%{python_sitearch} → %{python2_sitearch}

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>

.cvsignore

@@ -1,2 +0,0 @@
-volume_key-0.2.tar.bz2
-cryptsetup-1.0.7-rc1.tar.bz2

.gitignore

@@ -0,0 +1,9 @@
+/.project
+/volume_key-0.3.3.tar.xz
+/volume_key-0.3.4.tar.xz
+/volume_key-0.3.5.tar.xz
+/volume_key-0.3.6.tar.xz
+/volume_key-0.3.7.tar.xz
+/volume_key-0.3.8.tar.xz
+/volume_key-0.3.9.tar.xz
+/volume_key-0.3.10.tar.xz

Makefile

@@ -1,21 +0,0 @@
-# Makefile for source rpm: volume_key
-# $Id$
-NAME := volume_key
-SPECFILE = $(firstword $(wildcard *.spec))
-
-define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
-endef
-
-MAKEFILE_COMMON := $(shell $(find-makefile-common))
-
-ifeq ($(MAKEFILE_COMMON),)
-# attept a checkout
-define checkout-makefile-common
-test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
-endef
-
-MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
-endif
-
-include $(MAKEFILE_COMMON)

cryptsetup-svn-r62.patch

@@ -1,674 +0,0 @@
-Index: lib/libcryptsetup.h
-===================================================================
---- lib/libcryptsetup.h	(revision 62)
-+++ lib/libcryptsetup.h	(working copy)
-@@ -65,6 +65,78 @@
- int crypt_luksFormat(struct crypt_options *options);
- int crypt_luksDump(struct crypt_options *options);
- 
-+struct crypt_luks_volume_info;
-+
-+/* Get information about DEVICE,
-+   Return 0 on sucess, setting INFO to the volume information.
-+   return a negative errno value otherwise, the caller can try to use
-+   crypt_get_error() to get an error message.
-+   INFO can be NULL, in which case the function only verifies DEVICE is a valid
-+   LUKS device.
-+   If INFO is not not NULL, it should be freed using crypt_luks_vi_free().
-+*/
-+int crypt_luks_get_volume_info(struct crypt_luks_volume_info **info,
-+			       const char *device);
-+
-+/* Get cipher name from INFO.
-+   Return a string for free(), or NULL if out of memory. */
-+char *crypt_luks_vi_get_cipher_name(struct crypt_luks_volume_info *info);
-+
-+/* Get cipher mode from INFO.
-+   Return a string for free(), or NULL if out of memory. */
-+char *crypt_luks_vi_get_cipher_mode(struct crypt_luks_volume_info *info);
-+
-+/* Get number of master key bytes from INFO. */
-+unsigned crypt_luks_vi_get_key_bytes(struct crypt_luks_volume_info *info);
-+
-+/* Get UUID from INFO.
-+   Return a string for free(), or NULL if out of memory. */
-+char *crypt_luks_vi_get_uuid(struct crypt_luks_volume_info *info);
-+
-+/* Free INFO. */
-+void crypt_luks_vi_free(struct crypt_luks_volume_info *info);
-+
-+/* Get the master key of DEVICE, using PASSPHRASE with PASSPHRASE_LENGTH.
-+   Return the used slot on success, setting KEY and KEY_LENGTH to the master
-+   key;
-+   return a negative errno value otherwise, the caller can try to use
-+   crypt_get_error() to get an error message.
-+   The caller is responsible for calling free(KEY) if this function returns
-+   0. */
-+int crypt_luks_get_master_key(unsigned char **key, size_t *key_length,
-+			      const char *device,
-+			      const unsigned char *passphrase,
-+			      size_t passphrase_length,
-+                              void (*log)(int class, char *msg));
-+
-+/* Verify that KEY with KEY_LENGTH is valid for DEVICE.
-+   Return 0 on success.
-+   Return a negative errno value otherwise, the caller can try to use
-+   crypt_get_error() to get an error message. */
-+int crypt_luks_verify_master_key(const char *device, const unsigned char *key,
-+				 size_t key_length);
-+
-+/* Open DEVICE using KEY with KEY_LENGTH as NAME.
-+   Return 0 on success.
-+   Return a negative errno value otherwise, the caller can try to use
-+   crypt_get_error() to get an error message. */
-+int crypt_luks_open_by_master_key(const char *name, const char *device,
-+                                  const unsigned char *key, size_t key_length,
-+                                  int flags, void (*log)(int class, char *msg));
-+
-+/* Add a PASSPHRASE with PASSPHRASE_LENGTH to SLOT of DEVICE, using KEY with
-+   KEY_LENGTH.
-+   Return the used slot on success;
-+   Return a negative errno value otherwise, the caller can try to use
-+   crypt_get_error() to get an error message.
-+   SLOT may be -1 to use the first empty slot. */
-+int crypt_luks_add_passphrase_by_master_key(const char *device,
-+					    const unsigned char *key,
-+					    size_t key_length, int slot,
-+					    const unsigned char *passphrase,
-+					    size_t passphrase_length,
-+					    void (*log)(int class, char *msg));
-+
- void crypt_get_error(char *buf, size_t size);
- void crypt_put_options(struct crypt_options *options);
- const char *crypt_get_dir(void);
-Index: lib/setup.c
-===================================================================
---- lib/setup.c	(revision 62)
-+++ lib/setup.c	(working copy)
-@@ -282,7 +282,7 @@
-         }
- }
- 
--static int __crypt_create_device(int reload, struct setup_backend *backend,
-+static int __crypt_create_device(intptr_t reload, struct setup_backend *backend,
-                                  struct crypt_options *options)
- {
- 	struct crypt_options tmp = {
-@@ -359,7 +359,7 @@
- 	return r;
- }
- 
--static int __crypt_query_device(int details, struct setup_backend *backend,
-+static int __crypt_query_device(intptr_t details, struct setup_backend *backend,
-                                 struct crypt_options *options)
- {
- 	int r = backend->status(details, options, NULL);
-@@ -371,7 +371,7 @@
- 		return r;
- }
- 
--static int __crypt_resize_device(int details, struct setup_backend *backend,
-+static int __crypt_resize_device(intptr_t details, struct setup_backend *backend,
-                                 struct crypt_options *options)
- {
- 	struct crypt_options tmp = {
-@@ -412,7 +412,7 @@
- 	return r;
- }
- 
--static int __crypt_remove_device(int arg, struct setup_backend *backend,
-+static int __crypt_remove_device(intptr_t arg, struct setup_backend *backend,
-                                  struct crypt_options *options)
- {
- 	int r;
-@@ -428,7 +428,7 @@
- 	return backend->remove(0, options);
- }
- 
--static int __crypt_luks_format(int arg, struct setup_backend *backend, struct crypt_options *options)
-+static int __crypt_luks_format(intptr_t arg, struct setup_backend *backend, struct crypt_options *options)
- {
- 	int r;
- 
-@@ -504,8 +504,94 @@
- 	return r;
- }
- 
--static int __crypt_luks_open(int arg, struct setup_backend *backend, struct crypt_options *options)
-+static int open_from_hdr_and_mk(struct luks_phdr *hdr,
-+                                struct luks_masterkey *mk,
-+                                const struct device_infos *infos,
-+                                struct setup_backend *backend,
-+                                struct crypt_options *options)
- {
-+	char *dmCipherSpec;
-+ 	int excl = (options->flags & CRYPT_FLAG_NON_EXCLUSIVE_ACCESS)
-+                ? 0 : O_EXCL;
-+        int r;
-+
-+	if (infos->readonly)
-+		options->flags |= CRYPT_FLAG_READONLY;
-+	options->offset = hdr->payloadOffset;
-+	if (asprintf(&dmCipherSpec, "%s-%s", hdr->cipherName, hdr->cipherMode)
-+            < 0) {
-+		r = -ENOMEM;
-+                goto out;
-+        }
-+	options->cipher = dmCipherSpec;
-+	options->key_size = mk->keyLength;
-+	options->skip = 0;
-+
-+	options->size = infos->size;
-+	if (!options->size) {
-+		set_error("Not a block device.\n");
-+		r = -ENOTBLK;
-+                goto out;
-+	}
-+	if (options->size <= options->offset) {
-+		set_error("Invalid offset");
-+		r = -EINVAL;
-+                goto out;
-+	}
-+	options->size -= options->offset;
-+	/* FIXME: code allows multiple crypt mapping, cannot use uuid then.
-+	 * anyway, it is dangerous and can corrupt data. Remove it in next version! */
-+	r = backend->create(0, options, mk->key, excl ? hdr->uuid : NULL);
-+ out:
-+        free(dmCipherSpec);
-+        return r;
-+}
-+
-+static int __crypt_luks_open_by_master_key(intptr_t arg,
-+                                           struct setup_backend *backend,
-+                                           struct crypt_options *options)
-+{
-+	struct luks_masterkey *mk;
-+	struct luks_phdr hdr;
-+	struct device_infos infos;
-+	struct crypt_options tmp = {
-+		.name = options->name,
-+	};
-+	int r;
-+	int excl = (options->flags & CRYPT_FLAG_NON_EXCLUSIVE_ACCESS) != 0
-+                ? 0 : O_EXCL ;
-+
-+	mk = (struct luks_masterkey *)arg;
-+
-+	r = backend->status(0, &tmp, NULL);
-+	if (r >= 0) {
-+		set_error("Device %s already exists.", options->name);
-+		return -EEXIST;
-+	}
-+
-+	if (!LUKS_device_ready(options->device, O_RDONLY | excl))
-+		return -ENOTBLK;
-+
-+	if (get_device_infos(options->device, &infos) < 0) {
-+		set_error("Can't get device information.\n");
-+		return -ENOTBLK;
-+	}
-+
-+        r = LUKS_read_phdr(options->device, &hdr);
-+        if (r < 0)
-+                return r;
-+
-+        r = LUKS_verify_master_key(&hdr, mk);
-+	if (r == -EPERM)
-+                set_error("Master key does not match the volume.\n");
-+	if (r < 0)
-+		return r;
-+
-+        return open_from_hdr_and_mk(&hdr, mk, &infos, backend, options);
-+}
-+
-+static int __crypt_luks_open(intptr_t arg, struct setup_backend *backend, struct crypt_options *options)
-+{
- 	struct luks_masterkey *mk=NULL;
- 	struct luks_phdr hdr;
- 	char *prompt = NULL;
-@@ -515,7 +601,6 @@
- 	struct crypt_options tmp = {
- 		.name = options->name,
- 	};
--	char *dmCipherSpec = NULL;
- 	int r, tries = options->tries;
- 	int excl = (options->flags & CRYPT_FLAG_NON_EXCLUSIVE_ACCESS) ? 0 : O_EXCL ;
- 
-@@ -533,9 +618,6 @@
- 		return -ENOTBLK;
- 	}
- 
--	if (infos.readonly)
--		options->flags |= CRYPT_FLAG_READONLY;
--
- 	if(asprintf(&prompt, "Enter LUKS passphrase for %s: ", options->device) < 0)
- 		return -ENOMEM;
- 
-@@ -559,33 +641,8 @@
- 
- 	logger(options, CRYPT_LOG_NORMAL,"key slot %d unlocked.\n", r);
- 
-+        r = open_from_hdr_and_mk(&hdr, mk, &infos, backend, options);
- 
--	options->offset = hdr.payloadOffset;
-- 	if (asprintf(&dmCipherSpec, "%s-%s", hdr.cipherName, hdr.cipherMode) < 0) {
--		r = -ENOMEM;
--		goto out2;
--	}
--	options->cipher = dmCipherSpec;
--	options->key_size = mk->keyLength;
--	options->skip = 0;
--
--	options->size = infos.size;
--	if (!options->size) {
--		set_error("Not a block device.\n");
--		r = -ENOTBLK; goto out2;
--	}
--	if (options->size <= options->offset) {
--		set_error("Invalid offset");
--		r = -EINVAL; goto out2;
--	}
--	options->size -= options->offset;
--	/* FIXME: code allows multiple crypt mapping, cannot use uuid then.
--	 * anyway, it is dangerous and can corrupt data. Remove it in next version! */
--	r = backend->create(0, options, mk->key, excl ? hdr.uuid : NULL);
--
-- out2:
--	free(dmCipherSpec);
--	dmCipherSpec = NULL;
-  out1:
- 	safe_free(password);
-  out:
-@@ -598,8 +655,76 @@
- 	return r;
- }
- 
--static int __crypt_luks_add_key(int arg, struct setup_backend *backend, struct crypt_options *options)
-+/* arg is a struct luks_masterkey **.  Caller must LUKS_dealloc_masterkey(*arg)
-+   if this function returns 0.
-+   options->key_size is abused as passphrase length.  */
-+static int __crypt_luks_get_master_key(intptr_t arg,
-+                                       struct setup_backend *backend,
-+                                       struct crypt_options *options)
- {
-+	struct luks_masterkey *mk;
-+	struct luks_phdr hdr;
-+	int r;
-+
-+	if (!LUKS_device_ready(options->device, O_RDONLY))
-+		return -ENOTBLK;
-+
-+        r = LUKS_open_any_key(options->device, options->passphrase,
-+                              options->key_size, &hdr, &mk, backend);
-+	if (r == -EPERM)
-+		set_error("No key available with this passphrase.");
-+	if (r < 0) {
-+                LUKS_dealloc_masterkey(mk);
-+                return r;
-+        }
-+
-+        *(struct luks_masterkey **)arg = mk;
-+	return r;
-+}
-+
-+/* options->key_size is abused as passphrase length.  */
-+static int __crypt_luks_add_passphrase_by_master_key
-+	(intptr_t arg, struct setup_backend *backend,
-+         struct crypt_options *options)
-+{
-+	struct luks_phdr hdr;
-+        unsigned int keyIndex;
-+        struct luks_masterkey *mk;
-+	const char *device = options->device;
-+	int r;
-+
-+        mk = (struct luks_masterkey *)arg;
-+
-+	if (!LUKS_device_ready(options->device, O_RDWR))
-+		return -ENOTBLK;
-+
-+	r = LUKS_read_phdr(device, &hdr);
-+	if (r < 0)
-+                return r;
-+
-+        r = LUKS_verify_master_key(&hdr, mk);
-+        if (r < 0) {
-+                set_error("Master key does not match the volume");
-+                return -EINVAL;
-+        }
-+
-+        keyIndex = keyslot_from_option(options->key_slot, &hdr, options);
-+        if (keyIndex == -EINVAL)
-+                return -EINVAL;
-+
-+	hdr.keyblock[keyIndex].passwordIterations
-+                = at_least_one(LUKS_benchmarkt_iterations()
-+                               * ((float)options->iteration_time / 1000));
-+
-+    	r = LUKS_set_key(device, keyIndex, options->passphrase,
-+                         options->key_size, &hdr, mk, backend);
-+        if (r < 0)
-+                return r;
-+        return keyIndex;
-+}
-+
-+static int __crypt_luks_add_key(intptr_t arg, struct setup_backend *backend, struct crypt_options *options)
-+{
- 	struct luks_masterkey *mk=NULL;
- 	struct luks_phdr hdr;
- 	char *password=NULL; unsigned int passwordLen;
-@@ -664,7 +789,7 @@
- 	return r;
- }
- 
--static int luks_remove_helper(int arg, struct setup_backend *backend, struct crypt_options *options, int supply_it)
-+static int luks_remove_helper(intptr_t arg, struct setup_backend *backend, struct crypt_options *options, int supply_it)
- {
- 	struct luks_masterkey *mk;
- 	struct luks_phdr hdr;
-@@ -735,18 +860,18 @@
- 	return r;
- }
- 
--static int __crypt_luks_kill_slot(int arg, struct setup_backend *backend, struct crypt_options *options) {
-+static int __crypt_luks_kill_slot(intptr_t arg, struct setup_backend *backend, struct crypt_options *options) {
- 	return luks_remove_helper(arg, backend, options, 0);
- }
- 
--static int __crypt_luks_remove_key(int arg, struct setup_backend *backend, struct crypt_options *options) {
-+static int __crypt_luks_remove_key(intptr_t arg, struct setup_backend *backend, struct crypt_options *options) {
- 	return luks_remove_helper(arg, backend, options, 1);
- }
- 
- 
--static int crypt_job(int (*job)(int arg, struct setup_backend *backend,
-+static int crypt_job(int (*job)(intptr_t arg, struct setup_backend *backend,
-                                 struct crypt_options *options),
--                     int arg, struct crypt_options *options)
-+                     intptr_t arg, struct crypt_options *options)
- {
- 	struct setup_backend *backend;
- 	int r;
-@@ -807,6 +932,96 @@
- 	return crypt_job(__crypt_luks_format, 0, options);
- }
- 
-+int crypt_luks_get_master_key(unsigned char **key, size_t *key_length,
-+                              const char *device,
-+                              const unsigned char *passphrase,
-+			      size_t passphrase_length,
-+                              void (*log)(int class, char *msg))
-+{
-+        struct crypt_options options;
-+        struct interface_callbacks icb;
-+        struct luks_masterkey *mk;
-+        int r;
-+
-+        memset(&icb, 0, sizeof(icb));
-+        icb.log = log;
-+        memset(&options, 0, sizeof(options));
-+        options.device = device;
-+        options.icb = &icb;
-+        options.passphrase = (const char *)passphrase;
-+        options.key_size = passphrase_length; /* Abusing the field */
-+        if (options.key_size != passphrase_length) {
-+                set_error("passphrase_length too large");
-+                return -EOVERFLOW;
-+        }
-+        r = crypt_job(__crypt_luks_get_master_key, (intptr_t)&mk, &options);
-+        if (r < 0)
-+                return r;
-+        /* Note: this memory is not mlock()ed */
-+        *key = malloc(mk->keyLength);
-+        if (*key == NULL) {
-+                LUKS_dealloc_masterkey(mk);
-+                return -ENOMEM;
-+        }
-+        memcpy(*key, mk->key, mk->keyLength);
-+        *key_length = mk->keyLength;
-+        LUKS_dealloc_masterkey(mk);
-+        return r;
-+}
-+
-+int crypt_luks_verify_master_key(const char *device, const unsigned char *key,
-+				 size_t key_length)
-+{
-+        struct luks_masterkey *mk;
-+	struct luks_phdr hdr;
-+        int r;
-+
-+        r = LUKS_read_phdr(device, &hdr);
-+        if (r < 0)
-+                return r;
-+
-+        mk = LUKS_alloc_masterkey(key_length);
-+        if (mk == NULL)
-+                return -ENOMEM;
-+        memcpy(mk->key, key, key_length);
-+
-+        r = LUKS_verify_master_key(&hdr, mk);
-+	if (r == -EPERM)
-+                set_error("Master key does not match the volume.\n");
-+
-+        LUKS_dealloc_masterkey(mk);
-+
-+        return r;
-+}
-+
-+int crypt_luks_open_by_master_key(const char *name, const char *device,
-+                                  const unsigned char *key, size_t key_length,
-+                                  int flags, void (*log)(int class, char *msg))
-+{
-+        struct crypt_options options;
-+        struct interface_callbacks icb;
-+        struct luks_masterkey *mk;
-+        int r;
-+
-+        memset(&icb, 0, sizeof(icb));
-+        icb.log = log;
-+        memset(&options, 0, sizeof(options));
-+        options.name = name;
-+        options.device = device;
-+        options.flags = flags;
-+        options.offset = 0;
-+        options.icb = &icb;
-+
-+        mk = LUKS_alloc_masterkey(key_length);
-+        if (mk == NULL)
-+                return -ENOMEM;
-+        memcpy(mk->key, key, key_length);
-+        r = crypt_job(__crypt_luks_open_by_master_key, (intptr_t)mk, &options);
-+        LUKS_dealloc_masterkey(mk);
-+
-+        return r;
-+}
-+
- int crypt_luksOpen(struct crypt_options *options)
- {
- 	return crypt_job(__crypt_luks_open, 0, options);
-@@ -822,6 +1037,39 @@
- 	return crypt_job(__crypt_luks_remove_key, 0, options);
- }
- 
-+int crypt_luks_add_passphrase_by_master_key(const char *device,
-+                                            const unsigned char *key,
-+                                            size_t key_length, int slot,
-+                                            const unsigned char *passphrase,
-+                                            size_t passphrase_length,
-+                                            void (*log)(int class, char *msg))
-+{
-+        struct crypt_options options;
-+        struct interface_callbacks icb;
-+        struct luks_masterkey *mk;
-+        int r;
-+
-+        memset(&icb, 0, sizeof(icb));
-+        icb.log = log;
-+        memset(&options, 0, sizeof(options));
-+        options.device = device;
-+        options.passphrase = (const char *)passphrase;
-+        options.key_size = passphrase_length; /* Abusing the field */
-+        options.key_slot = slot;
-+        options.iteration_time = 1000;
-+        options.icb = &icb;
-+
-+        mk = LUKS_alloc_masterkey(key_length);
-+        if (mk == NULL)
-+                return -ENOMEM;
-+        memcpy(mk->key, key, key_length);
-+        r = crypt_job(__crypt_luks_add_passphrase_by_master_key, (intptr_t)mk,
-+                      &options);
-+        LUKS_dealloc_masterkey(mk);
-+
-+        return r;
-+}
-+
- int crypt_luksAddKey(struct crypt_options *options)
- {
- 	return crypt_job(__crypt_luks_add_key, 0, options);
-@@ -840,6 +1088,84 @@
- 	return 0;
- }
- 
-+struct crypt_luks_volume_info
-+{
-+        struct luks_phdr h;
-+};
-+
-+int crypt_luks_get_volume_info(struct crypt_luks_volume_info **info,
-+			       const char *device)
-+{
-+        struct crypt_luks_volume_info *vi;
-+        int r;
-+
-+        vi = malloc(sizeof(*vi));
-+        if (vi == NULL)
-+                return -ENOMEM;
-+        r = LUKS_read_phdr(device, &vi->h);
-+        if (r != 0) {
-+                free(vi);
-+                return r;
-+        }
-+        if (info != NULL)
-+                *info = vi;
-+        else
-+                free(vi);
-+        return 0;
-+}
-+
-+char *crypt_luks_vi_get_cipher_name(struct crypt_luks_volume_info *info)
-+{
-+        size_t field_size;
-+        char *r;
-+
-+        field_size = sizeof(info->h.cipherName);
-+        r = malloc(field_size + 1);
-+        if (r != NULL) {
-+                memcpy(r, info->h.cipherName, field_size);
-+                r[field_size] = '\0';
-+        }
-+        return r;
-+}
-+
-+char *crypt_luks_vi_get_cipher_mode(struct crypt_luks_volume_info *info)
-+{
-+        size_t field_size;
-+        char *r;
-+
-+        field_size = sizeof(info->h.cipherMode);
-+        r = malloc(field_size + 1);
-+        if (r != NULL) {
-+                memcpy(r, info->h.cipherMode, field_size);
-+                r[field_size] = '\0';
-+        }
-+        return r;
-+}
-+
-+unsigned crypt_luks_vi_get_key_bytes(struct crypt_luks_volume_info *info)
-+{
-+        return info->h.keyBytes;
-+}
-+
-+char *crypt_luks_vi_get_uuid(struct crypt_luks_volume_info *info)
-+{
-+        size_t field_size;
-+        char *r;
-+
-+        field_size = sizeof(info->h.uuid);
-+        r = malloc(field_size + 1);
-+        if (r != NULL) {
-+                memcpy(r, info->h.uuid, field_size);
-+                r[field_size] = '\0';
-+        }
-+        return r;
-+}
-+
-+void crypt_luks_vi_free(struct crypt_luks_volume_info *info)
-+{
-+        free(info);
-+}
-+
- int crypt_isLuks(struct crypt_options *options)
- {
- 	struct luks_phdr hdr;
-Index: luks/keymanage.c
-===================================================================
---- luks/keymanage.c	(revision 62)
-+++ luks/keymanage.c	(working copy)
-@@ -280,6 +280,20 @@
- 	return r;
- }
- 
-+/* Check whether a master key is invalid. */
-+int LUKS_verify_master_key(const struct luks_phdr *hdr,
-+                           const struct luks_masterkey *mk)
-+{
-+	char checkHashBuf[LUKS_DIGESTSIZE];
-+
-+	PBKDF2_HMAC_SHA1(mk->key, mk->keyLength, hdr->mkDigestSalt,
-+                         LUKS_SALTSIZE, hdr->mkDigestIterations, checkHashBuf,
-+                         LUKS_DIGESTSIZE);
-+
-+	return memcmp(checkHashBuf, hdr->mkDigest, LUKS_DIGESTSIZE) == 0
-+                ? 0 : -EPERM;
-+}
-+
- /* Try to open a particular key slot,
- 
-  */
-@@ -295,7 +309,6 @@
- 	char derivedKey[hdr->keyBytes];
- 	char *AfKey;
- 	size_t AFEKSize;
--	char checkHashBuf[LUKS_DIGESTSIZE];
- 	int r;
- 	
- 	if(hdr->keyblock[keyIndex].active != LUKS_KEY_ENABLED) {
-@@ -329,13 +342,8 @@
- 
- 	r = AF_merge(AfKey,mk->key,mk->keyLength,hdr->keyblock[keyIndex].stripes);
- 	if(r < 0) goto out;
--	
--	PBKDF2_HMAC_SHA1(mk->key,mk->keyLength,
--			 hdr->mkDigestSalt,LUKS_SALTSIZE,
--			 hdr->mkDigestIterations,
--			 checkHashBuf,LUKS_DIGESTSIZE);
- 
--	r = (memcmp(checkHashBuf,hdr->mkDigest, LUKS_DIGESTSIZE) == 0)?0:-EPERM;
-+        r = LUKS_verify_master_key(hdr, mk);
- out:
- 	free(AfKey);
- 	return r;
-Index: luks/luks.h
-===================================================================
---- luks/luks.h	(revision 62)
-+++ luks/luks.h	(working copy)
-@@ -124,6 +124,8 @@
- 					struct luks_masterkey **mk,
- 					struct setup_backend *backend);
- 
-+int LUKS_verify_master_key(const struct luks_phdr *hdr,
-+                           const struct luks_masterkey *mk);
- 
- int LUKS_del_key(const char *device, unsigned int keyIndex);
- int LUKS_is_last_keyslot(const char *device, unsigned int keyIndex);

sources

@@ -1,2 +1 @@
-882ec96bef41962a33a24d6ee5821a29  volume_key-0.2.tar.bz2
-0910632173fb960252412bf7342b42fc  cryptsetup-1.0.7-rc1.tar.bz2
+SHA512 (volume_key-0.3.10.tar.xz) = b050d333e021bc3721f5e72c1d2498adea3265afe7f702e1b1e859546755745ac70dcffc194739a4833d4b0b77168506f7fe90fde382d8aab4df2af7b635932b

volume_key-0.2-libblkid-type.patch

@@ -1,17 +0,0 @@
-diff --git a/lib/volume.c b/lib/volume.c
-index 91c9dbc..62fc6ec 100644
---- a/lib/volume.c
-+++ b/lib/volume.c
-@@ -311,7 +311,11 @@ libvk_volume_open (const char *path, GError **error)
-     }
-   vol = g_new (struct libvk_volume, 1);
-   vol->source = VOLUME_SOURCE_LOCAL;
--  vol->format = g_strdup (c);
-+  /* The LUKS type identifier returned by blkid has changed. */
-+  if (strcmp (c, "crypto_LUKS") == 0)
-+    vol->format = g_strdup (LIBVK_VOLUME_FORMAT_LUKS);
-+  else
-+    vol->format = g_strdup (c);
-   free (c);
- 
-   vol->hostname = g_strdup (g_get_host_name ());

volume_key.spec

@@ -2,25 +2,19 @@
 
 Summary: An utility for manipulating storage encryption keys and passphrases
 Name: volume_key
-Version: 0.2
-Release: 3
+Version: 0.3.10
+Release: 2%{?dist}
 License: GPLv2
 Group: Applications/System
-URL: https://fedorahosted.org/volume_key/
-Requires: volume_key-libs = %{version}-%{release}
+URL: https://pagure.io/volume_key/
+Requires: volume_key-libs%{?_isa} = %{version}-%{release}
 
-Source0: https://fedorahosted.org/releases/v/o/volume_key/volume_key-%{version}.tar.bz2
-Source1: http://cryptsetup.googlecode.com/files/cryptsetup-1.0.7-rc1.tar.bz2
-# http://code.google.com/p/cryptsetup/issues/detail?id=15
-Patch0: https://fedorahosted.org/releases/v/o/volume_key/cryptsetup-svn-r62.patch
-Patch1: volume_key-0.2-libblkid-type.patch
-BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
-BuildRequires: gettext-devel, glib2-devel, gnupg, gpgme-devel, libblkid-devel
-BuildRequires: nss-devel, python-devel
-
-# For cryptsetup
-BuildRequires: device-mapper-devel, e2fsprogs-devel, libgcrypt-devel
-BuildRequires: libgpg-error-devel, libselinux-devel, libsepol-devel, popt-devel
+Source0: https://releases.pagure.org/volume_key/volume_key-%{version}.tar.xz
+BuildRequires: gcc
+BuildRequires: cryptsetup-luks-devel, gettext-devel, glib2-devel, /usr/bin/gpg2
+BuildRequires: gpgme-devel, libblkid-devel, nss-devel, python2-devel
+# Needed by %%check:
+BuildRequires: nss-tools
 
 %description
 This package provides a command-line tool for manipulating storage volume
@@ -35,7 +29,7 @@ company data after an employee leaves abruptly.
 %package devel
 Summary: A library for manipulating storage encryption keys and passphrases
 Group: Development/Libraries
-Requires: volume_key-libs = %{version}-%{release}
+Requires: volume_key-libs%{?_isa} = %{version}-%{release}
 
 %description devel
 This package provides libvolume_key, a library for manipulating storage volume
@@ -50,6 +44,7 @@ company data after an employee leaves abruptly.
 %package libs
 Summary: A library for manipulating storage encryption keys and passphrases
 Group: System Environment/Libraries
+Requires: /usr/bin/gpg2
 
 %description libs
 This package provides libvolume_key, a library for manipulating storage volume
@@ -61,12 +56,13 @@ back up can also be useful for extracting data after a hardware or software
 failure that corrupts the header of the encrypted volume, or to access the
 company data after an employee leaves abruptly.
 
-%package -n python-volume_key
+%package -n python2-volume_key
+%{?python_provide:%python_provide python2-volume_key}
 Summary: Python bindings for libvolume_key
 Group: System Environment/Libraries
-Requires: volume_key-libs = %{version}-%{release}
+Requires: volume_key-libs%{?_isa} = %{version}-%{release}
 
-%description -n python-volume_key
+%description -n python2-volume_key
 This package provides Python bindings for libvolume_key, a library for
 manipulating storage volume encryption keys and storing them separately from
 volumes.
@@ -81,62 +77,197 @@ volume_key currently supports only the LUKS volume encryption format.  Support
 for other formats is possible, some formats are planned for future releases.
 
 %prep
-%setup -q -a 1
-%patch1 -p1 -b .libblkid-type
-pushd cryptsetup-1.0.7-rc1
-%patch0 -p0 -b .cs-vk
-popd
+%setup -q
 
 %build
-cryptsetup_root=$(pwd)/cryptsetup-root
-
-pushd cryptsetup-1.0.7-rc1
-%configure --enable-static --disable-shared --with-pic
-make %{?_smp_mflags}
-make install "DESTDIR=$cryptsetup_root"
-popd
-
-%configure "CPPFLAGS=-I$cryptsetup_root"%{_includedir} \
-	"LDFLAGS=-L$cryptsetup_root"%{_libdir} --disable-static
+%configure
 make %{?_smp_mflags}
 
 %install
-rm -rf $RPM_BUILD_ROOT
-
 make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
 
+%check
+make check
+
 %find_lang volume_key
 
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%post libs -p /sbin/ldconfig
-%postun libs -p /sbin/ldconfig
+%ldconfig_scriptlets libs
 
 %files
-%defattr(-,root,root,-)
-%doc README
+%doc README contrib
 %{_bindir}/volume_key
 %{_mandir}/man8/volume_key.8*
 
 %files devel
-%defattr(-,root,root,-)
 %{_includedir}/volume_key
 %exclude %{_libdir}/libvolume_key.la
 %{_libdir}/libvolume_key.so
 
 %files libs -f volume_key.lang
-%defattr(-,root,root,-)
 %doc AUTHORS COPYING ChangeLog NEWS
 %{_libdir}/libvolume_key.so.*
 
-%files -n python-volume_key
-%defattr(-,root,root,-)
+%files -n python2-volume_key
 %exclude %{python_sitearch}/_volume_key.la
-%{python_sitearch}/_volume_key.so
-%{python_sitearch}/volume_key.py*
+%{python2_sitearch}/_volume_key.so
+%{python2_sitearch}/volume_key.py*
 
 %changelog
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.10-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed May 16 2018 Jiri Kucera <jkucera@redhat.com> - 0.3.10-1
+- Update to volume_key-0.3.10
+  Resolves: #1479349, #1517016
+
+* Wed Feb 14 2018 Iryna Shcherbina <ishcherb@redhat.com> - 0.3.9-20
+- Update Python 2 dependency declarations to new packaging standards
+  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.9-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.3.9-18
+- Switch to %%ldconfig_scriptlets
+
+* Tue Nov 7 2017 Miloslav Trmač <mitr@redhat.com> - 0.3.9-17
+- Update for libcryptsetup ABI change
+
+* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.3.9-16
+- Python 2 binary package renamed to python2-volume_key
+  See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.9-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.9-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Mon May 29 2017 Miloslav Trmač <mitr@redhat.com> - 0.3.9-13
+- Point URL: and Source: to the new home at pagure.io
+  Resolves: 1456378
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.9-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Sat Dec 10 2016 Igor Gnatenko <i.gnatenko.brain@gmail.com> - 0.3.9-11
+- Rebuild for gpgme 1.18
+
+* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.9-10
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.3.9-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.9-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Tue Jan 13 2015 Miloslav Trmač <mitr@redhat.com> - 0.3.9-7
+- Don't #include <config.h> in libvolume_key.h
+  Patch by Vratislav Podzimek <vpodzime@redhat.com>.
+
+* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.9-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.9-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.9-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.9-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Nov 22 2012 Miloslav Trmač <mitr@redhat.com> - 0.3.9-2
+- Fix a crash when trying to use passphrase encryption in FIPS mode
+
+* Sat Sep 22 2012 Miloslav Trmač <mitr@redhat.com> - 0.3.9-1
+- Update to volume_key-0.3.9
+
+* Mon Aug  6 2012 Miloslav Trmač <mitr@redhat.com> - 0.3.8-4
+- Use BuildRequires: /usr/bin/gpg instead of gnupg, for compatibility with RHEL
+
+* Mon Jul 23 2012 Miloslav Trmač <mitr@redhat.com> - 0.3.8-3
+- Add Requires: /usr/bin/gpg
+  Resolves: #842074
+
+* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Sat Mar  3 2012 Miloslav Trmač <mitr@redhat.com> - 0.3.8-1
+- Update to volume_key-0.3.8
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.7-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Fri Oct 14 2011 Miloslav Trmač <mitr@redhat.com> - 0.3.7-2
+- Rebuild with newer libcryptsetup
+
+* Wed Aug 24 2011 Miloslav Trmač <mitr@redhat.com> - 0.3.7-1
+- Update to volume_key-0.3.7
+
+* Fri Jun 10 2011 Miloslav Trmač <mitr@redhat.com> - 0.3.6-2
+- Fix a typo
+  Resolves: #712256
+
+* Thu Mar 31 2011 Miloslav Trmač <mitr@redhat.com> - 0.3.6-1
+- Update to volume_key-0.3.6
+
+* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.3.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Fri Feb  4 2011 Miloslav Trmač <mitr@redhat.com> - 0.3.5-2
+- Use %%{?_isa} in Requires:
+
+* Wed Nov 24 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.5-1
+- Update to volume_key-0.3.5
+
+* Mon Oct 18 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.4-4
+- Tell the user if asking for the same passphrase again
+  Resolves: #641111
+- Check certificate file before interacting with the user
+  Resolves: #643897
+
+* Fri Oct  8 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.4-3
+- Make it possible to interrupt password prompts
+  Resolves: #641111
+
+* Wed Sep 29 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.4-2
+- Clarify which block device should be passed as an argument
+  Resolves: #636541
+- Recognize SSL error messages from NSS as well
+  Resolves: #638732
+
+* Fri Aug 27 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.4-1
+- Update to volume_key-0.3.4
+
+* Mon Jul 26 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
+
+* Thu Jul 22 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.3-3
+- Fix build with new gpgme
+
+* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 0.3.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
+
+* Fri Mar 26 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.3-1
+- Update to volume_key-0.3.3
+
+* Thu Mar  4 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.2-1
+- Update to volume_key-0.3.2
+- Drop no longer necessary references to BuildRoot:
+
+* Fri Feb  5 2010 Miloslav Trmač <mitr@redhat.com> - 0.3.1-2
+- Fix a crash when an empty passphrase is provided
+  Resolves: #558410
+
+* Fri Dec 11 2009 Miloslav Trmač <mitr@redhat.com> - 0.3.1-1
+- Update to volume_key-0.3.1.
+
+* Wed Sep 30 2009 Miloslav Trmač <mitr@redhat.com> - 0.3-1
+- Update to volume_key-0.3.
+- Drop bundled libcryptsetup.
+
 * Sat Aug  8 2009 Miloslav Trmač <mitr@redhat.com> - 0.2-3
 - Handle changed "TYPE=crypto_LUKS" from libblkid
 - Preserve file timestamps during installation