Major distributions already have cryptsetup newer than 2.4.0.
Let's bump the minimal required version.
Note, cryptsetup 2.4.0 was released on 2021-08-18.
See also #38608.
libblkid >= 2.37 (from util-linux) (optional)
libkmod >= 15 (optional)
PAM >= 1.1.2 (optional)
- libcryptsetup >= 2.0.1 (optional),
- >= 2.3.0 is required for signed Verity images support
+ libcryptsetup >= 2.4.0 (optional),
libaudit (optional)
libacl (optional)
libbpf >= 0.1.0 (optional),
endif
libcryptsetup = dependency('libcryptsetup',
- version : libcryptsetup_plugins.enabled() ? '>= 2.4.0' : '>= 2.0.1',
+ version : '>= 2.4.0',
required : libcryptsetup)
libcryptsetup_cflags = libcryptsetup.partial_dependency(includes: true, compile_args: true)
have = libcryptsetup.found()
conf.set10('HAVE_LIBCRYPTSETUP', have)
+conf.set10('HAVE_LIBCRYPTSETUP_PLUGINS',
+ libcryptsetup_plugins.allowed() and have)
foreach ident : [
- 'crypt_activate_by_token_pin', # 2.4
- 'crypt_logf', # 2.4
- 'crypt_reencrypt_run', # 2.4
- 'crypt_token_external_path', # 2.4
- 'crypt_token_max', # 2.4
'crypt_set_keyring_to_link', # 2.7
'crypt_token_set_external_path', # 2.7
]
conf.set10('HAVE_' + ident.to_upper(), have_ident)
endforeach
-conf.set10('HAVE_LIBCRYPTSETUP_PLUGINS',
- libcryptsetup_plugins.allowed() and
- conf.get('HAVE_CRYPT_ACTIVATE_BY_TOKEN_PIN') == 1 and
- conf.get('HAVE_CRYPT_LOGF') == 1 and
- conf.get('HAVE_CRYPT_TOKEN_EXTERNAL_PATH') == 1)
-
libcurl = dependency('libcurl',
version : '>= 7.32.0',
required : get_option('libcurl'))
arg_no_write_workqueue = true;
else if (streq(option, "luks"))
arg_type = ANY_LUKS;
-/* since cryptsetup 2.3.0 (Feb 2020) */
-#ifdef CRYPT_BITLK
else if (streq(option, "bitlk"))
arg_type = CRYPT_BITLK;
-#endif
else if (streq(option, "tcrypt"))
arg_type = CRYPT_TCRYPT;
else if (STR_IN_SET(option, "tcrypt-hidden", "tcrypthidden")) {
if (arg_no_write_workqueue)
flags |= CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE;
-#ifdef CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF
/* Try to decrease the risk of OOM event if memory hard key derivation function is in use */
/* https://gitlab.com/cryptsetup/cryptsetup/issues/446/ */
flags |= CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF;
-#endif
return flags;
}
}
}
-/* since cryptsetup 2.3.0 (Feb 2020) */
-#ifdef CRYPT_BITLK
if (streq_ptr(arg_type, CRYPT_BITLK)) {
r = crypt_load(cd, CRYPT_BITLK, NULL);
if (r < 0)
return log_error_errno(r, "Failed to load Bitlocker superblock on device %s: %m", crypt_get_device_name(cd));
}
-#endif
bool use_cached_passphrase = true, try_discover_key = !key_file;
const char *discovered_key_fn = strjoina(volume, ".key");
if (r < 0)
return log_error_errno(r, "Failed to load reencryption context: %m");
-#if HAVE_CRYPT_REENCRYPT_RUN
r = sym_crypt_reencrypt_run(cd, NULL, NULL);
-#else
- r = sym_crypt_reencrypt(cd, NULL);
-#endif
if (r < 0)
return log_error_errno(r, "Failed to encrypt %s: %m", node);
} else {
return 0;
#else
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
- "libcryptsetup is not supported or is missing required symbols, cannot encrypt.");
+ "libcryptsetup is not supported, cannot encrypt.");
#endif
}
DLSYM_PROTOTYPE(crypt_load) = NULL;
DLSYM_PROTOTYPE(crypt_metadata_locking) = NULL;
DLSYM_PROTOTYPE(crypt_reencrypt_init_by_passphrase) = NULL;
-#if HAVE_CRYPT_REENCRYPT_RUN
DLSYM_PROTOTYPE(crypt_reencrypt_run);
-#else
-DLSYM_PROTOTYPE(crypt_reencrypt);
-#endif
DLSYM_PROTOTYPE(crypt_resize) = NULL;
DLSYM_PROTOTYPE(crypt_resume_by_volume_key) = NULL;
DLSYM_PROTOTYPE(crypt_set_data_device) = NULL;
DLSYM_PROTOTYPE(crypt_suspend) = NULL;
DLSYM_PROTOTYPE(crypt_token_json_get) = NULL;
DLSYM_PROTOTYPE(crypt_token_json_set) = NULL;
-#if HAVE_CRYPT_TOKEN_MAX
DLSYM_PROTOTYPE(crypt_token_max) = NULL;
-#else
-int crypt_token_max(_unused_ const char *type) {
- assert(streq(type, CRYPT_LUKS2));
-
- return 32;
-}
-#endif
#if HAVE_CRYPT_TOKEN_SET_EXTERNAL_PATH
DLSYM_PROTOTYPE(crypt_token_set_external_path) = NULL;
#endif
DLSYM_ARG(crypt_load),
DLSYM_ARG(crypt_metadata_locking),
DLSYM_ARG(crypt_reencrypt_init_by_passphrase),
-#if HAVE_CRYPT_REENCRYPT_RUN
DLSYM_ARG(crypt_reencrypt_run),
-#else
- DLSYM_ARG(crypt_reencrypt),
-#endif
DLSYM_ARG(crypt_resize),
DLSYM_ARG(crypt_resume_by_volume_key),
DLSYM_ARG(crypt_set_data_device),
DLSYM_ARG(crypt_suspend),
DLSYM_ARG(crypt_token_json_get),
DLSYM_ARG(crypt_token_json_set),
-#if HAVE_CRYPT_TOKEN_MAX
DLSYM_ARG(crypt_token_max),
-#endif
#if HAVE_CRYPT_TOKEN_SET_EXTERNAL_PATH
DLSYM_ARG(crypt_token_set_external_path),
#endif
#if HAVE_LIBCRYPTSETUP
#include <libcryptsetup.h> /* IWYU pragma: export */
-/* These next two are defined in libcryptsetup.h from cryptsetup version 2.3.4 forwards. */
-#ifndef CRYPT_ACTIVATE_NO_READ_WORKQUEUE
-#define CRYPT_ACTIVATE_NO_READ_WORKQUEUE (1 << 24)
-#endif
-#ifndef CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE
-#define CRYPT_ACTIVATE_NO_WRITE_WORKQUEUE (1 << 25)
-#endif
-
extern DLSYM_PROTOTYPE(crypt_activate_by_passphrase);
extern DLSYM_PROTOTYPE(crypt_activate_by_signed_key);
extern DLSYM_PROTOTYPE(crypt_activate_by_volume_key);
extern DLSYM_PROTOTYPE(crypt_load);
extern DLSYM_PROTOTYPE(crypt_metadata_locking);
extern DLSYM_PROTOTYPE(crypt_reencrypt_init_by_passphrase);
-#if HAVE_CRYPT_REENCRYPT_RUN
extern DLSYM_PROTOTYPE(crypt_reencrypt_run);
-#else
-extern DLSYM_PROTOTYPE(crypt_reencrypt);
-#endif
extern DLSYM_PROTOTYPE(crypt_resize);
extern DLSYM_PROTOTYPE(crypt_resume_by_volume_key);
extern DLSYM_PROTOTYPE(crypt_set_data_device);
extern DLSYM_PROTOTYPE(crypt_suspend);
extern DLSYM_PROTOTYPE(crypt_token_json_get);
extern DLSYM_PROTOTYPE(crypt_token_json_set);
-#if HAVE_CRYPT_TOKEN_MAX
extern DLSYM_PROTOTYPE(crypt_token_max);
-#else
-/* As a fallback, use the same hard-coded value libcryptsetup uses internally. */
-int crypt_token_max(_unused_ const char *type);
-#define sym_crypt_token_max(type) crypt_token_max(type)
-#endif
#if HAVE_CRYPT_TOKEN_SET_EXTERNAL_PATH
extern DLSYM_PROTOTYPE(crypt_token_set_external_path);
#endif
arg_activate_flags |= CRYPT_ACTIVATE_RESTART_ON_CORRUPTION;
else if (streq(word, "ignore-zero-blocks"))
arg_activate_flags |= CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS;
-#ifdef CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE
else if (streq(word, "check-at-most-once"))
arg_activate_flags |= CRYPT_ACTIVATE_CHECK_AT_MOST_ONCE;
-#endif
-#ifdef CRYPT_ACTIVATE_PANIC_ON_CORRUPTION
else if (streq(word, "panic-on-corruption"))
arg_activate_flags |= CRYPT_ACTIVATE_PANIC_ON_CORRUPTION;
-#endif
else if ((val = startswith(word, "superblock="))) {
r = parse_boolean(val);
projects / thirdparty / systemd.git / commitdiff
