[arch-commits] Commit in cryptsetup/trunk (PKGBUILD encrypt_hook)
Thomas Bächler
thomas at archlinux.org
Sun Jun 7 13:25:32 UTC 2009
Date: Sunday, June 7, 2009 @ 09:25:32
Author: thomas
Revision: 41835
upgpkg: cryptsetup 1.0.6-3
Modified:
cryptsetup/trunk/PKGBUILD
cryptsetup/trunk/encrypt_hook
--------------+
PKGBUILD | 7 +-
encrypt_hook | 137 +++++++++++++++++++++++++++++----------------------------
2 files changed, 76 insertions(+), 68 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2009-06-07 13:24:26 UTC (rev 41834)
+++ PKGBUILD 2009-06-07 13:25:32 UTC (rev 41835)
@@ -2,13 +2,14 @@
# Maintainer: Judd Vinet <jvinet at zeroflux.org>
pkgname=cryptsetup
pkgver=1.0.6
-pkgrel=2
+pkgrel=3
pkgdesc="Userspace setup tool for transparent encryption of block devices using the Linux 2.6 cryptoapi"
arch=(i686 x86_64)
license=('GPL')
-url="http://luks.endorphin.org/dm-crypt"
+url="http://code.google.com/p/cryptsetup/"
groups=('base')
depends=('device-mapper' 'libgcrypt' 'popt' 'e2fsprogs')
+conflicts=('mkinitcpio<0.5.24.99')
options=('!libtool' '!emptydirs')
source=(http://luks.endorphin.org/source/cryptsetup-$pkgver.tar.bz2
encrypt_hook
@@ -16,7 +17,7 @@
luksOpen-status.patch
fix-udevsettle-call.patch)
md5sums=('00d452eb7a76e39f5749545d48934a10'
- '40fee2419cd444cfb283c311f9555d2d'
+ '6bdb1b83539453d403335aed1a579a5c'
'24b76e9cb938bc3c8dcff396cbab28c7'
'd4be8d2059d5427c057be4de4e948887'
'9c62a0fdc8e579ff3a8dc11c884a4c3c')
Modified: encrypt_hook
===================================================================
--- encrypt_hook 2009-06-07 13:24:26 UTC (rev 41834)
+++ encrypt_hook 2009-06-07 13:25:32 UTC (rev 41835)
@@ -15,13 +15,7 @@
ckeyfile="/crypto_keyfile.bin"
if [ "x${cryptkey}" != "x" ]; then
set -- $(/bin/replace "${cryptkey}" ':'); ckdev=$1; ckarg1=$2; ckarg2=$3
- try=10
- echo "Waiting for ${ckdev} ..."
- while [ ! -b ${ckdev} -a ${try} -gt 0 ]; do
- sleep 1
- try=$((${try}-1))
- done
- if [ -b ${ckdev} ]; then
+ if poll_device "${ckdev}" ${rootdelay}; then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
@@ -42,79 +36,92 @@
fi
if [ -n "${cryptdevice}" ]; then
+ DEPRECATED_CRYPT=0
set -- $(/bin/replace "${cryptdevice}" ':'); cryptdev="$1"; cryptname="$2";
else
+ DEPRECATED_CRYPT=1
cryptdev="${root}"
cryptname="root"
fi
- if /bin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
- dopassphrase=1
- # If keyfile exists, try to use that
- if [ -f ${ckeyfile} ]; then
- if eval /bin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
- dopassphrase=0
- else
- echo "Invalid keyfile. Reverting to passphrase."
- fi
- fi
- # Ask for a passphrase
- if [ ${dopassphrase} -gt 0 ]; then
- echo ""
- echo "A password is required to access the ${cryptname} volume:"
+ warn_deprecated() {
+ echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
+ echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
+ }
- #loop until we get a real password
- while ! eval /bin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
- sleep 2;
- done
- fi
- if [ -e "/dev/mapper/${cryptname}" ]; then
- if [ "${cryptname}" = "root" ]; then
- export root="/dev/mapper/root"
+ if poll_device "${cryptdev}" ${rootdelay}; then
+ if /bin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
+ [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
+ dopassphrase=1
+ # If keyfile exists, try to use that
+ if [ -f ${ckeyfile} ]; then
+ if eval /bin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
+ dopassphrase=0
+ else
+ echo "Invalid keyfile. Reverting to passphrase."
+ fi
fi
- else
- err "Password succeeded, but ${cryptname} creation failed, aborting..."
- exit 1
- fi
- elif [ "x${crypto}" != "x" ]; then
- do_oldcrypto ()
- {
- if [ $# -ne 5 ]; then
- err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
- err "Non-LUKS decryption not attempted..."
- return 1
- fi
- exe="/bin/cryptsetup create ${cryptname} ${cryptdev}"
- [ "x$(eval echo ${1})" != "x" ] && exe="${exe} --hash \"$(eval echo ${1})\""
- [ "x$(eval echo ${2})" != "x" ] && exe="${exe} --cipher \"$(eval echo ${2})\""
- [ "x$(eval echo ${3})" != "x" ] && exe="${exe} --key-size \"$(eval echo ${3})\""
- [ "x$(eval echo ${4})" != "x" ] && exe="${exe} --offset \"$(eval echo ${4})\""
- [ "x$(eval echo ${5})" != "x" ] && exe="${exe} --skip \"$(eval echo ${5})\""
- if [ -f ${ckeyfile} ]; then
- exe="${exe} --key-file ${ckeyfile}"
- else
- exe="${exe} --verify-passphrase"
+ # Ask for a passphrase
+ if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume:"
+
+ #loop until we get a real password
+ while ! eval /bin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
+ sleep 2;
+ done
fi
- eval "${exe} ${CSQUIET}"
- }
+ if [ -e "/dev/mapper/${cryptname}" ]; then
+ if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
+ export root="/dev/mapper/root"
+ fi
+ else
+ err "Password succeeded, but ${cryptname} creation failed, aborting..."
+ exit 1
+ fi
+ elif [ "x${crypto}" != "x" ]; then
+ [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
+ do_oldcrypto ()
+ {
+ if [ $# -ne 5 ]; then
+ err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
+ err "Non-LUKS decryption not attempted..."
+ return 1
+ fi
+ exe="/bin/cryptsetup create ${cryptname} ${cryptdev}"
+ [ "x$(eval echo ${1})" != "x" ] && exe="${exe} --hash \"$(eval echo ${1})\""
+ [ "x$(eval echo ${2})" != "x" ] && exe="${exe} --cipher \"$(eval echo ${2})\""
+ [ "x$(eval echo ${3})" != "x" ] && exe="${exe} --key-size \"$(eval echo ${3})\""
+ [ "x$(eval echo ${4})" != "x" ] && exe="${exe} --offset \"$(eval echo ${4})\""
+ [ "x$(eval echo ${5})" != "x" ] && exe="${exe} --skip \"$(eval echo ${5})\""
+ if [ -f ${ckeyfile} ]; then
+ exe="${exe} --key-file ${ckeyfile}"
+ else
+ exe="${exe} --verify-passphrase"
+ echo ""
+ echo "A password is required to access the ${cryptname} volume:"
+ fi
+ eval "${exe} ${CSQUIET}"
+ }
- msg "Non-LUKS encrypted device found..."
- do_oldcrypto $(/bin/replace -q "${crypto}" ':')
+ msg "Non-LUKS encrypted device found..."
+ do_oldcrypto $(/bin/replace -q "${crypto}" ':')
- if [ $? -ne 0 ]; then
- err "Non-LUKS device decryption failed. verify format: "
- err " crypto=hash:cipher:keysize:offset:skip"
- exit 1
- fi
- if [ -e "/dev/mapper/${cryptname}" ]; then
- if [ "${cryptname}" = "root" ]; then
- export root="/dev/mapper/root"
+ if [ $? -ne 0 ]; then
+ err "Non-LUKS device decryption failed. verify format: "
+ err " crypto=hash:cipher:keysize:offset:skip"
+ exit 1
fi
+ if [ -e "/dev/mapper/${cryptname}" ]; then
+ if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
+ export root="/dev/mapper/root"
+ fi
+ else
+ err "Password succeeded, but ${cryptname} creation failed, aborting..."
+ exit 1
+ fi
else
- err "Password succeeded, but ${cryptname} creation failed, aborting..."
- exit 1
+ err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
fi
fi
nuke ${ckeyfile}
More information about the arch-commits
mailing list