diff options
| author | root <root@rshg054.dnsready.net> | 2012-05-15 00:02:45 +0000 |
|---|---|---|
| committer | root <root@rshg054.dnsready.net> | 2012-05-15 00:02:45 +0000 |
| commit | 52a4948b9138662b1e7b23b04ef0d72101519f2d (patch) | |
| tree | 701b562dc98245a57c6a93f3c2f94e3b1832f0eb /testing | |
| parent | d3af8dc0117dc1ce4fea3d05c7a2d7786bd78986 (diff) | |
Tue May 15 00:02:45 UTC 2012
Diffstat (limited to 'testing')
| -rw-r--r-- | testing/cryptsetup/PKGBUILD | 35 | ||||
| -rw-r--r-- | testing/cryptsetup/encrypt_hook | 137 | ||||
| -rw-r--r-- | testing/cryptsetup/encrypt_install | 39 | ||||
| -rw-r--r-- | testing/iw/PKGBUILD | 24 | ||||
| -rw-r--r-- | testing/libnl/PKGBUILD | 31 |
5 files changed, 266 insertions, 0 deletions
diff --git a/testing/cryptsetup/PKGBUILD b/testing/cryptsetup/PKGBUILD new file mode 100644 index 000000000..e2292ebc6 --- /dev/null +++ b/testing/cryptsetup/PKGBUILD @@ -0,0 +1,35 @@ +# $Id: PKGBUILD 158938 2012-05-13 13:45:53Z thomas $ +# Maintainer: Thomas Bächler <thomas@archlinux.org> +pkgname=cryptsetup +pkgver=1.4.2 +pkgrel=1 +pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt" +arch=(i686 x86_64) +license=('GPL') +url="http://code.google.com/p/cryptsetup/" +groups=('base') +depends=('device-mapper>=2.02.85-2' 'libgcrypt' 'popt') +conflicts=('mkinitcpio<0.7') +options=('!libtool' '!emptydirs') +source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2 + http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2.asc + encrypt_hook + encrypt_install) +sha256sums=('1fe80d7b19d24b3f65d2e446decfed859e2c4d17fdf7c19289d82dc7cd60dfe7' + '4e6dbece8d1baad861479aca70d0cf30887420da9b5eab45d65d064c656893ed' + 'e4c00e2da274bf4cab3f72a0de779790a11a946d36b83144e74d3791e230b262' + 'cba1dc38ff6cc4d3740d0badfb2b151bb03d19e8e9fa497569ac2fb6f4196e0e') + +build() { + cd "${srcdir}"/$pkgname-${pkgver} + ./configure --prefix=/usr --disable-static + make +} + +package() { + cd "${srcdir}"/$pkgname-${pkgver} + make DESTDIR="${pkgdir}" install + # install hook + install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/usr/lib/initcpio/hooks/encrypt + install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt +} diff --git a/testing/cryptsetup/encrypt_hook b/testing/cryptsetup/encrypt_hook new file mode 100644 index 000000000..0f35782c6 --- /dev/null +++ b/testing/cryptsetup/encrypt_hook @@ -0,0 +1,137 @@ +#!/usr/bin/ash + +run_hook() { + modprobe -a -q dm-crypt >/dev/null 2>&1 + [ "${quiet}" = "y" ] && CSQUIET=">/dev/null" + + # Get keyfile if specified + ckeyfile="/crypto_keyfile.bin" + if [ -n "$cryptkey" ]; then + IFS=: read ckdev ckarg1 ckarg2 <<EOF +$cryptkey +EOF + if poll_device "${ckdev}" ${rootdelay}; then + case ${ckarg1} in + *[!0-9]*) + # Use a file on the device + # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path + mkdir /ckey + mount -r -t "$ckarg1" "$ckdev" /ckey + dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1 + umount /ckey + ;; + *) + # Read raw data from the block device + # ckarg1 is numeric: ckarg1=offset, ckarg2=length + dd if="$ckdev" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1 + ;; + esac + fi + [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase." + fi + + if [ -n "${cryptdevice}" ]; then + DEPRECATED_CRYPT=0 + IFS=: read cryptdev cryptname cryptoptions <<EOF +$cryptdevice +EOF + else + DEPRECATED_CRYPT=1 + cryptdev="${root}" + cryptname="root" + fi + + warn_deprecated() { + echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated" + echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead." + } + + for cryptopt in ${cryptoptions//,/ }; do + case ${cryptopt} in + allow-discards) + echo "Enabling TRIM/discard support." + cryptargs="${cryptargs} --allow-discards" + ;; + *) + echo "Encryption option '${cryptopt}' not known, ignoring." >&2 + ;; + esac + done + + if poll_device "${cryptdev}" ${rootdelay}; then + if cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then + [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated + dopassphrase=1 + # If keyfile exists, try to use that + if [ -f ${ckeyfile} ]; then + if eval cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; then + dopassphrase=0 + else + echo "Invalid keyfile. Reverting to passphrase." + fi + fi + # Ask for a passphrase + if [ ${dopassphrase} -gt 0 ]; then + echo "" + echo "A password is required to access the ${cryptname} volume:" + + #loop until we get a real password + while ! eval cryptsetup luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; do + sleep 2; + done + fi + if [ -e "/dev/mapper/${cryptname}" ]; then + if [ ${DEPRECATED_CRYPT} -eq 1 ]; then + export root="/dev/mapper/root" + fi + else + err "Password succeeded, but ${cryptname} creation failed, aborting..." + exit 1 + fi + elif [ -n "${crypto}" ]; then + [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated + msg "Non-LUKS encrypted device found..." + if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then + err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip" + err "Non-LUKS decryption not attempted..." + return 1 + fi + exe="cryptsetup create $cryptname $cryptdev $cryptargs" + IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF +$crypto +EOF + [ -n "$c_hash" ] && exe="$exe --hash '$c_hash'" + [ -n "$c_cipher" ] && exe="$exe --cipher '$c_cipher'" + [ -n "$c_keysize" ] && exe="$exe --key-size '$c_keysize'" + [ -n "$c_offset" ] && exe="$exe --offset '$c_offset'" + [ -n "$c_skip" ] && exe="$exe --skip '$c_skip'" + if [ -f "$ckeyfile" ]; then + exe="$exe --key-file $ckeyfile" + else + exe="$exe --verify-passphrase" + echo "" + echo "A password is required to access the ${cryptname} volume:" + fi + eval "$exe $CSQUIET" + + if [ $? -ne 0 ]; then + err "Non-LUKS device decryption failed. verify format: " + err " crypto=hash:cipher:keysize:offset:skip" + exit 1 + fi + if [ -e "/dev/mapper/${cryptname}" ]; then + if [ ${DEPRECATED_CRYPT} -eq 1 ]; then + export root="/dev/mapper/root" + fi + else + err "Password succeeded, but ${cryptname} creation failed, aborting..." + exit 1 + fi + else + err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified." + fi + fi + rm -f ${ckeyfile} +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/testing/cryptsetup/encrypt_install b/testing/cryptsetup/encrypt_install new file mode 100644 index 000000000..79d2f3e4b --- /dev/null +++ b/testing/cryptsetup/encrypt_install @@ -0,0 +1,39 @@ +#!/bin/bash + +build() { + if [ -z "${CRYPTO_MODULES}" ]; then + MODULES=" dm-crypt $(all_modules "/crypto/")" + else + MODULES=" dm-crypt $CRYPTO_MODULES" + fi + FILES="" + SCRIPT="encrypt" + + add_binary "cryptsetup" + add_binary "dmsetup" + add_file "/usr/lib/udev/rules.d/10-dm.rules" + add_file "/usr/lib/udev/rules.d/13-dm-disk.rules" + add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" + add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules" +} + +help() { + cat <<HELPEOF +This hook allows for an encrypted root device. Users should specify the device +to be unlocked using 'cryptdevice=device:dmname' on the kernel command line, +where 'device' is the path to the raw device, and 'dmname' is the name given to +the device after unlocking, and will be available as /dev/mapper/dmname. + +For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on +the kernel cmdline, where 'device' represents the raw block device where the key +exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is +the absolute path of the keyfile within the device. + +Without specifying a keyfile, you will be prompted for the password at runtime. +This means you must have a keyboard available to input it, and you may need +the keymap hook as well to ensure that the keyboard is using the layout you +expect. +HELPEOF +} + +# vim: set ft=sh ts=4 sw=4 et: diff --git a/testing/iw/PKGBUILD b/testing/iw/PKGBUILD new file mode 100644 index 000000000..4b4d5d723 --- /dev/null +++ b/testing/iw/PKGBUILD @@ -0,0 +1,24 @@ +# $Id: PKGBUILD 158934 2012-05-13 13:15:10Z thomas $ +# Maintainer: Thomas Bächler <thomas@archlinux.org> + +pkgname=iw +pkgver=3.4 +pkgrel=1 +pkgdesc="nl80211 based CLI configuration utility for wireless devices" +arch=("i686" "x86_64") +url="http://wireless.kernel.org/en/users/Documentation/iw" +license=("GPL") +depends=("libnl") +makedepends=("kernel-headers") +source=(http://wireless.kernel.org/download/$pkgname/$pkgname-$pkgver.tar.bz2) +sha256sums=('989b5677588e32de6eda97bf978810b366a7620f78f26f9cc61c15bdb434218a') + +build() { + cd "$srcdir"/$pkgname-$pkgver + make +} + +package() { + cd "$srcdir"/$pkgname-$pkgver + make DESTDIR="$pkgdir" install +} diff --git a/testing/libnl/PKGBUILD b/testing/libnl/PKGBUILD new file mode 100644 index 000000000..461397764 --- /dev/null +++ b/testing/libnl/PKGBUILD @@ -0,0 +1,31 @@ +# $Id: PKGBUILD 158932 2012-05-13 13:10:53Z thomas $ +# Maintainer: Jan de Groot <jgc@archlinux.org> +# Contributor: William Rea <sillywilly@gmail.com> + +pkgname=libnl +pkgver=3.2.9 +pkgrel=1 +pkgdesc="Library for applications dealing with netlink sockets" +arch=(i686 x86_64) +url="http://www.infradead.org/~tgr/libnl/" +license=(GPL) +depends=(glibc) +backup=(etc/libnl/classid etc/libnl/pktloc) +options=(!libtool) +source=("$url/files/$pkgname-$pkgver.tar.gz") +sha256sums=('9f23e9460bd9bb7fbe09af5eb281e4a43a26fa245ea864ed5e28fe4e8118af63') + +build() { + cd "$srcdir/$pkgname-$pkgver" + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --sbindir=/usr/bin \ + --disable-static + make +} + +package() { + cd "$srcdir/$pkgname-$pkgver" + make DESTDIR="$pkgdir" install +} |