rpm/cryptsetup
SHA256
1
0
Fork 0
forked from pool/cryptsetup
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cryptsetup?expand=0&rev=8

Browse Source
This commit is contained in:
OBS User unknown 2008-01-09 20:57:24 +00:00 committed by Git OBS Bridge
parent 86719c7d6c
commit a064f0b9cc
12 changed files with 39 additions and 1578 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
0001-cryptsetup-the-device-parameter-of-LUKS_device_ready.diff
View File

@ -1,26 +0,0 @@
From 637619ff183804b4f654a3c5810aea2bb8ce9ba3 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Thu, 29 Nov 2007 13:18:23 +0100
Subject: [PATCH] cryptsetup: the device parameter of LUKS_device_ready should be const
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
---
luks/keymanage.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/luks/keymanage.c b/luks/keymanage.c
index 915a0f2..91ff688 100644
--- a/luks/keymanage.c
+++ b/luks/keymanage.c
@@ -466,7 +466,7 @@ int LUKS_benchmarkt_iterations()
return PBKDF2_performance_check()/2;
}
-int LUKS_device_ready(char *device, int mode)
+int LUKS_device_ready(const char *device, int mode)
{
int devfd = open(device, mode | O_DIRECT | O_SYNC);
if(devfd < 0) {
--
1.5.3.4

26
0002-cryptsetup-logger-function-should-return-void.diff
View File

@ -1,26 +0,0 @@
From 32f038fe704a069444e5b71d6b195795b917016a Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Thu, 29 Nov 2007 13:21:23 +0100
Subject: [PATCH] cryptsetup: logger function should return void
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
---
lib/setup.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/lib/setup.c b/lib/setup.c
index 9e8c810..032d90e 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -26,7 +26,7 @@ static char *default_backend = NULL;
#define at_least_one(a) ({ __typeof__(a) __at_least_one=(a); (__at_least_one)?__at_least_one:1; })
-static int logger(struct crypt_options *options, int class, char *format, ...) {
+static void logger(struct crypt_options *options, int class, char *format, ...) {
va_list argp;
char *target;
--
1.5.3.4

38
0003-cryptsetup-fix-implicit-function-declarations.diff
View File

@ -1,38 +0,0 @@
From 557a4f778b227b63b7095e2910bb6911ed2b040c Mon Sep 17 00:00:00 2001
From: Ludwig Nussel <ludwig.nussel@suse.de>
Date: Thu, 29 Nov 2007 10:35:19 +0100
Subject: [PATCH] cryptsetup: fix implicit function declarations
Signed-off-by: Ludwig Nussel <ludwig.nussel@suse.de>
---
lib/libcryptsetup.h | 3 ++-
luks/luks.h | 1 +
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h
index fad14d1..e2db46a 100644
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -53,7 +53,8 @@ int crypt_query_device(struct crypt_options *options);
int crypt_remove_device(struct crypt_options *options);
int crypt_luksFormat(struct crypt_options *options);
int crypt_luksOpen(struct crypt_options *options);
-int crypt_luksDelKey(struct crypt_options *options);
+int crypt_luksKillSlot(struct crypt_options *options);
+int crypt_luksRemoveKey(struct crypt_options *options);
int crypt_luksAddKey(struct crypt_options *options);
int crypt_luksUUID(struct crypt_options *options);
int crypt_isLuks(struct crypt_options *options);
diff --git a/luks/luks.h b/luks/luks.h
index ac9fe74..17f7b08 100644
--- a/luks/luks.h
+++ b/luks/luks.h
@@ -132,4 +132,5 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
char *key, size_t keyLength,
const char *device,
unsigned int sector, struct setup_backend *backend);
+int LUKS_device_ready(const char *device, int mode);
#endif
--
1.5.3.4

3
Makefile.doc
View File

@ -1,3 +0,0 @@
crypttab.5: crypttab.5.txt
a2x -d manpage -f manpage crypttab.5.txt
rm -f crypttab.5.xml

1073
boot.crypto
View File

File diff suppressed because it is too large Load Diff

3
boot.crypto-0_200801091212.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b8a5cc430e0d3361a3523e16d59fa68c074d4cf0e9c8dbd0a3af7f84f34d9222
size 11134

3
cryptsetup-1.0.5_SVNr38.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:76390d49112cf35b6d6ea289bb1760ded416dfaf133edb131d6548e6d2d5be41
size 416976

3
cryptsetup-1.0.5_SVNr42.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9c8d18b901c75f2f2fbe8cefae1b53ca96373cb8edc8d7bad1f70b79991f8031
size 246243

13
cryptsetup.changes
View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Wed Jan 9 12:07:14 CET 2008 - lnussel@suse.de
- upgrade to svn revision 42 which includes previous patches
- boot.crypto:
* don't mount read-only as safety check (#345338)
* implement precheck scripts
* allow restarting of single volumes (#345605)
* status query of individual devices (#345605)
* add vol_id check script
* maintain boot.crypto stuff in revision control and use tarball
snapshots of it
-------------------------------------------------------------------
Thu Nov 29 13:47:24 CET 2007 - lnussel@suse.de

44
cryptsetup.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package cryptsetup (Version 1.0.5_SVNr38)
# spec file for package cryptsetup (Version 1.0.5_SVNr42)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
@ -15,24 +15,20 @@ Url: http://luks.endorphin.org/dm-crypt
BuildRequires: device-mapper-devel e2fsprogs-devel libgcrypt-devel popt-devel
# hashalot version
%define haver 0.3
# boot.crypto version
%define bcver 0_200801091212
License: BSD 3-Clause; GPL v2 or later
Group: System/Base
AutoReqProv: on
Version: 1.0.5_SVNr38
Version: 1.0.5_SVNr42
Release: 1
Summary: Set Up dm-crypt Based Encrypted Block Devices
Source: cryptsetup-%{version}.tar.bz2
Source1: hashalot-%haver.tar.bz2
Source50: boot.crypto
Source90: Makefile.doc
Source91: crypttab.5.txt
# make -f Makefile.doc
Source92: crypttab.5
# http://www.suse.de/~lnussel/boot.crypto.git
Source2: boot.crypto-%{bcver}.tar.bz2
# use this to create the tarball from svn
Source99: cryptsetup-mktar
Patch1: 0001-cryptsetup-the-device-parameter-of-LUKS_device_ready.diff
Patch2: 0002-cryptsetup-logger-function-should-return-void.diff
Patch3: 0003-cryptsetup-fix-implicit-function-declarations.diff
Patch10: hashalot-fixes.diff
Patch11: hashalot-libgcrypt.diff
Patch12: hashalot-ctrl-d.diff
@ -82,10 +78,7 @@ Authors:
Ben Slusky <sluskyb@paranoiacs.org>
%prep
%setup -q -b 1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%setup -q -b 1 -b 2
pushd ../hashalot-%haver
%patch10 -p1
%patch11 -p1
@ -130,14 +123,7 @@ rm -f $RPM_BUILD_ROOT/sbin/{rmd160,sha256,sha384,sha512}
#
#
# boot.crypto
install -d -m 755 %{buildroot}/etc/init.d
install -m 755 %{SOURCE50} %{buildroot}/etc/init.d/boot.crypto
# maybe install templates instead?
install -m 644 /dev/null %{buildroot}/etc/cryptotab
install -m 644 /dev/null %{buildroot}/etc/crypttab
# man page
install -d -m755 %{buildroot}%{_mandir}/man5
install -m644 %{SOURCE92} %{buildroot}%{_mandir}/man5
make -C ../boot.crypto-* install DESTDIR=$RPM_BUILD_ROOT
#
%find_lang %name --all-name
@ -169,12 +155,12 @@ rm -rf $RPM_BUILD_ROOT
/etc/init.d/boot.crypto
/sbin/cryptsetup
/sbin/hashalot
%_datadir/locale/de/LC_MESSAGES/cryptsetup.mo
%_mandir/man1/hashalot.1.gz
%_mandir/man8/cryptsetup.8.gz
%_mandir/man5/crypttab.5.gz
/%_lib/libcryptsetup.so.0
/%_lib/libcryptsetup.so.0.0.0
/lib/cryptsetup
%files devel
%defattr(-,root,root)
@ -182,6 +168,16 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/libcryptsetup.so
%changelog
* Wed Jan 09 2008 - lnussel@suse.de
- upgrade to svn revision 42 which includes previous patches
- boot.crypto:
* don't mount read-only as safety check (#345338)
* implement precheck scripts
* allow restarting of single volumes (#345605)
* status query of individual devices (#345605)
* add vol_id check script
* maintain boot.crypto stuff in revision control and use tarball
snapshots of it
* Thu Nov 29 2007 - lnussel@suse.de
- upgrade to svn revision 38
* Wed Nov 07 2007 - mkoenig@suse.de

205
crypttab.5
View File

@ -1,205 +0,0 @@
.\" Title: crypttab
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
.\" Date: 11/29/2007
.\" Manual:
.\" Source:
.\"
.TH "CRYPTTAB" "5" "11/29/2007" "" ""
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.SH "NAME"
crypttab - static information about crypted filesystems
.SH "SYNOPSIS"
.PP
\fBcrypttab\fR
.RS 4
\fI<target device>\fR
\fI<source device>\fR
\fI<key file>\fR
\fI<options>\fR
.RE
.SH "DESCRIPTION"
The file \fB/etc/crypttab\fR contains descriptive informations about encrypted volumes\. Each volume is described on a separate line; columns on each line are separated by tabs or spaces\. Lines starting with "\fI#\fR" are comments, empty lines are ignored\. The order of records in \fBcrypttab\fR is important because the \fB/etc/init\.d/boot\.crypto\fR script sequentially iterates through \fBcrypttab\fR entries\. All four columns are mandatory, missing or excessive columns will lead to unspecified behaviour\.
.sp
.sp
.RS 4
\h'-04'\(bu\h'+03'The first column,
\fItarget device\fR
specifies the mapped
\fIdevice name\fR\. It must be a plain filename without any directories\. A mapped device
\fB/dev/mapper/\fR\fIdevice name\fR
will be created by
\fBcryptsetup(8)\fR
crypting data from and onto the
\fIsource device\fR\.
.RE
To actually mount that device it needs to be listed in \fB/etc/fstab\fR\.
.sp
.sp
.RS 4
\h'-04'\(bu\h'+03'The second column
\fIsource device\fR
specifies the block special device that should hold the encrypted data\.
.RE
.sp
.RS 4
\h'-04'\(bu\h'+03'The third column
\fIkey file\fR
specifies a file containing the raw binary key to use for decrypting the encrypted data of the
\fIsource device\fR\.
.RE
The key file can also be a device name (e\.g\. \fB/dev/urandom\fR, which is useful for encrypted swap devices)\. Warning: luks does not support infinite streams (like \fB/dev/urandom\fR), it requires a fixed size key\.
.sp
If the \fIkey file\fR is the string \fBnone\fR, the key data (i\.e\. a password or passphrase) will be read interactively from the console\. In this case the options precheck, check, checkargs and tries may be useful\.
.sp
.sp
.RS 4
\h'-04'\(bu\h'+03'The fourth field
\fIoptions\fR
specifies the cryptsetup options associated with the encryption process\. At minimum, the field should contain the string
\fBluks\fR
or the
\fIcipher\fR,
\fIhash\fR
and
\fIsize\fR
options\.
.RE
Options have to be specified in the format: \fIkey\fR=\fIvalue\fR[,\fIkey\fR=\fIvalue\fR \&...]
.sp
.SH "OPTIONS"
.PP
\fBcipher\fR=<cipher>
.RS 4
Encryption algorithm\. See
\fBcryptsetup \-c\fR\.
.RE
.PP
\fBsize\fR=<size>
.RS 4
Encryption key size\. See
\fBcryptsetup \-s\fR\.
.RE
.PP
\fBhash\fR=<hash>
.RS 4
Hash algorithm\. See
\fBcryptsetup \-h\fR\.
.RE
.PP
\fBverify\fR
.RS 4
Verify password\. See
\fBcryptsetup \-y\fR\.
.RE
.PP
\fBreadonly\fR
.RS 4
The backing device is read\-only (eg: a dvd)\.
.RE
.PP
\fBluks\fR
.RS 4
Use device with luks extensions\.
.RE
.PP
\fBswap\fR
.RS 4
Run
\fBmkswap\fR
on the created device\.
.RE
.PP
\fBtmp\fR
.RS 4
Run
\fBmkfs\fR
on the created device\. The file system to use is specified in
\fB/etc/fstab\fR\. If
\fB/etc/fstab\fR
does not list the mapped device, ext2 is used as fallback\.
.RE
.PP
\fBprecheck\fR=<precheck>
.RS 4
Check the source device by suitable program; if the check fails the device is not created; <precheck> is a script to check the source device\. The source device is given as argument to the script\.
.RE
.PP
\fBcheck\fR[=<program>]
.RS 4
Check the content of the mapped device by a suitable program; if the check fails the device is removed\. The specified program is run giving the decrypted volume (target device) as first and the value of the checkargs option as second argument\. Cryptdisks searches for the given program in /lib/cryptsetup/checks/\. If no program is specified, vol_id is used\.
.RE
.PP
\fBcheckargs\fR=<argument>
.RS 4
Pass <argument> as second argument to the check script
.RE
.PP
\fBtries\fR=<num>
.RS 4
Prompt for the passphrase at most <num> times if the entered passphrase was wrong\. Defaults is 3\. Only works for LUKS volumes\.
.RE
.PP
\fBtimeout\fR=<sec>
.RS 4
Time out interactive password prompts after <sec> seconds\.
.RE
.PP
\fBloop\fR
.RS 4
Always attach a loop device before mapping the device\. Normally a loop device is used automatically only for image files\. Useful if the block size of the physical device does not match the block size of the contained file system\. E\.g\. ext2 on a CD\.
.RE
.PP
\fBnoauto\fR
.RS 4
Causes boot\.crypto to skip this record during boot
.RE
.PP
\fBpseed=<string>\fR
.RS 4
Set a string that is appended to the passphrase after hashing\. Using different seeds for volumes with the same passphrase makes dictionary attacks harder\. Use for compatability with loop\-AES\.
.RE
.PP
\fBitercountk=<num>\fR
.RS 4
Encrypts the hashed password <num> thousand times using AES\-256\. Use for compatability with loop\-AES\.
.RE
.PP
\fBloud\fR, \fBssl\fR, \fBgpg\fR, \fBkeyscript\fR
.RS 4
not supported\. Listed here as they are supported by Debian\.
.RE
.SH "CHECKSCRIPTS"
TODO
.sp
.SH "EXAMPLES"
.PP
\fBEncrypted swap device\fR
.RS 4
cswap /dev/sda6 /dev/random swap
.RE
.PP
\fBEncrypted luks volume with interactive password\fR
.RS 4
cdisk0 /dev/hda1 none luks
.RE
.PP
\fBEncrypted luks volume with interactive password, use a custom check script, no retries\fR
.RS 4
cdisk2 /dev/hdc1 none luks,check=customscript,checkargs=foo,tries=1
.RE
.PP
\fBEncrypted volume with interactive password and a cryptoloop compatible twofish256 cipher\fR
.RS 4
cdisk3 /dev/sda3 none cipher=twofish\-cbc\-plain,size=256,hash=sha512
.RE
.SH "SEE ALSO"
cryptsetup(8), /etc/crypttab, fstab(8)
.sp
.SH "AUTHOR"
Manual page converted to asciidoc by Michael Gebetsroither <michael\.geb@gmx\.at>\. Originally written by Bastian Kleineidam <calvin@debian\.org> for the Debian distribution of cryptsetup\. Improved by Jonas Meurer <jonas@freesources\.org>\. Modified for SUSE Linux by Ludwig Nussel <ludwig\.nussel@suse\.de>\. Parts of this manual were taken and adapted from the fstab(5) manual page\.
.sp

180
crypttab.5.txt
View File

@ -1,180 +0,0 @@
CRYPTTAB(5)
===========
NAME
----
crypttab - static information about crypted filesystems
SYNOPSIS
--------
*crypttab*::
'<target device>' '<source device>' '<key file>' '<options>'
DESCRIPTION
-----------
The file */etc/crypttab* contains descriptive informations about
encrypted volumes. Each volume is described on a separate line;
columns on each line are separated by tabs or spaces. Lines starting
with "'#'" are comments, empty lines are ignored. The order of
records in *crypttab* is important because the
*/etc/init.d/boot.crypto* script sequentially iterates through
*crypttab* entries. All four columns are mandatory, missing or
excessive columns will lead to unspecified behaviour.
- The first column, 'target device' specifies the mapped 'device
name'. It must be a plain filename without any directories. A mapped
device */dev/mapper/*'device name' will be created by
*cryptsetup(8)* crypting data from and onto the 'source device'.
To actually mount that device it needs to be listed in */etc/fstab*.
- The second column 'source device' specifies the block special
device that should hold the encrypted data.
- The third column 'key file' specifies a file containing the raw
binary key to use for decrypting the encrypted data of the 'source
device'.
The key file can also be a device name (e.g. */dev/urandom*, which
is useful for encrypted swap devices). Warning: luks does not
support infinite streams (like */dev/urandom*), it requires a fixed
size key.
If the 'key file' is the string *none*, the key data (i.e. a
password or passphrase) will be read interactively from the console.
In this case the options precheck, check, checkargs and tries may be
useful.
- The fourth field 'options' specifies the cryptsetup options
associated with the encryption process. At minimum, the field should
contain the string *luks* or the 'cipher', 'hash' and 'size'
options.
Options have to be specified in the format: 'key'='value'[,'key'='value' ...]
OPTIONS
-------
*cipher*=<cipher>::
Encryption algorithm. See *cryptsetup -c*.
*size*=<size>::
Encryption key size. See *cryptsetup -s*.
*hash*=<hash>::
Hash algorithm. See *cryptsetup -h*.
*verify*::
Verify password. See *cryptsetup -y*.
*readonly*::
The backing device is read-only (eg: a dvd).
*luks*::
Use device with luks extensions.
*swap*::
Run *mkswap* on the created device.
*tmp*::
Run *mkfs* on the created device. The file system to use is
specified in */etc/fstab*. If */etc/fstab* does not list the mapped
device, ext2 is used as fallback.
*precheck*=<precheck>::
Check the source device by suitable program; if the check fails the device is
not created; <precheck> is a script to check the source device. The source
device is given as argument to the script.
*check*[=<program>]::
Check the content of the mapped device by a suitable program; if the
check fails the device is removed. The specified program is
run giving the decrypted volume (target device) as first and the
value of the checkargs option as second argument. Cryptdisks
searches for the given program in /lib/cryptsetup/checks/. If no
program is specified, vol_id is used.
*checkargs*=<argument>::
Pass <argument> as second argument to the check script
*tries*=<num>::
Prompt for the passphrase at most <num> times if the entered
passphrase was wrong. Defaults is 3. Only works for LUKS volumes.
*timeout*=<sec>::
Time out interactive password prompts after <sec> seconds.
*loop*::
Always attach a loop device before mapping the device. Normally a
loop device is used automatically only for image files. Useful if
the block size of the physical device does not match the block size
of the contained file system. E.g. ext2 on a CD.
*noauto*::
Causes boot.crypto to skip this record during boot
*pseed=<string>*::
Set a string that is appended to the passphrase after hashing.
Using different seeds for volumes with the same passphrase makes
dictionary attacks harder. Use for compatability with loop-AES.
*itercountk=<num>*::
Encrypts the hashed password <num> thousand times using AES-256. Use
for compatability with loop-AES.
*loud*, *ssl*, *gpg*, *keyscript*::
not supported. Listed here as they are supported by Debian.
CHECKSCRIPTS
------------
TODO
/////
*vol_id*::
Checks for any known filesystem. Supports a filesystem type as argument via
<checkargs>:
no checkargs - succeeds if any valid filesystem is found on the device.
"none" - succeeds if no valid filesystem is found on the device.
"ext3" [or any other filesystem type like xfs, swap, crypto_LUKS, whatever] - succeeds
if an ext3 [or another given] filesystem type is found on the device.
*ext3*::
Checks for a valid ext2/ext3 filesystem.
*xfs*::
Checks for a valid xfs filesystem.
*swap*::
Checks for partition type 'swap'. Only useful as <precheck>.
////
EXAMPLES
--------
*Encrypted swap device*::
cswap /dev/sda6 /dev/random swap
*Encrypted luks volume with interactive password*::
cdisk0 /dev/hda1 none luks
*Encrypted luks volume with interactive password, use a custom check script, no retries*::
cdisk2 /dev/hdc1 none luks,check=customscript,checkargs=foo,tries=1
*Encrypted volume with interactive password and a cryptoloop compatible twofish256 cipher*::
cdisk3 /dev/sda3 none cipher=twofish-cbc-plain,size=256,hash=sha512
SEE ALSO
--------
cryptsetup(8), /etc/crypttab, fstab(8)
AUTHOR
------
Manual page converted to asciidoc by Michael Gebetsroither
<michael.geb@gmx.at>. Originally written by
Bastian Kleineidam <calvin@debian.org> for the Debian distribution
of cryptsetup. Improved by Jonas Meurer <jonas@freesources.org>.
Modified for SUSE Linux by Ludwig Nussel <ludwig.nussel@suse.de>.
Parts of this manual were taken and adapted from the fstab(5) manual
page.