[arch-commits] Commit in cryptsetup/trunk (PKGBUILD encrypt_hook encrypt_install)

Dave Reisner dreisner at archlinux.org
Fri May 25 23:48:44 UTC 2012 

    Date: Friday, May 25, 2012 @ 19:48:44
  Author: dreisner
Revision: 159619

upgpkg: cryptsetup 1.4.2-1

- update install hook for mkinitcpio 0.9.0 (FS#29992)
- add support for UUID cryptkey and cryptdevice (FS#24700)

Modified:
  cryptsetup/trunk/PKGBUILD
  cryptsetup/trunk/encrypt_hook
  cryptsetup/trunk/encrypt_install

-----------------+
 PKGBUILD        |    4 ++--
 encrypt_hook    |   17 +++++++++--------
 encrypt_install |   17 +++++++++++------
 3 files changed, 22 insertions(+), 16 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2012-05-25 23:31:16 UTC (rev 159618)
+++ PKGBUILD	2012-05-25 23:48:44 UTC (rev 159619)
@@ -17,8 +17,8 @@
         encrypt_install)
 sha256sums=('1fe80d7b19d24b3f65d2e446decfed859e2c4d17fdf7c19289d82dc7cd60dfe7'
             '4e6dbece8d1baad861479aca70d0cf30887420da9b5eab45d65d064c656893ed'
-            'e4c00e2da274bf4cab3f72a0de779790a11a946d36b83144e74d3791e230b262'
-            'cba1dc38ff6cc4d3740d0badfb2b151bb03d19e8e9fa497569ac2fb6f4196e0e')
+            'e0cbcabb81233b4d465833dca0faf1e762dc3cb6611597a25fe24e5d7209f316'
+            'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae')
 
 build() {
   cd "${srcdir}"/$pkgname-${pkgver}

Modified: encrypt_hook
===================================================================
--- encrypt_hook	2012-05-25 23:31:16 UTC (rev 159618)
+++ encrypt_hook	2012-05-25 23:48:44 UTC (rev 159619)
@@ -10,20 +10,21 @@
         IFS=: read ckdev ckarg1 ckarg2 <<EOF
 $cryptkey
 EOF
-        if poll_device "${ckdev}" ${rootdelay}; then
+
+        if resolved=$(resolve_device "${ckdev}" ${rootdelay}); then
             case ${ckarg1} in
                 *[!0-9]*)
                     # Use a file on the device
                     # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
                     mkdir /ckey
-                    mount -r -t "$ckarg1" "$ckdev" /ckey
+                    mount -r -t "$ckarg1" "$resolved" /ckey
                     dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1
                     umount /ckey
                     ;;
                 *)
                     # Read raw data from the block device
                     # ckarg1 is numeric: ckarg1=offset, ckarg2=length
-                    dd if="$ckdev" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1
+                    dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1
                     ;;
             esac
         fi
@@ -58,13 +59,13 @@
         esac
     done
 
-    if  poll_device "${cryptdev}" ${rootdelay}; then
-        if cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
+    if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
+        if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then
             [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
             dopassphrase=1
             # If keyfile exists, try to use that
             if [ -f ${ckeyfile} ]; then
-                if eval cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; then
+                if eval cryptsetup --key-file ${ckeyfile} luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then
                     dopassphrase=0
                 else
                     echo "Invalid keyfile. Reverting to passphrase."
@@ -76,7 +77,7 @@
                 echo "A password is required to access the ${cryptname} volume:"
 
                 #loop until we get a real password
-                while ! eval cryptsetup luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; do
+                while ! eval cryptsetup luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
                     sleep 2;
                 done
             fi
@@ -96,7 +97,7 @@
                 err "Non-LUKS decryption not attempted..."
                 return 1
             fi
-            exe="cryptsetup create $cryptname $cryptdev $cryptargs"
+            exe="cryptsetup create $cryptname $resolved $cryptargs"
             IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF
 $crypto
 EOF

Modified: encrypt_install
===================================================================
--- encrypt_install	2012-05-25 23:31:16 UTC (rev 159618)
+++ encrypt_install	2012-05-25 23:48:44 UTC (rev 159619)
@@ -1,13 +1,16 @@
 #!/bin/bash
 
 build() {
-    if [ -z "${CRYPTO_MODULES}" ]; then
-        MODULES=" dm-crypt $(all_modules "/crypto/")"
+    local mod
+
+    add_module dm-crypt
+    if [[ $CRYPTO_MODULES ]]; then
+        for mod in $CRYPTO_MODULES; do
+            add_module "$mod"
+        done
     else
-        MODULES=" dm-crypt $CRYPTO_MODULES"
+        add_all_modules '/crypto/'
     fi
-    FILES=""
-    SCRIPT="encrypt"
 
     add_binary "cryptsetup"
     add_binary "dmsetup"
@@ -15,10 +18,12 @@
     add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
     add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
     add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
+
+    add_runscript
 }
 
 help() {
-  cat <<HELPEOF
+    cat <<HELPEOF
 This hook allows for an encrypted root device. Users should specify the device
 to be unlocked using 'cryptdevice=device:dmname' on the kernel command line,
 where 'device' is the path to the raw device, and 'dmname' is the name given to

More information about the arch-commits mailing list