From b58112e5af484d9314f6a4487b1bc8b292f952ef Mon Sep 17 00:00:00 2001 From: Patrick Williams Date: Thu, 7 Mar 2024 11:16:36 -0600 Subject: subtree updates MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit meta-raspberrypi: 95a9103f91..92a9b7a012: Michał Kluska (1): rpi-base: Added missing HiFiBerry meta-openembedded: 9f0e513211..a0237019f5: Alexander Stein (1): libkcapi: Update HOMEPAGE url Changqing Li (4): syslog-ng: upgrade 4.0.1 -> 4.6.0 multipath-tools: upgrade 0.9.3 -> 0.9.8 nodejs: upgrade 20.11.0 -> 20.11.1 postgresql: upgrade 15.5 -> 16.2 Joe Slater (1): googletest: allow for shared libraries Khem Raj (17): python3-fastjsonschema: Add missing ptest deps python3-gpiod: Tests rely on configfs support in kernel python3-pyzmq: Add missing dep on python3-unixadmin for ptests python3-betamax: Upgrade to 0.9.0 libgpiod: Tests rely on configfs support in kernel keyutils: Add missing rdep for ptests fuse3: Make kmod as a recommendation instead of rdep for ptests drbd-utils: Disable warnings as errors influxdb: Define GOPROXY crucible: Define GOPROXY syzkaller: Fix build with go 1.21 e2tools: Delete unneeded files from ptest package ptest-packagelists-meta-oe: Move libgpiod out of PTESTS_PROBLEMS_META_OE ptest-packagelists-meta-python: Move py3-libgpiod out of PTESTS_PROBLEMS_META_PYTHON pgpool2: Upgrade to 4.5.1 pgpool2: Fix build with postgresql 16+ emacs: Add packageconfig for selinux support Krupal Ka Patel (1): python3-aiohappyeyeballs: Correct the typo of BBCLASSEXTEND Markus Volk (3): folks: update 0.15.6 -> 0.15.7 mozjs-115: update 115.6.0 -> 115.8.0 polkit: update 123 -> 124 Martin Jansa (3): ristretto: use python3native and depend on glib-2.0-native, python3-packaging-native xfce4-notifyd: use python3native and depend on python3-packaging-native fuse3: use 4 spaces for indentation Mingli Yu (1): nlohmann-json: Upgrade to 3.11.3 Randolph Sapp (1): glmark2: add upstream patch to not care about stencil config Ulrich Ölmann (1): signing.bbclass: fix typos Xiangyu Chen (3): iperf3: upgrade 3.15 -> 3.16 grpc: upgrade 1.60.0 -> 1.60.1 drbd-utils: upgrade 9.22.0 -> 9.27.0 Yi Zhao (7): openipmi: fix do_configure error when using dash cryptsetup: upgrade 2.6.1 -> 2.7.0 layer.conf: Add nativesdk-libdevmapper PREFERRED_RPROVIDER krb5: upgrade 1.20.2 -> 1.21.2 postfix: upgrade 3.7.3 -> 3.8.5 openldap: upgrade 2.5.16 -> 2.6.7 openvpn: upgrade 2.6.7 -> 2.6.9 Yoann Congal (3): drbd-utils: Drop a duplicated line in DESCRIPTION drbd-utils: Fix a udev rule reproducibility toybox-inittab: Fix serial getty reproducibility alperak (9): python3-google-auth: upgrade 2.28.0 -> 2.28.1 python3-netaddr: upgrade 0.10.1 -> 1.2.1 and add ptest ptest-packagelists-meta-python: Move python3-xlrd from PTESTS_PROBLEMS_META_PYTHON to PTESTS_FAST_META_PYTHON python3-wrapt: add ptest python3-freezegun: add recipe and add ptest python3-dateutil: upgrade 2.8.2 -> 2.9.0 python3-types-python-dateutil: add recipe python3-arrow: add ptest, update backend and runtime dependencies python3-marshmallow: upgrade 3.20.2 -> 3.21.1 and add ptest poky: 25d60ac6f6..7165c23237: Alexander Kanavin (48): xz: correct upstream version check python3-sphinxcontrib-jquery: add a recipe and make python3-sphinx-rtd-theme depend on it acl: upgrade 2.3.1 -> 2.3.2 appstream: upgrade 1.0.0 -> 1.0.2 boost: upgrade 1.83.0 -> 1.84.0 btrfs-tools: upgrade 6.5.3 -> 6.7.1 dnf: upgrade 4.18.2 -> 4.19.0 diffoscope: upgrade 253 -> 259 ell: upgrade 0.62 -> 0.63 elfutils: upgrade 0.189 -> 0.191 epiphany: upgrade 45.1 -> 45.3 gettext: upgrade 0.22.4 -> 0.22.5 glib-2.0: upgrade 2.78.3 -> 2.78.4 glib-networking: upgrade 2.78.0 -> 2.78.1 kmscube: upgrade to latest revision libbsd: upgrade 0.11.8 -> 0.12.1 libdnf: update 0.72.0 -> 0.73.0 libpciaccess: upgrade 0.17 -> 0.18 libpcre2: upgrade 10.42 -> 10.43 librepo: update 1.16.0 -> 1.17.0 libusb1: upgrade 1.0.26 -> 1.0.27 libxml2: upgrade 2.11.5 -> 2.12.5 linux-firmware: upgrade 20231211 -> 20240220 librsvg: upgrade 2.56.3 -> 2.57.1 lsof: upgrade 4.98.0 -> 4.99.3 man-pages: upgrade 6.05.01 -> 6.06 mc: upgrade 4.8.30 -> 4.8.31 mesa: upgrade 24.0.1 -> 24.0.2 minicom: upgrade 2.8 -> 2.9 nghttp2: upgrade 1.59.0 -> 1.60.0 orc: upgrade 0.4.37 -> 0.4.38 puzzles: upgrade to latest revision piglit: upgrade to latest revision python3-build: upgrade 1.0.3 -> 1.1.1 python3-dtschema: upgrade 2023.7 -> 2024.2 python3-jsonschema: upgrade 4.17.3 -> 4.21.1 and add new dependencies python3-ruamel-yaml: upgrade 0.17.35 -> 0.18.6 python3-setuptools: upgrade 69.0.3 -> 69.1.1 python3-wcwidth: upgrade 0.2.12 -> 0.2.13 repo: upgrade 2.41 -> 2.42 shaderc: update 2023.7 -> 2023.8 systemd: upgrade 255.1 -> 255.4 ttyrun: upgrade 2.30.0 -> 2.31.0 taglib: upgrade 1.13.1 -> 2.0 and add utfcpp recipe to support that update-rc.d: upgrade to latest revision vala: upgrade 0.56.13 -> 0.56.15 vulkan: upgrade 1.3.268.0 -> 1.3.275.0 webkitgtk: upgrade 2.42.2 -> 2.42.5 Bruce Ashfield (3): linux-yocto/cfg/6.6: drop CONFIG_DEBUG_CREDENTIALS linux-yocto/6.6: update to v6.6.20 linux-yocto/6.6: update CVE exclusions Changqing Li (3): rxvt-unicode: Fix installing of terminfo systemd: fix dead link /var/log/README go: filter out build specific path from the linker flags Chen Qi (2): systemd: use RDEPENDS for systemd-vconsole-setup systemd: remove systemd-bus-proxy settings Christian Taedcke (1): image_types.bbclass: fix vfat image names Eilís 'pidge' Ní Fhlannagáin (6): qemurunner.py: Fix error on calls to run_monitor screenshot-tests: Add initial screenshot test png files for core-image-sato oeqa/runtime/login: Proof of concept for screenshot testcases oeqa/runtime/login: Exclude qemuriscv64 oeqa/runtime/login: Add screenshot sample logic/timeout/dbus-wait sstatetests.py: Add testing for correct sstate permissions Fabio Estevam (1): u-boot: Move UBOOT_INITIAL_ENV back to u-boot.inc Geoff Parker (1): ref-manual: variables: adding multiple groups in GROUPADD_PARAM Johan Bezem (1): ref-manual: variables: correct sdk installation default path Jose Quaresma (7): go: rework patch to avoid identation go: bump 1.21.0 goarch: disable dynamic linking globally oeqa/gotoolchain: set GOPROXY go: upgrade 1.21.0 -> 1.21.5 go: upgrade 1.21.5 -> 1.21.7 go: bump 1.22.0 Khem Raj (4): mesa,mesa-gl: Fix build when dri3 is not enabled linux-yocto: Enable gpio-sim with ptests rust: Fix build failure re-appeared on riscv32 gdb: Upgrade 14.1 -> 14.2 Luca Ceresoli (2): ref-manual: tasks: do_cleanall: recommend using '-f' instead ref-manual: tasks: do_cleansstate: recommend using '-f' instead for a shared sstate Markus Volk (1): gtk+3: update 3.24.38 -> 3.24.41 Michael Opdenacker (4): core-image-full-cmdline: add package-management bitbake: utils: remove BB_ENV_PASSTHROUGH from preserved_envvars() dev-manual: packages: fix capitalization manuals: document VIRTUAL-RUNTIME variables Randy MacLeod (1): valgrind: skip intermittently failing ptests Richard Purdie (9): no-gplv3: Tweak for packagemangement in core-image-full-cmdline qemu: Replace workaround with proper usermode fix for shmat bitbake: fetch/git: Avoid clean upon failure go: Further tweak indentation in patch go: Drop linkmode with nativesdk/cross-canadian libpng: Update SRC_URI to avoid redirects oeqa/runtime/login: Various code improvements and fixes oeqa/runtime/login: Mask out the mouse panel icon for now oeqa/runtime/login: Fix dbus-wait timeout and loop conditional Robert P. J. Day (1): python3-cryptography_42.0.5.bb: delete redundant ptest packaging Ross Burton (2): Add genericarm64 MACHINE rxvt: add rxvt to desktop entry name Simone Weiß (4): coreutils: backport patch to fix heap overflow in split qemu: backport patch for ui/clipboard issue ref-manual: classes: add cve status check for oe.qa contributor-guide: add notes for tests Tim Orling (1): python3-hypothesis: upgrade 6.98.12 -> 6.98.15 Trevor Woerner (2): bmaptool: now part of Yocto Project dev-manual: bmaptool: rename Yi Zhao (1): expat: upgrdae 2.6.0 -> 2.6.1 Yoann Congal (1): bitbake: prserv/serv: Fix a PID file removal race on prserv stop Change-Id: Ie94e4df79e3d8f68aea3377f816d7106987a05f8 Signed-off-by: Patrick Williams --- .../recipes-crypto/cryptsetup/cryptsetup_2.6.1.bb | 117 --------------------- .../recipes-crypto/cryptsetup/cryptsetup_2.7.0.bb | 117 +++++++++++++++++++++ 2 files changed, 117 insertions(+), 117 deletions(-) delete mode 100644 meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.6.1.bb create mode 100644 meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.7.0.bb (limited to 'meta-openembedded/meta-oe/recipes-crypto/cryptsetup') diff --git a/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.6.1.bb b/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.6.1.bb deleted file mode 100644 index 2935221400..0000000000 --- a/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.6.1.bb +++ /dev/null @@ -1,117 +0,0 @@ -SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes" -DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \ -device-mapper mappings. These include plain dm-crypt volumes and \ -LUKS volumes. The difference is that LUKS uses a metadata header \ -and can hence offer more features than plain dm-crypt. On the other \ -hand, the header is visible and vulnerable to damage." -HOMEPAGE = "https://gitlab.com/cryptsetup/cryptsetup" -SECTION = "console" -LICENSE = "GPL-2.0-with-OpenSSL-exception" -LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326" - -DEPENDS = " \ - json-c \ - libdevmapper \ - popt \ - util-linux-libuuid \ -" - -DEPENDS:append:libc-musl = " argp-standalone" -LDFLAGS:append:libc-musl = " -largp" - -SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz" -SRC_URI[sha256sum] = "410ded65a1072ab9c8e41added37b9729c087fef4d2db02bb4ef529ad6da4693" - -inherit autotools gettext pkgconfig - -# Use openssl because libgcrypt drops root privileges -# if libgcrypt is linked with libcap support -PACKAGECONFIG ??= " \ - keyring \ - cryptsetup \ - veritysetup \ - luks2-reencryption \ - integritysetup \ - ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \ - kernel_crypto \ - internal-argon2 \ - blkid \ - luks-adjust-xts-keysize \ - openssl \ - ssh-token \ -" -PACKAGECONFIG:append:class-target = " \ - udev \ -" - -PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring" -PACKAGECONFIG[fips] = "--enable-fips,--disable-fips" -PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality" -PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc" -PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup" -PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup" -PACKAGECONFIG[luks2-reencryption] = "--enable-luks2-reencryption,--disable-luks2-reencryption" -PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup" -PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux" -PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules" -PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto" -# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't -# recognized. -PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2" -PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,--disable-internal-argon2" -PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-argon2,--disable-internal-sse-argon2" -PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux" -PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-random" -PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xts-keysize" -PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl" -PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt" -PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss" -PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel" -PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle" -PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1" -PACKAGECONFIG[ssh-token] = "--enable-ssh-token,--disable-ssh-token,libssh" - -EXTRA_OECONF = "--enable-static" -# Building without largefile is not supported by upstream -EXTRA_OECONF += "--enable-largefile" -# Requires a static popt library -EXTRA_OECONF += "--disable-static-cryptsetup" -# There's no recipe for libargon2 yet -EXTRA_OECONF += "--disable-libargon2" -# Disable documentation, there is no asciidoctor-native available in OE -EXTRA_OECONF += "--disable-asciidoc" -# libcryptsetup default PBKDF algorithm, Argon2 memory cost (KB), parallel threads and iteration time (ms) -LUKS2_PBKDF ?= "argon2i" -LUKS2_MEMORYKB ?= "1048576" -LUKS2_PARALLEL_THREADS ?= "4" -LUKS2_ITERTIME ?= "2000" - -EXTRA_OECONF += "--with-luks2-pbkdf=${LUKS2_PBKDF} \ - --with-luks2-memory-kb=${LUKS2_MEMORYKB} \ - --with-luks2-parallel-threads=${LUKS2_PARALLEL_THREADS} \ - --with-luks2-iter-time=${LUKS2_ITERTIME}" - -do_install:append() { - # The /usr/lib/cryptsetup directory is always created, even when ssh-token - # is disabled. In that case it is empty and causes a packaging error. Since - # there is no reason to distribute the empty directory, the easiest solution - # is to remove it if it is empty. - rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/${BPN} -} - -FILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}" - -RDEPENDS:${PN} = " \ - libdevmapper \ -" - -RRECOMMENDS:${PN}:class-target = " \ - kernel-module-aes-generic \ - kernel-module-dm-crypt \ - kernel-module-md5 \ - kernel-module-cbc \ - kernel-module-sha256-generic \ - kernel-module-xts \ -" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.7.0.bb b/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.7.0.bb new file mode 100644 index 0000000000..c5e84b1f01 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-crypto/cryptsetup/cryptsetup_2.7.0.bb @@ -0,0 +1,117 @@ +SUMMARY = "Manage plain dm-crypt and LUKS encrypted volumes" +DESCRIPTION = "Cryptsetup is used to conveniently setup dm-crypt managed \ +device-mapper mappings. These include plain dm-crypt volumes and \ +LUKS volumes. The difference is that LUKS uses a metadata header \ +and can hence offer more features than plain dm-crypt. On the other \ +hand, the header is visible and vulnerable to damage." +HOMEPAGE = "https://gitlab.com/cryptsetup/cryptsetup" +SECTION = "console" +LICENSE = "GPL-2.0-with-OpenSSL-exception" +LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326" + +DEPENDS = " \ + json-c \ + libdevmapper \ + popt \ + util-linux-libuuid \ +" + +DEPENDS:append:libc-musl = " argp-standalone" +LDFLAGS:append:libc-musl = " -largp" + +SRC_URI = "${KERNELORG_MIRROR}/linux/utils/${BPN}/v${@d.getVar('PV').split('.')[0]}.${@d.getVar('PV').split('.')[1]}/${BP}.tar.xz" +SRC_URI[sha256sum] = "94003a00cd5a81944f45e8dc529e0cfd2a6ff629bd2cd21cf5e574e465daf795" + +inherit autotools gettext pkgconfig + +# Use openssl because libgcrypt drops root privileges +# if libgcrypt is linked with libcap support +PACKAGECONFIG ??= " \ + keyring \ + cryptsetup \ + veritysetup \ + luks2-reencryption \ + integritysetup \ + ${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)} \ + kernel_crypto \ + internal-argon2 \ + blkid \ + luks-adjust-xts-keysize \ + openssl \ + ssh-token \ +" +PACKAGECONFIG:append:class-target = " \ + udev \ +" + +PACKAGECONFIG[keyring] = "--enable-keyring,--disable-keyring" +PACKAGECONFIG[fips] = "--enable-fips,--disable-fips" +PACKAGECONFIG[pwquality] = "--enable-pwquality,--disable-pwquality,libpwquality" +PACKAGECONFIG[passwdqc] = "--enable-passwdqc,--disable-passwdqc,passwdqc" +PACKAGECONFIG[cryptsetup] = "--enable-cryptsetup,--disable-cryptsetup" +PACKAGECONFIG[veritysetup] = "--enable-veritysetup,--disable-veritysetup" +PACKAGECONFIG[luks2-reencryption] = "--enable-luks2-reencryption,--disable-luks2-reencryption" +PACKAGECONFIG[integritysetup] = "--enable-integritysetup,--disable-integritysetup" +PACKAGECONFIG[selinux] = "--enable-selinux,--disable-selinux" +PACKAGECONFIG[udev] = "--enable-udev,--disable-udev,,udev lvm2-udevrules" +PACKAGECONFIG[kernel_crypto] = "--enable-kernel_crypto,--disable-kernel_crypto" +# gcrypt-pkbdf2 requries --with-crypto_backend=gcrypt or the flag isn't +# recognized. +PACKAGECONFIG[gcrypt-pbkdf2] = "--enable-gcrypt-pbkdf2" +PACKAGECONFIG[internal-argon2] = "--enable-internal-argon2,--disable-internal-argon2" +PACKAGECONFIG[internal-sse-argon2] = "--enable-internal-sse-argon2,--disable-internal-sse-argon2" +PACKAGECONFIG[blkid] = "--enable-blkid,--disable-blkid,util-linux" +PACKAGECONFIG[dev-random] = "--enable-dev-random,--disable-dev-random" +PACKAGECONFIG[luks-adjust-xts-keysize] = "--enable-luks-adjust-xts-keysize,--disable-luks-adjust-xts-keysize" +PACKAGECONFIG[openssl] = "--with-crypto_backend=openssl,,openssl" +PACKAGECONFIG[gcrypt] = "--with-crypto_backend=gcrypt,,libgcrypt" +PACKAGECONFIG[nss] = "--with-crypto_backend=nss,,nss" +PACKAGECONFIG[kernel] = "--with-crypto_backend=kernel" +PACKAGECONFIG[nettle] = "--with-crypto_backend=nettle,,nettle" +PACKAGECONFIG[luks2] = "--with-default-luks-format=LUKS2,--with-default-luks-format=LUKS1" +PACKAGECONFIG[ssh-token] = "--enable-ssh-token,--disable-ssh-token,libssh" + +EXTRA_OECONF = "--enable-static" +# Building without largefile is not supported by upstream +EXTRA_OECONF += "--enable-largefile" +# Requires a static popt library +EXTRA_OECONF += "--disable-static-cryptsetup" +# There's no recipe for libargon2 yet +EXTRA_OECONF += "--disable-libargon2" +# Disable documentation, there is no asciidoctor-native available in OE +EXTRA_OECONF += "--disable-asciidoc" +# libcryptsetup default PBKDF algorithm, Argon2 memory cost (KB), parallel threads and iteration time (ms) +LUKS2_PBKDF ?= "argon2i" +LUKS2_MEMORYKB ?= "1048576" +LUKS2_PARALLEL_THREADS ?= "4" +LUKS2_ITERTIME ?= "2000" + +EXTRA_OECONF += "--with-luks2-pbkdf=${LUKS2_PBKDF} \ + --with-luks2-memory-kb=${LUKS2_MEMORYKB} \ + --with-luks2-parallel-threads=${LUKS2_PARALLEL_THREADS} \ + --with-luks2-iter-time=${LUKS2_ITERTIME}" + +do_install:append() { + # The /usr/lib/cryptsetup directory is always created, even when ssh-token + # is disabled. In that case it is empty and causes a packaging error. Since + # there is no reason to distribute the empty directory, the easiest solution + # is to remove it if it is empty. + rmdir -p --ignore-fail-on-non-empty ${D}${libdir}/${BPN} +} + +FILES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/cryptsetup.conf', '', d)}" + +RDEPENDS:${PN} = " \ + libdevmapper \ +" + +RRECOMMENDS:${PN}:class-target = " \ + kernel-module-aes-generic \ + kernel-module-dm-crypt \ + kernel-module-md5 \ + kernel-module-cbc \ + kernel-module-sha256-generic \ + kernel-module-xts \ +" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3