commit: f168a5fc7f0acef76b0192c8153e0dd58c914272 Author: Hank Leininger <hlein <AT> korelogic <DOT> com> AuthorDate: Sat Oct 12 01:52:37 2024 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Wed Nov 13 05:55:29 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f168a5fc
sys-fs/loop-aes: bump; compat improvements Adds kernel 6.11.x support. Prefer loop-aes-losetup if available; support using ext2 instead of minix in the initrd image. Closes: https://bugs.gentoo.org/941183 Closes: https://bugs.gentoo.org/941184 Closes: https://bugs.gentoo.org/941295 Signed-off-by: Hank Leininger <hlein <AT> korelogic.com> Signed-off-by: Sam James <sam <AT> gentoo.org> sys-fs/loop-aes/Manifest | 2 + .../loop-aes-3.8e-build-initrd_initfstype.patch | 76 ++++++++++++++++++++ ...-aes-3.8e-build-initrd_prefer-l-a-losetup.patch | 42 +++++++++++ sys-fs/loop-aes/loop-aes-3.8e.ebuild | 84 ++++++++++++++++++++++ 4 files changed, 204 insertions(+) diff --git a/sys-fs/loop-aes/Manifest b/sys-fs/loop-aes/Manifest index b3b79b6c9c0a..b79f3a4e134c 100644 --- a/sys-fs/loop-aes/Manifest +++ b/sys-fs/loop-aes/Manifest @@ -3,3 +3,5 @@ DIST loop-AES-v3.8c.tar.bz2 419257 BLAKE2B dd7fe8e4fbc3b58e11ef5440ea81b65d9a1e9 DIST loop-AES-v3.8c.tar.bz2.sig 861 BLAKE2B aa6c3e2b1e0ab604d92ae6c09fed992f629c7f61b7b62e6d073600f72973ace430e5e0964174a40b63eb703ede4f53098c6deb8af13d663e0bb147a2138a6635 SHA512 44ca990fdf55e8c03e85139dfc07dde5ad1cbd3944060ee2c15b3ce54656b7836e7a8839d237a53361c3ba7bdafda39cbbab0f03bd1952e679d1a3a3c2f0930b DIST loop-AES-v3.8d.tar.bz2 419860 BLAKE2B 67362b54d031df928080c97e5143eb80b6b3f2b89c4b2b318794bfa1cf79e9092d312e0dd42a70599b5b4684643f18477203a8ed901ebc13d77dcfbc0f625801 SHA512 10abb0e2719225f74fc01c443cf5fa741dc40548ba342158e5fdaf40934dd50db0b624125073eab04084b8d2245ccd353bf5d1027509e251566940f99576fce0 DIST loop-AES-v3.8d.tar.bz2.sig 861 BLAKE2B 7835b504cf507a9b70c0fc75ae2a052223f6b8077f6b616a4c0ecf4158ff9cdaf91ca407098195b8bff487db3208519220fd9270b75a75c2b2a037714fedab28 SHA512 57f8da54e3138a3bbc34b312df8efca9346de54e17299ad3308b4b3a859925e19c15eed7e6727c28a5214274e4d48acf8ac4748666032ca0133d0088b9ee3990 +DIST loop-AES-v3.8e.tar.bz2 419394 BLAKE2B 6051efde9c58ecc56231cc1671ed51a238b829098b0f91fe69a63d6080e7c6c87ce9510db25661058493a0e9f51382b7391509f4d146d491a0c7d20dda4eb05c SHA512 6191dbf2c4f2312c5caa14d124353894856fa9b97807c357ff916a81e8633cd8c9eeeb23d08fb7fb532dae02e0ecf03328f48e75227714e1ad9d1fc8ce27d224 +DIST loop-AES-v3.8e.tar.bz2.sig 861 BLAKE2B b220acdbd0c9aadd27abcc7c17818d38e791d3dd9c8f007af09a7fbb3bbcd1e6045fa31a3a13d82f5acfb3da1b6a41da6b6631c130abcd665bf3aa896583cc08 SHA512 2c62886e8be40849b8aa44cd36328c121e35428398f742ea3fad1a5cf445e131fe211ed4faeae4c1d2f702a2e4a050a4a5c4ac3eb341b2b5910cb9ce79c5c184 diff --git a/sys-fs/loop-aes/files/loop-aes-3.8e-build-initrd_initfstype.patch b/sys-fs/loop-aes/files/loop-aes-3.8e-build-initrd_initfstype.patch new file mode 100644 index 000000000000..bba57edcafda --- /dev/null +++ b/sys-fs/loop-aes/files/loop-aes-3.8e-build-initrd_initfstype.patch @@ -0,0 +1,76 @@ +diff '--color=auto' -urP loop-AES-v3.8e-build-initrd_prefer-l-a-losetup/build-initrd.sh loop-AES-v3.8e-build-initrd_initfstype/build-initrd.sh +--- loop-AES-v3.8e-build-initrd_prefer-l-a-losetup/build-initrd.sh 2024-10-11 12:24:11.542170501 -0600 ++++ loop-AES-v3.8e-build-initrd_initfstype/build-initrd.sh 2024-10-11 15:31:36.719228138 -0600 +@@ -74,6 +74,8 @@ + # 2.4 and older kernels always install to block/ directory + # 2.6 kernels with loop-AES-v3.2a and later install to extra/ directory + # ++# Note, if INITFSTYPE= is not minix, the rootfstype= arguments above ++# will need to be adjusted accordingly. + + ### All default-values can be altered via the configfile + +@@ -183,6 +185,9 @@ + # which must be in uncompressed form. (can not be .gz file) + LOADNATIONALKEYB=0 + ++# Filesystem type to use in the initrd (minix or ext2) ++INITFSTYPE=minix ++ + # Try to auto-assemble linux software raid md devices. This is only + # needed and used on USEPIVOT=2 (initramfs/switch_root) type build. + # This gets automatically disabled if none of needed devices (BOOTDEV, +@@ -887,10 +892,51 @@ + y=`expr ${y} + 1` + fi + ++ # Try to detect if the running system lacks support for ++ # the named filesystem, to avoid a less graceful error. ++ if [ -r /proc/filesystems ]; then ++ if ! grep -q " ${INITFSTYPE}\$" /proc/filesystems ; then ++ echo "************************************************" ++ echo "*** INITFSTYPE specifies a filesystem type ***" ++ echo "*** not supported by the running kernel. ***" ++ echo "*** Script aborted. ***" ++ echo "************************************************" ++ exit 1 ++ fi ++ fi ++ ++ # Check if the currently booted kernel has a rootfstype= ++ # argument that mismatches; warn but do not abort. ++ if [ -r /proc/cmdline ]; then ++ ROOTFSTYPEARG=$(grep -E -o 'rootfstype=[^ ]+' /proc/cmdline | cut -d= -f2-) ++ if [ -n "${ROOTFSTYPEARG}" ] && [ "${ROOTFSTYPEARG}" != "${INITFSTYPE}" ]; then ++ echo "******************************************************" ++ echo "*** Warning: INITFSTYPE '${INITFSTYPE}'" ++ echo "*** does not match the running kernel argument" ++ echo "*** 'rootfstype=${ROOTFSTYPEARG}'" ++ echo "*** Existing bootloader arguments may fail to boot." ++ echo "******************************************************" ++ fi ++ fi ++ ++ if [ ${INITFSTYPE} = "minix" ]; then ++ MKFS_ARGS="-t minix -i 32 tmp-i-$$ ${y}" ++ elif [ ${INITFSTYPE} = "ext2" ]; then ++ MKFS_ARGS="-t ext2 -i 1024 tmp-i-$$" ++ y=`expr ${y} + 80` ++ else ++ echo "*******************************************" ++ echo "*** Unsupported INITFSTYPE specified; ***" ++ echo "*** must be one of: minix, ext2 ***" ++ echo "*** Script aborted. ***" ++ echo "*******************************************" ++ exit 1 ++ fi ++ + dd if=/dev/zero of=tmp-i-$$ bs=1024 count=${y} +- /sbin/mkfs -t minix -i 32 tmp-i-$$ ${y} ++ /sbin/mkfs ${MKFS_ARGS} + ${LOSETUPLIVE} /dev/loop${DEVFSSLASH2}${TEMPLOOPINDEX} tmp-i-$$ +- mount -t minix /dev/loop${DEVFSSLASH2}${TEMPLOOPINDEX} tmp-d-$$ ++ mount -t ${INITFSTYPE} /dev/loop${DEVFSSLASH2}${TEMPLOOPINDEX} tmp-d-$$ + fi + cd tmp-d-$$ + diff --git a/sys-fs/loop-aes/files/loop-aes-3.8e-build-initrd_prefer-l-a-losetup.patch b/sys-fs/loop-aes/files/loop-aes-3.8e-build-initrd_prefer-l-a-losetup.patch new file mode 100644 index 000000000000..78309cf44926 --- /dev/null +++ b/sys-fs/loop-aes/files/loop-aes-3.8e-build-initrd_prefer-l-a-losetup.patch @@ -0,0 +1,42 @@ +diff '--color=auto' -urP loop-AES-v3.8e-build-initrd_explicit-losetup/build-initrd.sh loop-AES-v3.8e-build-initrd_prefer-l-a-losetup/build-initrd.sh +--- loop-AES-v3.8e-build-initrd_explicit-losetup/build-initrd.sh 2024-10-11 12:21:58.899153668 -0600 ++++ loop-AES-v3.8e-build-initrd_prefer-l-a-losetup/build-initrd.sh 2024-10-11 12:24:11.542170501 -0600 +@@ -863,6 +863,11 @@ + fi + rm -f tmp-c-$$.[co] + ++# If the live system has loop-aes-losetup, prefer that over losetup ++# (needed for e.g. Gentoo) ++LOSETUPLIVE=losetup ++command -v loop-aes-losetup >/dev/null && LOSETUPLIVE=loop-aes-losetup ++ + mkdir tmp-d-$$ + if [ ${USEPIVOT} != 2 ] ; then + x=`cat tmp-c-$$ | wc -c` +@@ -884,7 +889,7 @@ + + dd if=/dev/zero of=tmp-i-$$ bs=1024 count=${y} + /sbin/mkfs -t minix -i 32 tmp-i-$$ ${y} +- losetup /dev/loop${DEVFSSLASH2}${TEMPLOOPINDEX} tmp-i-$$ ++ ${LOSETUPLIVE} /dev/loop${DEVFSSLASH2}${TEMPLOOPINDEX} tmp-i-$$ + mount -t minix /dev/loop${DEVFSSLASH2}${TEMPLOOPINDEX} tmp-d-$$ + fi + cd tmp-d-$$ +@@ -980,7 +985,7 @@ + if [ ${USEPIVOT} != 2 ] ; then + umount tmp-d-$$ + rmdir tmp-d-$$ +- losetup -d /dev/loop${DEVFSSLASH2}${TEMPLOOPINDEX} ++ ${LOSETUPLIVE} -d /dev/loop${DEVFSSLASH2}${TEMPLOOPINDEX} + rm tmp-i-$$ + else + rm -rf tmp-d-$$ +@@ -1005,7 +1010,7 @@ + cd .. + df tmp-d-$$ + umount tmp-d-$$ +- losetup -d /dev/loop${DEVFSSLASH2}${TEMPLOOPINDEX} ++ ${LOSETUPLIVE} -d /dev/loop${DEVFSSLASH2}${TEMPLOOPINDEX} + rmdir tmp-d-$$ + sync ; sync ; sync + gzip -9 tmp-i-$$ diff --git a/sys-fs/loop-aes/loop-aes-3.8e.ebuild b/sys-fs/loop-aes/loop-aes-3.8e.ebuild new file mode 100644 index 000000000000..c195ff12ea91 --- /dev/null +++ b/sys-fs/loop-aes/loop-aes-3.8e.ebuild @@ -0,0 +1,84 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/openpgp-keys/jariruusu.asc" +inherit linux-mod-r1 verify-sig + +MY_P="${PN/aes/AES}-v${PV}" + +DESCRIPTION="Linux kernel module to encrypt disk partitions with AES cipher" +HOMEPAGE="https://sourceforge.net/projects/loop-aes/"; +SRC_URI=" + https://loop-aes.sourceforge.net/loop-AES/${MY_P}.tar.bz2 + verify-sig? ( + https://loop-aes.sourceforge.net/loop-AES/${MY_P}.tar.bz2.sign + -> ${MY_P}.tar.bz2.sig + ) +" +S="${WORKDIR}/${MY_P}" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~hppa ~ppc ~sparc ~x86" +IUSE="cpu_flags_x86_aes extra-ciphers keyscrub cpu_flags_x86_padlock" + +DEPEND="app-crypt/loop-aes-losetup" +BDEPEND="verify-sig? ( sec-keys/openpgp-keys-jariruusu )" + +PATCHES=( + "${FILESDIR}"/loop-aes-3.7w-build-initrd_explicit-losetup.patch + "${FILESDIR}"/loop-aes-3.8c-build-initrd_nvme.patch + "${FILESDIR}"/loop-aes-3.8e-build-initrd_prefer-l-a-losetup.patch + "${FILESDIR}"/loop-aes-3.8e-build-initrd_initfstype.patch +) + +pkg_setup() { + linux-mod-r1_pkg_setup + + CONFIG_CHECK="!BLK_DEV_LOOP" +} + +src_compile() { + local modlist=( loop=block::tmp-d-kbuild:all ) + local modargs=( VAR="${KV_OUT_DIR}" + LINUX_SOURCE="${KERNEL_DIR}" + KBUILD_OUTPUT="${KBUILD_OUTPUT}" + USE_KBUILD=y MODINST=n RUNDM=n ) + + if use extra-ciphers; then + modlist+=( + loop_blowfish=block::tmp-d-kbuild:all + loop_serpent=block::tmp-d-kbuild:all + loop_twofish=block::tmp-d-kbuild:all ) + modargs+=( EXTRA_CIPHERS=y ) + fi + + use cpu_flags_x86_aes && modargs+=( INTELAES=y ) + use keyscrub && modargs+=( KEYSCRUB=y ) + use cpu_flags_x86_padlock && modargs+=( PADLOCK=y ) + + linux-mod-r1_src_compile +} + +src_install() { + linux-mod-r1_src_install + + dodoc README + dodoc ChangeLog + dobin loop-aes-keygen + doman loop-aes-keygen.1 + + into / + dosbin build-initrd.sh +} + +pkg_postinst() { + linux-mod-r1_pkg_postinst + + einfo + einfo "For more instructions take a look at examples in README at:" + einfo "'${EPREFIX}/usr/share/doc/${PF}'" + einfo +}
