sbrabec/util-linux
SHA256
1
0
Fork 0
forked from pool/util-linux
Code Pull Requests Activity

Accepting request 34654 from Base:System

Browse Source 
Copy from Base:System/util-linux based on submit request 34654 from user coolo

OBS-URL: https://build.opensuse.org/request/show/34654
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/util-linux?expand=0&rev=87
This commit is contained in:
OBS User autobuild 2010-03-12 15:45:47 +00:00 committed by Git OBS Bridge
parent 90cba39f17
commit c1fa3df380
6 changed files with 42 additions and 339 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

169
cryptoloop.txt
View File

@ -1,169 +0,0 @@
cryptoloop - a generic cryptographic loop device filter
=======================================================
To enable cryptoloop, you must fetch the cryptoloop-version.tar.gz source from
your kernel.org mirror or directly from the non-US <http://www.kerneli.org>.
Quickstart
~~~~~~~~~~
(if you have old encrypted volumes, please read the section about
conversion below)
you need a kernel compiled with
*) loop device driver
*) cryptographic support
*) generic crypto loop filter
*) one or more ciphers you want to use for encryption either as module or
statically (if you build them as module, don't forget to insmod them!)
Download the cryptoloop latest version tarball from the Internet and enter
the untarred directory. The following commands will patch your kernel and
copy the cryptoloop source in.
$ make patch-kernel KDIR=/your/kernel/source LOOP=[iv or jari]
Which will patch your kernel, and enable you to select cryptoloop in the
Cryptography section of the kernel configuration. Note, you have to manually
enable both CryptoAPI and cryptoloop in your kernel configuration.
If you would rather build modules you can use the following commands.
$ make modules KDIR=/your/kernel/source CDIR=/cryptoapi/source \
LOOP=[iv or jari]
$ make modules_install KDIR=/your/kernel/source
You also need a util-linux patched package (see
<http://www.kernel.org/pub/linux/kernel/people/hvr/> for some recent
patches)
Read on at <http://encryptionhowto.sourceforge.net/>
How Loopback Encryption Works
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Here is a small overview of how the loopback filesystem encryption works.
For all the of the data to be encrypted on a drive we need to interrupt the
disk write/read *after* the filesystem meta data is attached. Instead of hi-
jacking the system call we pipe the the filesystem commands through a loopback
device.
One advantage of this is that you can either encrypt a device(hard drive) or
a file already on a drive and mount it as a file system. This allows you to
have encrypted folders on an unencrypted drive, useful if you don't want to
encrypt everything.
The loopback device fits in like this:
device-->loop-->mountpoint
The loop stage is actually divided into a couple stages, which is why the
cryptoloop module is included. It splits the input and output from the
loopback into pieces for the ciphers. Since they operate on a specific
blocksize(i.e. 64-bits, 128-bits) the data must be chopped up for them.
device-->cryptoloop-->loop-->mountpoint
The cryptoloop module is also where the actual encryption and decryption of
the data takes place.
Some words about IV Calculation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There are some problems with the IV calculation up to recent 2.4.x
linux kernels. It's been calculated more or less by
IV = rel_sector / (blocksize >> 9) + (lo_offset / blocksize)
The first problem which arises, is that data transfers are not always
guaranteed to have a size of an integral multiple of the blocksize;
This is a problem, because of CBC mode's property of needing the
complete ciphertext block, i.e. you can't cipher or decipher only the
2nd half of a block if you don't know the first half of it!
Another problem which may be experienced is, when the soft blocksize
changes, i.e. due to different medias, as CDROM block devices and
alike, or when the filesystem layer sets the blocksize to some other
size.
But there's hope, as all transfer sizes are usually (except for the
last block on file backed loop devices sometimes...) an integral
multiple of 512 byte units (which is linux' atomic sector size);
So the solution is to stick to a portable, uniform 512 byte based IV
metric! Alas this can't be accomplished without modifying the loop
driver, as the more granular IV metric can't be calculated from the
current dynamic IV metric.
This change also renders most previously used encrypted volumes
unreadable, which need to be converted to the new IV metric.
Converting from Older IV Metrics
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The recommended procedure is as follow, in case you don't want to
backup your old data in a conventional manner, and then restore it to
a freshly created encrypted volume with the new IV-metric.
The more valuable your data is, the more important it is, that you try
the following procedure with some dummy data, before risking your real
data! Cause if something goes wrong you'll have to keep both pieces...
1) decrypt from within your old kernel version
1.1) setup your encrypted loop device, and mount it (this is also
important for making sure, the filesystem layer sets the soft block
size accordingly!)
1.2) unmount the filesystem (but leave the loop device setted up)
1.3) dd if=/dev/loop0 of=/dev/<underlying blockdev/file> make sure
the process does not get interrupted, otherwise you will have a hard
time, reconstructing your data, since you are decrypting the data
back to the same area where the ciphertext was.
3) make sure the block/file contains the properly deciphered content!!
2) boot the new kernel featuring the 512byte based IV
follow the instructions for 'encrypting unencrypted volumes' below
Encrypting Unencrypted Volumes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
just as simple as that (please test this before trying on important data)
1) set up a new encrypted loop device over the still unencrypted data
2) dd if=/dev/<underlying blockdev/file> of=/dev/loop0
Migrating from loop-AES to CryptoAPI
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you want to move from using the loop-AES filesystem encryption to
CryptoAPI it only requires a small tweak. After loading cryptoapi and loading
the cipher-aes module use the following line when setting up your loopback
device:
$ losetup -e aes -k 256 -P sha512 /dev/loop0 /dev/<your drive>
Then proceed to mount your loop device as you normall would. Here is the
table for mapping loop-AES to cryptoapi losetup flags:
loop-AES cryptoapi
============================================================
-e aes128 -H rmd160 -e aes -k 128
-e aes128 -H sha256 -e aes -k 128 -P sha256
-e aes128 -H sha384 -e aes -k 128 -P sha384
-e aes128 -H sha512 -e aes -k 128 -P sha512
-e aes256 -H rmd160 -e aes -k 256
-e aes256 -H sha256 -e aes -k 256 -P sha256
-e aes256 -H sha384 -e aes -k 256 -P sha384
-e aes256 -H sha512 -e aes -k 256 -P sha512
-e aes128 -e aes -k 128 -P sha256
-e aes192 -e aes -k 192 -P sha384
-e aes256 -e aes -k 256 -P sha512
--
$Id: cryptoloop.txt,v 1.3 2002/08/03 19:29:58 kyle Exp $

3
freeramdisk.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:de3d43efba1e5968f4ef748b7a02674929404a80c24bae287ed3490f8c1acf2e
size 2453

144
util-linux-2.12-misc_utils_hostid.patch
View File

@ -1,144 +0,0 @@
Index: util-linux-ng-2.16/misc-utils/hostid.1
===================================================================
--- /dev/null
+++ util-linux-ng-2.16/misc-utils/hostid.1
@@ -0,0 +1,24 @@
+.TH hostid 1
+.SH NAME
+hostid \- set or print system's host id.
+.SH SYNTAX
+.B hostid
+[\-v] [\|\fIdecimal-id\fR\|]
+.SH DESCRIPTION
+.\".NXR "hostid command"
+The
+.B hostid
+command prints the current host id number in hexadecimal and both
+decimal and hexadecimal in parenthesis if the \-v option is given.
+This numeric value is expected to be unique across all hosts
+and is normally set to resemble the host's Internet address.
+
+Only the super-user can set the hostid by giving an argument. This value is
+stored in the file /etc/hostid and need only be performed once.
+
+.SH AUTHOR
+Hostid is written by Mitch DSouza \- (m.dsouza@mrc-apu.cam.ac.uk)
+
+.SH SEE ALSO
+gethostid(2), sethostid(2)
+
Index: util-linux-ng-2.16/misc-utils/hostid.c
===================================================================
--- /dev/null
+++ util-linux-ng-2.16/misc-utils/hostid.c
@@ -0,0 +1,88 @@
+/* Program hostid. Changed on 7.10.1997 <ms@suse.de>
+ New: - Hostid 0 is not permitted.
+ - Set hostid dezimal or hexadezimal, both possible.
+ - Maximum Value for id is tested
+ - Wrong Parameters are caught
+ Nov 13 2003 - cleanup, mmj@suse.de
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <errno.h>
+
+void usage(void);
+
+void usage()
+{
+ printf ("usage : hostid [-h] [-v] [<id>]\n\n"
+ "no options: print hostid as hexadecimal number\n"
+ "-h print this helptext\n"
+ "-v print hostid decimal and hexadecimal\n"
+ "<id> set the hostid to <id>\n\n"
+ "The id String can be specified as\n"
+ " - decimal number\n"
+ " - hexadecimal number preceded by 0x\n"
+ " - octal number preceded by 0 \n\n"
+ "Remarks:\n"
+ " - only root can set the hostid\n"
+ " - it's not possible to set the hostid to 0\n\n");
+}
+
+int main (int argc, char *argv[])
+{
+ long id;
+ int verbose = 0;
+
+ if (argc > 2) {
+ printf ("wrong arguments\n");
+ usage();
+ exit(1);
+ }
+
+ if (argc == 2 && strcmp(argv[1], "-h") == 0) {
+ usage();
+ exit(0);
+ }
+
+ if (argc == 2 && strcmp(argv[1], "-v") == 0) {
+ verbose = 1;
+ argc--;
+ argv++;
+ }
+
+ switch (argc) {
+ case 2:
+ id = strtol(argv[1], NULL, 0);
+ if (errno == ERANGE) {
+ printf ("Overflow: given string was out of range\n");
+ exit(1);
+ }
+
+ if (id == 0) {
+ printf ("value not possible: Abort\n");
+ usage();
+ exit(1);
+ }
+ if (sethostid(id) != 0) {
+ perror("sethostid");
+ exit(1);
+ }
+ break;
+
+ case 1:
+ id = gethostid();
+ if(id && verbose) {
+ printf("Hostid is %ld (0x%lx)\n", id, id);
+ } else if(id) {
+ printf("0x%lx\n", id);
+ } else {
+ printf ("Error while trying: gethostid\n");
+ exit(1);
+ }
+ break;
+ }
+
+ return 0;
+}
Index: util-linux-ng-2.16/misc-utils/Makefile.am
===================================================================
--- util-linux-ng-2.16.orig/misc-utils/Makefile.am
+++ util-linux-ng-2.16/misc-utils/Makefile.am
@@ -6,7 +6,7 @@ bin_PROGRAMS =
sbin_PROGRAMS =
usrsbin_exec_PROGRAMS =
-usrbin_exec_PROGRAMS = cal ddate logger look mcookie \
+usrbin_exec_PROGRAMS = cal ddate hostid logger look mcookie \
namei script whereis scriptreplay
EXTRA_DIST += README.cal README.ddate README.namei README.namei2
@@ -16,7 +16,7 @@ usrbin_exec_SCRIPTS = chkdupexe
CLEANFILES = chkdupexe
-dist_man_MANS = cal.1 chkdupexe.1 ddate.1 logger.1 look.1 mcookie.1 \
+dist_man_MANS = cal.1 chkdupexe.1 ddate.1 hostid.1 logger.1 look.1 mcookie.1 \
namei.1 script.1 whereis.1 scriptreplay.1
if BUILD_LIBUUID

26
util-linux-2.17.1-losetup-honor-documented-c-option Normal file
View File

@ -0,0 +1,26 @@
From: Jeff Mahoney <jeffm@suse.com>
Subject: losetup: Honor documented -c option
References: bnc#583677
losetup -h lists -c | --set-capacity as valid options, but doesn't
actually accept -c.
This patch fixes support for -c.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Acked-by: Jeff Mahoney <jeffm@suse.com>
---
mount/lomount.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/mount/lomount.c
+++ b/mount/lomount.c
@@ -1065,7 +1065,7 @@ main(int argc, char **argv) {
if ((p = strrchr(progname, '/')) != NULL)
progname = p+1;
- while ((c = getopt_long(argc, argv, "ade:E:fhj:k:o:p:rsvH:",
+ while ((c = getopt_long(argc, argv, "ade:E:fhj:k:o:p:rsvH:c",
longopts, NULL)) != -1) {
switch (c) {
case 'a':

11
util-linux.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Wed Mar 10 23:11:42 CET 2010 - jeffm@suse.de
- Properly honor documented -c option (bnc#583677)
-------------------------------------------------------------------
Tue Mar 2 09:53:04 UTC 2010 - lnussel@suse.de
- drop freeramdisk (bnc#584565)
- drop hostid (bnc#584562)
-------------------------------------------------------------------
Tue Feb 23 12:46:07 UTC 2010 - lnussel@suse.de

28
util-linux.spec
View File

@ -27,7 +27,7 @@ License: BSD3c(or similar) ; GPLv2+
Group: System/Base
AutoReqProv: on
Version: 2.17.1
Release: 1
Release: 2
Recommends: %name-lang = %{version}
Summary: A collection of basic system utilities
Source: ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v%{version}/%name-ng-%{version}.tar.bz2
@ -43,8 +43,6 @@ Source7: baselibs.conf
%define adjtimex_ver 1.20
# XXX: post upstream?
Source9: adjtimex-%{adjtimex_ver}.tar.bz2
# XXX: DROP?
Source10: freeramdisk.tar.bz2
# XXX: post upstream?
Source11: klogconsole.tar.bz2
# TODO: split to separate package
@ -66,14 +64,13 @@ Source51: blkid.conf
##
## util-linux patches
##
# add hostid. FIXME: use the one from coreutils
Patch0: util-linux-2.12-misc_utils_hostid.patch
# 241372 - remove legacy warnings from fdisk
Patch1: util-linux-2.12r-fdisk_remove_bogus_warnings.patch
# bnc#447036
Patch2: util-linux-2.14.1-mount_skip_sync.patch
# crypto patch
Patch3: util-linux-2.17.1-mount_losetup_crypto.patch
Patch4: util-linux-2.17.1-losetup-honor-documented-c-option
##
## adjtimex
##
@ -156,11 +153,12 @@ unique IDs (UUIDs).
%lang_package
%prep
%setup -q -a 9 -b 10 -b 11 -b 12 -b 13 -n %name-ng-%version
%patch0 -p1
%setup -q -a 9 -b 11 -b 12 -b 13 -n %name-ng-%version
#patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
#
cd adjtimex-*
%patch50 -p1
@ -184,10 +182,6 @@ CFLAGS="$RPM_OPT_FLAGS" ./configure
make %{?jobs:-j%jobs}
cd ..
pushd ../
# freeramdisk build
cd freeramdisk
make %{?jobs:-j%jobs} CFLAGS="$RPM_OPT_FLAGS" freeramdisk
cd ..
# which build
cd which-%{which_ver}
#autoreconf -fi
@ -265,11 +259,6 @@ mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates
cp adjtimex-*/adjtimex %{buildroot}/sbin/
cp adjtimex-*/adjtimex.8 %{buildroot}%{_mandir}/man8/
pushd ..
# freeramdisk install
cd freeramdisk
install freeramdisk $RPM_BUILD_ROOT/usr/sbin
install -m644 freeramdisk.info.gz $RPM_BUILD_ROOT%{_infodir}
cd ..
# which install
cd which-%{which_ver}
make install DESTDIR=$RPM_BUILD_ROOT
@ -365,8 +354,6 @@ rm -rf $RPM_BUILD_ROOT
%post
%{fillup_and_insserv raw}
txt='* freeramdisk: (freeramdisk). tell kernel to free allocated memory for ramdisk'
%install_info --entry="$txt" --info-dir=%{_infodir} %{_infodir}/freeramdisk.info.gz
%install_info --info-dir=%{_infodir} %{_infodir}/ipc.info.gz
%install_info --entry="* time: (time). summarizing used system resources" --info-dir=%{_infodir} %{_infodir}/time.info.gz
%install_info --info-dir=%{_infodir} %{_infodir}/which.info.gz
@ -377,7 +364,6 @@ if [ -f etc/fstab ]; then
fi
%postun
%install_info_delete --info-dir=%{_infodir} %{_infodir}/freeramdisk.info.gz
%install_info_delete --info-dir=%{_infodir} %{_infodir}/ipc.info.gz
%install_info_delete --info-dir=%{_infodir} %{_infodir}/time.info.gz
%install_info_delete --info-dir=%{_infodir} %{_infodir}/which.info.gz
@ -474,7 +460,6 @@ fi
/usr/bin/flock
/usr/bin/getopt
/usr/bin/hexdump
/usr/bin/hostid
/usr/bin/ionice
/usr/bin/ipcrm
/usr/bin/ipcs
@ -507,7 +492,6 @@ fi
/usr/bin/which
/usr/sbin/addpart
/usr/sbin/delpart
/usr/sbin/freeramdisk
/usr/sbin/ldattach
/usr/sbin/partx
/usr/sbin/rcraw
@ -521,7 +505,6 @@ fi
%{_defaultdocdir}/time/*
%{_defaultdocdir}/which/*
%{_infodir}/ipc.info.gz
%{_infodir}/freeramdisk.info*.gz
%{_infodir}/time.info*.gz
%{_infodir}/which.info*.gz
%{_mandir}/man1/cal.1.gz
@ -538,7 +521,6 @@ fi
%{_mandir}/man1/hexdump.1.gz
%{_mandir}/man1/ipcrm.1.gz
%{_mandir}/man1/ipcs.1.gz
%{_mandir}/man1/hostid.1.gz
%{_mandir}/man1/line.1.gz
%{_mandir}/man1/logger.1.gz
%{_mandir}/man1/look.1.gz