File cryptconfig.spec of Package cryptconfig
#
# spec file for package cryptconfig (Version 0.3)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: cryptconfig
Version: 0.3
Release: 63
Group: System/Base
License: GPL v2 or later
Summary: A Utility to Configure Encrypted Home Directories and LUKS Partitions
AutoReqProv: on
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Requires: util-linux cryptsetup pam_mount >= 0.20 glib2 >= 2.8 openssl >= 0.9.7 pam-config >= 0.21
BuildRequires: cryptsetup glib2-devel >= 2.8 intltool libxml2-devel openssl-devel >= 0.9.7 pam-config >= 0.21 pam-devel util-linux
Source: %{name}-%{version}.tar.gz
%description
This package contains a utility for configuring encrypted home
directories and LUKS partitions. It also supports creating LUKS disk
images, creating LUKS partitions, and enlarging disk images along with
their file systems. This package also contains a pam module that syncs
a user's UNIX password with the password used to encrypt their home
directory.
Authors:
--------
Chris Rivera <crivera@novell.com>
%prep
%setup
%build
#CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%{_prefix} \
# --sbindir=%{_sbindir} --mandir=%{_mandir}
export CFLAGS="$RPM_OPT_FLAGS"
autoreconf --force --install
%configure --with-slibdir=/%{_lib}
%install
make install DESTDIR=${RPM_BUILD_ROOT}
rm -f $RPM_BUILD_ROOT/%_lib/security/pam_cryptpass.{a,la}
%{find_lang} %{name}
%clean
rm -rf $RPM_BUILD_ROOT
%files -f %{name}.lang
%defattr(-,root,root)
/%_lib/security/pam_cryptpass*.so
%{_sbindir}/cryptconfig
%{_sysconfdir}/cryptconfig.conf
%doc %{_mandir}/man8/cryptconfig.8.gz
%changelog
* Fri Nov 21 2008 crivera@suse.de
- Make sure we found a map device before calling
get_mount_point (). This fixes bnc#448200.
* Thu May 22 2008 cthiel@suse.de
- fix baselibs.conf
* Thu Apr 10 2008 ro@suse.de
- added baselibs.conf file to build xxbit packages
for multilib support
* Wed Mar 05 2008 crivera@suse.de
- Add a fix for bnc 367255.
* Tue Mar 04 2008 crivera@suse.de
- Add public data support. We use a very simple approach. We create a
public directory, /home/.$USER. Any public data is moved from the
encrypted home directory to the public directory. We then place symlinks
in the encrypted home directory and the unencrypted home directory that
point to the public data. The public data is available whether the
encrypted home directory is mounted or not.
This is adds two new commands pd-add and pd-remove. They each take a
list of relative or absolute paths rooted in the encrypted home directory.
* Mon Jan 21 2008 aj@suse.de
- Fix open call.
- Cleanup rpmlint warnings.
* Mon Nov 12 2007 crivera@suse.de
- Update cryptconfig to use new pam_mount xml config format.
- Use pam-config to modify PAM service files.
* Fri Nov 02 2007 crivera@suse.de
- Don't fail if some pam service files don't exist. This fixes
326794.
- Use loop ioctls instead of the losetup binary.
- Add memory locking to protect passpharses and key data.
- Allow for sizes like "1G" and "200M" to be given on the command
line.
* Mon Jun 11 2007 aj@suse.de
- Change Requires as well.
* Fri Jun 01 2007 lnussel@suse.de
- change BuildRequires util-linux-crypto -> cryptsetup
* Fri Mar 30 2007 crivera@suse.de
- Fix the copy_user_data() function to make sure dot directories
are getting copied. This fixes 259113.
* Mon Mar 12 2007 crivera@suse.de
- Implement pam_sm_open_session() and pam_sm_close_session() for
pam_cryptpass. This lets us hook into the session stack, before pam_mount,
to verify that the authtok being used can decrypt the image key. If it
can't then we can prompt for the key password and sync the two. This
provides a much nicer experience for users of non-local auth mechanisms.
This fixes 253683.
- Make root the owner of the unencrypted home directory. This is to avoid
confusion if the user logs in from a service that doesn't have pam_mount
in the stack. This fixes 245698.
- Add a flag, --remove-data, that will remove the data in the user's
unencrypted home directory after it's been copied to the encrypted image.
- Move the list of passwd services to cryptconfig.conf and add gnome-passwd
to the default list.
- Add pam_cryptpass.so to the pam session stack before pam_mount to ensure
that the key file is in sync with the user's password. This fixes 253683.
* Wed Feb 21 2007 crivera@suse.de
- Remove 'su' from the list of pam config files to edit.
This fixes Bug 245702.
- Add a check against a key file size threshold to avoid interger overflow
attacks. This helps fix 243881.
- Replace chown and g_stat with fchown and fstat to avoid potential
symlink issues. This helps fix 243881.
- Use "--" to prevent user's from adding additional command-line options
to apps that we exec. This helps fix 243881.
- Use flock() to avoid races if multiple instances cryptconfig are running.
- Set our umask to 077. This helps fix 243881.
* Wed Feb 14 2007 crivera@suse.de
- Use 64-bit version of lseek() when creating and enlarging
images. This fixes 245632.
* Mon Feb 12 2007 crivera@suse.de
- Search for the full path when looking for the
loop device an image is using.
- Make get_passphrase() stop reading input when it encounters
a new line. This allows cryptconfig to be a little more scriptable
and allows the new unit tests to work.
- Correctly check the return value when adding a key file to an image.
- Only call luks_close() if we've actually setup a map device.
- Don't allow encrypted home directories for the root user.
- Add a mount flag to the open command to allow images to be unlocked
and mounted.
- A few more minor fixes.
* Tue Jan 23 2007 crivera@suse.de
- Escape the '\' characters in user names when writing to
pam_mount.conf. This allows encrypted directories to work
with Active Directory. This fixes bug 237929.
- Set our umask to 022.
- Merge a patch from dgollub to fix a file creation bug.
- Add O_TRUNC in crappy_rename() when copying across devices.
- Move the pam services list to cryptconf.conf instead of
depending on an internal list. This will allow people to
enable encrypted home dirs with other pam services.
- Use 256 bytes of random data when generating a key instead of 64.
This is why we depend on pam_mount-0.18-32.
* Tue Jan 16 2007 crivera@suse.de
- Fix a small automake build issue.
* Fri Jan 12 2007 maw@suse.de
- Feature update (more fate #253)
- Remove cryptconfig-pam_moddir.patch which is now upstream.
* Tue Jan 09 2007 ro@suse.de
- fix lib64 issue: teach configure about PAM_MODDIR
- work around automake problem
* Mon Jan 08 2007 maw@suse.de
- Initial import into autobuild (fate #253).
