diff options
Diffstat (limited to 'testing/cryptsetup')
| -rw-r--r-- | testing/cryptsetup/PKGBUILD | 34 | ||||
| -rw-r--r-- | testing/cryptsetup/encrypt_hook | 139 | ||||
| -rw-r--r-- | testing/cryptsetup/encrypt_install | 44 |
3 files changed, 0 insertions, 217 deletions
diff --git a/testing/cryptsetup/PKGBUILD b/testing/cryptsetup/PKGBUILD deleted file mode 100644 index b0e2a3f87..000000000 --- a/testing/cryptsetup/PKGBUILD +++ /dev/null @@ -1,34 +0,0 @@ -# $Id: PKGBUILD 169408 2012-10-20 16:46:59Z dreisner $ -# Maintainer: Thomas Bächler <thomas@archlinux.org> -pkgname=cryptsetup -pkgver=1.5.1 -pkgrel=1 -pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt" -arch=(i686 x86_64) -license=('GPL') -url="http://code.google.com/p/cryptsetup/" -groups=('base') -depends=('device-mapper' 'libgcrypt' 'popt' 'util-linux') -options=('!libtool' '!emptydirs') -source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2 - http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2.asc - encrypt_hook - encrypt_install) -md5sums=('87cc018c0c65f36043f38ceb8ffd4d81' - '5f711687f453f4d5a38596f60df5247a' - 'c970831d733ca42e20415005967e7843' - '21c45f9cab3e0b5165f68358884fbd0f') - -build() { - cd "${srcdir}"/$pkgname-${pkgver} - ./configure --prefix=/usr --disable-static --enable-cryptsetup-reencrypt - make -} - -package() { - cd "${srcdir}"/$pkgname-${pkgver} - make DESTDIR="${pkgdir}" install - # install hook - install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/usr/lib/initcpio/hooks/encrypt - install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt -} diff --git a/testing/cryptsetup/encrypt_hook b/testing/cryptsetup/encrypt_hook deleted file mode 100644 index 11db3443a..000000000 --- a/testing/cryptsetup/encrypt_hook +++ /dev/null @@ -1,139 +0,0 @@ -#!/usr/bin/ash - -run_hook() { - modprobe -a -q dm-crypt >/dev/null 2>&1 - [ "${quiet}" = "y" ] && CSQUIET=">/dev/null" - - # Get keyfile if specified - ckeyfile="/crypto_keyfile.bin" - if [ -n "$cryptkey" ]; then - IFS=: read ckdev ckarg1 ckarg2 <<EOF -$cryptkey -EOF - - if [ "$ckdev" = "rootfs" ]; then - ckeyfile=$ckarg1 - elif resolved=$(resolve_device "${ckdev}" ${rootdelay}); then - case ${ckarg1} in - *[!0-9]*) - # Use a file on the device - # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path - mkdir /ckey - mount -r -t "$ckarg1" "$resolved" /ckey - dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1 - umount /ckey - ;; - *) - # Read raw data from the block device - # ckarg1 is numeric: ckarg1=offset, ckarg2=length - dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1 - ;; - esac - fi - [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase." - fi - - if [ -n "${cryptdevice}" ]; then - DEPRECATED_CRYPT=0 - IFS=: read cryptdev cryptname cryptoptions <<EOF -$cryptdevice -EOF - else - DEPRECATED_CRYPT=1 - cryptdev="${root}" - cryptname="root" - fi - - warn_deprecated() { - echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated" - echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead." - } - - for cryptopt in ${cryptoptions//,/ }; do - case ${cryptopt} in - allow-discards) - cryptargs="${cryptargs} --allow-discards" - ;; - *) - echo "Encryption option '${cryptopt}' not known, ignoring." >&2 - ;; - esac - done - - if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then - if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then - [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated - dopassphrase=1 - # If keyfile exists, try to use that - if [ -f ${ckeyfile} ]; then - if eval cryptsetup --key-file ${ckeyfile} luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then - dopassphrase=0 - else - echo "Invalid keyfile. Reverting to passphrase." - fi - fi - # Ask for a passphrase - if [ ${dopassphrase} -gt 0 ]; then - echo "" - echo "A password is required to access the ${cryptname} volume:" - - #loop until we get a real password - while ! eval cryptsetup luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do - sleep 2; - done - fi - if [ -e "/dev/mapper/${cryptname}" ]; then - if [ ${DEPRECATED_CRYPT} -eq 1 ]; then - export root="/dev/mapper/root" - fi - else - err "Password succeeded, but ${cryptname} creation failed, aborting..." - exit 1 - fi - elif [ -n "${crypto}" ]; then - [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated - msg "Non-LUKS encrypted device found..." - if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then - err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip" - err "Non-LUKS decryption not attempted..." - return 1 - fi - exe="cryptsetup create $cryptname $resolved $cryptargs" - IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF -$crypto -EOF - [ -n "$c_hash" ] && exe="$exe --hash '$c_hash'" - [ -n "$c_cipher" ] && exe="$exe --cipher '$c_cipher'" - [ -n "$c_keysize" ] && exe="$exe --key-size '$c_keysize'" - [ -n "$c_offset" ] && exe="$exe --offset '$c_offset'" - [ -n "$c_skip" ] && exe="$exe --skip '$c_skip'" - if [ -f "$ckeyfile" ]; then - exe="$exe --key-file $ckeyfile" - else - exe="$exe --verify-passphrase" - echo "" - echo "A password is required to access the ${cryptname} volume:" - fi - eval "$exe $CSQUIET" - - if [ $? -ne 0 ]; then - err "Non-LUKS device decryption failed. verify format: " - err " crypto=hash:cipher:keysize:offset:skip" - exit 1 - fi - if [ -e "/dev/mapper/${cryptname}" ]; then - if [ ${DEPRECATED_CRYPT} -eq 1 ]; then - export root="/dev/mapper/root" - fi - else - err "Password succeeded, but ${cryptname} creation failed, aborting..." - exit 1 - fi - else - err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified." - fi - fi - rm -f ${ckeyfile} -} - -# vim: set ft=sh ts=4 sw=4 et: diff --git a/testing/cryptsetup/encrypt_install b/testing/cryptsetup/encrypt_install deleted file mode 100644 index 38e5ddc57..000000000 --- a/testing/cryptsetup/encrypt_install +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash - -build() { - local mod - - add_module dm-crypt - if [[ $CRYPTO_MODULES ]]; then - for mod in $CRYPTO_MODULES; do - add_module "$mod" - done - else - add_all_modules '/crypto/' - fi - - add_binary "cryptsetup" - add_binary "dmsetup" - add_file "/usr/lib/udev/rules.d/10-dm.rules" - add_file "/usr/lib/udev/rules.d/13-dm-disk.rules" - add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" - add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules" - - add_runscript -} - -help() { - cat <<HELPEOF -This hook allows for an encrypted root device. Users should specify the device -to be unlocked using 'cryptdevice=device:dmname' on the kernel command line, -where 'device' is the path to the raw device, and 'dmname' is the name given to -the device after unlocking, and will be available as /dev/mapper/dmname. - -For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on -the kernel cmdline, where 'device' represents the raw block device where the key -exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is -the absolute path of the keyfile within the device. - -Without specifying a keyfile, you will be prompted for the password at runtime. -This means you must have a keyboard available to input it, and you may need -the keymap hook as well to ensure that the keyboard is using the layout you -expect. -HELPEOF -} - -# vim: set ft=sh ts=4 sw=4 et: |