summaryrefslogtreecommitdiff
path: root/core/cryptsetup
diff options
context:
space:
mode:
authorroot <root@rshg054.dnsready.net>2011-11-08 23:14:49 +0000
committerroot <root@rshg054.dnsready.net>2011-11-08 23:14:49 +0000
commitddba9670c1518d9b420db6a6dca01a4a4a4136c7 (patch)
tree8b5ba5ea49ecb6848eba27d2eb609100de5e760a /core/cryptsetup
parenteffb26c3b1f00bf8bea4e2562f07f9a06eb67606 (diff)
Tue Nov 8 23:14:49 UTC 2011
Diffstat (limited to 'core/cryptsetup')
-rw-r--r--core/cryptsetup/PKGBUILD32
-rw-r--r--core/cryptsetup/cryptsetup-fix-crypt_get_volume_key_size-for-plain-device.patch94
-rw-r--r--core/cryptsetup/encrypt_hook22
3 files changed, 130 insertions, 18 deletions
diff --git a/core/cryptsetup/PKGBUILD b/core/cryptsetup/PKGBUILD
index a2a11ec9e..f68636212 100644
--- a/core/cryptsetup/PKGBUILD
+++ b/core/cryptsetup/PKGBUILD
@@ -1,9 +1,9 @@
-# $Id: PKGBUILD 129976 2011-06-30 17:57:50Z thomas $
+# $Id: PKGBUILD 142292 2011-11-08 00:30:49Z thomas $
# Maintainer: Thomas Bächler <thomas@archlinux.org>
pkgname=cryptsetup
-pkgver=1.3.1
+pkgver=1.4.0
pkgrel=2
-pkgdesc="Userspace setup tool for transparent encryption of block devices using the Linux 2.6 cryptoapi"
+pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt"
arch=(i686 x86_64)
license=('GPL')
url="http://code.google.com/p/cryptsetup/"
@@ -13,24 +13,26 @@ conflicts=('mkinitcpio<0.7')
options=('!libtool' '!emptydirs')
source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2
encrypt_hook
- encrypt_install)
-sha256sums=('7ceb18a0c91fa1546077b41b93463dd2ec9d7f83e6fd93757fb84cc608206a6a'
- 'b8269d358363eb8d67d1ffa1469068e454a89154636283bcc3edc6486b7fff4e'
- 'd4380195351b70abf8fcb3cd19461879c55a7a07e4915d1f0365b295b112a573')
-
+ encrypt_install
+ cryptsetup-fix-crypt_get_volume_key_size-for-plain-device.patch)
+sha256sums=('96d682853c8019cfeae0b21250cd2d00af42e46251807e8dbda2ff8427c2e9ed'
+ '811bbea1337106ad811731c746d73ee81039bad00aef52398e3a377ad0766757'
+ 'd4380195351b70abf8fcb3cd19461879c55a7a07e4915d1f0365b295b112a573'
+ '6fa1d3172014ba3ba96f7a67acbcae7f26b24a61abb84b3917f526a54f81dd87')
build() {
- cd $srcdir/$pkgname-${pkgver}
+ cd "${srcdir}"/$pkgname-${pkgver}
+ patch -p0 -i "${srcdir}"/cryptsetup-fix-crypt_get_volume_key_size-for-plain-device.patch
./configure --prefix=/usr --disable-static --sbindir=/sbin --libdir=/lib
make
}
package() {
- cd $srcdir/$pkgname-${pkgver}
- make DESTDIR=$pkgdir install
+ cd "${srcdir}"/$pkgname-${pkgver}
+ make DESTDIR="${pkgdir}" install
# install hook
- install -D -m644 $srcdir/encrypt_hook $pkgdir/lib/initcpio/hooks/encrypt
- install -D -m644 $srcdir/encrypt_install $pkgdir/lib/initcpio/install/encrypt
+ install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/lib/initcpio/hooks/encrypt
+ install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/lib/initcpio/install/encrypt
# Fix pkgconfig location
- install -d -m755 $pkgdir/usr/lib
- mv $pkgdir/lib/pkgconfig $pkgdir/usr/lib/
+ install -d -m755 "${pkgdir}"/usr/lib
+ mv "${pkgdir}"/lib/pkgconfig "${pkgdir}"/usr/lib/
}
diff --git a/core/cryptsetup/cryptsetup-fix-crypt_get_volume_key_size-for-plain-device.patch b/core/cryptsetup/cryptsetup-fix-crypt_get_volume_key_size-for-plain-device.patch
new file mode 100644
index 000000000..f35226122
--- /dev/null
+++ b/core/cryptsetup/cryptsetup-fix-crypt_get_volume_key_size-for-plain-device.patch
@@ -0,0 +1,94 @@
+Index: ChangeLog
+===================================================================
+--- ChangeLog (Revision 664)
++++ ChangeLog (Revision 665)
+@@ -1,3 +1,6 @@
++2011-10-27 Milan Broz <mbroz@redhat.com>
++ * Fix crypt_get_volume_key_size() for plain device.
++
+ 2011-10-25 Milan Broz <mbroz@redhat.com>
+ * Print informative message in isLuks only in verbose mode.
+ * Version 1.4.0.
+Index: tests/api-test.c
+===================================================================
+--- tests/api-test.c (Revision 664)
++++ tests/api-test.c (Revision 665)
+@@ -660,6 +660,11 @@
+
+ FAIL_(crypt_init_by_name_and_header(&cd, CDEVICE_1, H_DEVICE),"can't init plain device by header device");
+ OK_(crypt_init_by_name(&cd, CDEVICE_1));
++ OK_(strcmp(cipher_mode,crypt_get_cipher_mode(cd)));
++ OK_(strcmp(cipher,crypt_get_cipher(cd)));
++ EQ_((int)key_size, crypt_get_volume_key_size(cd));
++ EQ_(params.skip, crypt_get_iv_offset(cd));
++ EQ_(params.offset, crypt_get_data_offset(cd));
+ OK_(crypt_deactivate(cd, CDEVICE_1));
+ crypt_free(cd);
+
+Index: lib/setup.c
+===================================================================
+--- lib/setup.c (Revision 664)
++++ lib/setup.c (Revision 665)
+@@ -56,6 +56,7 @@
+ char *plain_cipher;
+ char *plain_cipher_mode;
+ char *plain_uuid;
++ unsigned int plain_key_size;
+
+ /* used in CRYPT_LOOPAES */
+ struct crypt_params_loopaes loopaes_hdr;
+@@ -677,6 +678,7 @@
+ (*cd)->plain_hdr.hash = NULL; /* no way to get this */
+ (*cd)->plain_hdr.offset = dmd.offset;
+ (*cd)->plain_hdr.skip = dmd.iv_offset;
++ (*cd)->plain_key_size = dmd.vk->keylength;
+
+ r = crypt_parse_name_and_mode(dmd.cipher, cipher, NULL, cipher_mode);
+ if (!r) {
+@@ -754,6 +756,7 @@
+ return -EINVAL;
+ }
+
++ cd->plain_key_size = volume_key_size;
+ cd->volume_key = crypt_alloc_volume_key(volume_key_size, NULL);
+ if (!cd->volume_key)
+ return -ENOMEM;
+@@ -1516,7 +1519,7 @@
+ }
+
+ r = process_key(cd, cd->plain_hdr.hash,
+- cd->volume_key->keylength,
++ cd->plain_key_size,
+ passphrase, passphrase_size, &vk);
+ if (r < 0)
+ goto out;
+@@ -1586,7 +1589,7 @@
+ goto out;
+
+ r = process_key(cd, cd->plain_hdr.hash,
+- cd->volume_key->keylength,
++ cd->plain_key_size,
+ passphrase_read, passphrase_size_read, &vk);
+ if (r < 0)
+ goto out;
+@@ -1658,8 +1661,7 @@
+ if (!name)
+ return -EINVAL;
+
+- if (!volume_key || !volume_key_size || !cd->volume_key ||
+- volume_key_size != cd->volume_key->keylength) {
++ if (!volume_key || !volume_key_size || volume_key_size != cd->plain_key_size) {
+ log_err(cd, _("Incorrect volume key specified for plain device.\n"));
+ return -EINVAL;
+ }
+@@ -1976,8 +1978,8 @@
+
+ int crypt_get_volume_key_size(struct crypt_device *cd)
+ {
+- if (isPLAIN(cd->type) && cd->volume_key)
+- return cd->volume_key->keylength;
++ if (isPLAIN(cd->type))
++ return cd->plain_key_size;
+
+ if (isLUKS(cd->type))
+ return cd->hdr.keyBytes;
diff --git a/core/cryptsetup/encrypt_hook b/core/cryptsetup/encrypt_hook
index 54aaa2236..956b18023 100644
--- a/core/cryptsetup/encrypt_hook
+++ b/core/cryptsetup/encrypt_hook
@@ -41,6 +41,7 @@ run_hook ()
DEPRECATED_CRYPT=0
cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
+ cryptoptions="$(echo "${cryptdevice}" | cut -d: -f3)"
else
DEPRECATED_CRYPT=1
cryptdev="${root}"
@@ -52,13 +53,28 @@ run_hook ()
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
}
+ OLDIFS="${IFS}"
+ IFS=","
+ for cryptopt in ${cryptoptions}; do
+ case ${cryptopt} in
+ allow-discards)
+ echo "Enabling TRIM/discard support."
+ cryptargs="${cryptargs} --allow-discards"
+ ;;
+ *)
+ echo "Encryption option '${cryptopt}' not known, ignoring." >&2
+ ;;
+ esac
+ done
+ IFS="${OLDIFS}"
+
if poll_device "${cryptdev}" ${rootdelay}; then
if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
- if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
+ if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
@@ -70,7 +86,7 @@ run_hook ()
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
- while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
+ while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; do
sleep 2;
done
fi
@@ -90,7 +106,7 @@ run_hook ()
err "Non-LUKS decryption not attempted..."
return 1
fi
- exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
+ exe="/sbin/cryptsetup create ${cryptname} ${cryptdev} ${cryptargs}"
tmp=$(echo "${crypto}" | cut -d: -f1)
[ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f2)