summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--abs/core/cryptsetup/PKGBUILD28
-rw-r--r--abs/core/cryptsetup/encrypt_hook11
-rw-r--r--abs/core/cryptsetup/sd-encrypt42
3 files changed, 65 insertions, 16 deletions
diff --git a/abs/core/cryptsetup/PKGBUILD b/abs/core/cryptsetup/PKGBUILD
index 4ec9997..8ea5bfa 100644
--- a/abs/core/cryptsetup/PKGBUILD
+++ b/abs/core/cryptsetup/PKGBUILD
@@ -1,28 +1,24 @@
-# $Id: PKGBUILD 162744 2012-06-29 11:46:09Z thomas $
+# $Id: PKGBUILD 202619 2013-12-22 13:44:39Z thomas $
# Maintainer: Thomas Bächler <thomas@archlinux.org>
pkgname=cryptsetup
-pkgver=1.4.3
+pkgver=1.6.3
pkgrel=1
pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt"
arch=(i686 x86_64)
license=('GPL')
url="http://code.google.com/p/cryptsetup/"
groups=('base')
-depends=('device-mapper>=2.02.85-2' 'libgcrypt' 'popt' 'util-linux')
-conflicts=('mkinitcpio<0.7')
-options=('!libtool' '!emptydirs')
+depends=('device-mapper' 'libgcrypt' 'popt' 'util-linux')
+options=('!emptydirs')
source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2
http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2.asc
encrypt_hook
- encrypt_install)
-sha256sums=('d5ff2c00f6f791d77fa5636a02ae43ddbb46c6c793bdeafdec5e38fd15f99d0a'
- 'ad610fe77d78bf7e91b7473f9d9c84de46ed1cc21f006fe3ae4791b0b6f42f3a'
- 'e0cbcabb81233b4d465833dca0faf1e762dc3cb6611597a25fe24e5d7209f316'
- 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae')
+ encrypt_install
+ sd-encrypt)
build() {
cd "${srcdir}"/$pkgname-${pkgver}
- ./configure --prefix=/usr --disable-static
+ ./configure --prefix=/usr --disable-static --enable-cryptsetup-reencrypt
make
}
@@ -32,4 +28,14 @@ package() {
# install hook
install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/usr/lib/initcpio/hooks/encrypt
install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt
+ install -D -m644 "${srcdir}"/sd-encrypt "${pkgdir}"/usr/lib/initcpio/install/sd-encrypt
+
+ # usrmove
+ cd "$pkgdir"/usr
+ mv sbin bin
}
+md5sums=('a7aeb549a543eeac433eadfb6bc67837'
+ 'SKIP'
+ 'c279d86d6dc18322c054d2272ebb9e90'
+ '21c45f9cab3e0b5165f68358884fbd0f'
+ '6cf7e170ecd13e42fe829209628fdb4d')
diff --git a/abs/core/cryptsetup/encrypt_hook b/abs/core/cryptsetup/encrypt_hook
index 372b7ba..819c4cf 100644
--- a/abs/core/cryptsetup/encrypt_hook
+++ b/abs/core/cryptsetup/encrypt_hook
@@ -11,7 +11,9 @@ run_hook() {
$cryptkey
EOF
- if resolved=$(resolve_device "${ckdev}" ${rootdelay}); then
+ if [ "$ckdev" = "rootfs" ]; then
+ ckeyfile=$ckarg1
+ elif resolved=$(resolve_device "${ckdev}" ${rootdelay}); then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
@@ -50,7 +52,6 @@ EOF
for cryptopt in ${cryptoptions//,/ }; do
case ${cryptopt} in
allow-discards)
- echo "Enabling TRIM/discard support."
cryptargs="${cryptargs} --allow-discards"
;;
*)
@@ -65,7 +66,7 @@ EOF
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
- if eval cryptsetup --key-file ${ckeyfile} luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then
+ if eval cryptsetup --key-file ${ckeyfile} open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
@@ -77,7 +78,7 @@ EOF
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
- while ! eval cryptsetup luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
+ while ! eval cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
sleep 2;
done
fi
@@ -97,7 +98,7 @@ EOF
err "Non-LUKS decryption not attempted..."
return 1
fi
- exe="cryptsetup create $cryptname $resolved $cryptargs"
+ exe="cryptsetup open --type plain $resolved $cryptname $cryptargs"
IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF
$crypto
EOF
diff --git a/abs/core/cryptsetup/sd-encrypt b/abs/core/cryptsetup/sd-encrypt
new file mode 100644
index 0000000..c18fd2f
--- /dev/null
+++ b/abs/core/cryptsetup/sd-encrypt
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+build() {
+ local mod
+
+ add_module dm-crypt
+ if [[ $CRYPTO_MODULES ]]; then
+ for mod in $CRYPTO_MODULES; do
+ add_module "$mod"
+ done
+ else
+ add_all_modules '/crypto/'
+ fi
+
+ add_binary "dmsetup"
+ add_file "/usr/lib/udev/rules.d/10-dm.rules"
+ add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
+ add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
+ add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
+
+ add_systemd_unit cryptsetup.target
+ add_binary /usr/lib/systemd/system-generators/systemd-cryptsetup-generator
+ add_binary /usr/lib/systemd/systemd-cryptsetup
+
+ add_systemd_unit systemd-ask-password-console.path
+ add_systemd_unit systemd-ask-password-console.service
+
+ [[ -f /etc/crypttab.initramfs ]] && add_file /etc/crypttab.initramfs /etc/crypttab
+}
+
+help() {
+ cat <<HELPEOF
+This hook allows for an encrypted root device with systemd initramfs.
+
+See the manpage of systemd-cryptsetup-generator(8) for available kernel
+command line options. Alternatively, if the file /etc/crypttab.initramfs
+exists, it will be added to the initramfs as /etc/crypttab. See the
+crypttab(5) manpage for more information on crypttab syntax.
+HELPEOF
+}
+
+# vim: set ft=sh ts=4 sw=4 et: