diff --git a/cryptoloop.txt b/cryptoloop.txt deleted file mode 100644 index b20a53e..0000000 --- a/cryptoloop.txt +++ /dev/null @@ -1,169 +0,0 @@ -cryptoloop - a generic cryptographic loop device filter -======================================================= - -To enable cryptoloop, you must fetch the cryptoloop-version.tar.gz source from -your kernel.org mirror or directly from the non-US . - -Quickstart -~~~~~~~~~~ - -(if you have old encrypted volumes, please read the section about -conversion below) - -you need a kernel compiled with - *) loop device driver - *) cryptographic support - *) generic crypto loop filter - *) one or more ciphers you want to use for encryption either as module or - statically (if you build them as module, don't forget to insmod them!) - -Download the cryptoloop latest version tarball from the Internet and enter -the untarred directory. The following commands will patch your kernel and -copy the cryptoloop source in. - - $ make patch-kernel KDIR=/your/kernel/source LOOP=[iv or jari] - -Which will patch your kernel, and enable you to select cryptoloop in the -Cryptography section of the kernel configuration. Note, you have to manually -enable both CryptoAPI and cryptoloop in your kernel configuration. - -If you would rather build modules you can use the following commands. - - $ make modules KDIR=/your/kernel/source CDIR=/cryptoapi/source \ - LOOP=[iv or jari] - $ make modules_install KDIR=/your/kernel/source - -You also need a util-linux patched package (see - for some recent -patches) - -Read on at - - -How Loopback Encryption Works -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Here is a small overview of how the loopback filesystem encryption works. -For all the of the data to be encrypted on a drive we need to interrupt the -disk write/read *after* the filesystem meta data is attached. Instead of hi- -jacking the system call we pipe the the filesystem commands through a loopback -device. - One advantage of this is that you can either encrypt a device(hard drive) or -a file already on a drive and mount it as a file system. This allows you to -have encrypted folders on an unencrypted drive, useful if you don't want to -encrypt everything. - - The loopback device fits in like this: - - device-->loop-->mountpoint - - The loop stage is actually divided into a couple stages, which is why the -cryptoloop module is included. It splits the input and output from the -loopback into pieces for the ciphers. Since they operate on a specific -blocksize(i.e. 64-bits, 128-bits) the data must be chopped up for them. - - device-->cryptoloop-->loop-->mountpoint - - The cryptoloop module is also where the actual encryption and decryption of -the data takes place. - -Some words about IV Calculation -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -There are some problems with the IV calculation up to recent 2.4.x -linux kernels. It's been calculated more or less by - -IV = rel_sector / (blocksize >> 9) + (lo_offset / blocksize) - -The first problem which arises, is that data transfers are not always -guaranteed to have a size of an integral multiple of the blocksize; -This is a problem, because of CBC mode's property of needing the -complete ciphertext block, i.e. you can't cipher or decipher only the -2nd half of a block if you don't know the first half of it! - -Another problem which may be experienced is, when the soft blocksize -changes, i.e. due to different medias, as CDROM block devices and -alike, or when the filesystem layer sets the blocksize to some other -size. - -But there's hope, as all transfer sizes are usually (except for the -last block on file backed loop devices sometimes...) an integral -multiple of 512 byte units (which is linux' atomic sector size); - -So the solution is to stick to a portable, uniform 512 byte based IV -metric! Alas this can't be accomplished without modifying the loop -driver, as the more granular IV metric can't be calculated from the -current dynamic IV metric. - -This change also renders most previously used encrypted volumes -unreadable, which need to be converted to the new IV metric. - -Converting from Older IV Metrics -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The recommended procedure is as follow, in case you don't want to -backup your old data in a conventional manner, and then restore it to -a freshly created encrypted volume with the new IV-metric. - -The more valuable your data is, the more important it is, that you try -the following procedure with some dummy data, before risking your real -data! Cause if something goes wrong you'll have to keep both pieces... - -1) decrypt from within your old kernel version - - 1.1) setup your encrypted loop device, and mount it (this is also - important for making sure, the filesystem layer sets the soft block - size accordingly!) - - 1.2) unmount the filesystem (but leave the loop device setted up) - - 1.3) dd if=/dev/loop0 of=/dev/ make sure - the process does not get interrupted, otherwise you will have a hard - time, reconstructing your data, since you are decrypting the data - back to the same area where the ciphertext was. - -3) make sure the block/file contains the properly deciphered content!! - -2) boot the new kernel featuring the 512byte based IV - follow the instructions for 'encrypting unencrypted volumes' below - - -Encrypting Unencrypted Volumes -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -just as simple as that (please test this before trying on important data) - - 1) set up a new encrypted loop device over the still unencrypted data - 2) dd if=/dev/ of=/dev/loop0 - - -Migrating from loop-AES to CryptoAPI -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - - If you want to move from using the loop-AES filesystem encryption to -CryptoAPI it only requires a small tweak. After loading cryptoapi and loading -the cipher-aes module use the following line when setting up your loopback -device: - - $ losetup -e aes -k 256 -P sha512 /dev/loop0 /dev/ - -Then proceed to mount your loop device as you normall would. Here is the -table for mapping loop-AES to cryptoapi losetup flags: - -loop-AES cryptoapi -============================================================ --e aes128 -H rmd160 -e aes -k 128 --e aes128 -H sha256 -e aes -k 128 -P sha256 --e aes128 -H sha384 -e aes -k 128 -P sha384 --e aes128 -H sha512 -e aes -k 128 -P sha512 - --e aes256 -H rmd160 -e aes -k 256 --e aes256 -H sha256 -e aes -k 256 -P sha256 --e aes256 -H sha384 -e aes -k 256 -P sha384 --e aes256 -H sha512 -e aes -k 256 -P sha512 - --e aes128 -e aes -k 128 -P sha256 --e aes192 -e aes -k 192 -P sha384 --e aes256 -e aes -k 256 -P sha512 - --- -$Id: cryptoloop.txt,v 1.3 2002/08/03 19:29:58 kyle Exp $ diff --git a/freeramdisk.tar.bz2 b/freeramdisk.tar.bz2 deleted file mode 100644 index 9d2d4b7..0000000 --- a/freeramdisk.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:de3d43efba1e5968f4ef748b7a02674929404a80c24bae287ed3490f8c1acf2e -size 2453 diff --git a/util-linux-2.12-misc_utils_hostid.patch b/util-linux-2.12-misc_utils_hostid.patch deleted file mode 100644 index 9396acb..0000000 --- a/util-linux-2.12-misc_utils_hostid.patch +++ /dev/null @@ -1,144 +0,0 @@ -Index: util-linux-ng-2.16/misc-utils/hostid.1 -=================================================================== ---- /dev/null -+++ util-linux-ng-2.16/misc-utils/hostid.1 -@@ -0,0 +1,24 @@ -+.TH hostid 1 -+.SH NAME -+hostid \- set or print system's host id. -+.SH SYNTAX -+.B hostid -+[\-v] [\|\fIdecimal-id\fR\|] -+.SH DESCRIPTION -+.\".NXR "hostid command" -+The -+.B hostid -+command prints the current host id number in hexadecimal and both -+decimal and hexadecimal in parenthesis if the \-v option is given. -+This numeric value is expected to be unique across all hosts -+and is normally set to resemble the host's Internet address. -+ -+Only the super-user can set the hostid by giving an argument. This value is -+stored in the file /etc/hostid and need only be performed once. -+ -+.SH AUTHOR -+Hostid is written by Mitch DSouza \- (m.dsouza@mrc-apu.cam.ac.uk) -+ -+.SH SEE ALSO -+gethostid(2), sethostid(2) -+ -Index: util-linux-ng-2.16/misc-utils/hostid.c -=================================================================== ---- /dev/null -+++ util-linux-ng-2.16/misc-utils/hostid.c -@@ -0,0 +1,88 @@ -+/* Program hostid. Changed on 7.10.1997 -+ New: - Hostid 0 is not permitted. -+ - Set hostid dezimal or hexadezimal, both possible. -+ - Maximum Value for id is tested -+ - Wrong Parameters are caught -+ Nov 13 2003 - cleanup, mmj@suse.de -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+ -+void usage(void); -+ -+void usage() -+{ -+ printf ("usage : hostid [-h] [-v] []\n\n" -+ "no options: print hostid as hexadecimal number\n" -+ "-h print this helptext\n" -+ "-v print hostid decimal and hexadecimal\n" -+ " set the hostid to \n\n" -+ "The id String can be specified as\n" -+ " - decimal number\n" -+ " - hexadecimal number preceded by 0x\n" -+ " - octal number preceded by 0 \n\n" -+ "Remarks:\n" -+ " - only root can set the hostid\n" -+ " - it's not possible to set the hostid to 0\n\n"); -+} -+ -+int main (int argc, char *argv[]) -+{ -+ long id; -+ int verbose = 0; -+ -+ if (argc > 2) { -+ printf ("wrong arguments\n"); -+ usage(); -+ exit(1); -+ } -+ -+ if (argc == 2 && strcmp(argv[1], "-h") == 0) { -+ usage(); -+ exit(0); -+ } -+ -+ if (argc == 2 && strcmp(argv[1], "-v") == 0) { -+ verbose = 1; -+ argc--; -+ argv++; -+ } -+ -+ switch (argc) { -+ case 2: -+ id = strtol(argv[1], NULL, 0); -+ if (errno == ERANGE) { -+ printf ("Overflow: given string was out of range\n"); -+ exit(1); -+ } -+ -+ if (id == 0) { -+ printf ("value not possible: Abort\n"); -+ usage(); -+ exit(1); -+ } -+ if (sethostid(id) != 0) { -+ perror("sethostid"); -+ exit(1); -+ } -+ break; -+ -+ case 1: -+ id = gethostid(); -+ if(id && verbose) { -+ printf("Hostid is %ld (0x%lx)\n", id, id); -+ } else if(id) { -+ printf("0x%lx\n", id); -+ } else { -+ printf ("Error while trying: gethostid\n"); -+ exit(1); -+ } -+ break; -+ } -+ -+ return 0; -+} -Index: util-linux-ng-2.16/misc-utils/Makefile.am -=================================================================== ---- util-linux-ng-2.16.orig/misc-utils/Makefile.am -+++ util-linux-ng-2.16/misc-utils/Makefile.am -@@ -6,7 +6,7 @@ bin_PROGRAMS = - sbin_PROGRAMS = - usrsbin_exec_PROGRAMS = - --usrbin_exec_PROGRAMS = cal ddate logger look mcookie \ -+usrbin_exec_PROGRAMS = cal ddate hostid logger look mcookie \ - namei script whereis scriptreplay - EXTRA_DIST += README.cal README.ddate README.namei README.namei2 - -@@ -16,7 +16,7 @@ usrbin_exec_SCRIPTS = chkdupexe - - CLEANFILES = chkdupexe - --dist_man_MANS = cal.1 chkdupexe.1 ddate.1 logger.1 look.1 mcookie.1 \ -+dist_man_MANS = cal.1 chkdupexe.1 ddate.1 hostid.1 logger.1 look.1 mcookie.1 \ - namei.1 script.1 whereis.1 scriptreplay.1 - - if BUILD_LIBUUID diff --git a/util-linux-2.17.1-losetup-honor-documented-c-option b/util-linux-2.17.1-losetup-honor-documented-c-option new file mode 100644 index 0000000..6a3bb68 --- /dev/null +++ b/util-linux-2.17.1-losetup-honor-documented-c-option @@ -0,0 +1,26 @@ +From: Jeff Mahoney +Subject: losetup: Honor documented -c option +References: bnc#583677 + + losetup -h lists -c | --set-capacity as valid options, but doesn't + actually accept -c. + + This patch fixes support for -c. + +Signed-off-by: Jeff Mahoney +Acked-by: Jeff Mahoney +--- + mount/lomount.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mount/lomount.c ++++ b/mount/lomount.c +@@ -1065,7 +1065,7 @@ main(int argc, char **argv) { + if ((p = strrchr(progname, '/')) != NULL) + progname = p+1; + +- while ((c = getopt_long(argc, argv, "ade:E:fhj:k:o:p:rsvH:", ++ while ((c = getopt_long(argc, argv, "ade:E:fhj:k:o:p:rsvH:c", + longopts, NULL)) != -1) { + switch (c) { + case 'a': diff --git a/util-linux.changes b/util-linux.changes index b2dd388..accba55 100644 --- a/util-linux.changes +++ b/util-linux.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Wed Mar 10 23:11:42 CET 2010 - jeffm@suse.de + +- Properly honor documented -c option (bnc#583677) + +------------------------------------------------------------------- +Tue Mar 2 09:53:04 UTC 2010 - lnussel@suse.de + +- drop freeramdisk (bnc#584565) +- drop hostid (bnc#584562) + ------------------------------------------------------------------- Tue Feb 23 12:46:07 UTC 2010 - lnussel@suse.de diff --git a/util-linux.spec b/util-linux.spec index 8b7123f..33dfa1a 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -27,7 +27,7 @@ License: BSD3c(or similar) ; GPLv2+ Group: System/Base AutoReqProv: on Version: 2.17.1 -Release: 1 +Release: 2 Recommends: %name-lang = %{version} Summary: A collection of basic system utilities Source: ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng/v%{version}/%name-ng-%{version}.tar.bz2 @@ -43,8 +43,6 @@ Source7: baselibs.conf %define adjtimex_ver 1.20 # XXX: post upstream? Source9: adjtimex-%{adjtimex_ver}.tar.bz2 -# XXX: DROP? -Source10: freeramdisk.tar.bz2 # XXX: post upstream? Source11: klogconsole.tar.bz2 # TODO: split to separate package @@ -66,14 +64,13 @@ Source51: blkid.conf ## ## util-linux patches ## -# add hostid. FIXME: use the one from coreutils -Patch0: util-linux-2.12-misc_utils_hostid.patch # 241372 - remove legacy warnings from fdisk Patch1: util-linux-2.12r-fdisk_remove_bogus_warnings.patch # bnc#447036 Patch2: util-linux-2.14.1-mount_skip_sync.patch # crypto patch Patch3: util-linux-2.17.1-mount_losetup_crypto.patch +Patch4: util-linux-2.17.1-losetup-honor-documented-c-option ## ## adjtimex ## @@ -156,11 +153,12 @@ unique IDs (UUIDs). %lang_package %prep -%setup -q -a 9 -b 10 -b 11 -b 12 -b 13 -n %name-ng-%version -%patch0 -p1 +%setup -q -a 9 -b 11 -b 12 -b 13 -n %name-ng-%version +#patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 # cd adjtimex-* %patch50 -p1 @@ -184,10 +182,6 @@ CFLAGS="$RPM_OPT_FLAGS" ./configure make %{?jobs:-j%jobs} cd .. pushd ../ -# freeramdisk build -cd freeramdisk -make %{?jobs:-j%jobs} CFLAGS="$RPM_OPT_FLAGS" freeramdisk -cd .. # which build cd which-%{which_ver} #autoreconf -fi @@ -265,11 +259,6 @@ mkdir -p $RPM_BUILD_ROOT/var/adm/fillup-templates cp adjtimex-*/adjtimex %{buildroot}/sbin/ cp adjtimex-*/adjtimex.8 %{buildroot}%{_mandir}/man8/ pushd .. -# freeramdisk install -cd freeramdisk -install freeramdisk $RPM_BUILD_ROOT/usr/sbin -install -m644 freeramdisk.info.gz $RPM_BUILD_ROOT%{_infodir} -cd .. # which install cd which-%{which_ver} make install DESTDIR=$RPM_BUILD_ROOT @@ -365,8 +354,6 @@ rm -rf $RPM_BUILD_ROOT %post %{fillup_and_insserv raw} -txt='* freeramdisk: (freeramdisk). tell kernel to free allocated memory for ramdisk' -%install_info --entry="$txt" --info-dir=%{_infodir} %{_infodir}/freeramdisk.info.gz %install_info --info-dir=%{_infodir} %{_infodir}/ipc.info.gz %install_info --entry="* time: (time). summarizing used system resources" --info-dir=%{_infodir} %{_infodir}/time.info.gz %install_info --info-dir=%{_infodir} %{_infodir}/which.info.gz @@ -377,7 +364,6 @@ if [ -f etc/fstab ]; then fi %postun -%install_info_delete --info-dir=%{_infodir} %{_infodir}/freeramdisk.info.gz %install_info_delete --info-dir=%{_infodir} %{_infodir}/ipc.info.gz %install_info_delete --info-dir=%{_infodir} %{_infodir}/time.info.gz %install_info_delete --info-dir=%{_infodir} %{_infodir}/which.info.gz @@ -474,7 +460,6 @@ fi /usr/bin/flock /usr/bin/getopt /usr/bin/hexdump -/usr/bin/hostid /usr/bin/ionice /usr/bin/ipcrm /usr/bin/ipcs @@ -507,7 +492,6 @@ fi /usr/bin/which /usr/sbin/addpart /usr/sbin/delpart -/usr/sbin/freeramdisk /usr/sbin/ldattach /usr/sbin/partx /usr/sbin/rcraw @@ -521,7 +505,6 @@ fi %{_defaultdocdir}/time/* %{_defaultdocdir}/which/* %{_infodir}/ipc.info.gz -%{_infodir}/freeramdisk.info*.gz %{_infodir}/time.info*.gz %{_infodir}/which.info*.gz %{_mandir}/man1/cal.1.gz @@ -538,7 +521,6 @@ fi %{_mandir}/man1/hexdump.1.gz %{_mandir}/man1/ipcrm.1.gz %{_mandir}/man1/ipcs.1.gz -%{_mandir}/man1/hostid.1.gz %{_mandir}/man1/line.1.gz %{_mandir}/man1/logger.1.gz %{_mandir}/man1/look.1.gz