systemd-cryptsetup dependency chain #327
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| [package] | ||
| name = "aws-lc-fips" | ||
| version = "0.1.0" | ||
| edition = "2021" | ||
| publish = false | ||
| build = "../build.rs" | ||
|
|
||
| [lib] | ||
| path = "../packages.rs" | ||
|
|
||
| [package.metadata.build-package] | ||
| releases-url = "https://github.com/aws/aws-lc/archive" | ||
|
|
||
| [[package.metadata.build-package.external-files]] | ||
| url = "https://github.com/aws/aws-lc/archive/AWS-LC-FIPS-3.0.0/aws-lc-AWS-LC-FIPS-3.0.0.tar.gz" | ||
| sha512 = "4457edaacd1f93d8f9f71c960272b44004fe9f6dd65ed6a0c4eabd7d870487c9e9ac38efa8375dfeae3729752e9a477719d05f534c33965f546ca4a883e123c8" | ||
| force-upstream = true | ||
|
|
||
| [build-dependencies] | ||
| glibc = { path = "../glibc" } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||||
|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,79 @@ | ||||||||
| Name: %{_cross_os}aws-lc-fips | ||||||||
| Version: 3.0.0 | ||||||||
| Release: 1%{?dist} | ||||||||
| Summary: AWS-LC cryptographic library (FIPS) | ||||||||
| License: Apache-2.0 OR ISC OR BSD-3-Clause OR MIT OR CC0-1.0 OR OpenSSL OR SSLeay-standalone | ||||||||
| URL: https://github.com/aws/aws-lc | ||||||||
|
|
||||||||
| Source0: https://github.com/aws/aws-lc/archive/AWS-LC-FIPS-%{version}/aws-lc-AWS-LC-FIPS-%{version}.tar.gz | ||||||||
|
|
||||||||
| BuildRequires: %{_cross_os}glibc-devel | ||||||||
| BuildRequires: %{_cross_os}libstdc++ | ||||||||
|
|
||||||||
| Requires: %{_cross_os}glibc | ||||||||
| Requires: %{_cross_os}libstdc++ | ||||||||
|
|
||||||||
| %description | ||||||||
| AWS-LC is a general-purpose cryptographic library maintained by the | ||||||||
| AWS Cryptography team for AWS and their customers. It іs based on code | ||||||||
| from the Google BoringSSL project and the OpenSSL project. This version | ||||||||
| includes FIPS support. | ||||||||
mikn marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||||
|
|
||||||||
| %package devel | ||||||||
| Summary: Development files for %{name} | ||||||||
| Requires: %{name}%{?_isa} = %{version}-%{release} | ||||||||
|
|
||||||||
| %description devel | ||||||||
| AWS-LC development files from package %{name}. | ||||||||
|
|
||||||||
| %prep | ||||||||
| %setup -n aws-lc-AWS-LC-FIPS-%{version} | ||||||||
|
|
||||||||
| %build | ||||||||
| %set_cross_build_flags | ||||||||
|
|
||||||||
| mkdir -p aws-lc-build | ||||||||
| cd aws-lc-build | ||||||||
|
|
||||||||
| %cross_cmake ../ \ | ||||||||
| -GNinja \ | ||||||||
| -DCMAKE_BUILD_TYPE=RelWithDebInfo \ | ||||||||
| -DBUILD_SHARED_LIBS=ON \ | ||||||||
|
There was a problem hiding this comment. If nothing needs
Suggested change
There was a problem hiding this comment. Okay, I tried building now and it does activate a fair few things in systemd (to have openssl available) - I spotted that udev did not build, neither did the shared library. |
||||||||
| -DBUILD_TESTING=OFF \ | ||||||||
| -DCMAKE_INSTALL_PREFIX=%{_cross_prefix} \ | ||||||||
| -DCMAKE_INSTALL_LIBDIR=%{_cross_libdir} \ | ||||||||
| -DCMAKE_SKIP_INSTALL_RPATH=ON | ||||||||
|
|
||||||||
| cmake --build . | ||||||||
|
|
||||||||
| %install | ||||||||
| cd aws-lc-build | ||||||||
| DESTDIR="%{buildroot}" cmake --install . | ||||||||
|
|
||||||||
| # Create versioned shared library symlinks | ||||||||
| ln -s libcrypto.so %{buildroot}%{_cross_libdir}/libcrypto.so.1.1 | ||||||||
| ln -s libcrypto.so.1.1 %{buildroot}%{_cross_libdir}/libcrypto.so.1 | ||||||||
| ln -s libssl.so %{buildroot}%{_cross_libdir}/libssl.so.1.1 | ||||||||
| ln -s libssl.so.1.1 %{buildroot}%{_cross_libdir}/libssl.so.1 | ||||||||
|
|
||||||||
| # Set proper permissions for libraries | ||||||||
| chmod 755 %{buildroot}%{_cross_libdir}/*.so* | ||||||||
|
|
||||||||
| # Remove CMake files as they're not needed in the target system | ||||||||
| rm -rf %{buildroot}%{_cross_libdir}/crypto/cmake | ||||||||
| rm -rf %{buildroot}%{_cross_libdir}/ssl/cmake | ||||||||
|
|
||||||||
| %files | ||||||||
| %{_cross_attribution_file} | ||||||||
| %{_cross_libdir}/libcrypto.so* | ||||||||
| %{_cross_libdir}/libssl.so* | ||||||||
| %{_cross_bindir}/bssl | ||||||||
| %{_cross_bindir}/openssl | ||||||||
|
|
||||||||
| %files devel | ||||||||
| %{_cross_includedir}/openssl | ||||||||
| %{_cross_libdir}/pkgconfig/*.pc | ||||||||
| %{_cross_libdir}/libcrypto.so | ||||||||
| %{_cross_libdir}/libssl.so | ||||||||
|
|
||||||||
| %changelog | ||||||||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| [package] | ||
| name = "cryptsetup" | ||
| version = "0.1.0" | ||
| edition = "2021" | ||
| publish = false | ||
| build = "../build.rs" | ||
| [package.metadata.build-package] | ||
| releases-url = "https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7" | ||
|
|
||
| [lib] | ||
| path = "../packages.rs" | ||
|
|
||
| [[package.metadata.build-package.external-files]] | ||
| url = "https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-2.7.5.tar.xz" | ||
| sha512 = "13eca93cdb00a143d2ca60b6f66ede5adc4072ca0c4bfebd8454a3541e69d269fcdb4afc97ad799e87a999b2bd46c1f31fa924a3d616d72a3337970b1e718d55" | ||
| force-upstream = true | ||
|
|
||
| [build-dependencies] | ||
| glibc = { path = "../glibc" } | ||
| json-c = { path = "../json-c" } | ||
| util-linux = { path = "../util-linux" } | ||
| device-mapper = { path = "../device-mapper" } | ||
| libpopt = { path = "../libpopt" } | ||
| aws-lc-fips = { path = "../aws-lc-fips" } | ||
| libargon2 = { path = "../libargon2" } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| # cryptsetup | ||
|
|
||
| Current version: 2.7.5 | ||
|
|
||
| ## Updating | ||
|
|
||
| To update to a new version: | ||
| 1. Update the version number in `Cargo.toml` and `cryptsetup.spec` | ||
| 2. Update the SHA512 hash in `Cargo.toml` | ||
| 3. Update the changelog in `cryptsetup.spec` | ||
|
|
||
| ## Building | ||
|
|
||
| This package is built with cargo using the standard Bottlerocket build process. | ||
|
|
||
| ## License | ||
|
|
||
| This package is licensed under GPL-2.0-or-later WITH cryptsetup-OpenSSL-exception AND LGPL-2.1-or-later WITH cryptsetup-OpenSSL-exception. | ||
| See the [cryptsetup project page](https://gitlab.com/cryptsetup/cryptsetup) for more details. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,80 @@ | ||
| %global debug_package %{nil} | ||
|
|
||
| Name: %{_cross_os}cryptsetup | ||
| Version: 2.7.5 | ||
| Release: 1%{?dist} | ||
| Summary: Libraries for disk encryption support | ||
| License: GPL-2.0-or-later WITH cryptsetup-OpenSSL-exception AND LGPL-2.1-or-later WITH cryptsetup-OpenSSL-exception | ||
| URL: https://gitlab.com/cryptsetup/cryptsetup | ||
| Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.7/cryptsetup-%{version}.tar.xz | ||
|
|
||
| BuildRequires: %{_cross_os}glibc-devel | ||
| BuildRequires: %{_cross_os}libdevmapper-devel | ||
| BuildRequires: %{_cross_os}libjson-c-devel | ||
| BuildRequires: %{_cross_os}libblkid-devel | ||
| BuildRequires: %{_cross_os}libuuid-devel | ||
| BuildRequires: %{_cross_os}libpopt-devel | ||
| BuildRequires: %{_cross_os}kernel-6.1-devel | ||
| BuildRequires: %{_cross_os}libblkid-devel | ||
| BuildRequires: %{_cross_os}aws-lc-fips-devel | ||
| BuildRequires: %{_cross_os}libargon2-devel | ||
|
|
||
| Requires: %{_cross_os}libdevmapper | ||
| Requires: %{_cross_os}libjson-c | ||
| Requires: %{_cross_os}libblkid | ||
| Requires: %{_cross_os}libuuid | ||
| Requires: %{_cross_os}libpopt | ||
| Requires: %{_cross_os}aws-lc-fips | ||
| Requires: %{_cross_os}libargon2 | ||
|
|
||
| %description | ||
| %{summary}. | ||
|
|
||
| %package devel | ||
| Summary: Development files for cryptsetup | ||
| Requires: %{name} | ||
| Requires: %{_cross_os}libargon2-devel | ||
|
|
||
| %description devel | ||
| The %{name}-devel package contains libraries and header files for | ||
| developing applications that use %{name}. | ||
|
|
||
| %prep | ||
| %autosetup -n cryptsetup-%{version} -p1 | ||
|
|
||
| %build | ||
| %cross_configure \ | ||
| --disable-asciidoc \ | ||
| --disable-ssh-token \ | ||
| --enable-libargon2 \ | ||
| --disable-pwquality \ | ||
| --disable-static \ | ||
| --disable-cryptsetup \ | ||
| --disable-veritysetup \ | ||
| --disable-integritysetup \ | ||
| --disable-nls \ | ||
| --with-tmpfilesdir=%{_cross_libdir}/tmpfiles.d \ | ||
| --with-crypto_backend=openssl \ | ||
|
|
||
| %force_disable_rpath | ||
|
|
||
| %make_build | ||
|
|
||
| %install | ||
| %make_install | ||
|
|
||
| # Remove unwanted files | ||
| rm -rf %{buildroot}%{_cross_libdir}/tmpfiles.d/cryptsetup.conf | ||
|
|
||
| %files | ||
| %license COPYING COPYING.LGPL | ||
| %{_cross_libdir}/libcryptsetup.so.* | ||
| %{_cross_libdir}/libcryptsetup.so | ||
| %{_cross_attribution_file} | ||
| %exclude %{_cross_mandir} | ||
|
|
||
| %files devel | ||
| %{_cross_libdir}/pkgconfig/libcryptsetup.pc | ||
| %{_cross_includedir}/libcryptsetup.h | ||
|
|
||
| %changelog |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| [package] | ||
| name = "device-mapper" | ||
| version = "0.1.0" | ||
| edition = "2021" | ||
| publish = false | ||
| build = "../build.rs" | ||
|
|
||
| [lib] | ||
| path = "../packages.rs" | ||
|
|
||
| [package.metadata.build-package] | ||
| releases-url = "https://sourceware.org/lvm2" | ||
|
|
||
| [[package.metadata.build-package.external-files]] | ||
| url = "https://sourceware.org/pub/lvm2/releases/LVM2.2.03.29.tgz" | ||
| sha512 = "2d5dfde81007fcf34752b19e9edc9ab8189449f572429e973317b968c5a99b886dc26e81dc29c3cf5b7678da0f8a7e8c060431a33b950f6ff6279dfbddd9c7b2" | ||
| force-upstream = true | ||
|
|
||
| [build-dependencies] | ||
| glibc = { path = "../glibc" } | ||
| libselinux = { path = "../libselinux" } | ||
| systemd = { path = "../systemd" } | ||
| libaio = { path = "../libaio" } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| # device-mapper | ||
|
|
||
| This package provides the device-mapper userspace utility `dmsetup` and related libraries from the LVM2 project. | ||
|
|
||
| `Cargo.toml` contains metadata for Bottlerocket's build tool, including the source URL and checksum for the LVM2 source code. | ||
|
|
||
| `device-mapper.spec` is the spec for the package build. It builds only the basic device-mapper components needed for dmsetup functionality. | ||
|
|
||
| The package includes: | ||
| Main package: | ||
| - dmsetup binary | ||
| - dmeventd daemon | ||
| - libdevmapper shared library | ||
| - libdevmapper-event shared library | ||
| - udev rules for device-mapper | ||
|
|
||
| Development package (-devel): | ||
| - Development headers for device-mapper | ||
| - Development headers for device-mapper-event | ||
| - Development symlinks for libraries |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally this package would be named
libcryptosince it provides that shared library.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I did name it this as we are also building libssl as per the comment below. I think for us, we do want libssl if possible, as we will probably set up remote systemd-journal with TLS soonish also (for audit logging).
We could split up the install packages though?