diff options
Diffstat (limited to 'abs')
-rw-r--r-- | abs/core/cryptsetup/PKGBUILD | 50 | ||||
-rw-r--r-- | abs/core/cryptsetup/hooks-encrypt (renamed from abs/core/cryptsetup/encrypt_hook) | 13 | ||||
-rw-r--r-- | abs/core/cryptsetup/install-encrypt (renamed from abs/core/cryptsetup/encrypt_install) | 7 | ||||
-rw-r--r-- | abs/core/cryptsetup/install-sd-encrypt (renamed from abs/core/cryptsetup/sd-encrypt) | 19 |
4 files changed, 52 insertions, 37 deletions
diff --git a/abs/core/cryptsetup/PKGBUILD b/abs/core/cryptsetup/PKGBUILD index 238fff9..0e4fbb6 100644 --- a/abs/core/cryptsetup/PKGBUILD +++ b/abs/core/cryptsetup/PKGBUILD @@ -1,43 +1,47 @@ # $Id$ -# Maintainer: Thomas Bächler <thomas@archlinux.org> +# Maintainer: Bartłomiej Piotrowski <bpiotrowski@archlinux.org> +# Contributor: Thomas Bächler <thomas@archlinux.org> + pkgname=cryptsetup -pkgver=1.7.0 +pkgver=2.0.1 pkgrel=1 -pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt" -arch=(i686 x86_64) +pkgdesc='Userspace setup tool for transparent encryption of block devices using dm-crypt' +arch=(x86_64) license=('GPL') -url="http://code.google.com/p/cryptsetup/" +url='https://gitlab.com/cryptsetup/cryptsetup/' groups=('base') -depends=('device-mapper' 'libgcrypt' 'popt' 'libutil-linux') +depends=('device-mapper' 'libgcrypt' 'popt' 'libutil-linux' 'json-c' 'argon2') makedepends=('util-linux') options=('!emptydirs') -source=(https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/${pkgname}-${pkgver}.tar.xz - https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/${pkgname}-${pkgver}.tar.sign - encrypt_hook - encrypt_install - sd-encrypt) validpgpkeys=('2A2918243FDE46648D0686F9D9B0577BD93E98FC') # Milan Broz <gmazyland@gmail.com> -sha256sums=('075524a7cc0db36d12119fa79116750accb1c6c8825d5faa2534b74b8ce3d148' +source=("https://www.kernel.org/pub/linux/utils/cryptsetup/v2.0/${pkgname}-${pkgver}.tar."{xz,sign} + 'hooks-encrypt' + 'install-encrypt' + 'install-sd-encrypt') +sha256sums=('41d188092c52e23d576af41cf0cfe0555d8f7efa21598d4c57c56ea1b6d9c975' 'SKIP' - '4406f8dc83f4f1b408e49d557515f721d91b358355c71fbe51f74ab27e5c84ff' - 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae' - 'd442304e6a78b3513ebc53be3fe2f1276a7df470c8da701b3ece971d59979bdd') - -#prepare() { -# cd "${srcdir}"/$pkgname-${pkgver} -#} + '416aa179ce3c6a7a5eee0861f1f0a4fafac91b69e84a2aae82b6e5a6140e31e2' + '7b8c8a189f1b63cb4a0c0dd93d3452615bdc05f0e33570c78b338446a59ca750' + '7891087a588ede7a5b885c439217af325c994471e821fbfbf4f4ccce47679261') build() { cd "${srcdir}"/$pkgname-${pkgver} - ./configure --prefix=/usr --sbindir=/usr/bin --disable-static --enable-cryptsetup-reencrypt + + ./configure \ + --prefix=/usr \ + --sbindir=/usr/bin \ + --enable-libargon2 \ + --disable-static make } package() { cd "${srcdir}"/$pkgname-${pkgver} + make DESTDIR="${pkgdir}" install + # install hook - install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/usr/lib/initcpio/hooks/encrypt - install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt - install -D -m644 "${srcdir}"/sd-encrypt "${pkgdir}"/usr/lib/initcpio/install/sd-encrypt + install -D -m0644 "${srcdir}"/hooks-encrypt "${pkgdir}"/usr/lib/initcpio/hooks/encrypt + install -D -m0644 "${srcdir}"/install-encrypt "${pkgdir}"/usr/lib/initcpio/install/encrypt + install -D -m0644 "${srcdir}"/install-sd-encrypt "${pkgdir}"/usr/lib/initcpio/install/sd-encrypt } diff --git a/abs/core/cryptsetup/encrypt_hook b/abs/core/cryptsetup/hooks-encrypt index 819c4cf..882d5fb 100644 --- a/abs/core/cryptsetup/encrypt_hook +++ b/abs/core/cryptsetup/hooks-encrypt @@ -44,6 +44,12 @@ EOF cryptname="root" fi + # This may happen if third party hooks do the crypt setup + if [ -b "/dev/mapper/${cryptname}" ]; then + echo "Device ${cryptname} already exists, not doing any crypt setup." + return 0 + fi + warn_deprecated() { echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated" echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead." @@ -88,7 +94,7 @@ EOF fi else err "Password succeeded, but ${cryptname} creation failed, aborting..." - exit 1 + return 1 fi elif [ -n "${crypto}" ]; then [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated @@ -110,7 +116,6 @@ EOF if [ -f "$ckeyfile" ]; then exe="$exe --key-file $ckeyfile" else - exe="$exe --verify-passphrase" echo "" echo "A password is required to access the ${cryptname} volume:" fi @@ -119,7 +124,7 @@ EOF if [ $? -ne 0 ]; then err "Non-LUKS device decryption failed. verify format: " err " crypto=hash:cipher:keysize:offset:skip" - exit 1 + return 1 fi if [ -e "/dev/mapper/${cryptname}" ]; then if [ ${DEPRECATED_CRYPT} -eq 1 ]; then @@ -127,7 +132,7 @@ EOF fi else err "Password succeeded, but ${cryptname} creation failed, aborting..." - exit 1 + return 1 fi else err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified." diff --git a/abs/core/cryptsetup/encrypt_install b/abs/core/cryptsetup/install-encrypt index 38e5ddc..017ba00 100644 --- a/abs/core/cryptsetup/encrypt_install +++ b/abs/core/cryptsetup/install-encrypt @@ -3,13 +3,13 @@ build() { local mod - add_module dm-crypt + add_module "dm-crypt" if [[ $CRYPTO_MODULES ]]; then for mod in $CRYPTO_MODULES; do add_module "$mod" done else - add_all_modules '/crypto/' + add_all_modules "/crypto/" fi add_binary "cryptsetup" @@ -19,6 +19,9 @@ build() { add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules" + # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1 + add_binary "/usr/lib/libgcc_s.so.1" + add_runscript } diff --git a/abs/core/cryptsetup/sd-encrypt b/abs/core/cryptsetup/install-sd-encrypt index c18fd2f..08d83d6 100644 --- a/abs/core/cryptsetup/sd-encrypt +++ b/abs/core/cryptsetup/install-sd-encrypt @@ -3,13 +3,13 @@ build() { local mod - add_module dm-crypt + add_module "dm-crypt" if [[ $CRYPTO_MODULES ]]; then for mod in $CRYPTO_MODULES; do add_module "$mod" done else - add_all_modules '/crypto/' + add_all_modules "/crypto/" fi add_binary "dmsetup" @@ -18,14 +18,17 @@ build() { add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules" - add_systemd_unit cryptsetup.target - add_binary /usr/lib/systemd/system-generators/systemd-cryptsetup-generator - add_binary /usr/lib/systemd/systemd-cryptsetup + add_systemd_unit "cryptsetup.target" + add_binary "/usr/lib/systemd/system-generators/systemd-cryptsetup-generator" + add_binary "/usr/lib/systemd/systemd-cryptsetup" - add_systemd_unit systemd-ask-password-console.path - add_systemd_unit systemd-ask-password-console.service + add_systemd_unit "systemd-ask-password-console.path" + add_systemd_unit "systemd-ask-password-console.service" - [[ -f /etc/crypttab.initramfs ]] && add_file /etc/crypttab.initramfs /etc/crypttab + # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1 + add_binary "/usr/lib/libgcc_s.so.1" + + [[ -f /etc/crypttab.initramfs ]] && add_file "/etc/crypttab.initramfs" "/etc/crypttab" } help() { |