summaryrefslogtreecommitdiff
path: root/testing/cryptsetup
diff options
context:
space:
mode:
Diffstat (limited to 'testing/cryptsetup')
-rw-r--r--testing/cryptsetup/PKGBUILD34
-rw-r--r--testing/cryptsetup/encrypt_hook139
-rw-r--r--testing/cryptsetup/encrypt_install44
3 files changed, 0 insertions, 217 deletions
diff --git a/testing/cryptsetup/PKGBUILD b/testing/cryptsetup/PKGBUILD
deleted file mode 100644
index b0e2a3f87..000000000
--- a/testing/cryptsetup/PKGBUILD
+++ /dev/null
@@ -1,34 +0,0 @@
-# $Id: PKGBUILD 169408 2012-10-20 16:46:59Z dreisner $
-# Maintainer: Thomas Bächler <thomas@archlinux.org>
-pkgname=cryptsetup
-pkgver=1.5.1
-pkgrel=1
-pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt"
-arch=(i686 x86_64)
-license=('GPL')
-url="http://code.google.com/p/cryptsetup/"
-groups=('base')
-depends=('device-mapper' 'libgcrypt' 'popt' 'util-linux')
-options=('!libtool' '!emptydirs')
-source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2
- http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2.asc
- encrypt_hook
- encrypt_install)
-md5sums=('87cc018c0c65f36043f38ceb8ffd4d81'
- '5f711687f453f4d5a38596f60df5247a'
- 'c970831d733ca42e20415005967e7843'
- '21c45f9cab3e0b5165f68358884fbd0f')
-
-build() {
- cd "${srcdir}"/$pkgname-${pkgver}
- ./configure --prefix=/usr --disable-static --enable-cryptsetup-reencrypt
- make
-}
-
-package() {
- cd "${srcdir}"/$pkgname-${pkgver}
- make DESTDIR="${pkgdir}" install
- # install hook
- install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/usr/lib/initcpio/hooks/encrypt
- install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt
-}
diff --git a/testing/cryptsetup/encrypt_hook b/testing/cryptsetup/encrypt_hook
deleted file mode 100644
index 11db3443a..000000000
--- a/testing/cryptsetup/encrypt_hook
+++ /dev/null
@@ -1,139 +0,0 @@
-#!/usr/bin/ash
-
-run_hook() {
- modprobe -a -q dm-crypt >/dev/null 2>&1
- [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
-
- # Get keyfile if specified
- ckeyfile="/crypto_keyfile.bin"
- if [ -n "$cryptkey" ]; then
- IFS=: read ckdev ckarg1 ckarg2 <<EOF
-$cryptkey
-EOF
-
- if [ "$ckdev" = "rootfs" ]; then
- ckeyfile=$ckarg1
- elif resolved=$(resolve_device "${ckdev}" ${rootdelay}); then
- case ${ckarg1} in
- *[!0-9]*)
- # Use a file on the device
- # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
- mkdir /ckey
- mount -r -t "$ckarg1" "$resolved" /ckey
- dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1
- umount /ckey
- ;;
- *)
- # Read raw data from the block device
- # ckarg1 is numeric: ckarg1=offset, ckarg2=length
- dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1
- ;;
- esac
- fi
- [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
- fi
-
- if [ -n "${cryptdevice}" ]; then
- DEPRECATED_CRYPT=0
- IFS=: read cryptdev cryptname cryptoptions <<EOF
-$cryptdevice
-EOF
- else
- DEPRECATED_CRYPT=1
- cryptdev="${root}"
- cryptname="root"
- fi
-
- warn_deprecated() {
- echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
- echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
- }
-
- for cryptopt in ${cryptoptions//,/ }; do
- case ${cryptopt} in
- allow-discards)
- cryptargs="${cryptargs} --allow-discards"
- ;;
- *)
- echo "Encryption option '${cryptopt}' not known, ignoring." >&2
- ;;
- esac
- done
-
- if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
- if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then
- [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
- dopassphrase=1
- # If keyfile exists, try to use that
- if [ -f ${ckeyfile} ]; then
- if eval cryptsetup --key-file ${ckeyfile} luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then
- dopassphrase=0
- else
- echo "Invalid keyfile. Reverting to passphrase."
- fi
- fi
- # Ask for a passphrase
- if [ ${dopassphrase} -gt 0 ]; then
- echo ""
- echo "A password is required to access the ${cryptname} volume:"
-
- #loop until we get a real password
- while ! eval cryptsetup luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
- sleep 2;
- done
- fi
- if [ -e "/dev/mapper/${cryptname}" ]; then
- if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
- export root="/dev/mapper/root"
- fi
- else
- err "Password succeeded, but ${cryptname} creation failed, aborting..."
- exit 1
- fi
- elif [ -n "${crypto}" ]; then
- [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
- msg "Non-LUKS encrypted device found..."
- if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then
- err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
- err "Non-LUKS decryption not attempted..."
- return 1
- fi
- exe="cryptsetup create $cryptname $resolved $cryptargs"
- IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF
-$crypto
-EOF
- [ -n "$c_hash" ] && exe="$exe --hash '$c_hash'"
- [ -n "$c_cipher" ] && exe="$exe --cipher '$c_cipher'"
- [ -n "$c_keysize" ] && exe="$exe --key-size '$c_keysize'"
- [ -n "$c_offset" ] && exe="$exe --offset '$c_offset'"
- [ -n "$c_skip" ] && exe="$exe --skip '$c_skip'"
- if [ -f "$ckeyfile" ]; then
- exe="$exe --key-file $ckeyfile"
- else
- exe="$exe --verify-passphrase"
- echo ""
- echo "A password is required to access the ${cryptname} volume:"
- fi
- eval "$exe $CSQUIET"
-
- if [ $? -ne 0 ]; then
- err "Non-LUKS device decryption failed. verify format: "
- err " crypto=hash:cipher:keysize:offset:skip"
- exit 1
- fi
- if [ -e "/dev/mapper/${cryptname}" ]; then
- if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
- export root="/dev/mapper/root"
- fi
- else
- err "Password succeeded, but ${cryptname} creation failed, aborting..."
- exit 1
- fi
- else
- err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
- fi
- fi
- rm -f ${ckeyfile}
-}
-
-# vim: set ft=sh ts=4 sw=4 et:
diff --git a/testing/cryptsetup/encrypt_install b/testing/cryptsetup/encrypt_install
deleted file mode 100644
index 38e5ddc57..000000000
--- a/testing/cryptsetup/encrypt_install
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/bash
-
-build() {
- local mod
-
- add_module dm-crypt
- if [[ $CRYPTO_MODULES ]]; then
- for mod in $CRYPTO_MODULES; do
- add_module "$mod"
- done
- else
- add_all_modules '/crypto/'
- fi
-
- add_binary "cryptsetup"
- add_binary "dmsetup"
- add_file "/usr/lib/udev/rules.d/10-dm.rules"
- add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
- add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
- add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
-
- add_runscript
-}
-
-help() {
- cat <<HELPEOF
-This hook allows for an encrypted root device. Users should specify the device
-to be unlocked using 'cryptdevice=device:dmname' on the kernel command line,
-where 'device' is the path to the raw device, and 'dmname' is the name given to
-the device after unlocking, and will be available as /dev/mapper/dmname.
-
-For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on
-the kernel cmdline, where 'device' represents the raw block device where the key
-exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is
-the absolute path of the keyfile within the device.
-
-Without specifying a keyfile, you will be prompted for the password at runtime.
-This means you must have a keyboard available to input it, and you may need
-the keymap hook as well to ensure that the keyboard is using the layout you
-expect.
-HELPEOF
-}
-
-# vim: set ft=sh ts=4 sw=4 et: