rpms/ecryptfs-utils/devel ecryptfs-utils-74-build.patch, NONE, 1.1 ecryptfs-utils-74-group.patch, NONE, 1.1 ecryptfs-utils-75-werror.patch, NONE, 1.1 .cvsignore, 1.24, 1.25 ecryptfs-utils.spec, 1.43, 1.44 sources, 1.25, 1.26
Michal Hlavinka
mhlavink at fedoraproject.org
Mon May 4 17:25:22 UTC 2009
- Previous message (by thread): rpms/xcowsay/F-11 import.log, NONE, 1.1 xcowfortune.desktop, NONE, 1.1 xcowsay.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/evolution/devel evolution-2.27.1-build-break.patch, NONE, 1.1 evolution.spec, 1.384, 1.385
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: mhlavink
Update of /cvs/extras/rpms/ecryptfs-utils/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21772
Modified Files:
.cvsignore ecryptfs-utils.spec sources
Added Files:
ecryptfs-utils-74-build.patch ecryptfs-utils-74-group.patch
ecryptfs-utils-75-werror.patch
Log Message:
updated to 75, restrict mount.ecryptfs_private to members of ecryptfs group only
ecryptfs-utils-74-build.patch:
--- NEW FILE ecryptfs-utils-74-build.patch ---
diff -up ecryptfs-utils-74/src/libecryptfs/Makefile.am.486139 ecryptfs-utils-74/src/libecryptfs/Makefile.am
--- ecryptfs-utils-74/src/libecryptfs/Makefile.am.486139 2009-04-20 11:03:03.000000000 +0200
+++ ecryptfs-utils-74/src/libecryptfs/Makefile.am 2009-04-23 17:03:16.178703120 +0200
@@ -2,6 +2,8 @@ MAINTAINERCLEANFILES = $(srcdir)/Makefil
lib_LTLIBRARIES = libecryptfs.la
+noinst_LIBRARIES = libecryptfs.a
+
pkgconfig_DATA = libecryptfs.pc
libecryptfs_la_SOURCES = \
@@ -20,10 +22,13 @@ libecryptfs_la_SOURCES = \
ecryptfs-stat.c \
$(top_srcdir)/src/key_mod/ecryptfs_key_mod_passphrase.c
+libecryptfs_a_SOURCES = $(libecryptfs_la_SOURCES)
+
libecryptfs_la_LDFLAGS = \
-version-info @LIBECRYPTFS_LT_CURRENT@:@LIBECRYPTFS_LT_REVISION@:@LIBECRYPTFS_LT_AGE@ \
-no-undefined
libecryptfs_la_CFLAGS = $(AM_CFLAGS) $(CRYPTO_CFLAGS) $(KEYUTILS_CFLAGS)
+libecryptfs_a_CFLAGS = $(libecryptfs_la_CFLAGS)
libecryptfs_la_LIBADD = $(CRYPTO_LIBS) $(KEYUTILS_LIBS)
splint:
diff -up ecryptfs-utils-74/src/utils/Makefile.am.486139 ecryptfs-utils-74/src/utils/Makefile.am
--- ecryptfs-utils-74/src/utils/Makefile.am.486139 2009-04-20 11:03:03.000000000 +0200
+++ ecryptfs-utils-74/src/utils/Makefile.am 2009-04-23 17:12:38.297756365 +0200
@@ -35,12 +35,12 @@ mount_ecryptfs_CFLAGS = $(AM_CFLAGS) $(K
mount_ecryptfs_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la $(KEYUTILS_LIBS) $(LIBGCRYPT_LIBS)
umount_ecryptfs_SOURCES = umount.ecryptfs.c
umount_ecryptfs_CFLAGS = $(AM_CFLAGS) $(KEYUTILS_CFLAGS)
-umount_ecryptfs_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
+umount_ecryptfs_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.a $(KEYUTILS_LIBS) $(CRYPTO_LIBS)
ecryptfs_manager_SOURCES = manager.c io.c io.h gen_key.c
ecryptfs_manager_CFLAGS = $(AM_CFLAGS) $(KEYUTILS_CFLAGS) $(LIBGCRYPT_CFLAGS)
ecryptfs_manager_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la $(KEYUTILS_LIBS) $(LIBGCRYPT_LIBS)
ecryptfs_wrap_passphrase_SOURCES = ecryptfs_wrap_passphrase.c
-ecryptfs_wrap_passphrase_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
+ecryptfs_wrap_passphrase_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
ecryptfs_unwrap_passphrase_SOURCES = ecryptfs_unwrap_passphrase.c
ecryptfs_unwrap_passphrase_LDADD = $(top_builddir)/src/libecryptfs/libecryptfs.la
ecryptfs_insert_wrapped_passphrase_into_keyring_SOURCES = ecryptfs_insert_wrapped_passphrase_into_keyring.c
ecryptfs-utils-74-group.patch:
--- NEW FILE ecryptfs-utils-74-group.patch ---
diff -up ecryptfs-utils-74/doc/manpage/ecryptfs-mount-private.1.group ecryptfs-utils-74/doc/manpage/ecryptfs-mount-private.1
--- ecryptfs-utils-74/doc/manpage/ecryptfs-mount-private.1.group 2009-03-05 22:17:36.000000000 +0100
+++ ecryptfs-utils-74/doc/manpage/ecryptfs-mount-private.1 2009-05-04 13:14:54.861539319 +0200
@@ -6,7 +6,7 @@ ecryptfs-mount-private \- interactive eC
\fBecryptfs-mount-private\fP
.SH DESCRIPTION
-\fBecryptfs-mount-private\fP is a wrapper script for the \fBmount.ecryptfs_private\fP utility that will interactively prompt for the user's login password, if necessary.
+\fBecryptfs-mount-private\fP is a wrapper script for the \fBmount.ecryptfs_private\fP utility that will interactively prompt for the user's login password, if necessary. You need to be a member of \fBecryptfs\fB group to use this.
.SH FILES
\fI~/.Private\fP - underlying directory containing encrypted data
diff -up ecryptfs-utils-74/doc/manpage/ecryptfs-setup-private.1.group ecryptfs-utils-74/doc/manpage/ecryptfs-setup-private.1
--- ecryptfs-utils-74/doc/manpage/ecryptfs-setup-private.1.group 2009-03-18 22:59:07.000000000 +0100
+++ ecryptfs-utils-74/doc/manpage/ecryptfs-setup-private.1 2009-05-04 13:14:54.861539319 +0200
@@ -43,7 +43,7 @@ Setup this user such that the encrypted
.SH DESCRIPTION
-\fBecryptfs-setup-private\fP is a program that sets up a private cryptographic mountpoint for a non-root user.
+\fBecryptfs-setup-private\fP is a program that sets up a private cryptographic mountpoint for a non-root user, who is a member of \fBecryptfs\fP group.
Be sure to properly escape your parameters according to your shell's special character nuances, and also surround the parameters by double quotes, if necessary. Any of the parameters may be:
diff -up ecryptfs-utils-74/doc/manpage/mount.ecryptfs.8.group ecryptfs-utils-74/doc/manpage/mount.ecryptfs.8
diff -up ecryptfs-utils-74/doc/manpage/mount.ecryptfs_private.1.group ecryptfs-utils-74/doc/manpage/mount.ecryptfs_private.1
--- ecryptfs-utils-74/doc/manpage/mount.ecryptfs_private.1.group 2009-03-05 22:17:36.000000000 +0100
+++ ecryptfs-utils-74/doc/manpage/mount.ecryptfs_private.1 2009-05-04 13:20:07.673112485 +0200
@@ -8,7 +8,7 @@ mount.ecryptfs_private \- eCryptfs priva
\fBNOTE:\fP This program will \fBnot\fP dynamically load the relevant keys. For this reason, it is recommended that users use \fBecryptfs-mount-private\fP(1) instead!
.SH DESCRIPTION
-\fBmount.ecryptfs_private\fP is a mount helper utility for non-root users to cryptographically mount a private directory, ~/Private.
+\fBmount.ecryptfs_private\fP is a mount helper utility for non-root users, who are members of \fBecryptfs\fP group, to cryptographically mount a private directory, ~/Private.
If, and only if:
- the private mount passphrase is in their kernel keyring, and
diff -up ecryptfs-utils-74/doc/manpage/umount.ecryptfs_private.1.group ecryptfs-utils-74/doc/manpage/umount.ecryptfs_private.1
--- ecryptfs-utils-74/doc/manpage/umount.ecryptfs_private.1.group 2009-03-05 22:17:36.000000000 +0100
+++ ecryptfs-utils-74/doc/manpage/umount.ecryptfs_private.1 2009-05-04 13:14:54.862538533 +0200
@@ -14,7 +14,7 @@ Options available for the \fBumount.ecry
Force the unmount, ignoring the value of the mount counter in \fI/tmp/ecryptfs-USERNAME-Private\fP
.SH DESCRIPTION
-\fBumount.ecryptfs_private\fP is a mount helper utility for non-root users to unmount a cryptographically mounted private directory, ~/Private.
+\fBumount.ecryptfs_private\fP is a mount helper utility for non-root users, who ares members of \fBecryptfs\fP group, to unmount a cryptographically mounted private directory, ~/Private.
If, and only if:
- the private mount passphrase is in their kernel keyring, and
diff -up ecryptfs-utils-74/src/utils/ecryptfs-setup-private.group ecryptfs-utils-74/src/utils/ecryptfs-setup-private
--- ecryptfs-utils-74/src/utils/ecryptfs-setup-private.group 2009-03-24 20:32:52.000000000 +0100
+++ ecryptfs-utils-74/src/utils/ecryptfs-setup-private 2009-05-04 13:14:54.862538533 +0200
@@ -188,6 +188,11 @@ else
id "$USER" >/dev/null || error "User [$USER] does not exist"
fi
+# Check if user is member of ecryptfs group
+if ! groups "$USER" | sed -e 's| |\n|g' | grep -n 'ecryptfs$'; then
+ error "User needs to be a member of ecryptfs group"
+fi
+
# Obtain the user's home directory
HOME=`getent passwd "$USER" | awk -F: '{print $6}'`
if [ ! -d "$HOME" ]; then
ecryptfs-utils-75-werror.patch:
--- NEW FILE ecryptfs-utils-75-werror.patch ---
diff -up ecryptfs-utils-75/src/libecryptfs/key_management.c.werror ecryptfs-utils-75/src/libecryptfs/key_management.c
--- ecryptfs-utils-75/src/libecryptfs/key_management.c.werror 2009-05-01 00:53:13.000000000 +0200
+++ ecryptfs-utils-75/src/libecryptfs/key_management.c 2009-05-04 17:49:49.940220924 +0200
@@ -18,6 +18,7 @@
* 02111-1307, USA.
*/
+#include "config.h"
#include <errno.h>
#ifdef ENABLE_NSS
#include <nss.h>
@@ -39,7 +40,6 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <pwd.h>
-#include "config.h"
#include "../include/ecryptfs.h"
#ifndef ENOKEY
diff -up ecryptfs-utils-75/src/utils/ecryptfs_unwrap_passphrase.c.werror ecryptfs-utils-75/src/utils/ecryptfs_unwrap_passphrase.c
--- ecryptfs-utils-75/src/utils/ecryptfs_unwrap_passphrase.c.werror 2009-05-04 17:50:33.587240171 +0200
+++ ecryptfs-utils-75/src/utils/ecryptfs_unwrap_passphrase.c 2009-05-04 17:50:33.615345763 +0200
@@ -42,7 +42,6 @@ int main(int argc, char *argv[])
char *wrapping_passphrase;
char salt[ECRYPTFS_SALT_SIZE];
char salt_hex[ECRYPTFS_SALT_SIZE_HEX];
- struct passwd *pwd;
int rc = 0;
if (argc == 1) {
Index: .cvsignore
===================================================================
RCS file: /cvs/extras/rpms/ecryptfs-utils/devel/.cvsignore,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -p -r1.24 -r1.25
--- .cvsignore 21 Mar 2009 07:30:12 -0000 1.24
+++ .cvsignore 4 May 2009 17:24:51 -0000 1.25
@@ -1 +1 @@
-ecryptfs-utils_73.orig.tar.gz
+ecryptfs-utils_75.orig.tar.gz
Index: ecryptfs-utils.spec
===================================================================
RCS file: /cvs/extras/rpms/ecryptfs-utils/devel/ecryptfs-utils.spec,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -p -r1.43 -r1.44
--- ecryptfs-utils.spec 21 Mar 2009 07:21:44 -0000 1.43
+++ ecryptfs-utils.spec 4 May 2009 17:24:51 -0000 1.44
@@ -2,19 +2,29 @@
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
Name: ecryptfs-utils
-Version: 73
+Version: 75
Release: 1%{?dist}
Summary: The eCryptfs mount helper and support libraries
Group: System Environment/Base
License: GPLv2+
URL: https://launchpad.net/ecryptfs
-Source0: http://launchpad.net/ecryptfs/trunk/%{version}/+download/ecryptfs-utils_%{version}.orig.tar.gz
-Source1: http://bazaar.launchpad.net/%7Eecryptfs/ecryptfs/ecryptfs-utils/annotate/head%3A/src/desktop/ecryptfs-mount-private.desktop
+Source0: http://launchpad.net/ecryptfs/trunk/%{version}/+download/%{name}_%{version}.orig.tar.gz
+
+#fix wrong Makefile for umount.ecryptfs
+Patch2: ecryptfs-utils-74-build.patch
+
+#restrict suid mount.ecryptfs_private to ecryptfs group only
+#required for ecryptfs-utils <=75
+Patch3: ecryptfs-utils-74-group.patch
+
+#allow building with -Werror
+#required for ecryptfs-utils <= 75
+Patch4: ecryptfs-utils-75-werror.patch
+
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Requires: keyutils
BuildRequires: libgcrypt-devel keyutils-libs-devel openssl-devel pam-devel
-BuildRequires: trousers-devel python python-devel nss-devel desktop-file-utils
-Conflicts: kernel < 2.6.19
+BuildRequires: trousers-devel nss-devel desktop-file-utils
%description
eCryptfs is a stacked cryptographic filesystem that ships in Linux
@@ -28,6 +38,7 @@ Install ecryptfs-utils if you would like
Summary: The eCryptfs userspace development package
Group: System Environment/Base
Requires: keyutils-libs-devel %{name} = %{version}-%{release}
+Requires: pkgconfig
%description devel
Userspace development files for eCryptfs.
@@ -36,6 +47,7 @@ Userspace development files for eCryptfs
Summary: Python bindings for the eCryptfs utils
Group: System Environment/Base
Requires: ecryptfs-utils %{name} = %{version}-%{release}
+BuildRequires: python python-devel swig >= 1.3.31
%description python
The ecryptfs-utils-python package contains a module that permits
@@ -44,23 +56,41 @@ the interface supplied by the ecryptfs-u
%prep
%setup -q
+%patch2 -p1 -b .build
+%patch3 -p1 -b .group
+%patch4 -p1 -b .werror
%build
-%configure --disable-rpath --enable-tspi --enable-nss
+export CFLAGS="$RPM_OPT_FLAGS -ggdb -O2 -Werror"
+%configure --disable-rpath --enable-tspi --enable-nss --enable-static
+make clean
#disable rpath
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
+
+#remove -Werror flag for swig temporarily (swig is nasty #496613)
+sed -i 's|-Werror||' src/libecryptfs-swig/Makefile
make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
-rm -f $RPM_BUILD_ROOT%{_libdir}/*.a
+find $RPM_BUILD_ROOT%{_libdir}/ -name '*.a' | xargs rm -f
find $RPM_BUILD_ROOT%{_libdir}/ -name '*.la' | xargs rm -f
-mv $RPM_BUILD_ROOT/%{_libdir}/libecryptfs.so* $RPM_BUILD_ROOT/%{_lib}
rm -rf $RPM_BUILD_ROOT%{_docdir}/%{name}
-install -D -m 644 doc/ecryptfs-mount-private.txt $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.txt
-desktop-file-install --dir=${RPM_BUILD_ROOT}%{_datadir}/%{name} %{SOURCE1}
+#install files Makefile forgot install
+printf "Encoding=UTF-8\n" >>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop
+printf "Encoding=UTF-8\n" >>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop
+desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.desktop
+desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-setup-private.desktop
+touch -r src/desktop/ecryptfs-mount-private.desktop \
+ $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.desktop
+touch -r src/desktop/ecryptfs-setup-private.desktop \
+ $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.desktop
+rm -f $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-record-passphrase
+
+%pre
+groupadd -r -f ecryptfs
%post -p /sbin/ldconfig
@@ -74,10 +104,10 @@ rm -rf $RPM_BUILD_ROOT
%doc README COPYING AUTHORS NEWS THANKS
%doc doc/ecryptfs-faq.html doc/ecryptfs-pam-doc.txt
%doc doc/ecryptfs-pkcs11-helper-doc.txt
-%attr(4755,root,root) /sbin/mount.ecryptfs
-%attr(4755,root,root) /sbin/umount.ecryptfs
-%attr(4755,root,root) /sbin/mount.ecryptfs_private
-%attr(4755,root,root) /sbin/umount.ecryptfs_private
+/sbin/mount.ecryptfs
+/sbin/umount.ecryptfs
+%attr(4750,root,ecryptfs) /sbin/mount.ecryptfs_private
+/sbin/umount.ecryptfs_private
%{_bindir}/ecryptfs-manager
%{_bindir}/ecryptfs-insert-wrapped-passphrase-into-keyring
%{_bindir}/ecryptfs-rewrap-passphrase
@@ -92,13 +122,15 @@ rm -rf $RPM_BUILD_ROOT
%{_bindir}/ecryptfs-umount-private
%{_bindir}/ecryptfs-stat
%{_bindir}/ecryptfsd
-/%{_lib}/libecryptfs.so.0.0.0
-/%{_lib}/libecryptfs.so.0
+%{_bindir}/ecryptfs-dot-private
%{_libdir}/ecryptfs
+%{_libdir}/libecryptfs.so.0
+%{_libdir}/libecryptfs.so.0.0.0
/%{_lib}/security/pam_ecryptfs.so
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/ecryptfs-mount-private.txt
%{_datadir}/%{name}/ecryptfs-mount-private.desktop
+%{_datadir}/%{name}/ecryptfs-setup-private.desktop
%{_mandir}/man1/ecryptfs-add-passphrase.1.gz
%{_mandir}/man1/ecryptfs-generate-tpm-key.1.gz
%{_mandir}/man1/ecryptfs-insert-wrapped-passphrase-into-keyring.1.gz
@@ -119,7 +151,7 @@ rm -rf $RPM_BUILD_ROOT
%files devel
%defattr(-,root,root,-)
-/%{_lib}/libecryptfs.so
+%{_libdir}/libecryptfs.so
%{_libdir}/pkgconfig/libecryptfs.pc
%{_includedir}/ecryptfs.h
@@ -135,6 +167,13 @@ rm -rf $RPM_BUILD_ROOT
%{python_sitearch}/ecryptfs-utils/_libecryptfs.so
%changelog
+* Mon May 04 2009 Michal Hlavinka <mhlavink at redhat.com> 75-1
+- updated to 75
+- restrict mount.ecryptfs_private to ecryptfs group members only
+
+* Thu Apr 23 2009 Michal Hlavinka <mhlavink at redhat.com> 74-1
+- updated to 74
+
* Sat Mar 21 2009 Michal Hlavinka <mhlavink at redhat.com> 73-1
- updated to 73
- move libs from /usr/lib to /lib (#486139)
Index: sources
===================================================================
RCS file: /cvs/extras/rpms/ecryptfs-utils/devel/sources,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -p -r1.25 -r1.26
--- sources 21 Mar 2009 07:30:12 -0000 1.25
+++ sources 4 May 2009 17:24:51 -0000 1.26
@@ -1 +1 @@
-8e651749b9d75ee9a4d4894483022857 ecryptfs-utils_73.orig.tar.gz
+2c4e8be38d1ea8cadd9f870f15430f07 ecryptfs-utils_75.orig.tar.gz
- Previous message (by thread): rpms/xcowsay/F-11 import.log, NONE, 1.1 xcowfortune.desktop, NONE, 1.1 xcowsay.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/evolution/devel evolution-2.27.1-build-break.patch, NONE, 1.1 evolution.spec, 1.384, 1.385
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list