d-two/operating-system
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bump buildroot to 2020.11-rc1 (#985)

Browse Source 
* Update buildroot-patches for 2020.11-rc1 buildroot

* Update buildroot to 2020.11-rc1

Signed-off-by: Stefan Agner <stefan@agner.ch>

* Don't rely on sfdisk --list-free output

The --list-free (-F) argument does not allow machine readable mode. And
it seems that the output format changes over time (different spacing,
using size postfixes instead of raw blocks).

Use sfdisk json output and calculate free partition space ourselfs. This
works for 2.35 and 2.36 and is more robust since we rely on output which
is meant for scripts to parse.

* Migrate defconfigs for Buildroot 2020.11-rc1

In particular, rename BR2_TARGET_UBOOT_BOOT_SCRIPT(_SOURCE) to
BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT(_SOURCE).

* Rebase/remove systemd patches for systemd 246

* Drop apparmor/libapparmor from buildroot-external

* hassos-persists: use /run as directory for lockfiles

The U-Boot tools use /var/lock by default which is not created any more
by systemd by default (it is under tmpfiles legacy.conf, which we no
longer install).

* Disable systemd-update-done.service

The service is not suited for pure read-only systems. In particular the
service needs to be able to write a file in /etc and /var. Remove the
service. Note: This is a static service and cannot be removed using
systemd-preset.

* Disable apparmor.service for now

The service loads all default profiles. Some might actually cause
problems. E.g. the profile for ping seems not to match our setup for
/etc/resolv.conf:
[85503.634653] audit: type=1400 audit(1605286002.684:236): apparmor="DENIED" operation="open" profile="ping" name="/run/resolv.conf" pid=27585 comm="ping" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
This commit is contained in:
Stefan Agner
2020-11-13 18:25:44 +01:00
committed by GitHub
parent 25a0dd3082
commit a0871be6c0
4024 changed files with 68095 additions and 47900 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
buildroot/package/cryptsetup/0001-Remove-json_object-typedef.patch
View File

@@ -12,6 +12,8 @@ In file included from lib/luks2/luks2_internal.h:32,
lib/luks2/luks2.h:86: error: redefinition of typedef 'json_object'
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
[Upstream status:
https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/91]
---
lib/luks2/luks2.h | 1 -
lib/setup.c | 1 +

179
buildroot/package/cryptsetup/0002-Add-support-for-upcoming-json-c-0.14.0.patch
View File

@@ -1,179 +0,0 @@
From 604abec333a0efb44fd8bc610aa0b1151dd0f612 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Mon, 13 Apr 2020 11:48:17 +0200
Subject: [PATCH] Add support for upcoming json-c 0.14.0.
* TRUE/FALSE are not defined anymore. 1 and 0 are used instead.
* json_object_get_uint64() and json_object_new_uint64() are part
of the upstream API now.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
lib/luks2/luks2_internal.h | 4 +++-
lib/luks2/luks2_json_metadata.c | 38 +++++++++++++++++----------------
2 files changed, 23 insertions(+), 19 deletions(-)
diff --git a/lib/luks2/luks2_internal.h b/lib/luks2/luks2_internal.h
index b9fec6b5..939101d6 100644
--- a/lib/luks2/luks2_internal.h
+++ b/lib/luks2/luks2_internal.h
@@ -58,9 +58,11 @@ json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr);
void hexprint_base64(struct crypt_device *cd, json_object *jobj,
const char *sep, const char *line_sep);
+#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
uint64_t json_object_get_uint64(json_object *jobj);
-uint32_t json_object_get_uint32(json_object *jobj);
json_object *json_object_new_uint64(uint64_t value);
+#endif
+uint32_t json_object_get_uint32(json_object *jobj);
int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val);
void json_object_object_del_by_uint(json_object *jobj, unsigned key);
diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
index 781280c2..712c2bbd 100644
--- a/lib/luks2/luks2_json_metadata.c
+++ b/lib/luks2/luks2_json_metadata.c
@@ -234,13 +234,14 @@ static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value)
tmp = strtoull(json_object_get_string(jobj), &endptr, 10);
if (*endptr || errno) {
*value = 0;
- return FALSE;
+ return 0;
}
*value = tmp;
- return TRUE;
+ return 1;
}
+#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
uint64_t json_object_get_uint64(json_object *jobj)
{
uint64_t r;
@@ -262,6 +263,7 @@ json_object *json_object_new_uint64(uint64_t value)
jobj = json_object_new_string(num);
return jobj;
}
+#endif
/*
* Validate helpers
@@ -273,9 +275,9 @@ static json_bool numbered(struct crypt_device *cd, const char *name, const char
for (i = 0; key[i]; i++)
if (!isdigit(key[i])) {
log_dbg(cd, "%s \"%s\" is not in numbered form.", name, key);
- return FALSE;
+ return 0;
}
- return TRUE;
+ return 1;
}
json_object *json_contains(struct crypt_device *cd, json_object *jobj, const char *name,
@@ -300,7 +302,7 @@ json_bool validate_json_uint32(json_object *jobj)
errno = 0;
tmp = json_object_get_int64(jobj);
- return (errno || tmp < 0 || tmp > UINT32_MAX) ? FALSE : TRUE;
+ return (errno || tmp < 0 || tmp > UINT32_MAX) ? 0 : 1;
}
static json_bool validate_keyslots_array(struct crypt_device *cd,
@@ -313,17 +315,17 @@ static json_bool validate_keyslots_array(struct crypt_device *cd,
jobj = json_object_array_get_idx(jarr, i);
if (!json_object_is_type(jobj, json_type_string)) {
log_dbg(cd, "Illegal value type in keyslots array at index %d.", i);
- return FALSE;
+ return 0;
}
if (!json_contains(cd, jobj_keys, "", "Keyslots section",
json_object_get_string(jobj), json_type_object))
- return FALSE;
+ return 0;
i++;
}
- return TRUE;
+ return 1;
}
static json_bool validate_segments_array(struct crypt_device *cd,
@@ -336,17 +338,17 @@ static json_bool validate_segments_array(struct crypt_device *cd,
jobj = json_object_array_get_idx(jarr, i);
if (!json_object_is_type(jobj, json_type_string)) {
log_dbg(cd, "Illegal value type in segments array at index %d.", i);
- return FALSE;
+ return 0;
}
if (!json_contains(cd, jobj_segments, "", "Segments section",
json_object_get_string(jobj), json_type_object))
- return FALSE;
+ return 0;
i++;
}
- return TRUE;
+ return 1;
}
static json_bool segment_has_digest(const char *segment_name, json_object *jobj_digests)
@@ -357,10 +359,10 @@ static json_bool segment_has_digest(const char *segment_name, json_object *jobj_
UNUSED(key);
json_object_object_get_ex(val, "segments", &jobj_segments);
if (LUKS2_array_jobj(jobj_segments, segment_name))
- return TRUE;
+ return 1;
}
- return FALSE;
+ return 0;
}
static json_bool validate_intervals(struct crypt_device *cd,
@@ -372,18 +374,18 @@ static json_bool validate_intervals(struct crypt_device *cd,
while (i < length) {
if (ix[i].offset < 2 * metadata_size) {
log_dbg(cd, "Illegal area offset: %" PRIu64 ".", ix[i].offset);
- return FALSE;
+ return 0;
}
if (!ix[i].length) {
log_dbg(cd, "Area length must be greater than zero.");
- return FALSE;
+ return 0;
}
if ((ix[i].offset + ix[i].length) > keyslots_area_end) {
log_dbg(cd, "Area [%" PRIu64 ", %" PRIu64 "] overflows binary keyslots area (ends at offset: %" PRIu64 ").",
ix[i].offset, ix[i].offset + ix[i].length, keyslots_area_end);
- return FALSE;
+ return 0;
}
for (j = 0; j < length; j++) {
@@ -393,14 +395,14 @@ static json_bool validate_intervals(struct crypt_device *cd,
log_dbg(cd, "Overlapping areas [%" PRIu64 ",%" PRIu64 "] and [%" PRIu64 ",%" PRIu64 "].",
ix[i].offset, ix[i].offset + ix[i].length,
ix[j].offset, ix[j].offset + ix[j].length);
- return FALSE;
+ return 0;
}
}
i++;
}
- return TRUE;
+ return 1;
}
static int LUKS2_keyslot_validate(struct crypt_device *cd, json_object *hdr_jobj, json_object *hdr_keyslot, const char *key)
--
2.20.1

512
buildroot/package/cryptsetup/0003-Avoid-name-clash-with-newer-json-c-library.patch
View File

@@ -1,512 +0,0 @@
From 55cf272d275c561459f2c9c3dc943ef7a69c9d4c Mon Sep 17 00:00:00 2001
From: Ondrej Kozina <okozina@redhat.com>
Date: Tue, 14 Apr 2020 17:24:54 +0200
Subject: [PATCH] Avoid name clash with newer json-c library.
This is partial revert of previous commit and also
fixes wrong decision to name our internal helpers with
json_object prefix.
(cherry picked from commit e6a356974330e3ae21579a5737976e9a2aad1b51)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
lib/luks2/luks2_internal.h | 8 +++-----
lib/luks2/luks2_json_format.c | 6 +++---
lib/luks2/luks2_json_metadata.c | 18 ++++++++----------
lib/luks2/luks2_keyslot.c | 8 ++++----
lib/luks2/luks2_keyslot_luks2.c | 16 ++++++++--------
lib/luks2/luks2_keyslot_reenc.c | 20 ++++++++++----------
lib/luks2/luks2_luks1_convert.c | 22 +++++++++++-----------
lib/luks2/luks2_reencrypt.c | 16 ++++++++--------
lib/luks2/luks2_segment.c | 12 ++++++------
9 files changed, 61 insertions(+), 65 deletions(-)
diff --git a/lib/luks2/luks2_internal.h b/lib/luks2/luks2_internal.h
index 6a8b8f2a..d2222e84 100644
--- a/lib/luks2/luks2_internal.h
+++ b/lib/luks2/luks2_internal.h
@@ -59,11 +59,9 @@ json_object *LUKS2_get_segments_jobj(struct luks2_hdr *hdr);
void hexprint_base64(struct crypt_device *cd, json_object *jobj,
const char *sep, const char *line_sep);
-#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
-uint64_t json_object_get_uint64(json_object *jobj);
-json_object *json_object_new_uint64(uint64_t value);
-#endif
-uint32_t json_object_get_uint32(json_object *jobj);
+uint64_t crypt_jobj_get_uint64(json_object *jobj);
+uint32_t crypt_jobj_get_uint32(json_object *jobj);
+json_object *crypt_jobj_new_uint64(uint64_t value);
int json_object_object_add_by_uint(json_object *jobj, unsigned key, json_object *jobj_val);
void json_object_object_del_by_uint(json_object *jobj, unsigned key);
diff --git a/lib/luks2/luks2_json_format.c b/lib/luks2/luks2_json_format.c
index d4f36247..32ea0ea4 100644
--- a/lib/luks2/luks2_json_format.c
+++ b/lib/luks2/luks2_json_format.c
@@ -325,8 +325,8 @@ int LUKS2_generate_hdr(
json_object_object_add_by_uint(jobj_segments, 0, jobj_segment);
- json_object_object_add(jobj_config, "json_size", json_object_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN));
- json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size));
+ json_object_object_add(jobj_config, "json_size", crypt_jobj_new_uint64(metadata_size - LUKS2_HDR_BIN_LEN));
+ json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
JSON_DBG(cd, hdr->jobj, "Header JSON:");
return 0;
@@ -400,6 +400,6 @@ int LUKS2_set_keyslots_size(struct crypt_device *cd,
if (!json_object_object_get_ex(hdr->jobj, "config", &jobj_config))
return 1;
- json_object_object_add(jobj_config, "keyslots_size", json_object_new_uint64(keyslots_size));
+ json_object_object_add(jobj_config, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
return 0;
}
diff --git a/lib/luks2/luks2_json_metadata.c b/lib/luks2/luks2_json_metadata.c
index 52421fac..19fb9588 100644
--- a/lib/luks2/luks2_json_metadata.c
+++ b/lib/luks2/luks2_json_metadata.c
@@ -219,7 +219,7 @@ int LUKS2_get_default_segment(struct luks2_hdr *hdr)
* json_type_int needs to be validated first.
* See validate_json_uint32()
*/
-uint32_t json_object_get_uint32(json_object *jobj)
+uint32_t crypt_jobj_get_uint32(json_object *jobj)
{
return json_object_get_int64(jobj);
}
@@ -241,15 +241,14 @@ static json_bool json_str_to_uint64(json_object *jobj, uint64_t *value)
return 1;
}
-#if !(defined JSON_C_VERSION_NUM && JSON_C_VERSION_NUM >= ((13 << 8) | 99))
-uint64_t json_object_get_uint64(json_object *jobj)
+uint64_t crypt_jobj_get_uint64(json_object *jobj)
{
uint64_t r;
json_str_to_uint64(jobj, &r);
return r;
}
-json_object *json_object_new_uint64(uint64_t value)
+json_object *crypt_jobj_new_uint64(uint64_t value)
{
/* 18446744073709551615 */
char num[21];
@@ -263,7 +262,6 @@ json_object *json_object_new_uint64(uint64_t value)
jobj = json_object_new_string(num);
return jobj;
}
-#endif
/*
* Validate helpers
@@ -457,7 +455,7 @@ static int hdr_validate_json_size(struct crypt_device *cd, json_object *hdr_jobj
json = json_object_to_json_string_ext(hdr_jobj,
JSON_C_TO_STRING_PLAIN | JSON_C_TO_STRING_NOSLASHESCAPE);
- json_area_size = json_object_get_uint64(jobj1);
+ json_area_size = crypt_jobj_get_uint64(jobj1);
json_size = (uint64_t)strlen(json);
if (hdr_json_size != json_area_size) {
@@ -545,7 +543,7 @@ static int hdr_validate_crypt_segment(struct crypt_device *cd,
return 1;
}
- sector_size = json_object_get_uint32(jobj_sector_size);
+ sector_size = crypt_jobj_get_uint32(jobj_sector_size);
if (!sector_size || MISALIGNED_512(sector_size)) {
log_dbg(cd, "Illegal sector size: %" PRIu32, sector_size);
return 1;
@@ -1569,7 +1567,7 @@ static void hdr_dump_keyslots(struct crypt_device *cd, json_object *hdr_jobj)
log_std(cd, " %s: %s%s\n", slot, tmps, r == -ENOENT ? " (unbound)" : "");
if (json_object_object_get_ex(val, "key_size", &jobj2))
- log_std(cd, "\tKey: %u bits\n", json_object_get_uint32(jobj2) * 8);
+ log_std(cd, "\tKey: %u bits\n", crypt_jobj_get_uint32(jobj2) * 8);
log_std(cd, "\tPriority: %s\n", get_priority_desc(val));
@@ -1652,7 +1650,7 @@ static void hdr_dump_segments(struct crypt_device *cd, json_object *hdr_jobj)
log_std(cd, "\tcipher: %s\n", json_object_get_string(jobj1));
if (json_object_object_get_ex(jobj_segment, "sector_size", &jobj1))
- log_std(cd, "\tsector: %" PRIu32 " [bytes]\n", json_object_get_uint32(jobj1));
+ log_std(cd, "\tsector: %" PRIu32 " [bytes]\n", crypt_jobj_get_uint32(jobj1));
if (json_object_object_get_ex(jobj_segment, "integrity", &jobj1) &&
json_object_object_get_ex(jobj1, "type", &jobj2))
@@ -1749,7 +1747,7 @@ int LUKS2_get_data_size(struct luks2_hdr *hdr, uint64_t *size, bool *dynamic)
return 0;
}
- tmp += json_object_get_uint64(jobj_size);
+ tmp += crypt_jobj_get_uint64(jobj_size);
}
/* impossible, real device size must not be zero */
diff --git a/lib/luks2/luks2_keyslot.c b/lib/luks2/luks2_keyslot.c
index 7d06df80..d853fc8e 100644
--- a/lib/luks2/luks2_keyslot.c
+++ b/lib/luks2/luks2_keyslot.c
@@ -301,11 +301,11 @@ int LUKS2_keyslot_area(struct luks2_hdr *hdr,
if (!json_object_object_get_ex(jobj_area, "offset", &jobj))
return -EINVAL;
- *offset = json_object_get_uint64(jobj);
+ *offset = crypt_jobj_get_uint64(jobj);
if (!json_object_object_get_ex(jobj_area, "size", &jobj))
return -EINVAL;
- *length = json_object_get_uint64(jobj);
+ *length = crypt_jobj_get_uint64(jobj);
return 0;
}
@@ -840,8 +840,8 @@ int placeholder_keyslot_alloc(struct crypt_device *cd,
/* Area object */
jobj_area = json_object_new_object();
- json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
- json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
+ json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
+ json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
json_object_object_add(jobj_keyslot, "area", jobj_area);
json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);
diff --git a/lib/luks2/luks2_keyslot_luks2.c b/lib/luks2/luks2_keyslot_luks2.c
index 7b438a8b..953ba168 100644
--- a/lib/luks2/luks2_keyslot_luks2.c
+++ b/lib/luks2/luks2_keyslot_luks2.c
@@ -220,7 +220,7 @@ static int luks2_keyslot_set_key(struct crypt_device *cd,
if (!json_object_object_get_ex(jobj_area, "offset", &jobj2))
return -EINVAL;
- area_offset = json_object_get_uint64(jobj2);
+ area_offset = crypt_jobj_get_uint64(jobj2);
if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2))
return -EINVAL;
@@ -313,7 +313,7 @@ static int luks2_keyslot_get_key(struct crypt_device *cd,
if (!json_object_object_get_ex(jobj_area, "offset", &jobj2))
return -EINVAL;
- area_offset = json_object_get_uint64(jobj2);
+ area_offset = crypt_jobj_get_uint64(jobj2);
if (!json_object_object_get_ex(jobj_area, "encryption", &jobj2))
return -EINVAL;
@@ -494,8 +494,8 @@ static int luks2_keyslot_alloc(struct crypt_device *cd,
/* Area object */
jobj_area = json_object_new_object();
json_object_object_add(jobj_area, "type", json_object_new_string("raw"));
- json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
- json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
+ json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
+ json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
json_object_object_add(jobj_keyslot, "area", jobj_area);
json_object_object_add_by_uint(jobj_keyslots, keyslot, jobj_keyslot);
@@ -607,7 +607,7 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
log_std(cd, "\tCipher: %s\n", json_object_get_string(jobj1));
json_object_object_get_ex(jobj_area, "key_size", &jobj1);
- log_std(cd, "\tCipher key: %u bits\n", json_object_get_uint32(jobj1) * 8);
+ log_std(cd, "\tCipher key: %u bits\n", crypt_jobj_get_uint32(jobj1) * 8);
json_object_object_get_ex(jobj_kdf, "type", &jobj1);
log_std(cd, "\tPBKDF: %s\n", json_object_get_string(jobj1));
@@ -617,7 +617,7 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
log_std(cd, "\tHash: %s\n", json_object_get_string(jobj1));
json_object_object_get_ex(jobj_kdf, "iterations", &jobj1);
- log_std(cd, "\tIterations: %" PRIu64 "\n", json_object_get_uint64(jobj1));
+ log_std(cd, "\tIterations: %" PRIu64 "\n", crypt_jobj_get_uint64(jobj1));
} else {
json_object_object_get_ex(jobj_kdf, "time", &jobj1);
log_std(cd, "\tTime cost: %" PRIu64 "\n", json_object_get_int64(jobj1));
@@ -640,10 +640,10 @@ static int luks2_keyslot_dump(struct crypt_device *cd, int keyslot)
log_std(cd, "\tAF hash: %s\n", json_object_get_string(jobj1));
json_object_object_get_ex(jobj_area, "offset", &jobj1);
- log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
+ log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
json_object_object_get_ex(jobj_area, "size", &jobj1);
- log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
+ log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
return 0;
}
diff --git a/lib/luks2/luks2_keyslot_reenc.c b/lib/luks2/luks2_keyslot_reenc.c
index 64b8d274..c6b92db3 100644
--- a/lib/luks2/luks2_keyslot_reenc.c
+++ b/lib/luks2/luks2_keyslot_reenc.c
@@ -67,13 +67,13 @@ int reenc_keyslot_alloc(struct crypt_device *cd,
if (params->data_shift) {
json_object_object_add(jobj_area, "type", json_object_new_string("datashift"));
- json_object_object_add(jobj_area, "shift_size", json_object_new_uint64(params->data_shift << SECTOR_SHIFT));
+ json_object_object_add(jobj_area, "shift_size", crypt_jobj_new_uint64(params->data_shift << SECTOR_SHIFT));
} else
/* except data shift protection, initial setting is irrelevant. Type can be changed during reencryption */
json_object_object_add(jobj_area, "type", json_object_new_string("none"));
- json_object_object_add(jobj_area, "offset", json_object_new_uint64(area_offset));
- json_object_object_add(jobj_area, "size", json_object_new_uint64(area_length));
+ json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(area_offset));
+ json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_length));
json_object_object_add(jobj_keyslot, "type", json_object_new_string("reencrypt"));
json_object_object_add(jobj_keyslot, "key_size", json_object_new_int(1)); /* useless but mandatory */
@@ -113,8 +113,8 @@ static int reenc_keyslot_store_data(struct crypt_device *cd,
!json_object_object_get_ex(jobj_area, "size", &jobj_length))
return -EINVAL;
- area_offset = json_object_get_uint64(jobj_offset);
- area_length = json_object_get_uint64(jobj_length);
+ area_offset = crypt_jobj_get_uint64(jobj_offset);
+ area_length = crypt_jobj_get_uint64(jobj_length);
if (!area_offset || !area_length || ((uint64_t)buffer_len > area_length))
return -EINVAL;
@@ -242,14 +242,14 @@ static int reenc_keyslot_dump(struct crypt_device *cd, int keyslot)
log_std(cd, "\t%-12s%d [bytes]\n", "Hash data:", json_object_get_int(jobj1));
} else if (!strcmp(json_object_get_string(jobj_resilience), "datashift")) {
json_object_object_get_ex(jobj_area, "shift_size", &jobj1);
- log_std(cd, "\t%-12s%" PRIu64 "[bytes]\n", "Shift size:", json_object_get_uint64(jobj1));
+ log_std(cd, "\t%-12s%" PRIu64 "[bytes]\n", "Shift size:", crypt_jobj_get_uint64(jobj1));
}
json_object_object_get_ex(jobj_area, "offset", &jobj1);
- log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
+ log_std(cd, "\tArea offset:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
json_object_object_get_ex(jobj_area, "size", &jobj1);
- log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", json_object_get_uint64(jobj1));
+ log_std(cd, "\tArea length:%" PRIu64 " [bytes]\n", crypt_jobj_get_uint64(jobj1));
return 0;
}
@@ -304,7 +304,7 @@ static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
return -EINVAL;
if (!validate_json_uint32(jobj_sector_size))
return -EINVAL;
- sector_size = json_object_get_uint32(jobj_sector_size);
+ sector_size = crypt_jobj_get_uint32(jobj_sector_size);
if (sector_size < SECTOR_SIZE || NOTPOW2(sector_size)) {
log_dbg(cd, "Invalid sector_size (%" PRIu32 ") for checksum resilience mode.", sector_size);
return -EINVAL;
@@ -313,7 +313,7 @@ static int reenc_keyslot_validate(struct crypt_device *cd, json_object *jobj_key
if (!(jobj_shift_size = json_contains(cd, jobj_area, "type:datashift", "Keyslot area", "shift_size", json_type_string)))
return -EINVAL;
- shift_size = json_object_get_uint64(jobj_shift_size);
+ shift_size = crypt_jobj_get_uint64(jobj_shift_size);
if (!shift_size)
return -EINVAL;
diff --git a/lib/luks2/luks2_luks1_convert.c b/lib/luks2/luks2_luks1_convert.c
index 7f5f26b7..cbaa8603 100644
--- a/lib/luks2/luks2_luks1_convert.c
+++ b/lib/luks2/luks2_luks1_convert.c
@@ -91,8 +91,8 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
}
area_size = offs_b - offs_a;
json_object_object_add(jobj_area, "key_size", json_object_new_int(hdr_v1->keyBytes));
- json_object_object_add(jobj_area, "offset", json_object_new_uint64(offset));
- json_object_object_add(jobj_area, "size", json_object_new_uint64(area_size));
+ json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
+ json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_size));
json_object_object_add(keyslot_obj, "area", jobj_area);
*keyslot_object = keyslot_obj;
@@ -145,7 +145,7 @@ static int json_luks1_segment(const struct luks_phdr *hdr_v1, struct json_object
/* offset field */
number = (uint64_t)hdr_v1->payloadOffset * SECTOR_SIZE;
- field = json_object_new_uint64(number);
+ field = crypt_jobj_new_uint64(number);
if (!field) {
json_object_put(segment_obj);
return -ENOMEM;
@@ -401,8 +401,8 @@ static int json_luks1_object(struct luks_phdr *hdr_v1, struct json_object **luks
json_object_object_add(luks1_obj, "config", field);
json_size = LUKS2_HDR_16K_LEN - LUKS2_HDR_BIN_LEN;
- json_object_object_add(field, "json_size", json_object_new_uint64(json_size));
- json_object_object_add(field, "keyslots_size", json_object_new_uint64(keyslots_size));
+ json_object_object_add(field, "json_size", crypt_jobj_new_uint64(json_size));
+ json_object_object_add(field, "keyslots_size", crypt_jobj_new_uint64(keyslots_size));
*luks1_object = luks1_obj;
return 0;
@@ -418,8 +418,8 @@ static void move_keyslot_offset(json_object *jobj, int offset_add)
UNUSED(key);
json_object_object_get_ex(val, "area", &jobj_area);
json_object_object_get_ex(jobj_area, "offset", &jobj2);
- offset = json_object_get_uint64(jobj2) + offset_add;
- json_object_object_add(jobj_area, "offset", json_object_new_uint64(offset));
+ offset = crypt_jobj_get_uint64(jobj2) + offset_add;
+ json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
}
}
@@ -749,7 +749,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
return -EINVAL;
if (!json_object_object_get_ex(jobj_area, "offset", &jobj1))
return -EINVAL;
- offset = json_object_get_uint64(jobj1);
+ offset = crypt_jobj_get_uint64(jobj1);
} else {
if (LUKS2_find_area_gap(cd, hdr2, key_size, &offset, &area_length))
return -EINVAL;
@@ -781,7 +781,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
if (!json_object_object_get_ex(jobj_kdf, "iterations", &jobj1))
continue;
- hdr1->keyblock[i].passwordIterations = json_object_get_uint32(jobj1);
+ hdr1->keyblock[i].passwordIterations = crypt_jobj_get_uint32(jobj1);
if (!json_object_object_get_ex(jobj_kdf, "salt", &jobj1))
continue;
@@ -822,7 +822,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
if (!json_object_object_get_ex(jobj_digest, "iterations", &jobj1))
return -EINVAL;
- hdr1->mkDigestIterations = json_object_get_uint32(jobj1);
+ hdr1->mkDigestIterations = crypt_jobj_get_uint32(jobj1);
if (!json_object_object_get_ex(jobj_digest, "digest", &jobj1))
return -EINVAL;
@@ -847,7 +847,7 @@ int LUKS2_luks2_to_luks1(struct crypt_device *cd, struct luks2_hdr *hdr2, struct
if (!json_object_object_get_ex(jobj_segment, "offset", &jobj1))
return -EINVAL;
- offset = json_object_get_uint64(jobj1) / SECTOR_SIZE;
+ offset = crypt_jobj_get_uint64(jobj1) / SECTOR_SIZE;
if (offset > UINT32_MAX)
return -EINVAL;
/* FIXME: LUKS1 requires offset == 0 || offset >= luks1_hdr_size */
diff --git a/lib/luks2/luks2_reencrypt.c b/lib/luks2/luks2_reencrypt.c
index 6bac4420..c99577cc 100644
--- a/lib/luks2/luks2_reencrypt.c
+++ b/lib/luks2/luks2_reencrypt.c
@@ -165,7 +165,7 @@ static uint32_t reencrypt_alignment(struct luks2_hdr *hdr)
if (!json_object_object_get_ex(jobj_area, "sector_size", &jobj_sector_size))
return 0;
- return json_object_get_uint32(jobj_sector_size);
+ return crypt_jobj_get_uint32(jobj_sector_size);
}
static json_object *_enc_create_segments_shift_after(struct crypt_device *cd,
@@ -200,13 +200,13 @@ static json_object *_enc_create_segments_shift_after(struct crypt_device *cd,
json_segment_remove_flag(jobj_seg_new, "in-reencryption");
tmp = rh->length;
} else {
- json_object_object_add(jobj_seg_new, "offset", json_object_new_uint64(rh->offset + data_offset));
- json_object_object_add(jobj_seg_new, "iv_tweak", json_object_new_uint64(rh->offset >> SECTOR_SHIFT));
+ json_object_object_add(jobj_seg_new, "offset", crypt_jobj_new_uint64(rh->offset + data_offset));
+ json_object_object_add(jobj_seg_new, "iv_tweak", crypt_jobj_new_uint64(rh->offset >> SECTOR_SHIFT));
tmp = json_segment_get_size(jobj_seg_new, 0) + rh->length;
}
/* alter size of new segment, reenc_seg == 0 we're finished */
- json_object_object_add(jobj_seg_new, "size", reenc_seg > 0 ? json_object_new_uint64(tmp) : json_object_new_string("dynamic"));
+ json_object_object_add(jobj_seg_new, "size", reenc_seg > 0 ? crypt_jobj_new_uint64(tmp) : json_object_new_string("dynamic"));
json_object_object_add_by_uint(jobj_segs_post, reenc_seg, jobj_seg_new);
return jobj_segs_post;
@@ -256,7 +256,7 @@ static json_object *reencrypt_make_hot_segments_encrypt_shift(struct crypt_devic
jobj_seg_shrunk = NULL;
if (json_object_copy(LUKS2_get_segment_jobj(hdr, sg), &jobj_seg_shrunk))
goto err;
- json_object_object_add(jobj_seg_shrunk, "size", json_object_new_uint64(segment_size - rh->length));
+ json_object_object_add(jobj_seg_shrunk, "size", crypt_jobj_new_uint64(segment_size - rh->length));
json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_seg_shrunk);
}
@@ -336,7 +336,7 @@ static json_object *reencrypt_make_post_segments_forward(struct crypt_device *cd
goto err;
jobj_old_seg = jobj_old_seg_copy;
fixed_length = rh->device_size - fixed_length;
- json_object_object_add(jobj_old_seg, "size", json_object_new_uint64(fixed_length));
+ json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(fixed_length));
} else
json_object_get(jobj_old_seg);
json_object_object_add_by_uint(jobj_segs_post, 1, jobj_old_seg);
@@ -491,7 +491,7 @@ static json_object *reencrypt_make_hot_segments_backward(struct crypt_device *cd
if (rh->offset) {
if (json_object_copy(LUKS2_get_segment_jobj(hdr, 0), &jobj_old_seg))
goto err;
- json_object_object_add(jobj_old_seg, "size", json_object_new_uint64(rh->offset));
+ json_object_object_add(jobj_old_seg, "size", crypt_jobj_new_uint64(rh->offset));
json_object_object_add_by_uint(jobj_segs_hot, sg++, jobj_old_seg);
}
@@ -575,7 +575,7 @@ static uint64_t reencrypt_data_shift(struct luks2_hdr *hdr)
if (!json_object_object_get_ex(jobj_area, "shift_size", &jobj_data_shift))
return 0;
- return json_object_get_uint64(jobj_data_shift);
+ return crypt_jobj_get_uint64(jobj_data_shift);
}
static crypt_reencrypt_mode_info reencrypt_mode(struct luks2_hdr *hdr)
diff --git a/lib/luks2/luks2_segment.c b/lib/luks2/luks2_segment.c
index 6ece2fdd..cd5108e8 100644
--- a/lib/luks2/luks2_segment.c
+++ b/lib/luks2/luks2_segment.c
@@ -55,7 +55,7 @@ uint64_t json_segment_get_offset(json_object *jobj_segment, unsigned blockwise)
!json_object_object_get_ex(jobj_segment, "offset", &jobj))
return 0;
- return blockwise ? json_object_get_uint64(jobj) >> SECTOR_SHIFT : json_object_get_uint64(jobj);
+ return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj);
}
const char *json_segment_type(json_object *jobj_segment)
@@ -77,7 +77,7 @@ uint64_t json_segment_get_iv_offset(json_object *jobj_segment)
!json_object_object_get_ex(jobj_segment, "iv_tweak", &jobj))
return 0;
- return json_object_get_uint64(jobj);
+ return crypt_jobj_get_uint64(jobj);
}
uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise)
@@ -88,7 +88,7 @@ uint64_t json_segment_get_size(json_object *jobj_segment, unsigned blockwise)
!json_object_object_get_ex(jobj_segment, "size", &jobj))
return 0;
- return blockwise ? json_object_get_uint64(jobj) >> SECTOR_SHIFT : json_object_get_uint64(jobj);
+ return blockwise ? crypt_jobj_get_uint64(jobj) >> SECTOR_SHIFT : crypt_jobj_get_uint64(jobj);
}
const char *json_segment_get_cipher(json_object *jobj_segment)
@@ -229,8 +229,8 @@ static json_object *_segment_create_generic(const char *type, uint64_t offset, c
return NULL;
json_object_object_add(jobj, "type", json_object_new_string(type));
- json_object_object_add(jobj, "offset", json_object_new_uint64(offset));
- json_object_object_add(jobj, "size", length ? json_object_new_uint64(*length) : json_object_new_string("dynamic"));
+ json_object_object_add(jobj, "offset", crypt_jobj_new_uint64(offset));
+ json_object_object_add(jobj, "size", length ? crypt_jobj_new_uint64(*length) : json_object_new_string("dynamic"));
return jobj;
}
@@ -252,7 +252,7 @@ json_object *json_segment_create_crypt(uint64_t offset,
if (!jobj)
return NULL;
- json_object_object_add(jobj, "iv_tweak", json_object_new_uint64(iv_offset));
+ json_object_object_add(jobj, "iv_tweak", crypt_jobj_new_uint64(iv_offset));
json_object_object_add(jobj, "encryption", json_object_new_string(cipher));
json_object_object_add(jobj, "sector_size", json_object_new_int(sector_size));
if (reencryption)
--
2.20.1

1
buildroot/package/cryptsetup/Config.in
View File

@@ -11,6 +11,7 @@ config BR2_PACKAGE_CRYPTSETUP
select BR2_PACKAGE_UTIL_LINUX_LIBBLKID
select BR2_PACKAGE_JSON_C
select BR2_PACKAGE_LIBARGON2
select BR2_PACKAGE_LIBICONV if !BR2_ENABLE_LOCALE
help
This tool helps manipulate dm-crypt and luks partitions for
on-disk encryption.

8
buildroot/package/cryptsetup/cryptsetup.hash
View File

@@ -1,4 +1,4 @@
# From https://www.kernel.org/pub/linux/utils/cryptsetup/v2.2/sha256sums.asc
sha256 2af0ec9551ab9c870074cae9d3f68d82cab004f4095fa89db0e4413713424a46 cryptsetup-2.2.2.tar.xz
sha256 45670cce8b6a0ddd66c8016cd8ccef6cd71f35717cbacc7f1e895b3855207b33 COPYING
sha256 8c33cc37871654ec7ed87e6fbb896c8cf33ef5ef05b1611a5aed857596ffafa5 COPYING.LGPL
# From https://www.kernel.org/pub/linux/utils/cryptsetup/v2.3/sha256sums.asc
sha256 9d16eebb96b53b514778e813019b8dd15fea9fec5aafde9fae5febf59df83773 cryptsetup-2.3.4.tar.xz
sha256 45670cce8b6a0ddd66c8016cd8ccef6cd71f35717cbacc7f1e895b3855207b33 COPYING
sha256 8c33cc37871654ec7ed87e6fbb896c8cf33ef5ef05b1611a5aed857596ffafa5 COPYING.LGPL

5
buildroot/package/cryptsetup/cryptsetup.mk
View File

@@ -4,11 +4,12 @@
#
################################################################################
CRYPTSETUP_VERSION_MAJOR = 2.2
CRYPTSETUP_VERSION = $(CRYPTSETUP_VERSION_MAJOR).2
CRYPTSETUP_VERSION_MAJOR = 2.3
CRYPTSETUP_VERSION = $(CRYPTSETUP_VERSION_MAJOR).4
CRYPTSETUP_SOURCE = cryptsetup-$(CRYPTSETUP_VERSION).tar.xz
CRYPTSETUP_SITE = $(BR2_KERNEL_MIRROR)/linux/utils/cryptsetup/v$(CRYPTSETUP_VERSION_MAJOR)
CRYPTSETUP_DEPENDENCIES = lvm2 popt util-linux host-pkgconf json-c libargon2 \
$(if $(BR2_PACKAGE_LIBICONV),libiconv) \
$(TARGET_NLS_DEPENDENCIES)
CRYPTSETUP_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (library)
CRYPTSETUP_LICENSE_FILES = COPYING COPYING.LGPL