File veracrypt.spec of Package veracrypt
#
# spec file for package veracrypt
#
# Copyright (c) 2024 tarcjf
# Copyright (c) 2022, 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
#
Name: veracrypt
Version: 1.26.7
Release: 0
Summary: Free disk encryption software based on TrueCrypt
License: Apache-2.0
Group: Productivity/Security
URL: https://www.%{name}.fr
# Way 1:
# https://github.com/veracrypt/VeraCrypt/releases
# https://github.com/veracrypt/VeraCrypt/releases/download/VeraCrypt_%{version}/VeraCrypt_%{version}_Source.tar.bz2
# https://github.com/veracrypt/VeraCrypt/releases/download/VeraCrypt_%{version}/VeraCrypt_%{version}_Source.tar.bz2.sig
#
# Way 2:
# https://veracrypt.fr/en/Downloads.html
# https://launchpad.net/veracrypt/trunk/%{version}/+download/VeraCrypt_%{version}_Source.tar.bz2
# https://launchpad.net/veracrypt/trunk/%{version}/+download/VeraCrypt_%{version}_Source.tar.bz2.sig
#
Source0: https://launchpad.net/veracrypt/trunk/%{version}/+download/VeraCrypt_%{version}_Source.tar.bz2
Source1: https://launchpad.net/veracrypt/trunk/%{version}/+download/VeraCrypt_%{version}_Source.tar.bz2.sig
Source2: https://launchpad.net/veracrypt/trunk/%{version}/+download/veracrypt-%{version}-sha512sum.txt
Source3: https://launchpad.net/veracrypt/trunk/%{version}/+download/veracrypt-%{version}-sha512sum.txt.sig
Source4: https://www.idrix.fr/VeraCrypt/VeraCrypt_PGP_public_key.asc
BuildRequires: gcc-c++
BuildRequires: pkgconfig
BuildRequires: sed
BuildRequires: pcsc-lite-devel
BuildRequires: pkgconfig(fuse)
BuildRequires: help2man
# NOTE: coreutils provides sha512sum
BuildRequires: coreutils
%if 0%{?suse_version}
BuildRequires: update-desktop-files
BuildRequires: wxWidgets-devel < 3.1
BuildRequires: wxWidgets-devel >= 3.0
BuildRequires: gpg2
%else # fedora
BuildRequires: desktop-file-utils
BuildRequires: wxWidgets-devel
BuildRequires: gnupg2
%endif
%ifarch %{ix86} x86_64
BuildRequires: yasm
%else
BuildRequires: nasm
%endif
%description
VeraCrypt is software for establishing and maintaining an
on-the-fly-encrypted volume (data storage device).
On-the-fly encryption means that data is automatically encrypted
right before it is saved and decrypted right after it is loaded,
without any user intervention. No data stored on an encrypted
volume can be read (decrypted) without using the correct
password/keyfile(s) or correct encryption keys. Entire file system
is encrypted (e.g., file names, folder names, contents of every
file, free space, meta data, etc).
It is based on original TrueCrypt 7.1a with security enhancements
and modifications.
%package -n veracrypt-lang
Summary: Translations for package veracrypt
Group: System/Localization
Requires: veracrypt = %{version}
Provides: veracrypt-lang-all = %{version}
Supplements: veracrypt
BuildArch: noarch
%description -n veracrypt-lang
Provides translations for the "veracrypt" package.
%package -n veracrypt-doc
Summary: Documentation for veracrypt
Group: Documentation/HTML
BuildArch: noarch
%description -n veracrypt-doc
This package contains the documentation for veracrypt.
# - [RPM Macros](https://docs.fedoraproject.org/en-US/packaging-guidelines/RPMMacros/)
#
# %{_sourcedir} == %{_topdir}/SOURCES
# %{_builddir} == %{_topdir}/BUILD
#
# - [RPM Package Guide](https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/7/html/rpm_packaging_guide/advanced-topics#using-the-setup-n-option)
# - [RPM Packaging Guide](https://rpm-packaging-guide.github.io/#setup)
# ==== %prep ====
# The %prep section specifies how to prepare the build environment.
# This usually involves expansion of compressed archives of the source code,
# application of patches, and, potentially, parsing of information provided
# in the source code for use in a later portion of the SPEC.
# In this section we simply use the built-in macro %setup -q.
#
# It actually runs
# [ 16s] Executing(%prep): /usr/bin/bash -e /var/tmp/rpm-tmp.qcLQm9
# [ 16s] + umask 022
# [ 16s] + cd /home/abuild/rpmbuild/BUILD
%prep
echo "============================================================================"
echo "Verify checksum & GPG sign..."
echo "============================================================================"
# -------------------------------------------------------------------------------------------------
# It seems that Fedora / RHEL provide macro %{gpgverify}:
# (reference: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_verifying_signatures )
#
# Source0: ftp://ftp.example.com/pub/foo/%{name}-%{version}.tar.gz
# Source1: ftp://ftp.example.com/pub/foo/%{name}-%{version}.tar.gz.asc
# Source2: https://www.example.com/gpgkey-0123456789ABCDEF0123456789ABCDEF.gpg
# …
# BuildRequires: gnupg2
# …
# %prep
# %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
#
# But it seems unavailable in OBS? At least I didn't find it in any openSUSE wiki / documentation:
# https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros
#
# I also tried to use it here but the build fails....:
#
# %{gpgverify} --keyring='%{SOURCE4}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
# %{gpgverify} --keyring='%{SOURCE4}' --signature='%{SOURCE3}' --data='%{SOURCE2}'
#
# So I still use the following ugly hack to do this...
# --------------------------------------------------------------------------------------------------
cd %{_sourcedir} # [HACK] add manually... because `%prep` seems cd to %{_builddir}
ls -al
# `sha512sum --check SUM.txt`,
# 1. SUM.txt contains `<checksum> <filename>`
# 2. no other argument is needed by `sha512sum`, or it will `exit 1`.
#
# It actually runs
# [ 16s] + sha512sum --ignore-missing --check /home/abuild/rpmbuild/SOURCES/veracrypt-1.26.7-sha512sum.txt
sha512sum --ignore-missing --check %{SOURCE2}
# Double check the GPG keyring file with its fingerprint.
# You can manually ensure the fingerprint of it at https://veracrypt.fr/en/Downloads.html
# 5069 A233 D55A 0EEB 174A 5FC3 821A CD02 680D 16DE
gpg --show-keys %{SOURCE4}
actual_fingerprint="$(gpg --show-keys %{SOURCE4} | sed -n 's/^ *\([0-9A-F]\{40\}\)/\1/p' | sed 's/.\{4\}/& /g' | sed 's/ $//')"
expect_fingerprint="5069 A233 D55A 0EEB 174A 5FC3 821A CD02 680D 16DE"
[ "$actual_fingerprint" = "$expect_fingerprint" ]
gpg --yes --import %{SOURCE4}
gpg --verify %{SOURCE1} %{SOURCE0}
gpg --verify %{SOURCE3} %{SOURCE2}
cd %{_builddir} # [HACK] cd back (according to %prep)...
echo "============================================================================"
echo "Checksum & GPG sign verified!"
echo "============================================================================"
# see https://rpm-packaging-guide.github.io/#setup
%setup -c
# ==== %build ====
# The %build section specifies how to actually build the software we are packaging.
# However, since a bash does not need to be built, simply remove what was provided by
# the template and leave this section blank.
%build
#force downgrade to c++11, because c++17 introduced the new type std::byte, that is now colliding
# with a typedef in the source-code.
export CFLAGS="%{optflags}"
export CXXFLAGS="$CFLAGS -std=c++11"
export TC_EXTRA_CXXFLAGS="$CXXFLAGS"
export TC_EXTRA_CFLAGS="$CFLAGS"
make -C src %{?_smp_mflags}
%install
install -D -m 0755 src/Main/veracrypt "%{buildroot}/%{_bindir}/veracrypt"
install -D -m 0755 -t %{buildroot}%{_sbindir} src/Setup/Linux/mount.veracrypt
install -D -m 0644 -t %{buildroot}%{_datadir}/veracrypt/languages Translations/*.xml
install -D -m 0644 -t %{buildroot}%{_datadir}/mime/packages src/Setup/Linux/veracrypt.xml
install -D -m 0644 src/Setup/Linux/%{name}.desktop "%{buildroot}%{_datadir}/applications/%{name}.desktop"
install -D -m 0644 src/Resources/Icons/VeraCrypt-256x256.xpm "%{buildroot}%{_datadir}/pixmaps/veracrypt.xpm"
# %if 0%{?suse_version}
# https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros
# -r Replace categories defined in the .desktop file with the new one defined by the parameter category. By default, the new categories are only added after the already included categories.
# -i Search %_sourcedir and /usr/share/update-desktop-files/templates for the template filename.desktop and install it as %buildroot/usr/share/applications/filename.desktop.
# WTF... cause error when put this into an `if` block
# _______________suse_update_desktop_file -r -i veracrypt System Security
# %else # fedora
# https://docs.fedoraproject.org/en-US/packaging-guidelines/#_desktop_file_install_usage
desktop-file-install \
--add-category="System" \
--add-category="Security" \
--delete-original \
--dir=%{buildroot}%{_datadir}/applications \
%{buildroot}%{_datadir}/applications/%{name}.desktop
# %endif
# man page
echo === generate manpage via help2man ========================================
install -d -m 0755 %{buildroot}%{_mandir}/man1
ls -al %{buildroot}%{_mandir}/man1
help2man -N -o %{buildroot}%{_mandir}/man1/veracrypt.1 \
%{buildroot}%{_bindir}/veracrypt
echo === check generated manpage =================================================
ls -al %{buildroot}%{_mandir}/man1
ls -al %{buildroot}%{_mandir}/man1/veracrypt.1
echo ==============================================================================
# see src/Build/Packaging/rpm-control/prerm.sh
%preun
if mount | grep -q veracrypt_aux_mnt ; then
echo "Error: All VeraCrypt volumes must be dismounted first." >&2
exit 1
fi
exit 0
%files
%license License.txt
%doc README.md doc/EFI-DCS/*.pdf
%{_bindir}/veracrypt
%{_sbindir}/mount.veracrypt
%dir %{_datadir}/veracrypt
%{_datadir}/mime/packages/veracrypt.xml
%{_mandir}/man1/veracrypt.1%{?ext_man}
%{_datadir}/applications/veracrypt.desktop
%{_datadir}/pixmaps/veracrypt.xpm
%files -n veracrypt-lang
%{_datadir}/veracrypt/languages
%files -n veracrypt-doc
%doc doc/html
%changelog
