diff --git a/.cvsignore b/.cvsignore index 015596a..252c924 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -ecryptfs-utils_75.orig.tar.gz +ecryptfs-utils_76.orig.tar.gz ecryptfs-mount-private.png diff --git a/ecryptfs-utils-74-group.patch b/ecryptfs-utils-74-group.patch deleted file mode 100644 index e7e159f..0000000 --- a/ecryptfs-utils-74-group.patch +++ /dev/null @@ -1,64 +0,0 @@ -diff -up ecryptfs-utils-74/doc/manpage/ecryptfs-mount-private.1.group ecryptfs-utils-74/doc/manpage/ecryptfs-mount-private.1 ---- ecryptfs-utils-74/doc/manpage/ecryptfs-mount-private.1.group 2009-03-05 22:17:36.000000000 +0100 -+++ ecryptfs-utils-74/doc/manpage/ecryptfs-mount-private.1 2009-05-04 13:14:54.861539319 +0200 -@@ -6,7 +6,7 @@ ecryptfs-mount-private \- interactive eC - \fBecryptfs-mount-private\fP - - .SH DESCRIPTION --\fBecryptfs-mount-private\fP is a wrapper script for the \fBmount.ecryptfs_private\fP utility that will interactively prompt for the user's login password, if necessary. -+\fBecryptfs-mount-private\fP is a wrapper script for the \fBmount.ecryptfs_private\fP utility that will interactively prompt for the user's login password, if necessary. You need to be a member of \fBecryptfs\fB group to use this. - - .SH FILES - \fI~/.Private\fP - underlying directory containing encrypted data -diff -up ecryptfs-utils-74/doc/manpage/ecryptfs-setup-private.1.group ecryptfs-utils-74/doc/manpage/ecryptfs-setup-private.1 ---- ecryptfs-utils-74/doc/manpage/ecryptfs-setup-private.1.group 2009-03-18 22:59:07.000000000 +0100 -+++ ecryptfs-utils-74/doc/manpage/ecryptfs-setup-private.1 2009-05-04 13:14:54.861539319 +0200 -@@ -43,7 +43,7 @@ Setup this user such that the encrypted - - - .SH DESCRIPTION --\fBecryptfs-setup-private\fP is a program that sets up a private cryptographic mountpoint for a non-root user. -+\fBecryptfs-setup-private\fP is a program that sets up a private cryptographic mountpoint for a non-root user, who is a member of \fBecryptfs\fP group. - - Be sure to properly escape your parameters according to your shell's special character nuances, and also surround the parameters by double quotes, if necessary. Any of the parameters may be: - -diff -up ecryptfs-utils-74/doc/manpage/mount.ecryptfs.8.group ecryptfs-utils-74/doc/manpage/mount.ecryptfs.8 -diff -up ecryptfs-utils-74/doc/manpage/mount.ecryptfs_private.1.group ecryptfs-utils-74/doc/manpage/mount.ecryptfs_private.1 ---- ecryptfs-utils-74/doc/manpage/mount.ecryptfs_private.1.group 2009-03-05 22:17:36.000000000 +0100 -+++ ecryptfs-utils-74/doc/manpage/mount.ecryptfs_private.1 2009-05-04 13:20:07.673112485 +0200 -@@ -8,7 +8,7 @@ mount.ecryptfs_private \- eCryptfs priva - \fBNOTE:\fP This program will \fBnot\fP dynamically load the relevant keys. For this reason, it is recommended that users use \fBecryptfs-mount-private\fP(1) instead! - - .SH DESCRIPTION --\fBmount.ecryptfs_private\fP is a mount helper utility for non-root users to cryptographically mount a private directory, ~/Private. -+\fBmount.ecryptfs_private\fP is a mount helper utility for non-root users, who are members of \fBecryptfs\fP group, to cryptographically mount a private directory, ~/Private. - - If, and only if: - - the private mount passphrase is in their kernel keyring, and -diff -up ecryptfs-utils-74/doc/manpage/umount.ecryptfs_private.1.group ecryptfs-utils-74/doc/manpage/umount.ecryptfs_private.1 ---- ecryptfs-utils-74/doc/manpage/umount.ecryptfs_private.1.group 2009-03-05 22:17:36.000000000 +0100 -+++ ecryptfs-utils-74/doc/manpage/umount.ecryptfs_private.1 2009-05-04 13:14:54.862538533 +0200 -@@ -14,7 +14,7 @@ Options available for the \fBumount.ecry - Force the unmount, ignoring the value of the mount counter in \fI/tmp/ecryptfs-USERNAME-Private\fP - - .SH DESCRIPTION --\fBumount.ecryptfs_private\fP is a mount helper utility for non-root users to unmount a cryptographically mounted private directory, ~/Private. -+\fBumount.ecryptfs_private\fP is a mount helper utility for non-root users, who ares members of \fBecryptfs\fP group, to unmount a cryptographically mounted private directory, ~/Private. - - If, and only if: - - the private mount passphrase is in their kernel keyring, and -diff -up ecryptfs-utils-74/src/utils/ecryptfs-setup-private.group ecryptfs-utils-74/src/utils/ecryptfs-setup-private ---- ecryptfs-utils-74/src/utils/ecryptfs-setup-private.group 2009-03-24 20:32:52.000000000 +0100 -+++ ecryptfs-utils-74/src/utils/ecryptfs-setup-private 2009-05-04 13:14:54.862538533 +0200 -@@ -188,6 +188,11 @@ else - id "$USER" >/dev/null || error "User [$USER] does not exist" - fi - -+# Check if user is member of ecryptfs group -+if ! groups "$USER" | sed -e 's| |\n|g' | grep -n 'ecryptfs$'; then -+ error "User needs to be a member of ecryptfs group" -+fi -+ - # Obtain the user's home directory - HOME=`getent passwd "$USER" | awk -F: '{print $6}'` - if [ ! -d "$HOME" ]; then diff --git a/ecryptfs-utils-75-blkid.patch b/ecryptfs-utils-75-blkid.patch deleted file mode 100644 index f7370b0..0000000 --- a/ecryptfs-utils-75-blkid.patch +++ /dev/null @@ -1,13 +0,0 @@ -=== modified file 'src/utils/ecryptfs-setup-swap' ---- src/utils/ecryptfs-setup-swap 2009-03-20 21:44:01 +0000 -+++ src/utils/ecryptfs-setup-swap 2009-05-18 17:02:55 +0000 -@@ -83,7 +83,7 @@ - fi - - # Make sure this is swap space --if ! vol_id "$swap" | grep -qs "ID_FS_TYPE=swap"; then -+if ! blkid "$swap" | grep -qs "TYPE=.*swap"; then - error "[$swap] does not appear to be swap space" - fi - - diff --git a/ecryptfs-utils-75-werror.patch b/ecryptfs-utils-75-werror.patch index b779408..85e2bbe 100644 --- a/ecryptfs-utils-75-werror.patch +++ b/ecryptfs-utils-75-werror.patch @@ -1,30 +1,62 @@ -diff -up ecryptfs-utils-75/src/libecryptfs/key_management.c.werror ecryptfs-utils-75/src/libecryptfs/key_management.c ---- ecryptfs-utils-75/src/libecryptfs/key_management.c.werror 2009-05-01 00:53:13.000000000 +0200 -+++ ecryptfs-utils-75/src/libecryptfs/key_management.c 2009-05-04 17:49:49.940220924 +0200 -@@ -18,6 +18,7 @@ - * 02111-1307, USA. - */ +diff -up ecryptfs-utils_76.orig/src/pam_ecryptfs/pam_ecryptfs.c.werror ecryptfs-utils_76.orig/src/pam_ecryptfs/pam_ecryptfs.c +--- ecryptfs-utils_76.orig/src/pam_ecryptfs/pam_ecryptfs.c.werror 2009-07-20 15:17:30.013884686 +0200 ++++ ecryptfs-utils_76.orig/src/pam_ecryptfs/pam_ecryptfs.c 2009-07-20 15:19:17.111071710 +0200 +@@ -42,31 +42,6 @@ -+#include "config.h" - #include - #ifdef ENABLE_NSS - #include -@@ -39,7 +40,6 @@ - #include - #include - #include --#include "config.h" - #include "../include/ecryptfs.h" + #define PRIVATE_DIR "Private" - #ifndef ENOKEY -diff -up ecryptfs-utils-75/src/utils/ecryptfs_unwrap_passphrase.c.werror ecryptfs-utils-75/src/utils/ecryptfs_unwrap_passphrase.c ---- ecryptfs-utils-75/src/utils/ecryptfs_unwrap_passphrase.c.werror 2009-05-04 17:50:33.587240171 +0200 -+++ ecryptfs-utils-75/src/utils/ecryptfs_unwrap_passphrase.c 2009-05-04 17:50:33.615345763 +0200 -@@ -42,7 +42,6 @@ int main(int argc, char *argv[]) - char *wrapping_passphrase; - char salt[ECRYPTFS_SALT_SIZE]; - char salt_hex[ECRYPTFS_SALT_SIZE_HEX]; -- struct passwd *pwd; - int rc = 0; +-static void error(const char *msg) +-{ +- syslog(LOG_ERR, "errno = [%i]; strerror = [%m]\n", errno); +- switch (errno) { +- case ENOKEY: +- syslog(LOG_ERR, "%s: Requested key not available\n", msg); +- return; +- +- case EKEYEXPIRED: +- syslog(LOG_ERR, "%s: Key has expired\n", msg); +- return; +- +- case EKEYREVOKED: +- syslog(LOG_ERR, "%s: Key has been revoked\n", msg); +- return; +- +- case EKEYREJECTED: +- syslog(LOG_ERR, "%s: Key was rejected by service\n", msg); +- return; +- default: +- syslog(LOG_ERR, "%s: Unknown key error\n", msg); +- return; +- } +-} +- + /* returns: 0 for pam automounting not set, 1 for set, <0 for error */ + static int ecryptfs_pam_automount_set(const char *homedir) + { +@@ -249,8 +224,6 @@ static int private_dir(pam_handle_t *pam + char *autoumount = "auto-umount"; + struct stat s; + pid_t pid; +- struct utmp *u; +- int count = 0; - if (argc == 1) { + if ((pwd = fetch_pwd(pamh)) == NULL) { + /* fetch_pwd() logged a message */ +@@ -297,7 +270,7 @@ static int private_dir(pam_handle_t *pam + if (stat(recorded, &s) != 0 && stat("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", &s) == 0) { + /* User has not recorded their passphrase */ + unlink("/var/lib/update-notifier/user.d/ecryptfs-record-passphrase"); +- symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase"); ++ rc=symlink("/usr/share/ecryptfs-utils/ecryptfs-record-passphrase", "/var/lib/update-notifier/user.d/ecryptfs-record-passphrase"); + fd = open("/var/lib/update-notifier/dpkg-run-stamp", O_WRONLY|O_CREAT|O_NONBLOCK, 0666); + close(fd); + } +@@ -390,7 +363,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_hand + } + } else { + syslog(LOG_ERR, "Error getting passwd info for user [%s]; " +- "rc = [%ld]\n", username, rc); ++ "rc = [%d]\n", username, rc); + goto out; + } + saved_uid = geteuid(); diff --git a/ecryptfs-utils.spec b/ecryptfs-utils.spec index a52b547..b6bda81 100644 --- a/ecryptfs-utils.spec +++ b/ecryptfs-utils.spec @@ -2,7 +2,7 @@ %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} Name: ecryptfs-utils -Version: 75 +Version: 76 Release: 1%{?dist} Summary: The eCryptfs mount helper and support libraries Group: System Environment/Base @@ -14,17 +14,10 @@ Source1: ecryptfs-mount-private.png #fix wrong Makefile for umount.ecryptfs Patch2: ecryptfs-utils-74-build.patch -#restrict suid mount.ecryptfs_private to ecryptfs group only -#required for ecryptfs-utils <=75 -Patch3: ecryptfs-utils-74-group.patch - #allow building with -Werror #required for ecryptfs-utils <= 75 Patch4: ecryptfs-utils-75-werror.patch -#taken from upstream, required for ecryptfs-utils <= 75, rhbz#500820 -Patch5: ecryptfs-utils-75-blkid.patch - #rhbz#500829 Patch6: ecryptfs-utils-75-nocryptdisks.patch @@ -62,14 +55,13 @@ applications written in the Python programming language to use the interface supplied by the ecryptfs-utils library. %prep -%setup -q +%setup -q -n %{name}_%{version}.orig %patch2 -p1 -b .build -%patch3 -p1 -b .group %patch4 -p1 -b .werror -%patch5 -p0 -b .blkid %patch6 -p0 -b .nocryptdisks %build +autoreconf -fiv export CFLAGS="$RPM_OPT_FLAGS -ggdb -O2 -Werror" %configure --disable-rpath --enable-tspi --enable-nss --enable-static make clean @@ -185,6 +177,9 @@ rm -rf $RPM_BUILD_ROOT %{python_sitearch}/ecryptfs-utils/_libecryptfs.so %changelog +* Mon Jul 20 2009 Michal Hlavinka 76-1 +- updated to 76 + * Thu May 21 2009 Michal Hlavinka 75-1 - removed executable permission from ecryptfs-dot-private (#500817) - require cryptsetup-luks for encrypted swap (#500824) diff --git a/sources b/sources index 5196ee6..ad387a4 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -2c4e8be38d1ea8cadd9f870f15430f07 ecryptfs-utils_75.orig.tar.gz +0e6a58a0730838dc832ecd8bd9e0c463 ecryptfs-utils_76.orig.tar.gz e612ddb9ccb17f8fec79df26e626a8c6 ecryptfs-mount-private.png