[gentoo-commits] repo/gentoo:master commit in: sys-fs/cryptsetup/

Tue, 03 Feb 2026 17:43:04 -0800 

commit:     f73db21d04fa213827d9e93a621be66c1dced8d8
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Wed Feb  4 01:41:07 2026 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Feb  4 01:41:43 2026 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f73db21d

sys-fs/cryptsetup: add 2.8.4

Signed-off-by: Sam James <sam <AT> gentoo.org>

 sys-fs/cryptsetup/Manifest                |   2 +
 sys-fs/cryptsetup/cryptsetup-2.8.4.ebuild | 167 ++++++++++++++++++++++++++++++
 2 files changed, 169 insertions(+)

diff --git a/sys-fs/cryptsetup/Manifest b/sys-fs/cryptsetup/Manifest
index 60d78670d00d..4d53fded063a 100644
--- a/sys-fs/cryptsetup/Manifest
+++ b/sys-fs/cryptsetup/Manifest
@@ -1,2 +1,4 @@
 DIST cryptsetup-2.8.3.tar.sign 833 BLAKE2B 
f03bb85dfdcc3b22ab7141478fb289fb6ff8bc2000da62a952266e47e894b611439f32456db7fb0340f124af33e05932f4ebeae1b4f985e8cb42ed58302d5f67
 SHA512 
893215ec657b73608ff7d97313b4f0b56126ee20a9f7cd2d5c69b844dac06a3ac5cdac470b358d3920c51afd72047012948b71200b8b2d4f437856657f82d37a
 DIST cryptsetup-2.8.3.tar.xz 11863620 BLAKE2B 
9559fb8cd0d916903c0e491c14f8d30a156672313065f4d58ca02a67293288831e6b5d12e843ae607c604d6a08bed46da887308a9ff87413e413b1cf7756810d
 SHA512 
6aaf5a7e6d716e581b50fce417dad079022ff15d54e8a93697888b030b8defa03a39fd94725c3a8692cd07147573bd7f1c3c41571c488aabd44e4f9def9673e2
+DIST cryptsetup-2.8.4.tar.sign 833 BLAKE2B 
22264d6a314cb14cabf1614225cc339261ec7dc44c280547a00ee552f6723243591260e0aa793330f4a2a8460840e687847d08923ab3abfea2e11d81a8e3e805
 SHA512 
b568ea6272960f186c83247c95c666355c44deb9be7508202ec56d0bca8dcfe660ef175f0f0792ebf9c1219f15cd3f24536dffff5e131142c1ead408a5350274
+DIST cryptsetup-2.8.4.tar.xz 11880632 BLAKE2B 
135721fe1daca13bf5c1116dfe9888d50e617d06f8c2c3cff60bb76ab9d2ef4f91524d8c4185c5f673290b5a7f9dcd83b9ab9c25112500fea9100e30d8a8caf0
 SHA512 
cf9923552f93d3ca047fa17e2d73923b782e0f5146d9721fb8e1196374185524c2642c1243ea72107aef03a0b0b9d967576a58b1a680dd9b6a17dbf4a4430489

diff --git a/sys-fs/cryptsetup/cryptsetup-2.8.4.ebuild 
b/sys-fs/cryptsetup/cryptsetup-2.8.4.ebuild
new file mode 100644
index 000000000000..8409a39b547e
--- /dev/null
+++ b/sys-fs/cryptsetup/cryptsetup-2.8.4.ebuild
@@ -0,0 +1,167 @@
+# Copyright 1999-2026 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+# TODO: meson (not just yet as of 2.8.0, see 
https://gitlab.com/cryptsetup/cryptsetup/-/issues/949#note_2585304492)
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/milanbroz.asc
+inherit linux-info tmpfiles verify-sig
+
+DESCRIPTION="Tool to setup encrypted devices with dm-crypt"
+HOMEPAGE="https://gitlab.com/cryptsetup/cryptsetup";
+SRC_URI="
+       https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 
1-2)/${P/_/-}.tar.xz
+       verify-sig? ( https://www.kernel.org/pub/linux/utils/${PN}/v$(ver_cut 
1-2)/${P/_/-}.tar.sign )
+"
+S="${WORKDIR}"/${P/_/-}
+
+LICENSE="GPL-2+"
+SLOT="0/12" # libcryptsetup.so version
+if [[ ${PV} != *_rc* ]] ; then
+       KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~mips ~ppc ~ppc64 
~riscv ~s390 ~sparc ~x86"
+fi
+
+CRYPTO_BACKENDS="gcrypt kernel nettle +openssl"
+# we don't support nss since it doesn't allow cryptsetup to be built statically
+# and it's missing ripemd160 support so it can't provide full backward 
compatibility
+IUSE="${CRYPTO_BACKENDS} +argon2 fips nls pwquality passwdqc ssh static 
static-libs test +udev urandom"
+RESTRICT="!test? ( test )"
+# bug #496612, bug #832711, bug #843863
+REQUIRED_USE="
+       ?? ( pwquality passwdqc )
+       ^^ ( ${CRYPTO_BACKENDS//+/} )
+       static? ( !ssh !udev !fips )
+       static-libs? ( !passwdqc )
+       fips? ( !kernel !nettle )
+"
+
+LIB_DEPEND="
+       dev-libs/json-c:=[static-libs(+)]
+       dev-libs/popt[static-libs(+)]
+       >=sys-apps/util-linux-2.31-r1[static-libs(+)]
+       argon2? ( app-crypt/argon2:=[static-libs(+)] )
+       gcrypt? (
+               dev-libs/libgcrypt:0=[static-libs(+)]
+               dev-libs/libgpg-error[static-libs(+)]
+       )
+       nettle? ( >=dev-libs/nettle-2.4[static-libs(+)] )
+       openssl? ( dev-libs/openssl:0=[static-libs(+)] )
+       pwquality? ( dev-libs/libpwquality[static-libs(+)] )
+       passwdqc? ( sys-auth/passwdqc )
+       ssh? ( net-libs/libssh[static-libs(+)] net-libs/libssh[sftp(+)] )
+       sys-fs/lvm2[static-libs(+)]
+"
+# We have to always depend on ${LIB_DEPEND} rather than put behind
+# !static? () because we provide a shared library which links against
+# these other packages. bug #414665
+RDEPEND="
+       static-libs? ( ${LIB_DEPEND} )
+       ${LIB_DEPEND//\[static-libs\([+-]\)\]}
+       udev? ( virtual/libudev:= )
+"
+DEPEND="
+       ${RDEPEND}
+       static? ( ${LIB_DEPEND} )
+"
+# vim-core needed for xxd in tests
+BDEPEND="
+       virtual/pkgconfig
+       test? ( app-editors/vim-core )
+       verify-sig? ( sec-keys/openpgp-keys-milanbroz )
+"
+
+pkg_setup() {
+       local CONFIG_CHECK="~DM_CRYPT ~CRYPTO ~CRYPTO_CBC ~CRYPTO_SHA256"
+       local WARNING_DM_CRYPT="CONFIG_DM_CRYPT:\tis not set (required for 
cryptsetup)\n"
+       local WARNING_CRYPTO_SHA256="CONFIG_CRYPTO_SHA256:\tis not set 
(required for cryptsetup)\n"
+       local WARNING_CRYPTO_CBC="CONFIG_CRYPTO_CBC:\tis not set (required for 
kernel 2.6.19)\n"
+       local WARNING_CRYPTO="CONFIG_CRYPTO:\tis not set (required for 
cryptsetup)\n"
+       check_extra_config
+}
+
+src_unpack() {
+       if use verify-sig; then
+               verify-sig_uncompress_verify_unpack 
"${DISTDIR}"/${P/_/-}.tar.xz \
+                       "${DISTDIR}"/${P/_/-}.tar.sign
+       else
+               default
+       fi
+}
+
+src_prepare() {
+       default
+
+       sed -i '/^LOOPDEV=/s:$: || exit 0:' tests/{compat,mode}-test || die
+}
+
+src_configure() {
+       local myeconfargs=(
+               --disable-internal-argon2
+               --disable-asciidoc
+               --enable-shared
+               --sbindir="${EPREFIX}"/sbin
+               # for later use
+               --with-default-luks-format=LUKS2
+               --with-tmpfilesdir="${EPREFIX}/usr/lib/tmpfiles.d"
+               --with-crypto_backend=$(for x in ${CRYPTO_BACKENDS//+/} ; do 
usev ${x} ; done)
+               $(use_enable argon2 libargon2)
+               $(use_enable nls)
+               $(use_enable pwquality)
+               $(use_enable passwdqc)
+               $(use_enable !static external-tokens)
+               $(use_enable static static-cryptsetup)
+               $(use_enable static-libs static)
+               $(use_enable udev)
+               $(use_enable !urandom dev-random)
+               $(use_enable ssh ssh-token)
+               $(usev !argon2 '--with-luks2-pbkdf=pbkdf2')
+               $(use_enable fips)
+       )
+
+       econf "${myeconfargs[@]}"
+}
+
+src_test() {
+       if [[ ! -e /dev/mapper/control ]] ; then
+               ewarn "No /dev/mapper/control found -- skipping tests"
+               return 0
+       fi
+
+       local p
+       for p in /dev/mapper /dev/loop* ; do
+               addwrite ${p}
+       done
+
+       default
+}
+
+src_install() {
+       default
+
+       if use static ; then
+               mv "${ED}"/sbin/cryptsetup{.static,} || die
+               mv "${ED}"/sbin/veritysetup{.static,} || die
+               mv "${ED}"/sbin/integritysetup{.static,} || die
+
+               if use ssh ; then
+                       mv "${ED}"/sbin/cryptsetup-ssh{.static,} || die
+               fi
+       fi
+
+       find "${ED}" -type f -name "*.la" -delete || die
+
+       dodoc docs/v*ReleaseNotes
+
+       newconfd "${FILESDIR}"/2.4.3-dmcrypt.confd dmcrypt
+       newinitd "${FILESDIR}"/2.4.3-dmcrypt.rc dmcrypt
+}
+
+pkg_postinst() {
+       tmpfiles_process cryptsetup.conf
+
+       if use kernel ; then
+               ewarn "Note that kernel backend is very slow for this type of 
operation"
+               ewarn "and is provided mainly for embedded systems wanting to 
avoid"
+               ewarn "userspace crypto libraries."
+       fi
+}

Reply via email to