sys-fs/cryfs: add 1.0.1

Closes: https://bugs.gentoo.org/946941
Signed-off-by: Alfred Wingate <parona@protonmail.com>
Closes: https://github.com/gentoo/gentoo/pull/40286
Signed-off-by: Sam James <sam@gentoo.org>

3 files changed, 385 insertions, 0 deletions

diff --git a/sys-fs/cryfs/Manifest b/sys-fs/cryfs/Manifest
index 44cb16c6f3c8..1a1b52c4e646 100644
--- a/sys-fs/cryfs/Manifest
+++ b/sys-fs/cryfs/Manifest
@@ -1 +1,2 @@
 DIST cryfs-0.11.4.tar.gz 10420508 BLAKE2B 3b096180f204b90774c2dee5a8bbfa2305fad62fdb86cfa03e802d6a01f3d7a01005c411a16cc3693f2c858e1be9313ba42ab2883daae993220049b34622e391 SHA512 a1aa9377cb0881f08f536f4b2116b27aeef71739e6a1362b209f38f1b54a9ae9e11a2a47ceaa28dcabd74d1ac57f0c92e3d1d8060eabeef4e7efd3d62cc7feea
+DIST cryfs-1.0.1.tar.gz 9527514 BLAKE2B 6bf6d82bcca46e7db1583e997e979fb8977202f24ee113f137f301849c806ffb8120de002e92e1c15040bb5b74a78f7ce535f22c1c59874530c053257031d8fa SHA512 04877832ad155806720fbfe27508ce546dd9dfdd4a44382412152459c24f509e5ae47447b85676acd26df800996893662b74c996da1edd52aa890ddb05cd34db
diff --git a/sys-fs/cryfs/cryfs-1.0.1.ebuild b/sys-fs/cryfs/cryfs-1.0.1.ebuild
new file mode 100644
index 000000000000..b57ab1729115
--- /dev/null
+++ b/sys-fs/cryfs/cryfs-1.0.1.ebuild
@@ -0,0 +1,175 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..13} )
+inherit cmake flag-o-matic linux-info python-any-r1
+
+if [[ ${PV} == 9999 ]] ; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/cryfs/cryfs"
+else
+	SRC_URI="
+		https://github.com/cryfs/cryfs/archive/refs/tags/${PV}.tar.gz
+			-> ${P}.tar.gz
+	"
+	KEYWORDS="~amd64 ~arm64 ~loong ~ppc64 ~riscv ~x86"
+fi
+
+DESCRIPTION="Encrypted FUSE filesystem that conceals metadata"
+HOMEPAGE="https://www.cryfs.org/"
+
+LICENSE="LGPL-3 MIT"
+SLOT="0"
+IUSE="test"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	dev-libs/boost:=
+	dev-libs/crypto++:=
+	dev-libs/libfmt:=
+	dev-libs/spdlog:=
+	>=sys-fs/fuse-2.8.6:0
+"
+DEPEND="
+	${RDEPEND}
+	dev-cpp/range-v3
+	net-misc/curl
+	test? (
+		dev-cpp/gtest
+	)
+"
+BDEPEND="
+	${PYTHON_DEPS}
+	virtual/pkgconfig
+	$(python_gen_any_dep '
+		dev-python/versioneer[${PYTHON_USEDEP}]
+	')
+"
+
+PATCHES=(
+	# TODO: upstream:
+	"${FILESDIR}"/cryfs-1.0.1-unbundle-vendored-libs.patch
+)
+
+python_check_deps() {
+	python_has_version "dev-python/versioneer[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+	local CONFIG_CHECK="~FUSE_FS"
+	local WARNING_FUSE_FS="CONFIG_FUSE_FS is required for cryfs support."
+
+	check_extra_config
+	python-any-r1_pkg_setup
+}
+
+src_prepare() {
+	cmake_src_prepare
+
+	# don't install compressed manpage
+	cmake_comment_add_subdirectory doc
+
+	# We use the package instead for >=py3.12 compat, bug #908997
+	rm src/gitversion/versioneer.py || die
+
+	# Hook up ctest properly for better maintainer quality of life
+	sed -i -e '/option(BUILD_TESTING/aenable_testing()' CMakeLists.txt || die
+	sed -i -e '/BUILD_TESTING/a  include(GoogleTest)' test/CMakeLists.txt || die
+	sed -i -e 's/add_test/gtest_discover_tests/' test/*/CMakeLists.txt || die
+}
+
+src_configure() {
+	# ODR violations (bug #880563)
+	# ./CMakeLists.txt
+	# """
+	# We don't use LTO because crypto++ has problems with it,
+	# see https://github.com/weidai11/cryptopp/issues/1031 and
+	# https://www.cryptopp.com/wiki/Link_Time_Optimization
+	# """
+	filter-lto
+
+	local mycmakeargs=(
+		# Upstream inconsistently specifies their libraries as STATIC
+		# Leading to issues when static libraries without PIC are linked
+		# with PIC shared libraries.
+		-DBUILD_SHARED_LIBS=OFF
+		-DBUILD_TESTING=$(usex test)
+		-DCRYFS_UPDATE_CHECKS=OFF
+		-DUSE_SYSTEM_LIBS=ON
+	)
+
+	append-cppflags -DNDEBUG
+
+	# bug 907096
+	use elibc_musl && append-flags -D_LARGEFILE64_SOURCE
+
+	cmake_src_configure
+}
+
+src_test() {
+	local TMPDIR="${T}"
+
+	local CMAKE_SKIP_TESTS=(
+		# Cannot test mounting filesystems in sandbox
+		# Filesystem did not call onMounted callback, probably wasn't successfully mounted.
+		# bug #808849
+		CliTest.WorksWithCommasInBasedir
+		CliTest_IntegrityCheck.givenIncorrectFilesystemId_thenFails
+		CliTest_IntegrityCheck.givenIncorrectFilesystemKey_thenFails
+		CliTest_Setup.AutocreateBasedir
+		CliTest_Setup.AutocreateMountpoint
+		CliTest_Setup.ConfigfileGiven
+		CliTest_Setup.ExistingLogfileGiven
+		CliTest_Setup.NoSpecialOptions
+		CliTest_Setup.NotexistingLogfileGiven
+		CliTest_Unmount.givenMountedFilesystem_whenUnmounting_thenSucceeds
+		RunningInForeground/CliTest_WrongEnvironment.BaseDir_AllPermissions
+		RunningInForeground/CliTest_WrongEnvironment.BaseDir_DoesntExist_Create
+		RunningInForeground/CliTest_WrongEnvironment.MountDir_AllPermissions
+		RunningInForeground/CliTest_WrongEnvironment.MountDir_DoesntExist_Create
+		RunningInForeground/CliTest_WrongEnvironment.NoErrorCondition
+		RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.BaseDir_AllPermissions
+		RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.BaseDir_DoesntExist_Create
+		RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.MountDir_AllPermissions
+		RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.MountDir_DoesntExist_Create
+		RunningInForeground_ExternalConfigfile/CliTest_WrongEnvironment.NoErrorCondition
+		RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.BaseDir_AllPermissions
+		RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.BaseDir_DoesntExist_Create
+		RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.MountDir_AllPermissions
+		RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.MountDir_DoesntExist_Create
+		RunningInForeground_ExternalConfigfile_LogIsNotStderr/CliTest_WrongEnvironment.NoErrorCondition
+		RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.BaseDir_AllPermissions
+		RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.BaseDir_DoesntExist_Create
+		RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.MountDir_AllPermissions
+		RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.MountDir_DoesntExist_Create
+		RunningInForeground_LogIsNotStderr/CliTest_WrongEnvironment.NoErrorCondition
+		# Filesystem did not call onMounted callback, probably wasn't successfully mounted.
+		# fuse: failed to open /dev/fuse: Permission denied
+		CliTest_IntegrityCheck.givenFilesystemWithRolledBackBasedir_whenMounting_thenFails
+		CliTest_IntegrityCheck.whenRollingBackBasedirWhileMounted_thenUnmounts
+		# Tests that hang due to being unable to open fuse
+		# bug #699044
+		# fuse: failed to open /dev/fuse: Permission denied
+		Fuse*
+	)
+
+	cmake_src_test
+}
+
+src_install() {
+	cmake_src_install
+	doman doc/man/cryfs.1
+	doman doc/man/cryfs-unmount.1
+}
+
+pkg_postinst() {
+	if ver_test "${REPLACING_VERSIONS}" -lt 1.0.0; then
+		elog "Filesystems created with CryFS 0.11.x and CryFS 1.0.0 are fully compatible with each other."
+		elog "This means filesystems created with 0.10.x or 0.11.x can be mounted without requiring a migration."
+		elog "Filesystems created with 1.0.0 or 0.11.x can be mounted by CryFS 0.10.x,"
+		elog "but only if you configure it to use a cipher supported by CryFS 0.10.x, e.g. AES-256-GCM."
+		elog "The new default, XChaCha20-Poly1305, is not supported by CryFS 0.10.x."
+	fi
+}
diff --git a/sys-fs/cryfs/files/cryfs-1.0.1-unbundle-vendored-libs.patch b/sys-fs/cryfs/files/cryfs-1.0.1-unbundle-vendored-libs.patch
new file mode 100644
index 000000000000..bfb5d4975290
--- /dev/null
+++ b/sys-fs/cryfs/files/cryfs-1.0.1-unbundle-vendored-libs.patch
@@ -0,0 +1,209 @@
+From a1973df742bbdac335b28786f4d429e522bcf411 Mon Sep 17 00:00:00 2001
+From: Alfred Wingate <parona@protonmail.com>
+Date: Mon, 3 Jun 2024 15:05:01 +0300
+Subject: [PATCH] Add USE_SYSTEM_LIBS option to build without bundled libs
+
+* Based on a patch by Andreas Sturmlechner.
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -16,6 +16,7 @@ require_clang_version(7.0)
+ option(BUILD_TESTING "build test cases" OFF)
+ option(CRYFS_UPDATE_CHECKS "let cryfs check for updates and security vulnerabilities" ON)
+ option(DISABLE_OPENMP "allow building without OpenMP libraries. This will cause performance degradations." OFF)
++option(USE_SYSTEM_LIBS "build with system libs instead of bundled libs" OFF)
+ 
+ # The following options are helpful for development and/or CI
+ option(USE_WERROR "build with -Werror flag")
+@@ -41,7 +42,15 @@ endif()
+ 
+ include(cmake-utils/Dependencies.cmake)
+ 
+-add_subdirectory(vendor EXCLUDE_FROM_ALL)
++if(USE_SYSTEM_LIBS)
++    include(FindPkgConfig)
++    pkg_check_modules(CRYPTOPP REQUIRED IMPORTED_TARGET libcryptopp>=8.9)
++    add_library(cryfs_vendor_cryptopp ALIAS PkgConfig::CRYPTOPP)
++    add_definitions(-DUSE_SYSTEM_LIBS)
++else()
++    add_subdirectory(vendor EXCLUDE_FROM_ALL)
++endif()
++
+ add_subdirectory(src)
+ add_subdirectory(doc)
+ add_subdirectory(test)
+--- a/src/blockstore/implementations/compressing/compressors/Gzip.cpp
++++ b/src/blockstore/implementations/compressing/compressors/Gzip.cpp
+@@ -1,5 +1,9 @@
+ #include "Gzip.h"
++#if defined(USE_SYSTEM_LIBS)
++#include <cryptopp/gzip.h>
++#else
+ #include <vendor_cryptopp/gzip.h>
++#endif
+ 
+ using cpputils::Data;
+ 
+--- a/src/cpp-utils/crypto/hash/Hash.cpp
++++ b/src/cpp-utils/crypto/hash/Hash.cpp
+@@ -1,6 +1,10 @@
+ #include "Hash.h"
+ #include <cpp-utils/random/Random.h>
++#if defined(USE_SYSTEM_LIBS)
++#include <cryptopp/sha.h>
++#else
+ #include <vendor_cryptopp/sha.h>
++#endif
+ 
+ using CryptoPP::SHA512;
+ 
+--- a/src/cpp-utils/crypto/kdf/Scrypt.cpp
++++ b/src/cpp-utils/crypto/kdf/Scrypt.cpp
+@@ -1,5 +1,9 @@
+ #include "Scrypt.h"
++#if defined(USE_SYSTEM_LIBS)
++#include <cryptopp/scrypt.h>
++#else
+ #include <vendor_cryptopp/scrypt.h>
++#endif
+ 
+ using std::string;
+ 
+--- a/src/cpp-utils/crypto/symmetric/CFB_Cipher.h
++++ b/src/cpp-utils/crypto/symmetric/CFB_Cipher.h
+@@ -6,7 +6,11 @@
+ #include "../../data/Data.h"
+ #include "../../random/Random.h"
+ #include <boost/optional.hpp>
++#if defined(USE_SYSTEM_LIBS)
++#include <cryptopp/modes.h>
++#else
+ #include <vendor_cryptopp/modes.h>
++#endif
+ #include "Cipher.h"
+ #include "EncryptionKey.h"
+ 
+--- a/src/cpp-utils/crypto/symmetric/GCM_Cipher.h
++++ b/src/cpp-utils/crypto/symmetric/GCM_Cipher.h
+@@ -3,7 +3,12 @@
+ #define MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_GCMCIPHER_H_
+ 
+ #include "AEAD_Cipher.h"
++
++#if defined(USE_SYSTEM_LIBS)
++#include <cryptopp/gcm.h>
++#else
+ #include <vendor_cryptopp/gcm.h>
++#endif
+ 
+ namespace cpputils {
+ 
+--- a/src/cpp-utils/crypto/symmetric/ciphers.h
++++ b/src/cpp-utils/crypto/symmetric/ciphers.h
+@@ -2,12 +2,21 @@
+ #ifndef MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_CIPHERS_H_
+ #define MESSMER_CPPUTILS_CRYPTO_SYMMETRIC_CIPHERS_H_
+ 
++#if defined(USE_SYSTEM_LIBS)
++#include <cryptopp/aes.h>
++#include <cryptopp/twofish.h>
++#include <cryptopp/serpent.h>
++#include <cryptopp/cast.h>
++#include <cryptopp/mars.h>
++#include <cryptopp/chachapoly.h>
++#else
+ #include <vendor_cryptopp/aes.h>
+ #include <vendor_cryptopp/twofish.h>
+ #include <vendor_cryptopp/serpent.h>
+ #include <vendor_cryptopp/cast.h>
+ #include <vendor_cryptopp/mars.h>
+ #include <vendor_cryptopp/chachapoly.h>
++#endif
+ #include "GCM_Cipher.h"
+ #include "CFB_Cipher.h"
+ 
+--- a/src/cpp-utils/data/Data.cpp
++++ b/src/cpp-utils/data/Data.cpp
+@@ -1,6 +1,10 @@
+ #include "Data.h"
+ #include <stdexcept>
++#if defined(USE_SYSTEM_LIBS)
++#include <cryptopp/hex.h>
++#else
+ #include <vendor_cryptopp/hex.h>
++#endif
+ 
+ using std::istream;
+ using std::ofstream;
+--- a/src/cpp-utils/data/FixedSizeData.h
++++ b/src/cpp-utils/data/FixedSizeData.h
+@@ -2,7 +2,11 @@
+ #ifndef MESSMER_CPPUTILS_DATA_FIXEDSIZEDATA_H_
+ #define MESSMER_CPPUTILS_DATA_FIXEDSIZEDATA_H_
+ 
++#if defined(USE_SYSTEM_LIBS)
++#include <cryptopp/hex.h>
++#else
+ #include <vendor_cryptopp/hex.h>
++#endif
+ #include <string>
+ #include <array>
+ #include <cstring>
+--- a/src/cpp-utils/random/OSRandomGenerator.h
++++ b/src/cpp-utils/random/OSRandomGenerator.h
+@@ -3,7 +3,11 @@
+ #define MESSMER_CPPUTILS_RANDOM_OSRANDOMGENERATOR_H
+ 
+ #include "RandomGenerator.h"
++#if defined(USE_SYSTEM_LIBS)
++#include <cryptopp/osrng.h>
++#else
+ #include <vendor_cryptopp/osrng.h>
++#endif
+ 
+ namespace cpputils {
+     class OSRandomGenerator final : public RandomGenerator {
+--- a/src/cpp-utils/random/RandomGeneratorThread.h
++++ b/src/cpp-utils/random/RandomGeneratorThread.h
+@@ -4,7 +4,11 @@
+ 
+ #include "../thread/LoopThread.h"
+ #include "ThreadsafeRandomDataBuffer.h"
++#if defined(USE_SYSTEM_LIBS)
++#include <cryptopp/osrng.h>
++#else
+ #include <vendor_cryptopp/osrng.h>
++#endif
+ 
+ namespace cpputils {
+     //TODO Test
+--- a/src/cryfs/impl/localstate/BasedirMetadata.cpp
++++ b/src/cryfs/impl/localstate/BasedirMetadata.cpp
+@@ -1,7 +1,11 @@
+ #include "BasedirMetadata.h"
+ #include <boost/property_tree/ptree.hpp>
+ #include <boost/property_tree/json_parser.hpp>
++#if defined(USE_SYSTEM_LIBS)
++#include <cryptopp/sha.h>
++#else
+ #include <vendor_cryptopp/sha.h>
++#endif
+ #include <boost/filesystem/operations.hpp>
+ #include "LocalStateDir.h"
+ #include <cpp-utils/logging/logging.h>
+--- a/test/cryfs/impl/config/CompatibilityTest.cpp
++++ b/test/cryfs/impl/config/CompatibilityTest.cpp
+@@ -2,7 +2,11 @@
+ #include <vector>
+ #include <boost/filesystem.hpp>
+ #include <cpp-utils/data/Data.h>
++#if defined(USE_SYSTEM_LIBS)
++#include <cryptopp/hex.h>
++#else
+ #include <vendor_cryptopp/hex.h>
++#endif
+ #include <cpp-utils/crypto/symmetric/ciphers.h>
+ #include <cpp-utils/tempfile/TempFile.h>
+ #include <cryfs/impl/config/CryConfigFile.h>
+-- 
+2.48.0
+