%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")} Name: ecryptfs-utils Version: 75 Release: 1%{?dist} Summary: The eCryptfs mount helper and support libraries Group: System Environment/Base License: GPLv2+ URL: https://launchpad.net/ecryptfs Source0: http://launchpad.net/ecryptfs/trunk/%{version}/+download/%{name}_%{version}.orig.tar.gz Source1: ecryptfs-mount-private.png #fix wrong Makefile for umount.ecryptfs Patch2: ecryptfs-utils-74-build.patch #restrict suid mount.ecryptfs_private to ecryptfs group only #required for ecryptfs-utils <=75 Patch3: ecryptfs-utils-74-group.patch #allow building with -Werror #required for ecryptfs-utils <= 75 Patch4: ecryptfs-utils-75-werror.patch #taken from upstream, required for ecryptfs-utils <= 75, rhbz#500820 Patch5: ecryptfs-utils-75-blkid.patch #rhbz#500829 Patch6: ecryptfs-utils-75-nocryptdisks.patch BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Requires: keyutils, cryptsetup-luks, e2fsprogs BuildRequires: libgcrypt-devel keyutils-libs-devel openssl-devel pam-devel BuildRequires: trousers-devel nss-devel desktop-file-utils %description eCryptfs is a stacked cryptographic filesystem that ships in Linux kernel versions 2.6.19 and above. This package provides the mount helper and supporting libraries to perform key management and mount functions. Install ecryptfs-utils if you would like to mount eCryptfs. %package devel Summary: The eCryptfs userspace development package Group: System Environment/Base Requires: keyutils-libs-devel %{name} = %{version}-%{release} Requires: pkgconfig %description devel Userspace development files for eCryptfs. %package python Summary: Python bindings for the eCryptfs utils Group: System Environment/Base Requires: ecryptfs-utils %{name} = %{version}-%{release} BuildRequires: python python-devel swig >= 1.3.31 %description python The ecryptfs-utils-python package contains a module that permits applications written in the Python programming language to use the interface supplied by the ecryptfs-utils library. %prep %setup -q %patch2 -p1 -b .build %patch3 -p1 -b .group %patch4 -p1 -b .werror %patch5 -p0 -b .blkid %patch6 -p0 -b .nocryptdisks %build export CFLAGS="$RPM_OPT_FLAGS -ggdb -O2 -Werror" %configure --disable-rpath --enable-tspi --enable-nss --enable-static make clean #disable rpath sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool #remove -Werror flag for swig temporarily (swig is nasty #496613) sed -i 's|-Werror||' src/libecryptfs-swig/Makefile make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT find $RPM_BUILD_ROOT%{_libdir}/ -name '*.a' | xargs rm -f find $RPM_BUILD_ROOT%{_libdir}/ -name '*.la' | xargs rm -f rm -rf $RPM_BUILD_ROOT%{_docdir}/%{name} #install files Makefile forgot install install -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.png printf "Encoding=UTF-8\n" >>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop printf "Encoding=UTF-8\n" >>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop printf "Icon=%{_datadir}/%{name}/ecryptfs-mount-private.png\n" >>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-mount-private.desktop printf "Icon=%{_datadir}/%{name}/ecryptfs-mount-private.png\n" >>$RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-setup-private.desktop desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.desktop desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-setup-private.desktop chmod +x $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.desktop chmod +x $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-setup-private.desktop touch -r src/desktop/ecryptfs-mount-private.desktop \ $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.desktop touch -r src/desktop/ecryptfs-setup-private.desktop \ $RPM_BUILD_ROOT%{_datadir}/%{name}/ecryptfs-mount-private.desktop rm -f $RPM_BUILD_ROOT/%{_datadir}/%{name}/ecryptfs-record-passphrase #ecryptfs-dot-private should be only sourced, not executed (#500817) chmod -x $RPM_BUILD_ROOT%{_bindir}/ecryptfs-dot-private %pre groupadd -r -f ecryptfs %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %clean rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) %doc README COPYING AUTHORS NEWS THANKS %doc doc/ecryptfs-faq.html doc/ecryptfs-pam-doc.txt %doc doc/ecryptfs-pkcs11-helper-doc.txt /sbin/mount.ecryptfs /sbin/umount.ecryptfs %attr(4750,root,ecryptfs) /sbin/mount.ecryptfs_private /sbin/umount.ecryptfs_private %{_bindir}/ecryptfs-manager %{_bindir}/ecryptfs-insert-wrapped-passphrase-into-keyring %{_bindir}/ecryptfs-rewrap-passphrase %{_bindir}/ecryptfs-rewrite-file %{_bindir}/ecryptfs-unwrap-passphrase %{_bindir}/ecryptfs-wrap-passphrase %{_bindir}/ecryptfs-add-passphrase %{_bindir}/ecryptfs-generate-tpm-key %{_bindir}/ecryptfs-mount-private %{_bindir}/ecryptfs-setup-private %{_bindir}/ecryptfs-setup-swap %{_bindir}/ecryptfs-umount-private %{_bindir}/ecryptfs-stat %{_bindir}/ecryptfsd %{_bindir}/ecryptfs-dot-private %{_libdir}/ecryptfs %{_libdir}/libecryptfs.so.0 %{_libdir}/libecryptfs.so.0.0.0 /%{_lib}/security/pam_ecryptfs.so %dir %{_datadir}/%{name} %{_datadir}/%{name}/ecryptfs-mount-private.txt %{_datadir}/%{name}/ecryptfs-mount-private.desktop %{_datadir}/%{name}/ecryptfs-mount-private.png %{_datadir}/%{name}/ecryptfs-setup-private.desktop %{_mandir}/man1/ecryptfs-add-passphrase.1.gz %{_mandir}/man1/ecryptfs-generate-tpm-key.1.gz %{_mandir}/man1/ecryptfs-insert-wrapped-passphrase-into-keyring.1.gz %{_mandir}/man1/ecryptfs-mount-private.1.gz %{_mandir}/man1/ecryptfs-rewrap-passphrase.1.gz %{_mandir}/man1/ecryptfs-rewrite-file.1.gz %{_mandir}/man1/ecryptfs-setup-private.1.gz %{_mandir}/man1/ecryptfs-umount-private.1.gz %{_mandir}/man1/ecryptfs-unwrap-passphrase.1.gz %{_mandir}/man1/ecryptfs-wrap-passphrase.1.gz %{_mandir}/man1/mount.ecryptfs_private.1.gz %{_mandir}/man1/umount.ecryptfs_private.1.gz %{_mandir}/man7/ecryptfs.7.gz %{_mandir}/man8/ecryptfs-manager.8.gz %{_mandir}/man8/ecryptfsd.8.gz %{_mandir}/man8/mount.ecryptfs.8.gz %{_mandir}/man8/pam_ecryptfs.8.gz %files devel %defattr(-,root,root,-) %{_libdir}/libecryptfs.so %{_libdir}/pkgconfig/libecryptfs.pc %{_includedir}/ecryptfs.h %files python %defattr(-,root,root,-) %dir %{python_sitelib}/ecryptfs-utils %{python_sitelib}/ecryptfs-utils/libecryptfs.py %{python_sitelib}/ecryptfs-utils/libecryptfs.pyc %{python_sitelib}/ecryptfs-utils/libecryptfs.pyo %dir %{python_sitearch}/ecryptfs-utils %{python_sitearch}/ecryptfs-utils/_libecryptfs.so.0 %{python_sitearch}/ecryptfs-utils/_libecryptfs.so.0.0.0 %{python_sitearch}/ecryptfs-utils/_libecryptfs.so %changelog * Thu May 21 2009 Michal Hlavinka 75-1 - removed executable permission from ecryptfs-dot-private (#500817) - require cryptsetup-luks for encrypted swap (#500824) - use blkid instead of vol_id (#500820) - don't rely on cryptdisks service (#500829) - add icon for Access-Your-Private-Data.desktop file * Mon May 04 2009 Michal Hlavinka 75-1 - updated to 75 - restrict mount.ecryptfs_private to ecryptfs group members only * Thu Apr 23 2009 Michal Hlavinka 74-1 - updated to 74 * Sat Mar 21 2009 Michal Hlavinka 73-1 - updated to 73 - move libs from /usr/lib to /lib (#486139) - fix symlinks created by ecryptfs-setup-private (#486146) * Mon Feb 24 2009 Michal Hlavinka 71-1 - updated to 71 - remove .la files * Mon Feb 16 2009 Michal Hlavinka 70-1 - updated to 70 - fix: #479762 - ecryptfsecryptfs-setup-private broken - added umount option to clear per-user keyring * Mon Feb 02 2009 Michal Hlavinka 69-4 - fix list of onwed directories * Tue Jan 27 2009 Michal Hlavinka 69-3 - add missing requires: keyutils * Tue Jan 27 2009 Michal Hlavinka 69-2 - bump release for rebuild * Tue Jan 27 2009 Michal Hlavinka 69-1 - updated to 69 * Mon Jan 12 2009 Michal Hlavinka 68-0 - updated to 68 - fix #478464 - /usr/bin/ecryptfs-setup-private errors out * Mon Dec 29 2008 Michal Hlavinka 67-1 - bump release for rebuild * Mon Dec 29 2008 Michal Hlavinka 67-0 - updated to 67 * Wed Oct 22 2008 Mike Halcrow 61-0 - Add support for filename encryption enablement (future kernel feature) - Replace uint32_t with size_t for x86_64 compatibility (patch by Eric Sandeen) * Fri Oct 17 2008 Eric Sandeen 59-2 - Remove duplicate doc files from rpm * Tue Oct 07 2008 Mike Halcrow 59-1 - Put attr declaration in the right spot * Tue Oct 07 2008 Mike Halcrow 59-0 - Make /sbin/*ecryptfs* files setuid - Add /sbin path to ecryptfs-setup-private * Mon Oct 06 2008 Mike Halcrow 58-0 - TSPI key module update to avoid flooding TrouSerS library with requests - OpenSSL key module parameter fixes - Updates to mount-on-login utilities * Wed Aug 13 2008 Mike Halcrow 56-0 - Namespace fixes for the key module parameter aliases - Updates to the man page and the README * Wed Jul 30 2008 Eric Sandeen 53-0 - New upstream version - Many new manpages, new ecryptfs-stat util * Thu Jul 17 2008 Tom "spot" Callaway 50-1 - fix license tag * Fri Jun 27 2008 Mike Halcrow 50-0 - Add umount.ecryptfs_private symlink - Add pam_mount session hooks for mount and unmount * Fri Jun 27 2008 Eric Sandeen 49-1 - build with TrouSerS key module * Fri Jun 27 2008 Eric Sandeen 49-0 - New upstream version * Tue Jun 03 2008 Eric Sandeen 46-0 - New upstream version * Mon Feb 18 2008 Mike Halcrow 40-0 - Enable passwd_file option in openssl key module * Wed Feb 13 2008 Mike Halcrow 39-0 - Fix include upstream * Wed Feb 13 2008 Karsten Hopp 38-1 - fix includes * Tue Jan 8 2008 Mike Halcrow 38-0 - Fix passthrough mount option prompt - Clarify man page - Add HMAC option (for future kernel versions) - Bump to version 38 * Wed Dec 19 2007 Mike Halcrow 37-0 - Remove unsupported ciphers; bump to version 37 * Tue Dec 18 2007 Mike Halcrow 36-0 - Cipher selection detects .gz ko files; bump to version 36 * Mon Dec 17 2007 Mike Halcrow 35-0 - Cleanups to cipher selection; bump to version 35 * Mon Dec 17 2007 Mike Halcrow 34-0 - Fix OpenSSL key module; bump to version 34 * Fri Dec 14 2007 Mike Halcrow 33-1 - Add files to package * Fri Dec 14 2007 Mike Halcrow 33-0 - update to version 33 * Thu Dec 13 2007 Karsten Hopp 32-1 - update to version 32 * Thu Nov 29 2007 Karsten Hopp 30-2 - fix ia64 libdir - build initial RHEL-5 version * Thu Nov 29 2007 Karsten Hopp 30-1 - build version 30 * Fri Oct 05 2007 Mike Halcrow - 30-0 - Bump to version 30. Several bugfixes. Key modules are overhauled with a more sane API. * Wed Aug 29 2007 Fedora Release Engineering - 18-1 - Rebuild for selinux ppc32 issue. * Thu Jun 28 2007 Mike Halcrow - 18-0 - Bump to version 18 with an OpenSSL key module fix * Thu Jun 21 2007 Kevin Fenzi - 17-1 - Change kernel Requires to Conflicts - Remove un-needed devel buildrequires * Wed Jun 20 2007 Mike Halcrow - 17-0 - Provide built-in fallback passphrase key module. Remove keyutils, openssl, and pam requirements (library dependencies take care of this). Include wrapped passphrase executables in file set. * Fri Apr 20 2007 Mike Halcrow - 15-1 - Change permission of pam_ecryptfs.so from 644 to 755. * Thu Apr 19 2007 Mike Halcrow - 15-0 - Fix mount option parse segfault. Fix pam_ecryptfs.so semaphore issue when logging in via ssh. * Thu Mar 01 2007 Mike Halcrow - 10-0 - Remove verbose syslog() calls; change key module build to allow OpenSSL module to be disabled from build; add AUTHORS, NEWS, and THANKS to docs; update Requires with variables instead of hardcoded name and version. * Tue Feb 06 2007 Mike Halcrow - 9-1 - Minor update in README, add dist tag to Release, add --disable-rpath to configure step, and remove keyutils-libs from Requires. * Tue Jan 09 2007 Mike Halcrow - 9-0 - Correct install directories for 64-bit; add support for xattr and encrypted_view mount options * Tue Jan 02 2007 Mike Halcrow - 8-0 - Introduce build support for openCryptoki key module. Fix -dev build dependencies for devel package * Mon Dec 11 2006 Mike Halcrow - 7-0 - Initial package creation