commit: 5a2845f689cd15c181292cd5fba45f2b672480da Author: Alfred Wingate <parona <AT> protonmail <DOT> com> AuthorDate: Thu Jan 16 09:47:19 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Fri Jan 24 04:07:30 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5a2845f6
sys-fs/cryfs: add 1.0.1 Closes: https://bugs.gentoo.org/946941 Signed-off-by: Alfred Wingate <parona <AT> protonmail.com> Closes: https://github.com/gentoo/gentoo/pull/40286 Signed-off-by: Sam James <sam <AT> gentoo.org> sys-fs/cryfs/Manifest | 1 + sys-fs/cryfs/cryfs-1.0.1.ebuild | 175 +++++++++++++++++ .../files/cryfs-1.0.1-unbundle-vendored-libs.patch | 209 +++++++++++++++++++++ 3 files changed, 385 insertions(+) diff --git a/sys-fs/cryfs/Manifest b/sys-fs/cryfs/Manifest index 44cb16c6f3c8..1a1b52c4e646 100644 --- a/sys-fs/cryfs/Manifest +++ b/sys-fs/cryfs/Manifest @@ -1 +1,2 @@ DIST cryfs-0.11.4.tar.gz 10420508 BLAKE2B 3b096180f204b90774c2dee5a8bbfa2305fad62fdb86cfa03e802d6a01f3d7a01005c411a16cc3693f2c858e1be9313ba42ab2883daae993220049b34622e391 SHA512 a1aa9377cb0881f08f536f4b2116b27aeef71739e6a1362b209f38f1b54a9ae9e11a2a47ceaa28dcabd74d1ac57f0c92e3d1d8060eabeef4e7efd3d62cc7feea +DIST cryfs-1.0.1.tar.gz 9527514 BLAKE2B 6bf6d82bcca46e7db1583e997e979fb8977202f24ee113f137f301849c806ffb8120de002e92e1c15040bb5b74a78f7ce535f22c1c59874530c053257031d8fa SHA512 04877832ad155806720fbfe27508ce546dd9dfdd4a44382412152459c24f509e5ae47447b85676acd26df800996893662b74c996da1edd52aa890ddb05cd34db diff --git a/sys-fs/cryfs/cryfs-1.0.1.ebuild b/sys-fs/cryfs/cryfs-1.0.1.ebuild new file mode 100644 index 000000000000..b57ab1729115 --- /dev/null +++ b/sys-fs/cryfs/cryfs-1.0.1.ebuild @@ -0,0 +1,175 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +PYTHON_COMPAT=( python3_{10..13} ) +inherit cmake flag-o-matic linux-info python-any-r1 + +if [[ ${PV} == 9999 ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/cryfs/cryfs"; +else + SRC_URI=" + https://github.com/cryfs/cryfs/archive/refs/tags/${PV}.tar.gz + -> ${P}.tar.gz + " + KEYWORDS="~amd64 ~arm64 ~loong ~ppc64 ~riscv ~x86" +fi + +DESCRIPTION="Encrypted FUSE filesystem that conceals metadata" +HOMEPAGE="https://www.cryfs.org/"; + +LICENSE="LGPL-3 MIT" +SLOT="0" +IUSE="test" +RESTRICT="!test? ( test )" + +RDEPEND=" + dev-libs/boost:= + dev-libs/crypto++:= + dev-libs/libfmt:= + dev-libs/spdlog:= + >=sys-fs/fuse-2.8.6:0 +" +DEPEND=" + ${RDEPEND} + dev-cpp/range-v3 + net-misc/curl + test? ( + dev-cpp/gtest + ) +" +BDEPEND=" + ${PYTHON_DEPS} + virtual/pkgconfig + $(python_gen_any_dep ' + dev-python/versioneer[${PYTHON_USEDEP}] + ') +" + +PATCHES=( + # TODO: upstream: + "${FILESDIR}"/cryfs-1.0.1-unbundle-vendored-libs.patch +) + +python_check_deps() { + python_has_version "dev-python/versioneer[${PYTHON_USEDEP}]" +} + +pkg_setup() { + local CONFIG_CHECK="~FUSE_FS" + local WARNING_FUSE_FS="CONFIG_FUSE_FS is required for cryfs support." + + check_extra_config + python-any-r1_pkg_setup +} + +src_prepare() { + cmake_src_prepare + + # don't install compressed manpage + cmake_comment_add_subdirectory doc + + # We use the package instead for >=py3.12 compat, bug #908997 + rm src/gitversion/versioneer.py || die + + # Hook up ctest properly for better maintainer quality of life + sed -i -e '/option(BUILD_TESTING/aenable_testing()' CMakeLists.txt || die + sed -i -e '/BUILD_TESTING/a include(GoogleTest)' test/CMakeLists.txt || die + sed -i -e 's/add_test/gtest_discover_tests/' test/*/CMakeLists.txt || die +} + +src_configure() { + # ODR violations (bug #880563) + # ./CMakeLists.txt + # """ + # We don't use LTO because crypto++ has problems with it, + # see https://github.com/weidai11/cryptopp/issues/1031 and + # https://www.cryptopp.com/wiki/Link_Time_Optimization + # """ + filter-lto + + local mycmakeargs=( + # Upstream inconsistently specifies their libraries as STATIC + # Leading to issues when static libraries without PIC are linked + # with PIC shared libraries. + -DBUILD_SHARED_LIBS=OFF + -DBUILD_TESTING=$(usex test) + -DCRYFS_UPDATE_CHECKS=OFF + -DUSE_SYSTEM_LIBS=ON + ) + + append-cppflags -DNDEBUG + + # bug 907096 + use elibc_musl && append-flags -D_LARGEFILE64_SOURCE + + cmake_src_configure +} + +src_test() { + local TMPDIR="${T}" + + local CMAKE_SKIP_TESTS=( + # Cannot test mounting filesystems in sandbox + # Filesystem did not call onMounted callback, probably wasn't successfully mounted. + # bug #808849 + CliTest.WorksWithCommasInBasedir + CliTest_IntegrityCheck.givenIncorrectFilesystemId_thenFails + CliTest_IntegrityCheck.givenIncorrectFilesystemKey_thenFails + CliTest_Setup.AutocreateBasedir + CliTest_Setup.AutocreateMountpoint + CliTest_Setup.ConfigfileGiven + CliTest_Setup.ExistingLogfileGiven + CliTest_Setup.NoSpecialOptions + CliTest_Setup.NotexistingLogfileGiven + CliTest_Unmount.givenMountedFilesystem_whenUnmounting_thenSucceeds + RunningInForeground/CliTest_WrongEnvironment.BaseDir_AllPermissions + RunningInForeground/CliTest_WrongEnvironment.BaseDir_DoesntExist_Create + RunningInForeground/CliTest_WrongEnvironment.MountDir_AllPermissions + RunningInForeground/CliTest_WrongEnvironment.MountDir_DoesntExist_Create + RunningInForeground/CliTest_WrongEnvironment.NoErrorCondition + RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.BaseDir_AllPermissions + RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.BaseDir_DoesntExist_Create + RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.MountDir_AllPermissions + RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.MountDir_DoesntExist_Create + RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.NoErrorCondition + RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.BaseDir_AllPermissions + RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.BaseDir_DoesntExist_Create + RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.MountDir_AllPermissions + RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.MountDir_DoesntExist_Create + RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.NoErrorCondition + RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.BaseDir_AllPermissions + RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.BaseDir_DoesntExist_Create + RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.MountDir_AllPermissions + RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.MountDir_DoesntExist_Create + RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.NoErrorCondition + # Filesystem did not call onMounted callback, probably wasn't successfully mounted. + # fuse: failed to open /dev/fuse: Permission denied + CliTest_IntegrityCheck.givenFilesystemWithRolledBackBasedir_whenMounting_thenFails + CliTest_IntegrityCheck.whenRollingBackBasedirWhileMounted_thenUnmounts + # Tests that hang due to being unable to open fuse + # bug #699044 + # fuse: failed to open /dev/fuse: Permission denied + Fuse* + ) + + cmake_src_test +} + +src_install() { + cmake_src_install + doman doc/man/cryfs.1 + doman doc/man/cryfs-unmount.1 +} + +pkg_postinst() { + if ver_test "${REPLACING_VERSIONS}" -lt 1.0.0; then + elog "Filesystems created with CryFS 0.11.x and CryFS 1.0.0 are fully compatible with each other." + elog "This means filesystems created with 0.10.x or 0.11.x can be mounted without requiring a migration." + elog "Filesystems created with 1.0.0 or 0.11.x can be mounted by CryFS 0.10.x," + elog "but only if you configure it to use a cipher supported by CryFS 0.10.x, e.g. AES-256-GCM." + elog "The new default, XChaCha20-Poly1305, is not supported by CryFS 0.10.x." + fi +} diff --git a/sys-fs/cryfs/files/cryfs-1.0.1-unbundle-vendored-libs.patch b/sys-fs/cryfs/files/cryfs-1.0.1-unbundle-vendored-libs.patch new file mode 100644 index 000000000000..bfb5d4975290 --- /dev/null +++ b/sys-fs/cryfs/files/cryfs-1.0.1-unbundle-vendored-libs.patch @@ -0,0 +1,209 @@ +From a1973df742bbdac335b28786f4d429e522bcf411 Mon Sep 17 00:00:00 2001 +From: Alfred Wingate <[email protected]> +Date: Mon, 3 Jun 2024 15:05:01 +0300 +Subject: [PATCH] Add USE_SYSTEM_LIBS option to build without bundled libs + +* Based on a patch by Andreas Sturmlechner. +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -16,6 +16,7 @@ require_clang_version(7.0) + option(BUILD_TESTING "build test cases" OFF) + option(CRYFS_UPDATE_CHECKS "let cryfs check for updates and security vulnerabilities" ON) + option(DISABLE_OPENMP "allow building without OpenMP libraries. This will cause performance degradations." OFF) ++option(USE_SYSTEM_LIBS "build with system libs instead of bundled libs" OFF) + + # The following options are helpful for development and/or CI + option(USE_WERROR "build with -Werror flag") +@@ -41,7 +42,15 @@ endif() + + include(cmake-utils/Dependencies.cmake) + +-add_subdirectory(vendor EXCLUDE_FROM_ALL) ++if(USE_SYSTEM_LIBS) ++ include(FindPkgConfig) ++ pkg_check_modules(CRYPTOPP REQUIRED IMPORTED_TARGET libcryptopp>=8.9) ++ add_library(cryfs_vendor_cryptopp ALIAS PkgConfig::CRYPTOPP) ++ add_definitions(-DUSE_SYSTEM_LIBS) ++else() ++ add_subdirectory(vendor EXCLUDE_FROM_ALL) ++endif() ++ + add_subdirectory(src) + add_subdirectory(doc) + add_subdirectory(test) +--- a/src/blockstore/implementations/compressing/compressors/Gzip.cpp ++++ b/src/blockstore/implementations/compressing/compressors/Gzip.cpp +@@ -1,5 +1,9 @@ + #include "Gzip.h" ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/gzip.h> ++#else + #include <vendor_cryptopp/gzip.h> ++#endif + + using cpputils::Data; + +--- a/src/cpp-utils/crypto/hash/Hash.cpp ++++ b/src/cpp-utils/crypto/hash/Hash.cpp +@@ -1,6 +1,10 @@ + #include "Hash.h" + #include <cpp-utils/random/Random.h> ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/sha.h> ++#else + #include <vendor_cryptopp/sha.h> ++#endif + + using CryptoPP::SHA512; + +--- a/src/cpp-utils/crypto/kdf/Scrypt.cpp ++++ b/src/cpp-utils/crypto/kdf/Scrypt.cpp +@@ -1,5 +1,9 @@ + #include "Scrypt.h" ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/scrypt.h> ++#else + #include <vendor_cryptopp/scrypt.h> ++#endif + + using std::string; + +--- a/src/cpp-utils/crypto/symmetric/CFB_Cipher.h ++++ b/src/cpp-utils/crypto/symmetric/CFB_Cipher.h +@@ -6,7 +6,11 @@ + #include "../../data/Data.h" + #include "../../random/Random.h" + #include <boost/optional.hpp> ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/modes.h> ++#else + #include <vendor_cryptopp/modes.h> ++#endif + #include "Cipher.h" + #include "EncryptionKey.h" + +--- a/src/cpp-utils/crypto/symmetric/GCM_Cipher.h ++++ b/src/cpp-utils/crypto/symmetric/GCM_Cipher.h +@@ -3,7 +3,12 @@ + #define MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_GCMCIPHER_H_ + + #include "AEAD_Cipher.h" ++ ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/gcm.h> ++#else + #include <vendor_cryptopp/gcm.h> ++#endif + + namespace cpputils { + +--- a/src/cpp-utils/crypto/symmetric/ciphers.h ++++ b/src/cpp-utils/crypto/symmetric/ciphers.h +@@ -2,12 +2,21 @@ + #ifndef MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_CIPHERS_H_ + #define MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_CIPHERS_H_ + ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/aes.h> ++#include <cryptopp/twofish.h> ++#include <cryptopp/serpent.h> ++#include <cryptopp/cast.h> ++#include <cryptopp/mars.h> ++#include <cryptopp/chachapoly.h> ++#else + #include <vendor_cryptopp/aes.h> + #include <vendor_cryptopp/twofish.h> + #include <vendor_cryptopp/serpent.h> + #include <vendor_cryptopp/cast.h> + #include <vendor_cryptopp/mars.h> + #include <vendor_cryptopp/chachapoly.h> ++#endif + #include "GCM_Cipher.h" + #include "CFB_Cipher.h" + +--- a/src/cpp-utils/data/Data.cpp ++++ b/src/cpp-utils/data/Data.cpp +@@ -1,6 +1,10 @@ + #include "Data.h" + #include <stdexcept> ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/hex.h> ++#else + #include <vendor_cryptopp/hex.h> ++#endif + + using std::istream; + using std::ofstream; +--- a/src/cpp-utils/data/FixedSizeData.h ++++ b/src/cpp-utils/data/FixedSizeData.h +@@ -2,7 +2,11 @@ + #ifndef MESSMER_CPPUTILS_DATA_FIXEDSIZEDATA_H_ + #define MESSMER_CPPUTILS_DATA_FIXEDSIZEDATA_H_ + ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/hex.h> ++#else + #include <vendor_cryptopp/hex.h> ++#endif + #include <string> + #include <array> + #include <cstring> +--- a/src/cpp-utils/random/OSRandomGenerator.h ++++ b/src/cpp-utils/random/OSRandomGenerator.h +@@ -3,7 +3,11 @@ + #define MESSMER_CPPUTILS_RANDOM_OSRANDOMGENERATOR_H + + #include "RandomGenerator.h" ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/osrng.h> ++#else + #include <vendor_cryptopp/osrng.h> ++#endif + + namespace cpputils { + class OSRandomGenerator final : public RandomGenerator { +--- a/src/cpp-utils/random/RandomGeneratorThread.h ++++ b/src/cpp-utils/random/RandomGeneratorThread.h +@@ -4,7 +4,11 @@ + + #include "../thread/LoopThread.h" + #include "ThreadsafeRandomDataBuffer.h" ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/osrng.h> ++#else + #include <vendor_cryptopp/osrng.h> ++#endif + + namespace cpputils { + //TODO Test +--- a/src/cryfs/impl/localstate/BasedirMetadata.cpp ++++ b/src/cryfs/impl/localstate/BasedirMetadata.cpp +@@ -1,7 +1,11 @@ + #include "BasedirMetadata.h" + #include <boost/property_tree/ptree.hpp> + #include <boost/property_tree/json_parser.hpp> ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/sha.h> ++#else + #include <vendor_cryptopp/sha.h> ++#endif + #include <boost/filesystem/operations.hpp> + #include "LocalStateDir.h" + #include <cpp-utils/logging/logging.h> +--- a/test/cryfs/impl/config/CompatibilityTest.cpp ++++ b/test/cryfs/impl/config/CompatibilityTest.cpp +@@ -2,7 +2,11 @@ + #include <vector> + #include <boost/filesystem.hpp> + #include <cpp-utils/data/Data.h> ++#if defined(USE_SYSTEM_LIBS) ++#include <cryptopp/hex.h> ++#else + #include <vendor_cryptopp/hex.h> ++#endif + #include <cpp-utils/crypto/symmetric/ciphers.h> + #include <cpp-utils/tempfile/TempFile.h> + #include <cryfs/impl/config/CryConfigFile.h> +-- +2.48.0 +
