[arch-commits] Commit in cryptsetup/repos (7 files)
Eric Bélanger
eric at archlinux.org
Thu Apr 26 22:51:20 UTC 2012
Date: Thursday, April 26, 2012 @ 18:51:20
Author: eric
Revision: 157319
db-move: moved cryptsetup from [testing] to [core] (i686)
Added:
cryptsetup/repos/core-i686/PKGBUILD
(from rev 157316, cryptsetup/repos/testing-i686/PKGBUILD)
cryptsetup/repos/core-i686/encrypt_hook
(from rev 157316, cryptsetup/repos/testing-i686/encrypt_hook)
cryptsetup/repos/core-i686/encrypt_install
(from rev 157316, cryptsetup/repos/testing-i686/encrypt_install)
Deleted:
cryptsetup/repos/core-i686/PKGBUILD
cryptsetup/repos/core-i686/encrypt_hook
cryptsetup/repos/core-i686/encrypt_install
cryptsetup/repos/testing-i686/
-----------------+
PKGBUILD | 71 ++++++------
encrypt_hook | 296 +++++++++++++++++++++++++++---------------------------
encrypt_install | 52 ++++-----
3 files changed, 208 insertions(+), 211 deletions(-)
Deleted: core-i686/PKGBUILD
===================================================================
--- core-i686/PKGBUILD 2012-04-26 22:51:18 UTC (rev 157318)
+++ core-i686/PKGBUILD 2012-04-26 22:51:20 UTC (rev 157319)
@@ -1,37 +0,0 @@
-# $Id$
-# Maintainer: Thomas Bächler <thomas at archlinux.org>
-pkgname=cryptsetup
-pkgver=1.4.1
-pkgrel=1
-pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt"
-arch=(i686 x86_64)
-license=('GPL')
-url="http://code.google.com/p/cryptsetup/"
-groups=('base')
-depends=('device-mapper>=2.02.85-2' 'libgcrypt' 'popt')
-conflicts=('mkinitcpio<0.7')
-options=('!libtool' '!emptydirs')
-source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2
- http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2.asc
- encrypt_hook
- encrypt_install)
-sha256sums=('82b143328c2b427ef2b89fb76c701d311c95b54093c21bbf22342f7b393bddcb'
- '71c6506d4b6d0b22b9b6c2a68e604959e4c072af04680ed6acc0126c97bdbc88'
- '811bbea1337106ad811731c746d73ee81039bad00aef52398e3a377ad0766757'
- 'd4380195351b70abf8fcb3cd19461879c55a7a07e4915d1f0365b295b112a573')
-build() {
- cd "${srcdir}"/$pkgname-${pkgver}
- ./configure --prefix=/usr --disable-static --sbindir=/sbin --libdir=/lib
- make
-}
-
-package() {
- cd "${srcdir}"/$pkgname-${pkgver}
- make DESTDIR="${pkgdir}" install
- # install hook
- install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/lib/initcpio/hooks/encrypt
- install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/lib/initcpio/install/encrypt
- # Fix pkgconfig location
- install -d -m755 "${pkgdir}"/usr/lib
- mv "${pkgdir}"/lib/pkgconfig "${pkgdir}"/usr/lib/
-}
Copied: cryptsetup/repos/core-i686/PKGBUILD (from rev 157316, cryptsetup/repos/testing-i686/PKGBUILD)
===================================================================
--- core-i686/PKGBUILD (rev 0)
+++ core-i686/PKGBUILD 2012-04-26 22:51:20 UTC (rev 157319)
@@ -0,0 +1,34 @@
+# $Id$
+# Maintainer: Thomas Bächler <thomas at archlinux.org>
+pkgname=cryptsetup
+pkgver=1.4.1
+pkgrel=3
+pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt"
+arch=(i686 x86_64)
+license=('GPL')
+url="http://code.google.com/p/cryptsetup/"
+groups=('base')
+depends=('device-mapper>=2.02.85-2' 'libgcrypt' 'popt')
+conflicts=('mkinitcpio<0.7')
+options=('!libtool' '!emptydirs')
+source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2
+ http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2.asc
+ encrypt_hook
+ encrypt_install)
+sha256sums=('82b143328c2b427ef2b89fb76c701d311c95b54093c21bbf22342f7b393bddcb'
+ '71c6506d4b6d0b22b9b6c2a68e604959e4c072af04680ed6acc0126c97bdbc88'
+ '811bbea1337106ad811731c746d73ee81039bad00aef52398e3a377ad0766757'
+ 'ddbbdcb8eff93a3a7622ec633e90d5c0d68e3afbeaf942dc2309adab345047d4')
+build() {
+ cd "${srcdir}"/$pkgname-${pkgver}
+ ./configure --prefix=/usr --disable-static --sbindir=/sbin
+ make
+}
+
+package() {
+ cd "${srcdir}"/$pkgname-${pkgver}
+ make DESTDIR="${pkgdir}" install
+ # install hook
+ install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/usr/lib/initcpio/hooks/encrypt
+ install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt
+}
Deleted: core-i686/encrypt_hook
===================================================================
--- core-i686/encrypt_hook 2012-04-26 22:51:18 UTC (rev 157318)
+++ core-i686/encrypt_hook 2012-04-26 22:51:20 UTC (rev 157319)
@@ -1,148 +0,0 @@
-# vim: set ft=sh:
-# TODO this one needs some work to work with lots of different
-# encryption schemes
-run_hook ()
-{
- /sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
- if [ -e "/sys/class/misc/device-mapper" ]; then
- if [ ! -e "/dev/mapper/control" ]; then
- mkdir /dev/mapper
- mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
- fi
- [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
-
- # Get keyfile if specified
- ckeyfile="/crypto_keyfile.bin"
- if [ "x${cryptkey}" != "x" ]; then
- ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
- ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
- ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
- if poll_device "${ckdev}" ${rootdelay}; then
- case ${ckarg1} in
- *[!0-9]*)
- # Use a file on the device
- # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
- mkdir /ckey
- mount -r -t ${ckarg1} ${ckdev} /ckey
- dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
- umount /ckey
- ;;
- *)
- # Read raw data from the block device
- # ckarg1 is numeric: ckarg1=offset, ckarg2=length
- dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
- ;;
- esac
- fi
- [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
- fi
-
- if [ -n "${cryptdevice}" ]; then
- DEPRECATED_CRYPT=0
- cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
- cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
- cryptoptions="$(echo "${cryptdevice}" | cut -d: -f3)"
- else
- DEPRECATED_CRYPT=1
- cryptdev="${root}"
- cryptname="root"
- fi
-
- warn_deprecated() {
- echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
- echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
- }
-
- OLDIFS="${IFS}"
- IFS=","
- for cryptopt in ${cryptoptions}; do
- case ${cryptopt} in
- allow-discards)
- echo "Enabling TRIM/discard support."
- cryptargs="${cryptargs} --allow-discards"
- ;;
- *)
- echo "Encryption option '${cryptopt}' not known, ignoring." >&2
- ;;
- esac
- done
- IFS="${OLDIFS}"
-
- if poll_device "${cryptdev}" ${rootdelay}; then
- if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
- [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
- dopassphrase=1
- # If keyfile exists, try to use that
- if [ -f ${ckeyfile} ]; then
- if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; then
- dopassphrase=0
- else
- echo "Invalid keyfile. Reverting to passphrase."
- fi
- fi
- # Ask for a passphrase
- if [ ${dopassphrase} -gt 0 ]; then
- echo ""
- echo "A password is required to access the ${cryptname} volume:"
-
- #loop until we get a real password
- while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; do
- sleep 2;
- done
- fi
- if [ -e "/dev/mapper/${cryptname}" ]; then
- if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
- export root="/dev/mapper/root"
- fi
- else
- err "Password succeeded, but ${cryptname} creation failed, aborting..."
- exit 1
- fi
- elif [ -n "${crypto}" ]; then
- [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
- msg "Non-LUKS encrypted device found..."
- if [ $# -ne 5 ]; then
- err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
- err "Non-LUKS decryption not attempted..."
- return 1
- fi
- exe="/sbin/cryptsetup create ${cryptname} ${cryptdev} ${cryptargs}"
- tmp=$(echo "${crypto}" | cut -d: -f1)
- [ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
- tmp=$(echo "${crypto}" | cut -d: -f2)
- [ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
- tmp=$(echo "${crypto}" | cut -d: -f3)
- [ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
- tmp=$(echo "${crypto}" | cut -d: -f4)
- [ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
- tmp=$(echo "${crypto}" | cut -d: -f5)
- [ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
- if [ -f ${ckeyfile} ]; then
- exe="${exe} --key-file ${ckeyfile}"
- else
- exe="${exe} --verify-passphrase"
- echo ""
- echo "A password is required to access the ${cryptname} volume:"
- fi
- eval "${exe} ${CSQUIET}"
-
- if [ $? -ne 0 ]; then
- err "Non-LUKS device decryption failed. verify format: "
- err " crypto=hash:cipher:keysize:offset:skip"
- exit 1
- fi
- if [ -e "/dev/mapper/${cryptname}" ]; then
- if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
- export root="/dev/mapper/root"
- fi
- else
- err "Password succeeded, but ${cryptname} creation failed, aborting..."
- exit 1
- fi
- else
- err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
- fi
- fi
- rm -f ${ckeyfile}
- fi
-}
Copied: cryptsetup/repos/core-i686/encrypt_hook (from rev 157316, cryptsetup/repos/testing-i686/encrypt_hook)
===================================================================
--- core-i686/encrypt_hook (rev 0)
+++ core-i686/encrypt_hook 2012-04-26 22:51:20 UTC (rev 157319)
@@ -0,0 +1,148 @@
+# vim: set ft=sh:
+# TODO this one needs some work to work with lots of different
+# encryption schemes
+run_hook ()
+{
+ /sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
+ if [ -e "/sys/class/misc/device-mapper" ]; then
+ if [ ! -e "/dev/mapper/control" ]; then
+ mkdir /dev/mapper
+ mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
+ fi
+ [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
+
+ # Get keyfile if specified
+ ckeyfile="/crypto_keyfile.bin"
+ if [ "x${cryptkey}" != "x" ]; then
+ ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
+ ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
+ ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
+ if poll_device "${ckdev}" ${rootdelay}; then
+ case ${ckarg1} in
+ *[!0-9]*)
+ # Use a file on the device
+ # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
+ mkdir /ckey
+ mount -r -t ${ckarg1} ${ckdev} /ckey
+ dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
+ umount /ckey
+ ;;
+ *)
+ # Read raw data from the block device
+ # ckarg1 is numeric: ckarg1=offset, ckarg2=length
+ dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
+ ;;
+ esac
+ fi
+ [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
+ fi
+
+ if [ -n "${cryptdevice}" ]; then
+ DEPRECATED_CRYPT=0
+ cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
+ cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
+ cryptoptions="$(echo "${cryptdevice}" | cut -d: -f3)"
+ else
+ DEPRECATED_CRYPT=1
+ cryptdev="${root}"
+ cryptname="root"
+ fi
+
+ warn_deprecated() {
+ echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
+ echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
+ }
+
+ OLDIFS="${IFS}"
+ IFS=","
+ for cryptopt in ${cryptoptions}; do
+ case ${cryptopt} in
+ allow-discards)
+ echo "Enabling TRIM/discard support."
+ cryptargs="${cryptargs} --allow-discards"
+ ;;
+ *)
+ echo "Encryption option '${cryptopt}' not known, ignoring." >&2
+ ;;
+ esac
+ done
+ IFS="${OLDIFS}"
+
+ if poll_device "${cryptdev}" ${rootdelay}; then
+ if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
+ [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
+ dopassphrase=1
+ # If keyfile exists, try to use that
+ if [ -f ${ckeyfile} ]; then
+ if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; then
+ dopassphrase=0
+ else
+ echo "Invalid keyfile. Reverting to passphrase."
+ fi
+ fi
+ # Ask for a passphrase
+ if [ ${dopassphrase} -gt 0 ]; then
+ echo ""
+ echo "A password is required to access the ${cryptname} volume:"
+
+ #loop until we get a real password
+ while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; do
+ sleep 2;
+ done
+ fi
+ if [ -e "/dev/mapper/${cryptname}" ]; then
+ if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
+ export root="/dev/mapper/root"
+ fi
+ else
+ err "Password succeeded, but ${cryptname} creation failed, aborting..."
+ exit 1
+ fi
+ elif [ -n "${crypto}" ]; then
+ [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
+ msg "Non-LUKS encrypted device found..."
+ if [ $# -ne 5 ]; then
+ err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
+ err "Non-LUKS decryption not attempted..."
+ return 1
+ fi
+ exe="/sbin/cryptsetup create ${cryptname} ${cryptdev} ${cryptargs}"
+ tmp=$(echo "${crypto}" | cut -d: -f1)
+ [ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
+ tmp=$(echo "${crypto}" | cut -d: -f2)
+ [ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
+ tmp=$(echo "${crypto}" | cut -d: -f3)
+ [ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
+ tmp=$(echo "${crypto}" | cut -d: -f4)
+ [ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
+ tmp=$(echo "${crypto}" | cut -d: -f5)
+ [ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
+ if [ -f ${ckeyfile} ]; then
+ exe="${exe} --key-file ${ckeyfile}"
+ else
+ exe="${exe} --verify-passphrase"
+ echo ""
+ echo "A password is required to access the ${cryptname} volume:"
+ fi
+ eval "${exe} ${CSQUIET}"
+
+ if [ $? -ne 0 ]; then
+ err "Non-LUKS device decryption failed. verify format: "
+ err " crypto=hash:cipher:keysize:offset:skip"
+ exit 1
+ fi
+ if [ -e "/dev/mapper/${cryptname}" ]; then
+ if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
+ export root="/dev/mapper/root"
+ fi
+ else
+ err "Password succeeded, but ${cryptname} creation failed, aborting..."
+ exit 1
+ fi
+ else
+ err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
+ fi
+ fi
+ rm -f ${ckeyfile}
+ fi
+}
Deleted: core-i686/encrypt_install
===================================================================
--- core-i686/encrypt_install 2012-04-26 22:51:18 UTC (rev 157318)
+++ core-i686/encrypt_install 2012-04-26 22:51:20 UTC (rev 157319)
@@ -1,26 +0,0 @@
-# vim: set ft=sh:
-
-build()
-{
- if [ -z "${CRYPTO_MODULES}" ]; then
- MODULES=" dm-crypt $(all_modules "/crypto/") "
- else
- MODULES=" dm-crypt ${CRYPTO_MODULES} "
- fi
- FILES=""
- SCRIPT="encrypt"
- [ -f "/sbin/cryptsetup" ] && add_binary "/sbin/cryptsetup" "/sbin/cryptsetup"
- [ -f "/usr/sbin/cryptsetup" ] && add_binary "/usr/sbin/cryptsetup" "/sbin/cryptsetup"
- add_binary "/sbin/dmsetup"
- add_file "/lib/udev/rules.d/10-dm.rules"
- add_file "/lib/udev/rules.d/13-dm-disk.rules"
- add_file "/lib/udev/rules.d/95-dm-notify.rules"
- add_file "/lib/initcpio/udev/11-dm-initramfs.rules" "/lib/udev/rules.d/11-dm-initramfs.rules"
-}
-
-help ()
-{
-cat<<HELPEOF
- This hook allows for an encrypted root device.
-HELPEOF
-}
Copied: cryptsetup/repos/core-i686/encrypt_install (from rev 157316, cryptsetup/repos/testing-i686/encrypt_install)
===================================================================
--- core-i686/encrypt_install (rev 0)
+++ core-i686/encrypt_install 2012-04-26 22:51:20 UTC (rev 157319)
@@ -0,0 +1,26 @@
+# vim: set ft=sh:
+
+build()
+{
+ if [ -z "${CRYPTO_MODULES}" ]; then
+ MODULES=" dm-crypt $(all_modules "/crypto/") "
+ else
+ MODULES=" dm-crypt ${CRYPTO_MODULES} "
+ fi
+ FILES=""
+ SCRIPT="encrypt"
+ [ -f "/sbin/cryptsetup" ] && add_binary "/sbin/cryptsetup" "/sbin/cryptsetup"
+ [ -f "/usr/sbin/cryptsetup" ] && add_binary "/usr/sbin/cryptsetup" "/sbin/cryptsetup"
+ add_binary "/sbin/dmsetup"
+ add_file "/usr/lib/udev/rules.d/10-dm.rules"
+ add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
+ add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
+ add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
+}
+
+help ()
+{
+cat<<HELPEOF
+ This hook allows for an encrypted root device.
+HELPEOF
+}
More information about the arch-commits
mailing list