cryptsetup: bump minimum libcryptsetup version to v2.0.1

libcryptsetup v2.0.1 introduced new API calls, supporting 64 bit wide
integers for `keyfile_offset`. This change invokes the new function
call, gets rid of the warning that was added in #7689, and removes
redundant #ifdefery and constant definitions.
See https://gitlab.com/cryptsetup/cryptsetup/issues/359.

Fixes #7677.

diff --git a/meson.build b/meson.build
index e5ceb1e169db344f49849986a81e96c48b2cf2b0..4ef08a95391113b4727662a7c8d82b97b6d05311 100644 (file)
--- a/meson.build
+++ b/meson.build
@@ -960,20 +960,14 @@ conf.set10('HAVE_MICROHTTPD', have)
 want_libcryptsetup = get_option('libcryptsetup')
 if want_libcryptsetup != 'false' and not skip_deps
         libcryptsetup = dependency('libcryptsetup',
-                                   version : '>= 1.6.0',
+                                   version : '>= 2.0.1',
                                    required : want_libcryptsetup == 'true')
         have = libcryptsetup.found()
-        have_sector = cc.has_member(
-                    'struct crypt_params_plain',
-                    'sector_size',
-                    prefix : '#include <libcryptsetup.h>')
 else
         have = false
-        have_sector = false
         libcryptsetup = []
 endif
 conf.set10('HAVE_LIBCRYPTSETUP', have)
-conf.set10('HAVE_LIBCRYPTSETUP_SECTOR_SIZE', have_sector)
 
 want_libcurl = get_option('libcurl')
 if want_libcurl != 'false' and not skip_deps

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 78732a0a577f994b2e63ab4cde7954f88c4ca193..ebefb4d4d27386be83e860721434a62a8192f5d5 100644 (file)
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -35,9 +35,7 @@
 static const char *arg_type = NULL; /* ANY_LUKS, CRYPT_LUKS1, CRYPT_LUKS2, CRYPT_TCRYPT or CRYPT_PLAIN */
 static char *arg_cipher = NULL;
 static unsigned arg_key_size = 0;
-#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
 static unsigned arg_sector_size = CRYPT_SECTOR_SIZE;
-#endif
 static int arg_key_slot = CRYPT_ANY_SLOT;
 static unsigned arg_keyfile_size = 0;
 static uint64_t arg_keyfile_offset = 0;
@@ -51,9 +49,7 @@ static bool arg_same_cpu_crypt = false;
 static bool arg_submit_from_crypt_cpus = false;
 static bool arg_tcrypt_hidden = false;
 static bool arg_tcrypt_system = false;
-#ifdef CRYPT_TCRYPT_VERA_MODES
 static bool arg_tcrypt_veracrypt = false;
-#endif
 static char **arg_tcrypt_keyfiles = NULL;
 static uint64_t arg_offset = 0;
 static uint64_t arg_skip = 0;
@@ -109,7 +105,6 @@ static int parse_one_option(const char *option) {
 
         } else if ((val = startswith(option, "sector-size="))) {
 
-#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
                 r = safe_atou(val, &arg_sector_size);
                 if (r < 0) {
                         log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
@@ -125,10 +120,6 @@ static int parse_one_option(const char *option) {
                         log_error("sector-size= is outside of %u and %u, ignoring.", CRYPT_SECTOR_SIZE, CRYPT_MAX_SECTOR_SIZE);
                         return 0;
                 }
-#else
-                log_error("sector-size= is not supported, compiled with old libcryptsetup.");
-                return 0;
-#endif
 
         } else if ((val = startswith(option, "key-slot="))) {
 
@@ -157,22 +148,13 @@ static int parse_one_option(const char *option) {
                 }
 
         } else if ((val = startswith(option, "keyfile-offset="))) {
-                uint64_t off;
 
-                r = safe_atou64(val, &off);
+                r = safe_atou64(val, &arg_keyfile_offset);
                 if (r < 0) {
                         log_error_errno(r, "Failed to parse %s, ignoring: %m", option);
                         return 0;
                 }
 
-                if ((size_t) off != off) {
-                        /* https://gitlab.com/cryptsetup/cryptsetup/issues/359 */
-                        log_error("keyfile-offset= value would truncated to %zu, ignoring.", (size_t) off);
-                        return 0;
-                }
-
-                arg_keyfile_offset = off;
-
         } else if ((val = startswith(option, "hash="))) {
                 r = free_and_strdup(&arg_hash, val);
                 if (r < 0)
@@ -222,13 +204,8 @@ static int parse_one_option(const char *option) {
                 arg_type = CRYPT_TCRYPT;
                 arg_tcrypt_system = true;
         } else if (streq(option, "tcrypt-veracrypt")) {
-#ifdef CRYPT_TCRYPT_VERA_MODES
                 arg_type = CRYPT_TCRYPT;
                 arg_tcrypt_veracrypt = true;
-#else
-                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                       "This version of cryptsetup does not support tcrypt-veracrypt; refusing.");
-#endif
         } else if (STR_IN_SET(option, "plain", "swap", "tmp"))
                 arg_type = CRYPT_PLAIN;
         else if ((val = startswith(option, "timeout="))) {
@@ -453,10 +430,8 @@ static int attach_tcrypt(
         if (arg_tcrypt_system)
                 params.flags |= CRYPT_TCRYPT_SYSTEM_HEADER;
 
-#ifdef CRYPT_TCRYPT_VERA_MODES
         if (arg_tcrypt_veracrypt)
                 params.flags |= CRYPT_TCRYPT_VERA_MODES;
-#endif
 
         if (key_file) {
                 r = read_one_line_file(key_file, &passphrase);
@@ -503,9 +478,7 @@ static int attach_luks_or_plain(struct crypt_device *cd,
                 struct crypt_params_plain params = {
                         .offset = arg_offset,
                         .skip = arg_skip,
-#if HAVE_LIBCRYPTSETUP_SECTOR_SIZE
                         .sector_size = arg_sector_size,
-#endif
                 };
                 const char *cipher, *cipher_mode;
                 _cleanup_free_ char *truncated_cipher = NULL;
@@ -554,7 +527,7 @@ static int attach_luks_or_plain(struct crypt_device *cd,
                  crypt_get_device_name(cd));
 
         if (key_file) {
-                r = crypt_activate_by_keyfile_offset(cd, name, arg_key_slot, key_file, arg_keyfile_size, arg_keyfile_offset, flags);
+                r = crypt_activate_by_keyfile_device_offset(cd, name, arg_key_slot, key_file, arg_keyfile_size, arg_keyfile_offset, flags);
                 if (r == -EPERM) {
                         log_error_errno(r, "Failed to activate with key file '%s'. (Key data incorrect?)", key_file);
                         return -EAGAIN; /* Log actual error, but return EAGAIN */
@@ -723,7 +696,7 @@ static int run(int argc, char *argv[]) {
                                 if (r < 0)
                                         return log_error_errno(r, "Failed to set LUKS data device %s: %m", argv[3]);
                         }
-#ifdef CRYPT_ANY_TOKEN
+
                         /* Tokens are available in LUKS2 only, but it is ok to call (and fail) with LUKS1. */
                         if (!key_file) {
                                 r = crypt_activate_by_token(cd, argv[2], CRYPT_ANY_TOKEN, NULL, flags);
@@ -734,7 +707,6 @@ static int run(int argc, char *argv[]) {
 
                                 log_debug_errno(r, "Token activation unsuccessful for device %s: %m", crypt_get_device_name(cd));
                         }
-#endif
                 }
 
                 for (tries = 0; arg_tries == 0 || tries < arg_tries; tries++) {

diff --git a/src/shared/crypt-util.h b/src/shared/crypt-util.h
index bdc2d046ecc786e6a36b9e9e61845c05a9f446ef..c25b11599c5d85ac39ea5950b1b13c546ccbeff7 100644 (file)
--- a/src/shared/crypt-util.h
+++ b/src/shared/crypt-util.h
@@ -6,19 +6,6 @@
 
 #include "macro.h"
 
-/* libcryptsetup define for any LUKS version, compatible with libcryptsetup 1.x */
-#ifndef CRYPT_LUKS
-#define CRYPT_LUKS NULL
-#endif
-
-#ifndef CRYPT_ACTIVATE_SAME_CPU_CRYPT
-#define CRYPT_ACTIVATE_SAME_CPU_CRYPT (1 << 6)
-#endif
-
-#ifndef CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS
-#define CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS (1 << 7)
-#endif
-
 DEFINE_TRIVIAL_CLEANUP_FUNC(struct crypt_device *, crypt_free);
 
 void cryptsetup_log_glue(int level, const char *msg, void *usrptr);