Age | Commit message (Collapse) | Author |
|
This introduces a new option, `tcrypt-veracrypt`, that sets the
corresponding VeraCrypt flag in the flags passed to cryptsetup.
|
|
|
|
|
|
This did not really work out as we had hoped. Trying to do this upstream
introduced several problems that probably makes it better suited as a
downstream patch after all. At any rate, it is not releaseable in the
current state, so we at least need to revert this before the release.
* by adjusting the path to binaries, but not do the same thing to the
search path we end up with inconsistent man-pages. Adjusting the search
path too would be quite messy, and it is not at all obvious that this is
worth the effort, but at any rate it would have to be done before we
could ship this.
* this means that distributed man-pages does not make sense as they depend
on config options, and for better or worse we are still distributing
man pages, so that is something that definitely needs sorting out before
we could ship with this patch.
* we have long held that split-usr is only minimally supported in order
to boot, and something we hope will eventually go away. So before we start
adding even more magic/effort in order to make this work nicely, we should
probably question if it makes sense at all.
|
|
In particular, use /lib/systemd instead of /usr/lib/systemd in distributions
like Debian which still have not adopted a /usr merge setup.
Use XML entities from man/custom-entities.ent to replace configured paths while
doing XSLT processing of the original XML files. There was precedent of some
files (such as systemd.generator.xml) which were already using this approach.
This addresses most of the (manual) fixes from this patch:
http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/patches/Fix-paths-in-man-pages.patch?h=experimental-220
The idea of using generic XML entities was presented here:
http://lists.freedesktop.org/archives/systemd-devel/2015-May/032240.html
This patch solves almost all the issues, with the exception of:
- Path to /bin/mount and /bin/umount.
- Generic statements about preference of /lib over /etc.
These will be handled separately by follow up patches.
Tested:
- With default configure settings, ran "make install" to two separate
directories and compared the output to confirm they matched exactly.
- Used a set of configure flags including $CONFFLAGS from Debian:
http://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/rules
Installed the tree and confirmed the paths use /lib/systemd instead of
/usr/lib/systemd and that no other unexpected differences exist.
- Confirmed that `make distcheck` still passes.
|
|
These are useful for plain devices as they don't have any metadata by
themselves. Instead of using an unreliable hardcoded device name in crypttab
you can then put static metadata at the start of the partition for a stable
UUID or label.
https://bugs.freedesktop.org/show_bug.cgi?id=87717
https://bugs.debian.org/751707
https://launchpad.net/bugs/953875
|
|
All hail linkchecker!
|
|
|
|
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=66396
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=54210
|
|
It is annoying when we have dead links on fd.o.
Add project='man-pages|die-net|archlinux' to <citerefentry>-ies.
In generated html, add external links to
http://man7.org/linux/man-pages/man, http://linux.die.net/man/,
https://www.archlinux.org/.
By default, pages in sections 2 and 4 go to man7, since Michael
Kerrisk is the autorative source on kernel related stuff.
The rest of links goes to linux.die.net, because they have the
manpages.
Except for the pacman stuff, since it seems to be only available from
archlinux.org.
Poor gummiboot gets no link, because gummitboot(8) ain't to be found
on the net. According to common wisdom, that would mean that it does
not exist. But I have seen Kay using it, so I know it does, and
deserves to be found. Can somebody be nice and put it up somewhere?
|
|
Reformat fstab options description. Now they are easier to read and
show up in systemd.directives(7).
Use a single sublist for both /etc/fstab and /etc/crypttab options.
Many of them can be used in both places. crypttab(5) is updated to use
the same docbook elements, so formatting is uniform.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=75816
|
|
I suggest the following changes to improve the way the text reads
("flows").
|
|
Several sections of the man pages included intermixed tabs and spaces;
this commit replaces all tabs with spaces.
|
|
|
|
Debian recently introduced the option key-slot to /etc/crypttab to
specify the LUKS key slot to be used for decrypting the device. On
systems where a keyfile is used and the key is not in the first slot,
this can speed up the boot process quite a bit, since cryptsetup does
not need to try all of the slots sequentially. (Unsuccessfully testing
a key slot typically takes up to about 1 second.)
This patch makes systemd aware of this option.
Debian bug that introduced the feature:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704470
|
|
This reverts commit fa7abba2328eb2d23a7e27708f86f5013059ddcf.
|
|
(#883941)
|
|
When running from initrd, entering a wrong passphrase usually means that
you cannot boot. Therefore, we allow trying indefinitely.
|
|
systemd-cryptsetup recognizes option 'allow-discards' in /etc/crypttab
to enable TRIM passthrough to underlying encrypted device. In Debian
this option was changed to 'discard' to avoid hyphen in option name.
(see: #648868 and `man crypttab`).
[zj: update crypttab(5) too, making "discard" the default.]
|
|
This includes regularly-submitted corrections to comma setting and
orthographical mishaps that appeared in man/ in recent commits.
|
|
Tcrypt uses a different approach to passphrases/key files. The
passphrase and all key files are incorporated into the "password"
to open the volume. So, the idea of slots that provide a way to
open the volume with different passphrases/key files that are
independent from each other like with LUKS does not apply.
Therefore, we use the key file from /etc/crypttab as the source
for the passphrase. The actual key files that are combined with
the passphrase into a password are provided as a new option in
/etc/crypttab and can be given multiple times if more than one
key file is used by a volume.
|
|
- place commas
- expand contractions (this is written prose :)
- add some missing words
|
|
When manpages are displayed on a terminal, <literal>s are indistinguishable
from surrounding text. Add quotes everywhere, remove duplicate quotes,
and tweak a few lists for consistent formatting.
https://bugzilla.redhat.com/show_bug.cgi?id=874631
|
|
|
|
man rules were repeating the same information in too many places,
which was error prone. Those rules can be easily generated from .xml
files. For efficiency and because python is not a required dependency,
Makefile-man.am is only regenerated when requested with
make update-man-list
If no metadata in man/*.xml changed, this file should not change. So
only when a new man page or a new alias is added, this file should
show up in 'git diff'. The change should then be committed.
If the support for building from git without python was dropped, we
could drop Makefile-man.am from version control. This would also
increase the partial build time (since more stuff would be rebuild
whenever sources in man/*.xml would be modified), so it would probably
wouldn't be worth it.
|
|
Mukund Sivaraman pointed out that cryptsetup(5) mentions the "read-only"
option, while the code understands "readonly".
We could just fix the manpage, but for consistency in naming of
multi-word options it would be prettier to have "read-only". So let's
accept both spellings.
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=903463
|
|
New sections are added: PAM options, crypttab options, commandline
options, miscellaneous. The last category will be used for all
untagged <varname> elements.
Commandline options sections is meant to be a developer tool: when
adding an option it is sometimes useful to be able to check if
similarly named options exist elsewhere.
|
|
The fact that timeout=0 makes password agents wait indefinitely is documented
in http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents. Document
it also in the relevant man pages.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=54501
|
|
This is useful e.g. if the keyfile is a raw device, where only parts of it
should be read. It is typically used whenever the keyfile-offset= option is
specified.
Tested-by: Erik Westrup <erik.westrup@gmail.com>
|
|
This is useful if your keyfile is a block device, and you want to
use a specific part of it, such as an area between the MBR and the
first partition.
This feature is documented in the Arch wiki[0], and has been supported
by the Arch initscripts, so would be nice to get this into systemd.
This requires libcryptsetup >= 1.4.2 (released 12.4.2012).
Acked-by: Paul Menzel <paulepanter@users.sourceforge.net>
[0]:
<https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS#
Storing_the_key_between_MBR_and_1st_partition>
|
|
|
|
|