[arch-commits] Commit in volume_key/trunk (2 files)
Christian Hesse
eworm at archlinux.org
Mon Dec 11 09:21:55 UTC 2017
Date: Monday, December 11, 2017 @ 09:21:54
Author: eworm
Revision: 312171
upgpkg: volume_key 0.3.9-5
rebuild against cryptsetup 2.0.0
Added:
volume_key/trunk/0001-Stop-using-crypt_get_error.patch
Modified:
volume_key/trunk/PKGBUILD
---------------------------------------+
0001-Stop-using-crypt_get_error.patch | 332 ++++++++++++++++++++++++++++++++
PKGBUILD | 12 -
2 files changed, 341 insertions(+), 3 deletions(-)
Added: 0001-Stop-using-crypt_get_error.patch
===================================================================
--- 0001-Stop-using-crypt_get_error.patch (rev 0)
+++ 0001-Stop-using-crypt_get_error.patch 2017-12-11 09:21:54 UTC (rev 312171)
@@ -0,0 +1,332 @@
+From ecef526a51c5a276681472fd6df239570c9ce518 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr at redhat.com>
+Date: Tue, 7 Nov 2017 16:54:26 +0100
+Subject: [PATCH 1/1] Stop using crypt_get_error
+
+Instead of crypt_get_error, which has been removed in cryptsetup 2.0,
+set up a log callback, which is available in both older and newer
+versions.
+
+Fixes #13.
+
+Signed-off-by: Christian Hesse <mail at eworm.de>
+---
+ lib/volume_luks.c | 90 ++++++++++++++++++++++++++++++++++++++-----------------
+ 1 file changed, 63 insertions(+), 27 deletions(-)
+
+diff --git a/lib/volume_luks.c b/lib/volume_luks.c
+index 14794d7..f4bf2c8 100644
+--- a/lib/volume_luks.c
++++ b/lib/volume_luks.c
+@@ -61,17 +61,13 @@ my_strerror (int err_no)
+ }
+
+ /* Set ERROR based on libcryptsetup error state after returning RES.
+- Use CODE. */
++ Use CODE and LAST_LOG_ENTRY. */
+ static void
+-error_from_cryptsetup (GError **error, LIBVKError code, int res)
++error_from_cryptsetup (GError **error, LIBVKError code, int res,
++ char *last_log_entry)
+ {
+- /* It's not possible to get the error message length from libcryptsetup, just
+- guess. */
+- char crypt_msg[4096];
+-
+- crypt_get_error (crypt_msg, sizeof (crypt_msg));
+- if (crypt_msg[0] != '\0')
+- g_set_error (error, LIBVK_ERROR, code, "%s", crypt_msg);
++ if (last_log_entry != NULL && last_log_entry[0] != '\0')
++ g_set_error (error, LIBVK_ERROR, code, "%s", last_log_entry);
+ else
+ {
+ char *s;
+@@ -82,17 +78,33 @@ error_from_cryptsetup (GError **error, LIBVKError code, int res)
+ }
+ }
+
++static void
++record_cryptsetup_log_entry (int level, const char *msg, void *usrptr)
++{
++ char **last_log_entry = usrptr;
++
++ if (level == CRYPT_LOG_ERROR)
++ {
++ g_free (*last_log_entry);
++ *last_log_entry = g_strdup (msg);
++ }
++}
++
+ /* Open volume PATH and load its header.
++ Set up *LAST_LOG_ENTRY to be updated to the last logged message for the
++ device. The caller must g_free(*LAST_LOG_ENTRY) after closing the device.
+ Return the volume, or NULL on error. */
+ static struct crypt_device *
+-open_crypt_device (const char *path, GError **error)
++open_crypt_device (const char *path, char **last_log_entry, GError **error)
+ {
+ struct crypt_device *cd;
+ int r;
+
++ *last_log_entry = NULL;
+ r = crypt_init (&cd, path);
+ if (r < 0)
+ goto err;
++ crypt_set_log_callback(cd, record_cryptsetup_log_entry, last_log_entry);
+ r = crypt_load (cd, CRYPT_LUKS1, NULL);
+ if (r < 0)
+ goto err_cd;
+@@ -101,9 +113,12 @@ open_crypt_device (const char *path, GError **error)
+ err_cd:
+ crypt_free (cd);
+ err:
+- error_from_cryptsetup (error, LIBVK_ERROR_VOLUME_UNKNOWN_FORMAT, r);
++ error_from_cryptsetup (error, LIBVK_ERROR_VOLUME_UNKNOWN_FORMAT, r,
++ *last_log_entry);
+ g_prefix_error (error, _("Error getting information about volume `%s': "),
+ path);
++ g_free (*last_log_entry);
++ *last_log_entry = NULL;
+ return NULL;
+ }
+
+@@ -173,10 +188,11 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error)
+ {
+ struct luks_volume *luks;
+ struct crypt_device *cd;
++ char *last_log_entry;
+ const char *uuid;
+
+ (void)vol;
+- cd = open_crypt_device (path, error);
++ cd = open_crypt_device (path, &last_log_entry, error);
+ if (cd == NULL)
+ return NULL;
+ /* A bit of paranoia */
+@@ -187,6 +203,7 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error)
+ _("UUID mismatch between libblkid and libcryptsetup: `%s' "
+ "vs. `%s'"), vol->uuid, uuid);
+ crypt_free (cd);
++ g_free (last_log_entry);
+ return NULL;
+ }
+
+@@ -195,6 +212,7 @@ luks_volume_open (struct libvk_volume *vol, const char *path, GError **error)
+ luks->cipher_mode = g_strdup (crypt_get_cipher_mode (cd));
+ luks->key_bytes = crypt_get_volume_key_size (cd);
+ crypt_free (cd);
++ g_free (last_log_entry);
+
+ luks->key = NULL;
+ luks->passphrase = NULL;
+@@ -256,7 +274,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+ const struct libvk_ui *ui, GError **error)
+ {
+ struct crypt_device *cd;
+- char *passphrase;
++ char *last_log_entry, *passphrase;
+ void *key;
+ size_t key_length;
+ int slot;
+@@ -276,7 +294,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+ _("Encryption information type unsupported in LUKS"));
+ goto err;
+ }
+- cd = open_crypt_device (vol->path, error);
++ cd = open_crypt_device (vol->path, &last_log_entry, error);
+ if (cd == NULL)
+ goto err;
+ key_length = crypt_get_volume_key_size (cd);
+@@ -303,7 +321,7 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+ g_free_passphrase (passphrase);
+ if (r != -EPERM)
+ {
+- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r);
++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry);
+ g_prefix_error (error, _("Error getting LUKS data encryption key: "));
+ goto err_prompt;
+ }
+@@ -322,12 +340,14 @@ luks_get_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+ vol->v.luks->passphrase_slot = slot;
+ g_free (prompt);
+ crypt_free (cd);
++ g_free (last_log_entry);
+ return 0;
+
+ err_prompt:
+ g_free (prompt);
+ g_free_key (key, key_length);
+ crypt_free (cd);
++ g_free (last_log_entry);
+ err:
+ return -1;
+ }
+@@ -383,11 +403,12 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet,
+ if (packet->v.luks->key != NULL)
+ {
+ struct crypt_device *cd;
++ char *last_log_entry;
+ int r;
+
+ g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes,
+ -1);
+- cd = open_crypt_device (vol->path, error);
++ cd = open_crypt_device (vol->path, &last_log_entry, error);
+ if (cd == NULL)
+ return -1;
+ r = crypt_volume_key_verify (cd, packet->v.luks->key,
+@@ -395,21 +416,25 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet,
+ crypt_free (cd);
+ if (r < 0)
+ {
+- error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r);
++ error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r,
++ last_log_entry);
+ g_prefix_error (error, _("LUKS data encryption key in packet is "
+ "invalid: "));
++ g_free (last_log_entry);
+ return -1;
+ }
++ g_free (last_log_entry);
+ luks_replace_key (vol, packet->v.luks->key);
+ }
+ if (packet->v.luks->passphrase != NULL)
+ {
+ struct crypt_device *cd;
++ char *last_log_entry;
+ void *key;
+ size_t key_size;
+ int r;
+
+- cd = open_crypt_device (vol->path, error);
++ cd = open_crypt_device (vol->path, &last_log_entry, error);
+ if (cd == NULL)
+ return -1;
+ key_size = crypt_get_volume_key_size (cd);
+@@ -420,10 +445,13 @@ luks_load_packet (struct libvk_volume *vol, const struct libvk_volume *packet,
+ crypt_free (cd);
+ if (r < 0)
+ {
+- error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r);
++ error_from_cryptsetup (error, LIBVK_ERROR_PACKET_VOLUME_MISMATCH, r,
++ last_log_entry);
+ g_prefix_error (error, _("LUKS passphrase in packet is invalid: "));
++ g_free (last_log_entry);
+ return -1;
+ }
++ g_free (last_log_entry);
+ luks_replace_passphrase (vol, packet->v.luks->passphrase);
+ vol->v.luks->passphrase_slot = r;
+ if (packet->v.luks->key == NULL)
+@@ -446,7 +474,7 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
+ GError **error)
+ {
+ struct crypt_device *cd;
+- char *prompt, *prompt2, *error_prompt, *passphrase;
++ char *last_log_entry, *prompt, *prompt2, *error_prompt, *passphrase;
+ unsigned failed;
+ int res;
+
+@@ -498,7 +526,7 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
+ goto err_prompts;
+
+ got_passphrase:
+- cd = open_crypt_device (vol->path, error);
++ cd = open_crypt_device (vol->path, &last_log_entry, error);
+ if (cd == NULL)
+ goto err_passphrase;
+ res = crypt_keyslot_add_by_volume_key (cd, CRYPT_ANY_SLOT,
+@@ -508,10 +536,12 @@ luks_apply_secret (struct libvk_volume *vol, const struct libvk_volume *packet,
+ crypt_free (cd);
+ if (res < 0)
+ {
+- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res);
++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res, last_log_entry);
+ g_prefix_error (error, _("Error adding a LUKS passphrase"));
++ g_free (last_log_entry);
+ goto err_passphrase;
+ }
++ g_free (last_log_entry);
+
+ g_return_val_if_fail (vol->v.luks->key_bytes == packet->v.luks->key_bytes,
+ -1);
+@@ -542,6 +572,7 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+ const void *secret, size_t size, GError **error)
+ {
+ struct crypt_device *cd;
++ char *last_log_entry;
+ int res;
+
+ if (secret_type != LIBVK_SECRET_PASSPHRASE)
+@@ -562,7 +593,7 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+ _("The passphrase must be a string"));
+ return -1;
+ }
+- cd = open_crypt_device (vol->path, error);
++ cd = open_crypt_device (vol->path, &last_log_entry, error);
+ if (cd == NULL)
+ return -1;
+ res = crypt_keyslot_add_by_volume_key (cd, CRYPT_ANY_SLOT, vol->v.luks->key,
+@@ -570,10 +601,12 @@ luks_add_secret (struct libvk_volume *vol, enum libvk_secret secret_type,
+ crypt_free (cd);
+ if (res < 0)
+ {
+- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res);
++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, res, last_log_entry);
+ g_prefix_error (error, _("Error adding a LUKS passphrase"));
++ g_free (last_log_entry);
+ return -1;
+ }
++ g_free (last_log_entry);
+
+ luks_replace_passphrase (vol, secret);
+ vol->v.luks->passphrase_slot = res;
+@@ -823,12 +856,13 @@ luks_open_with_packet (struct libvk_volume *vol,
+ GError **error)
+ {
+ struct crypt_device *cd;
++ char *last_log_entry;
+ void *to_free;
+ const void *key;
+ int r;
+ size_t key_size;
+
+- cd = open_crypt_device (vol->path, error);
++ cd = open_crypt_device (vol->path, &last_log_entry, error);
+ if (cd == NULL)
+ goto err;
+ if (packet->v.luks->key != NULL)
+@@ -846,7 +880,7 @@ luks_open_with_packet (struct libvk_volume *vol,
+ strlen (packet->v.luks->passphrase));
+ if (r < 0)
+ {
+- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r);
++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry);
+ g_prefix_error (error, _("Error getting LUKS data encryption key: "));
+ goto err_to_free;
+ }
+@@ -862,7 +896,7 @@ luks_open_with_packet (struct libvk_volume *vol,
+ r = crypt_activate_by_volume_key (cd, name, key, key_size, 0);
+ if (r < 0)
+ {
+- error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r);
++ error_from_cryptsetup (error, LIBVK_ERROR_FAILED, r, last_log_entry);
+ g_prefix_error (error, _("Error opening LUKS volume: "));
+ goto err_to_free;
+ }
+@@ -870,6 +904,7 @@ luks_open_with_packet (struct libvk_volume *vol,
+ if (to_free != NULL)
+ g_free_key (to_free, key_size);
+ crypt_free (cd);
++ g_free (last_log_entry);
+ return 0;
+
+ err_to_free:
+@@ -877,6 +912,7 @@ luks_open_with_packet (struct libvk_volume *vol,
+ g_free_key (to_free, key_size);
+ err_cd:
+ crypt_free (cd);
++ g_free (last_log_entry);
+ err:
+ return -1;
+ }
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-12-11 09:10:11 UTC (rev 312170)
+++ PKGBUILD 2017-12-11 09:21:54 UTC (rev 312171)
@@ -3,7 +3,7 @@
pkgname=volume_key
pkgver=0.3.9
-pkgrel=4
+pkgrel=5
pkgdesc="A library for manipulating storage volume encryption keys and storing them separately from volumes to handle forgotten passphrases"
arch=('x86_64')
url="https://pagure.io/volume_key"
@@ -10,11 +10,17 @@
license=('GPL')
depends=('cryptsetup' 'nss' 'gpgme' 'python2')
makedepends=('swig')
-source=("https://github.com/felixonmars/volume_key/archive/volume_key-$pkgver.tar.gz")
-sha512sums=('f013cecee09429a1bcabcce0ec1e9c531fa396a1233f90f1f09272dd8a2e3a0e013eb2f3fb5c215abb15225445feb05cee175a06f06ae5e0220cc953ab80a027')
+source=("https://github.com/felixonmars/volume_key/archive/volume_key-$pkgver.tar.gz"
+ '0001-Stop-using-crypt_get_error.patch')
+sha512sums=('f013cecee09429a1bcabcce0ec1e9c531fa396a1233f90f1f09272dd8a2e3a0e013eb2f3fb5c215abb15225445feb05cee175a06f06ae5e0220cc953ab80a027'
+ 'a24939f1c208fe8b1b3e3ffc2b867b6a2ea9687a5a0daec808d191fc5366d3b5fadc8db2079bb3925df96a1d8c81cfae58db2725eb8f96a0350323020663c9fc')
prepare() {
cd "$srcdir"/volume_key-volume_key-$pkgver
+
+ # Stop using crypt_get_error
+ patch -Np1 < "${srcdir}/0001-Stop-using-crypt_get_error.patch"
+
autoreconf -i
find . -name ".pyc" -delete
More information about the arch-commits
mailing list