cryptctl-2.4-4.5.1 RPM for ppc64le

From OpenSuSE Leap 15.6 for ppc64le

A disk encryption utility that helps setting up LUKS-based disk encryption using
randomly generated keys, and keep all keys on a dedicated key server.

Provides

• cryptctl
• config(cryptctl)
• cryptctl(ppc-64)

Requires

• /bin/sh
• /bin/sh
• /bin/sh
• /bin/sh
• btrfsprogs
• config(cryptctl) = 2.4-4.5.1
• cryptsetup
• e2fsprogs
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libpthread.so.0()(64bit)
• libpthread.so.0(GLIBC_2.17)(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsXz) <= 5.2-1
• rsync
• systemd
• systemd
• systemd
• systemd
• util-linux
• xfsprogs

License

GPL-3.0

Changelog

* Fri Jun 11 2021 varkoly@suse.com
  - Update to version 2.4:
    * (bsc#1186226) - (CVE-2019-18906) client side password hashing is equivalent to clear text password storage
    * Fix authentication on all places.
    * Fix sysconfig variable name.
    * First step to use plain text password instead of hashed password.
    * Move repository into the SUSE github organization
    * decorate readme with more usage instructions
    * in RPC server, if client comes from localhost, remember its ipv4 localhost address instead of ipv6 address
    * Test clear expired commands in TestDB_UpdateSeenFlag
    * tell a record to clear expired pending commands upon saving a command result; introduce pending commands RPC test case
    * avoid hard coding 127.0.0.1 in host ID of alive message test; let system administrator mount and unmount disks by issuing these two commands on key server.
* Thu Nov 23 2017 rbrown@suse.com
  - Replace references to /var/adm/fillup-templates with new
    %_fillupdir macro (boo#1069468)
* Mon Oct 23 2017 hguo@suse.com
  - Add previously missing systemd service cryptctl-client.service
    into RPM content, continue with bsc#1056082.
* Mon Aug 28 2017 hguo@suse.com
  - Upgrade to upstream release 2.3 that brings a new feature to allow
    system administrators to issue mount/umount commands to client
    computers via key server. (bsc#1056082)
* Wed Jun 07 2017 hguo@suse.com
  - Upgrade to upstream release 2.2 that brings important enhancements
    in effort of implementing fate#322979:
    * System administrator may now optionally turn off TLS certificate
      verification on KMIP server. Note that, certificate verification
      is enforced by default.
    * Improve handling of boolean answers from interactive command line.
    * Improve error handling in KMIP client.
* Thu Jun 01 2017 hguo@suse.com
  - Upgrade to upstream release 2.1 that brings important enhancements
    in effort of implementing fate#322979:
    * Improve KMIP compatibility with key prefix names and proper
      serialisation of authentication header.
    * Fail over KMIP connection using a server list.
    * Destroy key on KMIP after its tracking record is erased from DB.
* Thu May 11 2017 hguo@suse.com
  - Upgrade to upstream release 2.0 that brings a protocol evolution
    together with several new features:
    * Optionally utilise an external KMIP-v1.3 compatible service to
      store actual encryption key.
    * Optionally verify client identity before serving its key requests.
    * Password is hashed before transmitting over TLS-secured channel.
    * Fix an issue that previously allowed a malicious administrator
      to craft RPC request to overwrite files outside of key database.
    Implemented accordint to fate#322979 and fate#322293.
* Fri Apr 28 2017 hguo@suse.com
  - Upgrade to 1.99pre that introduces a library for decoding, encoding,
    and serialisation operations of KMIP v1.3 for fate#322979.
* Wed Nov 16 2016 hguo@suse.com
  - Upgrade to 1.2.6 for accumulated bug fixes (bsc#1006219):
    * Prevent user from attempting to encrypt a disk with mounted
      partitions, or an existing encrypted+opened disk.
    * Ensure CA path input is an absolute path.
    * Fix two mistakes in handling of timeout input.
    * Fix minor formatting issue in manual page.
    * Suppress consecutive failure messages in the journal of
      ReportAlive and AutoOnlineUnlockFS routines.
* Fri Sep 16 2016 hguo@suse.com
  - Implement mandatory enhancements:
    * Do not allow encrypting a remote file system.
    * Implement command for erasing an encrypted file system.
  - Bump version to 1.2.5 for fate#320367.
* Fri Sep 02 2016 hguo@suse.com
  - Implement mandatory enhancements:
    * Make workflow across all sub-commands consistent in invocation
      style.
    * Implement auto-unlocking of encrypted disks.
    * Show key record usage and details on demand.
  - Bump version to 1.2.4 for fate#320367.
* Thu Aug 18 2016 hguo@suse.com
  - Implement mandatory enhancements:
    * Remove necessity for a backup directory to be involved for
      encryption routine.
    * Optimise certificate generation prompts.
    * Remove unused error messages and fix several of their typos.
    * Remove unnecessary safety checks.
    * Make the encryption routine work with btrfs and LVM.
  - Bump version to 1.2.3 fate#320367.
* Wed Aug 03 2016 hguo@suse.com
  - Upon request, generate a self-signed TLS certificate for
    experimental purposes.
  - Bump version to 1.2.2 fate#320367.
* Mon Aug 01 2016 hguo@suse.com
  - Implement mandatory features:
    * Encrypt empty directory skips backup steps.
    * Explain key revocation and TLS mechanisms in manual page.
  - Bump version to 1.2.1 fate#320367.
* Mon Jul 11 2016 hguo@suse.com
  - Implement mandatory features:
    * List and edit key records
    * Unlock file system via key record file
    * Use custom options to mount unlocked file system
    Enhance usability:
    * Make encryption procedure's pre-check more thorough
    * Improve overall command prompts
  - Bump version to 1.2 fate#320367.
* Fri Jul 01 2016 hguo@suse.com
  - A preview version with most of the desired functions implemented:
    * Key database
    * Key RPC server
    * Client encryption and decryption routines
    Bump version to 1.1
    fate#320367.
* Wed Jun 08 2016 hguo@suse.com
  - First version, only to help with building ISOs.
    Implement fate#320367.

Files

/etc/cryptctl
/etc/cryptctl/servertls
/usr/lib/systemd/system/cryptctl-auto-unlock@.service
/usr/lib/systemd/system/cryptctl-client.service
/usr/lib/systemd/system/cryptctl-server.service
/usr/lib/udev/rules.d/99-cryptctl-auto-unlock.rules
/usr/sbin/cryptctl
/usr/sbin/rccryptctl-server
/usr/share/doc/packages/cryptctl
/usr/share/doc/packages/cryptctl/LICENSE
/usr/share/fillup-templates/sysconfig.cryptctl-client
/usr/share/fillup-templates/sysconfig.cryptctl-server
/usr/share/man/man8/cryptctl.8.gz
/var/lib/cryptctl

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 9 19:51:39 2024