summaryrefslogtreecommitdiffstats
path: root/abs/core-testing/cryptsetup
diff options
context:
space:
mode:
Diffstat (limited to 'abs/core-testing/cryptsetup')
-rw-r--r--abs/core-testing/cryptsetup/PKGBUILD39
-rw-r--r--abs/core-testing/cryptsetup/cryptsetup-1.0.5-run_udevsettle.patch29
-rw-r--r--abs/core-testing/cryptsetup/encrypt_hook122
-rw-r--r--abs/core-testing/cryptsetup/encrypt_install22
-rw-r--r--abs/core-testing/cryptsetup/luksOpen-status.patch13
5 files changed, 225 insertions, 0 deletions
diff --git a/abs/core-testing/cryptsetup/PKGBUILD b/abs/core-testing/cryptsetup/PKGBUILD
new file mode 100644
index 0000000..ff5f83f
--- /dev/null
+++ b/abs/core-testing/cryptsetup/PKGBUILD
@@ -0,0 +1,39 @@
+# $Id: PKGBUILD 356 2008-04-18 22:56:27Z aaron $
+# Maintainer: Judd Vinet <jvinet@zeroflux.org>
+pkgname=cryptsetup
+pkgver=1.0.6
+pkgrel=10
+pkgdesc="Userspace setup tool for transparent encryption of block devices using the Linux 2.6 cryptoapi"
+arch=(i686 x86_64)
+license=('GPL')
+url="http://luks.endorphin.org/dm-crypt"
+groups=('base')
+depends=('device-mapper' 'libgcrypt' 'popt' 'e2fsprogs')
+options=('!libtool' '!emptydirs')
+source=(http://luks.endorphin.org/source/cryptsetup-$pkgver.tar.bz2
+ encrypt_hook
+ encrypt_install
+ luksOpen-status.patch)
+md5sums=('00d452eb7a76e39f5749545d48934a10'
+ '40fee2419cd444cfb283c311f9555d2d'
+ '24b76e9cb938bc3c8dcff396cbab28c7'
+ 'd4be8d2059d5427c057be4de4e948887')
+
+build() {
+ cd $startdir/src/$pkgname-$pkgver
+ # suppress "Command successful" message on luksOpen
+ patch -p1 -i $startdir/src/luksOpen-status.patch
+ ./configure --prefix=/usr --disable-static
+ make || return 1
+ make DESTDIR=$startdir/pkg install
+ # include a static cryptsetup binary for initrd setups
+ make clean
+ cd $startdir/src/$pkgname-$pkgver
+ ./configure --prefix=/usr --enable-static
+ make || return 1
+ # include a static cryptsetup binary for initrd setups
+ install -D -m755 src/cryptsetup $startdir/pkg/sbin/cryptsetup.static || return 1
+ # install hook
+ install -D -m644 $startdir/src/encrypt_hook $startdir/pkg/lib/initcpio/hooks/encrypt
+ install -D -m644 $startdir/src/encrypt_install $startdir/pkg/lib/initcpio/install/encrypt
+}
diff --git a/abs/core-testing/cryptsetup/cryptsetup-1.0.5-run_udevsettle.patch b/abs/core-testing/cryptsetup/cryptsetup-1.0.5-run_udevsettle.patch
new file mode 100644
index 0000000..28f85e6
--- /dev/null
+++ b/abs/core-testing/cryptsetup/cryptsetup-1.0.5-run_udevsettle.patch
@@ -0,0 +1,29 @@
+Index: cryptsetup-1.0.5/lib/libdevmapper.c
+===================================================================
+--- cryptsetup-1.0.5.orig/lib/libdevmapper.c
++++ cryptsetup-1.0.5/lib/libdevmapper.c
+@@ -18,6 +18,13 @@
+
+ #define CRYPT_TARGET "crypt"
+
++#define UDEVSETTLE "/sbin/udevsettle"
++
++static void run_udevsettle(void)
++{
++ system(UDEVSETTLE);
++}
++
+ static void set_dm_error(int level, const char *file, int line,
+ const char *f, ...)
+ {
+@@ -184,6 +191,9 @@ static int dm_create_device(int reload,
+ if (dmi.read_only)
+ options->flags |= CRYPT_FLAG_READONLY;
+
++ /* run udevsettle to avoid problems with busy dm devices */
++ run_udevsettle();
++
+ r = 0;
+
+ out:
+
diff --git a/abs/core-testing/cryptsetup/encrypt_hook b/abs/core-testing/cryptsetup/encrypt_hook
new file mode 100644
index 0000000..248f1f2
--- /dev/null
+++ b/abs/core-testing/cryptsetup/encrypt_hook
@@ -0,0 +1,122 @@
+# vim: set ft=sh:
+# TODO this one needs some work to work with lots of different
+# encryption schemes
+run_hook ()
+{
+ /sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
+ if [ -e "/sys/class/misc/device-mapper" ]; then
+ if [ ! -c "/dev/mapper/control" ]; then
+ read dev_t < /sys/class/misc/device-mapper/dev
+ /bin/mknod "/dev/mapper/control" c $(/bin/replace "${dev_t}" ':')
+ fi
+ [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
+
+ # Get keyfile if specified
+ ckeyfile="/crypto_keyfile.bin"
+ if [ "x${cryptkey}" != "x" ]; then
+ set -- $(/bin/replace "${cryptkey}" ':'); ckdev=$1; ckarg1=$2; ckarg2=$3
+ try=10
+ echo "Waiting for ${ckdev} ..."
+ while [ ! -b ${ckdev} -a ${try} -gt 0 ]; do
+ sleep 1
+ try=$((${try}-1))
+ done
+ if [ -b ${ckdev} ]; then
+ case ${ckarg1} in
+ *[!0-9]*)
+ # Use a file on the device
+ # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
+ mkdir /ckey
+ mount -r -t ${ckarg1} ${ckdev} /ckey
+ dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
+ umount /ckey
+ ;;
+ *)
+ # Read raw data from the block device
+ # ckarg1 is numeric: ckarg1=offset, ckarg2=length
+ dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
+ ;;
+ esac
+ fi
+ [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
+ fi
+
+ if [ -n "${cryptdevice}" ]; then
+ set -- $(/bin/replace "${cryptdevice}" ':'); cryptdev="$1"; cryptname="$2";
+ else
+ cryptdev="${root}"
+ cryptname="root"
+ fi
+
+ if /bin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
+ dopassphrase=1
+ # If keyfile exists, try to use that
+ if [ -f ${ckeyfile} ]; then
+ if eval /bin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
+ dopassphrase=0
+ else
+ echo "Invalid keyfile. Reverting to passphrase."
+ fi
+ fi
+ # Ask for a passphrase
+ if [ ${dopassphrase} -gt 0 ]; then
+ echo ""
+ echo "A password is required to access the ${cryptname} volume:"
+
+ #loop until we get a real password
+ while ! eval /bin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
+ sleep 2;
+ done
+ fi
+ if [ -e "/dev/mapper/${cryptname}" ]; then
+ if [ "${cryptname}" = "root" ]; then
+ export root="/dev/mapper/root"
+ fi
+ else
+ err "Password succeeded, but ${cryptname} creation failed, aborting..."
+ exit 1
+ fi
+ elif [ "x${crypto}" != "x" ]; then
+ do_oldcrypto ()
+ {
+ if [ $# -ne 5 ]; then
+ err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
+ err "Non-LUKS decryption not attempted..."
+ return 1
+ fi
+ exe="/bin/cryptsetup create ${cryptname} ${cryptdev}"
+ [ "x$(eval echo ${1})" != "x" ] && exe="${exe} --hash \"$(eval echo ${1})\""
+ [ "x$(eval echo ${2})" != "x" ] && exe="${exe} --cipher \"$(eval echo ${2})\""
+ [ "x$(eval echo ${3})" != "x" ] && exe="${exe} --key-size \"$(eval echo ${3})\""
+ [ "x$(eval echo ${4})" != "x" ] && exe="${exe} --offset \"$(eval echo ${4})\""
+ [ "x$(eval echo ${5})" != "x" ] && exe="${exe} --skip \"$(eval echo ${5})\""
+ if [ -f ${ckeyfile} ]; then
+ exe="${exe} --key-file ${ckeyfile}"
+ else
+ exe="${exe} --verify-passphrase"
+ echo ""
+ echo "A password is required to access the ${cryptname} volume:"
+ fi
+ eval "${exe} ${CSQUIET}"
+ }
+
+ msg "Non-LUKS encrypted device found..."
+ do_oldcrypto $(/bin/replace -q "${crypto}" ':')
+
+ if [ $? -ne 0 ]; then
+ err "Non-LUKS device decryption failed. verify format: "
+ err " crypto=hash:cipher:keysize:offset:skip"
+ exit 1
+ fi
+ if [ -e "/dev/mapper/${cryptname}" ]; then
+ if [ "${cryptname}" = "root" ]; then
+ export root="/dev/mapper/root"
+ fi
+ else
+ err "Password succeeded, but ${cryptname} creation failed, aborting..."
+ exit 1
+ fi
+ fi
+ nuke ${ckeyfile}
+ fi
+}
diff --git a/abs/core-testing/cryptsetup/encrypt_install b/abs/core-testing/cryptsetup/encrypt_install
new file mode 100644
index 0000000..28cfa3f
--- /dev/null
+++ b/abs/core-testing/cryptsetup/encrypt_install
@@ -0,0 +1,22 @@
+# vim: set ft=sh:
+
+install ()
+{
+ if [ -z "${CRYPTO_MODULES}" ]; then
+ MODULES=" dm-crypt $(all_modules "/crypto/") "
+ else
+ MODULES=" dm-crypt ${CRYPTO_MODULES} "
+ fi
+ BINARIES=""
+ add_dir "/dev/mapper"
+ add_file "/sbin/cryptsetup.static" "/bin/cryptsetup"
+ FILES=""
+ SCRIPT="encrypt"
+}
+
+help ()
+{
+cat<<HELPEOF
+ This hook allows for an encrypted root device.
+HELPEOF
+}
diff --git a/abs/core-testing/cryptsetup/luksOpen-status.patch b/abs/core-testing/cryptsetup/luksOpen-status.patch
new file mode 100644
index 0000000..d2e4004
--- /dev/null
+++ b/abs/core-testing/cryptsetup/luksOpen-status.patch
@@ -0,0 +1,13 @@
+diff -Nur cryptsetup-luks-1.0.4.orig/src/cryptsetup.c cryptsetup-luks-1.0.4/src/cryptsetup.c
+--- cryptsetup-luks-1.0.4.orig/src/cryptsetup.c 2006-10-04 15:47:00.000000000 +0200
++++ cryptsetup-luks-1.0.4/src/cryptsetup.c 2006-12-16 15:54:12.000000000 +0100
+@@ -249,7 +249,8 @@
+ if (opt_readonly)
+ options.flags |= CRYPT_FLAG_READONLY;
+ r = crypt_luksOpen(&options);
+- show_status(-r);
++ if(r)
++ show_status(-r);
+ return r;
+ }
+