summaryrefslogtreecommitdiffstats
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/control6
-rw-r--r--debian/initramfs/hooks/cryptroot22
-rwxr-xr-xdebian/rules1
-rwxr-xr-xdebian/tests/crypto-backend6
4 files changed, 30 insertions, 5 deletions
diff --git a/debian/control b/debian/control
index 40ecd0c..a6063c6 100644
--- a/debian/control
+++ b/debian/control
@@ -18,6 +18,7 @@ Build-Depends: asciidoctor <!nodoc>,
docbook-xsl <!nodoc>,
gettext,
jq <!nocheck>,
+ libargon2-dev,
libblkid-dev,
libdevmapper-dev,
libjson-c-dev,
@@ -25,7 +26,7 @@ Build-Depends: asciidoctor <!nodoc>,
libselinux1-dev,
libsepol-dev,
libssh-dev,
- libssl-dev (>> 3.2~),
+ libssl-dev,
libtool,
pkgconf,
po-debconf,
@@ -155,7 +156,8 @@ Architecture: linux-any
Multi-Arch: same
# XXX [#1025065] ideal we would have "Depends: libcryptsetup12
# (= ${binary:Version}), ${misc:Depends}, ${pkgconf:Depends}"
-Depends: libblkid-dev,
+Depends: libargon2-dev,
+ libblkid-dev,
libcryptsetup12 (= ${binary:Version}),
libdevmapper-dev,
libjson-c-dev,
diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot
index dd5c798..83d29fd 100644
--- a/debian/initramfs/hooks/cryptroot
+++ b/debian/initramfs/hooks/cryptroot
@@ -313,6 +313,27 @@ copy_libssl_legacy_library() {
fi
}
+# See #1032221: newer libargon2 are built with glibc ≥2.34 hence no
+# longer links libpthread. This in turns means that initramfs-tool's
+# copy_exec() is no longer able to detect pthread_*() need and thus
+# doesn't copy libgcc_s.so anymore. So we need to do it manually
+# instead.
+copy_libgcc_argon2() {
+ local libdir rv=0
+ libdir="$(env --unset=LD_PRELOAD ldd /sbin/cryptsetup | sed -nr '/.*=>\s*(\S+)\/libargon2\.so\..*/ {s//\1/p;q}')"
+ copy_libgcc "$libdir" || rv=$?
+ if [ $rv -ne 0 ]; then
+ # merged-/usr mismatch, see #1032518
+ if [ "${libdir#/usr/}" != "$libdir" ]; then
+ libdir="${libdir#/usr}"
+ else
+ libdir="/usr/${libdir#/}"
+ fi
+ copy_libgcc "$libdir" && rv=0 || rv=$?
+ fi
+ return $rv
+}
+
#######################################################################
# Begin real processing
@@ -349,6 +370,7 @@ manual_add_modules dm_crypt
copy_exec /sbin/cryptsetup
copy_exec /sbin/dmsetup
+copy_libgcc_argon2
[ "$ASKPASS" = n ] || copy_exec /lib/cryptsetup/askpass
diff --git a/debian/rules b/debian/rules
index 6c32fa1..0398211 100755
--- a/debian/rules
+++ b/debian/rules
@@ -25,6 +25,7 @@ endif
override_dh_auto_configure:
dh_auto_configure -- $(CONFFLAGS) \
--with-tmpfilesdir=/usr/lib/tmpfiles.d \
+ --enable-libargon2 \
--enable-shared \
--enable-cryptsetup-reencrypt
diff --git a/debian/tests/crypto-backend b/debian/tests/crypto-backend
index f78efe9..47dc5a8 100755
--- a/debian/tests/crypto-backend
+++ b/debian/tests/crypto-backend
@@ -42,7 +42,7 @@ sed -ri 's/^[^\[]*//' "$DEBUG"
# " [cryptsetup libargon2]": bundled libargon2
# " [external libargon2]": system libargon2
# "][argon2]": crypto backend's own implementation
-if ! grep -qF "][argon2]" <"$DEBUG"; then
+if ! grep -qF " [external libargon2]" <"$DEBUG"; then
echo "ERROR: Unexpected argon2 backend" >&2
exit 1
fi
@@ -55,8 +55,8 @@ fi
assert_linked_argon2() {
local path="$1"
- if env --unset=LD_PRELOAD ldd "$path" | grep -qE '^\s*libargon2\.so(\.[0-9]+)*\s+=>\s'; then
- echo "ERROR: $path links against libargon2" >&2
+ if ! env --unset=LD_PRELOAD ldd "$path" | grep -qE '^\s*libargon2\.so(\.[0-9]+)*\s+=>\s'; then
+ echo "ERROR: $path does not link against libargon2" >&2
exit 1
fi
return 0