cryptsetup: bump minimum libcryptsetup version to v2.0.1
libcryptsetup v2.0.1 introduced new API calls, supporting 64 bit wide integers for `keyfile_offset`. This change invokes the new function call, gets rid of the warning that was added in #7689, and removes redundant #ifdefery and constant definitions. See https://gitlab.com/cryptsetup/cryptsetup/issues/359. Fixes #7677.
This commit is contained in:
parent
2b0ea8d739
commit
d90874b4e2
|
@ -960,20 +960,14 @@ conf.set10('HAVE_MICROHTTPD', have)
|
||||||
want_libcryptsetup = get_option('libcryptsetup')
|
want_libcryptsetup = get_option('libcryptsetup')
|
||||||
if want_libcryptsetup != 'false' and not skip_deps
|
if want_libcryptsetup != 'false' and not skip_deps
|
||||||
libcryptsetup = dependency('libcryptsetup',
|
libcryptsetup = dependency('libcryptsetup',
|
||||||
version : '>= 1.6.0',
|
version : '>= 2.0.1',
|
||||||
required : want_libcryptsetup == 'true')
|
required : want_libcryptsetup == 'true')
|
||||||
have = libcryptsetup.found()
|
have = libcryptsetup.found()
|
||||||
have_sector = cc.has_member(
|
|
||||||
'struct crypt_params_plain',
|
|
||||||
'sector_size',
|
|
||||||
prefix : '#include <libcryptsetup.h>')
|
|
||||||
else
|
else
|
||||||
have = false
|
have = false
|
||||||
have_sector = false
|
|
||||||
libcryptsetup = []
|
libcryptsetup = []
|
||||||
endif
|
endif
|
||||||
conf.set10('HAVE_LIBCRYPTSETUP', have)
|
conf.set10('HAVE_LIBCRYPTSETUP', have)
|
||||||
conf.set10('HAVE_LIBCRYPTSETUP_SECTOR_SIZE', have_sector)
|
|
||||||
|
|
||||||
want_libcurl = get_option('libcurl')
|
want_libcurl = get_option('libcurl')
|
||||||
if want_libcurl != 'false' and not skip_deps
|
if want_libcurl != 'false' and not skip_deps
|
||||||
|
|
|
@ -35,9 +35,7 @@
|
||||||
static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
|
static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
|
||||||
static char *arg_cipher = NULL;
|
static char *arg_cipher = NULL;
|
||||||
static unsigned arg_key_size = 0;
|
static unsigned arg_key_size = 0;
|
||||||
#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
|
|
||||||
static unsigned arg_sector_size = CRYPT_SECTOR_SIZE;
|
static unsigned arg_sector_size = CRYPT_SECTOR_SIZE;
|
||||||
#endif
|
|
||||||
static int arg_key_slot = CRYPT_ANY_SLOT;
|
static int arg_key_slot = CRYPT_ANY_SLOT;
|
||||||
static unsigned arg_keyfile_size = 0;
|
static unsigned arg_keyfile_size = 0;
|
||||||
static uint64_t arg_keyfile_offset = 0;
|
static uint64_t arg_keyfile_offset = 0;
|
||||||
|
@ -51,9 +49,7 @@ static bool arg_same_cpu_crypt = false;
|
||||||
static bool arg_submit_from_crypt_cpus = false;
|
static bool arg_submit_from_crypt_cpus = false;
|
||||||
static bool arg_tcrypt_hidden = false;
|
static bool arg_tcrypt_hidden = false;
|
||||||
static bool arg_tcrypt_system = false;
|
static bool arg_tcrypt_system = false;
|
||||||
#ifdef CRYPT_TCRYPT_VERA_MODES
|
|
||||||
static bool arg_tcrypt_veracrypt = false;
|
static bool arg_tcrypt_veracrypt = false;
|
||||||
#endif
|
|
||||||
static char **arg_tcrypt_keyfiles = NULL;
|
static char **arg_tcrypt_keyfiles = NULL;
|
||||||
static uint64_t arg_offset = 0;
|
static uint64_t arg_offset = 0;
|
||||||
static uint64_t arg_skip = 0;
|
static uint64_t arg_skip = 0;
|
||||||
|
@ -109,7 +105,6 @@ static int parse_one_option(const char *option) {
|
||||||
|
|
||||||
} else if ((val = startswith(option, "sector-size="))) {
|
} else if ((val = startswith(option, "sector-size="))) {
|
||||||
|
|
||||||
#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
|
|
||||||
r = safe_atou(val, &arg_sector_size);
|
r = safe_atou(val, &arg_sector_size);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
|
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
|
||||||
|
@ -125,10 +120,6 @@ static int parse_one_option(const char *option) {
|
||||||
log_error("sector-size= is outside of %u and %u, ignoring.", CRYPT_SECTOR_SIZE, CRYPT_MAX_SECTOR_SIZE);
|
log_error("sector-size= is outside of %u and %u, ignoring.", CRYPT_SECTOR_SIZE, CRYPT_MAX_SECTOR_SIZE);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
log_error("sector-size= is not supported, compiled with old libcryptsetup.");
|
|
||||||
return 0;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
} else if ((val = startswith(option, "key-slot="))) {
|
} else if ((val = startswith(option, "key-slot="))) {
|
||||||
|
|
||||||
|
@ -157,22 +148,13 @@ static int parse_one_option(const char *option) {
|
||||||
}
|
}
|
||||||
|
|
||||||
} else if ((val = startswith(option, "keyfile-offset="))) {
|
} else if ((val = startswith(option, "keyfile-offset="))) {
|
||||||
uint64_t off;
|
|
||||||
|
|
||||||
r = safe_atou64(val, &off);
|
r = safe_atou64(val, &arg_keyfile_offset);
|
||||||
if (r < 0) {
|
if (r < 0) {
|
||||||
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
|
log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((size_t) off != off) {
|
|
||||||
/* https://gitlab.com/cryptsetup/cryptsetup/issues/359 */
|
|
||||||
log_error("keyfile-offset= value would truncated to %zu, ignoring.", (size_t) off);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
arg_keyfile_offset = off;
|
|
||||||
|
|
||||||
} else if ((val = startswith(option, "hash="))) {
|
} else if ((val = startswith(option, "hash="))) {
|
||||||
r = free_and_strdup(&arg_hash, val);
|
r = free_and_strdup(&arg_hash, val);
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
|
@ -222,13 +204,8 @@ static int parse_one_option(const char *option) {
|
||||||
arg_type = CRYPT_TCRYPT;
|
arg_type = CRYPT_TCRYPT;
|
||||||
arg_tcrypt_system = true;
|
arg_tcrypt_system = true;
|
||||||
} else if (streq(option, "tcrypt-veracrypt")) {
|
} else if (streq(option, "tcrypt-veracrypt")) {
|
||||||
#ifdef CRYPT_TCRYPT_VERA_MODES
|
|
||||||
arg_type = CRYPT_TCRYPT;
|
arg_type = CRYPT_TCRYPT;
|
||||||
arg_tcrypt_veracrypt = true;
|
arg_tcrypt_veracrypt = true;
|
||||||
#else
|
|
||||||
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
|
|
||||||
"This version of cryptsetup does not support tcrypt-veracrypt; refusing.");
|
|
||||||
#endif
|
|
||||||
} else if (STR_IN_SET(option, "plain", "swap", "tmp"))
|
} else if (STR_IN_SET(option, "plain", "swap", "tmp"))
|
||||||
arg_type = CRYPT_PLAIN;
|
arg_type = CRYPT_PLAIN;
|
||||||
else if ((val = startswith(option, "timeout="))) {
|
else if ((val = startswith(option, "timeout="))) {
|
||||||
|
@ -453,10 +430,8 @@ static int attach_tcrypt(
|
||||||
if (arg_tcrypt_system)
|
if (arg_tcrypt_system)
|
||||||
params.flags |= CRYPT_TCRYPT_SYSTEM_HEADER;
|
params.flags |= CRYPT_TCRYPT_SYSTEM_HEADER;
|
||||||
|
|
||||||
#ifdef CRYPT_TCRYPT_VERA_MODES
|
|
||||||
if (arg_tcrypt_veracrypt)
|
if (arg_tcrypt_veracrypt)
|
||||||
params.flags |= CRYPT_TCRYPT_VERA_MODES;
|
params.flags |= CRYPT_TCRYPT_VERA_MODES;
|
||||||
#endif
|
|
||||||
|
|
||||||
if (key_file) {
|
if (key_file) {
|
||||||
r = read_one_line_file(key_file, &passphrase);
|
r = read_one_line_file(key_file, &passphrase);
|
||||||
|
@ -503,9 +478,7 @@ static int attach_luks_or_plain(struct crypt_device *cd,
|
||||||
struct crypt_params_plain params = {
|
struct crypt_params_plain params = {
|
||||||
.offset = arg_offset,
|
.offset = arg_offset,
|
||||||
.skip = arg_skip,
|
.skip = arg_skip,
|
||||||
#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
|
|
||||||
.sector_size = arg_sector_size,
|
.sector_size = arg_sector_size,
|
||||||
#endif
|
|
||||||
};
|
};
|
||||||
const char *cipher, *cipher_mode;
|
const char *cipher, *cipher_mode;
|
||||||
_cleanup_free_ char *truncated_cipher = NULL;
|
_cleanup_free_ char *truncated_cipher = NULL;
|
||||||
|
@ -554,7 +527,7 @@ static int attach_luks_or_plain(struct crypt_device *cd,
|
||||||
crypt_get_device_name(cd));
|
crypt_get_device_name(cd));
|
||||||
|
|
||||||
if (key_file) {
|
if (key_file) {
|
||||||
r = crypt_activate_by_keyfile_offset(cd, name, arg_key_slot, key_file, arg_keyfile_size, arg_keyfile_offset, flags);
|
r = crypt_activate_by_keyfile_device_offset(cd, name, arg_key_slot, key_file, arg_keyfile_size, arg_keyfile_offset, flags);
|
||||||
if (r == -EPERM) {
|
if (r == -EPERM) {
|
||||||
log_error_errno(r, "Failed to activate with key file '%s'. (Key data incorrect?)", key_file);
|
log_error_errno(r, "Failed to activate with key file '%s'. (Key data incorrect?)", key_file);
|
||||||
return -EAGAIN; /* Log actual error, but return EAGAIN */
|
return -EAGAIN; /* Log actual error, but return EAGAIN */
|
||||||
|
@ -723,7 +696,7 @@ static int run(int argc, char *argv[]) {
|
||||||
if (r < 0)
|
if (r < 0)
|
||||||
return log_error_errno(r, "Failed to set LUKS data device %s: %m", argv[3]);
|
return log_error_errno(r, "Failed to set LUKS data device %s: %m", argv[3]);
|
||||||
}
|
}
|
||||||
#ifdef CRYPT_ANY_TOKEN
|
|
||||||
/* Tokens are available in LUKS2 only, but it is ok to call (and fail) with LUKS1. */
|
/* Tokens are available in LUKS2 only, but it is ok to call (and fail) with LUKS1. */
|
||||||
if (!key_file) {
|
if (!key_file) {
|
||||||
r = crypt_activate_by_token(cd, argv[2], CRYPT_ANY_TOKEN, NULL, flags);
|
r = crypt_activate_by_token(cd, argv[2], CRYPT_ANY_TOKEN, NULL, flags);
|
||||||
|
@ -734,7 +707,6 @@ static int run(int argc, char *argv[]) {
|
||||||
|
|
||||||
log_debug_errno(r, "Token activation unsuccessful for device %s: %m", crypt_get_device_name(cd));
|
log_debug_errno(r, "Token activation unsuccessful for device %s: %m", crypt_get_device_name(cd));
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {
|
for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {
|
||||||
|
|
|
@ -6,19 +6,6 @@
|
||||||
|
|
||||||
#include "macro.h"
|
#include "macro.h"
|
||||||
|
|
||||||
/* libcryptsetup define for any LUKS version, compatible with libcryptsetup 1.x */
|
|
||||||
#ifndef CRYPT_LUKS
|
|
||||||
#define CRYPT_LUKS NULL
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef CRYPT_ACTIVATE_SAME_CPU_CRYPT
|
|
||||||
#define CRYPT_ACTIVATE_SAME_CPU_CRYPT (1 << 6)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS
|
|
||||||
#define CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS (1 << 7)
|
|
||||||
#endif
|
|
||||||
|
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC(struct crypt_device *, crypt_free);
|
DEFINE_TRIVIAL_CLEANUP_FUNC(struct crypt_device *, crypt_free);
|
||||||
|
|
||||||
void cryptsetup_log_glue(int level, const char *msg, void *usrptr);
|
void cryptsetup_log_glue(int level, const char *msg, void *usrptr);
|
||||||
|
|
Loading…
Reference in New Issue