Reverting switch from libargon to libopenssl for backports.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

4 files changed, 30 insertions, 5 deletions

diff --git a/debian/control b/debian/control
index 40ecd0c..a6063c6 100644
--- a/debian/control
+++ b/debian/control
@@ -18,6 +18,7 @@ Build-Depends: asciidoctor <!nodoc>,
                docbook-xsl <!nodoc>,
                gettext,
                jq <!nocheck>,
+               libargon2-dev,
                libblkid-dev,
                libdevmapper-dev,
                libjson-c-dev,
@@ -25,7 +26,7 @@ Build-Depends: asciidoctor <!nodoc>,
                libselinux1-dev,
                libsepol-dev,
                libssh-dev,
-               libssl-dev (>> 3.2~),
+               libssl-dev,
                libtool,
                pkgconf,
                po-debconf,
@@ -155,7 +156,8 @@ Architecture: linux-any
 Multi-Arch: same
 # XXX [#1025065] ideal we would have "Depends: libcryptsetup12
 # (= ${binary:Version}), ${misc:Depends}, ${pkgconf:Depends}"
-Depends: libblkid-dev,
+Depends: libargon2-dev,
+         libblkid-dev,
          libcryptsetup12 (= ${binary:Version}),
          libdevmapper-dev,
          libjson-c-dev,
diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot
index dd5c798..83d29fd 100644
--- a/debian/initramfs/hooks/cryptroot
+++ b/debian/initramfs/hooks/cryptroot
@@ -313,6 +313,27 @@ copy_libssl_legacy_library() {
     fi
 }
 
+# See #1032221: newer libargon2 are built with glibc ≥2.34 hence no
+# longer links libpthread.  This in turns means that initramfs-tool's
+# copy_exec() is no longer able to detect pthread_*() need and thus
+# doesn't copy libgcc_s.so anymore.  So we need to do it manually
+# instead.
+copy_libgcc_argon2() {
+    local libdir rv=0
+    libdir="$(env --unset=LD_PRELOAD ldd /sbin/cryptsetup | sed -nr '/.*=>\s*(\S+)\/libargon2\.so\..*/ {s//\1/p;q}')"
+    copy_libgcc "$libdir" || rv=$?
+    if [ $rv -ne 0 ]; then
+        # merged-/usr mismatch, see #1032518
+        if [ "${libdir#/usr/}" != "$libdir" ]; then
+            libdir="${libdir#/usr}"
+        else
+            libdir="/usr/${libdir#/}"
+        fi
+        copy_libgcc "$libdir" && rv=0 || rv=$?
+    fi
+    return $rv
+}
+
 
 #######################################################################
 # Begin real processing
@@ -349,6 +370,7 @@ manual_add_modules dm_crypt
 
 copy_exec /sbin/cryptsetup
 copy_exec /sbin/dmsetup
+copy_libgcc_argon2
 
 [ "$ASKPASS" = n ] || copy_exec /lib/cryptsetup/askpass
 
diff --git a/debian/rules b/debian/rules
index 6c32fa1..0398211 100755
--- a/debian/rules
+++ b/debian/rules
@@ -25,6 +25,7 @@ endif
 override_dh_auto_configure:
 	dh_auto_configure -- $(CONFFLAGS) \
 		--with-tmpfilesdir=/usr/lib/tmpfiles.d \
+		--enable-libargon2 \
 		--enable-shared \
 		--enable-cryptsetup-reencrypt
 
diff --git a/debian/tests/crypto-backend b/debian/tests/crypto-backend
index f78efe9..47dc5a8 100755
--- a/debian/tests/crypto-backend
+++ b/debian/tests/crypto-backend
@@ -42,7 +42,7 @@ sed -ri 's/^[^\[]*//' "$DEBUG"
 # " [cryptsetup libargon2]": bundled libargon2
 # " [external libargon2]": system libargon2
 # "][argon2]": crypto backend's own implementation
-if ! grep -qF "][argon2]" <"$DEBUG"; then
+if ! grep -qF " [external libargon2]" <"$DEBUG"; then
     echo "ERROR: Unexpected argon2 backend" >&2
     exit 1
 fi
@@ -55,8 +55,8 @@ fi
 
 assert_linked_argon2() {
     local path="$1"
-    if env --unset=LD_PRELOAD ldd "$path" | grep -qE '^\s*libargon2\.so(\.[0-9]+)*\s+=>\s'; then
-        echo "ERROR: $path links against libargon2" >&2
+    if ! env --unset=LD_PRELOAD ldd "$path" | grep -qE '^\s*libargon2\.so(\.[0-9]+)*\s+=>\s'; then
+        echo "ERROR: $path does not link against libargon2" >&2
         exit 1
     fi
     return 0