diff options
4 files changed, 0 insertions, 295 deletions
diff --git a/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch b/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch deleted file mode 100644 index 76d502d..0000000 --- a/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs-fix-disable-nss.patch +++ /dev/null @@ -1,236 +0,0 @@ -From 278418aa56573c368abd6dc9b7742df270574842 Mon Sep 17 00:00:00 2001 -From: Li xin <lixin.fnst at cn.fujitsu.com> -Date: Tue, 28 Jul 2015 03:06:10 +0900 -Subject: [PATCH] ecryptfs fix disable nss - ---- - src/libecryptfs/key_management.c | 87 ++++++++++++++++++++++++++++++++++++++++ - src/libecryptfs/main.c | 31 ++++++++++++++ - 2 files changed, 118 insertions(+) - -diff --git a/src/libecryptfs/key_management.c b/src/libecryptfs/key_management.c -index 81a9c08..c051a50 100644 ---- a/src/libecryptfs/key_management.c -+++ b/src/libecryptfs/key_management.c -@@ -21,8 +21,12 @@ - */ - - #include <errno.h> -+#ifdef ENABLE_NSS - #include <nss.h> - #include <pk11func.h> -+#else -+#include <gcrypt.h> -+#endif /* #ifdef ENABLE_NSS */ - #include <keyutils.h> - #ifndef S_SPLINT_S - #include <stdio.h> -@@ -572,6 +576,7 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase, - ECRYPTFS_AES_BLOCK_SIZE + 1]; - int encrypted_passphrase_pos = 0; - int decrypted_passphrase_pos = 0; -+#ifdef ENABLE_NSS - int tmp1_outlen = 0; - int tmp2_outlen = 0; - SECStatus err; -@@ -580,6 +585,11 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase, - PK11SlotInfo *slot = NULL; - PK11Context *enc_ctx = NULL; - SECItem *sec_param = NULL; -+#else -+#warning Building against gcrypt instead of nss -+ gcry_cipher_hd_t gcry_handle; -+ gcry_error_t gcry_err; -+#endif /* #ifdef ENABLE_NSS */ - int encrypted_passphrase_bytes; - int decrypted_passphrase_bytes; - int fd; -@@ -618,6 +628,7 @@ int ecryptfs_wrap_passphrase(char *filename, char *wrapping_passphrase, - - (decrypted_passphrase_bytes - % ECRYPTFS_AES_BLOCK_SIZE)); - encrypted_passphrase_bytes = decrypted_passphrase_bytes; -+#ifdef ENABLE_NSS - NSS_NoDB_Init(NULL); - slot = PK11_GetBestSlot(CKM_AES_ECB, NULL); - key_item.data = (unsigned char *)wrapping_key; -@@ -678,6 +689,41 @@ nss_finish: - rc = - EIO; - goto out; - } -+#else -+ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES, -+ GCRY_CIPHER_MODE_ECB, 0))) { -+ syslog(LOG_ERR, "Error attempting to initialize AES cipher; " -+ "gcry_error_t = [%d]\n", gcry_err); -+ rc = -EIO; -+ goto out; -+ } -+ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key, -+ ECRYPTFS_AES_KEY_BYTES))) { -+ syslog(LOG_ERR, "Error attempting to set AES key; " -+ "gcry_error_t = [%d]\n", gcry_err); -+ rc = -EIO; -+ gcry_cipher_close(gcry_handle); -+ goto out; -+ } -+ while (decrypted_passphrase_bytes > 0) { -+ if ((gcry_err = gcry_cipher_encrypt( -+ gcry_handle, -+ &encrypted_passphrase[encrypted_passphrase_pos], -+ ECRYPTFS_AES_BLOCK_SIZE, -+ &decrypted_passphrase[decrypted_passphrase_pos], -+ ECRYPTFS_AES_BLOCK_SIZE))) { -+ syslog(LOG_ERR, "Error attempting to encrypt block; " -+ "gcry_error = [%d]\n", gcry_err); -+ rc = -EIO; -+ gcry_cipher_close(gcry_handle); -+ goto out; -+ } -+ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; -+ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; -+ decrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE; -+ } -+ gcry_cipher_close(gcry_handle); -+#endif /* #ifdef ENABLE_NSS */ - rc = write_v2_wrapped_passphrase_file(filename, wrapping_salt, - wrapping_auth_tok_sig, - encrypted_passphrase, -@@ -852,6 +898,7 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename, - char encrypted_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES + 1]; - int encrypted_passphrase_pos = 0; - int decrypted_passphrase_pos = 0; -+#ifdef ENABLE_NSS - int tmp1_outlen = 0; - int tmp2_outlen = 0; - SECStatus err; -@@ -860,6 +907,10 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename, - PK11SlotInfo *slot = NULL; - PK11Context *enc_ctx = NULL; - SECItem *sec_param = NULL; -+#else -+ gcry_cipher_hd_t gcry_handle; -+ gcry_error_t gcry_err; -+#endif /* #ifdef ENABLE_NSS */ - uint8_t version = 0; - int encrypted_passphrase_bytes; - int rc; -@@ -923,6 +974,7 @@ int ecryptfs_unwrap_passphrase(char *decrypted_passphrase, char *filename, - rc = -EIO; - goto out; - } -+#ifdef ENABLE_NSS - NSS_NoDB_Init(NULL); - slot = PK11_GetBestSlot(CKM_AES_ECB, NULL); - key_item.data = (unsigned char *)wrapping_key; -@@ -982,6 +1034,41 @@ nss_finish: - rc = - EIO; - goto out; - } -+#else -+ if ((gcry_err = gcry_cipher_open(&gcry_handle, GCRY_CIPHER_AES, -+ GCRY_CIPHER_MODE_ECB, 0))) { -+ syslog(LOG_ERR, "Error attempting to initialize AES cipher; " -+ "gcry_error_t = [%d]\n", gcry_err); -+ rc = -EIO; -+ goto out; -+ } -+ if ((gcry_err = gcry_cipher_setkey(gcry_handle, wrapping_key, -+ ECRYPTFS_AES_KEY_BYTES))) { -+ syslog(LOG_ERR, "Error attempting to set AES key; " -+ "gcry_error_t = [%d]\n", gcry_err); -+ rc = -EIO; -+ gcry_cipher_close(gcry_handle); -+ goto out; -+ } -+ memset(decrypted_passphrase, 0, ECRYPTFS_MAX_PASSPHRASE_BYTES + 1); -+ while (encrypted_passphrase_bytes > 0) { -+ if ((gcry_err = gcry_cipher_decrypt( -+ gcry_handle, -+ &decrypted_passphrase[encrypted_passphrase_pos], -+ ECRYPTFS_AES_BLOCK_SIZE, -+ &encrypted_passphrase[decrypted_passphrase_pos], -+ ECRYPTFS_AES_BLOCK_SIZE))) { -+ syslog(LOG_ERR, "Error attempting to decrypt block; " -+ "gcry_error = [%d]\n", gcry_err); -+ rc = -EIO; -+ gcry_cipher_close(gcry_handle); -+ goto out; -+ } -+ encrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; -+ decrypted_passphrase_pos += ECRYPTFS_AES_BLOCK_SIZE; -+ encrypted_passphrase_bytes -= ECRYPTFS_AES_BLOCK_SIZE; -+ } -+#endif /* #ifdef ENABLE_NSS */ - out: - return rc; - } -diff --git a/src/libecryptfs/main.c b/src/libecryptfs/main.c -index 98bdc54..800c851 100644 ---- a/src/libecryptfs/main.c -+++ b/src/libecryptfs/main.c -@@ -20,8 +20,12 @@ - */ - - #include <errno.h> -+#ifdef ENABLE_NSS - #include <nss.h> - #include <pk11func.h> -+#else -+#include <gcrypt.h> -+#endif /* #ifdef ENABLE_NSS */ - #include <mntent.h> - #ifndef S_SPLINT_S - #include <stdio.h> -@@ -73,7 +77,16 @@ void from_hex(char *dst, char *src, int dst_size) - - int do_hash(char *src, int src_size, char *dst, int algo) - { -+#ifdef ENABLE_NSS - SECStatus err; -+#else -+ gcry_md_hd_t hd; -+ gcry_error_t err = 0; -+ unsigned char * hash; -+ unsigned int mdlen; -+#endif /* #ifdef ENABLE_NSS */ -+ -+#ifdef ENABLE_NSS - - NSS_NoDB_Init(NULL); - err = PK11_HashBuf(algo, (unsigned char *)dst, (unsigned char *)src, -@@ -85,6 +98,19 @@ int do_hash(char *src, int src_size, char *dst, int algo) - err = -EINVAL; - goto out; - } -+#else -+ err = gcry_md_open(&hd, algo, 0); -+ mdlen = gcry_md_get_algo_dlen(algo); -+ if (err) { -+ syslog(LOG_ERR, "Failed to open hash algo [%d]: " -+ "[%d]\n", algo, err); -+ goto out; -+ } -+ gcry_md_write(hd, src, src_size); -+ hash = gcry_md_read(hd, algo); -+ memcpy(dst, hash, mdlen); -+ gcry_md_close(hd); -+#endif /* #ifdef ENABLE_NSS */ - out: - return (int)err; - } -@@ -217,7 +243,12 @@ generate_passphrase_sig(char *passphrase_sig, char *fekek, - char salt_and_passphrase[ECRYPTFS_MAX_PASSPHRASE_BYTES - + ECRYPTFS_SALT_SIZE]; - int passphrase_size; -+#ifdef ENABLE_NSS - int alg = SEC_OID_SHA512; -+#else -+ int alg = GCRY_MD_SHA512; -+#endif /* #ifdef ENABLE_NSS */ -+ - int dig_len = SHA512_DIGEST_LENGTH; - char buf[SHA512_DIGEST_LENGTH]; - int hash_iterations = ECRYPTFS_DEFAULT_NUM_HASH_ITERATIONS; --- -1.8.4.2 - diff --git a/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs.service b/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs.service deleted file mode 100644 index 52f3397..0000000 --- a/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils/ecryptfs.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=A userspace daemon that runs as the user perform file operations under the eCryptfs mount point -After=udev.service - -[Service] -ExecStart=/usr/bin/ecryptfsd -f - -[Install] -WantedBy=multi-user.target - diff --git a/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils_111.bb b/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils_111.bb deleted file mode 100644 index be194b9..0000000 --- a/meta-ivi/recipes-support-ivi/ecryptfs-utils/ecryptfs-utils_111.bb +++ /dev/null @@ -1,48 +0,0 @@ -SUMMARY = "A stacked cryptographic filesystem for Linux" -HOMEPAGE = "http://ecryptfs.org" -DESCRIPTION = "eCryptfs stores cryptographic metadata in the header of each \ -file written, so that encrypted files can be copied between hosts; the file \ -will be decrypted with the proper key in the Linux kernel keyring" -SECTION = "base" -LICENSE = "GPLv2" -DEPENDS = "intltool-native keyutils libgcrypt libpam openssl glib-2.0-native" - -LICENSE = "GPLv2" -LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b" - -SRC_URI = "https://launchpad.net/ecryptfs/trunk/${PV}/+download/${BPN}_${PV}.orig.tar.gz \ - file://ecryptfs-fix-disable-nss.patch \ - file://ecryptfs.service \ - " -SRC_URI[md5sum] = "83513228984f671930752c3518cac6fd" -SRC_URI[sha256sum] = "112cb3e37e81a1ecd8e39516725dec0ce55c5f3df6284e0f4cc0f118750a987f" - -inherit pkgconfig autotools systemd - -SYSTEMD_PACKAGES = "${PN}" -SYSTEMD_SERVICE_${PN} = "ecryptfs.service" - -EXTRA_OECONF += "--disable-nss --disable-pywrap --enable-openssl --prefix=/ --sbindir=/sbin --datarootdir=/usr/share" -EXTRA_OEMAKE += "'CFLAGS+= -lgcrypt '" - -FILES_${PN} += " \ - ${libdir}/ecryptfs/* \ - ${libdir}/security/pam_ecryptfs.so \ - ${systemd_unitdir}/system/ecryptfs.service \ - " - -FILES_${PN}-doc += " \ - /share/locale/* \ - " - -FILES_${PN}-dbg += "${libdir}/ecryptfs/.debug \ - ${libdir}/security/.debug \ - " -do_install_append() { - if ${@bb.utils.contains('DISTRO_FEATURES','systemd','true','false',d)}; then - install -d ${D}${systemd_unitdir}/system/ - install -m 0644 ${WORKDIR}/ecryptfs.service ${D}${systemd_unitdir}/system - fi -} - -RDEPENDS_${PN} = "nspr nss" diff --git a/meta-ivi/recipes-yocto-ivi/packagegroups/packagegroup-specific-component-p1.bb b/meta-ivi/recipes-yocto-ivi/packagegroups/packagegroup-specific-component-p1.bb index bb63ac4..2522fec 100644 --- a/meta-ivi/recipes-yocto-ivi/packagegroups/packagegroup-specific-component-p1.bb +++ b/meta-ivi/recipes-yocto-ivi/packagegroups/packagegroup-specific-component-p1.bb @@ -18,7 +18,6 @@ RDEPENDS_${PN} += "\ dbus \ dlt-daemon \ dlt-daemon-systemd \ - ecryptfs-utils \ gstreamer1.0-meta-base \ kernel-modules \ libasound \ |