[arch-commits] Commit in cryptsetup/repos (14 files)
Thomas Bächler
thomas at archlinux.org
Fri Jun 29 11:46:09 UTC 2012
Date: Friday, June 29, 2012 @ 07:46:09
Author: thomas
Revision: 162744
db-move: moved cryptsetup from [testing] to [core] ( i686, x86_64)
Added:
cryptsetup/repos/core-i686/PKGBUILD
(from rev 162743, cryptsetup/repos/testing-i686/PKGBUILD)
cryptsetup/repos/core-i686/encrypt_hook
(from rev 162743, cryptsetup/repos/testing-i686/encrypt_hook)
cryptsetup/repos/core-i686/encrypt_install
(from rev 162743, cryptsetup/repos/testing-i686/encrypt_install)
cryptsetup/repos/core-x86_64/PKGBUILD
(from rev 162743, cryptsetup/repos/testing-x86_64/PKGBUILD)
cryptsetup/repos/core-x86_64/encrypt_hook
(from rev 162743, cryptsetup/repos/testing-x86_64/encrypt_hook)
cryptsetup/repos/core-x86_64/encrypt_install
(from rev 162743, cryptsetup/repos/testing-x86_64/encrypt_install)
Deleted:
cryptsetup/repos/core-i686/PKGBUILD
cryptsetup/repos/core-i686/encrypt_hook
cryptsetup/repos/core-i686/encrypt_install
cryptsetup/repos/core-x86_64/PKGBUILD
cryptsetup/repos/core-x86_64/encrypt_hook
cryptsetup/repos/core-x86_64/encrypt_install
cryptsetup/repos/testing-i686/
cryptsetup/repos/testing-x86_64/
-----------------------------+
core-i686/PKGBUILD | 70 +++++-----
core-i686/encrypt_hook | 276 +++++++++++++++++++++---------------------
core-i686/encrypt_install | 88 ++++++-------
core-x86_64/PKGBUILD | 70 +++++-----
core-x86_64/encrypt_hook | 276 +++++++++++++++++++++---------------------
core-x86_64/encrypt_install | 88 ++++++-------
6 files changed, 434 insertions(+), 434 deletions(-)
Deleted: core-i686/PKGBUILD
===================================================================
--- core-i686/PKGBUILD 2012-06-29 11:34:32 UTC (rev 162743)
+++ core-i686/PKGBUILD 2012-06-29 11:46:09 UTC (rev 162744)
@@ -1,35 +0,0 @@
-# $Id$
-# Maintainer: Thomas Bächler <thomas at archlinux.org>
-pkgname=cryptsetup
-pkgver=1.4.2
-pkgrel=2
-pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt"
-arch=(i686 x86_64)
-license=('GPL')
-url="http://code.google.com/p/cryptsetup/"
-groups=('base')
-depends=('device-mapper>=2.02.85-2' 'libgcrypt' 'popt')
-conflicts=('mkinitcpio<0.7')
-options=('!libtool' '!emptydirs')
-source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2
- http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2.asc
- encrypt_hook
- encrypt_install)
-sha256sums=('1fe80d7b19d24b3f65d2e446decfed859e2c4d17fdf7c19289d82dc7cd60dfe7'
- '4e6dbece8d1baad861479aca70d0cf30887420da9b5eab45d65d064c656893ed'
- 'e0cbcabb81233b4d465833dca0faf1e762dc3cb6611597a25fe24e5d7209f316'
- 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae')
-
-build() {
- cd "${srcdir}"/$pkgname-${pkgver}
- ./configure --prefix=/usr --disable-static
- make
-}
-
-package() {
- cd "${srcdir}"/$pkgname-${pkgver}
- make DESTDIR="${pkgdir}" install
- # install hook
- install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/usr/lib/initcpio/hooks/encrypt
- install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt
-}
Copied: cryptsetup/repos/core-i686/PKGBUILD (from rev 162743, cryptsetup/repos/testing-i686/PKGBUILD)
===================================================================
--- core-i686/PKGBUILD (rev 0)
+++ core-i686/PKGBUILD 2012-06-29 11:46:09 UTC (rev 162744)
@@ -0,0 +1,35 @@
+# $Id$
+# Maintainer: Thomas Bächler <thomas at archlinux.org>
+pkgname=cryptsetup
+pkgver=1.4.3
+pkgrel=1
+pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt"
+arch=(i686 x86_64)
+license=('GPL')
+url="http://code.google.com/p/cryptsetup/"
+groups=('base')
+depends=('device-mapper>=2.02.85-2' 'libgcrypt' 'popt' 'util-linux')
+conflicts=('mkinitcpio<0.7')
+options=('!libtool' '!emptydirs')
+source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2
+ http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2.asc
+ encrypt_hook
+ encrypt_install)
+sha256sums=('d5ff2c00f6f791d77fa5636a02ae43ddbb46c6c793bdeafdec5e38fd15f99d0a'
+ 'ad610fe77d78bf7e91b7473f9d9c84de46ed1cc21f006fe3ae4791b0b6f42f3a'
+ 'e0cbcabb81233b4d465833dca0faf1e762dc3cb6611597a25fe24e5d7209f316'
+ 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae')
+
+build() {
+ cd "${srcdir}"/$pkgname-${pkgver}
+ ./configure --prefix=/usr --disable-static
+ make
+}
+
+package() {
+ cd "${srcdir}"/$pkgname-${pkgver}
+ make DESTDIR="${pkgdir}" install
+ # install hook
+ install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/usr/lib/initcpio/hooks/encrypt
+ install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt
+}
Deleted: core-i686/encrypt_hook
===================================================================
--- core-i686/encrypt_hook 2012-06-29 11:34:32 UTC (rev 162743)
+++ core-i686/encrypt_hook 2012-06-29 11:46:09 UTC (rev 162744)
@@ -1,138 +0,0 @@
-#!/usr/bin/ash
-
-run_hook() {
- modprobe -a -q dm-crypt >/dev/null 2>&1
- [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
-
- # Get keyfile if specified
- ckeyfile="/crypto_keyfile.bin"
- if [ -n "$cryptkey" ]; then
- IFS=: read ckdev ckarg1 ckarg2 <<EOF
-$cryptkey
-EOF
-
- if resolved=$(resolve_device "${ckdev}" ${rootdelay}); then
- case ${ckarg1} in
- *[!0-9]*)
- # Use a file on the device
- # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
- mkdir /ckey
- mount -r -t "$ckarg1" "$resolved" /ckey
- dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1
- umount /ckey
- ;;
- *)
- # Read raw data from the block device
- # ckarg1 is numeric: ckarg1=offset, ckarg2=length
- dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1
- ;;
- esac
- fi
- [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
- fi
-
- if [ -n "${cryptdevice}" ]; then
- DEPRECATED_CRYPT=0
- IFS=: read cryptdev cryptname cryptoptions <<EOF
-$cryptdevice
-EOF
- else
- DEPRECATED_CRYPT=1
- cryptdev="${root}"
- cryptname="root"
- fi
-
- warn_deprecated() {
- echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
- echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
- }
-
- for cryptopt in ${cryptoptions//,/ }; do
- case ${cryptopt} in
- allow-discards)
- echo "Enabling TRIM/discard support."
- cryptargs="${cryptargs} --allow-discards"
- ;;
- *)
- echo "Encryption option '${cryptopt}' not known, ignoring." >&2
- ;;
- esac
- done
-
- if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
- if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then
- [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
- dopassphrase=1
- # If keyfile exists, try to use that
- if [ -f ${ckeyfile} ]; then
- if eval cryptsetup --key-file ${ckeyfile} luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then
- dopassphrase=0
- else
- echo "Invalid keyfile. Reverting to passphrase."
- fi
- fi
- # Ask for a passphrase
- if [ ${dopassphrase} -gt 0 ]; then
- echo ""
- echo "A password is required to access the ${cryptname} volume:"
-
- #loop until we get a real password
- while ! eval cryptsetup luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
- sleep 2;
- done
- fi
- if [ -e "/dev/mapper/${cryptname}" ]; then
- if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
- export root="/dev/mapper/root"
- fi
- else
- err "Password succeeded, but ${cryptname} creation failed, aborting..."
- exit 1
- fi
- elif [ -n "${crypto}" ]; then
- [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
- msg "Non-LUKS encrypted device found..."
- if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then
- err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
- err "Non-LUKS decryption not attempted..."
- return 1
- fi
- exe="cryptsetup create $cryptname $resolved $cryptargs"
- IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF
-$crypto
-EOF
- [ -n "$c_hash" ] && exe="$exe --hash '$c_hash'"
- [ -n "$c_cipher" ] && exe="$exe --cipher '$c_cipher'"
- [ -n "$c_keysize" ] && exe="$exe --key-size '$c_keysize'"
- [ -n "$c_offset" ] && exe="$exe --offset '$c_offset'"
- [ -n "$c_skip" ] && exe="$exe --skip '$c_skip'"
- if [ -f "$ckeyfile" ]; then
- exe="$exe --key-file $ckeyfile"
- else
- exe="$exe --verify-passphrase"
- echo ""
- echo "A password is required to access the ${cryptname} volume:"
- fi
- eval "$exe $CSQUIET"
-
- if [ $? -ne 0 ]; then
- err "Non-LUKS device decryption failed. verify format: "
- err " crypto=hash:cipher:keysize:offset:skip"
- exit 1
- fi
- if [ -e "/dev/mapper/${cryptname}" ]; then
- if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
- export root="/dev/mapper/root"
- fi
- else
- err "Password succeeded, but ${cryptname} creation failed, aborting..."
- exit 1
- fi
- else
- err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
- fi
- fi
- rm -f ${ckeyfile}
-}
-
-# vim: set ft=sh ts=4 sw=4 et:
Copied: cryptsetup/repos/core-i686/encrypt_hook (from rev 162743, cryptsetup/repos/testing-i686/encrypt_hook)
===================================================================
--- core-i686/encrypt_hook (rev 0)
+++ core-i686/encrypt_hook 2012-06-29 11:46:09 UTC (rev 162744)
@@ -0,0 +1,138 @@
+#!/usr/bin/ash
+
+run_hook() {
+ modprobe -a -q dm-crypt >/dev/null 2>&1
+ [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
+
+ # Get keyfile if specified
+ ckeyfile="/crypto_keyfile.bin"
+ if [ -n "$cryptkey" ]; then
+ IFS=: read ckdev ckarg1 ckarg2 <<EOF
+$cryptkey
+EOF
+
+ if resolved=$(resolve_device "${ckdev}" ${rootdelay}); then
+ case ${ckarg1} in
+ *[!0-9]*)
+ # Use a file on the device
+ # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
+ mkdir /ckey
+ mount -r -t "$ckarg1" "$resolved" /ckey
+ dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1
+ umount /ckey
+ ;;
+ *)
+ # Read raw data from the block device
+ # ckarg1 is numeric: ckarg1=offset, ckarg2=length
+ dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1
+ ;;
+ esac
+ fi
+ [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
+ fi
+
+ if [ -n "${cryptdevice}" ]; then
+ DEPRECATED_CRYPT=0
+ IFS=: read cryptdev cryptname cryptoptions <<EOF
+$cryptdevice
+EOF
+ else
+ DEPRECATED_CRYPT=1
+ cryptdev="${root}"
+ cryptname="root"
+ fi
+
+ warn_deprecated() {
+ echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
+ echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
+ }
+
+ for cryptopt in ${cryptoptions//,/ }; do
+ case ${cryptopt} in
+ allow-discards)
+ echo "Enabling TRIM/discard support."
+ cryptargs="${cryptargs} --allow-discards"
+ ;;
+ *)
+ echo "Encryption option '${cryptopt}' not known, ignoring." >&2
+ ;;
+ esac
+ done
+
+ if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
+ if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then
+ [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
+ dopassphrase=1
+ # If keyfile exists, try to use that
+ if [ -f ${ckeyfile} ]; then
+ if eval cryptsetup --key-file ${ckeyfile} luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then
+ dopassphrase=0
+ else
+ echo "Invalid keyfile. Reverting to passphrase."
+ fi
+ fi
+ # Ask for a passphrase
+ if [ ${dopassphrase} -gt 0 ]; then
+ echo ""
+ echo "A password is required to access the ${cryptname} volume:"
+
+ #loop until we get a real password
+ while ! eval cryptsetup luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
+ sleep 2;
+ done
+ fi
+ if [ -e "/dev/mapper/${cryptname}" ]; then
+ if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
+ export root="/dev/mapper/root"
+ fi
+ else
+ err "Password succeeded, but ${cryptname} creation failed, aborting..."
+ exit 1
+ fi
+ elif [ -n "${crypto}" ]; then
+ [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
+ msg "Non-LUKS encrypted device found..."
+ if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then
+ err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
+ err "Non-LUKS decryption not attempted..."
+ return 1
+ fi
+ exe="cryptsetup create $cryptname $resolved $cryptargs"
+ IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF
+$crypto
+EOF
+ [ -n "$c_hash" ] && exe="$exe --hash '$c_hash'"
+ [ -n "$c_cipher" ] && exe="$exe --cipher '$c_cipher'"
+ [ -n "$c_keysize" ] && exe="$exe --key-size '$c_keysize'"
+ [ -n "$c_offset" ] && exe="$exe --offset '$c_offset'"
+ [ -n "$c_skip" ] && exe="$exe --skip '$c_skip'"
+ if [ -f "$ckeyfile" ]; then
+ exe="$exe --key-file $ckeyfile"
+ else
+ exe="$exe --verify-passphrase"
+ echo ""
+ echo "A password is required to access the ${cryptname} volume:"
+ fi
+ eval "$exe $CSQUIET"
+
+ if [ $? -ne 0 ]; then
+ err "Non-LUKS device decryption failed. verify format: "
+ err " crypto=hash:cipher:keysize:offset:skip"
+ exit 1
+ fi
+ if [ -e "/dev/mapper/${cryptname}" ]; then
+ if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
+ export root="/dev/mapper/root"
+ fi
+ else
+ err "Password succeeded, but ${cryptname} creation failed, aborting..."
+ exit 1
+ fi
+ else
+ err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
+ fi
+ fi
+ rm -f ${ckeyfile}
+}
+
+# vim: set ft=sh ts=4 sw=4 et:
Deleted: core-i686/encrypt_install
===================================================================
--- core-i686/encrypt_install 2012-06-29 11:34:32 UTC (rev 162743)
+++ core-i686/encrypt_install 2012-06-29 11:46:09 UTC (rev 162744)
@@ -1,44 +0,0 @@
-#!/bin/bash
-
-build() {
- local mod
-
- add_module dm-crypt
- if [[ $CRYPTO_MODULES ]]; then
- for mod in $CRYPTO_MODULES; do
- add_module "$mod"
- done
- else
- add_all_modules '/crypto/'
- fi
-
- add_binary "cryptsetup"
- add_binary "dmsetup"
- add_file "/usr/lib/udev/rules.d/10-dm.rules"
- add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
- add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
- add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
-
- add_runscript
-}
-
-help() {
- cat <<HELPEOF
-This hook allows for an encrypted root device. Users should specify the device
-to be unlocked using 'cryptdevice=device:dmname' on the kernel command line,
-where 'device' is the path to the raw device, and 'dmname' is the name given to
-the device after unlocking, and will be available as /dev/mapper/dmname.
-
-For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on
-the kernel cmdline, where 'device' represents the raw block device where the key
-exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is
-the absolute path of the keyfile within the device.
-
-Without specifying a keyfile, you will be prompted for the password at runtime.
-This means you must have a keyboard available to input it, and you may need
-the keymap hook as well to ensure that the keyboard is using the layout you
-expect.
-HELPEOF
-}
-
-# vim: set ft=sh ts=4 sw=4 et:
Copied: cryptsetup/repos/core-i686/encrypt_install (from rev 162743, cryptsetup/repos/testing-i686/encrypt_install)
===================================================================
--- core-i686/encrypt_install (rev 0)
+++ core-i686/encrypt_install 2012-06-29 11:46:09 UTC (rev 162744)
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+build() {
+ local mod
+
+ add_module dm-crypt
+ if [[ $CRYPTO_MODULES ]]; then
+ for mod in $CRYPTO_MODULES; do
+ add_module "$mod"
+ done
+ else
+ add_all_modules '/crypto/'
+ fi
+
+ add_binary "cryptsetup"
+ add_binary "dmsetup"
+ add_file "/usr/lib/udev/rules.d/10-dm.rules"
+ add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
+ add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
+ add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
+
+ add_runscript
+}
+
+help() {
+ cat <<HELPEOF
+This hook allows for an encrypted root device. Users should specify the device
+to be unlocked using 'cryptdevice=device:dmname' on the kernel command line,
+where 'device' is the path to the raw device, and 'dmname' is the name given to
+the device after unlocking, and will be available as /dev/mapper/dmname.
+
+For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on
+the kernel cmdline, where 'device' represents the raw block device where the key
+exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is
+the absolute path of the keyfile within the device.
+
+Without specifying a keyfile, you will be prompted for the password at runtime.
+This means you must have a keyboard available to input it, and you may need
+the keymap hook as well to ensure that the keyboard is using the layout you
+expect.
+HELPEOF
+}
+
+# vim: set ft=sh ts=4 sw=4 et:
Deleted: core-x86_64/PKGBUILD
===================================================================
--- core-x86_64/PKGBUILD 2012-06-29 11:34:32 UTC (rev 162743)
+++ core-x86_64/PKGBUILD 2012-06-29 11:46:09 UTC (rev 162744)
@@ -1,35 +0,0 @@
-# $Id$
-# Maintainer: Thomas Bächler <thomas at archlinux.org>
-pkgname=cryptsetup
-pkgver=1.4.2
-pkgrel=2
-pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt"
-arch=(i686 x86_64)
-license=('GPL')
-url="http://code.google.com/p/cryptsetup/"
-groups=('base')
-depends=('device-mapper>=2.02.85-2' 'libgcrypt' 'popt')
-conflicts=('mkinitcpio<0.7')
-options=('!libtool' '!emptydirs')
-source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2
- http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2.asc
- encrypt_hook
- encrypt_install)
-sha256sums=('1fe80d7b19d24b3f65d2e446decfed859e2c4d17fdf7c19289d82dc7cd60dfe7'
- '4e6dbece8d1baad861479aca70d0cf30887420da9b5eab45d65d064c656893ed'
- 'e0cbcabb81233b4d465833dca0faf1e762dc3cb6611597a25fe24e5d7209f316'
- 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae')
-
-build() {
- cd "${srcdir}"/$pkgname-${pkgver}
- ./configure --prefix=/usr --disable-static
- make
-}
-
-package() {
- cd "${srcdir}"/$pkgname-${pkgver}
- make DESTDIR="${pkgdir}" install
- # install hook
- install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/usr/lib/initcpio/hooks/encrypt
- install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt
-}
Copied: cryptsetup/repos/core-x86_64/PKGBUILD (from rev 162743, cryptsetup/repos/testing-x86_64/PKGBUILD)
===================================================================
--- core-x86_64/PKGBUILD (rev 0)
+++ core-x86_64/PKGBUILD 2012-06-29 11:46:09 UTC (rev 162744)
@@ -0,0 +1,35 @@
+# $Id$
+# Maintainer: Thomas Bächler <thomas at archlinux.org>
+pkgname=cryptsetup
+pkgver=1.4.3
+pkgrel=1
+pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt"
+arch=(i686 x86_64)
+license=('GPL')
+url="http://code.google.com/p/cryptsetup/"
+groups=('base')
+depends=('device-mapper>=2.02.85-2' 'libgcrypt' 'popt' 'util-linux')
+conflicts=('mkinitcpio<0.7')
+options=('!libtool' '!emptydirs')
+source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2
+ http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2.asc
+ encrypt_hook
+ encrypt_install)
+sha256sums=('d5ff2c00f6f791d77fa5636a02ae43ddbb46c6c793bdeafdec5e38fd15f99d0a'
+ 'ad610fe77d78bf7e91b7473f9d9c84de46ed1cc21f006fe3ae4791b0b6f42f3a'
+ 'e0cbcabb81233b4d465833dca0faf1e762dc3cb6611597a25fe24e5d7209f316'
+ 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae')
+
+build() {
+ cd "${srcdir}"/$pkgname-${pkgver}
+ ./configure --prefix=/usr --disable-static
+ make
+}
+
+package() {
+ cd "${srcdir}"/$pkgname-${pkgver}
+ make DESTDIR="${pkgdir}" install
+ # install hook
+ install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/usr/lib/initcpio/hooks/encrypt
+ install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt
+}
Deleted: core-x86_64/encrypt_hook
===================================================================
--- core-x86_64/encrypt_hook 2012-06-29 11:34:32 UTC (rev 162743)
+++ core-x86_64/encrypt_hook 2012-06-29 11:46:09 UTC (rev 162744)
@@ -1,138 +0,0 @@
-#!/usr/bin/ash
-
-run_hook() {
- modprobe -a -q dm-crypt >/dev/null 2>&1
- [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
-
- # Get keyfile if specified
- ckeyfile="/crypto_keyfile.bin"
- if [ -n "$cryptkey" ]; then
- IFS=: read ckdev ckarg1 ckarg2 <<EOF
-$cryptkey
-EOF
-
- if resolved=$(resolve_device "${ckdev}" ${rootdelay}); then
- case ${ckarg1} in
- *[!0-9]*)
- # Use a file on the device
- # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
- mkdir /ckey
- mount -r -t "$ckarg1" "$resolved" /ckey
- dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1
- umount /ckey
- ;;
- *)
- # Read raw data from the block device
- # ckarg1 is numeric: ckarg1=offset, ckarg2=length
- dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1
- ;;
- esac
- fi
- [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
- fi
-
- if [ -n "${cryptdevice}" ]; then
- DEPRECATED_CRYPT=0
- IFS=: read cryptdev cryptname cryptoptions <<EOF
-$cryptdevice
-EOF
- else
- DEPRECATED_CRYPT=1
- cryptdev="${root}"
- cryptname="root"
- fi
-
- warn_deprecated() {
- echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
- echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
- }
-
- for cryptopt in ${cryptoptions//,/ }; do
- case ${cryptopt} in
- allow-discards)
- echo "Enabling TRIM/discard support."
- cryptargs="${cryptargs} --allow-discards"
- ;;
- *)
- echo "Encryption option '${cryptopt}' not known, ignoring." >&2
- ;;
- esac
- done
-
- if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
- if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then
- [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
- dopassphrase=1
- # If keyfile exists, try to use that
- if [ -f ${ckeyfile} ]; then
- if eval cryptsetup --key-file ${ckeyfile} luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then
- dopassphrase=0
- else
- echo "Invalid keyfile. Reverting to passphrase."
- fi
- fi
- # Ask for a passphrase
- if [ ${dopassphrase} -gt 0 ]; then
- echo ""
- echo "A password is required to access the ${cryptname} volume:"
-
- #loop until we get a real password
- while ! eval cryptsetup luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
- sleep 2;
- done
- fi
- if [ -e "/dev/mapper/${cryptname}" ]; then
- if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
- export root="/dev/mapper/root"
- fi
- else
- err "Password succeeded, but ${cryptname} creation failed, aborting..."
- exit 1
- fi
- elif [ -n "${crypto}" ]; then
- [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
- msg "Non-LUKS encrypted device found..."
- if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then
- err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
- err "Non-LUKS decryption not attempted..."
- return 1
- fi
- exe="cryptsetup create $cryptname $resolved $cryptargs"
- IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF
-$crypto
-EOF
- [ -n "$c_hash" ] && exe="$exe --hash '$c_hash'"
- [ -n "$c_cipher" ] && exe="$exe --cipher '$c_cipher'"
- [ -n "$c_keysize" ] && exe="$exe --key-size '$c_keysize'"
- [ -n "$c_offset" ] && exe="$exe --offset '$c_offset'"
- [ -n "$c_skip" ] && exe="$exe --skip '$c_skip'"
- if [ -f "$ckeyfile" ]; then
- exe="$exe --key-file $ckeyfile"
- else
- exe="$exe --verify-passphrase"
- echo ""
- echo "A password is required to access the ${cryptname} volume:"
- fi
- eval "$exe $CSQUIET"
-
- if [ $? -ne 0 ]; then
- err "Non-LUKS device decryption failed. verify format: "
- err " crypto=hash:cipher:keysize:offset:skip"
- exit 1
- fi
- if [ -e "/dev/mapper/${cryptname}" ]; then
- if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
- export root="/dev/mapper/root"
- fi
- else
- err "Password succeeded, but ${cryptname} creation failed, aborting..."
- exit 1
- fi
- else
- err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
- fi
- fi
- rm -f ${ckeyfile}
-}
-
-# vim: set ft=sh ts=4 sw=4 et:
Copied: cryptsetup/repos/core-x86_64/encrypt_hook (from rev 162743, cryptsetup/repos/testing-x86_64/encrypt_hook)
===================================================================
--- core-x86_64/encrypt_hook (rev 0)
+++ core-x86_64/encrypt_hook 2012-06-29 11:46:09 UTC (rev 162744)
@@ -0,0 +1,138 @@
+#!/usr/bin/ash
+
+run_hook() {
+ modprobe -a -q dm-crypt >/dev/null 2>&1
+ [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
+
+ # Get keyfile if specified
+ ckeyfile="/crypto_keyfile.bin"
+ if [ -n "$cryptkey" ]; then
+ IFS=: read ckdev ckarg1 ckarg2 <<EOF
+$cryptkey
+EOF
+
+ if resolved=$(resolve_device "${ckdev}" ${rootdelay}); then
+ case ${ckarg1} in
+ *[!0-9]*)
+ # Use a file on the device
+ # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
+ mkdir /ckey
+ mount -r -t "$ckarg1" "$resolved" /ckey
+ dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1
+ umount /ckey
+ ;;
+ *)
+ # Read raw data from the block device
+ # ckarg1 is numeric: ckarg1=offset, ckarg2=length
+ dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1
+ ;;
+ esac
+ fi
+ [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
+ fi
+
+ if [ -n "${cryptdevice}" ]; then
+ DEPRECATED_CRYPT=0
+ IFS=: read cryptdev cryptname cryptoptions <<EOF
+$cryptdevice
+EOF
+ else
+ DEPRECATED_CRYPT=1
+ cryptdev="${root}"
+ cryptname="root"
+ fi
+
+ warn_deprecated() {
+ echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
+ echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
+ }
+
+ for cryptopt in ${cryptoptions//,/ }; do
+ case ${cryptopt} in
+ allow-discards)
+ echo "Enabling TRIM/discard support."
+ cryptargs="${cryptargs} --allow-discards"
+ ;;
+ *)
+ echo "Encryption option '${cryptopt}' not known, ignoring." >&2
+ ;;
+ esac
+ done
+
+ if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
+ if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then
+ [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
+ dopassphrase=1
+ # If keyfile exists, try to use that
+ if [ -f ${ckeyfile} ]; then
+ if eval cryptsetup --key-file ${ckeyfile} luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then
+ dopassphrase=0
+ else
+ echo "Invalid keyfile. Reverting to passphrase."
+ fi
+ fi
+ # Ask for a passphrase
+ if [ ${dopassphrase} -gt 0 ]; then
+ echo ""
+ echo "A password is required to access the ${cryptname} volume:"
+
+ #loop until we get a real password
+ while ! eval cryptsetup luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
+ sleep 2;
+ done
+ fi
+ if [ -e "/dev/mapper/${cryptname}" ]; then
+ if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
+ export root="/dev/mapper/root"
+ fi
+ else
+ err "Password succeeded, but ${cryptname} creation failed, aborting..."
+ exit 1
+ fi
+ elif [ -n "${crypto}" ]; then
+ [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
+ msg "Non-LUKS encrypted device found..."
+ if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then
+ err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
+ err "Non-LUKS decryption not attempted..."
+ return 1
+ fi
+ exe="cryptsetup create $cryptname $resolved $cryptargs"
+ IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF
+$crypto
+EOF
+ [ -n "$c_hash" ] && exe="$exe --hash '$c_hash'"
+ [ -n "$c_cipher" ] && exe="$exe --cipher '$c_cipher'"
+ [ -n "$c_keysize" ] && exe="$exe --key-size '$c_keysize'"
+ [ -n "$c_offset" ] && exe="$exe --offset '$c_offset'"
+ [ -n "$c_skip" ] && exe="$exe --skip '$c_skip'"
+ if [ -f "$ckeyfile" ]; then
+ exe="$exe --key-file $ckeyfile"
+ else
+ exe="$exe --verify-passphrase"
+ echo ""
+ echo "A password is required to access the ${cryptname} volume:"
+ fi
+ eval "$exe $CSQUIET"
+
+ if [ $? -ne 0 ]; then
+ err "Non-LUKS device decryption failed. verify format: "
+ err " crypto=hash:cipher:keysize:offset:skip"
+ exit 1
+ fi
+ if [ -e "/dev/mapper/${cryptname}" ]; then
+ if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
+ export root="/dev/mapper/root"
+ fi
+ else
+ err "Password succeeded, but ${cryptname} creation failed, aborting..."
+ exit 1
+ fi
+ else
+ err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
+ fi
+ fi
+ rm -f ${ckeyfile}
+}
+
+# vim: set ft=sh ts=4 sw=4 et:
Deleted: core-x86_64/encrypt_install
===================================================================
--- core-x86_64/encrypt_install 2012-06-29 11:34:32 UTC (rev 162743)
+++ core-x86_64/encrypt_install 2012-06-29 11:46:09 UTC (rev 162744)
@@ -1,44 +0,0 @@
-#!/bin/bash
-
-build() {
- local mod
-
- add_module dm-crypt
- if [[ $CRYPTO_MODULES ]]; then
- for mod in $CRYPTO_MODULES; do
- add_module "$mod"
- done
- else
- add_all_modules '/crypto/'
- fi
-
- add_binary "cryptsetup"
- add_binary "dmsetup"
- add_file "/usr/lib/udev/rules.d/10-dm.rules"
- add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
- add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
- add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
-
- add_runscript
-}
-
-help() {
- cat <<HELPEOF
-This hook allows for an encrypted root device. Users should specify the device
-to be unlocked using 'cryptdevice=device:dmname' on the kernel command line,
-where 'device' is the path to the raw device, and 'dmname' is the name given to
-the device after unlocking, and will be available as /dev/mapper/dmname.
-
-For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on
-the kernel cmdline, where 'device' represents the raw block device where the key
-exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is
-the absolute path of the keyfile within the device.
-
-Without specifying a keyfile, you will be prompted for the password at runtime.
-This means you must have a keyboard available to input it, and you may need
-the keymap hook as well to ensure that the keyboard is using the layout you
-expect.
-HELPEOF
-}
-
-# vim: set ft=sh ts=4 sw=4 et:
Copied: cryptsetup/repos/core-x86_64/encrypt_install (from rev 162743, cryptsetup/repos/testing-x86_64/encrypt_install)
===================================================================
--- core-x86_64/encrypt_install (rev 0)
+++ core-x86_64/encrypt_install 2012-06-29 11:46:09 UTC (rev 162744)
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+build() {
+ local mod
+
+ add_module dm-crypt
+ if [[ $CRYPTO_MODULES ]]; then
+ for mod in $CRYPTO_MODULES; do
+ add_module "$mod"
+ done
+ else
+ add_all_modules '/crypto/'
+ fi
+
+ add_binary "cryptsetup"
+ add_binary "dmsetup"
+ add_file "/usr/lib/udev/rules.d/10-dm.rules"
+ add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
+ add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
+ add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
+
+ add_runscript
+}
+
+help() {
+ cat <<HELPEOF
+This hook allows for an encrypted root device. Users should specify the device
+to be unlocked using 'cryptdevice=device:dmname' on the kernel command line,
+where 'device' is the path to the raw device, and 'dmname' is the name given to
+the device after unlocking, and will be available as /dev/mapper/dmname.
+
+For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on
+the kernel cmdline, where 'device' represents the raw block device where the key
+exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is
+the absolute path of the keyfile within the device.
+
+Without specifying a keyfile, you will be prompted for the password at runtime.
+This means you must have a keyboard available to input it, and you may need
+the keymap hook as well to ensure that the keyboard is using the layout you
+expect.
+HELPEOF
+}
+
+# vim: set ft=sh ts=4 sw=4 et:
More information about the arch-commits
mailing list