diff --git a/0001-cryptsetup-the-device-parameter-of-LUKS_device_ready.diff b/0001-cryptsetup-the-device-parameter-of-LUKS_device_ready.diff deleted file mode 100644 index 5766bf6..0000000 --- a/0001-cryptsetup-the-device-parameter-of-LUKS_device_ready.diff +++ /dev/null @@ -1,26 +0,0 @@ -From 637619ff183804b4f654a3c5810aea2bb8ce9ba3 Mon Sep 17 00:00:00 2001 -From: Ludwig Nussel -Date: Thu, 29 Nov 2007 13:18:23 +0100 -Subject: [PATCH] cryptsetup: the device parameter of LUKS_device_ready should be const - -Signed-off-by: Ludwig Nussel ---- - luks/keymanage.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/luks/keymanage.c b/luks/keymanage.c -index 915a0f2..91ff688 100644 ---- a/luks/keymanage.c -+++ b/luks/keymanage.c -@@ -466,7 +466,7 @@ int LUKS_benchmarkt_iterations() - return PBKDF2_performance_check()/2; - } - --int LUKS_device_ready(char *device, int mode) -+int LUKS_device_ready(const char *device, int mode) - { - int devfd = open(device, mode | O_DIRECT | O_SYNC); - if(devfd < 0) { --- -1.5.3.4 - diff --git a/0002-cryptsetup-logger-function-should-return-void.diff b/0002-cryptsetup-logger-function-should-return-void.diff deleted file mode 100644 index de17bb0..0000000 --- a/0002-cryptsetup-logger-function-should-return-void.diff +++ /dev/null @@ -1,26 +0,0 @@ -From 32f038fe704a069444e5b71d6b195795b917016a Mon Sep 17 00:00:00 2001 -From: Ludwig Nussel -Date: Thu, 29 Nov 2007 13:21:23 +0100 -Subject: [PATCH] cryptsetup: logger function should return void - -Signed-off-by: Ludwig Nussel ---- - lib/setup.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/lib/setup.c b/lib/setup.c -index 9e8c810..032d90e 100644 ---- a/lib/setup.c -+++ b/lib/setup.c -@@ -26,7 +26,7 @@ static char *default_backend = NULL; - - #define at_least_one(a) ({ __typeof__(a) __at_least_one=(a); (__at_least_one)?__at_least_one:1; }) - --static int logger(struct crypt_options *options, int class, char *format, ...) { -+static void logger(struct crypt_options *options, int class, char *format, ...) { - va_list argp; - char *target; - --- -1.5.3.4 - diff --git a/0003-cryptsetup-fix-implicit-function-declarations.diff b/0003-cryptsetup-fix-implicit-function-declarations.diff deleted file mode 100644 index 087dce3..0000000 --- a/0003-cryptsetup-fix-implicit-function-declarations.diff +++ /dev/null @@ -1,38 +0,0 @@ -From 557a4f778b227b63b7095e2910bb6911ed2b040c Mon Sep 17 00:00:00 2001 -From: Ludwig Nussel -Date: Thu, 29 Nov 2007 10:35:19 +0100 -Subject: [PATCH] cryptsetup: fix implicit function declarations - -Signed-off-by: Ludwig Nussel ---- - lib/libcryptsetup.h | 3 ++- - luks/luks.h | 1 + - 2 files changed, 3 insertions(+), 1 deletions(-) - -diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h -index fad14d1..e2db46a 100644 ---- a/lib/libcryptsetup.h -+++ b/lib/libcryptsetup.h -@@ -53,7 +53,8 @@ int crypt_query_device(struct crypt_options *options); - int crypt_remove_device(struct crypt_options *options); - int crypt_luksFormat(struct crypt_options *options); - int crypt_luksOpen(struct crypt_options *options); --int crypt_luksDelKey(struct crypt_options *options); -+int crypt_luksKillSlot(struct crypt_options *options); -+int crypt_luksRemoveKey(struct crypt_options *options); - int crypt_luksAddKey(struct crypt_options *options); - int crypt_luksUUID(struct crypt_options *options); - int crypt_isLuks(struct crypt_options *options); -diff --git a/luks/luks.h b/luks/luks.h -index ac9fe74..17f7b08 100644 ---- a/luks/luks.h -+++ b/luks/luks.h -@@ -132,4 +132,5 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength, - char *key, size_t keyLength, - const char *device, - unsigned int sector, struct setup_backend *backend); -+int LUKS_device_ready(const char *device, int mode); - #endif --- -1.5.3.4 - diff --git a/Makefile.doc b/Makefile.doc deleted file mode 100644 index cdbae23..0000000 --- a/Makefile.doc +++ /dev/null @@ -1,3 +0,0 @@ -crypttab.5: crypttab.5.txt - a2x -d manpage -f manpage crypttab.5.txt - rm -f crypttab.5.xml diff --git a/boot.crypto b/boot.crypto deleted file mode 100644 index eda2755..0000000 --- a/boot.crypto +++ /dev/null @@ -1,1073 +0,0 @@ -#!/bin/bash -# Copyright (C) 1996-2007 SUSE Linux Products GmbH, Nuernberg, Germany. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# -# Author: Werner Fink , 2001-2006 -# Chris Rivera 2006 -# Ludwig Nussel 2007 -# -# /etc/init.d/boot.crypto -# -### BEGIN INIT INFO -# Provides: boot.crypto -# Required-Start: boot.localfs boot.device-mapper -# Should-Start: -# Required-Stop: -# Default-Start: B -# Default-Stop: -# Description: Enable crypto file systems before leaving boot phase -# Short-Description: Enable crypto file systems before leaving boot phase -### END INIT INFO - -# Determine the base and follow a runlevel link name. -base=${0##*/} -link=${base#*[SK][0-9][0-9]} - -. /etc/rc.status - -trap "echo" SIGINT SIGSEGV -set +e - -# Redirect to real device (e.g. in case of boot logging) -: ${CRYPTOTAB:=/etc/cryptotab} -: ${CRYPTTAB:=/etc/crypttab} -: ${TIMEOUT:=120} -if test -z "$REDIRECT" ; then - if (echo -n > /dev/tty) 2>/dev/null ; then - REDIRECT=/dev/tty - else - REDIRECT=/dev/console - fi -fi - -splash="" -did_redirect="" -otty=$(stty -g) -redirect () -{ - test -z "$did_redirect" || return 0 - did_redirect=1 - if test -e /proc/splash ; then - read splash < /proc/splash - echo verbose > /proc/splash - fi - test -z "$otty" || stty "$otty" < $REDIRECT; - stty -nl -ixon ignbrk -brkint < $REDIRECT - if test -x /etc/init.d/kbd -a -n "$RUNLEVEL" ; then - # boot.cleanup runs after us and presence of this file prevents kbd - # from running - /bin/rm -f /var/run/keymap - /etc/init.d/kbd start - fi -} - -restore () -{ - test -n "$did_redirect" || return 0 - test -z "$otty" || stty "$otty" < $REDIRECT; - [[ "$splash" =~ silent ]] && echo silent > /proc/splash -} - -ppid=0 -prmt="" -setprompt () -{ - if test -t 1 -a "$TERM" != "raw" -a "$TERM" != "dumb" && stty size <&1 > /dev/null 2>&1 - then - ( - trap "exit 0" SIGTERM - trap "echo" SIGINT SIGSEGV - usleep 15000 - while test $timeout -gt 0 ; do - # cursor to start of line, erase line, print prompt - echo -en "\r\e[2K${prmt}" - sleep 2 - : $((timeout-=2)) - done - ) & ppid=$! - else - usleep 15000 - echo -en "\r${prmt}" - ppid=0 - fi -} - -unsetprompt () -{ - local ret=$? - test $ppid -gt 0 && kill -15 $ppid - ppid=0 - return $ret -} - -reverse () -{ - local _line - while read -r _line ; do - case "$_line" in \#*|"") continue ;; esac - reverse - echo "$_line" - break - done -} - -detachloopdev () -{ - if [ -n "$loopdev" ]; then - losetup -d $loopdev &> /dev/null || true - fi -} - -# -# Check for valid super blocks -# -check_superblock() -{ - local fs="$1" - local device="$2" - case "$fs" in - ext[23]) tune2fs -l $device &> /dev/null ;; - reiserfs) debugreiserfs $device &> /dev/null ;; - *) true ;; - esac -} - -# -# parameters: filesys device mountpoint physdev quiet -# return value: -# 0 - ok -# 1 - enter passphrase again -# 2 - skip entry -# 3 - fsck -# -paranoid_safety_checks() -{ - local filesys device mp physdev quiet choice - filesys="$1" - device="$2" - mp="$3" - physdev="$4" - quiet="$5" - - check_superblock "$filesys" "$device" - - if test $? -gt 0 || ! mount -t "$filesys" -n -o ro "$device" "$mp" &> /dev/null ; then - umount -n "$mp" &> /dev/null || true - if test -n "$quiet"; then - return 2 - fi - echo "${warn}An error occurred. The passphrase may be wrong or the" - echo "file system on $physdev might be corrupted.${norm}" - - while true ; do - echo "${extd}To check the file system, enter Check.${norm}" - echo -n "${extd}Retry entering the passphrase?${norm}" - choice= - read -p " ([${extd}yes${norm}]/${extd}no${norm}/${extd}check${norm}/) " choice < $REDIRECT || { echo 'no'; choice='no'; } - case "$choice" in - [yY][eE][sS]|[yY]|"") - return 1 ;; - [nN][oO]|[nN]) - return 2 ;; - [Cc][hH][eE][Cc][kK]|[Cc]) - return 3 ;; - esac - done - else - umount -n "$mp" &> /dev/null || true - fi - - return 0 -} - -run_fsck() -{ - local filesys device mp physdev - filesys="$1" - device="$2" - mp="$3" - physdev="$4" - # - # Checking the structure on the loop device - # - # If we use a serial console, don't use the fsck progress bar - # - FSCK_PROGRESSBAR="-V" - [ -x /sbin/showconsole ] && [ "`/sbin/showconsole`" = "/dev/tty1" ] && FSCK_PROGRESSBAR="-C" - if test -x /sbin/fsck.$filesys; then - fsck $FSCK_PROGRESSBAR -T -a -t $filesys $device - else - true - fi - if test $? -gt 1; then - echo "${extd}fsck of $device failed. Please repair manually.${norm}" - echo "${warn}Warning: do never try to repair if you have entered the wrong passphrase.${norm}" - # run sulogin only during boot - if test "$base" != "$link"; then - PS1="(repair filesystem) # " - /sbin/sulogin -t "$timeout" $REDIRECT < $REDIRECT > $REDIRECT 2>&1 - sync - - if ! paranoid_safety_checks "$filesys" "$device" "$mp" "$physdev" 'quiet'; then - echo "${extd}$physdev still appears to be damaged, skipping${norm}" - /sbin/cryptsetup remove $name || true - detachloopdev - return 1 - fi - else - # leave the device set up so user can fun fsck manually - return 1 - fi - fi - return 0 -} - -report() -{ - rc_failed "$1" - shift - echo -n "$*" - rc_status -v -} - -start_cryptotab () -{ - local stat=0 - local haveone='' - timeout="$TIMEOUT" - - test -n "$tostart" || echo "Activating crypto devices using $CRYPTOTAB ... " - while read loopdev physdev access filesys crypto mopt info rest ; do - case "$loopdev" in - \#*|"") continue ;; - esac - - if test -n "$tostart" -a "$loopdev" != "$tostart" -a "$physdev" != "$tostart" -a "$access" != "$tostart"; then - continue - fi - - haveone=1 - - redirect - - # key length for cryptsetup - keylen= - ivgen='plain' - hashalgo='sha512' - name= - # - - # Does the user want to skip current entry? - # - doskip=0 - # - # Does the mount point exit? - # - if ! test -d $access ; then - report 5 "$physdev: $access doesn't exist" - continue - fi - if ! test -e $physdev ; then - report 5 "$physdev doesn't exist" - continue - fi - # - # Seeking for crypto modules - # - case "$crypto" in - twofish) keylen=192; ivgen='null'; hashalgo='ripemd160:20' ;; - twofishSL92) keylen=256; ivgen='null' ;; - twofish[0-9]*) keylen=${crypto#twofish}; ;; - #TODO add more algorithm or better detection - *) - report 2 "$physdev: unsupported algorithm \"$crypto\"" - continue - ;; - esac - cipher=twofish-cbc-$ivgen - - name="${loopdev#/dev/}" - name="cryptotab_${name//[^A-Za-z0-9]/_}" - - if [ -e "/dev/mapper/$name" ]; then - report 5 "$physdev: $name already mapped" - continue - fi - - while true; do # setup/check loop - # - # Restore virgin state - # - if [ -b "/dev/mapper/$name" ]; then - /sbin/cryptsetup remove $name || true - fi - detachloopdev - device="$loopdev" - - # - # Setting up loop device - # - if test -n "$info" ; then - prmt="${extd}Please enter passphrase for \"$info\" ($physdev): ${norm}" - else - prmt="${extd}Please enter passphrase for $physdev: ${norm}" - fi - - # we always use a loop device to avoid block size issues - # with e.g. cdroms for backward compatability - if ! losetup $loopdev $physdev; then - report 1 "$physdev..." - continue 2 - fi - - params="-t $timeout -c $cipher -s $keylen -h $hashalgo" - - setprompt - /sbin/cryptsetup $params create "$name" "$device" < $REDIRECT > $REDIRECT 2>&1 - stat=$? - unsetprompt - - if test "$stat" -ne 0; then - detachloopdev - report 1 "$physdev..." - continue 2 - fi - - device="/dev/mapper/$name" - - paranoid_safety_checks "$filesys" "$device" "$access" "$physdev" - stat="$?" - if test "$stat" = 1; then # retype passphrase - continue - elif test "$stat" = 2; then # skip entry - doskip=1 - fi - break - done - # - # Does the user want to skip this entry? - # - if test $doskip -gt 0 ; then - /sbin/cryptsetup remove $name || true - report 5 "$physdev..." - detachloopdev - continue - fi - - if ! run_fsck "$filesys" "$device" "$access" "$physdev"; then - report 1 "$physdev..." - continue - fi - - case "$mopt" in - default|"") mopt="" ;; - esac - - mount -t $filesys ${mopt:+-o $mopt} $device $access - stat=$? - if test $stat -gt 0 ; then - stat=1 - /sbin/cryptsetup remove $name || true - detachloopdev - fi - report $stat "$physdev..." - done < $CRYPTOTAB - - if test -z "$haveone" -a -z "$tostart"; then - rc_failed 6 - rc_status -v1 - fi -} - -hashalotcryptsetup() -{ - /sbin/hashalot ${halgo:+$halgo} -t $timeout ${pseed:+-s $pseed} ${itercountk:+-C $itercountk} | /sbin/cryptsetup "$@" -} - -start_crypttab () -{ - local stat=0 - local haveone='' - - test -n "$tostart" || echo "Activating crypto devices using $CRYPTTAB ... " - while read name physdev keyfile options dummy; do - case "$name" in - \#*|"") continue ;; - esac - - if test -n "$tostart" -a "$name" != "$tostart" -a "$physdev" != "$tostart"; then - continue - fi - - haveone=1 - redirect - - # skip mapped entries - if test -e /dev/mapper/$name; then - report 5 "$physdev: $name already mapped" - continue - fi - - test "$keyfile" = "none" && keyfile="" - test "$options" = "none" && options="" - - # make sure the keyfile exists - if test -n "$keyfile" -a ! -e "$keyfile"; then - report 5 "$physdev: $keyfile does not exist" - continue - fi - if ! test -e $physdev ; then - report 5 "$physdev doesn't exist" - continue - fi - - # parse the options field - skip="" - params="" - makeswap="" - maketmp="" - noauto="" - luks="" - check="" - checkargs="" - loopdev="" - param_ro="" - cipher="" - keysize="" - halgo="" - timeout="" - tries="" - pseed="" - itercountk="" - while test -n "$options"; do - arg=${options%%,*} - options=${options##$arg} - options=${options##,} - param=${arg%%=*} - value=${arg##$param=} - - case "$param" in - cipher) - if test -z "$value" ; then - echo $"$dst: no value for cipher option, skipping" - skip="yes" - fi - cipher="$value" - ;; - size) - if test -z "$value" ; then - echo $"$dst: no value for size option, skipping" - skip="yes" - fi - keysize="$value" - ;; - hash) - if test -z "$value" ; then - echo $"$dst: no value for hash option, skipping" - skip="yes" - fi - halgo="$value" - ;; - verify) params="$params -y" ;; - swap) makeswap="yes" ;; - tmp) maketmp="yes" ;; - noauto) noauto="yes" ;; - luks) luks="yes" ;; - loop) loopdev="yes" ;; - readonly) param_ro="-r" ;; - timeout) - case "$value" in - [0-9]*) timeout="$value";; - *) echo "invalid timeout '$value' ignored" ;; - esac - ;; - tries) - if test -n "$value" ; then - params="$params --tries=$tries" - fi - ;; - check) - if test -n "$value" -a -x /lib/cryptsetup/checks/"$value" ; then - check="/lib/cryptsetup/checks/$value" - else - check="/lib/cryptsetup/checks/vol_id" - fi - ;; - checkargs) - if test -n "$value" ; then - checkargs="$value" - fi - ;; - pseed) pseed="$value" ;; - itercountk) itercountk="$value" ;; - precheck|loud|ssl|gpg|keyscript|*) - echo "unsupported crypttab option: '$param'" - skip='yes' - ;; - esac - done - - if test -n "$luks"; then - if test -n "$cipher" -o -n "$halgo" -o -n "$keysize" -o -n "$pseed" -o -n "$itercountk"; then - echo "cipher, hash, size, pseed and itercountk options are ignored for LUKS" - fi - fi - if test -n "$keyfile"; then - if test -n "$halgo" -o -n "$pseed" -o -n "$itercountk"; then - report 2 "${ext}hash, pseed and itercountk options are invalid when using a key file${norm}" - continue - fi - fi - - if test "$skip" = "yes" -o \( "$noauto" = "yes" -a -z "$tostart" \); then - report 5 "$physdev" - continue - fi - - if test -n "$param_ro"; then - params="$params $param_ro" - fi - - # we always want a timeout to prevent accidential hanging boot - if test -z "$timeout"; then - timeout="$TIMEOUT" - fi - params="$params --timeout=$timeout" - - device="$physdev" - # if device is a regular file then it's an image - if test -n "$loopdev" -o -f $device; then - loopdev='' - for i in 0 1 2 3 4 5 6 7; do - if ! test -b "/dev/loop$i"; then - continue - fi - - unset loopsize - read loopsize < /sys/block/loop$i/size - if test $? -eq 0 -a "$loopsize" = '0' && /sbin/losetup $param_ro "/dev/loop$i" $device; then - device="/dev/loop$i" - loopdev="$device" - break - fi - done - - if test -z "$loopdev"; then - report 1 "$physdev: failed to find a usable loop device" - continue - fi - fi - - doskip=0 - - while true; do # setup/check loop - - if [ -b "/dev/mapper/$name" ]; then - /sbin/cryptsetup remove $name - fi - - if test -z "$keyfile"; then - prmt="${extd}Please enter passphrase for $physdev ($name): ${norm}" - setprompt - fi - - # map the devices - if test -n "$luks" || cryptsetup isLuks "$device" &> /dev/null; then - luks='yes' - /sbin/cryptsetup $params ${keyfile:+-d $keyfile} luksOpen "$device" "$name" < $REDIRECT &> $REDIRECT - stat=$? - else - # XXX hack - if test -n "$pseed" -o -n "$itercountk"; then - params="$params -d /dev/stdin" # cannot use "-" as cryptsetup would hash that - cryptsetup=hashalotcryptsetup - else - cryptsetup=/sbin/cryptsetup - fi - params="$params ${cipher:+-c $cipher} ${halgo:+-h $halgo} ${keysize:+-s $keysize}" - $cryptsetup $params ${keyfile:+-d $keyfile} create "$name" "$device" < $REDIRECT &> $REDIRECT - stat=$? - unset cryptsetup - fi - if test -z "$keyfile"; then - unsetprompt - fi - - if test $stat -ne 0; then - report 1 "$physdev... " - doskip=1 - detachloopdev - break - fi - - # run check if it's set - if test -n "$check"; then - $check "/dev/mapper/$name" $checkargs - if test $? -ne 0; then - report 1 "$physdev... " - doskip=1 - /sbin/cryptsetup remove $name - detachloopdev - break - fi - fi - - mountpoint='' - fs_type='auto' - infstab='' - read dummy mountpoint fs_type dummy < <(/bin/awk -vd=/dev/mapper/$name '$1==d{print;exit}' < /etc/fstab) - if test "$?" -eq 0; then - infstab='yes' - fi - - # run mkfs if the tmp option was given - if test "$maketmp" = "yes"; then - echo "Creating filesystem on /dev/mapper/$name..." - if test "$fs_type" = 'auto'; then - fs_type='ext2' - fi - /sbin/mkfs -t "$fs_type" /dev/mapper/$name - - if test $? -ne 0; then - report 1 "$phsdev: failed to create temporary file system." - doskip=1 - /sbin/cryptsetup remove $name - detachloopdev - break - fi - fi - - # no need for paranoid checks with luks as cryptsetup is able to - # verify the passphrase itself then - # - # if the device is not in fstab we can't do paranoid checks as we - # don't know what the intention of the device is - if test "$makeswap" != 'yes' -a -z "$luks" -a -n "$infstab"; then - if test -z "$luks"; then - paranoid_safety_checks "$fs_type" "/dev/mapper/$name" "$mountpoint" "$physdev" - stat="$?" - if test "$stat" = 1; then # retype passphrase - continue - elif test "$stat" = 2; then # skip entry - report 5 "$physdev..." - doskip=1 - fi - fi - fi - - break; - done # setup/check loop - - if test "$doskip" -gt 0; then - if test -b "/dev/mapper/$name"; then - /sbin/cryptsetup remove "$name" - fi - detachloopdev - continue - fi - - # run mkswap if necessary. boot.swap with enable this later - if test "$makeswap" = "yes"; then - mkswap "/dev/mapper/$name" - stat="$?" - test $stat -eq 0 || stat=1 - report $stat "$physdev..." - continue - fi - - if test -z "$infstab"; then - report 0 "$physdev..." - continue - fi - - if ! run_fsck "$fs_type" "/dev/mapper/$name" "$mp" "$physdev"; then - report 1 "$physdev..." - continue - fi - - mount /dev/mapper/$name - stat="$?" - - if test $stat -gt 0 ; then - stat=1 - /sbin/cryptsetup remove $name || true - detachloopdev - fi - - # set permissions for tmp dirs - if test "$maketmp" = "yes"; then - chmod 1777 $mountpoint - fi - - report $stat "$physdev..." - - done < $CRYPTTAB - if test -z "$haveone" -a -z "$tostart"; then - rc_failed 6 - rc_status -v1 - fi -} - -umount_or_swapoff() -{ - # unmount device - if /bin/grep -q "^/dev/mapper/$name[ \t]" /proc/mounts; then - umount "/dev/mapper/$name" - if test $? -gt 0 ; then - return 1 - fi - elif /bin/grep -q "^/dev/mapper/$name[ \t]" /proc/swaps; then - swapoff "/dev/mapper/$name" - if test $? -gt 0 ; then - return 1 - fi - fi - - return 0 -} - - -stop_cryptotab () -{ - local haveone='' - - test -n "$tostop" || echo "Turning off crypto devices using $CRYPTOTAB ... " - - while read loopdev physdev access filesys crypto mopt rest ; do - case "$loopdev" in - \#*|"") continue ;; - esac - - if test -n "$tostop" -a "$loopdev" != "$tostop" -a "$physdev" != "$tostop" -a "$access" != "$tostop"; then - continue - fi - - haveone=1 - - name="${loopdev#/dev/}" - name="cryptotab_${name//[^A-Za-z0-9]/_}" - - if test -b "/dev/mapper/$name"; then - - if ! umount_or_swapoff; then - report 1 "$physdev..." - continue - fi - - cryptsetup remove "$name" || rc_failed 1 - fi - - if losetup $loopdev >/dev/null 2>&1; then - losetup -d $loopdev || rc_failed 1 - fi - - echo -n "$physdev..." - rc_status -v - - done < <(reverse < $CRYPTOTAB) - - if test -z "$haveone" -a -z "$tostop"; then - rc_status -v1 - fi -} - -stop_crypttab () -{ - local haveone='' - - test -n "$tostop" || echo "Turning off crypto devices using $CRYPTTAB ... " - - while read name physdev keyfile options dummy; do - case "$name" in - \#*|"") continue ;; - esac - - if test -n "$tostop" -a "$name" != "$tostop" -a "$physdev" != "$tostop"; then - continue - fi - - haveone=1 - - loopdev="" - device="$physdev" - - if test -b "/dev/mapper/$name"; then - if ! umount_or_swapoff; then - report 1 "$physdev..." - continue - fi - - /sbin/cryptsetup remove "$name" || rc_failed 1 - fi - - # delete the loop device - while read line; do - case "$line" in - *\(${physdev}\)*) device=${line%%:*}; loopdev='yes' ;; - esac - done < <(/sbin/losetup -a) - - if test -n "$loopdev" && losetup $device >/dev/null 2>&1; then - /sbin/losetup -d $device || rc_failed 1 - fi - - echo -n "$physdev..." - rc_status -v - - done < <(reverse < $CRYPTTAB) - - if test -z "$haveone" -a -z "$tostop"; then - rc_status -v1 - fi -} - -status_cryptotab() -{ - local state str - local haveone='' - while read loopdev physdev access filesys crypto mopt info rest ; do - case "$loopdev" in - \#*|"") continue ;; - esac - - haveone=1 - - name="${loopdev#/dev/}" - name="cryptotab_${name//[^A-Za-z0-9]/_}" - - echo -n "$physdev" - state=0 - str='' - - if losetup "$loopdev" > /dev/null 2>&1; then - str="$str ${loopdev#/dev/}" - state=$((state+1)) - fi - if test -b "/dev/mapper/$name"; then - str="$str mapped" - state=$((state+1)) - fi - if /bin/grep -q "^/dev/mapper/$name[ \t]" /proc/mounts; then - str="$str mounted" - state=$((state+1)) - fi - - if test "$state" = 3; then - rc_failed 0 - elif test "$state" != 0; then - rc_failed 4 - else - rc_failed 3 - fi - - if test -n "$str"; then - echo -n " [$str ]" - fi - rc_status -v - - done < $CRYPTOTAB - - if test -z "$haveone"; then - report 3 "$CRYPTOTAB" - fi -} - -status_crypttab() -{ - local state str - local haveone='' - - while read name physdev keyfile options dummy; do - case "$name" in - \#*|"") continue ;; - esac - - haveone=1 - - echo -n "$physdev" - state=0 - str='' - - loopdev='' - # find the loop device - while read line; do - case "$line" in - *\(${physdev}\)*) loopdev=${line%%:*};; - esac - done < <(/sbin/losetup -a) - - if test -n "$loopdev" && losetup "$loopdev" > /dev/null 2>&1; then - str="$str ${loopdev#/dev/}" - state=$((state|1)) - fi - if test -b "/dev/mapper/$name"; then - str="$str mapped" - state=$((state|2)) - fi - if /bin/grep -q "^/dev/mapper/$name[ \t]" /proc/mounts; then - str="$str mounted" - state=$((state|4)) - elif /bin/grep -q "^/dev/mapper/$name[ \t]" /proc/swaps; then - str="$str swap" - state=$((state|4)) - fi - - if test -n "$str"; then - echo -n " [$str ]" - fi - if test "$state" != 0; then - if test $((state&2)) = 0; then - rc_failed 4 - else - if ! test -e "$physdev"; then - rc_failed 1 - else - rc_failed 0 - fi - fi - else - rc_failed 3 - fi - rc_status -v - - done < $CRYPTTAB - - if test -z "$haveone"; then - report 3 "$CRYPTTAB" - fi -} - -# -# Cutomize_{start,stop}_hook are for interactive usage only -# -cutomize_start_hook () -{ - local srv - - test "$base" != "$link" && return 0 - test -s /etc/sysconfig/boot.crypto || return 0 - . /etc/sysconfig/boot.crypto - - for srv in $TRY_RESTART_AT_START ; do - test -n "$srv" || break - test -x /etc/init.d/$srv || continue - /etc/init.d/$srv try-restart - done - - for srv in $RESTART_AT_START ; do - test -n "$srv" || break - test -x /etc/init.d/$srv || continue - /etc/init.d/$srv restart - done - - for srv in $RELOAD_AT_START ; do - test -n "$srv" || break - test -x /etc/init.d/$srv || continue - /etc/init.d/$srv reload - done -} - -cutomize_stop_hook () -{ - local srv - - test "$base" != "$link" && return 0 - test -s /etc/sysconfig/boot.crypto || return 0 - . /etc/sysconfig/boot.crypto - - for srv in $TRY_RESTART_AT_STOP ; do - test -n "$srv" || break - test -x /etc/init.d/$srv || continue - /etc/init.d/$srv try-restart - done - - for srv in $RESTART_AT_STOP ; do - test -n "$srv" || break - test -x /etc/init.d/$srv || continue - /etc/init.d/$srv restart - done - - for srv in $RELOAD_AT_STOP ; do - test -n "$srv" || break - test -x /etc/init.d/$srv || continue - /etc/init.d/$srv reload - done -} - -rc_reset -case "$1" in - start|b) - - if ! /sbin/modprobe -q dm-crypt; then - echo "kernel lacks dm-crypt support" - rc_failed 5 - rc_status -v - rc_exit - fi - - tostart="$2" - - if test -s $CRYPTOTAB; then - start_cryptotab - fi - - if test -s $CRYPTTAB; then - start_crypttab - fi - - rc_failed 0 - - restore - - cutomize_start_hook - ;; - stop) - - tostop="$2" - - if test -s $CRYPTOTAB; then - stop_cryptotab - fi - - if test -s $CRYPTTAB; then - stop_crypttab - fi - - rc_failed 0 - - cutomize_stop_hook - ;; - status) - if test -s $CRYPTOTAB; then - status_cryptotab - fi - - if test -s $CRYPTTAB; then - status_crypttab - fi - rc_failed 0 - ;; - restart) - $0 stop - $0 start - rc_status - ;; - *) - echo "Usage: $0 {start|stop|status|restart}" - exit 1 - ;; -esac -rc_exit diff --git a/boot.crypto-0_200801091212.tar.bz2 b/boot.crypto-0_200801091212.tar.bz2 new file mode 100644 index 0000000..9e9bc60 --- /dev/null +++ b/boot.crypto-0_200801091212.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b8a5cc430e0d3361a3523e16d59fa68c074d4cf0e9c8dbd0a3af7f84f34d9222 +size 11134 diff --git a/cryptsetup-1.0.5_SVNr38.tar.bz2 b/cryptsetup-1.0.5_SVNr38.tar.bz2 deleted file mode 100644 index efecd01..0000000 --- a/cryptsetup-1.0.5_SVNr38.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:76390d49112cf35b6d6ea289bb1760ded416dfaf133edb131d6548e6d2d5be41 -size 416976 diff --git a/cryptsetup-1.0.5_SVNr42.tar.bz2 b/cryptsetup-1.0.5_SVNr42.tar.bz2 new file mode 100644 index 0000000..1c66052 --- /dev/null +++ b/cryptsetup-1.0.5_SVNr42.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9c8d18b901c75f2f2fbe8cefae1b53ca96373cb8edc8d7bad1f70b79991f8031 +size 246243 diff --git a/cryptsetup.changes b/cryptsetup.changes index 65dd71e..2351eea 100644 --- a/cryptsetup.changes +++ b/cryptsetup.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Wed Jan 9 12:07:14 CET 2008 - lnussel@suse.de + +- upgrade to svn revision 42 which includes previous patches +- boot.crypto: + * don't mount read-only as safety check (#345338) + * implement precheck scripts + * allow restarting of single volumes (#345605) + * status query of individual devices (#345605) + * add vol_id check script + * maintain boot.crypto stuff in revision control and use tarball + snapshots of it + ------------------------------------------------------------------- Thu Nov 29 13:47:24 CET 2007 - lnussel@suse.de diff --git a/cryptsetup.spec b/cryptsetup.spec index bb24ea0..bf7297f 100644 --- a/cryptsetup.spec +++ b/cryptsetup.spec @@ -1,7 +1,7 @@ # -# spec file for package cryptsetup (Version 1.0.5_SVNr38) +# spec file for package cryptsetup (Version 1.0.5_SVNr42) # -# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -15,24 +15,20 @@ Url: http://luks.endorphin.org/dm-crypt BuildRequires: device-mapper-devel e2fsprogs-devel libgcrypt-devel popt-devel # hashalot version %define haver 0.3 +# boot.crypto version +%define bcver 0_200801091212 License: BSD 3-Clause; GPL v2 or later Group: System/Base AutoReqProv: on -Version: 1.0.5_SVNr38 +Version: 1.0.5_SVNr42 Release: 1 Summary: Set Up dm-crypt Based Encrypted Block Devices Source: cryptsetup-%{version}.tar.bz2 Source1: hashalot-%haver.tar.bz2 -Source50: boot.crypto -Source90: Makefile.doc -Source91: crypttab.5.txt -# make -f Makefile.doc -Source92: crypttab.5 +# http://www.suse.de/~lnussel/boot.crypto.git +Source2: boot.crypto-%{bcver}.tar.bz2 # use this to create the tarball from svn Source99: cryptsetup-mktar -Patch1: 0001-cryptsetup-the-device-parameter-of-LUKS_device_ready.diff -Patch2: 0002-cryptsetup-logger-function-should-return-void.diff -Patch3: 0003-cryptsetup-fix-implicit-function-declarations.diff Patch10: hashalot-fixes.diff Patch11: hashalot-libgcrypt.diff Patch12: hashalot-ctrl-d.diff @@ -82,10 +78,7 @@ Authors: Ben Slusky %prep -%setup -q -b 1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 +%setup -q -b 1 -b 2 pushd ../hashalot-%haver %patch10 -p1 %patch11 -p1 @@ -130,14 +123,7 @@ rm -f $RPM_BUILD_ROOT/sbin/{rmd160,sha256,sha384,sha512} # # # boot.crypto -install -d -m 755 %{buildroot}/etc/init.d -install -m 755 %{SOURCE50} %{buildroot}/etc/init.d/boot.crypto -# maybe install templates instead? -install -m 644 /dev/null %{buildroot}/etc/cryptotab -install -m 644 /dev/null %{buildroot}/etc/crypttab -# man page -install -d -m755 %{buildroot}%{_mandir}/man5 -install -m644 %{SOURCE92} %{buildroot}%{_mandir}/man5 +make -C ../boot.crypto-* install DESTDIR=$RPM_BUILD_ROOT # %find_lang %name --all-name @@ -169,12 +155,12 @@ rm -rf $RPM_BUILD_ROOT /etc/init.d/boot.crypto /sbin/cryptsetup /sbin/hashalot -%_datadir/locale/de/LC_MESSAGES/cryptsetup.mo %_mandir/man1/hashalot.1.gz %_mandir/man8/cryptsetup.8.gz %_mandir/man5/crypttab.5.gz /%_lib/libcryptsetup.so.0 /%_lib/libcryptsetup.so.0.0.0 +/lib/cryptsetup %files devel %defattr(-,root,root) @@ -182,6 +168,16 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libcryptsetup.so %changelog +* Wed Jan 09 2008 - lnussel@suse.de +- upgrade to svn revision 42 which includes previous patches +- boot.crypto: + * don't mount read-only as safety check (#345338) + * implement precheck scripts + * allow restarting of single volumes (#345605) + * status query of individual devices (#345605) + * add vol_id check script + * maintain boot.crypto stuff in revision control and use tarball + snapshots of it * Thu Nov 29 2007 - lnussel@suse.de - upgrade to svn revision 38 * Wed Nov 07 2007 - mkoenig@suse.de diff --git a/crypttab.5 b/crypttab.5 deleted file mode 100644 index 8921027..0000000 --- a/crypttab.5 +++ /dev/null @@ -1,205 +0,0 @@ -.\" Title: crypttab -.\" Author: -.\" Generator: DocBook XSL Stylesheets v1.73.1 -.\" Date: 11/29/2007 -.\" Manual: -.\" Source: -.\" -.TH "CRYPTTAB" "5" "11/29/2007" "" "" -.\" disable hyphenation -.nh -.\" disable justification (adjust text to left margin only) -.ad l -.SH "NAME" -crypttab - static information about crypted filesystems -.SH "SYNOPSIS" -.PP -\fBcrypttab\fR -.RS 4 - -\fI\fR -\fI\fR -\fI\fR -\fI\fR -.RE -.SH "DESCRIPTION" -The file \fB/etc/crypttab\fR contains descriptive informations about encrypted volumes\. Each volume is described on a separate line; columns on each line are separated by tabs or spaces\. Lines starting with "\fI#\fR" are comments, empty lines are ignored\. The order of records in \fBcrypttab\fR is important because the \fB/etc/init\.d/boot\.crypto\fR script sequentially iterates through \fBcrypttab\fR entries\. All four columns are mandatory, missing or excessive columns will lead to unspecified behaviour\. -.sp -.sp -.RS 4 -\h'-04'\(bu\h'+03'The first column, -\fItarget device\fR -specifies the mapped -\fIdevice name\fR\. It must be a plain filename without any directories\. A mapped device -\fB/dev/mapper/\fR\fIdevice name\fR -will be created by -\fBcryptsetup(8)\fR -crypting data from and onto the -\fIsource device\fR\. -.RE -To actually mount that device it needs to be listed in \fB/etc/fstab\fR\. -.sp -.sp -.RS 4 -\h'-04'\(bu\h'+03'The second column -\fIsource device\fR -specifies the block special device that should hold the encrypted data\. -.RE -.sp -.RS 4 -\h'-04'\(bu\h'+03'The third column -\fIkey file\fR -specifies a file containing the raw binary key to use for decrypting the encrypted data of the -\fIsource device\fR\. -.RE -The key file can also be a device name (e\.g\. \fB/dev/urandom\fR, which is useful for encrypted swap devices)\. Warning: luks does not support infinite streams (like \fB/dev/urandom\fR), it requires a fixed size key\. -.sp -If the \fIkey file\fR is the string \fBnone\fR, the key data (i\.e\. a password or passphrase) will be read interactively from the console\. In this case the options precheck, check, checkargs and tries may be useful\. -.sp -.sp -.RS 4 -\h'-04'\(bu\h'+03'The fourth field -\fIoptions\fR -specifies the cryptsetup options associated with the encryption process\. At minimum, the field should contain the string -\fBluks\fR -or the -\fIcipher\fR, -\fIhash\fR -and -\fIsize\fR -options\. -.RE -Options have to be specified in the format: \fIkey\fR=\fIvalue\fR[,\fIkey\fR=\fIvalue\fR \&...] -.sp -.SH "OPTIONS" -.PP -\fBcipher\fR= -.RS 4 -Encryption algorithm\. See -\fBcryptsetup \-c\fR\. -.RE -.PP -\fBsize\fR= -.RS 4 -Encryption key size\. See -\fBcryptsetup \-s\fR\. -.RE -.PP -\fBhash\fR= -.RS 4 -Hash algorithm\. See -\fBcryptsetup \-h\fR\. -.RE -.PP -\fBverify\fR -.RS 4 -Verify password\. See -\fBcryptsetup \-y\fR\. -.RE -.PP -\fBreadonly\fR -.RS 4 -The backing device is read\-only (eg: a dvd)\. -.RE -.PP -\fBluks\fR -.RS 4 -Use device with luks extensions\. -.RE -.PP -\fBswap\fR -.RS 4 -Run -\fBmkswap\fR -on the created device\. -.RE -.PP -\fBtmp\fR -.RS 4 -Run -\fBmkfs\fR -on the created device\. The file system to use is specified in -\fB/etc/fstab\fR\. If -\fB/etc/fstab\fR -does not list the mapped device, ext2 is used as fallback\. -.RE -.PP -\fBprecheck\fR= -.RS 4 -Check the source device by suitable program; if the check fails the device is not created; is a script to check the source device\. The source device is given as argument to the script\. -.RE -.PP -\fBcheck\fR[=] -.RS 4 -Check the content of the mapped device by a suitable program; if the check fails the device is removed\. The specified program is run giving the decrypted volume (target device) as first and the value of the checkargs option as second argument\. Cryptdisks searches for the given program in /lib/cryptsetup/checks/\. If no program is specified, vol_id is used\. -.RE -.PP -\fBcheckargs\fR= -.RS 4 -Pass as second argument to the check script -.RE -.PP -\fBtries\fR= -.RS 4 -Prompt for the passphrase at most times if the entered passphrase was wrong\. Defaults is 3\. Only works for LUKS volumes\. -.RE -.PP -\fBtimeout\fR= -.RS 4 -Time out interactive password prompts after seconds\. -.RE -.PP -\fBloop\fR -.RS 4 -Always attach a loop device before mapping the device\. Normally a loop device is used automatically only for image files\. Useful if the block size of the physical device does not match the block size of the contained file system\. E\.g\. ext2 on a CD\. -.RE -.PP -\fBnoauto\fR -.RS 4 -Causes boot\.crypto to skip this record during boot -.RE -.PP -\fBpseed=\fR -.RS 4 -Set a string that is appended to the passphrase after hashing\. Using different seeds for volumes with the same passphrase makes dictionary attacks harder\. Use for compatability with loop\-AES\. -.RE -.PP -\fBitercountk=\fR -.RS 4 -Encrypts the hashed password thousand times using AES\-256\. Use for compatability with loop\-AES\. -.RE -.PP -\fBloud\fR, \fBssl\fR, \fBgpg\fR, \fBkeyscript\fR -.RS 4 -not supported\. Listed here as they are supported by Debian\. -.RE -.SH "CHECKSCRIPTS" -TODO -.sp -.SH "EXAMPLES" -.PP -\fBEncrypted swap device\fR -.RS 4 -cswap /dev/sda6 /dev/random swap -.RE -.PP -\fBEncrypted luks volume with interactive password\fR -.RS 4 -cdisk0 /dev/hda1 none luks -.RE -.PP -\fBEncrypted luks volume with interactive password, use a custom check script, no retries\fR -.RS 4 -cdisk2 /dev/hdc1 none luks,check=customscript,checkargs=foo,tries=1 -.RE -.PP -\fBEncrypted volume with interactive password and a cryptoloop compatible twofish256 cipher\fR -.RS 4 -cdisk3 /dev/sda3 none cipher=twofish\-cbc\-plain,size=256,hash=sha512 -.RE -.SH "SEE ALSO" -cryptsetup(8), /etc/crypttab, fstab(8) -.sp -.SH "AUTHOR" -Manual page converted to asciidoc by Michael Gebetsroither \. Originally written by Bastian Kleineidam for the Debian distribution of cryptsetup\. Improved by Jonas Meurer \. Modified for SUSE Linux by Ludwig Nussel \. Parts of this manual were taken and adapted from the fstab(5) manual page\. -.sp diff --git a/crypttab.5.txt b/crypttab.5.txt deleted file mode 100644 index 4cbdb19..0000000 --- a/crypttab.5.txt +++ /dev/null @@ -1,180 +0,0 @@ -CRYPTTAB(5) -=========== - -NAME ----- -crypttab - static information about crypted filesystems - - -SYNOPSIS --------- -*crypttab*:: -'' '' '' '' - - -DESCRIPTION ------------ -The file */etc/crypttab* contains descriptive informations about -encrypted volumes. Each volume is described on a separate line; -columns on each line are separated by tabs or spaces. Lines starting -with "'#'" are comments, empty lines are ignored. The order of -records in *crypttab* is important because the -*/etc/init.d/boot.crypto* script sequentially iterates through -*crypttab* entries. All four columns are mandatory, missing or -excessive columns will lead to unspecified behaviour. - -- The first column, 'target device' specifies the mapped 'device -name'. It must be a plain filename without any directories. A mapped -device */dev/mapper/*'device name' will be created by -*cryptsetup(8)* crypting data from and onto the 'source device'. - -To actually mount that device it needs to be listed in */etc/fstab*. - -- The second column 'source device' specifies the block special -device that should hold the encrypted data. - -- The third column 'key file' specifies a file containing the raw -binary key to use for decrypting the encrypted data of the 'source -device'. - -The key file can also be a device name (e.g. */dev/urandom*, which -is useful for encrypted swap devices). Warning: luks does not -support infinite streams (like */dev/urandom*), it requires a fixed -size key. - -If the 'key file' is the string *none*, the key data (i.e. a -password or passphrase) will be read interactively from the console. -In this case the options precheck, check, checkargs and tries may be -useful. - -- The fourth field 'options' specifies the cryptsetup options -associated with the encryption process. At minimum, the field should -contain the string *luks* or the 'cipher', 'hash' and 'size' -options. - -Options have to be specified in the format: 'key'='value'[,'key'='value' ...] - - -OPTIONS -------- - -*cipher*=:: -Encryption algorithm. See *cryptsetup -c*. - -*size*=:: -Encryption key size. See *cryptsetup -s*. - -*hash*=:: -Hash algorithm. See *cryptsetup -h*. - -*verify*:: -Verify password. See *cryptsetup -y*. - -*readonly*:: -The backing device is read-only (eg: a dvd). - -*luks*:: -Use device with luks extensions. - -*swap*:: -Run *mkswap* on the created device. - -*tmp*:: -Run *mkfs* on the created device. The file system to use is -specified in */etc/fstab*. If */etc/fstab* does not list the mapped -device, ext2 is used as fallback. - -*precheck*=:: -Check the source device by suitable program; if the check fails the device is -not created; is a script to check the source device. The source -device is given as argument to the script. - -*check*[=]:: -Check the content of the mapped device by a suitable program; if the -check fails the device is removed. The specified program is -run giving the decrypted volume (target device) as first and the -value of the checkargs option as second argument. Cryptdisks -searches for the given program in /lib/cryptsetup/checks/. If no -program is specified, vol_id is used. - -*checkargs*=:: -Pass as second argument to the check script - -*tries*=:: -Prompt for the passphrase at most times if the entered -passphrase was wrong. Defaults is 3. Only works for LUKS volumes. - -*timeout*=:: -Time out interactive password prompts after seconds. - -*loop*:: -Always attach a loop device before mapping the device. Normally a -loop device is used automatically only for image files. Useful if -the block size of the physical device does not match the block size -of the contained file system. E.g. ext2 on a CD. - -*noauto*:: -Causes boot.crypto to skip this record during boot - -*pseed=*:: -Set a string that is appended to the passphrase after hashing. -Using different seeds for volumes with the same passphrase makes -dictionary attacks harder. Use for compatability with loop-AES. - -*itercountk=*:: -Encrypts the hashed password thousand times using AES-256. Use -for compatability with loop-AES. - -*loud*, *ssl*, *gpg*, *keyscript*:: -not supported. Listed here as they are supported by Debian. - -CHECKSCRIPTS ------------- -TODO -///// -*vol_id*:: -Checks for any known filesystem. Supports a filesystem type as argument via -: -no checkargs - succeeds if any valid filesystem is found on the device. -"none" - succeeds if no valid filesystem is found on the device. -"ext3" [or any other filesystem type like xfs, swap, crypto_LUKS, whatever] - succeeds -if an ext3 [or another given] filesystem type is found on the device. - -*ext3*:: -Checks for a valid ext2/ext3 filesystem. - -*xfs*:: -Checks for a valid xfs filesystem. - -*swap*:: -Checks for partition type 'swap'. Only useful as . -//// - -EXAMPLES --------- -*Encrypted swap device*:: -cswap /dev/sda6 /dev/random swap - -*Encrypted luks volume with interactive password*:: -cdisk0 /dev/hda1 none luks - -*Encrypted luks volume with interactive password, use a custom check script, no retries*:: -cdisk2 /dev/hdc1 none luks,check=customscript,checkargs=foo,tries=1 - -*Encrypted volume with interactive password and a cryptoloop compatible twofish256 cipher*:: -cdisk3 /dev/sda3 none cipher=twofish-cbc-plain,size=256,hash=sha512 - -SEE ALSO --------- -cryptsetup(8), /etc/crypttab, fstab(8) - - -AUTHOR ------- -Manual page converted to asciidoc by Michael Gebetsroither -. Originally written by -Bastian Kleineidam for the Debian distribution -of cryptsetup. Improved by Jonas Meurer . -Modified for SUSE Linux by Ludwig Nussel . -Parts of this manual were taken and adapted from the fstab(5) manual -page.