forked from pool/cryptsetup
This commit is contained in:
parent
0b5bee0363
commit
86719c7d6c
@ -0,0 +1,26 @@
|
|||||||
|
From 637619ff183804b4f654a3c5810aea2bb8ce9ba3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
Date: Thu, 29 Nov 2007 13:18:23 +0100
|
||||||
|
Subject: [PATCH] cryptsetup: the device parameter of LUKS_device_ready should be const
|
||||||
|
|
||||||
|
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
---
|
||||||
|
luks/keymanage.c | 2 +-
|
||||||
|
1 files changed, 1 insertions(+), 1 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/luks/keymanage.c b/luks/keymanage.c
|
||||||
|
index 915a0f2..91ff688 100644
|
||||||
|
--- a/luks/keymanage.c
|
||||||
|
+++ b/luks/keymanage.c
|
||||||
|
@@ -466,7 +466,7 @@ int LUKS_benchmarkt_iterations()
|
||||||
|
return PBKDF2_performance_check()/2;
|
||||||
|
}
|
||||||
|
|
||||||
|
-int LUKS_device_ready(char *device, int mode)
|
||||||
|
+int LUKS_device_ready(const char *device, int mode)
|
||||||
|
{
|
||||||
|
int devfd = open(device, mode | O_DIRECT | O_SYNC);
|
||||||
|
if(devfd < 0) {
|
||||||
|
--
|
||||||
|
1.5.3.4
|
||||||
|
|
26
0002-cryptsetup-logger-function-should-return-void.diff
Normal file
26
0002-cryptsetup-logger-function-should-return-void.diff
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
From 32f038fe704a069444e5b71d6b195795b917016a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
Date: Thu, 29 Nov 2007 13:21:23 +0100
|
||||||
|
Subject: [PATCH] cryptsetup: logger function should return void
|
||||||
|
|
||||||
|
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
---
|
||||||
|
lib/setup.c | 2 +-
|
||||||
|
1 files changed, 1 insertions(+), 1 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/setup.c b/lib/setup.c
|
||||||
|
index 9e8c810..032d90e 100644
|
||||||
|
--- a/lib/setup.c
|
||||||
|
+++ b/lib/setup.c
|
||||||
|
@@ -26,7 +26,7 @@ static char *default_backend = NULL;
|
||||||
|
|
||||||
|
#define at_least_one(a) ({ __typeof__(a) __at_least_one=(a); (__at_least_one)?__at_least_one:1; })
|
||||||
|
|
||||||
|
-static int logger(struct crypt_options *options, int class, char *format, ...) {
|
||||||
|
+static void logger(struct crypt_options *options, int class, char *format, ...) {
|
||||||
|
va_list argp;
|
||||||
|
char *target;
|
||||||
|
|
||||||
|
--
|
||||||
|
1.5.3.4
|
||||||
|
|
38
0003-cryptsetup-fix-implicit-function-declarations.diff
Normal file
38
0003-cryptsetup-fix-implicit-function-declarations.diff
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
From 557a4f778b227b63b7095e2910bb6911ed2b040c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
Date: Thu, 29 Nov 2007 10:35:19 +0100
|
||||||
|
Subject: [PATCH] cryptsetup: fix implicit function declarations
|
||||||
|
|
||||||
|
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
||||||
|
---
|
||||||
|
lib/libcryptsetup.h | 3 ++-
|
||||||
|
luks/luks.h | 1 +
|
||||||
|
2 files changed, 3 insertions(+), 1 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h
|
||||||
|
index fad14d1..e2db46a 100644
|
||||||
|
--- a/lib/libcryptsetup.h
|
||||||
|
+++ b/lib/libcryptsetup.h
|
||||||
|
@@ -53,7 +53,8 @@ int crypt_query_device(struct crypt_options *options);
|
||||||
|
int crypt_remove_device(struct crypt_options *options);
|
||||||
|
int crypt_luksFormat(struct crypt_options *options);
|
||||||
|
int crypt_luksOpen(struct crypt_options *options);
|
||||||
|
-int crypt_luksDelKey(struct crypt_options *options);
|
||||||
|
+int crypt_luksKillSlot(struct crypt_options *options);
|
||||||
|
+int crypt_luksRemoveKey(struct crypt_options *options);
|
||||||
|
int crypt_luksAddKey(struct crypt_options *options);
|
||||||
|
int crypt_luksUUID(struct crypt_options *options);
|
||||||
|
int crypt_isLuks(struct crypt_options *options);
|
||||||
|
diff --git a/luks/luks.h b/luks/luks.h
|
||||||
|
index ac9fe74..17f7b08 100644
|
||||||
|
--- a/luks/luks.h
|
||||||
|
+++ b/luks/luks.h
|
||||||
|
@@ -132,4 +132,5 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
|
||||||
|
char *key, size_t keyLength,
|
||||||
|
const char *device,
|
||||||
|
unsigned int sector, struct setup_backend *backend);
|
||||||
|
+int LUKS_device_ready(const char *device, int mode);
|
||||||
|
#endif
|
||||||
|
--
|
||||||
|
1.5.3.4
|
||||||
|
|
@ -1,38 +0,0 @@
|
|||||||
|
|
||||||
|
|
||||||
From: Matthias Koenig <mkoenig@suse.de>
|
|
||||||
|
|
||||||
|
|
||||||
---
|
|
||||||
|
|
||||||
lib/libdevmapper.c | 10 ++++++++++
|
|
||||||
1 files changed, 10 insertions(+), 0 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
|
|
||||||
index 676064a..f18b7a1 100644
|
|
||||||
--- a/lib/libdevmapper.c
|
|
||||||
+++ b/lib/libdevmapper.c
|
|
||||||
@@ -18,6 +18,13 @@
|
|
||||||
|
|
||||||
#define CRYPT_TARGET "crypt"
|
|
||||||
|
|
||||||
+#define UDEVSETTLE "/sbin/udevsettle"
|
|
||||||
+
|
|
||||||
+static void run_udevsettle(void)
|
|
||||||
+{
|
|
||||||
+ system(UDEVSETTLE);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static void set_dm_error(int level, const char *file, int line,
|
|
||||||
const char *f, ...)
|
|
||||||
{
|
|
||||||
@@ -184,6 +191,9 @@ static int dm_create_device(int reload, struct crypt_options *options,
|
|
||||||
if (dmi.read_only)
|
|
||||||
options->flags |= CRYPT_FLAG_READONLY;
|
|
||||||
|
|
||||||
+ /* run udevsettle to avoid problems with busy dm devices */
|
|
||||||
+ run_udevsettle();
|
|
||||||
+
|
|
||||||
r = 0;
|
|
||||||
|
|
||||||
out:
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:87b342eb6ba641e694121e40a7aff3ac86df642f5450c047958b1e92cb215510
|
|
||||||
size 415998
|
|
3
cryptsetup-1.0.5_SVNr38.tar.bz2
Normal file
3
cryptsetup-1.0.5_SVNr38.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:76390d49112cf35b6d6ea289bb1760ded416dfaf133edb131d6548e6d2d5be41
|
||||||
|
size 416976
|
@ -1,159 +0,0 @@
|
|||||||
fix implicit function declarations
|
|
||||||
|
|
||||||
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
|
||||||
|
|
||||||
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
|
||||||
---
|
|
||||||
|
|
||||||
lib/internal.h | 13 +++++++++++++
|
|
||||||
lib/libcryptsetup.h | 5 ++++-
|
|
||||||
lib/utils.c | 1 +
|
|
||||||
luks/af.c | 1 +
|
|
||||||
luks/keyencryption.c | 6 ------
|
|
||||||
luks/keymanage.c | 10 ----------
|
|
||||||
luks/luks.h | 1 +
|
|
||||||
src/cryptsetup.c | 4 ++++
|
|
||||||
8 files changed, 24 insertions(+), 17 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/internal.h b/lib/internal.h
|
|
||||||
index 8877c01..7a7354e 100644
|
|
||||||
--- a/lib/internal.h
|
|
||||||
+++ b/lib/internal.h
|
|
||||||
@@ -62,6 +62,9 @@ int hash(const char *backend_name, const char *hash_name,
|
|
||||||
struct setup_backend *get_setup_backend(const char *name);
|
|
||||||
void put_setup_backend(struct setup_backend *backend);
|
|
||||||
|
|
||||||
+void hexprint(char *d, int n);
|
|
||||||
+
|
|
||||||
+int sector_size_for_device(const char *device);
|
|
||||||
ssize_t write_blockwise(int fd, const void *buf, size_t count);
|
|
||||||
ssize_t read_blockwise(int fd, void *_buf, size_t count);
|
|
||||||
ssize_t write_lseek_blockwise(int fd, const char *buf, size_t count, off_t offset);
|
|
||||||
@@ -69,4 +72,14 @@ ssize_t write_lseek_blockwise(int fd, const char *buf, size_t count, off_t offse
|
|
||||||
|
|
||||||
int get_key(char *prompt, char **key, int *passLen, int key_size, const char *key_file, int passphrase_fd, int timeout, int how2verify);
|
|
||||||
|
|
||||||
+#define div_round_up(a,b) ({ \
|
|
||||||
+ typeof(a) __a = (a); \
|
|
||||||
+ typeof(b) __b = (b); \
|
|
||||||
+ (__a - 1) / __b + 1; \
|
|
||||||
+})
|
|
||||||
+
|
|
||||||
+static inline int round_up_modulo(int x, int m) {
|
|
||||||
+ return div_round_up(x, m) * m;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
#endif /* INTERNAL_H */
|
|
||||||
diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h
|
|
||||||
index 53846ef..69b9ba4 100644
|
|
||||||
--- a/lib/libcryptsetup.h
|
|
||||||
+++ b/lib/libcryptsetup.h
|
|
||||||
@@ -53,10 +53,13 @@ int crypt_query_device(struct crypt_options *options);
|
|
||||||
int crypt_remove_device(struct crypt_options *options);
|
|
||||||
int crypt_luksInit(struct crypt_options *options);
|
|
||||||
int crypt_luksOpen(struct crypt_options *options);
|
|
||||||
-int crypt_luksDelKey(struct crypt_options *options);
|
|
||||||
+int crypt_luksKillSlot(struct crypt_options *options);
|
|
||||||
+int crypt_luksRemoveKey(struct crypt_options *options);
|
|
||||||
int crypt_luksAddKey(struct crypt_options *options);
|
|
||||||
int crypt_luksUUID(struct crypt_options *options);
|
|
||||||
int crypt_isLuks(struct crypt_options *options);
|
|
||||||
+int crypt_luksFormat(struct crypt_options *options);
|
|
||||||
+int crypt_luksDump(struct crypt_options *options);
|
|
||||||
|
|
||||||
void crypt_get_error(char *buf, size_t size);
|
|
||||||
void crypt_put_options(struct crypt_options *options);
|
|
||||||
diff --git a/lib/utils.c b/lib/utils.c
|
|
||||||
index 23ddae1..718d418 100644
|
|
||||||
--- a/lib/utils.c
|
|
||||||
+++ b/lib/utils.c
|
|
||||||
@@ -9,6 +9,7 @@
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/stat.h>
|
|
||||||
+#include <sys/ioctl.h>
|
|
||||||
#include <fcntl.h>
|
|
||||||
#include <termios.h>
|
|
||||||
|
|
||||||
diff --git a/luks/af.c b/luks/af.c
|
|
||||||
index 7166669..66c4861 100644
|
|
||||||
--- a/luks/af.c
|
|
||||||
+++ b/luks/af.c
|
|
||||||
@@ -30,6 +30,7 @@
|
|
||||||
#include <errno.h>
|
|
||||||
#include "sha1.h"
|
|
||||||
#include "XORblock.h"
|
|
||||||
+#include "random.h"
|
|
||||||
|
|
||||||
/* diffuse: Information spreading over the whole dataset with
|
|
||||||
* the help of sha512.
|
|
||||||
diff --git a/luks/keyencryption.c b/luks/keyencryption.c
|
|
||||||
index f154a01..b09aa83 100644
|
|
||||||
--- a/luks/keyencryption.c
|
|
||||||
+++ b/luks/keyencryption.c
|
|
||||||
@@ -35,12 +35,6 @@
|
|
||||||
#include "../lib/internal.h"
|
|
||||||
#include "../lib/blockdev.h"
|
|
||||||
|
|
||||||
-#define div_round_up(a,b) ({ \
|
|
||||||
- typeof(a) __a = (a); \
|
|
||||||
- typeof(b) __b = (b); \
|
|
||||||
- (__a - 1) / __b + 1; \
|
|
||||||
-})
|
|
||||||
-
|
|
||||||
static int setup_mapping(const char *cipher, const char *name,
|
|
||||||
const char *device, unsigned int payloadOffset,
|
|
||||||
const char *key, size_t keyLength,
|
|
||||||
diff --git a/luks/keymanage.c b/luks/keymanage.c
|
|
||||||
index 77d8414..81929cd 100644
|
|
||||||
--- a/luks/keymanage.c
|
|
||||||
+++ b/luks/keymanage.c
|
|
||||||
@@ -37,16 +37,6 @@
|
|
||||||
#include <uuid/uuid.h>
|
|
||||||
#include <../lib/internal.h>
|
|
||||||
|
|
||||||
-#define div_round_up(a,b) ({ \
|
|
||||||
- typeof(a) __a = (a); \
|
|
||||||
- typeof(b) __b = (b); \
|
|
||||||
- (__a - 1) / __b + 1; \
|
|
||||||
-})
|
|
||||||
-
|
|
||||||
-inline int round_up_modulo(int x, int m) {
|
|
||||||
- return div_round_up(x, m) * m;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
struct luks_masterkey *LUKS_alloc_masterkey(int keylength)
|
|
||||||
{
|
|
||||||
struct luks_masterkey *mk=malloc(sizeof(*mk) + keylength);
|
|
||||||
diff --git a/luks/luks.h b/luks/luks.h
|
|
||||||
index 7356c92..f11516d 100644
|
|
||||||
--- a/luks/luks.h
|
|
||||||
+++ b/luks/luks.h
|
|
||||||
@@ -133,4 +133,5 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
|
|
||||||
const char *device,
|
|
||||||
unsigned int sector, struct setup_backend *backend);
|
|
||||||
|
|
||||||
+int LUKS_device_ready(char *device, int mode);
|
|
||||||
#endif
|
|
||||||
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
|
|
||||||
index edb155a..e7f47a2 100644
|
|
||||||
--- a/src/cryptsetup.c
|
|
||||||
+++ b/src/cryptsetup.c
|
|
||||||
@@ -4,6 +4,7 @@
|
|
||||||
#include <stdint.h>
|
|
||||||
#include <inttypes.h>
|
|
||||||
#include <errno.h>
|
|
||||||
+#include <unistd.h>
|
|
||||||
#include <assert.h>
|
|
||||||
|
|
||||||
#include <libcryptsetup.h>
|
|
||||||
@@ -13,6 +14,9 @@
|
|
||||||
|
|
||||||
#include "cryptsetup.h"
|
|
||||||
|
|
||||||
+// XXX!
|
|
||||||
+int LUKS_is_last_keyslot(const char *device, unsigned int keyIndex);
|
|
||||||
+
|
|
||||||
static int opt_verbose = 1;
|
|
||||||
static char *opt_cipher = NULL;
|
|
||||||
static char *opt_hash = DEFAULT_HASH;
|
|
@ -1,47 +0,0 @@
|
|||||||
use set_error instead of printf in library to report errors.
|
|
||||||
|
|
||||||
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
|
||||||
|
|
||||||
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
|
||||||
---
|
|
||||||
|
|
||||||
lib/utils.c | 2 +-
|
|
||||||
luks/keyencryption.c | 5 +++--
|
|
||||||
2 files changed, 4 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/utils.c b/lib/utils.c
|
|
||||||
index fbf34bc..b9fc006 100644
|
|
||||||
--- a/lib/utils.c
|
|
||||||
+++ b/lib/utils.c
|
|
||||||
@@ -227,7 +227,7 @@ ssize_t read_blockwise(int fd, void *orig_buf, size_t count) {
|
|
||||||
while(count) {
|
|
||||||
r = read(fd,padbuf,bsize);
|
|
||||||
if(r < 0 || r != bsize) {
|
|
||||||
- fprintf(stderr, "read failed in read_blockwise.\n");
|
|
||||||
+ set_error("read failed in read_blockwise()");
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
step = count<bsize?count:bsize;
|
|
||||||
diff --git a/luks/keyencryption.c b/luks/keyencryption.c
|
|
||||||
index f154a01..de02f50 100644
|
|
||||||
--- a/luks/keyencryption.c
|
|
||||||
+++ b/luks/keyencryption.c
|
|
||||||
@@ -58,7 +58,7 @@ static int setup_mapping(const char *cipher, const char *name,
|
|
||||||
* device's sector size, otherwise the mapping will be refused.
|
|
||||||
*/
|
|
||||||
if(device_sector_size < 0) {
|
|
||||||
- fprintf(stderr,_("Unable to obtain sector size for %s"),device);
|
|
||||||
+ set_error(_("Unable to obtain sector size for %s"),device);
|
|
||||||
return -EINVAL;
|
|
||||||
}
|
|
||||||
options->size = round_up_modulo(srcLength,device_sector_size)/SECTOR_SIZE;
|
|
||||||
@@ -138,7 +138,8 @@ static int LUKS_endec_template(char *src, size_t srcLength,
|
|
||||||
|
|
||||||
r = setup_mapping(dmCipherSpec,name,device,hdr->payloadOffset,key,keyLength,sector,srcLength,backend,mode);
|
|
||||||
if(r < 0) {
|
|
||||||
- fprintf(stderr,"Failed to setup dm-crypt key mapping.\nCheck kernel for support for the %s cipher spec and verify that %s contains at least %d sectors.\n",
|
|
||||||
+ if(!get_error())
|
|
||||||
+ set_error("Failed to setup dm-crypt key mapping.\nCheck kernel for support for the %s cipher spec and verify that %s contains at least %d sectors",
|
|
||||||
dmCipherSpec,
|
|
||||||
device,
|
|
||||||
sector + div_round_up(srcLength,SECTOR_SIZE));
|
|
@ -1,74 +0,0 @@
|
|||||||
fix some gcc warnings
|
|
||||||
|
|
||||||
From: Ludwig Nussel <ludwig.nussel@suse.de>
|
|
||||||
|
|
||||||
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
|
|
||||||
---
|
|
||||||
|
|
||||||
lib/libdevmapper.c | 2 +-
|
|
||||||
lib/setup.c | 2 --
|
|
||||||
lib/utils.c | 4 ++--
|
|
||||||
luks/keymanage.c | 2 +-
|
|
||||||
4 files changed, 4 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
|
|
||||||
index 888b689..676064a 100644
|
|
||||||
--- a/lib/libdevmapper.c
|
|
||||||
+++ b/lib/libdevmapper.c
|
|
||||||
@@ -258,7 +258,7 @@ static int dm_query_device(int details, struct crypt_options *options,
|
|
||||||
options->skip = 0;
|
|
||||||
options->size = length;
|
|
||||||
if (details) {
|
|
||||||
- char *cipher, *key_, *device, *tmp;
|
|
||||||
+ char *cipher, *key_, *device;
|
|
||||||
uint64_t val64;
|
|
||||||
|
|
||||||
set_error("Invalid dm table");
|
|
||||||
diff --git a/lib/setup.c b/lib/setup.c
|
|
||||||
index 0429b33..5b85bd6 100644
|
|
||||||
--- a/lib/setup.c
|
|
||||||
+++ b/lib/setup.c
|
|
||||||
@@ -56,8 +56,6 @@ static int setup_enter(struct setup_backend *backend)
|
|
||||||
|
|
||||||
static int setup_leave(struct setup_backend *backend)
|
|
||||||
{
|
|
||||||
- const char *error;
|
|
||||||
-
|
|
||||||
if (backend)
|
|
||||||
backend->exit();
|
|
||||||
|
|
||||||
diff --git a/lib/utils.c b/lib/utils.c
|
|
||||||
index 718d418..fbf34bc 100644
|
|
||||||
--- a/lib/utils.c
|
|
||||||
+++ b/lib/utils.c
|
|
||||||
@@ -174,7 +174,7 @@ ssize_t write_blockwise(int fd, const void *orig_buf, size_t count)
|
|
||||||
{
|
|
||||||
char *padbuf; char *padbuf_base;
|
|
||||||
char *buf = (char *)orig_buf;
|
|
||||||
- int r;
|
|
||||||
+ int r = 0;
|
|
||||||
int hangover; int solid; int bsize;
|
|
||||||
|
|
||||||
if ((bsize = sector_size(fd)) < 0)
|
|
||||||
@@ -214,7 +214,7 @@ ssize_t write_blockwise(int fd, const void *orig_buf, size_t count)
|
|
||||||
ssize_t read_blockwise(int fd, void *orig_buf, size_t count) {
|
|
||||||
char *padbuf; char *padbuf_base;
|
|
||||||
char *buf = (char *)orig_buf;
|
|
||||||
- int r;
|
|
||||||
+ int r = 0;
|
|
||||||
int step;
|
|
||||||
int bsize;
|
|
||||||
|
|
||||||
diff --git a/luks/keymanage.c b/luks/keymanage.c
|
|
||||||
index 77d8414..8b07458 100644
|
|
||||||
--- a/luks/keymanage.c
|
|
||||||
+++ b/luks/keymanage.c
|
|
||||||
@@ -420,7 +420,7 @@ static int wipe(const char *device, unsigned int from, unsigned int to)
|
|
||||||
int LUKS_del_key(const char *device, unsigned int keyIndex)
|
|
||||||
{
|
|
||||||
struct luks_phdr hdr;
|
|
||||||
- unsigned int i, startOffset, endOffset, stripesLen;
|
|
||||||
+ unsigned int startOffset, endOffset, stripesLen;
|
|
||||||
int r;
|
|
||||||
|
|
||||||
r = LUKS_read_phdr(device, &hdr);
|
|
@ -1,8 +1,8 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# repo is at http://luks.endorphin.org/svn/cryptsetup
|
# repo is at http://luks.endorphin.org/svn/cryptsetup
|
||||||
set -e
|
set -e -x
|
||||||
SVN_VERSION="1.0.4_SVN`svnversion .`"
|
SVN_VERSION="1.0.5_SVNr`svnversion .`"
|
||||||
rm -rf cryptsetup-luks-${SVN_VERSION}
|
rm -rf cryptsetup-${SVN_VERSION}
|
||||||
svn export . cryptsetup-luks-${SVN_VERSION}
|
svn export . cryptsetup-${SVN_VERSION}
|
||||||
tar --owner=root --group=root --force-local -cjf cryptsetup-luks-${SVN_VERSION}.tar.bz2 cryptsetup-luks-${SVN_VERSION}
|
tar --owner=root --group=root --force-local -cjf cryptsetup-${SVN_VERSION}.tar.bz2 cryptsetup-${SVN_VERSION}
|
||||||
rm -rf cryptsetup-luks-${SVN_VERSION}
|
rm -rf cryptsetup-${SVN_VERSION}
|
||||||
|
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Nov 29 13:47:24 CET 2007 - lnussel@suse.de
|
||||||
|
|
||||||
|
- upgrade to svn revision 38
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Nov 7 12:40:02 CET 2007 - mkoenig@suse.de
|
Wed Nov 7 12:40:02 CET 2007 - mkoenig@suse.de
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#
|
#
|
||||||
# spec file for package cryptsetup (Version 1.0.5_SVNr31)
|
# spec file for package cryptsetup (Version 1.0.5_SVNr38)
|
||||||
#
|
#
|
||||||
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||||
# This file and all modifications and additions to the pristine
|
# This file and all modifications and additions to the pristine
|
||||||
@ -18,10 +18,10 @@ BuildRequires: device-mapper-devel e2fsprogs-devel libgcrypt-devel popt-devel
|
|||||||
License: BSD 3-Clause; GPL v2 or later
|
License: BSD 3-Clause; GPL v2 or later
|
||||||
Group: System/Base
|
Group: System/Base
|
||||||
AutoReqProv: on
|
AutoReqProv: on
|
||||||
Version: 1.0.5_SVNr31
|
Version: 1.0.5_SVNr38
|
||||||
Release: 4
|
Release: 1
|
||||||
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
Summary: Set Up dm-crypt Based Encrypted Block Devices
|
||||||
Source: cryptsetup-1.0.5_SVNr31.tar.bz2
|
Source: cryptsetup-%{version}.tar.bz2
|
||||||
Source1: hashalot-%haver.tar.bz2
|
Source1: hashalot-%haver.tar.bz2
|
||||||
Source50: boot.crypto
|
Source50: boot.crypto
|
||||||
Source90: Makefile.doc
|
Source90: Makefile.doc
|
||||||
@ -30,10 +30,9 @@ Source91: crypttab.5.txt
|
|||||||
Source92: crypttab.5
|
Source92: crypttab.5
|
||||||
# use this to create the tarball from svn
|
# use this to create the tarball from svn
|
||||||
Source99: cryptsetup-mktar
|
Source99: cryptsetup-mktar
|
||||||
Patch2: cryptsetup-luks-implicit-declarations.diff
|
Patch1: 0001-cryptsetup-the-device-parameter-of-LUKS_device_ready.diff
|
||||||
Patch3: cryptsetup-luks-warnings.diff
|
Patch2: 0002-cryptsetup-logger-function-should-return-void.diff
|
||||||
Patch4: cryptsetup-luks-libnostderr.diff
|
Patch3: 0003-cryptsetup-fix-implicit-function-declarations.diff
|
||||||
Patch5: cryptsetup-1.0.5-run_udevsettle.patch
|
|
||||||
Patch10: hashalot-fixes.diff
|
Patch10: hashalot-fixes.diff
|
||||||
Patch11: hashalot-libgcrypt.diff
|
Patch11: hashalot-libgcrypt.diff
|
||||||
Patch12: hashalot-ctrl-d.diff
|
Patch12: hashalot-ctrl-d.diff
|
||||||
@ -84,11 +83,9 @@ Authors:
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -b 1
|
%setup -q -b 1
|
||||||
#%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
|
||||||
%patch5 -p1
|
|
||||||
pushd ../hashalot-%haver
|
pushd ../hashalot-%haver
|
||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
%patch11 -p1
|
%patch11 -p1
|
||||||
@ -183,7 +180,10 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%_includedir/libcryptsetup.h
|
%_includedir/libcryptsetup.h
|
||||||
%{_libdir}/libcryptsetup.so
|
%{_libdir}/libcryptsetup.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Nov 29 2007 - lnussel@suse.de
|
||||||
|
- upgrade to svn revision 38
|
||||||
* Wed Nov 07 2007 - mkoenig@suse.de
|
* Wed Nov 07 2007 - mkoenig@suse.de
|
||||||
- add %%fillup_prereq and %%insserv_prereq to PreReq
|
- add %%fillup_prereq and %%insserv_prereq to PreReq
|
||||||
* Tue Oct 16 2007 - lnussel@suse.de
|
* Tue Oct 16 2007 - lnussel@suse.de
|
||||||
|
106
crypttab.5
106
crypttab.5
@ -1,17 +1,17 @@
|
|||||||
.\" Title: crypttab
|
.\" Title: crypttab
|
||||||
.\" Author:
|
.\" Author:
|
||||||
.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
|
.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
|
||||||
.\" Date: 05/09/2007
|
.\" Date: 11/29/2007
|
||||||
.\" Manual:
|
.\" Manual:
|
||||||
.\" Source:
|
.\" Source:
|
||||||
.\"
|
.\"
|
||||||
.TH "CRYPTTAB" "5" "05/09/2007" "" ""
|
.TH "CRYPTTAB" "5" "11/29/2007" "" ""
|
||||||
.\" disable hyphenation
|
.\" disable hyphenation
|
||||||
.nh
|
.nh
|
||||||
.\" disable justification (adjust text to left margin only)
|
.\" disable justification (adjust text to left margin only)
|
||||||
.ad l
|
.ad l
|
||||||
.SH "NAME"
|
.SH "NAME"
|
||||||
crypttab \- static information about crypted filesystems
|
crypttab - static information about crypted filesystems
|
||||||
.SH "SYNOPSIS"
|
.SH "SYNOPSIS"
|
||||||
.PP
|
.PP
|
||||||
\fBcrypttab\fR
|
\fBcrypttab\fR
|
||||||
@ -23,111 +23,115 @@ crypttab \- static information about crypted filesystems
|
|||||||
\fI<options>\fR
|
\fI<options>\fR
|
||||||
.RE
|
.RE
|
||||||
.SH "DESCRIPTION"
|
.SH "DESCRIPTION"
|
||||||
The file \fB/etc/crypttab\fR contains descriptive informations about encrypted volumes. Each volume is described on a separate line; columns on each line are separated by tabs or spaces. Lines starting with "\fI#\fR" are comments, empty lines are ignored. The order of records in \fBcrypttab\fR is important because the \fB/etc/init.d/boot.crypto\fR script sequentially iterates through \fBcrypttab\fR entries. All four columns are mandatory, missing or excessive columns will lead to unspecified behaviour.
|
The file \fB/etc/crypttab\fR contains descriptive informations about encrypted volumes\. Each volume is described on a separate line; columns on each line are separated by tabs or spaces\. Lines starting with "\fI#\fR" are comments, empty lines are ignored\. The order of records in \fBcrypttab\fR is important because the \fB/etc/init\.d/boot\.crypto\fR script sequentially iterates through \fBcrypttab\fR entries\. All four columns are mandatory, missing or excessive columns will lead to unspecified behaviour\.
|
||||||
.sp
|
.sp
|
||||||
.TP 4
|
.sp
|
||||||
\(bu
|
.RS 4
|
||||||
The first column,
|
\h'-04'\(bu\h'+03'The first column,
|
||||||
\fItarget device\fR
|
\fItarget device\fR
|
||||||
specifies the mapped
|
specifies the mapped
|
||||||
\fIdevice name\fR. It must be a plain filename without any directories. A mapped device
|
\fIdevice name\fR\. It must be a plain filename without any directories\. A mapped device
|
||||||
\fB/dev/mapper/\fR\fIdevice name\fR
|
\fB/dev/mapper/\fR\fIdevice name\fR
|
||||||
will be created by
|
will be created by
|
||||||
\fBcryptsetup(8)\fR
|
\fBcryptsetup(8)\fR
|
||||||
crypting data from and onto the
|
crypting data from and onto the
|
||||||
\fIsource device\fR.
|
\fIsource device\fR\.
|
||||||
To actually mount that device it needs to be listed in \fB/etc/fstab\fR.
|
.RE
|
||||||
|
To actually mount that device it needs to be listed in \fB/etc/fstab\fR\.
|
||||||
.sp
|
.sp
|
||||||
.TP 4
|
.sp
|
||||||
\(bu
|
.RS 4
|
||||||
The second column
|
\h'-04'\(bu\h'+03'The second column
|
||||||
\fIsource device\fR
|
\fIsource device\fR
|
||||||
specifies the block special device that should hold the encrypted data.
|
specifies the block special device that should hold the encrypted data\.
|
||||||
.TP 4
|
.RE
|
||||||
\(bu
|
.sp
|
||||||
The third column
|
.RS 4
|
||||||
|
\h'-04'\(bu\h'+03'The third column
|
||||||
\fIkey file\fR
|
\fIkey file\fR
|
||||||
specifies the file to use for decrypting the encrypted data of the
|
specifies a file containing the raw binary key to use for decrypting the encrypted data of the
|
||||||
\fIsource device\fR.
|
\fIsource device\fR\.
|
||||||
It can also be a device name (e.g. \fB/dev/urandom\fR, which is useful for encrypted swap devices). Warning: luks does not support infinite streams (like \fB/dev/urandom\fR), it requires a fixed size key.
|
.RE
|
||||||
|
The key file can also be a device name (e\.g\. \fB/dev/urandom\fR, which is useful for encrypted swap devices)\. Warning: luks does not support infinite streams (like \fB/dev/urandom\fR), it requires a fixed size key\.
|
||||||
.sp
|
.sp
|
||||||
If the \fIkey file\fR is the string \fBnone\fR, the key data (i.e. a password or passphrase) will be read interactively from the console. In this case the options precheck, check, checkargs and tries may be useful.
|
If the \fIkey file\fR is the string \fBnone\fR, the key data (i\.e\. a password or passphrase) will be read interactively from the console\. In this case the options precheck, check, checkargs and tries may be useful\.
|
||||||
.sp
|
.sp
|
||||||
.TP 4
|
.sp
|
||||||
\(bu
|
.RS 4
|
||||||
The fourth field
|
\h'-04'\(bu\h'+03'The fourth field
|
||||||
\fIoptions\fR
|
\fIoptions\fR
|
||||||
specifies the cryptsetup options associated with the encryption process. At minimum, the field should contain the string
|
specifies the cryptsetup options associated with the encryption process\. At minimum, the field should contain the string
|
||||||
\fBluks\fR
|
\fBluks\fR
|
||||||
or the
|
or the
|
||||||
\fIcipher\fR,
|
\fIcipher\fR,
|
||||||
\fIhash\fR
|
\fIhash\fR
|
||||||
and
|
and
|
||||||
\fIsize\fR
|
\fIsize\fR
|
||||||
options.
|
options\.
|
||||||
|
.RE
|
||||||
Options have to be specified in the format: \fIkey\fR=\fIvalue\fR[,\fIkey\fR=\fIvalue\fR \&...]
|
Options have to be specified in the format: \fIkey\fR=\fIvalue\fR[,\fIkey\fR=\fIvalue\fR \&...]
|
||||||
.sp
|
.sp
|
||||||
.SH "OPTIONS"
|
.SH "OPTIONS"
|
||||||
.PP
|
.PP
|
||||||
\fBcipher\fR=<cipher>
|
\fBcipher\fR=<cipher>
|
||||||
.RS 4
|
.RS 4
|
||||||
Encryption algorithm. See
|
Encryption algorithm\. See
|
||||||
\fBcryptsetup \-c\fR.
|
\fBcryptsetup \-c\fR\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBsize\fR=<size>
|
\fBsize\fR=<size>
|
||||||
.RS 4
|
.RS 4
|
||||||
Encryption key size. See
|
Encryption key size\. See
|
||||||
\fBcryptsetup \-s\fR.
|
\fBcryptsetup \-s\fR\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBhash\fR=<hash>
|
\fBhash\fR=<hash>
|
||||||
.RS 4
|
.RS 4
|
||||||
Hash algorithm. See
|
Hash algorithm\. See
|
||||||
\fBcryptsetup \-h\fR.
|
\fBcryptsetup \-h\fR\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBverify\fR
|
\fBverify\fR
|
||||||
.RS 4
|
.RS 4
|
||||||
Verify password. See
|
Verify password\. See
|
||||||
\fBcryptsetup \-y\fR.
|
\fBcryptsetup \-y\fR\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBreadonly\fR
|
\fBreadonly\fR
|
||||||
.RS 4
|
.RS 4
|
||||||
The backing device is read\-only (eg: a dvd).
|
The backing device is read\-only (eg: a dvd)\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBluks\fR
|
\fBluks\fR
|
||||||
.RS 4
|
.RS 4
|
||||||
Use device with luks extensions.
|
Use device with luks extensions\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBswap\fR
|
\fBswap\fR
|
||||||
.RS 4
|
.RS 4
|
||||||
Run
|
Run
|
||||||
\fBmkswap\fR
|
\fBmkswap\fR
|
||||||
on the created device.
|
on the created device\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBtmp\fR
|
\fBtmp\fR
|
||||||
.RS 4
|
.RS 4
|
||||||
Run
|
Run
|
||||||
\fBmkfs\fR
|
\fBmkfs\fR
|
||||||
on the created device. The file system to use is specified in
|
on the created device\. The file system to use is specified in
|
||||||
\fB/etc/fstab\fR. If
|
\fB/etc/fstab\fR\. If
|
||||||
\fB/etc/fstab\fR
|
\fB/etc/fstab\fR
|
||||||
does not list the mapped device, ext2 is used as fallback.
|
does not list the mapped device, ext2 is used as fallback\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBprecheck\fR=<precheck>
|
\fBprecheck\fR=<precheck>
|
||||||
.RS 4
|
.RS 4
|
||||||
Check the source device by suitable program; if the check fails the device is not created; <precheck> is a script to check the source device. The source device is given as argument to the script.
|
Check the source device by suitable program; if the check fails the device is not created; <precheck> is a script to check the source device\. The source device is given as argument to the script\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBcheck\fR[=<program>]
|
\fBcheck\fR[=<program>]
|
||||||
.RS 4
|
.RS 4
|
||||||
Check the content of the mapped device by a suitable program; if the check fails the device is removed. The specified program is run giving the decrypted volume (target device) as first and the value of the checkargs option as second argument. Cryptdisks searches for the given program in /lib/cryptsetup/checks/. If no program is specified, vol_id is used.
|
Check the content of the mapped device by a suitable program; if the check fails the device is removed\. The specified program is run giving the decrypted volume (target device) as first and the value of the checkargs option as second argument\. Cryptdisks searches for the given program in /lib/cryptsetup/checks/\. If no program is specified, vol_id is used\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBcheckargs\fR=<argument>
|
\fBcheckargs\fR=<argument>
|
||||||
@ -137,37 +141,37 @@ Pass <argument> as second argument to the check script
|
|||||||
.PP
|
.PP
|
||||||
\fBtries\fR=<num>
|
\fBtries\fR=<num>
|
||||||
.RS 4
|
.RS 4
|
||||||
Prompt for the passphrase at most <num> times if the entered passphrase was wrong. Defaults is 3. Only works for LUKS volumes.
|
Prompt for the passphrase at most <num> times if the entered passphrase was wrong\. Defaults is 3\. Only works for LUKS volumes\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBtimeout\fR=<sec>
|
\fBtimeout\fR=<sec>
|
||||||
.RS 4
|
.RS 4
|
||||||
Time out interactive password prompts after <sec> seconds.
|
Time out interactive password prompts after <sec> seconds\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBloop\fR
|
\fBloop\fR
|
||||||
.RS 4
|
.RS 4
|
||||||
Always attach a loop device before mapping the device. Normally a loop device is used automatically only for image files. Useful if the block size of the physical device does not match the block size of the contained file system. E.g. ext2 on a CD.
|
Always attach a loop device before mapping the device\. Normally a loop device is used automatically only for image files\. Useful if the block size of the physical device does not match the block size of the contained file system\. E\.g\. ext2 on a CD\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBnoauto\fR
|
\fBnoauto\fR
|
||||||
.RS 4
|
.RS 4
|
||||||
Causes boot.crypto to skip this record during boot
|
Causes boot\.crypto to skip this record during boot
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBpseed=<string>\fR
|
\fBpseed=<string>\fR
|
||||||
.RS 4
|
.RS 4
|
||||||
Set a string that is appended to the passphrase after hashing. Using different seeds for volumes with the same passphrase makes dictionary attacks harder. Use for compatability with loop\-AES.
|
Set a string that is appended to the passphrase after hashing\. Using different seeds for volumes with the same passphrase makes dictionary attacks harder\. Use for compatability with loop\-AES\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBitercountk=<num>\fR
|
\fBitercountk=<num>\fR
|
||||||
.RS 4
|
.RS 4
|
||||||
Encrypts the hashed password <num> thousand times using AES\-256. Use for compatability with loop\-AES.
|
Encrypts the hashed password <num> thousand times using AES\-256\. Use for compatability with loop\-AES\.
|
||||||
.RE
|
.RE
|
||||||
.PP
|
.PP
|
||||||
\fBloud\fR, \fBssl\fR, \fBgpg\fR, \fBkeyscript\fR
|
\fBloud\fR, \fBssl\fR, \fBgpg\fR, \fBkeyscript\fR
|
||||||
.RS 4
|
.RS 4
|
||||||
not supported. Listed here as they are supported by Debian.
|
not supported\. Listed here as they are supported by Debian\.
|
||||||
.RE
|
.RE
|
||||||
.SH "CHECKSCRIPTS"
|
.SH "CHECKSCRIPTS"
|
||||||
TODO
|
TODO
|
||||||
@ -197,5 +201,5 @@ cdisk3 /dev/sda3 none cipher=twofish\-cbc\-plain,size=256,hash=sha512
|
|||||||
cryptsetup(8), /etc/crypttab, fstab(8)
|
cryptsetup(8), /etc/crypttab, fstab(8)
|
||||||
.sp
|
.sp
|
||||||
.SH "AUTHOR"
|
.SH "AUTHOR"
|
||||||
Manual page converted to asciidoc by Michael Gebetsroither <michael.geb@gmx.at>. Originally written by Bastian Kleineidam <calvin@debian.org> for the Debian distribution of cryptsetup. Improved by Jonas Meurer <jonas@freesources.org>. Modified for SUSE Linux by Ludwig Nussel <ludwig.nussel@suse.de>. Parts of this manual were taken and adapted from the fstab(5) manual page.
|
Manual page converted to asciidoc by Michael Gebetsroither <michael\.geb@gmx\.at>\. Originally written by Bastian Kleineidam <calvin@debian\.org> for the Debian distribution of cryptsetup\. Improved by Jonas Meurer <jonas@freesources\.org>\. Modified for SUSE Linux by Ludwig Nussel <ludwig\.nussel@suse\.de>\. Parts of this manual were taken and adapted from the fstab(5) manual page\.
|
||||||
.sp
|
.sp
|
||||||
|
@ -33,12 +33,14 @@ To actually mount that device it needs to be listed in */etc/fstab*.
|
|||||||
- The second column 'source device' specifies the block special
|
- The second column 'source device' specifies the block special
|
||||||
device that should hold the encrypted data.
|
device that should hold the encrypted data.
|
||||||
|
|
||||||
- The third column 'key file' specifies the file to use for
|
- The third column 'key file' specifies a file containing the raw
|
||||||
decrypting the encrypted data of the 'source device'.
|
binary key to use for decrypting the encrypted data of the 'source
|
||||||
|
device'.
|
||||||
|
|
||||||
It can also be a device name (e.g. */dev/urandom*, which is useful
|
The key file can also be a device name (e.g. */dev/urandom*, which
|
||||||
for encrypted swap devices). Warning: luks does not support infinite
|
is useful for encrypted swap devices). Warning: luks does not
|
||||||
streams (like */dev/urandom*), it requires a fixed size key.
|
support infinite streams (like */dev/urandom*), it requires a fixed
|
||||||
|
size key.
|
||||||
|
|
||||||
If the 'key file' is the string *none*, the key data (i.e. a
|
If the 'key file' is the string *none*, the key data (i.e. a
|
||||||
password or passphrase) will be read interactively from the console.
|
password or passphrase) will be read interactively from the console.
|
||||||
|
Loading…
Reference in New Issue
Block a user