Tue Nov 8 23:14:49 UTC 2011

author: root <root@rshg054.dnsready.net> 2011-11-08 23:14:49 +0000
committer: root <root@rshg054.dnsready.net> 2011-11-08 23:14:49 +0000
commit: ddba9670c1518d9b420db6a6dca01a4a4a4136c7 (patch)
tree: 8b5ba5ea49ecb6848eba27d2eb609100de5e760a /core/cryptsetup
parent: effb26c3b1f00bf8bea4e2562f07f9a06eb67606 (diff)
3 files changed, 130 insertions, 18 deletions
diff --git a/core/cryptsetup/PKGBUILD b/core/cryptsetup/PKGBUILD
index a2a11ec9e..f68636212 100644
--- a/core/cryptsetup/PKGBUILD
+++ b/core/cryptsetup/PKGBUILD
@@ -1,9 +1,9 @@
-# $Id: PKGBUILD 129976 2011-06-30 17:57:50Z thomas $
+# $Id: PKGBUILD 142292 2011-11-08 00:30:49Z thomas $
 # Maintainer: Thomas Bächler <thomas@archlinux.org>
 pkgname=cryptsetup
-pkgver=1.3.1
+pkgver=1.4.0
 pkgrel=2
-pkgdesc="Userspace setup tool for transparent encryption of block devices using the Linux 2.6 cryptoapi"
+pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt"
 arch=(i686 x86_64)
 license=('GPL')
 url="http://code.google.com/p/cryptsetup/"
@@ -13,24 +13,26 @@ conflicts=('mkinitcpio<0.7')
 options=('!libtool' '!emptydirs')
 source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2
         encrypt_hook
-	encrypt_install)
-sha256sums=('7ceb18a0c91fa1546077b41b93463dd2ec9d7f83e6fd93757fb84cc608206a6a'
-            'b8269d358363eb8d67d1ffa1469068e454a89154636283bcc3edc6486b7fff4e'
-            'd4380195351b70abf8fcb3cd19461879c55a7a07e4915d1f0365b295b112a573')
-
+	encrypt_install
+	cryptsetup-fix-crypt_get_volume_key_size-for-plain-device.patch)
+sha256sums=('96d682853c8019cfeae0b21250cd2d00af42e46251807e8dbda2ff8427c2e9ed'
+            '811bbea1337106ad811731c746d73ee81039bad00aef52398e3a377ad0766757'
+            'd4380195351b70abf8fcb3cd19461879c55a7a07e4915d1f0365b295b112a573'
+            '6fa1d3172014ba3ba96f7a67acbcae7f26b24a61abb84b3917f526a54f81dd87')
 build() {
-  cd $srcdir/$pkgname-${pkgver}
+  cd "${srcdir}"/$pkgname-${pkgver}
+  patch -p0 -i "${srcdir}"/cryptsetup-fix-crypt_get_volume_key_size-for-plain-device.patch
   ./configure --prefix=/usr --disable-static --sbindir=/sbin --libdir=/lib
   make
 }
 
 package() {
-  cd $srcdir/$pkgname-${pkgver}
-  make DESTDIR=$pkgdir install
+  cd "${srcdir}"/$pkgname-${pkgver}
+  make DESTDIR="${pkgdir}" install
   # install hook
-  install -D -m644 $srcdir/encrypt_hook $pkgdir/lib/initcpio/hooks/encrypt
-  install -D -m644 $srcdir/encrypt_install $pkgdir/lib/initcpio/install/encrypt
+  install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/lib/initcpio/hooks/encrypt
+  install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/lib/initcpio/install/encrypt
   # Fix pkgconfig location
-  install -d -m755 $pkgdir/usr/lib
-  mv $pkgdir/lib/pkgconfig $pkgdir/usr/lib/
+  install -d -m755 "${pkgdir}"/usr/lib
+  mv "${pkgdir}"/lib/pkgconfig "${pkgdir}"/usr/lib/
 }
diff --git a/core/cryptsetup/cryptsetup-fix-crypt_get_volume_key_size-for-plain-device.patch b/core/cryptsetup/cryptsetup-fix-crypt_get_volume_key_size-for-plain-device.patch
new file mode 100644
index 000000000..f35226122
--- /dev/null
+++ b/core/cryptsetup/cryptsetup-fix-crypt_get_volume_key_size-for-plain-device.patch
@@ -0,0 +1,94 @@
+Index: ChangeLog
+===================================================================
+--- ChangeLog	(Revision 664)
++++ ChangeLog	(Revision 665)
+@@ -1,3 +1,6 @@
++2011-10-27  Milan Broz  <mbroz@redhat.com>
++	* Fix crypt_get_volume_key_size() for plain device.
++
+ 2011-10-25  Milan Broz  <mbroz@redhat.com>
+ 	* Print informative message in isLuks only in verbose mode.
+ 	* Version 1.4.0.
+Index: tests/api-test.c
+===================================================================
+--- tests/api-test.c	(Revision 664)
++++ tests/api-test.c	(Revision 665)
+@@ -660,6 +660,11 @@
+ 
+ 	FAIL_(crypt_init_by_name_and_header(&cd, CDEVICE_1, H_DEVICE),"can't init plain device by header device");
+ 	OK_(crypt_init_by_name(&cd, CDEVICE_1));
++	OK_(strcmp(cipher_mode,crypt_get_cipher_mode(cd)));
++	OK_(strcmp(cipher,crypt_get_cipher(cd)));
++	EQ_((int)key_size, crypt_get_volume_key_size(cd));
++	EQ_(params.skip, crypt_get_iv_offset(cd));
++	EQ_(params.offset, crypt_get_data_offset(cd));
+ 	OK_(crypt_deactivate(cd, CDEVICE_1));
+ 	crypt_free(cd);
+ 
+Index: lib/setup.c
+===================================================================
+--- lib/setup.c	(Revision 664)
++++ lib/setup.c	(Revision 665)
+@@ -56,6 +56,7 @@
+ 	char *plain_cipher;
+ 	char *plain_cipher_mode;
+ 	char *plain_uuid;
++	unsigned int plain_key_size;
+ 
+ 	/* used in CRYPT_LOOPAES */
+ 	struct crypt_params_loopaes loopaes_hdr;
+@@ -677,6 +678,7 @@
+ 		(*cd)->plain_hdr.hash = NULL; /* no way to get this */
+ 		(*cd)->plain_hdr.offset = dmd.offset;
+ 		(*cd)->plain_hdr.skip = dmd.iv_offset;
++		(*cd)->plain_key_size = dmd.vk->keylength;
+ 
+ 		r = crypt_parse_name_and_mode(dmd.cipher, cipher, NULL, cipher_mode);
+ 		if (!r) {
+@@ -754,6 +756,7 @@
+ 		return -EINVAL;
+ 	}
+ 
++	cd->plain_key_size = volume_key_size;
+ 	cd->volume_key = crypt_alloc_volume_key(volume_key_size, NULL);
+ 	if (!cd->volume_key)
+ 		return -ENOMEM;
+@@ -1516,7 +1519,7 @@
+ 		}
+ 
+ 		r = process_key(cd, cd->plain_hdr.hash,
+-				cd->volume_key->keylength,
++				cd->plain_key_size,
+ 				passphrase, passphrase_size, &vk);
+ 		if (r < 0)
+ 			goto out;
+@@ -1586,7 +1589,7 @@
+ 			goto out;
+ 
+ 		r = process_key(cd, cd->plain_hdr.hash,
+-				cd->volume_key->keylength,
++				cd->plain_key_size,
+ 				passphrase_read, passphrase_size_read, &vk);
+ 		if (r < 0)
+ 			goto out;
+@@ -1658,8 +1661,7 @@
+ 		if (!name)
+ 			return -EINVAL;
+ 
+-		if (!volume_key || !volume_key_size || !cd->volume_key ||
+-			volume_key_size != cd->volume_key->keylength) {
++		if (!volume_key || !volume_key_size || volume_key_size != cd->plain_key_size) {
+ 			log_err(cd, _("Incorrect volume key specified for plain device.\n"));
+ 			return -EINVAL;
+ 		}
+@@ -1976,8 +1978,8 @@
+ 
+ int crypt_get_volume_key_size(struct crypt_device *cd)
+ {
+-	if (isPLAIN(cd->type) && cd->volume_key)
+-		return cd->volume_key->keylength;
++	if (isPLAIN(cd->type))
++		return cd->plain_key_size;
+ 
+ 	if (isLUKS(cd->type))
+ 		return cd->hdr.keyBytes;
diff --git a/core/cryptsetup/encrypt_hook b/core/cryptsetup/encrypt_hook
index 54aaa2236..956b18023 100644
--- a/core/cryptsetup/encrypt_hook
+++ b/core/cryptsetup/encrypt_hook
@@ -41,6 +41,7 @@ run_hook ()
             DEPRECATED_CRYPT=0
             cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
             cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
+            cryptoptions="$(echo "${cryptdevice}" | cut -d: -f3)"
         else
             DEPRECATED_CRYPT=1
             cryptdev="${root}"
@@ -52,13 +53,28 @@ run_hook ()
             echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
         }
 
+        OLDIFS="${IFS}"
+        IFS=","
+        for cryptopt in ${cryptoptions}; do
+            case ${cryptopt} in
+                allow-discards)
+                    echo "Enabling TRIM/discard support."
+                    cryptargs="${cryptargs} --allow-discards"
+                    ;;
+                *)
+                    echo "Encryption option '${cryptopt}' not known, ignoring." >&2
+                    ;;
+            esac
+        done
+        IFS="${OLDIFS}"
+
         if  poll_device "${cryptdev}" ${rootdelay}; then
             if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
                 [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
                 dopassphrase=1
                 # If keyfile exists, try to use that
                 if [ -f ${ckeyfile} ]; then
-                    if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
+                    if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; then
                         dopassphrase=0
                     else
                         echo "Invalid keyfile. Reverting to passphrase."
@@ -70,7 +86,7 @@ run_hook ()
                     echo "A password is required to access the ${cryptname} volume:"
 
                     #loop until we get a real password
-                    while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
+                    while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; do
                         sleep 2;
                     done
                 fi
@@ -90,7 +106,7 @@ run_hook ()
                     err "Non-LUKS decryption not attempted..."
                     return 1
                 fi
-                exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
+                exe="/sbin/cryptsetup create ${cryptname} ${cryptdev} ${cryptargs}"
                 tmp=$(echo "${crypto}" | cut -d: -f1)
                 [ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
                 tmp=$(echo "${crypto}" | cut -d: -f2)
author	root <root@rshg054.dnsready.net>	2011-11-08 23:14:49 +0000
committer	root <root@rshg054.dnsready.net>	2011-11-08 23:14:49 +0000
commit	ddba9670c1518d9b420db6a6dca01a4a4a4136c7 (patch)
tree	8b5ba5ea49ecb6848eba27d2eb609100de5e760a /core/cryptsetup
parent	effb26c3b1f00bf8bea4e2562f07f9a06eb67606 (diff)