[arch-commits] Commit in cryptsetup/trunk (PKGBUILD encrypt_hook encrypt_install)
Dave Reisner
dreisner at archlinux.org
Fri May 25 23:48:44 UTC 2012
Date: Friday, May 25, 2012 @ 19:48:44
Author: dreisner
Revision: 159619
upgpkg: cryptsetup 1.4.2-1
- update install hook for mkinitcpio 0.9.0 (FS#29992)
- add support for UUID cryptkey and cryptdevice (FS#24700)
Modified:
cryptsetup/trunk/PKGBUILD
cryptsetup/trunk/encrypt_hook
cryptsetup/trunk/encrypt_install
-----------------+
PKGBUILD | 4 ++--
encrypt_hook | 17 +++++++++--------
encrypt_install | 17 +++++++++++------
3 files changed, 22 insertions(+), 16 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2012-05-25 23:31:16 UTC (rev 159618)
+++ PKGBUILD 2012-05-25 23:48:44 UTC (rev 159619)
@@ -17,8 +17,8 @@
encrypt_install)
sha256sums=('1fe80d7b19d24b3f65d2e446decfed859e2c4d17fdf7c19289d82dc7cd60dfe7'
'4e6dbece8d1baad861479aca70d0cf30887420da9b5eab45d65d064c656893ed'
- 'e4c00e2da274bf4cab3f72a0de779790a11a946d36b83144e74d3791e230b262'
- 'cba1dc38ff6cc4d3740d0badfb2b151bb03d19e8e9fa497569ac2fb6f4196e0e')
+ 'e0cbcabb81233b4d465833dca0faf1e762dc3cb6611597a25fe24e5d7209f316'
+ 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae')
build() {
cd "${srcdir}"/$pkgname-${pkgver}
Modified: encrypt_hook
===================================================================
--- encrypt_hook 2012-05-25 23:31:16 UTC (rev 159618)
+++ encrypt_hook 2012-05-25 23:48:44 UTC (rev 159619)
@@ -10,20 +10,21 @@
IFS=: read ckdev ckarg1 ckarg2 <<EOF
$cryptkey
EOF
- if poll_device "${ckdev}" ${rootdelay}; then
+
+ if resolved=$(resolve_device "${ckdev}" ${rootdelay}); then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
# ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
mkdir /ckey
- mount -r -t "$ckarg1" "$ckdev" /ckey
+ mount -r -t "$ckarg1" "$resolved" /ckey
dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1
umount /ckey
;;
*)
# Read raw data from the block device
# ckarg1 is numeric: ckarg1=offset, ckarg2=length
- dd if="$ckdev" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1
+ dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1
;;
esac
fi
@@ -58,13 +59,13 @@
esac
done
- if poll_device "${cryptdev}" ${rootdelay}; then
- if cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
+ if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
+ if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
- if eval cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; then
+ if eval cryptsetup --key-file ${ckeyfile} luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
@@ -76,7 +77,7 @@
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
- while ! eval cryptsetup luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; do
+ while ! eval cryptsetup luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
sleep 2;
done
fi
@@ -96,7 +97,7 @@
err "Non-LUKS decryption not attempted..."
return 1
fi
- exe="cryptsetup create $cryptname $cryptdev $cryptargs"
+ exe="cryptsetup create $cryptname $resolved $cryptargs"
IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF
$crypto
EOF
Modified: encrypt_install
===================================================================
--- encrypt_install 2012-05-25 23:31:16 UTC (rev 159618)
+++ encrypt_install 2012-05-25 23:48:44 UTC (rev 159619)
@@ -1,13 +1,16 @@
#!/bin/bash
build() {
- if [ -z "${CRYPTO_MODULES}" ]; then
- MODULES=" dm-crypt $(all_modules "/crypto/")"
+ local mod
+
+ add_module dm-crypt
+ if [[ $CRYPTO_MODULES ]]; then
+ for mod in $CRYPTO_MODULES; do
+ add_module "$mod"
+ done
else
- MODULES=" dm-crypt $CRYPTO_MODULES"
+ add_all_modules '/crypto/'
fi
- FILES=""
- SCRIPT="encrypt"
add_binary "cryptsetup"
add_binary "dmsetup"
@@ -15,10 +18,12 @@
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
+
+ add_runscript
}
help() {
- cat <<HELPEOF
+ cat <<HELPEOF
This hook allows for an encrypted root device. Users should specify the device
to be unlocked using 'cryptdevice=device:dmname' on the kernel command line,
where 'device' is the path to the raw device, and 'dmname' is the name given to
More information about the arch-commits
mailing list