diff options
-rw-r--r-- | abs/core/cryptsetup/PKGBUILD | 28 | ||||
-rw-r--r-- | abs/core/cryptsetup/encrypt_hook | 11 | ||||
-rw-r--r-- | abs/core/cryptsetup/sd-encrypt | 42 |
3 files changed, 65 insertions, 16 deletions
diff --git a/abs/core/cryptsetup/PKGBUILD b/abs/core/cryptsetup/PKGBUILD index 4ec9997..8ea5bfa 100644 --- a/abs/core/cryptsetup/PKGBUILD +++ b/abs/core/cryptsetup/PKGBUILD @@ -1,28 +1,24 @@ -# $Id: PKGBUILD 162744 2012-06-29 11:46:09Z thomas $ +# $Id: PKGBUILD 202619 2013-12-22 13:44:39Z thomas $ # Maintainer: Thomas Bächler <thomas@archlinux.org> pkgname=cryptsetup -pkgver=1.4.3 +pkgver=1.6.3 pkgrel=1 pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt" arch=(i686 x86_64) license=('GPL') url="http://code.google.com/p/cryptsetup/" groups=('base') -depends=('device-mapper>=2.02.85-2' 'libgcrypt' 'popt' 'util-linux') -conflicts=('mkinitcpio<0.7') -options=('!libtool' '!emptydirs') +depends=('device-mapper' 'libgcrypt' 'popt' 'util-linux') +options=('!emptydirs') source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2 http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2.asc encrypt_hook - encrypt_install) -sha256sums=('d5ff2c00f6f791d77fa5636a02ae43ddbb46c6c793bdeafdec5e38fd15f99d0a' - 'ad610fe77d78bf7e91b7473f9d9c84de46ed1cc21f006fe3ae4791b0b6f42f3a' - 'e0cbcabb81233b4d465833dca0faf1e762dc3cb6611597a25fe24e5d7209f316' - 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae') + encrypt_install + sd-encrypt) build() { cd "${srcdir}"/$pkgname-${pkgver} - ./configure --prefix=/usr --disable-static + ./configure --prefix=/usr --disable-static --enable-cryptsetup-reencrypt make } @@ -32,4 +28,14 @@ package() { # install hook install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/usr/lib/initcpio/hooks/encrypt install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt + install -D -m644 "${srcdir}"/sd-encrypt "${pkgdir}"/usr/lib/initcpio/install/sd-encrypt + + # usrmove + cd "$pkgdir"/usr + mv sbin bin } +md5sums=('a7aeb549a543eeac433eadfb6bc67837' + 'SKIP' + 'c279d86d6dc18322c054d2272ebb9e90' + '21c45f9cab3e0b5165f68358884fbd0f' + '6cf7e170ecd13e42fe829209628fdb4d') diff --git a/abs/core/cryptsetup/encrypt_hook b/abs/core/cryptsetup/encrypt_hook index 372b7ba..819c4cf 100644 --- a/abs/core/cryptsetup/encrypt_hook +++ b/abs/core/cryptsetup/encrypt_hook @@ -11,7 +11,9 @@ run_hook() { $cryptkey EOF - if resolved=$(resolve_device "${ckdev}" ${rootdelay}); then + if [ "$ckdev" = "rootfs" ]; then + ckeyfile=$ckarg1 + elif resolved=$(resolve_device "${ckdev}" ${rootdelay}); then case ${ckarg1} in *[!0-9]*) # Use a file on the device @@ -50,7 +52,6 @@ EOF for cryptopt in ${cryptoptions//,/ }; do case ${cryptopt} in allow-discards) - echo "Enabling TRIM/discard support." cryptargs="${cryptargs} --allow-discards" ;; *) @@ -65,7 +66,7 @@ EOF dopassphrase=1 # If keyfile exists, try to use that if [ -f ${ckeyfile} ]; then - if eval cryptsetup --key-file ${ckeyfile} luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then + if eval cryptsetup --key-file ${ckeyfile} open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then dopassphrase=0 else echo "Invalid keyfile. Reverting to passphrase." @@ -77,7 +78,7 @@ EOF echo "A password is required to access the ${cryptname} volume:" #loop until we get a real password - while ! eval cryptsetup luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do + while ! eval cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do sleep 2; done fi @@ -97,7 +98,7 @@ EOF err "Non-LUKS decryption not attempted..." return 1 fi - exe="cryptsetup create $cryptname $resolved $cryptargs" + exe="cryptsetup open --type plain $resolved $cryptname $cryptargs" IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF $crypto EOF diff --git a/abs/core/cryptsetup/sd-encrypt b/abs/core/cryptsetup/sd-encrypt new file mode 100644 index 0000000..c18fd2f --- /dev/null +++ b/abs/core/cryptsetup/sd-encrypt @@ -0,0 +1,42 @@ +#!/bin/bash + +build() { + local mod + + add_module dm-crypt + if [[ $CRYPTO_MODULES ]]; then + for mod in $CRYPTO_MODULES; do + add_module "$mod" + done + else + add_all_modules '/crypto/' + fi + + add_binary "dmsetup" + add_file "/usr/lib/udev/rules.d/10-dm.rules" + add_file "/usr/lib/udev/rules.d/13-dm-disk.rules" + add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" + add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules" + + add_systemd_unit cryptsetup.target + add_binary /usr/lib/systemd/system-generators/systemd-cryptsetup-generator + add_binary /usr/lib/systemd/systemd-cryptsetup + + add_systemd_unit systemd-ask-password-console.path + add_systemd_unit systemd-ask-password-console.service + + [[ -f /etc/crypttab.initramfs ]] && add_file /etc/crypttab.initramfs /etc/crypttab +} + +help() { + cat <<HELPEOF +This hook allows for an encrypted root device with systemd initramfs. + +See the manpage of systemd-cryptsetup-generator(8) for available kernel +command line options. Alternatively, if the file /etc/crypttab.initramfs +exists, it will be added to the initramfs as /etc/crypttab. See the +crypttab(5) manpage for more information on crypttab syntax. +HELPEOF +} + +# vim: set ft=sh ts=4 sw=4 et: |