diff options
author | root <root@rshg054.dnsready.net> | 2012-05-27 00:05:57 +0000 |
---|---|---|
committer | root <root@rshg054.dnsready.net> | 2012-05-27 00:05:57 +0000 |
commit | 1f45ad8e3f17397e2f44e68ef9a0d860091eea9e (patch) | |
tree | c739dcbb4950142bbb793715bfd19fb2d6cc80ef /testing/cryptsetup | |
parent | a5721a07196cf00c26ea1bfb651aab756d202ccb (diff) |
Sun May 27 00:05:56 UTC 2012
Diffstat (limited to 'testing/cryptsetup')
-rw-r--r-- | testing/cryptsetup/PKGBUILD | 8 | ||||
-rw-r--r-- | testing/cryptsetup/encrypt_hook | 17 | ||||
-rw-r--r-- | testing/cryptsetup/encrypt_install | 17 |
3 files changed, 24 insertions, 18 deletions
diff --git a/testing/cryptsetup/PKGBUILD b/testing/cryptsetup/PKGBUILD index e2292ebc6..4f2269db3 100644 --- a/testing/cryptsetup/PKGBUILD +++ b/testing/cryptsetup/PKGBUILD @@ -1,8 +1,8 @@ -# $Id: PKGBUILD 158938 2012-05-13 13:45:53Z thomas $ +# $Id: PKGBUILD 159622 2012-05-25 23:50:39Z dreisner $ # Maintainer: Thomas Bächler <thomas@archlinux.org> pkgname=cryptsetup pkgver=1.4.2 -pkgrel=1 +pkgrel=2 pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt" arch=(i686 x86_64) license=('GPL') @@ -17,8 +17,8 @@ source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2 encrypt_install) sha256sums=('1fe80d7b19d24b3f65d2e446decfed859e2c4d17fdf7c19289d82dc7cd60dfe7' '4e6dbece8d1baad861479aca70d0cf30887420da9b5eab45d65d064c656893ed' - 'e4c00e2da274bf4cab3f72a0de779790a11a946d36b83144e74d3791e230b262' - 'cba1dc38ff6cc4d3740d0badfb2b151bb03d19e8e9fa497569ac2fb6f4196e0e') + 'e0cbcabb81233b4d465833dca0faf1e762dc3cb6611597a25fe24e5d7209f316' + 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae') build() { cd "${srcdir}"/$pkgname-${pkgver} diff --git a/testing/cryptsetup/encrypt_hook b/testing/cryptsetup/encrypt_hook index 0f35782c6..372b7ba57 100644 --- a/testing/cryptsetup/encrypt_hook +++ b/testing/cryptsetup/encrypt_hook @@ -10,20 +10,21 @@ run_hook() { IFS=: read ckdev ckarg1 ckarg2 <<EOF $cryptkey EOF - if poll_device "${ckdev}" ${rootdelay}; then + + if resolved=$(resolve_device "${ckdev}" ${rootdelay}); then case ${ckarg1} in *[!0-9]*) # Use a file on the device # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path mkdir /ckey - mount -r -t "$ckarg1" "$ckdev" /ckey + mount -r -t "$ckarg1" "$resolved" /ckey dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1 umount /ckey ;; *) # Read raw data from the block device # ckarg1 is numeric: ckarg1=offset, ckarg2=length - dd if="$ckdev" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1 + dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1 ;; esac fi @@ -58,13 +59,13 @@ EOF esac done - if poll_device "${cryptdev}" ${rootdelay}; then - if cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then + if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then + if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated dopassphrase=1 # If keyfile exists, try to use that if [ -f ${ckeyfile} ]; then - if eval cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; then + if eval cryptsetup --key-file ${ckeyfile} luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then dopassphrase=0 else echo "Invalid keyfile. Reverting to passphrase." @@ -76,7 +77,7 @@ EOF echo "A password is required to access the ${cryptname} volume:" #loop until we get a real password - while ! eval cryptsetup luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; do + while ! eval cryptsetup luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do sleep 2; done fi @@ -96,7 +97,7 @@ EOF err "Non-LUKS decryption not attempted..." return 1 fi - exe="cryptsetup create $cryptname $cryptdev $cryptargs" + exe="cryptsetup create $cryptname $resolved $cryptargs" IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF $crypto EOF diff --git a/testing/cryptsetup/encrypt_install b/testing/cryptsetup/encrypt_install index 79d2f3e4b..38e5ddc57 100644 --- a/testing/cryptsetup/encrypt_install +++ b/testing/cryptsetup/encrypt_install @@ -1,13 +1,16 @@ #!/bin/bash build() { - if [ -z "${CRYPTO_MODULES}" ]; then - MODULES=" dm-crypt $(all_modules "/crypto/")" + local mod + + add_module dm-crypt + if [[ $CRYPTO_MODULES ]]; then + for mod in $CRYPTO_MODULES; do + add_module "$mod" + done else - MODULES=" dm-crypt $CRYPTO_MODULES" + add_all_modules '/crypto/' fi - FILES="" - SCRIPT="encrypt" add_binary "cryptsetup" add_binary "dmsetup" @@ -15,10 +18,12 @@ build() { add_file "/usr/lib/udev/rules.d/13-dm-disk.rules" add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules" + + add_runscript } help() { - cat <<HELPEOF + cat <<HELPEOF This hook allows for an encrypted root device. Users should specify the device to be unlocked using 'cryptdevice=device:dmname' on the kernel command line, where 'device' is the path to the raw device, and 'dmname' is the name given to |