diff --git a/security/cryptsetup/cryptsetup-0001-add-libgcrypt.m4.patch b/security/cryptsetup/cryptsetup-0001-add-libgcrypt.m4.patch new file mode 100644 index 000000000..357219290 --- /dev/null +++ b/security/cryptsetup/cryptsetup-0001-add-libgcrypt.m4.patch @@ -0,0 +1,126 @@ +--- /dev/null 2013-02-11 15:41:37.050360923 +0100 ++++ ./m4/libgcrypt.m4 2013-02-12 02:03:28.939730614 +0100 +@@ -0,0 +1,123 @@ ++dnl Autoconf macros for libgcrypt ++dnl Copyright (C) 2002, 2004 Free Software Foundation, Inc. ++dnl ++dnl This file is free software; as a special exception the author gives ++dnl unlimited permission to copy and/or distribute it, with or without ++dnl modifications, as long as this notice is preserved. ++dnl ++dnl This file is distributed in the hope that it will be useful, but ++dnl WITHOUT ANY WARRANTY, to the extent permitted by law; without even the ++dnl implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ++ ++ ++dnl AM_PATH_LIBGCRYPT([MINIMUM-VERSION, ++dnl [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]]) ++dnl Test for libgcrypt and define LIBGCRYPT_CFLAGS and LIBGCRYPT_LIBS. ++dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed ++dnl with the API version to also check the API compatibility. Example: ++dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed ++dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1. Using ++dnl this features allows to prevent build against newer versions of libgcrypt ++dnl with a changed API. ++dnl ++AC_DEFUN([AM_PATH_LIBGCRYPT], ++[ AC_ARG_WITH(libgcrypt-prefix, ++ AC_HELP_STRING([--with-libgcrypt-prefix=PFX], ++ [prefix where LIBGCRYPT is installed (optional)]), ++ libgcrypt_config_prefix="$withval", libgcrypt_config_prefix="") ++ if test x$libgcrypt_config_prefix != x ; then ++ if test x${LIBGCRYPT_CONFIG+set} != xset ; then ++ LIBGCRYPT_CONFIG=$libgcrypt_config_prefix/bin/libgcrypt-config ++ fi ++ fi ++ ++ AC_PATH_TOOL(LIBGCRYPT_CONFIG, libgcrypt-config, no) ++ tmp=ifelse([$1], ,1:1.2.0,$1) ++ if echo "$tmp" | grep ':' >/dev/null 2>/dev/null ; then ++ req_libgcrypt_api=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\1/'` ++ min_libgcrypt_version=`echo "$tmp" | sed 's/\(.*\):\(.*\)/\2/'` ++ else ++ req_libgcrypt_api=0 ++ min_libgcrypt_version="$tmp" ++ fi ++ ++ AC_MSG_CHECKING(for LIBGCRYPT - version >= $min_libgcrypt_version) ++ ok=no ++ if test "$LIBGCRYPT_CONFIG" != "no" ; then ++ req_major=`echo $min_libgcrypt_version | \ ++ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\1/'` ++ req_minor=`echo $min_libgcrypt_version | \ ++ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\2/'` ++ req_micro=`echo $min_libgcrypt_version | \ ++ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\)/\3/'` ++ libgcrypt_config_version=`$LIBGCRYPT_CONFIG --version` ++ major=`echo $libgcrypt_config_version | \ ++ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'` ++ minor=`echo $libgcrypt_config_version | \ ++ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'` ++ micro=`echo $libgcrypt_config_version | \ ++ sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\.\([[0-9]]*\).*/\3/'` ++ if test "$major" -gt "$req_major"; then ++ ok=yes ++ else ++ if test "$major" -eq "$req_major"; then ++ if test "$minor" -gt "$req_minor"; then ++ ok=yes ++ else ++ if test "$minor" -eq "$req_minor"; then ++ if test "$micro" -ge "$req_micro"; then ++ ok=yes ++ fi ++ fi ++ fi ++ fi ++ fi ++ fi ++ if test $ok = yes; then ++ AC_MSG_RESULT([yes ($libgcrypt_config_version)]) ++ else ++ AC_MSG_RESULT(no) ++ fi ++ if test $ok = yes; then ++ # If we have a recent libgcrypt, we should also check that the ++ # API is compatible ++ if test "$req_libgcrypt_api" -gt 0 ; then ++ tmp=`$LIBGCRYPT_CONFIG --api-version 2>/dev/null || echo 0` ++ if test "$tmp" -gt 0 ; then ++ AC_MSG_CHECKING([LIBGCRYPT API version]) ++ if test "$req_libgcrypt_api" -eq "$tmp" ; then ++ AC_MSG_RESULT([okay]) ++ else ++ ok=no ++ AC_MSG_RESULT([does not match. want=$req_libgcrypt_api got=$tmp]) ++ fi ++ fi ++ fi ++ fi ++ if test $ok = yes; then ++ LIBGCRYPT_CFLAGS=`$LIBGCRYPT_CONFIG --cflags` ++ LIBGCRYPT_LIBS=`$LIBGCRYPT_CONFIG --libs` ++ ifelse([$2], , :, [$2]) ++ if test x"$host" != x ; then ++ libgcrypt_config_host=`$LIBGCRYPT_CONFIG --host 2>/dev/null || echo none` ++ if test x"$libgcrypt_config_host" != xnone ; then ++ if test x"$libgcrypt_config_host" != x"$host" ; then ++ AC_MSG_WARN([[ ++*** ++*** The config script $LIBGCRYPT_CONFIG was ++*** built for $libgcrypt_config_host and thus may not match the ++*** used host $host. ++*** You may want to use the configure option --with-libgcrypt-prefix ++*** to specify a matching config script. ++***]]) ++ fi ++ fi ++ fi ++ else ++ LIBGCRYPT_CFLAGS="" ++ LIBGCRYPT_LIBS="" ++ ifelse([$3], , :, [$3]) ++ fi ++ AC_SUBST(LIBGCRYPT_CFLAGS) ++ AC_SUBST(LIBGCRYPT_LIBS) ++]) diff --git a/security/cryptsetup/cryptsetup.conf b/security/cryptsetup/cryptsetup.conf new file mode 100644 index 000000000..0d2ccc7c4 --- /dev/null +++ b/security/cryptsetup/cryptsetup.conf @@ -0,0 +1,18 @@ +# we patch in libgcrypt.m4 and need to call autoreconf to be able to +# select an alternative crypto backend +hook_add preconf 9 'autoreconf -vfi' + +if ! pkginstalled -f libgcrypt; then + echo_warning "Cannot use default crypto backend (libgcrypt missing)" + backend= + # select alternative crypto backend in that particular order + for x in openssl nettle nss; do + [ -z "$backend" ] || break; + if pkginstalled -f $x; then + backend=$x + fi + done + echo_status "Selecting alternative crypto backend ($backend)" + var_append extraconfopt ' ' "--with-crypto_backend=$backend" +fi +