feat: update cryptsetup to 2.6.1

deepin-community · Sep 15, 2023 · a53802e · a53802e
1 parent 0366fb6
commit a53802e
Show file tree

Hide file tree

Showing 495 changed files with 55,703 additions and 25,765 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,61 @@
-.pc/
+po/*gmo
+*~
+Makefile
+Makefile.in
+Makefile.in.in
+*.lo
+*.la
+*.o
+*.so
+*.8
+**/*.dirstamp
+.deps/
+.libs/
+src/cryptsetup
+src/veritysetup
+ABOUT-NLS
+aclocal.m4
+autom4te.cache/
+compile
+config.guess
+config.h
+config.h.in
+config.log
+config.rpath
+config.status
+config.sub
+configure
+cryptsetup
+cryptsetup-reencrypt
+cryptsetup-ssh
+depcomp
+install-sh
+integritysetup
+lib/libcryptsetup.pc
+libtool
+ltmain.sh
+m4/
+missing
+po/Makevars.template
+po/POTFILES
+po/Rules-quot
+po/*.header
+po/*.sed
+po/*.sin
+po/stamp-po
+scripts/cryptsetup.conf
+stamp-h1
+veritysetup
+tests/valglog.*
+*/*.dirstamp
+*-debug-luks2-backup*
+tests/api-test
+tests/api-test-2
+tests/differ
+tests/luks1-images
+tests/tcrypt-images
+tests/unit-utils-io
+tests/vectors-test
+tests/test-symbols-list.h
+tests/all-symbols-test
+tests/fuzz/LUKS2.pb*
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -1,46 +1,23 @@
-default:
-  before_script:
-    - sudo apt-get -y update --fix-missing
-    - >
-      sudo apt-get -y install -y -qq  git gcc make
-      autoconf automake autopoint pkg-config libtool libtool-bin gettext
-      libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol1-dev
-      libjson-c-dev libssh-dev libblkid-dev tar libargon2-0-dev
-      libpwquality-dev sharutils dmsetup jq xxd expect keyutils
-      netcat passwd openssh-client sshpass
-    - sudo apt-get -y build-dep cryptsetup
-    - sudo -E git clean -xdf
-    - ./autogen.sh
-    - ./configure --enable-libargon2
-
 stages:
   - test
 
-# Merge request: Build and run only non-root tests
-test-mergerq-job:
-  stage: test
-  interruptible: true
-  rules:
-    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
-      when: never
-    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
-  script:
-    - make -j
-    - make -j -C tests check-programs
-    - make check
+.dump_kernel_log:
+  after_script:
+    - sudo dmesg > /mnt/artifacts/dmesg.log
+    - sudo journalctl > /mnt/artifacts/journalctl.log
+    - '[ "$(ls -A /var/coredumps)" ] && exit 1 || true'
 
-# For main branch commit, run all tests as root
-test-main-commit-job:
-  stage: test
-  interruptible: true
-  variables:
-    RUN_SSH_PLUGIN_TEST: "1"
-  rules:
-    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
-      when: never
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
-  script:
-    - make -j
-    - make -j -C tests check-programs
-    - sudo -E make check
-    - sudo -E make clean
+include:
+  - local: .gitlab/ci/debian.yml
+  - local: .gitlab/ci/fedora.yml
+  - local: .gitlab/ci/rhel.yml
+  - local: .gitlab/ci/centos.yml
+  - local: .gitlab/ci/annocheck.yml
+  - local: .gitlab/ci/csmock.yml
+  - local: .gitlab/ci/gitlab-shared-docker.yml
+  - local: .gitlab/ci/compilation-various-disables.yml
+  - local: .gitlab/ci/compilation-gcc.gitlab-ci.yml
+  - local: .gitlab/ci/compilation-clang.gitlab-ci.yml
+  - local: .gitlab/ci/alpinelinux.yml
+  - local: .gitlab/ci/ubuntu-32bit.yml
+  - local: .gitlab/ci/cifuzz.yml
diff --git a/.gitlab/ci/alpinelinux.yml b/.gitlab/ci/alpinelinux.yml
@@ -0,0 +1,55 @@
+.alpinelinux-dependencies:
+  after_script:
+    - sudo dmesg > /mnt/artifacts/dmesg.log
+    - sudo cp /var/log/messages /mnt/artifacts/
+    - '[ "$(ls -A /var/coredumps)" ] && exit 1 || true'
+  before_script:
+    - >
+      sudo apk add
+      lvm2-dev openssl1.1-compat-dev popt-dev util-linux-dev json-c-dev
+      argon2-dev device-mapper which sharutils gettext gettext-dev automake
+      autoconf libtool build-base keyutils tar jq expect git asciidoctor
+    - ./autogen.sh
+    - ./configure --prefix=/usr --libdir=/lib --sbindir=/sbin --disable-static --enable-libargon2 --with-crypto_backend=openssl --disable-external-tokens --disable-ssh-token --enable-asciidoc
+
+test-main-commit-job-alpinelinux:
+  extends:
+    - .alpinelinux-dependencies
+  tags:
+    - libvirt
+    - alpinelinux
+  stage: test
+  interruptible: true
+  variables:
+    RUN_SSH_PLUGIN_TEST: "0"
+  rules:
+    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+      when: never
+    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+      when: never
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+  script:
+    - make -j
+    - make -j -C tests check-programs
+    - sudo -E make check
+
+test-mergerq-job-alpinelinux:
+  extends:
+    - .alpinelinux-dependencies
+  tags:
+    - libvirt
+    - alpinelinux
+  stage: test
+  interruptible: true
+  variables:
+    RUN_SSH_PLUGIN_TEST: "0"
+  rules:
+    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+      when: never
+    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+      when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  script:
+    - make -j
+    - make -j -C tests check-programs
+    - sudo -E make check
diff --git a/.gitlab/ci/annocheck.yml b/.gitlab/ci/annocheck.yml
@@ -0,0 +1,19 @@
+test-main-commit-job-annocheck:
+  extends:
+    - .dump_kernel_log
+  tags:
+    - libvirt
+    - rhel9-annocheck
+  stage: test
+  interruptible: true
+  allow_failure: true
+  variables:
+    RUN_SSH_PLUGIN_TEST: "1"
+  rules:
+    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+      when: never
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+  script:
+    - /opt/build-rpm-script.sh > /dev/null 2>&1
+    - annocheck /var/lib/mock/rhel-9.0.0-candidate-x86_64/result/*.rpm --profile=el9
+    - annocheck /var/lib/mock/rhel-9.0.0-candidate-x86_64/result/*.rpm --profile=el8
diff --git a/.gitlab/ci/centos.yml b/.gitlab/ci/centos.yml
@@ -0,0 +1,59 @@
+.centos-openssl-backend:
+  extends:
+    - .dump_kernel_log
+  before_script:
+    - >
+      sudo dnf -y -q  install
+      autoconf automake device-mapper-devel gcc gettext-devel json-c-devel
+      libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool
+      libuuid-devel make popt-devel libsepol-devel nc openssh-clients passwd
+      pkgconfig sharutils sshpass tar uuid-devel vim-common device-mapper
+      expect gettext git jq keyutils openssl-devel openssl gem
+    - sudo gem install asciidoctor
+    - sudo -E git clean -xdf
+    - ./autogen.sh
+    - ./configure --enable-fips --enable-pwquality --with-crypto_backend=openssl --enable-asciidoc
+
+# non-FIPS jobs
+
+test-main-commit-centos-stream9:
+  extends:
+    - .centos-openssl-backend
+  tags:
+    - libvirt
+    - centos-stream9
+  stage: test
+  interruptible: true
+  variables:
+    RUN_SSH_PLUGIN_TEST: "1"
+  rules:
+    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+      when: never
+    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+      when: never
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
+  script:
+    - make -j
+    - make -j -C tests check-programs
+    - sudo -E make check
+
+test-mergerq-centos-stream9:
+  extends:
+    - .centos-openssl-backend
+  tags:
+    - libvirt
+    - centos-stream9
+  stage: test
+  interruptible: true
+  variables:
+    RUN_SSH_PLUGIN_TEST: "1"
+  rules:
+    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
+      when: never
+    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+      when: never
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+  script:
+    - make -j
+    - make -j -C tests check-programs
+    - sudo -E make check
diff --git a/.gitlab/ci/cibuild-setup-ubuntu.sh b/.gitlab/ci/cibuild-setup-ubuntu.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+set -ex
+
+PACKAGES=(
+	git make autoconf automake autopoint pkg-config libtool libtool-bin
+	gettext libssl-dev libdevmapper-dev libpopt-dev uuid-dev libsepol-dev
+	libjson-c-dev libssh-dev libblkid-dev tar libargon2-0-dev libpwquality-dev
+	sharutils dmsetup jq xxd expect keyutils netcat passwd openssh-client sshpass
+	asciidoctor
+)
+
+COMPILER="${COMPILER:?}"
+COMPILER_VERSION="${COMPILER_VERSION:?}"
+
+grep -E '^deb' /etc/apt/sources.list > /etc/apt/sources.list~
+sed -Ei 's/^deb /deb-src /' /etc/apt/sources.list~
+cat /etc/apt/sources.list~ >> /etc/apt/sources.list
+
+apt-get -y update --fix-missing
+DEBIAN_FRONTEND=noninteractive apt-get -yq install software-properties-common wget lsb-release
+RELEASE="$(lsb_release -cs)"
+
+if [[ $COMPILER == "gcc" ]]; then
+	# Latest gcc stack deb packages provided by
+	# https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test
+	add-apt-repository -y ppa:ubuntu-toolchain-r/test
+	PACKAGES+=(gcc-$COMPILER_VERSION)
+elif [[ $COMPILER == "clang" ]]; then
+	wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
+	add-apt-repository "deb http://apt.llvm.org/${RELEASE}/   llvm-toolchain-${RELEASE}-${COMPILER_VERSION} main"
+
+	# scan-build
+	PACKAGES+=(clang-tools-$COMPILER_VERSION clang-$COMPILER_VERSION lldb-$COMPILER_VERSION lld-$COMPILER_VERSION clangd-$COMPILER_VERSION)
+	PACKAGES+=(perl)
+else
+	exit 1
+fi
+
+apt-get -y update --fix-missing
+DEBIAN_FRONTEND=noninteractive apt-get -yq install "${PACKAGES[@]}"
+apt-get -y build-dep cryptsetup
+
+echo "====================== VERSIONS ==================="
+if [[ $COMPILER == "clang" ]]; then
+	echo "Using scan-build${COMPILER_VERSION:+-$COMPILER_VERSION}"
+fi
+
+${COMPILER}-$COMPILER_VERSION -v
+echo "====================== END VERSIONS ==================="
diff --git a/.gitlab/ci/cifuzz.yml b/.gitlab/ci/cifuzz.yml
@@ -0,0 +1,46 @@
+cifuzz:
+  variables:
+    OSS_FUZZ_PROJECT_NAME: cryptsetup
+    CFL_PLATFORM: gitlab
+    CIFUZZ_DEBUG: "True"
+    FUZZ_SECONDS: 300 # 5 minutes per fuzzer
+    ARCHITECTURE: "x86_64"
+    DRY_RUN: "False"
+    LOW_DISK_SPACE: "True"
+    BAD_BUILD_CHECK: "True"
+    LANGUAGE: "c"
+    DOCKER_HOST: "tcp://docker:2375"
+    DOCKER_IN_DOCKER: "true"
+    DOCKER_DRIVER: overlay2
+    DOCKER_TLS_CERTDIR: ""
+  image:
+    name: gcr.io/oss-fuzz-base/cifuzz-base
+    entrypoint: [""]
+  services:
+    - docker:dind
+
+  stage: test
+  parallel:
+    matrix:
+      - SANITIZER: [address, undefined, memory]
+  rules:
+    # Default code change.
+    # - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    #   variables:
+    #     MODE: "code-change"
+    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
+      when: never
+    - if: $BUILD_AND_RUN_FUZZERS != null
+  before_script:
+    # Get gitlab's container id.
+    - export CFL_CONTAINER_ID=`cut -c9- < /proc/1/cpuset`
+  script:
+    # Will build and run the fuzzers.
+    # We use a hack to override CI_JOB_ID, because otherwise a bad path is used
+    # in GitLab CI environment
+    - CI_JOB_ID="$CI_PROJECT_NAMESPACE/$CI_PROJECT_TITLE" python3 "/opt/oss-fuzz/infra/cifuzz/cifuzz_combined_entrypoint.py"
+  artifacts:
+    # Upload artifacts when a crash makes the job fail.
+    when: always
+    paths:
+      - artifacts/