diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/control | 6 | ||||
-rw-r--r-- | debian/initramfs/hooks/cryptroot | 22 | ||||
-rwxr-xr-x | debian/rules | 1 | ||||
-rwxr-xr-x | debian/tests/crypto-backend | 6 |
4 files changed, 30 insertions, 5 deletions
diff --git a/debian/control b/debian/control index 40ecd0c..a6063c6 100644 --- a/debian/control +++ b/debian/control @@ -18,6 +18,7 @@ Build-Depends: asciidoctor <!nodoc>, docbook-xsl <!nodoc>, gettext, jq <!nocheck>, + libargon2-dev, libblkid-dev, libdevmapper-dev, libjson-c-dev, @@ -25,7 +26,7 @@ Build-Depends: asciidoctor <!nodoc>, libselinux1-dev, libsepol-dev, libssh-dev, - libssl-dev (>> 3.2~), + libssl-dev, libtool, pkgconf, po-debconf, @@ -155,7 +156,8 @@ Architecture: linux-any Multi-Arch: same # XXX [#1025065] ideal we would have "Depends: libcryptsetup12 # (= ${binary:Version}), ${misc:Depends}, ${pkgconf:Depends}" -Depends: libblkid-dev, +Depends: libargon2-dev, + libblkid-dev, libcryptsetup12 (= ${binary:Version}), libdevmapper-dev, libjson-c-dev, diff --git a/debian/initramfs/hooks/cryptroot b/debian/initramfs/hooks/cryptroot index dd5c798..83d29fd 100644 --- a/debian/initramfs/hooks/cryptroot +++ b/debian/initramfs/hooks/cryptroot @@ -313,6 +313,27 @@ copy_libssl_legacy_library() { fi } +# See #1032221: newer libargon2 are built with glibc ≥2.34 hence no +# longer links libpthread. This in turns means that initramfs-tool's +# copy_exec() is no longer able to detect pthread_*() need and thus +# doesn't copy libgcc_s.so anymore. So we need to do it manually +# instead. +copy_libgcc_argon2() { + local libdir rv=0 + libdir="$(env --unset=LD_PRELOAD ldd /sbin/cryptsetup | sed -nr '/.*=>\s*(\S+)\/libargon2\.so\..*/ {s//\1/p;q}')" + copy_libgcc "$libdir" || rv=$? + if [ $rv -ne 0 ]; then + # merged-/usr mismatch, see #1032518 + if [ "${libdir#/usr/}" != "$libdir" ]; then + libdir="${libdir#/usr}" + else + libdir="/usr/${libdir#/}" + fi + copy_libgcc "$libdir" && rv=0 || rv=$? + fi + return $rv +} + ####################################################################### # Begin real processing @@ -349,6 +370,7 @@ manual_add_modules dm_crypt copy_exec /sbin/cryptsetup copy_exec /sbin/dmsetup +copy_libgcc_argon2 [ "$ASKPASS" = n ] || copy_exec /lib/cryptsetup/askpass diff --git a/debian/rules b/debian/rules index 6c32fa1..0398211 100755 --- a/debian/rules +++ b/debian/rules @@ -25,6 +25,7 @@ endif override_dh_auto_configure: dh_auto_configure -- $(CONFFLAGS) \ --with-tmpfilesdir=/usr/lib/tmpfiles.d \ + --enable-libargon2 \ --enable-shared \ --enable-cryptsetup-reencrypt diff --git a/debian/tests/crypto-backend b/debian/tests/crypto-backend index f78efe9..47dc5a8 100755 --- a/debian/tests/crypto-backend +++ b/debian/tests/crypto-backend @@ -42,7 +42,7 @@ sed -ri 's/^[^\[]*//' "$DEBUG" # " [cryptsetup libargon2]": bundled libargon2 # " [external libargon2]": system libargon2 # "][argon2]": crypto backend's own implementation -if ! grep -qF "][argon2]" <"$DEBUG"; then +if ! grep -qF " [external libargon2]" <"$DEBUG"; then echo "ERROR: Unexpected argon2 backend" >&2 exit 1 fi @@ -55,8 +55,8 @@ fi assert_linked_argon2() { local path="$1" - if env --unset=LD_PRELOAD ldd "$path" | grep -qE '^\s*libargon2\.so(\.[0-9]+)*\s+=>\s'; then - echo "ERROR: $path links against libargon2" >&2 + if ! env --unset=LD_PRELOAD ldd "$path" | grep -qE '^\s*libargon2\.so(\.[0-9]+)*\s+=>\s'; then + echo "ERROR: $path does not link against libargon2" >&2 exit 1 fi return 0 |