volume is a LUKS device, not the -+ plaintext device containted within: (blkid -s TYPE /path/to/volume) should -+ report TYPE="crypto_LUKS". -+ - * Save the generated `escrow-packet' file, make sure you won't forget the - passphrase. - -@@ -87,6 +92,10 @@ Saving encryption keys - volume_key --save /path/to/volume -c /path/to/cert -o escrow-packet - where /path/to/cert points to the certificate distributed in the preparation - phase. -+ -+ In all examples in this file, /path/to/volume is a LUKS device, not the -+ plaintext device containted within: (blkid -s TYPE /path/to/volume) should -+ report TYPE="crypto_LUKS". - * Save the generated `escrow-packet' file in the prepared storage, associating - it with the system and the volume. - -diff --git a/doc/volume_key.8 b/doc/volume_key.8 -index b4a2000..be75b99 100644 ---- a/doc/volume_key.8 -+++ b/doc/volume_key.8 -@@ -16,7 +16,7 @@ - .\" Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - .\" - .\" Author: Miloslav Trmač ]) --.TH volume_key 8 "May 2009" volume_key -+.TH volume_key 8 "Sep 2010" volume_key - - .SH NAME - volume_key \- work with volume encryption secrets and escrow packets -@@ -45,6 +45,17 @@ options. - See the OPTIONS sections for details. - - .SH OPTIONS -+ -+In all options described below, -+.I VOLUME -+is a LUKS device, -+not the plaintext device containted within: -+.RS -+.B blkid \-s TYPE -+.I VOLUME -+.RE -+should report \fBTYPE="crypto_LUKS"\fP. -+ - The following options determine the mode of operation and expected operands of - \fBvolume_key\fP: - diff --git a/volume_key.spec b/volume_key.spec index 24cc446..e70dc6b 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -2,25 +2,14 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key -Version: 0.3.4 -Release: 4%{?dist} +Version: 0.3.5 +Release: 1%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ Requires: volume_key-libs = %{version}-%{release} Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz -# Upstream commit 3486c1c8112bd625bfe6bde55c337c4edbd75277 -Patch0: volume_key-0.3.4-volume-doc.patch -# Upstream commit a2ab2a3546f3ee5937bb4272f4f26650f31f42bb -Patch1: volume_key-0.3.4-ssl-errors.patch -# Upstream commit 82f476f614ff8492231e730b6ceffaa7242481cc -Patch2: volume_key-0.3.4-getpass.patch -# Upstream commits b66602b8ef4e6ef8325c0b97fce821e183a2ae84, -# 1dcafdcd6f3097487b92f86e9db3e5412c266ee5 -Patch3: volume_key-0.3.4-passphrase-ui.patch -# Upstream commit 40e5330c076f9f4e149c2091900602d3de41b119 -Patch4: volume_key-0.3.4-cert-errors.patch BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, gnupg BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel @@ -84,11 +73,6 @@ for other formats is possible, some formats are planned for future releases. %prep %setup -q -%patch0 -p1 -b .volume-doc -%patch1 -p1 -b .ssl-errors -%patch2 -p1 -b .getpass -%patch3 -p1 -b .passphrase-ui -%patch4 -p1 -b .cert-errors %build %configure @@ -107,7 +91,7 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) -%doc README +%doc README contrib %{_bindir}/volume_key %{_mandir}/man8/volume_key.8* @@ -129,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Wed Nov 24 2010 Miloslav Trmač - 0.3.5-1 +- Update to volume_key-0.3.5 + * Mon Oct 18 2010 Miloslav Trmač - 0.3.4-4 - Tell the user if asking for the same passphrase again Resolves: #641111 From 6c38de155740825158206372903dcf252e047884 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Fri, 4 Feb 2011 23:33:23 +0100 Subject: [PATCH 016/101] Use %%{?_isa} in Requires: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fri Feb 4 2011 Miloslav Trmač - 0.3.5-2 - Use %%{?_isa} in Requires: --- volume_key.spec | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/volume_key.spec b/volume_key.spec index e70dc6b..aedf4f3 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,11 +3,11 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.5 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ -Requires: volume_key-libs = %{version}-%{release} +Requires: volume_key-libs%{?_isa} = %{version}-%{release} Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, gnupg @@ -26,7 +26,7 @@ company data after an employee leaves abruptly. %package devel Summary: A library for manipulating storage encryption keys and passphrases Group: Development/Libraries -Requires: volume_key-libs = %{version}-%{release} +Requires: volume_key-libs%{?_isa} = %{version}-%{release} %description devel This package provides libvolume_key, a library for manipulating storage volume @@ -55,7 +55,7 @@ company data after an employee leaves abruptly. %package -n python-volume_key Summary: Python bindings for libvolume_key Group: System Environment/Libraries -Requires: volume_key-libs = %{version}-%{release} +Requires: volume_key-libs%{?_isa} = %{version}-%{release} %description -n python-volume_key This package provides Python bindings for libvolume_key, a library for @@ -113,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Fri Feb 4 2011 Miloslav Trmač - 0.3.5-2 +- Use %%{?_isa} in Requires: + * Wed Nov 24 2010 Miloslav Trmač - 0.3.5-1 - Update to volume_key-0.3.5 From 312c50a77bd8ac2caaaf2b316ac829215ef5ab55 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Mon, 7 Feb 2011 19:47:12 -0600 Subject: [PATCH 017/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index aedf4f3..74f2737 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.5 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -113,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Mon Feb 07 2011 Fedora Release Engineering - 0.3.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + * Fri Feb 4 2011 Miloslav Trmač - 0.3.5-2 - Use %%{?_isa} in Requires: From 020f1c3fa63c020cb7e4a2cdeaf44aee8e0eecbe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 31 Mar 2011 23:50:17 +0200 Subject: [PATCH 018/101] Update to volume_key-0.3.6 --- .gitignore | 1 + sources | 2 +- volume_key.spec | 7 +++++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 9d41b4b..d63ee25 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ volume_key-0.3.3.tar.xz /volume_key-0.3.4.tar.xz /volume_key-0.3.5.tar.xz +/volume_key-0.3.6.tar.xz diff --git a/sources b/sources index 05fd495..e8b031e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f0f82a4ccb7b78c5ef10ca7b73ce5496 volume_key-0.3.5.tar.xz +117e1762f0fe7761d7eb52271f7d69e3 volume_key-0.3.6.tar.xz diff --git a/volume_key.spec b/volume_key.spec index 74f2737..5cc6b08 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -2,8 +2,8 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key -Version: 0.3.5 -Release: 3%{?dist} +Version: 0.3.6 +Release: 1%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -113,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Thu Mar 31 2011 Miloslav Trmač - 0.3.6-1 +- Update to volume_key-0.3.6 + * Mon Feb 07 2011 Fedora Release Engineering - 0.3.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild From 6de3b0c1174a709a234f7bf64805c927f3559379 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Fri, 10 Jun 2011 19:49:39 +0200 Subject: [PATCH 019/101] Fix a typo --- volume_key-0.3.6-typo.patch | 56 +++++++++++++++++++++++++++++++++++++ volume_key.spec | 9 +++++- 2 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 volume_key-0.3.6-typo.patch diff --git a/volume_key-0.3.6-typo.patch b/volume_key-0.3.6-typo.patch new file mode 100644 index 0000000..cd208e5 --- /dev/null +++ b/volume_key-0.3.6-typo.patch @@ -0,0 +1,56 @@ +From 9ac4d71ba39c0056cfe5130c70e86325b756e8c2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= +Date: Fri, 10 Jun 2011 19:27:56 +0200 +Subject: [PATCH] Fix a typo in volume_key.8 + +--- + ChangeLog | 5 +++++ + doc/volume_key.8 | 6 +++--- + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index d4c0813..7570b3b 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,8 @@ ++2011-06-10 Miloslav Trmač ++ ++ * doc/volume_key.8: Fix a typo reported by Jacquelynn East ++ . ++ + 2011-03-31 Miloslav Trmač + + * configure.ac: Release 0.3.6. +diff --git a/doc/volume_key.8 b/doc/volume_key.8 +index be75b99..38052e6 100644 +--- a/doc/volume_key.8 ++++ b/doc/volume_key.8 +@@ -1,6 +1,6 @@ + .\" A man page for volume_key(8). + .\" +-.\" Copyright (C) 2009, 2010 Red Hat, Inc. All rights reserved. ++.\" Copyright (C) 2009, 2010, 2011 Red Hat, Inc. All rights reserved. + .\" + .\" This copyrighted material is made available to anyone wishing to use, + .\" modify, copy, or redistribute it subject to the terms and conditions of the +@@ -16,7 +16,7 @@ + .\" Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + .\" + .\" Author: Miloslav Trmač ]) +-.TH volume_key 8 "Sep 2010" volume_key ++.TH volume_key 8 "Jun 2011" volume_key + + .SH NAME + volume_key \- work with volume encryption secrets and escrow packets +@@ -254,7 +254,7 @@ and + outside of the computer. + + If the user forgets a passphrase, +-and the you can access the computer, ++and you can access the computer, + decrypt + .I PACKET_DEFAULT + using the certificate private key +-- +1.7.5.2 + diff --git a/volume_key.spec b/volume_key.spec index 5cc6b08..446df44 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,13 +3,15 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.6 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ Requires: volume_key-libs%{?_isa} = %{version}-%{release} Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz +# Upstream commit 9ac4d71ba39c0056cfe5130c70e86325b756e8c2 +Patch0: volume_key-0.3.6-typo.patch BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, gnupg BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel @@ -73,6 +75,7 @@ for other formats is possible, some formats are planned for future releases. %prep %setup -q +%patch0 -p1 -b .typo %build %configure @@ -113,6 +116,10 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Fri Jun 10 2011 Miloslav Trmač - 0.3.6-2 +- Fix a typo + Resolves: #712256 + * Thu Mar 31 2011 Miloslav Trmač - 0.3.6-1 - Update to volume_key-0.3.6 From 91a56fa56e0a171161fa16f934566c3586ec0be6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 24 Aug 2011 21:59:42 +0200 Subject: [PATCH 020/101] Update to volume_key-0.3.7 --- .gitignore | 1 + sources | 2 +- volume_key-0.3.6-typo.patch | 56 ------------------------------------- volume_key.spec | 10 +++---- 4 files changed, 7 insertions(+), 62 deletions(-) delete mode 100644 volume_key-0.3.6-typo.patch diff --git a/.gitignore b/.gitignore index d63ee25..09fe7c0 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ volume_key-0.3.3.tar.xz /volume_key-0.3.4.tar.xz /volume_key-0.3.5.tar.xz /volume_key-0.3.6.tar.xz +/volume_key-0.3.7.tar.xz diff --git a/sources b/sources index e8b031e..f21958a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -117e1762f0fe7761d7eb52271f7d69e3 volume_key-0.3.6.tar.xz +f21b09c67fcaa7be19771d3d3d34a2d7 volume_key-0.3.7.tar.xz diff --git a/volume_key-0.3.6-typo.patch b/volume_key-0.3.6-typo.patch deleted file mode 100644 index cd208e5..0000000 --- a/volume_key-0.3.6-typo.patch +++ /dev/null @@ -1,56 +0,0 @@ -From 9ac4d71ba39c0056cfe5130c70e86325b756e8c2 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= -Date: Fri, 10 Jun 2011 19:27:56 +0200 -Subject: [PATCH] Fix a typo in volume_key.8 - ---- - ChangeLog | 5 +++++ - doc/volume_key.8 | 6 +++--- - 2 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/ChangeLog b/ChangeLog -index d4c0813..7570b3b 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,3 +1,8 @@ -+2011-06-10 Miloslav Trmač -+ -+ * doc/volume_key.8: Fix a typo reported by Jacquelynn East -+ . -+ - 2011-03-31 Miloslav Trmač - - * configure.ac: Release 0.3.6. -diff --git a/doc/volume_key.8 b/doc/volume_key.8 -index be75b99..38052e6 100644 ---- a/doc/volume_key.8 -+++ b/doc/volume_key.8 -@@ -1,6 +1,6 @@ - .\" A man page for volume_key(8). - .\" --.\" Copyright (C) 2009, 2010 Red Hat, Inc. All rights reserved. -+.\" Copyright (C) 2009, 2010, 2011 Red Hat, Inc. All rights reserved. - .\" - .\" This copyrighted material is made available to anyone wishing to use, - .\" modify, copy, or redistribute it subject to the terms and conditions of the -@@ -16,7 +16,7 @@ - .\" Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - .\" - .\" Author: Miloslav Trmač ]) --.TH volume_key 8 "Sep 2010" volume_key -+.TH volume_key 8 "Jun 2011" volume_key - - .SH NAME - volume_key \- work with volume encryption secrets and escrow packets -@@ -254,7 +254,7 @@ and - outside of the computer. - - If the user forgets a passphrase, --and the you can access the computer, -+and you can access the computer, - decrypt - .I PACKET_DEFAULT - using the certificate private key --- -1.7.5.2 - diff --git a/volume_key.spec b/volume_key.spec index 446df44..5badc71 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -2,16 +2,14 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key -Version: 0.3.6 -Release: 2%{?dist} +Version: 0.3.7 +Release: 1%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ Requires: volume_key-libs%{?_isa} = %{version}-%{release} Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz -# Upstream commit 9ac4d71ba39c0056cfe5130c70e86325b756e8c2 -Patch0: volume_key-0.3.6-typo.patch BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, gnupg BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel @@ -75,7 +73,6 @@ for other formats is possible, some formats are planned for future releases. %prep %setup -q -%patch0 -p1 -b .typo %build %configure @@ -116,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Wed Aug 24 2011 Miloslav Trmač - 0.3.7-1 +- Update to volume_key-0.3.7 + * Fri Jun 10 2011 Miloslav Trmač - 0.3.6-2 - Fix a typo Resolves: #712256 From db21301720d364b7540c5c0abb15b94d3f14000a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Fri, 14 Oct 2011 15:33:33 +0200 Subject: [PATCH 021/101] Rebuild with newer libcryptsetup --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 5badc71..efa1a05 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.7 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -113,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Fri Oct 14 2011 Miloslav Trmač - 0.3.7-2 +- Rebuild with newer libcryptsetup + * Wed Aug 24 2011 Miloslav Trmač - 0.3.7-1 - Update to volume_key-0.3.7 From 60cc6e0e997a59ecea1141fceb1cc0ac1e17c609 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Sat, 14 Jan 2012 02:03:01 -0600 Subject: [PATCH 022/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index efa1a05..4413ab6 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.7 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -113,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Sat Jan 14 2012 Fedora Release Engineering - 0.3.7-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + * Fri Oct 14 2011 Miloslav Trmač - 0.3.7-2 - Rebuild with newer libcryptsetup From d367a1f5c634b2218d985951b05af76260551cf2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Sat, 3 Mar 2012 07:53:01 +0100 Subject: [PATCH 023/101] Update to volume_key-0.3.8 --- .gitignore | 1 + sources | 2 +- volume_key.spec | 7 +++++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 09fe7c0..907b16a 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ volume_key-0.3.3.tar.xz /volume_key-0.3.5.tar.xz /volume_key-0.3.6.tar.xz /volume_key-0.3.7.tar.xz +/volume_key-0.3.8.tar.xz diff --git a/sources b/sources index f21958a..af8b030 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f21b09c67fcaa7be19771d3d3d34a2d7 volume_key-0.3.7.tar.xz +fafa440af43d7fb4a2d5578f47fefb49 volume_key-0.3.8.tar.xz diff --git a/volume_key.spec b/volume_key.spec index 4413ab6..b32b7c8 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -2,8 +2,8 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key -Version: 0.3.7 -Release: 3%{?dist} +Version: 0.3.8 +Release: 1%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -113,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Sat Mar 3 2012 Miloslav Trmač - 0.3.8-1 +- Update to volume_key-0.3.8 + * Sat Jan 14 2012 Fedora Release Engineering - 0.3.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild From 538deeaf8986046e6a62aaca1097e28e012ef7c9 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Sat, 21 Jul 2012 21:58:58 -0500 Subject: [PATCH 024/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index b32b7c8..d9735f9 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.8 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -113,6 +113,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Sun Jul 22 2012 Fedora Release Engineering - 0.3.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + * Sat Mar 3 2012 Miloslav Trmač - 0.3.8-1 - Update to volume_key-0.3.8 From 56b0682c19d52a0dedd65d9b6675796313167257 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 23 Jul 2012 17:49:45 +0200 Subject: [PATCH 025/101] Add Requires: /usr/bin/gpg --- volume_key.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index d9735f9..d40e5ea 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.8 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -41,6 +41,7 @@ company data after an employee leaves abruptly. %package libs Summary: A library for manipulating storage encryption keys and passphrases Group: System Environment/Libraries +Requires: /usr/bin/gpg %description libs This package provides libvolume_key, a library for manipulating storage volume @@ -113,6 +114,10 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Mon Jul 23 2012 Miloslav Trmač - 0.3.8-3 +- Add Requires: /usr/bin/gpg + Resolves: #842074 + * Sun Jul 22 2012 Fedora Release Engineering - 0.3.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild From 85c6d0916a154a8b2967ee5a47f7959f5edb6269 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 6 Aug 2012 14:09:50 +0200 Subject: [PATCH 026/101] Use BuildRequires: /usr/bin/gpg instead of gnupg This makes the spec file compatible with RHEL, which doesn't ship GnuPG 1, only a compat symlink. --- volume_key.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/volume_key.spec b/volume_key.spec index d40e5ea..5835ef9 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,14 +3,14 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.8 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ Requires: volume_key-libs%{?_isa} = %{version}-%{release} Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz -BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, gnupg +BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel %description @@ -114,6 +114,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Mon Aug 6 2012 Miloslav Trmač - 0.3.8-4 +- Use BuildRequires: /usr/bin/gpg instead of gnupg, for compatibility with RHEL + * Mon Jul 23 2012 Miloslav Trmač - 0.3.8-3 - Add Requires: /usr/bin/gpg Resolves: #842074 From 6b0d58e6c2188744b82898c029b9f25e070b800c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Sat, 22 Sep 2012 21:44:42 +0200 Subject: [PATCH 027/101] Update to volume_key-0.3.9 --- .gitignore | 1 + sources | 2 +- volume_key.spec | 7 +++++-- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 907b16a..06aaee1 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ volume_key-0.3.3.tar.xz /volume_key-0.3.6.tar.xz /volume_key-0.3.7.tar.xz /volume_key-0.3.8.tar.xz +/volume_key-0.3.9.tar.xz diff --git a/sources b/sources index af8b030..9741a26 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -fafa440af43d7fb4a2d5578f47fefb49 volume_key-0.3.8.tar.xz +a2d14931177c660e1f3ebbcf5f47d8e2 volume_key-0.3.9.tar.xz diff --git a/volume_key.spec b/volume_key.spec index 5835ef9..8835f73 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -2,8 +2,8 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key -Version: 0.3.8 -Release: 4%{?dist} +Version: 0.3.9 +Release: 1%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -114,6 +114,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Sat Sep 22 2012 Miloslav Trmač - 0.3.9-1 +- Update to volume_key-0.3.9 + * Mon Aug 6 2012 Miloslav Trmač - 0.3.8-4 - Use BuildRequires: /usr/bin/gpg instead of gnupg, for compatibility with RHEL From 48a54bccf918b3e9bce4a0b300f4f8cf9112c54e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Thu, 22 Nov 2012 03:28:49 +0100 Subject: [PATCH 028/101] Fix a crash when trying to use passphrase encryption in FIPS mode --- volume_key-0.3.9-fips-crash.patch | 33 +++++++++++++++++++++++++++++++ volume_key.spec | 9 ++++++++- 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 volume_key-0.3.9-fips-crash.patch diff --git a/volume_key-0.3.9-fips-crash.patch b/volume_key-0.3.9-fips-crash.patch new file mode 100644 index 0000000..0f79d4e --- /dev/null +++ b/volume_key-0.3.9-fips-crash.patch @@ -0,0 +1,33 @@ +This case can be triggered by encrypting in FIPS mode, where the default +algorithm is unsupported and gpg crashes in response. + +diff --git a/lib/crypto.c b/lib/crypto.c +index 06eb482..905d583 100644 +--- a/lib/crypto.c ++++ b/lib/crypto.c +@@ -709,6 +709,12 @@ encrypt_with_passphrase (size_t *res_size, const void *data, size_t size, + } + gpgme_data_release (src_data); + gpgme_res = gpgme_data_release_and_get_mem (dest_data, res_size); ++ if (gpgme_res == NULL) ++ { ++ g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_CRYPTO, ++ _("Unknown error getting encryption result")); ++ goto err_ctx; ++ } + res = g_memdup (gpgme_res, *res_size); + gpgme_free (gpgme_res); + +@@ -759,6 +765,12 @@ decrypt_with_passphrase (size_t *res_size, const void *data, size_t size, + } + gpgme_data_release (src_data); + gpgme_res = gpgme_data_release_and_get_mem (dest_data, res_size); ++ if (gpgme_res == NULL) ++ { ++ g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_CRYPTO, ++ _("Unknown error getting decryption result")); ++ goto err_ctx; ++ } + res = g_memdup (gpgme_res, *res_size); + gpgme_free (gpgme_res); + diff --git a/volume_key.spec b/volume_key.spec index 8835f73..47b29e8 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,13 +3,15 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ Requires: volume_key-libs%{?_isa} = %{version}-%{release} Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz +# Upstream commit 04991fe8c4f77c4e5c7874c2db8ca32fb4655f6e +Patch1: volume_key-0.3.9-fips-crash.patch BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel @@ -75,6 +77,8 @@ for other formats is possible, some formats are planned for future releases. %prep %setup -q +%patch1 -p1 -b .fips-crash + %build %configure make %{?_smp_mflags} @@ -114,6 +118,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Thu Nov 22 2012 Miloslav Trmač - 0.3.9-2 +- Fix a crash when trying to use passphrase encryption in FIPS mode + * Sat Sep 22 2012 Miloslav Trmač - 0.3.9-1 - Update to volume_key-0.3.9 From 545816c001b740b18d8e7115e0dfa0ebdd7d80e4 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Thu, 14 Feb 2013 20:53:19 -0600 Subject: [PATCH 029/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 47b29e8..4bf656a 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -118,6 +118,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Fri Feb 15 2013 Fedora Release Engineering - 0.3.9-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + * Thu Nov 22 2012 Miloslav Trmač - 0.3.9-2 - Fix a crash when trying to use passphrase encryption in FIPS mode From 3d0316b6da5f2bea6e50ae08d145892c784e49dc Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Sun, 4 Aug 2013 01:25:02 -0500 Subject: [PATCH 030/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 4bf656a..8f31ac3 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -118,6 +118,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Sun Aug 04 2013 Fedora Release Engineering - 0.3.9-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + * Fri Feb 15 2013 Fedora Release Engineering - 0.3.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild From 8fab58af595957aec3c1dea103a140003a1e7a89 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Sat, 7 Jun 2014 22:56:11 -0500 Subject: [PATCH 031/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 8f31ac3..1a5642e 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -118,6 +118,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Sun Jun 08 2014 Fedora Release Engineering - 0.3.9-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + * Sun Aug 04 2013 Fedora Release Engineering - 0.3.9-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild From 1ff6710715cb70b9574ba9ba7925dc071f209210 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Mon, 18 Aug 2014 08:04:28 +0000 Subject: [PATCH 032/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 1a5642e..591d6ea 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 5%{?dist} +Release: 6%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -118,6 +118,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Mon Aug 18 2014 Fedora Release Engineering - 0.3.9-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + * Sun Jun 08 2014 Fedora Release Engineering - 0.3.9-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild From 6a7979d571f178fdf9b8032d79a4ac5db75d8680 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Tue, 13 Jan 2015 23:15:48 +0100 Subject: [PATCH 033/101] Don't #include in libvolume_key.h --- volume_key-0.3.9-config.h.patch | 25 +++++++++++++++++++++++++ volume_key.spec | 9 ++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 volume_key-0.3.9-config.h.patch diff --git a/volume_key-0.3.9-config.h.patch b/volume_key-0.3.9-config.h.patch new file mode 100644 index 0000000..98a70f9 --- /dev/null +++ b/volume_key-0.3.9-config.h.patch @@ -0,0 +1,25 @@ +The library's header file distributed in the devel package cannot include +the config.h file that is only available during build otherwise it's not +possible to use the library outside of the volume_key build process. + +Signed-off-by: Vratislav Podzimek +--- + lib/libvolume_key.h | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/lib/libvolume_key.h b/lib/libvolume_key.h +index 657b626..513f923 100644 +--- a/lib/libvolume_key.h ++++ b/lib/libvolume_key.h +@@ -18,8 +18,6 @@ Author: Miloslav Trmač */ + #ifndef LIBVOLUME_KEY_H__ + #define LIBVOLUME_KEY_H__ + +-#include +- + #include + #include + +-- +2.1.0 + diff --git a/volume_key.spec b/volume_key.spec index 591d6ea..f06a368 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -12,6 +12,8 @@ Requires: volume_key-libs%{?_isa} = %{version}-%{release} Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz # Upstream commit 04991fe8c4f77c4e5c7874c2db8ca32fb4655f6e Patch1: volume_key-0.3.9-fips-crash.patch +# Upstream commit 8f8698aba19b501f01285e9eec5c18231fc6bcea +Patch2: volume_key-0.3.9-config.h.patch BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel @@ -78,6 +80,7 @@ for other formats is possible, some formats are planned for future releases. %setup -q %patch1 -p1 -b .fips-crash +%patch2 -p1 -b .config.h %build %configure @@ -118,6 +121,10 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Tue Jan 13 2015 Miloslav Trmač - 0.3.9-7 +- Don't #include in libvolume_key.h + Patch by Vratislav Podzimek . + * Mon Aug 18 2014 Fedora Release Engineering - 0.3.9-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild From c6eb606826fa590a7b4a10e0108fedbacda96766 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Fri, 19 Jun 2015 02:07:15 +0000 Subject: [PATCH 034/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index f06a368..91883f8 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -121,6 +121,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Fri Jun 19 2015 Fedora Release Engineering - 0.3.9-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + * Tue Jan 13 2015 Miloslav Trmač - 0.3.9-7 - Don't #include in libvolume_key.h Patch by Vratislav Podzimek . From 78e5420049a18ccb8029ff36b57e1b63e7ba1181 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 5 Feb 2016 02:48:54 +0000 Subject: [PATCH 035/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 91883f8..e28aeb0 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 8%{?dist} +Release: 9%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -121,6 +121,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Fri Feb 05 2016 Fedora Release Engineering - 0.3.9-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + * Fri Jun 19 2015 Fedora Release Engineering - 0.3.9-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild From 7b2adf2f44578202a76ee962a25aee133292ff09 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 19 Jul 2016 13:07:49 +0000 Subject: [PATCH 036/101] - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index e28aeb0..f5986c5 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 9%{?dist} +Release: 10%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -121,6 +121,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Tue Jul 19 2016 Fedora Release Engineering - 0.3.9-10 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + * Fri Feb 05 2016 Fedora Release Engineering - 0.3.9-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild From d2f83644d51f475eeefc37996e23617d6e31eb69 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Sat, 10 Dec 2016 20:08:13 +0100 Subject: [PATCH 037/101] Rebuild for gpgme 1.18 Signed-off-by: Igor Gnatenko --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index f5986c5..69943b5 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 10%{?dist} +Release: 11%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -121,6 +121,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Sat Dec 10 2016 Igor Gnatenko - 0.3.9-11 +- Rebuild for gpgme 1.18 + * Tue Jul 19 2016 Fedora Release Engineering - 0.3.9-10 - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages From 8f83183cd99f94009b63216cbafd55fc0a37470d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 11 Feb 2017 17:09:56 +0000 Subject: [PATCH 038/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 69943b5..fd5161a 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 11%{?dist} +Release: 12%{?dist} License: GPLv2 Group: Applications/System URL: https://fedorahosted.org/volume_key/ @@ -121,6 +121,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Sat Feb 11 2017 Fedora Release Engineering - 0.3.9-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + * Sat Dec 10 2016 Igor Gnatenko - 0.3.9-11 - Rebuild for gpgme 1.18 From 19de152f74ec66c0065b3eaa3d54149c91e2dd93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 29 May 2017 16:49:50 +0200 Subject: [PATCH 039/101] Ignore Eclipse metadata --- .gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 06aaee1..edcdff1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ -volume_key-0.3.3.tar.xz +/.project +/volume_key-0.3.3.tar.xz /volume_key-0.3.4.tar.xz /volume_key-0.3.5.tar.xz /volume_key-0.3.6.tar.xz From 2aaaf551a42d5455933972a9655d42ae2ee587f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Mon, 29 May 2017 17:02:59 +0200 Subject: [PATCH 040/101] Point URL: and Source: to the new home at pagure.io --- volume_key.spec | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/volume_key.spec b/volume_key.spec index fd5161a..8a5096d 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,13 +3,13 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 12%{?dist} +Release: 13%{?dist} License: GPLv2 Group: Applications/System -URL: https://fedorahosted.org/volume_key/ +URL: https://pagure.io/volume_key/ Requires: volume_key-libs%{?_isa} = %{version}-%{release} -Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.xz +Source0: https://releases.pagure.org/volume_key/volume_key-%{version}.tar.xz # Upstream commit 04991fe8c4f77c4e5c7874c2db8ca32fb4655f6e Patch1: volume_key-0.3.9-fips-crash.patch # Upstream commit 8f8698aba19b501f01285e9eec5c18231fc6bcea @@ -121,6 +121,10 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Mon May 29 2017 Miloslav Trmač - 0.3.9-13 +- Point URL: and Source: to the new home at pagure.io + Resolves: 1456378 + * Sat Feb 11 2017 Fedora Release Engineering - 0.3.9-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild From c5b69b379879cd5e1063d1660c069b2aa5ebeaba Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 27 Jul 2017 21:24:14 +0000 Subject: [PATCH 041/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 8a5096d..53842d3 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 13%{?dist} +Release: 14%{?dist} License: GPLv2 Group: Applications/System URL: https://pagure.io/volume_key/ @@ -121,6 +121,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Thu Jul 27 2017 Fedora Release Engineering - 0.3.9-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + * Mon May 29 2017 Miloslav Trmač - 0.3.9-13 - Point URL: and Source: to the new home at pagure.io Resolves: 1456378 From f2216ba485ba45aa6946256847bf4df029ffdb53 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 3 Aug 2017 10:07:14 +0000 Subject: [PATCH 042/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 53842d3..beca9cc 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 14%{?dist} +Release: 15%{?dist} License: GPLv2 Group: Applications/System URL: https://pagure.io/volume_key/ @@ -121,6 +121,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Thu Aug 03 2017 Fedora Release Engineering - 0.3.9-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + * Thu Jul 27 2017 Fedora Release Engineering - 0.3.9-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild From 2894bfabcd7e622b60275d46ac109a7a4dc28780 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 19 Aug 2017 09:44:24 -0400 Subject: [PATCH 043/101] Python 2 binary package renamed to python2-volume_key --- volume_key.spec | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/volume_key.spec b/volume_key.spec index beca9cc..edde283 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 15%{?dist} +Release: 16%{?dist} License: GPLv2 Group: Applications/System URL: https://pagure.io/volume_key/ @@ -57,12 +57,13 @@ back up can also be useful for extracting data after a hardware or software failure that corrupts the header of the encrypted volume, or to access the company data after an employee leaves abruptly. -%package -n python-volume_key +%package -n python2-volume_key +%{?python_provide:%python_provide python2-volume_key} Summary: Python bindings for libvolume_key Group: System Environment/Libraries Requires: volume_key-libs%{?_isa} = %{version}-%{release} -%description -n python-volume_key +%description -n python2-volume_key This package provides Python bindings for libvolume_key, a library for manipulating storage volume encryption keys and storing them separately from volumes. @@ -114,13 +115,17 @@ rm -rf $RPM_BUILD_ROOT %doc AUTHORS COPYING ChangeLog NEWS %{_libdir}/libvolume_key.so.* -%files -n python-volume_key +%files -n python2-volume_key %defattr(-,root,root,-) %exclude %{python_sitearch}/_volume_key.la %{python_sitearch}/_volume_key.so %{python_sitearch}/volume_key.py* %changelog +* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 0.3.9-16 +- Python 2 binary package renamed to python2-volume_key + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 + * Thu Aug 03 2017 Fedora Release Engineering - 0.3.9-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild From 6fbd69e36291e4495f1817a3cb5193096859f885 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= Date: Wed, 8 Nov 2017 14:32:55 +0100 Subject: [PATCH 044/101] Update for libcryptsetup ABI change --- volume_key-0.3.9-crypt_get_error.patch | 333 +++++++++++++++++++++++++ volume_key.spec | 8 +- 2 files changed, 340 insertions(+), 1 deletion(-) create mode 100644 volume_key-0.3.9-crypt_get_error.patch diff --git a/volume_key-0.3.9-crypt_get_error.patch b/volume_key-0.3.9-crypt_get_error.patch new file mode 100644 index 0000000..2c2e246 --- /dev/null +++ b/volume_key-0.3.9-crypt_get_error.patch @@ -0,0 +1,333 @@ +From ecef526a51c5a276681472fd6df239570c9ce518 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= +Date: Tue, 7 Nov 2017 16:54:26 +0100 +Subject: [PATCH] Stop using crypt_get_error + +Instead of crypt_get_error, which has been removed in cryptsetup 2.0, +set up a log callback, which is available in both older and newer +versions. + +Fixes #13. +--- + lib/volume_luks.c | 90 ++++++++++++++++++++++++++++++++++++++----------------- + 1 file changed, 63 insertions(+), 27 deletions(-) + +diff --git a/lib/volume_luks.c b/lib/volume_luks.c +index 14794d7..f4bf2c8 100644 +--- a/lib/volume_luks.c ++++ b/lib/volume_luks.c +@@ -61,17 +61,13 @@ my_strerror (int err_no) + } + + /* Set ERROR based on libcryptsetup error state after returning RES. +- Use CODE. */ ++ Use CODE and LAST_LOG_ENTRY. */ + static void +-error_from_cryptsetup (GError **error, LIBVKError code, int res) ++error_from_cryptsetup (GError **error, LIBVKError code, int res, ++ char *last_log_entry) + { +- /* It's not possible to get the error message length from libcryptsetup, just +- guess. */ +- char crypt_msg[4096]; +- +- crypt_get_error (crypt_msg, sizeof (crypt_msg)); +- if (crypt_msg[0] != '\0') +- g_set_error (error, LIBVK_ERROR, code, "%s", crypt_msg); ++ if (last_log_entry != NULL && last_log_entry[0] != '\0') ++ g_set_error (error, LIBVK_ERROR, code, "%s", last_log_entry); + else + { + char *s; +@@ -82,17 +78,33 @@ error_from_cryptsetup (GError **error, LIBVKError code, int res) + } + } + ++static void ++record_cryptsetup_log_entry (int level, const char *msg, void *usrptr) ++{ ++ char **last_log_entry = usrptr; ++ ++ if (level == CRYPT_LOG_ERROR) ++ { ++ g_free (*last_log_entry); ++ *last_log_entry = g_strdup (msg); ++ } ++} ++ + /* Open volume PATH and load its header. ++ Set up *LAST_LOG_ENTRY to be updated to the last logged message for the ++ device. The caller must g_free(*LAST_LOG_ENTRY) after closing the device. + Return the volume, or NULL on error. */ + static struct crypt_device * +-open_crypt_device (const char *path, GError **error) ++open_crypt_device (const char *path, char **last_log_entry, GError **error) + { + struct crypt_device *cd; + int r; + ++ *last_log_entry = NULL; + r = crypt_init (&cd, path); + if (r < 0) + goto err; ++ crypt_set_log_callback(cd, record_cryptsetup_log_entry, last_log_entry); + r = crypt_load (cd, CRYPT_LUKS1, NULL); + if (r < 0) + goto err_cd; +@@ -101,9 +113,12 @@ open_crypt_device (const char *path, GError **error) + err_cd: + crypt_free (cd); + err: +- error_from_cryptsetup (error, LIBVK_ERROR_VOLUME_UNKNOWN_FORMAT, r); ++ error_from_cryptsetup (error, LIBVK_ERROR_VOLUME_UNKNOWN_FORMAT, r, ++ *last_log_entry); + g_prefix_error (error, _("Error getting information about volume `%s': "), + path); ++ g_free (*last_log_entry); ++ *last_log_entry = NULL; + return NULL; + } + +@@ -173,10 +188,11 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error) + { + struct luks_volume *luks; + struct crypt_device *cd; ++ char *last_log_entry; + const char *uuid; + + (void)vol; +- cd = open_crypt_device (path, error); ++ cd = open_crypt_device (path, &last_log_entry, error); + if (cd == NULL) + return NULL; + /* A bit of paranoia */ +@@ -187,6 +203,7 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error) + _("UUID mismatch between libblkid and libcryptsetup: `%s' " + "vs. `%s'"), vol->uuid, uuid); + crypt_free (cd); ++ g_free (last_log_entry); + return NULL; + } + +@@ -195,6 +212,7 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error) + luks->cipher_mode = g_strdup (crypt_get_cipher_mode (cd)); + luks->key_bytes = crypt_get_volume_key_size (cd); + crypt_free (cd); ++ g_free (last_log_entry); + + luks->key = NULL; + luks->passphrase = NULL; +@@ -256,7 +274,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type, + const struct libvk_ui *ui, GError **error) + { + struct crypt_device *cd; +- char *passphrase; ++ char *last_log_entry, *passphrase; + void *key; + size_t key_length; + int slot; +@@ -276,7 +294,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type, + _("Encryption information type unsupported in LUKS")); + goto err; + } +- cd = open_crypt_device (vol->path, error); ++ cd = open_crypt_device (vol->path, &last_log_entry, error); + if (cd == NULL) + goto err; + key_length = crypt_get_volume_key_size (cd); +@@ -303,7 +321,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type, + g_free_passphrase (passphrase); + if (r != -EPERM) + { +- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r); ++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry); + g_prefix_error (error, _("Error getting LUKS data encryption key: ")); + goto err_prompt; + } +@@ -322,12 +340,14 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type, + vol->v.luks->passphrase_slot = slot; + g_free (prompt); + crypt_free (cd); ++ g_free (last_log_entry); + return 0; + + err_prompt: + g_free (prompt); + g_free_key (key, key_length); + crypt_free (cd); ++ g_free (last_log_entry); + err: + return -1; + } +@@ -383,11 +403,12 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet, + if (packet->v.luks->key != NULL) + { + struct crypt_device *cd; ++ char *last_log_entry; + int r; + + g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes, + -1); +- cd = open_crypt_device (vol->path, error); ++ cd = open_crypt_device (vol->path, &last_log_entry, error); + if (cd == NULL) + return -1; + r = crypt_volume_key_verify (cd, packet->v.luks->key, +@@ -395,21 +416,25 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet, + crypt_free (cd); + if (r < 0) + { +- error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r); ++ error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r, ++ last_log_entry); + g_prefix_error (error, _("LUKS data encryption key in packet is " + "invalid: ")); ++ g_free (last_log_entry); + return -1; + } ++ g_free (last_log_entry); + luks_replace_key (vol, packet->v.luks->key); + } + if (packet->v.luks->passphrase != NULL) + { + struct crypt_device *cd; ++ char *last_log_entry; + void *key; + size_t key_size; + int r; + +- cd = open_crypt_device (vol->path, error); ++ cd = open_crypt_device (vol->path, &last_log_entry, error); + if (cd == NULL) + return -1; + key_size = crypt_get_volume_key_size (cd); +@@ -420,10 +445,13 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet, + crypt_free (cd); + if (r < 0) + { +- error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r); ++ error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r, ++ last_log_entry); + g_prefix_error (error, _("LUKS passphrase in packet is invalid: ")); ++ g_free (last_log_entry); + return -1; + } ++ g_free (last_log_entry); + luks_replace_passphrase (vol, packet->v.luks->passphrase); + vol->v.luks->passphrase_slot = r; + if (packet->v.luks->key == NULL) +@@ -446,7 +474,7 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet, + GError **error) + { + struct crypt_device *cd; +- char *prompt, *prompt2, *error_prompt, *passphrase; ++ char *last_log_entry, *prompt, *prompt2, *error_prompt, *passphrase; + unsigned failed; + int res; + +@@ -498,7 +526,7 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet, + goto err_prompts; + + got_passphrase: +- cd = open_crypt_device (vol->path, error); ++ cd = open_crypt_device (vol->path, &last_log_entry, error); + if (cd == NULL) + goto err_passphrase; + res = crypt_keyslot_add_by_volume_key (cd, CRYPT_ANY_SLOT, +@@ -508,10 +536,12 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet, + crypt_free (cd); + if (res < 0) + { +- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res); ++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res, last_log_entry); + g_prefix_error (error, _("Error adding a LUKS passphrase")); ++ g_free (last_log_entry); + goto err_passphrase; + } ++ g_free (last_log_entry); + + g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes, + -1); +@@ -542,6 +572,7 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type, + const void *secret, size_t size, GError **error) + { + struct crypt_device *cd; ++ char *last_log_entry; + int res; + + if (secret_type != LIBVK_SECRET_PASSPHRASE) +@@ -562,7 +593,7 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type, + _("The passphrase must be a string")); + return -1; + } +- cd = open_crypt_device (vol->path, error); ++ cd = open_crypt_device (vol->path, &last_log_entry, error); + if (cd == NULL) + return -1; + res = crypt_keyslot_add_by_volume_key (cd, CRYPT_ANY_SLOT, vol->v.luks->key, +@@ -570,10 +601,12 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type, + crypt_free (cd); + if (res < 0) + { +- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res); ++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res, last_log_entry); + g_prefix_error (error, _("Error adding a LUKS passphrase")); ++ g_free (last_log_entry); + return -1; + } ++ g_free (last_log_entry); + + luks_replace_passphrase (vol, secret); + vol->v.luks->passphrase_slot = res; +@@ -823,12 +856,13 @@ luks_open_with_packet (struct libvk_volume *vol, + GError **error) + { + struct crypt_device *cd; ++ char *last_log_entry; + void *to_free; + const void *key; + int r; + size_t key_size; + +- cd = open_crypt_device (vol->path, error); ++ cd = open_crypt_device (vol->path, &last_log_entry, error); + if (cd == NULL) + goto err; + if (packet->v.luks->key != NULL) +@@ -846,7 +880,7 @@ luks_open_with_packet (struct libvk_volume *vol, + strlen (packet->v.luks->passphrase)); + if (r < 0) + { +- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r); ++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry); + g_prefix_error (error, _("Error getting LUKS data encryption key: ")); + goto err_to_free; + } +@@ -862,7 +896,7 @@ luks_open_with_packet (struct libvk_volume *vol, + r = crypt_activate_by_volume_key (cd, name, key, key_size, 0); + if (r < 0) + { +- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r); ++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry); + g_prefix_error (error, _("Error opening LUKS volume: ")); + goto err_to_free; + } +@@ -870,6 +904,7 @@ luks_open_with_packet (struct libvk_volume *vol, + if (to_free != NULL) + g_free_key (to_free, key_size); + crypt_free (cd); ++ g_free (last_log_entry); + return 0; + + err_to_free: +@@ -877,6 +912,7 @@ luks_open_with_packet (struct libvk_volume *vol, + g_free_key (to_free, key_size); + err_cd: + crypt_free (cd); ++ g_free (last_log_entry); + err: + return -1; + } +-- +2.13.6 + diff --git a/volume_key.spec b/volume_key.spec index edde283..d967892 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 16%{?dist} +Release: 17%{?dist} License: GPLv2 Group: Applications/System URL: https://pagure.io/volume_key/ @@ -14,6 +14,8 @@ Source0: https://releases.pagure.org/volume_key/volume_key-%{version}.tar.xz Patch1: volume_key-0.3.9-fips-crash.patch # Upstream commit 8f8698aba19b501f01285e9eec5c18231fc6bcea Patch2: volume_key-0.3.9-config.h.patch +# Upstream commit ecef526a51c5a276681472fd6df239570c9ce518 +Patch3: volume_key-0.3.9-crypt_get_error.patch BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel @@ -82,6 +84,7 @@ for other formats is possible, some formats are planned for future releases. %patch1 -p1 -b .fips-crash %patch2 -p1 -b .config.h +%patch3 -p1 -b .crypt_get_error %build %configure @@ -122,6 +125,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Tue Nov 7 2017 Miloslav Trmač - 0.3.9-17 +- Update for libcryptsetup ABI change + * Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 0.3.9-16 - Python 2 binary package renamed to python2-volume_key See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 From 97c67a954831cf1d6c4c27825f12082b8f804a12 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Sat, 3 Feb 2018 13:13:26 +0100 Subject: [PATCH 045/101] Switch to %ldconfig_scriptlets Signed-off-by: Igor Gnatenko --- volume_key.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/volume_key.spec b/volume_key.spec index d967892..166f169 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 17%{?dist} +Release: 18%{?dist} License: GPLv2 Group: Applications/System URL: https://pagure.io/volume_key/ @@ -98,8 +98,7 @@ make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' %clean rm -rf $RPM_BUILD_ROOT -%post libs -p /sbin/ldconfig -%postun libs -p /sbin/ldconfig +%ldconfig_scriptlets libs %files %defattr(-,root,root,-) @@ -125,6 +124,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Sat Feb 03 2018 Igor Gnatenko - 0.3.9-18 +- Switch to %%ldconfig_scriptlets + * Tue Nov 7 2017 Miloslav Trmač - 0.3.9-17 - Update for libcryptsetup ABI change From b28d111460c72540c54e4247a8fda11d7b2bed34 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 9 Feb 2018 20:38:29 +0000 Subject: [PATCH 046/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 166f169..7d7a5c0 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 18%{?dist} +Release: 19%{?dist} License: GPLv2 Group: Applications/System URL: https://pagure.io/volume_key/ @@ -124,6 +124,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/volume_key.py* %changelog +* Fri Feb 09 2018 Fedora Release Engineering - 0.3.9-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + * Sat Feb 03 2018 Igor Gnatenko - 0.3.9-18 - Switch to %%ldconfig_scriptlets From 5dae3701ee20b2a34d8e91d4e26dfaf48583417d Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Wed, 14 Feb 2018 08:58:13 +0100 Subject: [PATCH 047/101] Remove %clean section None of currently supported distributions need that. Last one was EL5 which is EOL for a while. Signed-off-by: Igor Gnatenko --- volume_key.spec | 3 --- 1 file changed, 3 deletions(-) diff --git a/volume_key.spec b/volume_key.spec index 7d7a5c0..1e53a58 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -95,9 +95,6 @@ make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' %find_lang volume_key -%clean -rm -rf $RPM_BUILD_ROOT - %ldconfig_scriptlets libs %files From 91b20b097b66447f8526be2d50325f05fe9fc6a4 Mon Sep 17 00:00:00 2001 From: Iryna Shcherbina Date: Wed, 14 Feb 2018 17:25:32 +0100 Subject: [PATCH 048/101] Update Python 2 dependency declarations to new packaging standards --- volume_key.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/volume_key.spec b/volume_key.spec index 1e53a58..d1ef540 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.9 -Release: 19%{?dist} +Release: 20%{?dist} License: GPLv2 Group: Applications/System URL: https://pagure.io/volume_key/ @@ -17,7 +17,7 @@ Patch2: volume_key-0.3.9-config.h.patch # Upstream commit ecef526a51c5a276681472fd6df239570c9ce518 Patch3: volume_key-0.3.9-crypt_get_error.patch BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg -BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python-devel +BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python2-devel %description This package provides a command-line tool for manipulating storage volume @@ -121,6 +121,10 @@ make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' %{python_sitearch}/volume_key.py* %changelog +* Wed Feb 14 2018 Iryna Shcherbina - 0.3.9-20 +- Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + * Fri Feb 09 2018 Fedora Release Engineering - 0.3.9-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild From 6d34f800c270e32a7fe9da140ea95c609f08f781 Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Mon, 21 May 2018 11:54:29 +0200 Subject: [PATCH 049/101] Update to volume_key-0.3.10 - resolves #1479349, #1517016 --- .gitignore | 1 + sources | 2 +- volume_key-0.3.9-config.h.patch | 25 -- volume_key-0.3.9-crypt_get_error.patch | 333 ------------------------- volume_key-0.3.9-fips-crash.patch | 33 --- volume_key.spec | 28 +-- 6 files changed, 16 insertions(+), 406 deletions(-) delete mode 100644 volume_key-0.3.9-config.h.patch delete mode 100644 volume_key-0.3.9-crypt_get_error.patch delete mode 100644 volume_key-0.3.9-fips-crash.patch diff --git a/.gitignore b/.gitignore index edcdff1..bd19b1e 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ /volume_key-0.3.7.tar.xz /volume_key-0.3.8.tar.xz /volume_key-0.3.9.tar.xz +/volume_key-0.3.10.tar.xz diff --git a/sources b/sources index 9741a26..5151e81 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a2d14931177c660e1f3ebbcf5f47d8e2 volume_key-0.3.9.tar.xz +SHA512 (volume_key-0.3.10.tar.xz) = b050d333e021bc3721f5e72c1d2498adea3265afe7f702e1b1e859546755745ac70dcffc194739a4833d4b0b77168506f7fe90fde382d8aab4df2af7b635932b diff --git a/volume_key-0.3.9-config.h.patch b/volume_key-0.3.9-config.h.patch deleted file mode 100644 index 98a70f9..0000000 --- a/volume_key-0.3.9-config.h.patch +++ /dev/null @@ -1,25 +0,0 @@ -The library's header file distributed in the devel package cannot include -the config.h file that is only available during build otherwise it's not -possible to use the library outside of the volume_key build process. - -Signed-off-by: Vratislav Podzimek ---- - lib/libvolume_key.h | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/lib/libvolume_key.h b/lib/libvolume_key.h -index 657b626..513f923 100644 ---- a/lib/libvolume_key.h -+++ b/lib/libvolume_key.h -@@ -18,8 +18,6 @@ Author: Miloslav Trmač */ - #ifndef LIBVOLUME_KEY_H__ - #define LIBVOLUME_KEY_H__ - --#include -- - #include - #include - --- -2.1.0 - diff --git a/volume_key-0.3.9-crypt_get_error.patch b/volume_key-0.3.9-crypt_get_error.patch deleted file mode 100644 index 2c2e246..0000000 --- a/volume_key-0.3.9-crypt_get_error.patch +++ /dev/null @@ -1,333 +0,0 @@ -From ecef526a51c5a276681472fd6df239570c9ce518 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= -Date: Tue, 7 Nov 2017 16:54:26 +0100 -Subject: [PATCH] Stop using crypt_get_error - -Instead of crypt_get_error, which has been removed in cryptsetup 2.0, -set up a log callback, which is available in both older and newer -versions. - -Fixes #13. ---- - lib/volume_luks.c | 90 ++++++++++++++++++++++++++++++++++++++----------------- - 1 file changed, 63 insertions(+), 27 deletions(-) - -diff --git a/lib/volume_luks.c b/lib/volume_luks.c -index 14794d7..f4bf2c8 100644 ---- a/lib/volume_luks.c -+++ b/lib/volume_luks.c -@@ -61,17 +61,13 @@ my_strerror (int err_no) - } - - /* Set ERROR based on libcryptsetup error state after returning RES. -- Use CODE. */ -+ Use CODE and LAST_LOG_ENTRY. */ - static void --error_from_cryptsetup (GError **error, LIBVKError code, int res) -+error_from_cryptsetup (GError **error, LIBVKError code, int res, -+ char *last_log_entry) - { -- /* It's not possible to get the error message length from libcryptsetup, just -- guess. */ -- char crypt_msg[4096]; -- -- crypt_get_error (crypt_msg, sizeof (crypt_msg)); -- if (crypt_msg[0] != '\0') -- g_set_error (error, LIBVK_ERROR, code, "%s", crypt_msg); -+ if (last_log_entry != NULL && last_log_entry[0] != '\0') -+ g_set_error (error, LIBVK_ERROR, code, "%s", last_log_entry); - else - { - char *s; -@@ -82,17 +78,33 @@ error_from_cryptsetup (GError **error, LIBVKError code, int res) - } - } - -+static void -+record_cryptsetup_log_entry (int level, const char *msg, void *usrptr) -+{ -+ char **last_log_entry = usrptr; -+ -+ if (level == CRYPT_LOG_ERROR) -+ { -+ g_free (*last_log_entry); -+ *last_log_entry = g_strdup (msg); -+ } -+} -+ - /* Open volume PATH and load its header. -+ Set up *LAST_LOG_ENTRY to be updated to the last logged message for the -+ device. The caller must g_free(*LAST_LOG_ENTRY) after closing the device. - Return the volume, or NULL on error. */ - static struct crypt_device * --open_crypt_device (const char *path, GError **error) -+open_crypt_device (const char *path, char **last_log_entry, GError **error) - { - struct crypt_device *cd; - int r; - -+ *last_log_entry = NULL; - r = crypt_init (&cd, path); - if (r < 0) - goto err; -+ crypt_set_log_callback(cd, record_cryptsetup_log_entry, last_log_entry); - r = crypt_load (cd, CRYPT_LUKS1, NULL); - if (r < 0) - goto err_cd; -@@ -101,9 +113,12 @@ open_crypt_device (const char *path, GError **error) - err_cd: - crypt_free (cd); - err: -- error_from_cryptsetup (error, LIBVK_ERROR_VOLUME_UNKNOWN_FORMAT, r); -+ error_from_cryptsetup (error, LIBVK_ERROR_VOLUME_UNKNOWN_FORMAT, r, -+ *last_log_entry); - g_prefix_error (error, _("Error getting information about volume `%s': "), - path); -+ g_free (*last_log_entry); -+ *last_log_entry = NULL; - return NULL; - } - -@@ -173,10 +188,11 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error) - { - struct luks_volume *luks; - struct crypt_device *cd; -+ char *last_log_entry; - const char *uuid; - - (void)vol; -- cd = open_crypt_device (path, error); -+ cd = open_crypt_device (path, &last_log_entry, error); - if (cd == NULL) - return NULL; - /* A bit of paranoia */ -@@ -187,6 +203,7 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error) - _("UUID mismatch between libblkid and libcryptsetup: `%s' " - "vs. `%s'"), vol->uuid, uuid); - crypt_free (cd); -+ g_free (last_log_entry); - return NULL; - } - -@@ -195,6 +212,7 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error) - luks->cipher_mode = g_strdup (crypt_get_cipher_mode (cd)); - luks->key_bytes = crypt_get_volume_key_size (cd); - crypt_free (cd); -+ g_free (last_log_entry); - - luks->key = NULL; - luks->passphrase = NULL; -@@ -256,7 +274,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type, - const struct libvk_ui *ui, GError **error) - { - struct crypt_device *cd; -- char *passphrase; -+ char *last_log_entry, *passphrase; - void *key; - size_t key_length; - int slot; -@@ -276,7 +294,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type, - _("Encryption information type unsupported in LUKS")); - goto err; - } -- cd = open_crypt_device (vol->path, error); -+ cd = open_crypt_device (vol->path, &last_log_entry, error); - if (cd == NULL) - goto err; - key_length = crypt_get_volume_key_size (cd); -@@ -303,7 +321,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type, - g_free_passphrase (passphrase); - if (r != -EPERM) - { -- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r); -+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry); - g_prefix_error (error, _("Error getting LUKS data encryption key: ")); - goto err_prompt; - } -@@ -322,12 +340,14 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type, - vol->v.luks->passphrase_slot = slot; - g_free (prompt); - crypt_free (cd); -+ g_free (last_log_entry); - return 0; - - err_prompt: - g_free (prompt); - g_free_key (key, key_length); - crypt_free (cd); -+ g_free (last_log_entry); - err: - return -1; - } -@@ -383,11 +403,12 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet, - if (packet->v.luks->key != NULL) - { - struct crypt_device *cd; -+ char *last_log_entry; - int r; - - g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes, - -1); -- cd = open_crypt_device (vol->path, error); -+ cd = open_crypt_device (vol->path, &last_log_entry, error); - if (cd == NULL) - return -1; - r = crypt_volume_key_verify (cd, packet->v.luks->key, -@@ -395,21 +416,25 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet, - crypt_free (cd); - if (r < 0) - { -- error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r); -+ error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r, -+ last_log_entry); - g_prefix_error (error, _("LUKS data encryption key in packet is " - "invalid: ")); -+ g_free (last_log_entry); - return -1; - } -+ g_free (last_log_entry); - luks_replace_key (vol, packet->v.luks->key); - } - if (packet->v.luks->passphrase != NULL) - { - struct crypt_device *cd; -+ char *last_log_entry; - void *key; - size_t key_size; - int r; - -- cd = open_crypt_device (vol->path, error); -+ cd = open_crypt_device (vol->path, &last_log_entry, error); - if (cd == NULL) - return -1; - key_size = crypt_get_volume_key_size (cd); -@@ -420,10 +445,13 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet, - crypt_free (cd); - if (r < 0) - { -- error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r); -+ error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r, -+ last_log_entry); - g_prefix_error (error, _("LUKS passphrase in packet is invalid: ")); -+ g_free (last_log_entry); - return -1; - } -+ g_free (last_log_entry); - luks_replace_passphrase (vol, packet->v.luks->passphrase); - vol->v.luks->passphrase_slot = r; - if (packet->v.luks->key == NULL) -@@ -446,7 +474,7 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet, - GError **error) - { - struct crypt_device *cd; -- char *prompt, *prompt2, *error_prompt, *passphrase; -+ char *last_log_entry, *prompt, *prompt2, *error_prompt, *passphrase; - unsigned failed; - int res; - -@@ -498,7 +526,7 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet, - goto err_prompts; - - got_passphrase: -- cd = open_crypt_device (vol->path, error); -+ cd = open_crypt_device (vol->path, &last_log_entry, error); - if (cd == NULL) - goto err_passphrase; - res = crypt_keyslot_add_by_volume_key (cd, CRYPT_ANY_SLOT, -@@ -508,10 +536,12 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet, - crypt_free (cd); - if (res < 0) - { -- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res); -+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res, last_log_entry); - g_prefix_error (error, _("Error adding a LUKS passphrase")); -+ g_free (last_log_entry); - goto err_passphrase; - } -+ g_free (last_log_entry); - - g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes, - -1); -@@ -542,6 +572,7 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type, - const void *secret, size_t size, GError **error) - { - struct crypt_device *cd; -+ char *last_log_entry; - int res; - - if (secret_type != LIBVK_SECRET_PASSPHRASE) -@@ -562,7 +593,7 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type, - _("The passphrase must be a string")); - return -1; - } -- cd = open_crypt_device (vol->path, error); -+ cd = open_crypt_device (vol->path, &last_log_entry, error); - if (cd == NULL) - return -1; - res = crypt_keyslot_add_by_volume_key (cd, CRYPT_ANY_SLOT, vol->v.luks->key, -@@ -570,10 +601,12 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type, - crypt_free (cd); - if (res < 0) - { -- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res); -+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res, last_log_entry); - g_prefix_error (error, _("Error adding a LUKS passphrase")); -+ g_free (last_log_entry); - return -1; - } -+ g_free (last_log_entry); - - luks_replace_passphrase (vol, secret); - vol->v.luks->passphrase_slot = res; -@@ -823,12 +856,13 @@ luks_open_with_packet (struct libvk_volume *vol, - GError **error) - { - struct crypt_device *cd; -+ char *last_log_entry; - void *to_free; - const void *key; - int r; - size_t key_size; - -- cd = open_crypt_device (vol->path, error); -+ cd = open_crypt_device (vol->path, &last_log_entry, error); - if (cd == NULL) - goto err; - if (packet->v.luks->key != NULL) -@@ -846,7 +880,7 @@ luks_open_with_packet (struct libvk_volume *vol, - strlen (packet->v.luks->passphrase)); - if (r < 0) - { -- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r); -+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry); - g_prefix_error (error, _("Error getting LUKS data encryption key: ")); - goto err_to_free; - } -@@ -862,7 +896,7 @@ luks_open_with_packet (struct libvk_volume *vol, - r = crypt_activate_by_volume_key (cd, name, key, key_size, 0); - if (r < 0) - { -- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r); -+ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry); - g_prefix_error (error, _("Error opening LUKS volume: ")); - goto err_to_free; - } -@@ -870,6 +904,7 @@ luks_open_with_packet (struct libvk_volume *vol, - if (to_free != NULL) - g_free_key (to_free, key_size); - crypt_free (cd); -+ g_free (last_log_entry); - return 0; - - err_to_free: -@@ -877,6 +912,7 @@ luks_open_with_packet (struct libvk_volume *vol, - g_free_key (to_free, key_size); - err_cd: - crypt_free (cd); -+ g_free (last_log_entry); - err: - return -1; - } --- -2.13.6 - diff --git a/volume_key-0.3.9-fips-crash.patch b/volume_key-0.3.9-fips-crash.patch deleted file mode 100644 index 0f79d4e..0000000 --- a/volume_key-0.3.9-fips-crash.patch +++ /dev/null @@ -1,33 +0,0 @@ -This case can be triggered by encrypting in FIPS mode, where the default -algorithm is unsupported and gpg crashes in response. - -diff --git a/lib/crypto.c b/lib/crypto.c -index 06eb482..905d583 100644 ---- a/lib/crypto.c -+++ b/lib/crypto.c -@@ -709,6 +709,12 @@ encrypt_with_passphrase (size_t *res_size, const void *data, size_t size, - } - gpgme_data_release (src_data); - gpgme_res = gpgme_data_release_and_get_mem (dest_data, res_size); -+ if (gpgme_res == NULL) -+ { -+ g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_CRYPTO, -+ _("Unknown error getting encryption result")); -+ goto err_ctx; -+ } - res = g_memdup (gpgme_res, *res_size); - gpgme_free (gpgme_res); - -@@ -759,6 +765,12 @@ decrypt_with_passphrase (size_t *res_size, const void *data, size_t size, - } - gpgme_data_release (src_data); - gpgme_res = gpgme_data_release_and_get_mem (dest_data, res_size); -+ if (gpgme_res == NULL) -+ { -+ g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_CRYPTO, -+ _("Unknown error getting decryption result")); -+ goto err_ctx; -+ } - res = g_memdup (gpgme_res, *res_size); - gpgme_free (gpgme_res); - diff --git a/volume_key.spec b/volume_key.spec index d1ef540..3075667 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -2,22 +2,19 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key -Version: 0.3.9 -Release: 20%{?dist} +Version: 0.3.10 +Release: 1%{?dist} License: GPLv2 Group: Applications/System URL: https://pagure.io/volume_key/ Requires: volume_key-libs%{?_isa} = %{version}-%{release} Source0: https://releases.pagure.org/volume_key/volume_key-%{version}.tar.xz -# Upstream commit 04991fe8c4f77c4e5c7874c2db8ca32fb4655f6e -Patch1: volume_key-0.3.9-fips-crash.patch -# Upstream commit 8f8698aba19b501f01285e9eec5c18231fc6bcea -Patch2: volume_key-0.3.9-config.h.patch -# Upstream commit ecef526a51c5a276681472fd6df239570c9ce518 -Patch3: volume_key-0.3.9-crypt_get_error.patch -BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg +BuildRequires: gcc +BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg2 BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python2-devel +# Needed by %%check: +BuildRequires: nss-tools %description This package provides a command-line tool for manipulating storage volume @@ -47,7 +44,7 @@ company data after an employee leaves abruptly. %package libs Summary: A library for manipulating storage encryption keys and passphrases Group: System Environment/Libraries -Requires: /usr/bin/gpg +Requires: /usr/bin/gpg2 %description libs This package provides libvolume_key, a library for manipulating storage volume @@ -82,10 +79,6 @@ for other formats is possible, some formats are planned for future releases. %prep %setup -q -%patch1 -p1 -b .fips-crash -%patch2 -p1 -b .config.h -%patch3 -p1 -b .crypt_get_error - %build %configure make %{?_smp_mflags} @@ -93,6 +86,9 @@ make %{?_smp_mflags} %install make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' +%check +make check + %find_lang volume_key %ldconfig_scriptlets libs @@ -121,6 +117,10 @@ make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' %{python_sitearch}/volume_key.py* %changelog +* Wed May 16 2018 Jiri Kucera - 0.3.10-1 +- Update to volume_key-0.3.10 + Resolves: #1479349, #1517016 + * Wed Feb 14 2018 Iryna Shcherbina - 0.3.9-20 - Update Python 2 dependency declarations to new packaging standards (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) From a826a4b1afb75dbcd9c9c727f880c607b2ec2e81 Mon Sep 17 00:00:00 2001 From: Jason Tibbitts Date: Tue, 10 Jul 2018 01:43:33 -0500 Subject: [PATCH 050/101] Remove needless use of %defattr --- volume_key.spec | 4 ---- 1 file changed, 4 deletions(-) diff --git a/volume_key.spec b/volume_key.spec index 3075667..16bb641 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -94,24 +94,20 @@ make check %ldconfig_scriptlets libs %files -%defattr(-,root,root,-) %doc README contrib %{_bindir}/volume_key %{_mandir}/man8/volume_key.8* %files devel -%defattr(-,root,root,-) %{_includedir}/volume_key %exclude %{_libdir}/libvolume_key.la %{_libdir}/libvolume_key.so %files libs -f volume_key.lang -%defattr(-,root,root,-) %doc AUTHORS COPYING ChangeLog NEWS %{_libdir}/libvolume_key.so.* %files -n python2-volume_key -%defattr(-,root,root,-) %exclude %{python_sitearch}/_volume_key.la %{python_sitearch}/_volume_key.so %{python_sitearch}/volume_key.py* From 48e35c62a2d0bc6b405c4dd6229924351ebc109a Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 14 Jul 2018 08:38:06 +0000 Subject: [PATCH 051/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 16bb641..d3a799d 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -3,7 +3,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.10 -Release: 1%{?dist} +Release: 2%{?dist} License: GPLv2 Group: Applications/System URL: https://pagure.io/volume_key/ @@ -113,6 +113,9 @@ make check %{python_sitearch}/volume_key.py* %changelog +* Sat Jul 14 2018 Fedora Release Engineering - 0.3.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Wed May 16 2018 Jiri Kucera - 0.3.10-1 - Update to volume_key-0.3.10 Resolves: #1479349, #1517016 From c31e753f4ba785e93f50f06d872731105b75ae31 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Mon, 30 Jul 2018 00:22:26 +0200 Subject: [PATCH 052/101] =?UTF-8?q?%{python=5Fsitearch}=20=E2=86=92=20%{py?= =?UTF-8?q?thon2=5Fsitearch}?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Igor Gnatenko --- volume_key.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/volume_key.spec b/volume_key.spec index d3a799d..b12027d 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -109,8 +109,8 @@ make check %files -n python2-volume_key %exclude %{python_sitearch}/_volume_key.la -%{python_sitearch}/_volume_key.so -%{python_sitearch}/volume_key.py* +%{python2_sitearch}/_volume_key.so +%{python2_sitearch}/volume_key.py* %changelog * Sat Jul 14 2018 Fedora Release Engineering - 0.3.10-2 From 3309ca4a56b8f239330e12eec7d7eafc37d518a0 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Mon, 13 Aug 2018 13:37:22 +0100 Subject: [PATCH 053/101] fix FTBFS by removing .la file in install phase instead of excluding it --- volume_key.spec | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/volume_key.spec b/volume_key.spec index b12027d..d26bf5e 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -86,6 +86,9 @@ make %{?_smp_mflags} %install make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' +# Remove libtool archive +find %{buildroot} -type f -name "*.la" -delete + %check make check @@ -100,7 +103,6 @@ make check %files devel %{_includedir}/volume_key -%exclude %{_libdir}/libvolume_key.la %{_libdir}/libvolume_key.so %files libs -f volume_key.lang @@ -108,7 +110,6 @@ make check %{_libdir}/libvolume_key.so.* %files -n python2-volume_key -%exclude %{python_sitearch}/_volume_key.la %{python2_sitearch}/_volume_key.so %{python2_sitearch}/volume_key.py* From a407d142bcfce9b792836aac135ef1ff2a2127d5 Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Mon, 8 Oct 2018 16:03:55 +0200 Subject: [PATCH 054/101] Update to volume_key-0.3.12 Resolves: #1634850 --- .gitignore | 1 + sources | 2 +- volume_key.spec | 177 ++++++++++++++++++++++++++++++++---------------- 3 files changed, 119 insertions(+), 61 deletions(-) diff --git a/.gitignore b/.gitignore index bd19b1e..92de226 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ /volume_key-0.3.8.tar.xz /volume_key-0.3.9.tar.xz /volume_key-0.3.10.tar.xz +/volume_key-0.3.12.tar.xz diff --git a/sources b/sources index 5151e81..5250147 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (volume_key-0.3.10.tar.xz) = b050d333e021bc3721f5e72c1d2498adea3265afe7f702e1b1e859546755745ac70dcffc194739a4833d4b0b77168506f7fe90fde382d8aab4df2af7b635932b +SHA512 (volume_key-0.3.12.tar.xz) = d056154c9b9d23e4eb661946dd59ed97e116903a3afcff9d9e29258408082f33dcbb69958724143f6bf191a3da488a03b6c02af287790990ed6459e29d66553c diff --git a/volume_key.spec b/volume_key.spec index d26bf5e..5d05251 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -1,45 +1,89 @@ -%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} +# Define `python3_sitearch' if there is no one: +%{!?python3_sitearch:%global python3_sitearch %(%{__python3} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} + +# Enable Python 3 in Fedora and RHEL > 7 as default: +%if 0%{?fedora} || 0%{?rhel} > 7 +# Add `--without python3' option (enable python3 by default): +%bcond_without python3 +%else +# Add `--with python3' option (disable python3 by default): +%bcond_with python3 +%endif + +# Drop Python 2 in Fedora >= 30 and RHEL > 7 as default: +%if 0%{?fedora} >= 30 || 0%{?rhel} > 7 +%global drop_python2 1 +%global configure_with_python2 no +%else +# Define `python2_sitearch' if there is no one: +%{!?python2_sitearch:%global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} +%global configure_with_python2 yes +%endif + +%if %{with python3} +%global configure_with_python3 yes +%else +%global configure_with_python3 no +%endif + +# Additional configure options: +%global with_pythons --with-python=%{configure_with_python2} --with-python3=%{?configure_with_python3} Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key -Version: 0.3.10 -Release: 2%{?dist} -License: GPLv2 +Version: 0.3.12 +Release: 1%{?dist} +# lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1 and GPLv2 +License: GPLv2 and (MPLv1.1 or GPLv2) Group: Applications/System -URL: https://pagure.io/volume_key/ -Requires: volume_key-libs%{?_isa} = %{version}-%{release} +URL: https://pagure.io/%{name}/ +Requires: %{name}-libs%{?_isa} = %{version}-%{release} -Source0: https://releases.pagure.org/volume_key/volume_key-%{version}.tar.xz +Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz BuildRequires: gcc BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg2 -BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python2-devel +BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python3-devel +%if 0%{?drop_python2} < 1 +BuildRequires: python2-devel +%endif # Needed by %%check: BuildRequires: nss-tools -%description -This package provides a command-line tool for manipulating storage volume -encryption keys and storing them separately from volumes. - -The main goal of the software is to allow restoring access to an encrypted -hard drive if the primary user forgets the passphrase. The encryption key -back up can also be useful for extracting data after a hardware or software -failure that corrupts the header of the encrypted volume, or to access the +%global desc_common The main goal of the software is to allow restoring access to an encrypted\ +hard drive if the primary user forgets the passphrase. The encryption key\ +back up can also be useful for extracting data after a hardware or software\ +failure that corrupts the header of the encrypted volume, or to access the\ company data after an employee leaves abruptly. +%global desc_app This package provides a command-line tool for manipulating storage volume\ +encryption keys and storing them separately from volumes.\ +\ +%{desc_common} + +%global desc_lib This package provides lib%{name}, a library for manipulating storage volume\ +encryption keys and storing them separately from volumes.\ +\ +%{desc_common} + +%global desc_python(V:) This package provides %%{-V:Python %%{-V*}}%%{!-V:Python} bindings for lib%{name}, a library for\ +manipulating storage volume encryption keys and storing them separately from\ +volumes.\ +\ +%{desc_common}\ +\ +%{name} currently supports only the LUKS volume encryption format. Support\ +for other formats is possible, some formats are planned for future releases. + +%description +%{desc_app} + %package devel Summary: A library for manipulating storage encryption keys and passphrases Group: Development/Libraries -Requires: volume_key-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} %description devel -This package provides libvolume_key, a library for manipulating storage volume -encryption keys and storing them separately from volumes. - -The main goal of the software is to allow restoring access to an encrypted -hard drive if the primary user forgets the passphrase. The encryption key -back up can also be useful for extracting data after a hardware or software -failure that corrupts the header of the encrypted volume, or to access the -company data after an employee leaves abruptly. +%{desc_lib} %package libs Summary: A library for manipulating storage encryption keys and passphrases @@ -47,40 +91,35 @@ Group: System Environment/Libraries Requires: /usr/bin/gpg2 %description libs -This package provides libvolume_key, a library for manipulating storage volume -encryption keys and storing them separately from volumes. +%{desc_lib} -The main goal of the software is to allow restoring access to an encrypted -hard drive if the primary user forgets the passphrase. The encryption key -back up can also be useful for extracting data after a hardware or software -failure that corrupts the header of the encrypted volume, or to access the -company data after an employee leaves abruptly. - -%package -n python2-volume_key -%{?python_provide:%python_provide python2-volume_key} -Summary: Python bindings for libvolume_key +%if 0%{?drop_python2} < 1 +%package -n python2-%{name} +%{?python_provide:%python_provide python2-%{name}} +Summary: Python bindings for lib%{name} Group: System Environment/Libraries -Requires: volume_key-libs%{?_isa} = %{version}-%{release} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} -%description -n python2-volume_key -This package provides Python bindings for libvolume_key, a library for -manipulating storage volume encryption keys and storing them separately from -volumes. +%description -n python2-%{name} +%desc_python +%endif -The main goal of the software is to allow restoring access to an encrypted -hard drive if the primary user forgets the passphrase. The encryption key -back up can also be useful for extracting data after a hardware or software -failure that corrupts the header of the encrypted volume, or to access the -company data after an employee leaves abruptly. +%if %{with python3} +%package -n python3-%{name} +%{?python_provide:%python_provide python3-%{name}} +Summary: Python 3 bindings for lib%{name} +Group: System Environment/Libraries +Requires: %{name}-libs%{?_isa} = %{version}-%{release} -volume_key currently supports only the LUKS volume encryption format. Support -for other formats is possible, some formats are planned for future releases. +%description -n python3-%{name} +%desc_python -V 3 +%endif %prep %setup -q %build -%configure +%configure %{?with_pythons} make %{?_smp_mflags} %install @@ -90,30 +129,48 @@ make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' find %{buildroot} -type f -name "*.la" -delete %check -make check +make check || { \ +echo "======================== ./test-suite.log ========================"; \ +cat ./test-suite.log; \ +echo "=================================================================="; \ +exit 1; \ +} -%find_lang volume_key +%find_lang %{name} %ldconfig_scriptlets libs %files %doc README contrib -%{_bindir}/volume_key -%{_mandir}/man8/volume_key.8* +%{_bindir}/%{name} +%{_mandir}/man8/%{name}.8* %files devel -%{_includedir}/volume_key -%{_libdir}/libvolume_key.so +%{_includedir}/%{name} +%{_libdir}/lib%{name}.so -%files libs -f volume_key.lang +%files libs -f %{name}.lang %doc AUTHORS COPYING ChangeLog NEWS -%{_libdir}/libvolume_key.so.* +%{_libdir}/lib%{name}.so.* -%files -n python2-volume_key -%{python2_sitearch}/_volume_key.so -%{python2_sitearch}/volume_key.py* +%if 0%{?drop_python2} < 1 +%files -n python2-%{name} +%{python2_sitearch}/_%{name}.so +%{python2_sitearch}/%{name}.py* +%endif + +%if %{with python3} +%files -n python3-%{name} +%{python3_sitearch}/_%{name}.so +%{python3_sitearch}/%{name}.py* +%{python3_sitearch}/__pycache__/%{name}.* +%endif %changelog +* Mon Oct 08 2018 Jiri Kucera - 0.3.12-1 +- Update to volume_key-0.3.12 + Resolves: #1634850 + * Sat Jul 14 2018 Fedora Release Engineering - 0.3.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild From 860134b642b61dfdfdaaa232791da86c502822c5 Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Wed, 23 Jan 2019 15:06:02 +0100 Subject: [PATCH 055/101] Add support for LUKS2 and more Minor changes: - volume_key.spec: fix License tag --- ...me_key-0.3.12-support_LUKS2_and_more.patch | 24 +++++++++++++++++++ volume_key.spec | 18 ++++++++++---- 2 files changed, 37 insertions(+), 5 deletions(-) create mode 100644 volume_key-0.3.12-support_LUKS2_and_more.patch diff --git a/volume_key-0.3.12-support_LUKS2_and_more.patch b/volume_key-0.3.12-support_LUKS2_and_more.patch new file mode 100644 index 0000000..1e5be56 --- /dev/null +++ b/volume_key-0.3.12-support_LUKS2_and_more.patch @@ -0,0 +1,24 @@ +diff --git a/lib/volume_luks.c b/lib/volume_luks.c +index f4bf2c8..d1c5d47 100644 +--- a/lib/volume_luks.c ++++ b/lib/volume_luks.c +@@ -30,6 +30,10 @@ Author: Miloslav Trmač */ + #include "volume.h" + #include "volume_luks.h" + ++#ifndef CRYPT_LUKS ++#define CRYPT_LUKS NULL ++#endif ++ + /* LUKS - specific code */ + + /* Return an error message for ERR_NO, for g_free (). */ +@@ -105,7 +109,7 @@ open_crypt_device (const char *path, char **last_log_entry, GError **error) + if (r < 0) + goto err; + crypt_set_log_callback(cd, record_cryptsetup_log_entry, last_log_entry); +- r = crypt_load (cd, CRYPT_LUKS1, NULL); ++ r = crypt_load (cd, CRYPT_LUKS, NULL); + if (r < 0) + goto err_cd; + return cd; diff --git a/volume_key.spec b/volume_key.spec index 5d05251..a2f00be 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,14 +32,17 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 1%{?dist} -# lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1 and GPLv2 -License: GPLv2 and (MPLv1.1 or GPLv2) +Release: 2%{?dist} +# lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2 +License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) Group: Applications/System URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz +# Support all LUKS devices +# - backport of 26c09768662d8958debe8c9410dae9fda02292c3 +Patch0: volume_key-0.3.12-support_LUKS2_and_more.patch BuildRequires: gcc BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg2 BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python3-devel @@ -117,6 +120,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release} %prep %setup -q +%patch0 -p1 %build %configure %{?with_pythons} @@ -128,6 +132,8 @@ make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' # Remove libtool archive find %{buildroot} -type f -name "*.la" -delete +%find_lang %{name} + %check make check || { \ echo "======================== ./test-suite.log ========================"; \ @@ -136,8 +142,6 @@ echo "=================================================================="; \ exit 1; \ } -%find_lang %{name} - %ldconfig_scriptlets libs %files @@ -167,6 +171,10 @@ exit 1; \ %endif %changelog +* Wed Jan 23 2019 Jiri Kucera - 0.3.12-2 +- Add support for LUKS2 and more +- Fix License tag + * Mon Oct 08 2018 Jiri Kucera - 0.3.12-1 - Update to volume_key-0.3.12 Resolves: #1634850 From a4b9002849ba190e1596d043674e2449b753e9e5 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Mon, 28 Jan 2019 20:18:30 +0100 Subject: [PATCH 056/101] Remove obsolete Group tag References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag --- volume_key.spec | 5 ----- 1 file changed, 5 deletions(-) diff --git a/volume_key.spec b/volume_key.spec index a2f00be..7ea82fa 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -35,7 +35,6 @@ Version: 0.3.12 Release: 2%{?dist} # lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2 License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) -Group: Applications/System URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -82,7 +81,6 @@ for other formats is possible, some formats are planned for future releases. %package devel Summary: A library for manipulating storage encryption keys and passphrases -Group: Development/Libraries Requires: %{name}-libs%{?_isa} = %{version}-%{release} %description devel @@ -90,7 +88,6 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release} %package libs Summary: A library for manipulating storage encryption keys and passphrases -Group: System Environment/Libraries Requires: /usr/bin/gpg2 %description libs @@ -100,7 +97,6 @@ Requires: /usr/bin/gpg2 %package -n python2-%{name} %{?python_provide:%python_provide python2-%{name}} Summary: Python bindings for lib%{name} -Group: System Environment/Libraries Requires: %{name}-libs%{?_isa} = %{version}-%{release} %description -n python2-%{name} @@ -111,7 +107,6 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release} %package -n python3-%{name} %{?python_provide:%python_provide python3-%{name}} Summary: Python 3 bindings for lib%{name} -Group: System Environment/Libraries Requires: %{name}-libs%{?_isa} = %{version}-%{release} %description -n python3-%{name} From 601eea70c2d810f69194f0faf43cf67fe1d5322d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sun, 3 Feb 2019 11:25:21 +0000 Subject: [PATCH 057/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 7ea82fa..4ce1c1f 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 2%{?dist} +Release: 3%{?dist} # lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2 License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) URL: https://pagure.io/%{name}/ @@ -166,6 +166,9 @@ exit 1; \ %endif %changelog +* Sun Feb 03 2019 Fedora Release Engineering - 0.3.12-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Wed Jan 23 2019 Jiri Kucera - 0.3.12-2 - Add support for LUKS2 and more - Fix License tag From d0331dcac28b695c006d3de85b9859f612f7128f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 27 Jul 2019 03:08:56 +0000 Subject: [PATCH 058/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 4ce1c1f..6467f2c 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 3%{?dist} +Release: 4%{?dist} # lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2 License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) URL: https://pagure.io/%{name}/ @@ -166,6 +166,9 @@ exit 1; \ %endif %changelog +* Sat Jul 27 2019 Fedora Release Engineering - 0.3.12-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Sun Feb 03 2019 Fedora Release Engineering - 0.3.12-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild From 7d16cd40b262ceef0634e020847289086c02955d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Mon, 19 Aug 2019 11:09:21 +0200 Subject: [PATCH 059/101] Rebuilt for Python 3.8 --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 6467f2c..1779e6e 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 4%{?dist} +Release: 5%{?dist} # lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2 License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) URL: https://pagure.io/%{name}/ @@ -166,6 +166,9 @@ exit 1; \ %endif %changelog +* Mon Aug 19 2019 Miro Hrončok - 0.3.12-5 +- Rebuilt for Python 3.8 + * Sat Jul 27 2019 Fedora Release Engineering - 0.3.12-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild From 1d537b40fb927868f8beb39b3313e01709a036f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Thu, 3 Oct 2019 14:41:28 +0200 Subject: [PATCH 060/101] Rebuilt for Python 3.8.0rc1 (#1748018) --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 1779e6e..ec24f72 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 5%{?dist} +Release: 6%{?dist} # lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2 License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) URL: https://pagure.io/%{name}/ @@ -166,6 +166,9 @@ exit 1; \ %endif %changelog +* Thu Oct 03 2019 Miro Hrončok - 0.3.12-6 +- Rebuilt for Python 3.8.0rc1 (#1748018) + * Mon Aug 19 2019 Miro Hrončok - 0.3.12-5 - Rebuilt for Python 3.8 From 025ab484ed0231ab1fa3ac7c2b64b8719419c69f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 31 Jan 2020 03:21:07 +0000 Subject: [PATCH 061/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index ec24f72..094d801 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 6%{?dist} +Release: 7%{?dist} # lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2 License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) URL: https://pagure.io/%{name}/ @@ -166,6 +166,9 @@ exit 1; \ %endif %changelog +* Fri Jan 31 2020 Fedora Release Engineering - 0.3.12-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Thu Oct 03 2019 Miro Hrončok - 0.3.12-6 - Rebuilt for Python 3.8.0rc1 (#1748018) From aa8676588459e6d06fef7af02609c313b6d20330 Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Sun, 24 May 2020 23:31:40 +0200 Subject: [PATCH 062/101] Add tests --- tests/.fmf/version | 1 + tests/Sanity/basic-sanity/main.fmf | 16 ++ tests/Sanity/basic-sanity/runtest.sh | 192 ++++++++++++++++++ tests/settings/environment.sh | 28 +++ tests/tests.yml | 14 ++ tests/utils/common.tcl | 30 +++ tests/utils/cryptsetup.exp | 66 +++++++ tests/utils/rlwrap.sh | 280 +++++++++++++++++++++++++++ tests/utils/utils.sh | 224 +++++++++++++++++++++ tests/utils/volume_key.exp | 110 +++++++++++ 10 files changed, 961 insertions(+) create mode 100644 tests/.fmf/version create mode 100644 tests/Sanity/basic-sanity/main.fmf create mode 100755 tests/Sanity/basic-sanity/runtest.sh create mode 100644 tests/settings/environment.sh create mode 100644 tests/tests.yml create mode 100644 tests/utils/common.tcl create mode 100755 tests/utils/cryptsetup.exp create mode 100644 tests/utils/rlwrap.sh create mode 100644 tests/utils/utils.sh create mode 100755 tests/utils/volume_key.exp diff --git a/tests/.fmf/version b/tests/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/tests/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/tests/Sanity/basic-sanity/main.fmf b/tests/Sanity/basic-sanity/main.fmf new file mode 100644 index 0000000..07ac2a8 --- /dev/null +++ b/tests/Sanity/basic-sanity/main.fmf @@ -0,0 +1,16 @@ +--- +component: volume_key +summary: basic sanity test for volume_key utility +contact: + - Jan Blazek + - Jiri Kucera +description: basic sanity test for volume_key utility +require: + - volume_key + - cryptsetup + - expect + - tcllib + - nss-tools +test: ./runtest.sh +duration: 10m +tier: 1 diff --git a/tests/Sanity/basic-sanity/runtest.sh b/tests/Sanity/basic-sanity/runtest.sh new file mode 100755 index 0000000..f265cfd --- /dev/null +++ b/tests/Sanity/basic-sanity/runtest.sh @@ -0,0 +1,192 @@ +#!/bin/bash +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# File: ./tests/Sanity/basic-sanity/runtest.sh +# Author: Jan Blazek +# Jiri Kucera +# Brief: Basic sanity test for volume_key utility +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2017-2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +set -uo pipefail + +_TESTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +# Include utils +. ${_TESTDIR}/../../utils/utils.sh || { + echo "${_TESTDIR}/../../utils/utils.sh cannot be included." >&2 + exit 1 +} + +# Include test settings: +. ${_TESTDIR}/../../settings/environment.sh || { + errmsg "${_TESTDIR}/../../settings/environment.sh cannot be included." + exit 1 +} + +PACKAGE="volume_key" + +_GNUPG_DIR="${HOME}/.gnupg" +_IMAGE="image" +_IMAGE_IMG="${_IMAGE}.img" +_PACKET="packet" +_NEW_PACKET="new-packet" +_PACKET_ASYM="packet-asym" +_NEW_PACKET_ASYM="new-packet-asym" +_ESCROW="escrow" +_ESCROW_KEY="${_ESCROW}.key" +_ESCROW_CERT="${_ESCROW}.cert" +_ESCROW_PEM="${_ESCROW}.pem" +_ESCROW_P12="${_ESCROW}.p12" +_NSSDB="nssdb" + +_LUKS_PASS="lukspass" +_PACKET_PASS="packetpass" +_NEW_PACKET_PASS="newpacketpass" +_CERT_PASS="certpass" +_NEW_LUKS_PASS="newlukspass" +_NEW_LUKS_PASS_ASYM="newlukspass-asym" + +_LANG_BACKUP="${LANG}" +_LC_ALL_BACKUP="${LC_ALL}" +_TEMP_DIR="" +_VOLUME="" + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# ~~ Setup +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +function Setup() { + LANG=C + LC_ALL=C + AtCleanup Cleanup_RestoreEnvironment + + if ! rlAssertRpm "${PACKAGE}"; then + return $? + fi + + if [[ -d "${_GNUPG_DIR}" ]]; then + if ! rlFileBackup "${_GNUPG_DIR}"; then + return $? + fi + AtCleanup rlFileRestore + else + AtCleanup Cleanup_RemoveGnuPG + fi + + if ! rlRun CreateTemporaryDirectory; then + return $? + fi + _TEMP_DIR="${_Result}" + AtCleanup Cleanup_RemoveTemporaryDirectory + + if ! PushDir "${_TEMP_DIR}"; then + return $? + fi + AtCleanup PopDir + + if ! CreateEncryptedVolume \ + --image "${_IMAGE_IMG}" \ + --password "${_LUKS_PASS}" \ + ${USE_LOSETUP:+--with-losetup} + then + return $? + fi + _VOLUME="${_Result}" + AtCleanup Cleanup_DestroyVolume + + if ! CreateCertificate --name "${_ESCROW}" --dest "${_TEMP_DIR}"; then + return $? + fi + + if ! SetupNSSDatabase --dest "${_TEMP_DIR}/${_NSSDB}" \ + --cert-name "${_ESCROW}" --password "${_CERT_PASS}" + then + return $? + fi +} + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# ~~ Cleanup +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +function Cleanup_RestoreEnvironment() { + LANG="${_LANG_BACKUP}" + LC_ALL="${_LC_ALL_BACKUP}" +} + +function Cleanup_RemoveGnuPG() { + CmdRun -- rm -rfv "${_GNUPG_DIR}" +} + +function Cleanup_RemoveTemporaryDirectory() { + CmdRun -- rm -rfv "${_TEMP_DIR}" +} + +function Cleanup_DestroyVolume() { + if [[ "${USE_LOSETUP:+yes}" == "yes" ]]; then + CmdRun -- losetup -d "${_VOLUME}" + fi +} + +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# ~~ Tests +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +function TestVolumeKeySave() { + CmdRun 0 \ + "volume_key --save ${_VOLUME} --output-format=passphrase -o ${_PACKET}" \ + ${SCRIPTDIR}/volume_key.exp -- \ + --password1 "${_LUKS_PASS}" --password2 "${_PACKET_PASS}" \ + ${USING_PINENTRY:+--pinentry} -- \ + --save "${_VOLUME}" --output-format=passphrase -o "${_PACKET}" +} +AddTest TestVolumeKeySave "save" + +function TestVolumeKeyRestore() { + ClearGpgAgentsCache + if ! CmdRun 0 "volume_key --restore ${_VOLUME} ${_PACKET}" \ + ${SCRIPTDIR}/volume_key.exp -- \ + --password1 "${_PACKET_PASS}" --password2 "${_NEW_LUKS_PASS}" \ + ${USING_PINENTRY:+--pinentry} -- \ + --restore "${_VOLUME}" "${_PACKET}" + then + return $? + fi + + if ! CmdRun 0 "cryptsetup luksOpen ${_VOLUME} ${_IMAGE}" \ + ${SCRIPTDIR}/cryptsetup.exp -- --password "${_NEW_LUKS_PASS}" -- \ + luksOpen "${_VOLUME}" "${_IMAGE}" + then + return $? + fi + + CmdRun -- ls -la "/dev/mapper" + rlAssertExists "/dev/mapper/${_IMAGE}" + + CmdRun -- cryptsetup luksClose "${_IMAGE}" +} +AddTest TestVolumeKeyRestore "restore" + +RunTest diff --git a/tests/settings/environment.sh b/tests/settings/environment.sh new file mode 100644 index 0000000..79107c3 --- /dev/null +++ b/tests/settings/environment.sh @@ -0,0 +1,28 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# File: ./tests/settings/environment.sh +# Author: Jiri Kucera +# Brief: Environment variables with distribution specific values +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export USE_LOSETUP="" +export USING_PINENTRY="" +export CLEAR_GPG_AGENTS_CACHE=1 diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..c113f70 --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,14 @@ +--- +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - classic + - container + fmf_filter: "tier: 1" + required_packages: + - volume_key + - cryptsetup + - expect + - tcllib + - nss-tools diff --git a/tests/utils/common.tcl b/tests/utils/common.tcl new file mode 100644 index 0000000..2b1117b --- /dev/null +++ b/tests/utils/common.tcl @@ -0,0 +1,30 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# File: ./tests/utils/common.tcl +# Author: Jiri Kucera +# Brief: Common utilities for expect scripts +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +proc verify_password {password} { + if {$password == ""} { + return -code error "password required!" + } +} diff --git a/tests/utils/cryptsetup.exp b/tests/utils/cryptsetup.exp new file mode 100755 index 0000000..7de0574 --- /dev/null +++ b/tests/utils/cryptsetup.exp @@ -0,0 +1,66 @@ +#!/usr/bin/expect -f +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# File: ./tests/utils/cryptsetup.exp +# Author: Jiri Kucera +# Brief: Expect wrapper around cryptsetup +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +package require cmdline + +source common.tcl + +set options { + {password.arg "" "Password required by some cryptsetup actions"} +} + +set usage "\[options\] -- cryptsetup_options\noptions:" + +if {[catch { + array set params [::cmdline::getoptions argv $options $usage] +} result]} { + if {$::errorCode eq {CMDLINE USAGE}} { + puts $result + exit 0 + } + puts $::errorCode + puts $::errorInfo + exit 1 +} + +set password $params(password) + +eval spawn cryptsetup $::argv +if {"luksFormat" in $::argv} { + verify_password $password + expect -exact "Are you sure? (Type uppercase yes): " + send -- "YES\r" + expect -re "Enter( LUKS)? passphrase.*" + send -- "$password\r" + expect -re "Verify passphrase.*" + send -- "$password\r" + expect eof +} elseif {"luksOpen" in $::argv} { + verify_password $password + expect -re "Enter passphrase for.*" + send -- "$password\r" + expect eof +} diff --git a/tests/utils/rlwrap.sh b/tests/utils/rlwrap.sh new file mode 100644 index 0000000..c75f633 --- /dev/null +++ b/tests/utils/rlwrap.sh @@ -0,0 +1,280 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# File: ./tests/utils/rlwrap.sh +# Author: Jiri Kucera +# Brief: Wrapper around beakerlib (rlX) functions +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +set -uo pipefail + +## +# Result, ResultA, ResultB +# +# If a function has an output, it is stored inside these variables. +Result="" +ResultA="" +ResultB="" + +declare -ag _CleanupActions=() +declare -ag _Tests=() + +## +# errmsg ERRMSG +# +# ERRMSG +# error message +# +# Print ERRMSG to standard error output. +function errmsg() { + echo "$1" >&2 +} + +## +# required_options OPTION_LIST +# +# OPTION_LIST +# a list of option names (without --) +# +# For every X from OPTION_LIST, test if --$X was specified by checking that +# __${X//-/_} is not empty. +function required_options() { + local __optvar="" + + while [[ $# -gt 0 ]]; do + __optvar="__${1//-/_}" + if [[ -z "${!__optvar}" ]]; then + errmsg "${FUNCTION[1]}: Missing required option: --$1" + return 1 + fi + shift + done +} + +## +# invalid_argument ARG_NAME +# +# ARG_NAME +# argument name +# +# Report to standard error output that ARG_NAME is not a valid argument and +# return 1. +function invalid_argument() { + errmsg "${FUNCTION[1]}: Invalid argument '$1'." + return 1 +} + +## +# Concat ARGS +# +# ARGS +# list of arguments +# +# Make a string by concatenating all arguments from ARGS. Useful for creating +# long comments for rlRun. +function Concat() { + echo "$*" +} + +## +# RunCmd [-t] [-l] [-c] [-s] [STATUS] [COMMENT] [--] COMMAND [COMMAND_ARGS] +# +# -t, -l, -c, -s +# see rlRun +# STATUS +# see rlRun +# COMMENT +# see rlRun +# -- +# options-command delimiter +# COMMAND +# command that should be run +# COMMAND_ARGS +# command arguments +# +# Wrapper around beakerlib's rlRun that allows COMMAND and its arguments to be +# passed separately and not as one long string. +function RunCmd() { + local __tflag="" + local __lflag="" + local __cflag="" + local __sflag="" + local __command="" + local __status="0" + local __comment="" + + # Handle short options: + while [[ $# -gt 0 ]]; do + case "$1" in + -t) __tflag="$1" ;; + -l) __lflag="$1" ;; + -c) __cflag="$1" ;; + -s) __sflag="$1" ;; + *) break ;; + esac + shift + done + + # First positional argument before -- is expected status code: + if [[ -n "${1:-}" ]] && [[ "$1" != "--" ]]; then + __status="$1" + shift + fi + + # Second positional argument before -- is comment: + if [[ -n "${1:-}" ]] && [[ "$1" != "--" ]]; then + __comment="$1" + shift + fi + + # Consume options-command delimiter: + if [[ "${1:-}" == "--" ]]; then + shift + fi + + # Command name is required: + if [[ -z "${1:-}" ]]; then + errmsg "Expected command." + return 1 + fi + __command="$1"; shift + + # The rest of options are command arguments: + while [[ $# -gt 0 ]]; do + __command="${__command} $1" + shift + done + + # Let the game begin: + rlRun ${__tflag} ${__lflag} ${__cflag} ${__sflag} \ + "${__command}" "${__status}" "${__comment}" +} + +## +# CreateTemporaryDirectory +# +# Create a temporary directory and store its path to Result. +function CreateTemporaryDirectory() { + Result="$(mktemp -d)" +} + +## +# PushDir DIRECTORY +# +# DIRECTORY +# path to directory +# +# Perform `rlRun pushd DIRECTORY`. +function PushDir() { + RunCmd -- pushd "\"$1\"" +} + +## +# PopDir +# +# Perform `rlRun popd`. +function PopDir() { + RunCmd -- popd +} + +## +# AtCleanup COMMAND +# +# COMMAND +# cleanup action as a command +# +# Insert COMMAND to the beginning of the list of cleanup actions. +function AtCleanup() { + _CleanupActions=( "$1" "${_CleanupActions[@]}" ) +} + +## +# AddTest TESTFUNC [DESCRIPTION] +# +# TESTFUNC +# function that performs the test +# DESCRIPTION +# test description +# +# Add test to the list of tests. +function AddTest() { + _Tests+=( "$1=${2:-}" ) +} + +## +# DoSetup +# +# Invoke Setup function and return its status code. Setup must be defined +# before. +function DoSetup() { + local __status=0 + + rlPhaseStartSetup + if [[ "$(LC_ALL=C type -t Setup)" != "function" ]]; then + rlFail "Function 'Setup' is not defined. Please, define it." + else + Setup + fi + __status=$? + rlPhaseEnd + return ${__status} +} + +## +# DoTests +# +# Run all tests from the tests list. +function DoTests() { + for __testspec in "${_Tests[@]}"; do + # __testspec has the format 'testfunc=test description': + rlPhaseStartTest "${__testspec#*=}" + "${__testspec%%=*}" || : + rlPhaseEnd + done +} + +## +# DoCleanup +# +# Run all registered cleanup actions in the reverse order than they were +# registered by AtCleanup. +function DoCleanup() { + rlPhaseStartCleanup + for __action in "${_CleanupActions[@]}"; do + "${__action}" || : + done + rlPhaseEnd +} + +## +# RunTest +# +# Test runner entry point. Perform setup, run all tests, and perform cleanup. +function RunTest() { + rlJournalStart + + if DoSetup; then + DoTests + fi + DoCleanup + + rlJournalPrintText + rlJournalEnd +} diff --git a/tests/utils/utils.sh b/tests/utils/utils.sh new file mode 100644 index 0000000..f1336f3 --- /dev/null +++ b/tests/utils/utils.sh @@ -0,0 +1,224 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# File: ./tests/utils/utils.sh +# Author: Jiri Kucera +# Brief: Common shell utilities that helps test volume_key +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +set -uo pipefail + +## +# SCRIPTDIR +# +# Path to the directory with auxiliary scripts. +SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" + +# Include beakerlib wrapper: +. "${SCRIPTDIR}/rlwrap.sh" || { + echo "${SCRIPTDIR}/rlwrap.sh cannot be included." >&2 + exit 1 +} + +## +# ClearGpgAgentsCache +# +# If CLEAR_GPG_AGENTS_CACHE is set, clear gpg-agent's password cache. +function ClearGpgAgentsCache() { + local __pid="" + + if [[ "${CLEAR_GPG_AGENTS_CACHE:-}" == "1" ]] \ + && __pid="$(pidof -s gpg-agent)" + then + kill -s SIGHUP ${__pid} || : + fi +} + +## +# CreateEncryptedVolume --image IMAGE --password PASS [--with-losetup] +# +# --image IMAGE +# path to image file from which volume is created; IMAGE is created by +# dd so it should not to point to an existing file +# --password PASS +# password needed to encrypt the volume +# --with-losetup +# create a volume as loop device +# +# Create encrypted volume from IMAGE (use PASS for the encryption). The name of +# created volume is stored to Result. +function CreateEncryptedVolume() { + local __image="" + local __volume="" + local __password="" + local __with_losetup="" + local __status=0 + + while [[ $# -gt 0 ]]; do + case "$1" in + --image) shift; __image="$1" ;; + --password) shift; __password="$1" ;; + --with-losetup) __with_losetup="yes" ;; + *) invalid_argument "$1"; return $? ;; + esac + shift + done + + if ! required_options image password; then + return $? + fi + + if ! RunCmd -- dd if=/dev/zero of="${__image}" bs=1M count=256; then + return $? + fi + + __volume="${__image}" + if [[ "${__with_losetup}" == "yes" ]]; then + if ! RunCmd -- losetup -v -f "${__image}"; then + return $? + fi + __volume="$(losetup -a | grep "${__image}" | cut -d: -f1)"; __status=$? + if [[ ${__status} -ne 0 ]]; then + return ${__status} + fi + fi + + if ! RunCmd 0 "cryptsetup luksFormat ${__volume}" -- \ + ${SCRIPTDIR}/cryptsetup.exp -- --password "${__password}" -- \ + luksFormat "${__volume}" + then + return $? + fi + + Result="${_volume}" +} + +## +# CreateCertificate --name NAME [--rsa-bits BITS] +# +# --name NAME +# certificate name +# --rsa-bits BITS +# RSA bits (default: 1024) +# +# Create NAME.key, NAME.cert, and NAME.pem inside current working directory. +function CreateCertificate() { + local __name="" + local __rsa_bits=1024 + local __key="" + local __cert="" + local __pem="" + local __subject="" + + while [[ $# -gt 0 ]]; do + case "$1" in + --name) shift; __name="$1" ;; + --rsa-bits) shift; __rsa_bits="$1" ;; + *) invalid_argument "$1"; return $? ;; + esac + shift + done + + if ! required_options name; then + return $? + fi + + __key="${__name}.key" + __cert="${__name}.cert" + __pem="${__name}.pem" + + if ! RunCmd -- openssl genrsa ${__rsa_bits} \> "${__key}"; then + return $? + fi + + __subject="/C=FooCountry/ST=FooState/L=FooLocality/O=FooOrg/OU=FooOrgUnit" + __subject="${__subject}/CN=John/SN=Doe/emailAddress=jdoe@foo.bar" + + if ! RunCmd -- openssl req -new -x509 -nodes -sha1 -days 365 \ + -key "${__key}" -subj "'${__subject}'" \> "${__cert}" + then + return $? + fi + + RunCmd -- cat "${__cert}" "${__key}" \> "${__pem}" +} + +## +# SetupNSSDatabase --dest DEST --cert-name NAME --password PASS +# +# --dest DEST +# path to directory that become NSS database +# --cert-name NAME +# the name of the certificate +# --password PASS +# a password (common for certificate and for NSS database) +# +# Create and initialize NSS database DEST with certificate NAME and secure it +# with password PASS. +function SetupNSSDatabase() { + local __dest="" + local __cert_name="" + local __password="" + local __pwdfile="" + local __pem="" + local __p12="" + + while [[ $# -gt 0 ]]; do + case "$1" in + --dest) shift; __dest="$1" ;; + --cert_name) shift; __cert_name="$1" ;; + --password) shift; __password="$1" ;; + *) invalid_argument "$1"; return $? ;; + esac + shift + done + + if ! required_options dest cert-name password; then + return $? + fi + + if ! RunCmd -- mkdir -p "${__dest}"; then + return $? + fi + + if ! __pwdfile="$(mktemp "./pwdfileXXXXX")"; then + return $? + fi + + __pem="${__cert_name}.pem" + __p12="${__cert_name}.p12" + + if ! RunCmd -- echo "${__password}" \> "${__pwdfile}"; then + return $? + fi + + if ! RunCmd -- certutil -N -d "${__dest}" -f "${__pwdfile}"; then + return $? + fi + + if ! RunCmd -- openssl pkcs12 -export -in "${__pem}" -out "${__p12}" \ + -name "${__cert-name}" -password "pass:${__password}" + then + return $? + fi + + RunCmd -- pk12util -i "${__p12}" -d "${__dest}" \ + -K "${__password}" -W "${__password}" +} diff --git a/tests/utils/volume_key.exp b/tests/utils/volume_key.exp new file mode 100755 index 0000000..ace7ba0 --- /dev/null +++ b/tests/utils/volume_key.exp @@ -0,0 +1,110 @@ +#!/usr/bin/expect -f +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# File: ./tests/utils/volume_key.exp +# Author: Jiri Kucera +# Brief: Expect wrapper around volume_key +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +package require cmdline + +source common.tcl + +set options { + {password1.arg "" "Password that volume_key may ask for"} + {password2.arg "" "Second password that volume_key may ask for"} + {pinentry "gpg-agent may ask for password via pinentry"} +} + +set usage "\[options\] -- volume_key_options\noptions:" + +if {[catch { + array set params [::cmdline::getoptions argv $options $usage] +} result]} { + if {$::errorCode eq {CMDLINE USAGE}} { + puts $result + exit 0 + } + puts $::errorCode + puts $::errorInfo + exit 1 +} + +set password1 $params(password1) +set password2 $params(password2) + +proc prompt_volume_password {password} { + verify_password $password + expect -re "Passphrase for.*" + sleep 1 + send -- "$password\r" +} + +proc prompt_new_volume_password {password} { + verify_password $password + expect -re "New passphrase for.*" + sleep 1 + send -- "$password\r" + expect -re "Repeat new passphrase for.*" + sleep 1 + send -- "$password\r" +} + +proc prompt_packet_password {password pinentry} { + verify_password $password + expect -re "Escrow packet passphrase.*" + sleep 1 + send -- "$password\r" + if {$pinentry} { + expect -re ".*Passphrase.*" + sleep 1 + send -- "$password\r" + } +} + +proc prompt_new_packet_password {password pinentry} { + verify_password $password + expect -re "New packet passphrase.*" + sleep 1 + send -- "$password\r" + expect -re "Repeat new packet passphrase.*" + sleep 1 + send -- "$password\r" + if {$pinentry} { + expect -re ".*Passphrase.*" + sleep 1 + send -- "$password\r" + expect -re ".*Passphrase.*" + sleep 1 + send -- "$password\r" + } +} + +eval spawn volume_key $::argv +if {"--save" in $::argv} { + prompt_volume_password $password1 + prompt_new_packet_password $password2 $pinentry + expect eof +} elseif {"--restore" in $::argv} { + prompt_packet_password $password1 $pinentry + prompt_new_volume_password $password2 + expect eof +} From 828b38bd12d1973feaf2d043f167dc6979eb0e6c Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Mon, 25 May 2020 02:57:28 +0200 Subject: [PATCH 063/101] rhts-environment.sh contains unbound variables --- tests/Sanity/basic-sanity/runtest.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/Sanity/basic-sanity/runtest.sh b/tests/Sanity/basic-sanity/runtest.sh index f265cfd..26909ca 100755 --- a/tests/Sanity/basic-sanity/runtest.sh +++ b/tests/Sanity/basic-sanity/runtest.sh @@ -25,14 +25,14 @@ # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -set -uo pipefail - _TESTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" # Include Beaker environment . /usr/bin/rhts-environment.sh || exit 1 . /usr/share/beakerlib/beakerlib.sh || exit 1 +set -uo pipefail + # Include utils . ${_TESTDIR}/../../utils/utils.sh || { echo "${_TESTDIR}/../../utils/utils.sh cannot be included." >&2 From 59630a287b205935a2567fa01b50cb3c4dceb1b4 Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Mon, 25 May 2020 08:47:42 +0200 Subject: [PATCH 064/101] tests: Fix unbound variable and unknown option --- tests/Sanity/basic-sanity/runtest.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/Sanity/basic-sanity/runtest.sh b/tests/Sanity/basic-sanity/runtest.sh index 26909ca..08d7b97 100755 --- a/tests/Sanity/basic-sanity/runtest.sh +++ b/tests/Sanity/basic-sanity/runtest.sh @@ -68,8 +68,8 @@ _CERT_PASS="certpass" _NEW_LUKS_PASS="newlukspass" _NEW_LUKS_PASS_ASYM="newlukspass-asym" -_LANG_BACKUP="${LANG}" -_LC_ALL_BACKUP="${LC_ALL}" +_LANG_BACKUP="${LANG:-}" +_LC_ALL_BACKUP="${LC_ALL:-}" _TEMP_DIR="" _VOLUME="" @@ -116,7 +116,7 @@ function Setup() { _VOLUME="${_Result}" AtCleanup Cleanup_DestroyVolume - if ! CreateCertificate --name "${_ESCROW}" --dest "${_TEMP_DIR}"; then + if ! CreateCertificate --name "${_ESCROW}"; then return $? fi From a9ce2b421b1f11719353f08b168ed4a63828a52d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Tue, 26 May 2020 03:54:44 +0200 Subject: [PATCH 065/101] Rebuilt for Python 3.9 --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 094d801..cc41aff 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 7%{?dist} +Release: 8%{?dist} # lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2 License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) URL: https://pagure.io/%{name}/ @@ -166,6 +166,9 @@ exit 1; \ %endif %changelog +* Tue May 26 2020 Miro Hrončok - 0.3.12-8 +- Rebuilt for Python 3.9 + * Fri Jan 31 2020 Fedora Release Engineering - 0.3.12-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild From 23c9f14348e43e8d3cc1d4167330cb7014dfdb02 Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Tue, 26 May 2020 23:12:31 +0200 Subject: [PATCH 066/101] tests: Fix Bash & Tcl issues --- tests/Sanity/basic-sanity/main.fmf | 2 +- tests/Sanity/basic-sanity/runtest.sh | 72 ++++++++---------------- tests/utils/cryptsetup.exp | 2 +- tests/utils/rlwrap.sh | 27 ++++++--- tests/utils/utils.sh | 83 +++++++++------------------- tests/utils/volume_key.exp | 2 +- 6 files changed, 71 insertions(+), 117 deletions(-) diff --git a/tests/Sanity/basic-sanity/main.fmf b/tests/Sanity/basic-sanity/main.fmf index 07ac2a8..ad4c0fa 100644 --- a/tests/Sanity/basic-sanity/main.fmf +++ b/tests/Sanity/basic-sanity/main.fmf @@ -8,9 +8,9 @@ description: basic sanity test for volume_key utility require: - volume_key - cryptsetup + - nss-tools - expect - tcllib - - nss-tools test: ./runtest.sh duration: 10m tier: 1 diff --git a/tests/Sanity/basic-sanity/runtest.sh b/tests/Sanity/basic-sanity/runtest.sh index 08d7b97..f067ab3 100755 --- a/tests/Sanity/basic-sanity/runtest.sh +++ b/tests/Sanity/basic-sanity/runtest.sh @@ -31,8 +31,6 @@ _TESTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" . /usr/bin/rhts-environment.sh || exit 1 . /usr/share/beakerlib/beakerlib.sh || exit 1 -set -uo pipefail - # Include utils . ${_TESTDIR}/../../utils/utils.sh || { echo "${_TESTDIR}/../../utils/utils.sh cannot be included." >&2 @@ -45,7 +43,8 @@ set -uo pipefail exit 1 } -PACKAGE="volume_key" +PACKAGES="${PACKAGES:-volume_key}" +REQUIRES="${REQUIRES:-cryptsetup nss-tools expect tcllib}" _GNUPG_DIR="${HOME}/.gnupg" _IMAGE="image" @@ -80,73 +79,52 @@ _VOLUME="" function Setup() { LANG=C LC_ALL=C - AtCleanup Cleanup_RestoreEnvironment - if ! rlAssertRpm "${PACKAGE}"; then - return $? - fi + rlAssertRpm --all || return $? if [[ -d "${_GNUPG_DIR}" ]]; then - if ! rlFileBackup "${_GNUPG_DIR}"; then - return $? - fi + rlFileBackup "${_GNUPG_DIR}" || return $? AtCleanup rlFileRestore else AtCleanup Cleanup_RemoveGnuPG fi - if ! rlRun CreateTemporaryDirectory; then - return $? - fi + rlRun CreateTemporaryDirectory || return $? _TEMP_DIR="${_Result}" AtCleanup Cleanup_RemoveTemporaryDirectory - if ! PushDir "${_TEMP_DIR}"; then - return $? - fi + PushDir "${_TEMP_DIR}" || return $? AtCleanup PopDir - if ! CreateEncryptedVolume \ + CreateEncryptedVolume \ --image "${_IMAGE_IMG}" \ --password "${_LUKS_PASS}" \ - ${USE_LOSETUP:+--with-losetup} - then - return $? - fi + ${USE_LOSETUP:+--with-losetup} \ + || return $? _VOLUME="${_Result}" AtCleanup Cleanup_DestroyVolume - if ! CreateCertificate --name "${_ESCROW}"; then - return $? - fi + CreateCertificate --name "${_ESCROW}" || return $? - if ! SetupNSSDatabase --dest "${_TEMP_DIR}/${_NSSDB}" \ + SetupNSSDatabase --dest "${_TEMP_DIR}/${_NSSDB}" \ --cert-name "${_ESCROW}" --password "${_CERT_PASS}" - then - return $? - fi } # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # ~~ Cleanup # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -function Cleanup_RestoreEnvironment() { - LANG="${_LANG_BACKUP}" - LC_ALL="${_LC_ALL_BACKUP}" -} - function Cleanup_RemoveGnuPG() { - CmdRun -- rm -rfv "${_GNUPG_DIR}" + RunCmd rm -rfv "${_GNUPG_DIR}" } function Cleanup_RemoveTemporaryDirectory() { - CmdRun -- rm -rfv "${_TEMP_DIR}" + RunCmd rm -rfv "${_TEMP_DIR}" } function Cleanup_DestroyVolume() { if [[ "${USE_LOSETUP:+yes}" == "yes" ]]; then - CmdRun -- losetup -d "${_VOLUME}" + RunCmd losetup -d "${_VOLUME}" fi } @@ -155,7 +133,7 @@ function Cleanup_DestroyVolume() { # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ function TestVolumeKeySave() { - CmdRun 0 \ + RunCmdX 0 \ "volume_key --save ${_VOLUME} --output-format=passphrase -o ${_PACKET}" \ ${SCRIPTDIR}/volume_key.exp -- \ --password1 "${_LUKS_PASS}" --password2 "${_PACKET_PASS}" \ @@ -166,26 +144,22 @@ AddTest TestVolumeKeySave "save" function TestVolumeKeyRestore() { ClearGpgAgentsCache - if ! CmdRun 0 "volume_key --restore ${_VOLUME} ${_PACKET}" \ + RunCmdX 0 "volume_key --restore ${_VOLUME} ${_PACKET}" \ ${SCRIPTDIR}/volume_key.exp -- \ --password1 "${_PACKET_PASS}" --password2 "${_NEW_LUKS_PASS}" \ ${USING_PINENTRY:+--pinentry} -- \ - --restore "${_VOLUME}" "${_PACKET}" - then - return $? - fi + --restore "${_VOLUME}" "${_PACKET}" \ + || return $? - if ! CmdRun 0 "cryptsetup luksOpen ${_VOLUME} ${_IMAGE}" \ + RunCmdX 0 "cryptsetup luksOpen ${_VOLUME} ${_IMAGE}" \ ${SCRIPTDIR}/cryptsetup.exp -- --password "${_NEW_LUKS_PASS}" -- \ - luksOpen "${_VOLUME}" "${_IMAGE}" - then - return $? - fi + luksOpen "${_VOLUME}" "${_IMAGE}" \ + || return $? - CmdRun -- ls -la "/dev/mapper" + RunCmd ls -la /dev/mapper rlAssertExists "/dev/mapper/${_IMAGE}" - CmdRun -- cryptsetup luksClose "${_IMAGE}" + RunCmd cryptsetup luksClose "${_IMAGE}" } AddTest TestVolumeKeyRestore "restore" diff --git a/tests/utils/cryptsetup.exp b/tests/utils/cryptsetup.exp index 7de0574..0db3f84 100755 --- a/tests/utils/cryptsetup.exp +++ b/tests/utils/cryptsetup.exp @@ -26,7 +26,7 @@ package require cmdline -source common.tcl +source [file join [file dirname [info script]] "common.tcl"] set options { {password.arg "" "Password required by some cryptsetup actions"} diff --git a/tests/utils/rlwrap.sh b/tests/utils/rlwrap.sh index c75f633..06f39ee 100644 --- a/tests/utils/rlwrap.sh +++ b/tests/utils/rlwrap.sh @@ -23,8 +23,6 @@ # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -set -uo pipefail - ## # Result, ResultA, ResultB # @@ -94,7 +92,20 @@ function Concat() { } ## -# RunCmd [-t] [-l] [-c] [-s] [STATUS] [COMMENT] [--] COMMAND [COMMAND_ARGS] +# RunCmd COMMAND [COMMAND_ARGS] +# +# COMMAND +# command that should be run +# COMMAND_ARGS +# command arguments +# +# Shorthand for RunCmdX -- COMMAND COMMAND_ARGS. +function RunCmd() { + RunCmdX -- "$@" +} + +## +# RunCmdX [-t] [-l] [-c] [-s] [STATUS] [COMMENT] [--] COMMAND [COMMAND_ARGS] # # -t, -l, -c, -s # see rlRun @@ -111,7 +122,7 @@ function Concat() { # # Wrapper around beakerlib's rlRun that allows COMMAND and its arguments to be # passed separately and not as one long string. -function RunCmd() { +function RunCmdX() { local __tflag="" local __lflag="" local __cflag="" @@ -183,7 +194,7 @@ function CreateTemporaryDirectory() { # # Perform `rlRun pushd DIRECTORY`. function PushDir() { - RunCmd -- pushd "\"$1\"" + RunCmd pushd "\"$1\"" } ## @@ -191,7 +202,7 @@ function PushDir() { # # Perform `rlRun popd`. function PopDir() { - RunCmd -- popd + RunCmd popd } ## @@ -270,9 +281,7 @@ function DoCleanup() { function RunTest() { rlJournalStart - if DoSetup; then - DoTests - fi + DoSetup && DoTests DoCleanup rlJournalPrintText diff --git a/tests/utils/utils.sh b/tests/utils/utils.sh index f1336f3..e0d3bc7 100644 --- a/tests/utils/utils.sh +++ b/tests/utils/utils.sh @@ -23,8 +23,6 @@ # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -set -uo pipefail - ## # SCRIPTDIR # @@ -69,7 +67,6 @@ function CreateEncryptedVolume() { local __volume="" local __password="" local __with_losetup="" - local __status=0 while [[ $# -gt 0 ]]; do case "$1" in @@ -81,31 +78,23 @@ function CreateEncryptedVolume() { shift done - if ! required_options image password; then - return $? - fi + required_options image password || return $? - if ! RunCmd -- dd if=/dev/zero of="${__image}" bs=1M count=256; then - return $? - fi + RunCmd dd if=/dev/zero of="${__image}" bs=1M count=256 || return $? __volume="${__image}" if [[ "${__with_losetup}" == "yes" ]]; then - if ! RunCmd -- losetup -v -f "${__image}"; then - return $? - fi - __volume="$(losetup -a | grep "${__image}" | cut -d: -f1)"; __status=$? - if [[ ${__status} -ne 0 ]]; then - return ${__status} - fi + RunCmd losetup -v -f "${__image}" || return $? + __volume="$( + set -o pipefail + losetup -a | grep "${__image}" | cut -d: -f1 + )" || return $? fi - if ! RunCmd 0 "cryptsetup luksFormat ${__volume}" -- \ + RunCmdX 0 "cryptsetup luksFormat ${__volume}" \ ${SCRIPTDIR}/cryptsetup.exp -- --password "${__password}" -- \ - luksFormat "${__volume}" - then - return $? - fi + luksFormat "${__volume}" \ + || return $? Result="${_volume}" } @@ -136,28 +125,22 @@ function CreateCertificate() { shift done - if ! required_options name; then - return $? - fi + required_options name || return $? __key="${__name}.key" __cert="${__name}.cert" __pem="${__name}.pem" - if ! RunCmd -- openssl genrsa ${__rsa_bits} \> "${__key}"; then - return $? - fi + RunCmd openssl genrsa ${__rsa_bits} \> "${__key}" || return $? - __subject="/C=FooCountry/ST=FooState/L=FooLocality/O=FooOrg/OU=FooOrgUnit" + __subject="/C=XX/ST=FooState/L=FooLocality/O=FooOrg/OU=FooOrgUnit" __subject="${__subject}/CN=John/SN=Doe/emailAddress=jdoe@foo.bar" - if ! RunCmd -- openssl req -new -x509 -nodes -sha1 -days 365 \ - -key "${__key}" -subj "'${__subject}'" \> "${__cert}" - then - return $? - fi + RunCmd openssl req -new -x509 -nodes -sha1 -days 365 \ + -key "${__key}" -subj "'${__subject}'" \> "${__cert}" \ + || return $? - RunCmd -- cat "${__cert}" "${__key}" \> "${__pem}" + RunCmd cat "${__cert}" "${__key}" \> "${__pem}" } ## @@ -183,42 +166,30 @@ function SetupNSSDatabase() { while [[ $# -gt 0 ]]; do case "$1" in --dest) shift; __dest="$1" ;; - --cert_name) shift; __cert_name="$1" ;; + --cert-name) shift; __cert_name="$1" ;; --password) shift; __password="$1" ;; *) invalid_argument "$1"; return $? ;; esac shift done - if ! required_options dest cert-name password; then - return $? - fi + required_options dest cert-name password || return $? - if ! RunCmd -- mkdir -p "${__dest}"; then - return $? - fi + RunCmd mkdir -p "${__dest}" || return $? - if ! __pwdfile="$(mktemp "./pwdfileXXXXX")"; then - return $? - fi + __pwdfile="$(mktemp "./pwdfileXXXXX")" || return $? __pem="${__cert_name}.pem" __p12="${__cert_name}.p12" - if ! RunCmd -- echo "${__password}" \> "${__pwdfile}"; then - return $? - fi + RunCmd echo "${__password}" \> "${__pwdfile}" || return $? - if ! RunCmd -- certutil -N -d "${__dest}" -f "${__pwdfile}"; then - return $? - fi + RunCmd certutil -N -d "${__dest}" -f "${__pwdfile}" || return $? - if ! RunCmd -- openssl pkcs12 -export -in "${__pem}" -out "${__p12}" \ - -name "${__cert-name}" -password "pass:${__password}" - then - return $? - fi + RunCmd openssl pkcs12 -export -in "${__pem}" -out "${__p12}" \ + -name "${__cert-name}" -password "pass:${__password}" \ + || return $? - RunCmd -- pk12util -i "${__p12}" -d "${__dest}" \ + RunCmd pk12util -i "${__p12}" -d "${__dest}" \ -K "${__password}" -W "${__password}" } diff --git a/tests/utils/volume_key.exp b/tests/utils/volume_key.exp index ace7ba0..26fa29e 100755 --- a/tests/utils/volume_key.exp +++ b/tests/utils/volume_key.exp @@ -26,7 +26,7 @@ package require cmdline -source common.tcl +source [file join [file dirname [info script]] "common.tcl"] set options { {password1.arg "" "Password that volume_key may ask for"} From e7e88210b1dfb5a252efe4699b46b14c5de34cb9 Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Wed, 27 May 2020 00:18:43 +0200 Subject: [PATCH 067/101] tests: Fix issues with variables --- tests/Sanity/basic-sanity/runtest.sh | 6 ++---- tests/utils/utils.sh | 2 +- tests/utils/volume_key.exp | 1 + 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/Sanity/basic-sanity/runtest.sh b/tests/Sanity/basic-sanity/runtest.sh index f067ab3..f662f76 100755 --- a/tests/Sanity/basic-sanity/runtest.sh +++ b/tests/Sanity/basic-sanity/runtest.sh @@ -67,8 +67,6 @@ _CERT_PASS="certpass" _NEW_LUKS_PASS="newlukspass" _NEW_LUKS_PASS_ASYM="newlukspass-asym" -_LANG_BACKUP="${LANG:-}" -_LC_ALL_BACKUP="${LC_ALL:-}" _TEMP_DIR="" _VOLUME="" @@ -90,7 +88,7 @@ function Setup() { fi rlRun CreateTemporaryDirectory || return $? - _TEMP_DIR="${_Result}" + _TEMP_DIR="${Result}" AtCleanup Cleanup_RemoveTemporaryDirectory PushDir "${_TEMP_DIR}" || return $? @@ -101,7 +99,7 @@ function Setup() { --password "${_LUKS_PASS}" \ ${USE_LOSETUP:+--with-losetup} \ || return $? - _VOLUME="${_Result}" + _VOLUME="${Result}" AtCleanup Cleanup_DestroyVolume CreateCertificate --name "${_ESCROW}" || return $? diff --git a/tests/utils/utils.sh b/tests/utils/utils.sh index e0d3bc7..480b7e4 100644 --- a/tests/utils/utils.sh +++ b/tests/utils/utils.sh @@ -96,7 +96,7 @@ function CreateEncryptedVolume() { luksFormat "${__volume}" \ || return $? - Result="${_volume}" + Result="${__volume}" } ## diff --git a/tests/utils/volume_key.exp b/tests/utils/volume_key.exp index 26fa29e..06abe1a 100755 --- a/tests/utils/volume_key.exp +++ b/tests/utils/volume_key.exp @@ -50,6 +50,7 @@ if {[catch { set password1 $params(password1) set password2 $params(password2) +set pinentry $params(pinentry) proc prompt_volume_password {password} { verify_password $password From d58a399a9e799c9456f190ef3ea9e7c6a4c04b65 Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Thu, 28 May 2020 14:04:03 +0200 Subject: [PATCH 068/101] tests: Add RunCmdViaExpect function Improves test readability. --- tests/Sanity/basic-sanity/runtest.sh | 40 +++--- tests/utils/rlwrap.sh | 203 +++++++++++++++++++++++++++ tests/utils/utils.sh | 8 +- tests/utils/volume_key.exp | 20 +-- 4 files changed, 240 insertions(+), 31 deletions(-) diff --git a/tests/Sanity/basic-sanity/runtest.sh b/tests/Sanity/basic-sanity/runtest.sh index f662f76..6fe347a 100755 --- a/tests/Sanity/basic-sanity/runtest.sh +++ b/tests/Sanity/basic-sanity/runtest.sh @@ -43,6 +43,8 @@ _TESTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" exit 1 } +TEST="${TEST:-/CoreOS/volume_key/tests/Sanity/basic-sanity}" +TESTVERSION="${TESTVERSION:-1.0}" PACKAGES="${PACKAGES:-volume_key}" REQUIRES="${REQUIRES:-cryptsetup nss-tools expect tcllib}" @@ -77,6 +79,7 @@ _VOLUME="" function Setup() { LANG=C LC_ALL=C + export EXPECT_SCRIPTS_PATH="${SCRIPTDIR}" rlAssertRpm --all || return $? @@ -131,28 +134,31 @@ function Cleanup_DestroyVolume() { # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ function TestVolumeKeySave() { - RunCmdX 0 \ - "volume_key --save ${_VOLUME} --output-format=passphrase -o ${_PACKET}" \ - ${SCRIPTDIR}/volume_key.exp -- \ - --password1 "${_LUKS_PASS}" --password2 "${_PACKET_PASS}" \ - ${USING_PINENTRY:+--pinentry} -- \ - --save "${_VOLUME}" --output-format=passphrase -o "${_PACKET}" + RunCmdViaExpect + Command volume_key + Command --save "${_VOLUME}" --output-format=passphrase -o "${_PACKET}" + Input --lukspass "${_LUKS_PASS}" + Input --packetpass "${_PACKET_PASS}" + Input ${USING_PINENTRY:+--pinentry} + FinishRun } AddTest TestVolumeKeySave "save" function TestVolumeKeyRestore() { - ClearGpgAgentsCache - RunCmdX 0 "volume_key --restore ${_VOLUME} ${_PACKET}" \ - ${SCRIPTDIR}/volume_key.exp -- \ - --password1 "${_PACKET_PASS}" --password2 "${_NEW_LUKS_PASS}" \ - ${USING_PINENTRY:+--pinentry} -- \ - --restore "${_VOLUME}" "${_PACKET}" \ - || return $? + rlAssertExists "${_PACKET}" || return $? - RunCmdX 0 "cryptsetup luksOpen ${_VOLUME} ${_IMAGE}" \ - ${SCRIPTDIR}/cryptsetup.exp -- --password "${_NEW_LUKS_PASS}" -- \ - luksOpen "${_VOLUME}" "${_IMAGE}" \ - || return $? + ClearGpgAgentsCache + RunCmdViaExpect + Command volume_key --restore "${_VOLUME}" "${_PACKET}" + Input --lukspass "${_LUKS_PASS}" + Input --packetpass "${_PACKET_PASS}" + Input ${USING_PINENTRY:+--pinentry} + FinishRun || return $? + + RunCmdViaExpect + Command cryptsetup luksOpen "${_VOLUME}" "${_IMAGE}" + Input --password "${_NEW_LUKS_PASS}" + FinishRun || return $? RunCmd ls -la /dev/mapper rlAssertExists "/dev/mapper/${_IMAGE}" diff --git a/tests/utils/rlwrap.sh b/tests/utils/rlwrap.sh index 06f39ee..c11b7d7 100644 --- a/tests/utils/rlwrap.sh +++ b/tests/utils/rlwrap.sh @@ -31,6 +31,18 @@ Result="" ResultA="" ResultB="" +# Internal variables used by RunCmdViaExpect family of functions. +_rlwrap_expect_script_path="" +declare -ag _rlwrap_rlRun_options=() +declare -ag _rlwrap_expect_options=() +_rlwrap_expect_script="" +_rlwrap_expect_script_scommand="" +declare -ag _rlwrap_expect_script_command_args=() +declare -ag _rlwrap_expect_script_input_args=() +_rlwrap_rlRun_status="0" +_rlwrap_rlRun_comment="" + +# Internal variables used by RunTest family of functions. declare -ag _CleanupActions=() declare -ag _Tests=() @@ -178,6 +190,197 @@ function RunCmdX() { "${__command}" "${__status}" "${__comment}" } +## +# RunCmdViaExpect +# +# Starts a specification of command that should be run via expect. This is +# handy for interactive commands. General usage is +# +# RunCmdViaExpect +# Path ${ScriptsDir} +# rlRunOptions -s +# ExpectOptions -f +# Command cryptsetup luksFormat ${VOLUME} +# Input --password ${PASSWD} +# Status 0 +# Comment "Format ${VOLUME}" +# FinishRun || return $? +# +# In the example above, Path specifies the directory where the expect script +# is located. If it is omitted, EXPECT_SCRIPTS_PATH environment variable is +# read. If EXPECT_SCRIPTS_PATH is not set, `.` is used. +# +# rlRunOptions are options for rlRun, like -s and -t (see beakerlib manual). +# +# ExpectOptions are options for expect tool or Tcl interpreter, not for the +# script. +# +# Command is a command together with its arguments that will be run via expect. +# The first command argument, the command itself, is used as a name of expect +# script so in the example above the name of expect script will be +# cryptsetup.exp. This script must exist in directory specified by Path. The +# rest of Command arguments will be passed to the end of this script's command +# line and it is up to script's implementation what happen to them. +# +# Input gather arguments that specify input data that are feed to command by +# expect tool when they are asked for. +# +# Input, Command, ExpectOptions, and rlRunOptions work in accumulative way. +# That is, you can write `Command cryptsetup luksFormat ${VOLUME}` as a two +# Command calls, e.g. `Command cryptsetup` and `luksFormat ${VOLUME}`. This +# allow to split long commands accross multiple lines without using backslash +# character, which has the benefit of writing comments for particular command +# options. +# +# Status is the expected status/return code (default is 0). +# +# Comment is the comment as described in rlRun documentation. The default +# comment is a string made from arguments of Command separated by spaces. +# +# FinishRun makes a final arguments for rlRun and execute it. In our case, the +# rlRun call will look like this +# +# rlRun -s "${ScriptsDir}/cryptsetup.exp -f -- --password ${PASSWD} -- +# luksFormat ${VOLUME}" 0 "Format ${VOLUME}" +# +# The return code of rlRun is the return code of FinishRun. To parse its +# command line, cryptsetup.exp uses cmdline package from tcllib. +function RunCmdViaExpect() { + _rlwrap_expect_script_path="${EXPECT_SCRIPTS_PATH:-.}" + _rlwrap_rlRun_options=() + _rlwrap_expect_options=() + _rlwrap_expect_script="" + _rlwrap_expect_script_scommand="" + _rlwrap_expect_script_command_args=() + _rlwrap_expect_script_input_args=() + _rlwrap_rlRun_status="0" + _rlwrap_rlRun_comment="" +} + +## +# Path [PATH] +# +# PATH +# PATH to script directory +# +# See RunCmdViaExpect. +function Path() { + if [[ $# -gt 0 ]]; then + _rlwrap_expect_script_path="${1}" + fi +} + +## +# rlRunOptions [OPTIONS] +# +# OPTIONS +# options for rlRun +# +# See RunCmdViaExpect. +function rlRunOptions() { + _rlwrap_rlRun_options+=( "$@" ) +} + +## +# ExpectOptions [OPTIONS] +# +# OPTIONS +# options for expect tool +# +# See RunCmdViaExpect. +function ExpectOptions() { + _rlwrap_expect_options+=( "$@" ) +} + +## +# Command [COMMAND_OR_OPTION] [COMMAND_OPTIONS] +# +# COMMAND_OR_OPTION +# command name or option (depending on a number of Command invocations) +# COMMAND_OPTIONS +# command options +# +# See RunCmdViaExpect. +function Command() { + if [[ -z "${_rlwrap_expect_script}" ]]; then + if [[ -n "${1:-}" ]]; then + _rlwrap_expect_script="${1}.exp" + _rlwrap_expect_script_scommand="${1}" + shift + fi + fi + + if [[ $# -gt 0 ]]; then + _rlwrap_expect_script_command_args+=( "$@" ) + _rlwrap_expect_script_scommand="${_rlwrap_expect_script_scommand} $*" + fi +} + +## +# Input [OPTIONS] +# +# OPTIONS +# options for expect script that are used for passing input values to +# commands that are run from within the script +# +# See RunCmdViaExpect. +function Input() { + _rlwrap_expect_script_input_args+=( "$@" ) +} + +## +# Status [STATUS_CODE] +# +# STATUS_CODE +# expected status/return code of expect script +# +# See RunCmdViaExpect. +function Status() { + if [[ $# -gt 0 ]]; then + _rlwrap_rlRun_status="${1}" + fi +} + +## +# Comment [COMMENT] +# +# COMMENT +# comment to be passed to rlRun +# +# See RunCmdViaExpect. +function Comment() { + if [[ $# -gt 0 ]]; then + _rlwrap_rlRun_comment="${1}" + fi +} + +## +# FinishRun +# +# See RunCmdViaExpect. +function FinishRun() { + local __command="" + + if [[ -z "${_rlwrap_expect_script}" ]]; then + errmsg "RunCmdViaExpect: Missing name of expect script!" + errmsg "| The name of expect script is deduced from the first" + errmsg "| argument given to Command." + return 1 + fi + + if [[ -z "${_rlwrap_rlRun_comment}" ]]; then + _rlwrap_rlRun_comment="${_rlwrap_expect_script_scommand}" + fi + + __command="${_rlwrap_expect_script_path}/${_rlwrap_expect_script}" + __command="${__command} ${_rlwrap_expect_options[*]} --" + __command="${__command} ${_rlwrap_expect_script_input_args[*]} --" + __command="${__command} ${_rlwrap_expect_script_command_args[*]}" + + rlRun "${_rlwrap_rlRun_options[@]}" "${__command}" \ + "${_rlwrap_rlRun_status}" "${_rlwrap_rlRun_comment}" +} + ## # CreateTemporaryDirectory # diff --git a/tests/utils/utils.sh b/tests/utils/utils.sh index 480b7e4..9eca043 100644 --- a/tests/utils/utils.sh +++ b/tests/utils/utils.sh @@ -91,10 +91,10 @@ function CreateEncryptedVolume() { )" || return $? fi - RunCmdX 0 "cryptsetup luksFormat ${__volume}" \ - ${SCRIPTDIR}/cryptsetup.exp -- --password "${__password}" -- \ - luksFormat "${__volume}" \ - || return $? + RunCmdViaExpect + Command cryptsetup luksFormat "${__volume}" + Input --password "${__password}" + FinishRun || return $? Result="${__volume}" } diff --git a/tests/utils/volume_key.exp b/tests/utils/volume_key.exp index 06abe1a..5d301e6 100755 --- a/tests/utils/volume_key.exp +++ b/tests/utils/volume_key.exp @@ -29,8 +29,8 @@ package require cmdline source [file join [file dirname [info script]] "common.tcl"] set options { - {password1.arg "" "Password that volume_key may ask for"} - {password2.arg "" "Second password that volume_key may ask for"} + {lukspass.arg "" "Password for LUKS encryption/decryption"} + {packetpass.arg "" "Password for escrow packet encryption/decryption"} {pinentry "gpg-agent may ask for password via pinentry"} } @@ -48,18 +48,18 @@ if {[catch { exit 1 } -set password1 $params(password1) -set password2 $params(password2) +set lukspass $params(lukspass) +set packetpass $params(packetpass) set pinentry $params(pinentry) -proc prompt_volume_password {password} { +proc prompt_luks_password {password} { verify_password $password expect -re "Passphrase for.*" sleep 1 send -- "$password\r" } -proc prompt_new_volume_password {password} { +proc prompt_new_luks_password {password} { verify_password $password expect -re "New passphrase for.*" sleep 1 @@ -101,11 +101,11 @@ proc prompt_new_packet_password {password pinentry} { eval spawn volume_key $::argv if {"--save" in $::argv} { - prompt_volume_password $password1 - prompt_new_packet_password $password2 $pinentry + prompt_luks_password $lukspass + prompt_new_packet_password $packetpass $pinentry expect eof } elseif {"--restore" in $::argv} { - prompt_packet_password $password1 $pinentry - prompt_new_volume_password $password2 + prompt_packet_password $packetpass $pinentry + prompt_new_volume_password $lukspass expect eof } From 61bd1c3ee2506c204cfd7582807288ba21fd8aae Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Thu, 28 May 2020 14:13:05 +0200 Subject: [PATCH 069/101] tests: volume_key.exp: Fix function name --- tests/utils/volume_key.exp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/utils/volume_key.exp b/tests/utils/volume_key.exp index 5d301e6..20efc00 100755 --- a/tests/utils/volume_key.exp +++ b/tests/utils/volume_key.exp @@ -106,6 +106,6 @@ if {"--save" in $::argv} { expect eof } elseif {"--restore" in $::argv} { prompt_packet_password $packetpass $pinentry - prompt_new_volume_password $lukspass + prompt_new_luks_password $lukspass expect eof } From 3608c348b44d879160284c17e1f8f1845c600d08 Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Thu, 28 May 2020 14:19:51 +0200 Subject: [PATCH 070/101] tests: Fix bad password --- tests/Sanity/basic-sanity/runtest.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Sanity/basic-sanity/runtest.sh b/tests/Sanity/basic-sanity/runtest.sh index 6fe347a..d1e6c27 100755 --- a/tests/Sanity/basic-sanity/runtest.sh +++ b/tests/Sanity/basic-sanity/runtest.sh @@ -150,7 +150,7 @@ function TestVolumeKeyRestore() { ClearGpgAgentsCache RunCmdViaExpect Command volume_key --restore "${_VOLUME}" "${_PACKET}" - Input --lukspass "${_LUKS_PASS}" + Input --lukspass "${_NEW_LUKS_PASS}" Input --packetpass "${_PACKET_PASS}" Input ${USING_PINENTRY:+--pinentry} FinishRun || return $? From 2758a0bcba06119afa3908a0bddcde34ddc42cb4 Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Fri, 29 May 2020 00:56:56 +0200 Subject: [PATCH 071/101] tests: Add more basic sanity tests --- tests/Sanity/basic-sanity/runtest.sh | 216 +++++++++++++++++++++++++-- tests/utils/common.tcl | 9 ++ tests/utils/volume_key.exp | 40 ++++- 3 files changed, 245 insertions(+), 20 deletions(-) diff --git a/tests/Sanity/basic-sanity/runtest.sh b/tests/Sanity/basic-sanity/runtest.sh index d1e6c27..5ea92c8 100755 --- a/tests/Sanity/basic-sanity/runtest.sh +++ b/tests/Sanity/basic-sanity/runtest.sh @@ -49,25 +49,22 @@ PACKAGES="${PACKAGES:-volume_key}" REQUIRES="${REQUIRES:-cryptsetup nss-tools expect tcllib}" _GNUPG_DIR="${HOME}/.gnupg" -_IMAGE="image" +_IMAGE="${_IMAGE:-image}" _IMAGE_IMG="${_IMAGE}.img" -_PACKET="packet" -_NEW_PACKET="new-packet" -_PACKET_ASYM="packet-asym" -_NEW_PACKET_ASYM="new-packet-asym" -_ESCROW="escrow" -_ESCROW_KEY="${_ESCROW}.key" -_ESCROW_CERT="${_ESCROW}.cert" +_PACKET="${_PACKET:-packet}" +_NEW_PACKET="${_NEW_PACKET:-new-packet}" +_PACKET_ASYM="${_PACKET_ASYM:-packet-asym}" +_NEW_PACKET_ASYM="${_NEW_PACKET_ASYM:-new-packet-asym}" +_ESCROW="${_ESCROW:-escrow}" _ESCROW_PEM="${_ESCROW}.pem" -_ESCROW_P12="${_ESCROW}.p12" -_NSSDB="nssdb" +_NSSDB="${_NSSDB:-nssdb}" -_LUKS_PASS="lukspass" -_PACKET_PASS="packetpass" -_NEW_PACKET_PASS="newpacketpass" -_CERT_PASS="certpass" -_NEW_LUKS_PASS="newlukspass" -_NEW_LUKS_PASS_ASYM="newlukspass-asym" +_LUKS_PASS="${_LUKS_PASS:-lukspass}" +_PACKET_PASS="${_PACKET_PASS:-packetpass}" +_NEW_PACKET_PASS="${_NEW_PACKET_PASS:-newpacketpass}" +_CERT_PASS="${_CERT_PASS:-certpass}" +_NEW_LUKS_PASS="${_NEW_LUKS_PASS:-newlukspass}" +_NEW_LUKS_PASS_ASYM="${_NEW_LUKS_PASS_ASYM:-newlukspass-asym}" _TEMP_DIR="" _VOLUME="" @@ -167,4 +164,191 @@ function TestVolumeKeyRestore() { } AddTest TestVolumeKeyRestore "restore" +function TestVolumeKeySetupVolume() { + rlAssertExists "${_PACKET}" || return $? + + ClearGpgAgentsCache + RunCmdViaExpect + Command volume_key --setup-volume "${_VOLUME}" "${_PACKET}" "${_IMAGE}" + Input --packetpass "${_PACKET_PASS}" + Input ${USING_PINENTRY:+--pinentry} + FinishRun || return $? + + RunCmd ls -la /dev/mapper + rlAssertExists "/dev/mapper/${_IMAGE}" + + RunCmd cryptsetup luksClose "${_IMAGE}" +} +AddTest TestVolumeKeySetupVolume "setup-volume" + +function TestVolumeKeyReencrypt() { + rlAssertExists "${_PACKET}" || return $? + + ClearGpgAgentsCache + RunCmdViaExpect + Command volume_key --reencrypt "${_PACKET}" -o "${_NEW_PACKET}" + Input --packetpass "${_PACKET_PASS}" + Input --newpacketpass "${_NEW_PACKET_PASS}" + Input ${USING_PINENTRY:+--pinentry} + FinishRun || return $? + + ClearGpgAgentsCache + RunCmdViaExpect + Command volume_key --setup-volume "${_VOLUME}" "${_NEW_PACKET}" "${_IMAGE}" + Input --packetpass "${_NEW_PACKET_PASS}" + Input ${USING_PINENTRY:+--pinentry} + FinishRun || return $? + + RunCmd ls -la /dev/mapper + rlAssertExists "/dev/mapper/${_IMAGE}" + + RunCmd cryptsetup luksClose "${_IMAGE}" +} +AddTest TestVolumeKeyReencrypt "reencrypt" + +function TestVolumeKeyDump() { + local __uuid="" + + rlAssertExists "${_PACKET}" || return $? + + ClearGpgAgentsCache + RunCmdViaExpect + rlRunOptions -s + Command volume_key --dump "${_PACKET}" + Input --packetpass "${_PACKET_PASS}" + Input ${USING_PINENTRY:+--pinentry} + FinishRun || return $? + + __uuid="$(blkid -o value -s UUID "${_VOLUME}")" + + rlAssertGrep '^Packet format:\W+Passphrase-encrypted' "${rlRun_LOG}" -E + rlAssertGrep '^Volume format:\W+crypt_LUKS' "${rlRun_LOG}" -E + rlAssertGrep "^Volume UUID:\W+${__uuid}" "${rlRun_LOG}" -E + rlAssertGrep "^Volume path:\W+${_VOLUME}" "${rlRun_LOG}" -E +} +AddTest TestVolumeKeyDump "dump" + +function TestVolumeKeySecrets() { + rlAssertExists "${_PACKET}" || return $? + + ClearGpgAgentsCache + RunCmdViaExpect + rlRunOptions -s + Command volume_key --secrets "${_PACKET}" + Input --packetpass "${_PACKET_PASS}" + Input ${USING_PINENTRY:+--pinentry} + FinishRun || return $? + + rlAssertGrep 'Data encryption key:\W+[0-9A-F]+' "${rlRun_LOG}" -E +} +AddTest TestVolumeKeySecrets "secrets" + +function TestVolumeKeySaveAsymmetric() { + RunCmdViaExpect + Command volume_key + Command --save "${_VOLUME}" --output-format=asymmetric + Command -c "${_ESCROW_PEM}" -o "${_PACKET_ASYM}" + Input --lukspass "${_LUKS_PASS}" + FinishRun +} +AddTest TestVolumeKeySaveAsymmetric "save asymmetric" + +function TestVolumeKeyRestoreAsymmetric() { + rlAssertExists "${_PACKET_ASYM}" || return $? + + RunCmdViaExpect + Command volume_key --restore "${_VOLUME}" "${_PACKET_ASYM}" -d "${_NSSDB}" + Input --certpass "${_CERT_PASS}" + Input --lukspass "${_NEW_LUKS_PASS_ASYM}" + FinishRun || return $? + + RunCmdViaExpect + Command cryptsetup luksOpen "${_VOLUME}" "${_IMAGE}" + Input --password "${_NEW_LUKS_PASS_ASYM}" + FinishRun || return $? + + RunCmd ls -la /dev/mapper + rlAssertExists "/dev/mapper/${_IMAGE}" + + RunCmd cryptsetup luksClose "${_IMAGE}" +} +AddTest TestVolumeKeyRestoreAsymmetric "restore asymmetric" + +function TestVolumeKeySetupVolumeAsymmetric() { + rlAssertExists "${_PACKET_ASYM}" || return $? + + RunCmdViaExpect + Command volume_key + Command --setup-volume "${_VOLUME}" "${_PACKET_ASYM}" "${_IMAGE}" + Command -d "${_NSSDB}" + Input --certpass "${_CERT_PASS}" + FinishRun || return $? + + RunCmd ls -la /dev/mapper + rlAssertExists "/dev/mapper/${_IMAGE}" + + RunCmd cryptsetup luksClose "${_IMAGE}" +} +AddTest TestVolumeKeySetupVolumeAsymmetric "setup-volume asymmetric" + +function TestVolumeKeyReencryptAsymmetric() { + rlAssertExists "${_PACKET_ASYM}" || return $? + + ClearGpgAgentsCache + RunCmdViaExpect + Command volume_key --reencrypt + Command -d "${_NSSDB}" "${_PACKET_ASYM}" -o "${_NEW_PACKET_ASYM}" + Input --certpass "${_CERT_PASS}" + Input --newpacketpass "${_NEW_PACKET_PASS}" + Input ${USING_PINENTRY:+--pinentry} + FinishRun || return $? + + ClearGpgAgentsCache + RunCmdViaExpect + Command volume_key + Command --setup-volume "${_VOLUME}" "${_NEW_PACKET_ASYM}" "${_IMAGE}" + Input --packetpass "${_NEW_PACKET_PASS}" + Input ${USING_PINENTRY:+--pinentry} + FinishRun || return $? + + RunCmd ls -la /dev/mapper + rlAssertExists "/dev/mapper/${_IMAGE}" + + RunCmd cryptsetup luksClose "${_IMAGE}" +} +AddTest TestVolumeKeyReencryptAsymmetric "reencrypt asymmetric" + +function TestVolumeKeyDumpAsymmetric() { + local __uuid="" + + rlAssertExists "${_PACKET_ASYM}" || return $? + + RunCmdViaExpect + rlRunOptions -s + Command volume_key --dump "${_PACKET_ASYM}" -d "${_NSSDB}" + Input --certpass "${_CERT_PASS}" + FinishRun || return $? + + __uuid="$(blkid -o value -s UUID "${_VOLUME}")" + + rlAssertGrep '^Packet format:\W+Public key-encrypted' "${rlRun_LOG}" -E + rlAssertGrep '^Volume format:\W+crypt_LUKS' "${rlRun_LOG}" -E + rlAssertGrep "^Volume UUID:\W+${__uuid}" "${rlRun_LOG}" -E + rlAssertGrep "^Volume path:\W+${_VOLUME}" "${rlRun_LOG}" -E +} +AddTest TestVolumeKeyDumpAsymmetric "dump asymmetric" + +function TestVolumeKeySecretsAsymmetric() { + rlAssertExists "${_PACKET_ASYM}" || return $? + + RunCmdViaExpect + rlRunOptions -s + Command volume_key --secrets "${_PACKET_ASYM}" -d "${_NSSDB}" + Input --certpass "${_CERT_PASS}" + FinishRun || return $? + + rlAssertGrep 'Data encryption key:\W+[0-9A-F]+' "${rlRun_LOG}" -E +} +AddTest TestVolumeKeySecretsAsymmetric "secrets asymmetric" + RunTest diff --git a/tests/utils/common.tcl b/tests/utils/common.tcl index 2b1117b..f9362b5 100644 --- a/tests/utils/common.tcl +++ b/tests/utils/common.tcl @@ -23,6 +23,15 @@ # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +proc oneof {l1 l2} { + foreach x $l1 { + if {$x in $l2} { + return 1 + } + } + return 0 +} + proc verify_password {password} { if {$password == ""} { return -code error "password required!" diff --git a/tests/utils/volume_key.exp b/tests/utils/volume_key.exp index 20efc00..82ae878 100755 --- a/tests/utils/volume_key.exp +++ b/tests/utils/volume_key.exp @@ -29,8 +29,10 @@ package require cmdline source [file join [file dirname [info script]] "common.tcl"] set options { + {certpass.arg "" "Password for certificate"} {lukspass.arg "" "Password for LUKS encryption/decryption"} {packetpass.arg "" "Password for escrow packet encryption/decryption"} + {newpacketpass.arg "" "New password for escrow packet reencryption"} {pinentry "gpg-agent may ask for password via pinentry"} } @@ -48,10 +50,19 @@ if {[catch { exit 1 } +set certpass $params(certpass) set lukspass $params(lukspass) set packetpass $params(packetpass) +set newpacketpass $params(newpacketpass) set pinentry $params(pinentry) +proc prompt_cert_password {password} { + verify_password $password + expect -re "Enter password for.*" + sleep 1 + send -- "$password\r" +} + proc prompt_luks_password {password} { verify_password $password expect -re "Passphrase for.*" @@ -100,12 +111,33 @@ proc prompt_new_packet_password {password pinentry} { } eval spawn volume_key $::argv -if {"--save" in $::argv} { - prompt_luks_password $lukspass - prompt_new_packet_password $packetpass $pinentry +if {"--reencrypt" in $::argv} { + if {"-d" in $::argv} { + prompt_cert_password $certpass + } else { + prompt_packet_password $packetpass $pinentry + } + prompt_new_packet_password $newpacketpass $pinentry expect eof } elseif {"--restore" in $::argv} { - prompt_packet_password $packetpass $pinentry + if {"-d" in $::argv} { + prompt_cert_password $certpass + } else { + prompt_packet_password $packetpass $pinentry + } prompt_new_luks_password $lukspass expect eof +} elseif {"--save" in $::argv} { + prompt_luks_password $lukspass + if {"-c" ni $::argv} { + prompt_new_packet_password $packetpass $pinentry + } + expect eof +} elseif {[oneof {"--dump" "--secrets" "--setup-volume"} $::argv]} { + if {"-d" in $::argv} { + prompt_cert_password $certpass + } else { + prompt_packet_password $packetpass $pinentry + } + expect eof } From 7d2346bda33e054df5c637d30317c2370a10770f Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Wed, 8 Jul 2020 12:57:30 +0200 Subject: [PATCH 072/101] tests: Scope Command & co. to RunCmdViaExpect --- tests/utils/rlwrap.sh | 58 +++++++++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 21 deletions(-) diff --git a/tests/utils/rlwrap.sh b/tests/utils/rlwrap.sh index c11b7d7..dd9b97b 100644 --- a/tests/utils/rlwrap.sh +++ b/tests/utils/rlwrap.sh @@ -255,53 +255,61 @@ function RunCmdViaExpect() { _rlwrap_expect_script_input_args=() _rlwrap_rlRun_status="0" _rlwrap_rlRun_comment="" + + alias Path=_rlwrap_Path + alias rlRunOptions=_rlwrap_rlRunOptions + alias ExpectOptions=_rlwrap_ExpectOptions + alias Command=_rlwrap_Command + alias Input=_rlwrap_Input + alias Status=_rlwrap_Status + alias Comment=_rlwrap_Comment } ## -# Path [PATH] +# _rlwrap_Path [PATH] # # PATH # PATH to script directory # -# See RunCmdViaExpect. -function Path() { +# See Path in RunCmdViaExpect. +function _rlwrap_Path() { if [[ $# -gt 0 ]]; then _rlwrap_expect_script_path="${1}" fi } ## -# rlRunOptions [OPTIONS] +# _rlwrap_rlRunOptions [OPTIONS] # # OPTIONS # options for rlRun # -# See RunCmdViaExpect. -function rlRunOptions() { +# See rlRunOptions in RunCmdViaExpect. +function _rlwrap_rlRunOptions() { _rlwrap_rlRun_options+=( "$@" ) } ## -# ExpectOptions [OPTIONS] +# _rlwrap_ExpectOptions [OPTIONS] # # OPTIONS # options for expect tool # -# See RunCmdViaExpect. -function ExpectOptions() { +# See ExpectOptions in RunCmdViaExpect. +function _rlwrap_ExpectOptions() { _rlwrap_expect_options+=( "$@" ) } ## -# Command [COMMAND_OR_OPTION] [COMMAND_OPTIONS] +# _rlwrap_Command [COMMAND_OR_OPTION] [COMMAND_OPTIONS] # # COMMAND_OR_OPTION # command name or option (depending on a number of Command invocations) # COMMAND_OPTIONS # command options # -# See RunCmdViaExpect. -function Command() { +# See Command in RunCmdViaExpect. +function _rlwrap_Command() { if [[ -z "${_rlwrap_expect_script}" ]]; then if [[ -n "${1:-}" ]]; then _rlwrap_expect_script="${1}.exp" @@ -317,38 +325,38 @@ function Command() { } ## -# Input [OPTIONS] +# _rlwrap_Input [OPTIONS] # # OPTIONS # options for expect script that are used for passing input values to # commands that are run from within the script # -# See RunCmdViaExpect. -function Input() { +# See Input in RunCmdViaExpect. +function _rlwrap_Input() { _rlwrap_expect_script_input_args+=( "$@" ) } ## -# Status [STATUS_CODE] +# _rlwrap_Status [STATUS_CODE] # # STATUS_CODE # expected status/return code of expect script # -# See RunCmdViaExpect. -function Status() { +# See Status in RunCmdViaExpect. +function _rlwrap_Status() { if [[ $# -gt 0 ]]; then _rlwrap_rlRun_status="${1}" fi } ## -# Comment [COMMENT] +# _rlwrap_Comment [COMMENT] # # COMMENT # comment to be passed to rlRun # -# See RunCmdViaExpect. -function Comment() { +# See Comment in RunCmdViaExpect. +function _rlwrap_Comment() { if [[ $# -gt 0 ]]; then _rlwrap_rlRun_comment="${1}" fi @@ -361,6 +369,14 @@ function Comment() { function FinishRun() { local __command="" + unalias Path + unalias rlRunOptions + unalias ExpectOptions + unalias Command + unalias Input + unalias Status + unalias Comment + if [[ -z "${_rlwrap_expect_script}" ]]; then errmsg "RunCmdViaExpect: Missing name of expect script!" errmsg "| The name of expect script is deduced from the first" From 31b4efb1c56808371c30c48bf40070169a4c2427 Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Wed, 8 Jul 2020 12:59:00 +0200 Subject: [PATCH 073/101] tests: Allow settings overriding --- tests/settings/environment.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/settings/environment.sh b/tests/settings/environment.sh index 79107c3..b11b9da 100644 --- a/tests/settings/environment.sh +++ b/tests/settings/environment.sh @@ -23,6 +23,6 @@ # # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -export USE_LOSETUP="" -export USING_PINENTRY="" -export CLEAR_GPG_AGENTS_CACHE=1 +export USE_LOSETUP="${USE_LOSETUP:-}" +export USING_PINENTRY="${USING_PINENTRY:-}" +export CLEAR_GPG_AGENTS_CACHE="${CLEAR_GPG_AGENTS_CACHE:-1}" From d86c934d0ea73e2fc1dfc41e2089666fb5a82ba5 Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Wed, 8 Jul 2020 13:00:30 +0200 Subject: [PATCH 074/101] tests: Fix prompt matching --- tests/utils/cryptsetup.exp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/utils/cryptsetup.exp b/tests/utils/cryptsetup.exp index 0db3f84..8da7496 100755 --- a/tests/utils/cryptsetup.exp +++ b/tests/utils/cryptsetup.exp @@ -51,7 +51,7 @@ set password $params(password) eval spawn cryptsetup $::argv if {"luksFormat" in $::argv} { verify_password $password - expect -exact "Are you sure? (Type uppercase yes): " + expect -re "^Are you sure.*:" send -- "YES\r" expect -re "Enter( LUKS)? passphrase.*" send -- "$password\r" From aa271563e1153ee8924b84ca29995671f0f24a0d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 29 Jul 2020 13:51:37 +0000 Subject: [PATCH 075/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index cc41aff..906288b 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 8%{?dist} +Release: 9%{?dist} # lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2 License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) URL: https://pagure.io/%{name}/ @@ -166,6 +166,9 @@ exit 1; \ %endif %changelog +* Wed Jul 29 2020 Fedora Release Engineering - 0.3.12-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Tue May 26 2020 Miro Hrončok - 0.3.12-8 - Rebuilt for Python 3.9 From 487b693d5ab37eac5d20f65b07b5054910a7cade Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Sat, 9 Jan 2021 00:46:50 +0000 Subject: [PATCH 076/101] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- volume_key.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/volume_key.spec b/volume_key.spec index 906288b..7df38df 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -42,6 +42,7 @@ Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz # Support all LUKS devices # - backport of 26c09768662d8958debe8c9410dae9fda02292c3 Patch0: volume_key-0.3.12-support_LUKS2_and_more.patch +BuildRequires: make BuildRequires: gcc BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg2 BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python3-devel From 00a081984a126deca9b9f72d5e99ab921e163e30 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 27 Jan 2021 23:13:20 +0000 Subject: [PATCH 077/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 7df38df..f8ef9bc 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 9%{?dist} +Release: 10%{?dist} # lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2 License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) URL: https://pagure.io/%{name}/ @@ -167,6 +167,9 @@ exit 1; \ %endif %changelog +* Wed Jan 27 2021 Fedora Release Engineering - 0.3.12-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Wed Jul 29 2020 Fedora Release Engineering - 0.3.12-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From bbac9eb1833dc0cb98123d159e2ff7e5dcff945e Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Wed, 31 Mar 2021 12:03:54 +0200 Subject: [PATCH 078/101] Fix resource leaks --- volume_key-0.3.12-fix_resource_leaks.patch | 59 ++++++++++++++++++++++ volume_key.spec | 9 +++- 2 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 volume_key-0.3.12-fix_resource_leaks.patch diff --git a/volume_key-0.3.12-fix_resource_leaks.patch b/volume_key-0.3.12-fix_resource_leaks.patch new file mode 100644 index 0000000..31d69d7 --- /dev/null +++ b/volume_key-0.3.12-fix_resource_leaks.patch @@ -0,0 +1,59 @@ +diff --git a/lib/kmip.c b/lib/kmip.c +index dda819a..333603c 100644 +--- a/lib/kmip.c ++++ b/lib/kmip.c +@@ -1152,6 +1152,7 @@ kmip_decode_key_value (struct kmip_decoding_state *kmip, + break; + + default: ++ kmip_key_value_free (res); + g_return_val_if_reached (-1); + } + res->attributes = g_ptr_array_new (); +@@ -1348,6 +1349,7 @@ kmip_decode_object_symmetric_key (struct kmip_decoding_state *kmip, + g_snprintf (num, sizeof (num), "%" G_GUINT32_FORMAT, res->block->type); + g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_KMIP_UNSUPPORTED_VALUE, + _("Unsupported symmetric key format %s"), num); ++ kmip_object_symmetric_key_free (res); + return -1; + } + *obj = res; +@@ -1384,6 +1386,7 @@ kmip_decode_object_secret_data (struct kmip_decoding_state *kmip, + g_snprintf (num, sizeof (num), "%" G_GUINT32_FORMAT, res->block->type); + g_set_error (error, LIBVK_ERROR, LIBVK_ERROR_KMIP_UNSUPPORTED_VALUE, + _("Unsupported symmetric key format %s"), num); ++ kmip_object_secret_data_free (res); + return -1; + } + *obj = res; +diff --git a/lib/volume_luks.c b/lib/volume_luks.c +index d1c5d47..4d32d9b 100644 +--- a/lib/volume_luks.c ++++ b/lib/volume_luks.c +@@ -547,8 +547,8 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet, + } + g_free (last_log_entry); + +- g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes, +- -1); ++ if (vol->v.luks->key_bytes != packet->v.luks->key_bytes) ++ goto err_passphrase; + luks_replace_key (vol, packet->v.luks->key); + luks_replace_passphrase (vol, passphrase); + vol->v.luks->passphrase_slot = res; +diff --git a/src/volume_key.c b/src/volume_key.c +index 074b187..24b70d6 100644 +--- a/src/volume_key.c ++++ b/src/volume_key.c +@@ -735,6 +735,11 @@ write_packet (struct packet_output_state *pos, const char *filename, + || g_file_set_contents (filename, packet, size, error) == FALSE) + { + g_prefix_error (error, _("Error creating `%s': "), filename); ++ if (packet != NULL) { ++ if (output_format_cleartext != 0) ++ memset (packet, 0, size); ++ g_free (packet); ++ } + return -1; + } + if (output_format_cleartext != 0) diff --git a/volume_key.spec b/volume_key.spec index f8ef9bc..e346ac9 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 10%{?dist} +Release: 11%{?dist} # lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2 License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) URL: https://pagure.io/%{name}/ @@ -42,6 +42,9 @@ Source0: https://releases.pagure.org/%{name}/%{name}-%{version}.tar.xz # Support all LUKS devices # - backport of 26c09768662d8958debe8c9410dae9fda02292c3 Patch0: volume_key-0.3.12-support_LUKS2_and_more.patch +# Fix resource leaks +# - backport of bf6618ec0b09b4e51fc97fa021e687fbd87599ba +Patch1: volume_key-0.3.12-fix_resource_leaks.patch BuildRequires: make BuildRequires: gcc BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg2 @@ -117,6 +120,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release} %prep %setup -q %patch0 -p1 +%patch1 -p1 %build %configure %{?with_pythons} @@ -167,6 +171,9 @@ exit 1; \ %endif %changelog +* Wed Mar 31 2021 Jiri Kucera - 0.3.12-11 +- Fix resource leaks + * Wed Jan 27 2021 Fedora Release Engineering - 0.3.12-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From 4dbc7ef0ce6988180fa55a3fe9c49a51a017f3dd Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 4 Jun 2021 21:19:38 +0200 Subject: [PATCH 079/101] Rebuilt for Python 3.10 --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index e346ac9..aed57cf 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 11%{?dist} +Release: 12%{?dist} # lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2 License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) URL: https://pagure.io/%{name}/ @@ -171,6 +171,9 @@ exit 1; \ %endif %changelog +* Fri Jun 04 2021 Python Maint - 0.3.12-12 +- Rebuilt for Python 3.10 + * Wed Mar 31 2021 Jiri Kucera - 0.3.12-11 - Fix resource leaks From 2d8673093f8a0aa3de6a317aaf1e93099284e1b7 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 23 Jul 2021 20:38:33 +0000 Subject: [PATCH 080/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index aed57cf..3fb3d46 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 12%{?dist} +Release: 13%{?dist} # lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2 License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) URL: https://pagure.io/%{name}/ @@ -171,6 +171,9 @@ exit 1; \ %endif %changelog +* Fri Jul 23 2021 Fedora Release Engineering - 0.3.12-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Fri Jun 04 2021 Python Maint - 0.3.12-12 - Rebuilt for Python 3.10 From 89d7d735e030af91115762f0f0c34a57c39c3916 Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Wed, 4 Aug 2021 13:07:36 +0200 Subject: [PATCH 081/101] Fix FTBFS - also revert Licnese back to GPLv2 (this is the effective license) - also use make macros --- volume_key.spec | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/volume_key.spec b/volume_key.spec index 3fb3d46..c72f454 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,9 +32,8 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 13%{?dist} -# lib/{SECerrs,SSLerrs}.h are both licensed under MPLv1.1, GPLv2 and LGPLv2 -License: GPLv2 and (MPLv1.1 or GPLv2 or LGPLv2) +Release: 14%{?dist} +License: GPLv2 URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -47,7 +46,7 @@ Patch0: volume_key-0.3.12-support_LUKS2_and_more.patch Patch1: volume_key-0.3.12-fix_resource_leaks.patch BuildRequires: make BuildRequires: gcc -BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg2 +BuildRequires: cryptsetup-devel, gettext-devel, glib2-devel, /usr/bin/gpg2 BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python3-devel %if 0%{?drop_python2} < 1 BuildRequires: python2-devel @@ -124,10 +123,10 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release} %build %configure %{?with_pythons} -make %{?_smp_mflags} +%make_build %install -make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' +%make_install # Remove libtool archive find %{buildroot} -type f -name "*.la" -delete @@ -171,6 +170,11 @@ exit 1; \ %endif %changelog +* Wed Aug 04 2021 Jiri Kucera - 0.3.12-14 +- Fix FTBFS +- Move License tag back to GPLv2 (this is the effective license) +- Use make macros + * Fri Jul 23 2021 Fedora Release Engineering - 0.3.12-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From 55fd48c0f1d47327b6307113feb276090e10352a Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jan 2022 04:09:17 +0000 Subject: [PATCH 082/101] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index c72f454..7ef8430 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 14%{?dist} +Release: 15%{?dist} License: GPLv2 URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -170,6 +170,9 @@ exit 1; \ %endif %changelog +* Sat Jan 22 2022 Fedora Release Engineering - 0.3.12-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Wed Aug 04 2021 Jiri Kucera - 0.3.12-14 - Fix FTBFS - Move License tag back to GPLv2 (this is the effective license) From bcce6fbbd2f6f21980d22117af76338ce0e5aed2 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Mon, 13 Jun 2022 15:33:09 +0200 Subject: [PATCH 083/101] Rebuilt for Python 3.11 --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 7ef8430..52d3323 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 15%{?dist} +Release: 16%{?dist} License: GPLv2 URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -170,6 +170,9 @@ exit 1; \ %endif %changelog +* Mon Jun 13 2022 Python Maint - 0.3.12-16 +- Rebuilt for Python 3.11 + * Sat Jan 22 2022 Fedora Release Engineering - 0.3.12-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From d910ad63d3f04d41e79e4b2d6d70deb0f28bee03 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 23 Jul 2022 12:05:08 +0000 Subject: [PATCH 084/101] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 52d3323..d48da83 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 16%{?dist} +Release: 17%{?dist} License: GPLv2 URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -170,6 +170,9 @@ exit 1; \ %endif %changelog +* Sat Jul 23 2022 Fedora Release Engineering - 0.3.12-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Mon Jun 13 2022 Python Maint - 0.3.12-16 - Rebuilt for Python 3.11 From 105ff46f89afc73e56c7f3df78d81c4e2ac981ae Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 21 Jan 2023 06:28:37 +0000 Subject: [PATCH 085/101] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index d48da83..cbea4e2 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 17%{?dist} +Release: 18%{?dist} License: GPLv2 URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -170,6 +170,9 @@ exit 1; \ %endif %changelog +* Sat Jan 21 2023 Fedora Release Engineering - 0.3.12-18 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Sat Jul 23 2022 Fedora Release Engineering - 0.3.12-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From c8f5c5be683438e64f69f31e93a1ad2bd27cf20c Mon Sep 17 00:00:00 2001 From: Python Maint Date: Tue, 13 Jun 2023 20:57:10 +0200 Subject: [PATCH 086/101] Rebuilt for Python 3.12 --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index cbea4e2..df25803 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 18%{?dist} +Release: 19%{?dist} License: GPLv2 URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -170,6 +170,9 @@ exit 1; \ %endif %changelog +* Tue Jun 13 2023 Python Maint - 0.3.12-19 +- Rebuilt for Python 3.12 + * Sat Jan 21 2023 Fedora Release Engineering - 0.3.12-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild From dda202647876b0e61c6a7492d8d8fd434e20896e Mon Sep 17 00:00:00 2001 From: Jiri Kucera Date: Thu, 29 Jun 2023 11:41:12 +0200 Subject: [PATCH 087/101] Migrate to SPDX license identifier --- volume_key.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index df25803..805943e 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -33,7 +33,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 Release: 19%{?dist} -License: GPLv2 +License: GPL-2.0-only AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} From db4e43302b2daa2561b767913c77a6b08bfa4b57 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Wed, 5 Jul 2023 20:02:52 -0400 Subject: [PATCH 088/101] Fix build with Python 3.12 The autotools py-compile script in the source tarball is outdated. --- volume_key.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/volume_key.spec b/volume_key.spec index 805943e..32ebf54 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -44,6 +44,7 @@ Patch0: volume_key-0.3.12-support_LUKS2_and_more.patch # Fix resource leaks # - backport of bf6618ec0b09b4e51fc97fa021e687fbd87599ba Patch1: volume_key-0.3.12-fix_resource_leaks.patch +BuildRequires: autoconf, automake, libtool BuildRequires: make BuildRequires: gcc BuildRequires: cryptsetup-devel, gettext-devel, glib2-devel, /usr/bin/gpg2 @@ -120,6 +121,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release} %setup -q %patch0 -p1 %patch1 -p1 +autoreconf -fiv %build %configure %{?with_pythons} From dbc3ddc9fb1aa7fbe879c730406eaa4b740bcefd Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jul 2023 17:50:39 +0000 Subject: [PATCH 089/101] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 32ebf54..f22f2b9 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 19%{?dist} +Release: 20%{?dist} License: GPL-2.0-only AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -172,6 +172,9 @@ exit 1; \ %endif %changelog +* Sat Jul 22 2023 Fedora Release Engineering - 0.3.12-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Tue Jun 13 2023 Python Maint - 0.3.12-19 - Rebuilt for Python 3.12 From 3c2df9d55f86b8c18228bd0505d296be91b62841 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 27 Jan 2024 08:10:28 +0000 Subject: [PATCH 090/101] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index f22f2b9..3eb0d94 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 20%{?dist} +Release: 21%{?dist} License: GPL-2.0-only AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -172,6 +172,9 @@ exit 1; \ %endif %changelog +* Sat Jan 27 2024 Fedora Release Engineering - 0.3.12-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Sat Jul 22 2023 Fedora Release Engineering - 0.3.12-20 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild From 6c794a95956dee4b4afa57321d3eeac754604844 Mon Sep 17 00:00:00 2001 From: Yaakov Selkowitz Date: Sat, 27 Jan 2024 23:11:45 -0500 Subject: [PATCH 091/101] Fix build with Python 3.12 The configure script uses distutils to determine various locations. While that has been removed from the standard library, setuptools provides a compatibility layer. --- volume_key.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 3eb0d94..e6eee80 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -48,7 +48,8 @@ BuildRequires: autoconf, automake, libtool BuildRequires: make BuildRequires: gcc BuildRequires: cryptsetup-devel, gettext-devel, glib2-devel, /usr/bin/gpg2 -BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python3-devel +BuildRequires: gpgme-devel, libblkid-devel, nss-devel +BuildRequires: python3-devel, python3-setuptools %if 0%{?drop_python2} < 1 BuildRequires: python2-devel %endif From 291e835b6506fceabb8d31e52d710029679a14dd Mon Sep 17 00:00:00 2001 From: Software Management Team Date: Thu, 30 May 2024 12:46:49 +0200 Subject: [PATCH 092/101] Eliminate use of obsolete %patchN syntax (#2283636) --- volume_key.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/volume_key.spec b/volume_key.spec index e6eee80..8ca0ee1 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -120,8 +120,8 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release} %prep %setup -q -%patch0 -p1 -%patch1 -p1 +%patch -P0 -p1 +%patch -P1 -p1 autoreconf -fiv %build From c4f79d2d76bd6f73660b7704cfd2c9412cd04492 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 7 Jun 2024 09:08:58 +0200 Subject: [PATCH 093/101] Rebuilt for Python 3.13 --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 8ca0ee1..b818b6c 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 21%{?dist} +Release: 22%{?dist} License: GPL-2.0-only AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -173,6 +173,9 @@ exit 1; \ %endif %changelog +* Fri Jun 07 2024 Python Maint - 0.3.12-22 +- Rebuilt for Python 3.13 + * Sat Jan 27 2024 Fedora Release Engineering - 0.3.12-21 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 4d23ac14cc5ac2c206e136885c2171428d2edc24 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 20 Jul 2024 08:59:20 +0000 Subject: [PATCH 094/101] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index b818b6c..fc9ea93 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 22%{?dist} +Release: 23%{?dist} License: GPL-2.0-only AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -173,6 +173,9 @@ exit 1; \ %endif %changelog +* Sat Jul 20 2024 Fedora Release Engineering - 0.3.12-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Fri Jun 07 2024 Python Maint - 0.3.12-22 - Rebuilt for Python 3.13 From 02d462c1dac6472bdb396073d77efe34b0b3e723 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sun, 19 Jan 2025 14:35:41 +0000 Subject: [PATCH 095/101] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index fc9ea93..fb8a04a 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 23%{?dist} +Release: 24%{?dist} License: GPL-2.0-only AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -173,6 +173,9 @@ exit 1; \ %endif %changelog +* Sun Jan 19 2025 Fedora Release Engineering - 0.3.12-24 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Sat Jul 20 2024 Fedora Release Engineering - 0.3.12-23 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From d35de5bf23d2b6b8721ce3d73d7ad892a6a75115 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Mon, 2 Jun 2025 20:49:24 +0200 Subject: [PATCH 096/101] Rebuilt for Python 3.14 --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index fb8a04a..d36ef9f 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 24%{?dist} +Release: 25%{?dist} License: GPL-2.0-only AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -173,6 +173,9 @@ exit 1; \ %endif %changelog +* Mon Jun 02 2025 Python Maint - 0.3.12-25 +- Rebuilt for Python 3.14 + * Sun Jan 19 2025 Fedora Release Engineering - 0.3.12-24 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From e6019f9dc33891a70834b09a1a0b2d05a4e8ad50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Zaoral?= Date: Mon, 7 Jul 2025 12:47:47 +0200 Subject: [PATCH 097/101] tests: migrate from STI to TMT Related: https://fedoraproject.org/wiki/Changes/DisableSTI --- {tests/.fmf => .fmf}/version | 0 plans/ci.fmf | 5 +++++ tests/Sanity/basic-sanity/main.fmf | 2 +- tests/Sanity/basic-sanity/runtest.sh | 1 - tests/tests.yml | 14 -------------- 5 files changed, 6 insertions(+), 16 deletions(-) rename {tests/.fmf => .fmf}/version (100%) create mode 100644 plans/ci.fmf delete mode 100644 tests/tests.yml diff --git a/tests/.fmf/version b/.fmf/version similarity index 100% rename from tests/.fmf/version rename to .fmf/version diff --git a/plans/ci.fmf b/plans/ci.fmf new file mode 100644 index 0000000..c1627f9 --- /dev/null +++ b/plans/ci.fmf @@ -0,0 +1,5 @@ +summary: Basic smoke test +discover: + how: fmf +execute: + how: tmt diff --git a/tests/Sanity/basic-sanity/main.fmf b/tests/Sanity/basic-sanity/main.fmf index ad4c0fa..e87514e 100644 --- a/tests/Sanity/basic-sanity/main.fmf +++ b/tests/Sanity/basic-sanity/main.fmf @@ -11,6 +11,6 @@ require: - nss-tools - expect - tcllib +framework: beakerlib test: ./runtest.sh duration: 10m -tier: 1 diff --git a/tests/Sanity/basic-sanity/runtest.sh b/tests/Sanity/basic-sanity/runtest.sh index 5ea92c8..23f72d5 100755 --- a/tests/Sanity/basic-sanity/runtest.sh +++ b/tests/Sanity/basic-sanity/runtest.sh @@ -28,7 +28,6 @@ _TESTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd -P)" # Include Beaker environment -. /usr/bin/rhts-environment.sh || exit 1 . /usr/share/beakerlib/beakerlib.sh || exit 1 # Include utils diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index c113f70..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- hosts: localhost - roles: - - role: standard-test-beakerlib - tags: - - classic - - container - fmf_filter: "tier: 1" - required_packages: - - volume_key - - cryptsetup - - expect - - tcllib - - nss-tools From c1f5a0ff903453ef71a41edb798fad65ccba948e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 25 Jul 2025 20:12:47 +0000 Subject: [PATCH 098/101] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index d36ef9f..8078057 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 25%{?dist} +Release: 26%{?dist} License: GPL-2.0-only AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -173,6 +173,9 @@ exit 1; \ %endif %changelog +* Fri Jul 25 2025 Fedora Release Engineering - 0.3.12-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Mon Jun 02 2025 Python Maint - 0.3.12-25 - Rebuilt for Python 3.14 From f67afe1eb453e755c5db3d413af734c15f3bb8f3 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 15 Aug 2025 15:22:26 +0200 Subject: [PATCH 099/101] Rebuilt for Python 3.14.0rc2 bytecode --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 8078057..2f38d6f 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 26%{?dist} +Release: 27%{?dist} License: GPL-2.0-only AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -173,6 +173,9 @@ exit 1; \ %endif %changelog +* Fri Aug 15 2025 Python Maint - 0.3.12-27 +- Rebuilt for Python 3.14.0rc2 bytecode + * Fri Jul 25 2025 Fedora Release Engineering - 0.3.12-26 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From 6156da804dfd0e894cad4bd2a79eed181367816c Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 19 Sep 2025 15:02:54 +0200 Subject: [PATCH 100/101] Rebuilt for Python 3.14.0rc3 bytecode --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index 2f38d6f..ccae0c7 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 27%{?dist} +Release: 28%{?dist} License: GPL-2.0-only AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -173,6 +173,9 @@ exit 1; \ %endif %changelog +* Fri Sep 19 2025 Python Maint - 0.3.12-28 +- Rebuilt for Python 3.14.0rc3 bytecode + * Fri Aug 15 2025 Python Maint - 0.3.12-27 - Rebuilt for Python 3.14.0rc2 bytecode From 58bcfd34042dbb05faae18923d76ca5ee3dfa456 Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Tue, 11 Nov 2025 11:15:58 +0100 Subject: [PATCH 101/101] rebuild for gpgme 2.0 --- volume_key.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/volume_key.spec b/volume_key.spec index ccae0c7..1e7129f 100644 --- a/volume_key.spec +++ b/volume_key.spec @@ -32,7 +32,7 @@ Summary: An utility for manipulating storage encryption keys and passphrases Name: volume_key Version: 0.3.12 -Release: 28%{?dist} +Release: 29%{?dist} License: GPL-2.0-only AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) URL: https://pagure.io/%{name}/ Requires: %{name}-libs%{?_isa} = %{version}-%{release} @@ -173,6 +173,9 @@ exit 1; \ %endif %changelog +* Tue Nov 11 2025 Michal Hlavinka - 0.3.12-29 +- rebuild for gpgme 2.0 + * Fri Sep 19 2025 Python Maint - 0.3.12-28 - Rebuilt for Python 3.14.0rc3 bytecode