Stefan On Apr 3, 2013, at 6:50 AM, Stefan Herbrechtsmeier <[email protected]> wrote:
> Cryptsetup with the command luksOpen failed with the error message: > device-mapper: status ioctl failed: Permission denied > > The error comes from libgcrypt with drops root privileges if it is > linked with libcap support [1]. Update cryptsetup to latest version > and change the crypto backend to openssl as libgcrypt states this > behaviour as a feature [2]. > > The license was updated to GPLv2 with OpenSSL exception. > > [1] http://code.google.com/p/cryptsetup/issues/detail?id=47 > [2] https://bugs.g10code.com/gnupg/issue1181 > > Signed-off-by: Stefan Herbrechtsmeier <[email protected]> > --- > .../recipes-support/cryptsetup/cryptsetup_1.1.3.bb | 18 -------------- > .../recipes-support/cryptsetup/cryptsetup_1.6.1.bb | 25 ++++++++++++++++++++ > 2 files changed, 25 insertions(+), 18 deletions(-) > delete mode 100644 meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb > create mode 100644 meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb > would be nice if you use git format-patch -M .. > diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb > b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb > deleted file mode 100644 > index 254f563..0000000 > --- a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.1.3.bb > +++ /dev/null > @@ -1,18 +0,0 @@ > -DESCRIPTION = "Setup virtual encryption devices under dm-crypt Linux" > -HOMEPAGE = "http://code.google.com/p/cryptsetup/"; > -SECTION = "console" > -LICENSE = "GPLv2" > -LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f" > - > -DEPENDS = "util-linux lvm2 libgcrypt popt" > -RRECOMMENDS_${PN} = "kernel-module-aes \ > - kernel-module-dm-crypt \ > - kernel-module-md5 \ > - kernel-module-cbc \ > - kernel-module-sha256 \ > - " > -SRC_URI = "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"; > -SRC_URI[md5sum] = "318a64470861ea5b92a52f2014f1e7c1" > -SRC_URI[sha256sum] = > "9c8e68a272f6d9cfb6cd65cc0743f4c44a2096c61f74e0602bf40208b5e69c0a" > - > -inherit autotools gettext > diff --git a/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb > b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb > new file mode 100644 > index 0000000..ade69f4 > --- /dev/null > +++ b/meta-oe/recipes-support/cryptsetup/cryptsetup_1.6.1.bb > @@ -0,0 +1,25 @@ > +DESCRIPTION = "Setup virtual encryption devices under dm-crypt Linux" > +HOMEPAGE = "http://code.google.com/p/cryptsetup/"; > +SECTION = "console" > +LICENSE = "GPL-2.0-with-OpenSSL-exception" > +LIC_FILES_CHKSUM = "file://COPYING;md5=32107dd283b1dfeb66c9b3e6be312326" > + > +DEPENDS = "util-linux lvm2 openssl popt" > +RRECOMMENDS_${PN} = "kernel-module-aes-generic \ > + kernel-module-dm-crypt \ > + kernel-module-md5 \ > + kernel-module-cbc \ > + kernel-module-sha256-generic \ > + " > + > +PR = "r1" You can drop PR > + > +SRC_URI = "http://cryptsetup.googlecode.com/files/cryptsetup-${PV}.tar.bz2"; > +SRC_URI[md5sum] = "f374d11e3b0e7ca0f805756fd02e34ff" > +SRC_URI[sha256sum] = > "baf36e663c03eb6440482d91c486d61ed47ce5c9268ad04c18ca09082755149c" > + > +inherit autotools gettext > + > +# Use openssl because libgcrypt drops root privileges > +# if libgcrypt is linked with libcap support > +EXTRA_OECONF = "--with-crypto_backend=openssl" hmmmm, may be using packageconfig here would be better > -- > 1.7.9.5 > > > _______________________________________________ > Openembedded-devel mailing list > [email protected] > http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
