%global commit f90a784af5abfff61a45b4057069acb27c0f74e9 %global shortcommit %(c=%{commit}; echo ${c:0:7}) %define debug_package %{nil} Name: cryfs Version: 0.12.0 Release: 0.10.dev.git%{shortcommit}%{?dist} Summary: Cryptographic filesystem for the cloud License: LGPLv3 URL: https://www.cryfs.org/ Source0: https://github.com/cryfs/cryfs/archive/%{commit}/%{name}-%{commit}.tar.gz Source1: settings.yml.zip %if 0%{?rhel} == 7 BuildRequires: cmake cmake3 BuildRequires: devtoolset-11-gcc-c++ devtoolset-11-make devtoolset-11-libstdc++-devel devtoolset-11-elfutils-libelf rh-python38 BuildRequires: perl-Data-Dumper perl-IPC-Cmd perl-Digest-MD5 perl-Digest-SHA %else %if 0%{?fedora} >= 28 || 0%{?rhel} >= 8 BuildRequires: gcc-c++ BuildRequires: cmake BuildRequires: perl libstdc++-static %endif %endif BuildRequires: make git BuildRequires: libcurl-devel BuildRequires: openssl-devel BuildRequires: fuse-devel >= 2.9 %if 0%{?fedora} >= 30 || 0%{?rhel} == 9 BuildRequires: python3 python3-pip python3-setuptools %else %if 0%{?rhel} == 8 BuildRequires: python39 python39-pip python39-setuptools %endif %endif %description CryFS provides a FUSE-based mount that encrypts file contents, file sizes, metadata and directory structure. It uses encrypted same-size blocks to store both the files themselves and the blocks' relations to one another. These blocks are stored as individual files in the base directory, which can then be synchronized to remote storage (using an external tool). %prep %if 0%{?rhel} == 7 scl enable devtoolset-11 rh-python38 -- bash source /opt/rh/devtoolset-11/enable source /opt/rh/rh-python38/enable %endif python3 -m pip install conan==1.62.0 --user %autosetup -n %{name}-%{commit} %build mkdir cmake && cd cmake export PATH=$PATH:/builddir/.local/bin sed -i 's/0+unknown/0.12.0-dev+0.g%{shortcommit}/' ../src/gitversion/versioneer.py %if 0%{?rhel} == 7 scl enable devtoolset-11 rh-python38 -- bash source /opt/rh/devtoolset-11/enable source /opt/rh/rh-python38/enable sed -i 's/missing/all/' ../cmake-utils/DependenciesFromConan.cmake cmake .. -DCMAKE_INSTALL_PREFIX=%{_prefix} -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=off -DCRYFS_UPDATE_CHECKS=off %else %if 0%{?fedora} >=28 || 0%{?rhel} > 7 %if 0%{?fedora} > 39 conan config install /builddir/build/SOURCES/settings.yml.zip %endif cmake .. -DCMAKE_INSTALL_PREFIX=%{_prefix} -DCMAKE_BUILD_TYPE=Release -DBUILD_TESTING=off -DCRYFS_UPDATE_CHECKS=off %endif %endif %{__make} %{?_smp_mflags} %install %make_install -C cmake %files %license LICENSE.txt %doc README.md ChangeLog.txt %{_bindir}/cryfs* %{_mandir}/man1/cryfs.1.gz %{_mandir}/man1/cryfs-unmount.1.gz %changelog * Sat May 11 2024 Alex - 0.12.0-0.10 - Don't resolve symlinks in base dir path (#473) * Thu Jan 25 2024 Alex - 0.12.0-0.9 - Fix build * Thu Aug 10 2023 Alex - 0.12.0-0.7 - Fix an issue when using `-o` atime mount options * Thu Jul 20 2023 Alex - 0.12.0-0.6 - 0.12.0 * Tue Jun 20 2023 Alex - 0.12.0-0.5 - 0.12.0 * Tue Jun 20 2023 Alex - 0.12.0-0.4 - 0.12.0 * Thu Jan 12 2023 Alex - 0.12.0-0.3 - 0.12.0 * Thu Oct 20 2022 Alex - 0.12.0-0.2 - 0.12.0 * Fri Oct 14 2022 Alex - 0.12.0-0.1 - 0.12.0 * Tue Feb 22 2022 Alex - 0.11.2-2 - 0.11.2 * Sun Feb 6 2022 Alex - 0.11.1-4 - Rebuild * Thu Dec 23 2021 Alex - 0.11.1-1 - Updated to DokanY 1.2.2.1001 * Sun Dec 19 2021 Alex - 0.11.1-0.1 - Fix building of the range-v3 dependency. The conan remote URL for this dependency changed and we have to use the new URL. - Update to CryptoPP 8.6. - cryfs-unmount correctly unmounts paths that contain spaces * Sun Aug 22 2021 Alex - 0.11.0 - 0.11.0 * Sat Jul 31 2021 Alex - 0.11.0-0.7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Tue May 4 2021 Alex - 0.11.0-0.6 - Mass Rebuild * Mon Mar 1 2021 Alex - 0.11.0-0.5 - Fixed crash on startup when running in an environment that doesn't have $HOME set (e.g. an empty env), #374 * Wed Sep 2 2020 Alex 0.11.0-0.4 - Security: - Added the XChaCha20-Poly1305 encryption cipher. For new filesystems, this will be the default, but you're still able to create a filesystem with the previous default of AES-256-GCM by saying "no" to the "use default settings?" question when creating the file system. Also, old filesystems will not be automatically converted and will keep using AES-256-GCM. XChaCha20-Poly1305 is significantly slower than AES-256-GCM on modern CPUs, but it is more secure for large filesystems (>64GB). For AES-256-GCM, it is recommended to encrypt at most 2^32 blocks, which at the CryFS default block size of 16KB would be 64GB. The more the filesystem grows above that, the more likely it gets that a nonce gets reused and the two corresponding blocks become decryptable by an adversary. Other blocks would not be affected, but an adversary being able to access those two blocks (i.e. 64KB of the stored data) is bad enough. See Section 8.3 in https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf XChaCha20-Poly1305 does not suffer from this constraint and stays secure even if the filesystem gets very large. - New features: - Noatime reduces the amount of writes necessary and with that reduces the probability of synchronization conflicts, and the probability of corrupted file systems if a power outage happens while writing. * Wed Sep 2 2020 Alex 0.11.0-0.3 - Fixes - The new default is now *noatime* (in 0.10.x is was relatime). Noatime reduces the amount of write necessary and with that reduces the probability for synchronization conflicts or corrupted file systems if a power outage happens while writing. - Add an --immediate flag to cryfs-unmount that tries to unmount immediately and doesn't wait for processes to release their locks on the file system. - Add a --create-missing-basedir and --create-missing-mountpoint flag to create the base directory and mount directory respectively, if they don't exist, skipping the confirmation prompt. * Sat Apr 25 2020 Alex 0.11.0-0.2 - Fix build * Mon Apr 6 2020 Alex 0.11.0 - Update to latest dev ##conan profile update settings.compiler.version=10 default - Add support for atime mount options (noatime, strictatime, relatime, atime, nodiratime). As before, relatime is the default. * Sun Jun 9 2019 Alex 0.10.2 - 0.10.2 * Thu Apr 4 2019 Alex 0.10.1 - 0.10.1 * Sat Feb 9 2019 Alex 0.10.0 - 0.10.0 * Tue Jan 29 2019 Alex 0.10-1.rc3 - 0.10-rc3 * Tue Jan 22 2019 Alex 0.10-0.rc2 - 0.10-rc2 * Tue Apr 03 2018 Jan Pazdziora 0.9.9-1 - Packaging 0.9.9.