Hello community,
here is the log from the commit of package cryptsetup
checked in at Thu Nov 29 18:20:00 CET 2007.
--------
--- cryptsetup/cryptsetup.changes 2007-11-07 12:41:20.000000000 +0100
+++ /mounts/work_src_done/STABLE/cryptsetup/cryptsetup.changes 2007-11-29 13:50:44.000000000 +0100
@@ -1,0 +2,5 @@
+Thu Nov 29 13:47:24 CET 2007 - lnussel@suse.de
+
+- upgrade to svn revision 38
+
+-------------------------------------------------------------------
Old:
----
cryptsetup-1.0.5-run_udevsettle.patch
cryptsetup-1.0.5_SVNr31.tar.bz2
cryptsetup-luks-implicit-declarations.diff
cryptsetup-luks-libnostderr.diff
cryptsetup-luks-warnings.diff
New:
----
0001-cryptsetup-the-device-parameter-of-LUKS_device_ready.diff
0002-cryptsetup-logger-function-should-return-void.diff
0003-cryptsetup-fix-implicit-function-declarations.diff
cryptsetup-1.0.5_SVNr38.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cryptsetup.spec ++++++
--- /var/tmp/diff_new_pack.xf2531/_old 2007-11-29 18:18:20.000000000 +0100
+++ /var/tmp/diff_new_pack.xf2531/_new 2007-11-29 18:18:20.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package cryptsetup (Version 1.0.5_SVNr31)
+# spec file for package cryptsetup (Version 1.0.5_SVNr38)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@@ -18,10 +18,10 @@
License: BSD 3-Clause; GPL v2 or later
Group: System/Base
AutoReqProv: on
-Version: 1.0.5_SVNr31
-Release: 4
+Version: 1.0.5_SVNr38
+Release: 1
Summary: Set Up dm-crypt Based Encrypted Block Devices
-Source: cryptsetup-1.0.5_SVNr31.tar.bz2
+Source: cryptsetup-%{version}.tar.bz2
Source1: hashalot-%haver.tar.bz2
Source50: boot.crypto
Source90: Makefile.doc
@@ -30,10 +30,9 @@
Source92: crypttab.5
# use this to create the tarball from svn
Source99: cryptsetup-mktar
-Patch2: cryptsetup-luks-implicit-declarations.diff
-Patch3: cryptsetup-luks-warnings.diff
-Patch4: cryptsetup-luks-libnostderr.diff
-Patch5: cryptsetup-1.0.5-run_udevsettle.patch
+Patch1: 0001-cryptsetup-the-device-parameter-of-LUKS_device_ready.diff
+Patch2: 0002-cryptsetup-logger-function-should-return-void.diff
+Patch3: 0003-cryptsetup-fix-implicit-function-declarations.diff
Patch10: hashalot-fixes.diff
Patch11: hashalot-libgcrypt.diff
Patch12: hashalot-ctrl-d.diff
@@ -84,11 +83,9 @@
%prep
%setup -q -b 1
-#%patch1 -p1
+%patch1 -p1
%patch2 -p1
%patch3 -p1
-%patch4 -p1
-%patch5 -p1
pushd ../hashalot-%haver
%patch10 -p1
%patch11 -p1
@@ -183,7 +180,10 @@
%defattr(-,root,root)
%_includedir/libcryptsetup.h
%{_libdir}/libcryptsetup.so
+
%changelog
+* Thu Nov 29 2007 - lnussel@suse.de
+- upgrade to svn revision 38
* Wed Nov 07 2007 - mkoenig@suse.de
- add %%fillup_prereq and %%insserv_prereq to PreReq
* Tue Oct 16 2007 - lnussel@suse.de
++++++ 0001-cryptsetup-the-device-parameter-of-LUKS_device_ready.diff ++++++
From 637619ff183804b4f654a3c5810aea2bb8ce9ba3 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
Date: Thu, 29 Nov 2007 13:18:23 +0100
Subject: [PATCH] cryptsetup: the device parameter of LUKS_device_ready should be const
Signed-off-by: Ludwig Nussel
---
luks/keymanage.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/luks/keymanage.c b/luks/keymanage.c
index 915a0f2..91ff688 100644
--- a/luks/keymanage.c
+++ b/luks/keymanage.c
@@ -466,7 +466,7 @@ int LUKS_benchmarkt_iterations()
return PBKDF2_performance_check()/2;
}
-int LUKS_device_ready(char *device, int mode)
+int LUKS_device_ready(const char *device, int mode)
{
int devfd = open(device, mode | O_DIRECT | O_SYNC);
if(devfd < 0) {
--
1.5.3.4
++++++ 0002-cryptsetup-logger-function-should-return-void.diff ++++++
From 32f038fe704a069444e5b71d6b195795b917016a Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
Date: Thu, 29 Nov 2007 13:21:23 +0100
Subject: [PATCH] cryptsetup: logger function should return void
Signed-off-by: Ludwig Nussel
---
lib/setup.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/lib/setup.c b/lib/setup.c
index 9e8c810..032d90e 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -26,7 +26,7 @@ static char *default_backend = NULL;
#define at_least_one(a) ({ __typeof__(a) __at_least_one=(a); (__at_least_one)?__at_least_one:1; })
-static int logger(struct crypt_options *options, int class, char *format, ...) {
+static void logger(struct crypt_options *options, int class, char *format, ...) {
va_list argp;
char *target;
--
1.5.3.4
++++++ 0003-cryptsetup-fix-implicit-function-declarations.diff ++++++
From 557a4f778b227b63b7095e2910bb6911ed2b040c Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
Date: Thu, 29 Nov 2007 10:35:19 +0100
Subject: [PATCH] cryptsetup: fix implicit function declarations
Signed-off-by: Ludwig Nussel
---
lib/libcryptsetup.h | 3 ++-
luks/luks.h | 1 +
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h
index fad14d1..e2db46a 100644
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -53,7 +53,8 @@ int crypt_query_device(struct crypt_options *options);
int crypt_remove_device(struct crypt_options *options);
int crypt_luksFormat(struct crypt_options *options);
int crypt_luksOpen(struct crypt_options *options);
-int crypt_luksDelKey(struct crypt_options *options);
+int crypt_luksKillSlot(struct crypt_options *options);
+int crypt_luksRemoveKey(struct crypt_options *options);
int crypt_luksAddKey(struct crypt_options *options);
int crypt_luksUUID(struct crypt_options *options);
int crypt_isLuks(struct crypt_options *options);
diff --git a/luks/luks.h b/luks/luks.h
index ac9fe74..17f7b08 100644
--- a/luks/luks.h
+++ b/luks/luks.h
@@ -132,4 +132,5 @@ int LUKS_decrypt_from_storage(char *dst, size_t dstLength,
char *key, size_t keyLength,
const char *device,
unsigned int sector, struct setup_backend *backend);
+int LUKS_device_ready(const char *device, int mode);
#endif
--
1.5.3.4
++++++ cryptsetup-1.0.5_SVNr31.tar.bz2 -> cryptsetup-1.0.5_SVNr38.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptsetup-1.0.5_SVNr31/configure new/cryptsetup-1.0.5_SVNr38/configure
--- old/cryptsetup-1.0.5_SVNr31/configure 2007-09-11 16:48:42.000000000 +0200
+++ new/cryptsetup-1.0.5_SVNr38/configure 2007-11-22 14:50:26.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.61 for cryptsetup 1.0.5-pre1.
+# Generated by GNU Autoconf 2.61 for cryptsetup 1.0.6-pre1.
#
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
# 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
@@ -726,8 +726,8 @@
# Identity of this package.
PACKAGE_NAME='cryptsetup'
PACKAGE_TARNAME='cryptsetup'
-PACKAGE_VERSION='1.0.5-pre1'
-PACKAGE_STRING='cryptsetup 1.0.5-pre1'
+PACKAGE_VERSION='1.0.6-pre1'
+PACKAGE_STRING='cryptsetup 1.0.6-pre1'
PACKAGE_BUGREPORT=''
ac_unique_file="src/cryptsetup.c"
@@ -1425,7 +1425,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures cryptsetup 1.0.5-pre1 to adapt to many kinds of systems.
+\`configure' configures cryptsetup 1.0.6-pre1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1495,7 +1495,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of cryptsetup 1.0.5-pre1:";;
+ short | recursive ) echo "Configuration of cryptsetup 1.0.6-pre1:";;
esac
cat <<\_ACEOF
@@ -1617,7 +1617,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-cryptsetup configure 1.0.5-pre1
+cryptsetup configure 1.0.6-pre1
generated by GNU Autoconf 2.61
Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -1631,7 +1631,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by cryptsetup $as_me 1.0.5-pre1, which was
+It was created by cryptsetup $as_me 1.0.6-pre1, which was
generated by GNU Autoconf 2.61. Invocation command line was
$ $0 $@
@@ -2305,7 +2305,7 @@
# Define the identity of the package.
PACKAGE='cryptsetup'
- VERSION='1.0.5-pre1'
+ VERSION='1.0.6-pre1'
cat >>confdefs.h <<_ACEOF
@@ -24479,7 +24479,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by cryptsetup $as_me 1.0.5-pre1, which was
+This file was extended by cryptsetup $as_me 1.0.6-pre1, which was
generated by GNU Autoconf 2.61. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -24532,7 +24532,7 @@
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF
ac_cs_version="\\
-cryptsetup config.status 1.0.5-pre1
+cryptsetup config.status 1.0.6-pre1
configured by $0, generated by GNU Autoconf 2.61,
with options \\"`echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\"
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptsetup-1.0.5_SVNr31/lib/internal.h new/cryptsetup-1.0.5_SVNr38/lib/internal.h
--- old/cryptsetup-1.0.5_SVNr31/lib/internal.h 2007-09-11 16:48:42.000000000 +0200
+++ new/cryptsetup-1.0.5_SVNr38/lib/internal.h 2007-10-24 22:14:25.000000000 +0200
@@ -62,6 +62,9 @@
struct setup_backend *get_setup_backend(const char *name);
void put_setup_backend(struct setup_backend *backend);
+void hexprint(char *d, int n);
+
+int sector_size_for_device(const char *device);
ssize_t write_blockwise(int fd, const void *buf, size_t count);
ssize_t read_blockwise(int fd, void *_buf, size_t count);
ssize_t write_lseek_blockwise(int fd, const char *buf, size_t count, off_t offset);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptsetup-1.0.5_SVNr31/lib/libcryptsetup.h new/cryptsetup-1.0.5_SVNr38/lib/libcryptsetup.h
--- old/cryptsetup-1.0.5_SVNr31/lib/libcryptsetup.h 2007-09-11 16:48:42.000000000 +0200
+++ new/cryptsetup-1.0.5_SVNr38/lib/libcryptsetup.h 2007-10-24 22:42:20.000000000 +0200
@@ -51,12 +51,14 @@
int crypt_resize_device(struct crypt_options *options);
int crypt_query_device(struct crypt_options *options);
int crypt_remove_device(struct crypt_options *options);
-int crypt_luksInit(struct crypt_options *options);
+int crypt_luksFormat(struct crypt_options *options);
int crypt_luksOpen(struct crypt_options *options);
int crypt_luksDelKey(struct crypt_options *options);
int crypt_luksAddKey(struct crypt_options *options);
int crypt_luksUUID(struct crypt_options *options);
int crypt_isLuks(struct crypt_options *options);
+int crypt_luksFormat(struct crypt_options *options);
+int crypt_luksDump(struct crypt_options *options);
void crypt_get_error(char *buf, size_t size);
void crypt_put_options(struct crypt_options *options);
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptsetup-1.0.5_SVNr31/lib/libdevmapper.c new/cryptsetup-1.0.5_SVNr38/lib/libdevmapper.c
--- old/cryptsetup-1.0.5_SVNr31/lib/libdevmapper.c 2006-09-24 19:31:56.000000000 +0200
+++ new/cryptsetup-1.0.5_SVNr38/lib/libdevmapper.c 2007-10-24 22:47:53.000000000 +0200
@@ -18,6 +18,13 @@
#define CRYPT_TARGET "crypt"
+#define UDEVSETTLE "/sbin/udevsettle"
+
+static void run_udevsettle(void)
+{
+ system(UDEVSETTLE);
+}
+
static void set_dm_error(int level, const char *file, int line,
const char *f, ...)
{
@@ -184,6 +191,9 @@
if (dmi.read_only)
options->flags |= CRYPT_FLAG_READONLY;
+ /* run udevsettle to avoid a race in libdevmapper causing busy dm devices */
+ run_udevsettle();
+
r = 0;
out:
@@ -258,7 +268,7 @@
options->skip = 0;
options->size = length;
if (details) {
- char *cipher, *key_, *device, *tmp;
+ char *cipher, *key_, *device;
uint64_t val64;
set_error("Invalid dm table");
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptsetup-1.0.5_SVNr31/lib/setup.c new/cryptsetup-1.0.5_SVNr38/lib/setup.c
--- old/cryptsetup-1.0.5_SVNr31/lib/setup.c 2007-09-11 16:48:42.000000000 +0200
+++ new/cryptsetup-1.0.5_SVNr38/lib/setup.c 2007-11-22 14:50:26.000000000 +0100
@@ -26,7 +26,26 @@
#define at_least_one(a) ({ __typeof__(a) __at_least_one=(a); (__at_least_one)?__at_least_one:1; })
-static int setup_enter(struct setup_backend *backend)
+static int logger(struct crypt_options *options, int class, char *format, ...) {
+ va_list argp;
+ char *target;
+
+ va_start(argp, format);
+ vasprintf(&target, format, argp);
+ options->icb->log(class, target);
+
+ va_end(argp);
+ free(target);
+}
+
+static void hexprintICB(struct crypt_options *options, int class, char *d, int n)
+{
+ int i;
+ for(i = 0; i < n; i++)
+ logger(options, class, "%02hhx ", (char)d[i]);
+}
+
+static int setup_enter(struct setup_backend *backend, void (*log)(int, char *))
{
int r;
@@ -37,7 +56,7 @@
r = mlockall(MCL_CURRENT | MCL_FUTURE);
if (r < 0) {
perror("mlockall failed");
- fprintf(stderr, "WARNING!!! Possibly insecure memory. Are you root?\n");
+ log(CRYPT_LOG_ERROR, "WARNING!!! Possibly insecure memory. Are you root?\n");
memory_unsafe = 1;
}
@@ -56,8 +75,6 @@
static int setup_leave(struct setup_backend *backend)
{
- const char *error;
-
if (backend)
backend->exit();
@@ -101,9 +118,9 @@
return NULL;
}
} else if (passLen > options->key_size) {
- memcpy(key, pass, options->key_size);
+ memcpy(key, pass, options->key_size);
} else {
- memcpy(key, pass, passLen);
+ memcpy(key, pass, passLen);
}
return key;
@@ -114,11 +131,21 @@
char buf[128];
uint64_t size;
unsigned long size_small;
- int readonly;
+ int readonly = 0;
int ret = -1;
int fd;
- fd = open(device, O_RDONLY);
+ /* Try to open read-write to check whether it is a read-only device */
+ fd = open(device, O_RDWR);
+ if (fd < 0) {
+ if (errno == EROFS) {
+ readonly = 1;
+ fd = open(device, O_RDONLY);
+ }
+ } else {
+ close(fd);
+ fd = open(device, O_RDONLY);
+ }
if (fd < 0) {
set_error("Error opening device: %s",
strerror_r(errno, buf, 128));
@@ -126,13 +153,19 @@
}
#ifdef BLKROGET
- if (ioctl(fd, BLKROGET, &readonly) < 0) {
- set_error("BLKROGET failed on device: %s",
- strerror_r(errno, buf, 128));
- return -1;
+ /* If the device can be opened read-write, i.e. readonly is still 0, then
+ * check whether BKROGET says that it is read-only. E.g. read-only loop
+ * devices may be openend read-write but are read-only according to BLKROGET
+ */
+ if (readonly == 0) {
+ if (ioctl(fd, BLKROGET, &readonly) < 0) {
+ set_error("BLKROGET failed on device: %s",
+ strerror_r(errno, buf, 128));
+ return -1;
+ }
}
#else
-# error BLKROGET not available
+#error BLKROGET not available
#endif
#ifdef BLKGETSIZE64
@@ -168,7 +201,7 @@
static int parse_into_name_and_mode(const char *nameAndMode, char *name,
char *mode)
{
- // Token content stringification, see info cpp/stringification
+/* Token content stringification, see info cpp/stringification */
#define str(s) #s
#define xstr(s) str(s)
#define scanpattern1 "%" xstr(LUKS_CIPHERNAME_L) "[^-]-%" xstr(LUKS_CIPHERMODE_L) "s"
@@ -181,7 +214,7 @@
strncpy(mode,"cbc-plain",10);
}
else {
- fprintf(stderr, "no known cipher-spec pattern detected\n");
+ set_error("no known cipher-spec pattern detected");
return -EINVAL;
}
}
@@ -352,17 +385,17 @@
int PBKDF2perSecond;
if (!LUKS_device_ready(options->device, O_RDWR | O_EXCL)) {
- set_error("Can not access device");
- r = -ENOTBLK; goto out;
+ set_error("Can not access device");
+ r = -ENOTBLK; goto out;
}
mk = LUKS_generate_masterkey(options->key_size);
if(NULL == mk) return -ENOMEM;
#ifdef LUKS_DEBUG
-#define printoffset(entry) printf("offset of " #entry " = %d\n", (char *)(&header.entry)-(char *)(&header))
+#define printoffset(entry) logger(options, CRYPT_LOG_ERROR, ("offset of " #entry " = %d\n", (char *)(&header.entry)-(char *)(&header))
- printf("sizeof phdr %d, key slot %d\n",sizeof(struct luks_phdr),sizeof(header.keyblock[0]));
+ logger(options, CRYPT_LOG_ERROR, "sizeof phdr %d, key slot %d\n",sizeof(struct luks_phdr),sizeof(header.keyblock[0]));
printoffset(magic);
printoffset(version);
@@ -389,7 +422,7 @@
PBKDF2perSecond = LUKS_benchmarkt_iterations();
header.keyblock[0].passwordIterations = at_least_one(PBKDF2perSecond * ((float)options->iteration_time / 1000.0));
#ifdef LUKS_DEBUG
- fprintf(stderr, "pitr %d\n", header.keyblock[0].passwordIterations);
+ logger(options->icb->log,CRYPT_LOG_ERROR, "pitr %d\n", header.keyblock[0].passwordIterations);
#endif
get_key("Enter LUKS passphrase: ",&password,&passwordLen, 0, options->new_key_file, options->passphrase_fd, options->timeout, options->flags);
if(!password) {
@@ -426,13 +459,13 @@
}
if (!LUKS_device_ready(options->device, O_RDONLY | O_EXCL)) {
- set_error("Can not access device");
- return -ENOTBLK;
+ set_error("Can not access device");
+ return -ENOTBLK;
}
if (get_device_infos(options->device, &infos) < 0) {
- set_error("Can't get device information.\n");
- return -ENOTBLK;
+ set_error("Can't get device information.\n");
+ return -ENOTBLK;
}
if (infos.readonly)
@@ -506,8 +539,8 @@
int r;
if (!LUKS_device_ready(options->device, O_RDWR | O_EXCL)) {
- set_error("Can not access device");
- r = -ENOTBLK; goto out;
+ set_error("Can not access device");
+ r = -ENOTBLK; goto out;
}
r = LUKS_read_phdr(device, &hdr);
@@ -528,10 +561,13 @@
if(!password) {
r = -EINVAL; goto out;
}
- if(LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend) < 0) {
- printf("No key available with this passphrase.\n");
+ r = LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend);
+ if(r < 0) {
+ options->icb->log(CRYPT_LOG_ERROR,"No key available with this passphrase.\n");
r = -EPERM; goto out;
- }
+ } else
+ logger(options, CRYPT_LOG_NORMAL,"key slot %d unlocked.\n",i);
+
safe_free(password);
optionsSet.key_size = 0; // FIXME, define a clean interface some day.
@@ -570,12 +606,12 @@
if(supply_it) {
get_key("Enter LUKS passphrase to be deleted: ",&password,&passwordLen, 0, options->new_key_file, options->passphrase_fd, options->timeout, options->flags);
if(!password) {
- r = -EINVAL; goto out;
+ r = -EINVAL; goto out;
}
keyIndex = LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend);
if(keyIndex < 0) {
- printf("No remaining key available with this passphrase.\n");
- r = -EPERM; goto out;
+ options->icb->log(CRYPT_LOG_ERROR,"No remaining key available with this passphrase.\n");
+ r = -EPERM; goto out;
}
safe_free(password);
} else {
@@ -596,8 +632,8 @@
}
openedIndex = LUKS_open_any_key(device, password, passwordLen, &hdr, &mk, backend);
if(openedIndex < 0 || keyIndex == openedIndex) {
- printf("No remaining key available with this passphrase.\n");
- r = -EPERM; goto out;
+ options->icb->log(CRYPT_LOG_ERROR,"No remaining key available with this passphrase.\n");
+ r = -EPERM; goto out;
}
}
r = LUKS_del_key(device, keyIndex);
@@ -610,11 +646,11 @@
}
static int __crypt_luks_kill_slot(int arg, struct setup_backend *backend, struct crypt_options *options) {
- return luks_remove_helper(arg, backend, options, 0);
+ return luks_remove_helper(arg, backend, options, 0);
}
static int __crypt_luks_remove_key(int arg, struct setup_backend *backend, struct crypt_options *options) {
- return luks_remove_helper(arg, backend, options, 1);
+ return luks_remove_helper(arg, backend, options, 1);
}
@@ -627,7 +663,7 @@
backend = get_setup_backend(default_backend);
- setup_enter(backend);
+ setup_enter(backend,options->icb->log);
if (!backend) {
set_error("No setup backend available");
@@ -706,7 +742,8 @@
r = LUKS_read_phdr(options->device,&hdr);
if(r < 0) return r;
- printf("%s\n",hdr.uuid);
+ options->icb->log(CRYPT_LOG_NORMAL,hdr.uuid);
+ options->icb->log(CRYPT_LOG_NORMAL,"\n");
return 0;
}
@@ -724,38 +761,38 @@
r = LUKS_read_phdr(options->device,&hdr);
if(r < 0) return r;
- printf("LUKS header information for %s\n\n",options->device);
- printf("Version: \t%d\n",hdr.version);
- printf("Cipher name: \t%s\n",hdr.cipherName);
- printf("Cipher mode: \t%s\n",hdr.cipherMode);
- printf("Hash spec: \t%s\n",hdr.hashSpec);
- printf("Payload offset:\t%d\n",hdr.payloadOffset);
- printf("MK bits: \t%d\n",hdr.keyBytes*8);
- printf("MK digest: \t");
- hexprint(hdr.mkDigest,LUKS_DIGESTSIZE);
- printf("\n");
- printf("MK salt: \t");
- hexprint(hdr.mkDigestSalt,LUKS_SALTSIZE/2);
- printf("\n \t");
- hexprint(hdr.mkDigestSalt+LUKS_SALTSIZE/2,LUKS_SALTSIZE/2);
- printf("\n");
- printf("MK iterations: \t%d\n",hdr.mkDigestIterations);
- printf("UUID: \t%s\n\n",hdr.uuid);
+ logger(options, CRYPT_LOG_NORMAL, "LUKS header information for %s\n\n",options->device);
+ logger(options, CRYPT_LOG_NORMAL, "Version: \t%d\n",hdr.version);
+ logger(options, CRYPT_LOG_NORMAL, "Cipher name: \t%s\n",hdr.cipherName);
+ logger(options, CRYPT_LOG_NORMAL, "Cipher mode: \t%s\n",hdr.cipherMode);
+ logger(options, CRYPT_LOG_NORMAL, "Hash spec: \t%s\n",hdr.hashSpec);
+ logger(options, CRYPT_LOG_NORMAL, "Payload offset:\t%d\n",hdr.payloadOffset);
+ logger(options, CRYPT_LOG_NORMAL, "MK bits: \t%d\n",hdr.keyBytes*8);
+ logger(options, CRYPT_LOG_NORMAL, "MK digest: \t");
+ hexprintICB(options, CRYPT_LOG_NORMAL, hdr.mkDigest,LUKS_DIGESTSIZE);
+ logger(options, CRYPT_LOG_NORMAL, "\n");
+ logger(options, CRYPT_LOG_NORMAL, "MK salt: \t");
+ hexprintICB(options, CRYPT_LOG_NORMAL, hdr.mkDigestSalt,LUKS_SALTSIZE/2);
+ logger(options, CRYPT_LOG_NORMAL, "\n \t");
+ hexprintICB(options, CRYPT_LOG_NORMAL, hdr.mkDigestSalt+LUKS_SALTSIZE/2,LUKS_SALTSIZE/2);
+ logger(options, CRYPT_LOG_NORMAL, "\n");
+ logger(options, CRYPT_LOG_NORMAL, "MK iterations: \t%d\n",hdr.mkDigestIterations);
+ logger(options, CRYPT_LOG_NORMAL, "UUID: \t%s\n\n",hdr.uuid);
for(i=0;i
#include
#include
+#include
#include
#include
@@ -173,7 +174,7 @@
{
char *padbuf; char *padbuf_base;
char *buf = (char *)orig_buf;
- int r;
+ int r = 0;
int hangover; int solid; int bsize;
if ((bsize = sector_size(fd)) < 0)
@@ -213,7 +214,7 @@
ssize_t read_blockwise(int fd, void *orig_buf, size_t count) {
char *padbuf; char *padbuf_base;
char *buf = (char *)orig_buf;
- int r;
+ int r = 0;
int step;
int bsize;
@@ -226,7 +227,7 @@
while(count) {
r = read(fd,padbuf,bsize);
if(r < 0 || r != bsize) {
- fprintf(stderr, "read failed in read_blockwise.\n");
+ set_error("read failed in read_blockwise.\n");
goto out;
}
step = count 0)
failed = untimed_read(fd, pass, maxlen);
else
- fprintf(stderr, "Operation timed out.\n");
+ set_error("Operation timed out");
return failed;
}
@@ -316,7 +317,7 @@
{
struct termios orig, tmp;
int failed = -1;
- int infd, outfd;
+ int infd = STDIN_FILENO, outfd;
if (maxlen < 1)
goto out_err;
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptsetup-1.0.5_SVNr31/luks/af.c new/cryptsetup-1.0.5_SVNr38/luks/af.c
--- old/cryptsetup-1.0.5_SVNr31/luks/af.c 2006-09-24 19:31:56.000000000 +0200
+++ new/cryptsetup-1.0.5_SVNr38/luks/af.c 2007-10-24 22:14:25.000000000 +0200
@@ -30,6 +30,7 @@
#include
#include "sha1.h"
#include "XORblock.h"
+#include "random.h"
/* diffuse: Information spreading over the whole dataset with
* the help of sha512.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptsetup-1.0.5_SVNr31/luks/keyencryption.c new/cryptsetup-1.0.5_SVNr38/luks/keyencryption.c
--- old/cryptsetup-1.0.5_SVNr31/luks/keyencryption.c 2007-09-11 16:48:42.000000000 +0200
+++ new/cryptsetup-1.0.5_SVNr38/luks/keyencryption.c 2007-11-22 14:50:26.000000000 +0100
@@ -35,12 +35,16 @@
#include "../lib/internal.h"
#include "../lib/blockdev.h"
-#define div_round_up(a,b) ({ \
+#define div_round_up(a,b) ({ \
typeof(a) __a = (a); \
typeof(b) __b = (b); \
- (__a - 1) / __b + 1; \
+ (__a - 1) / __b + 1; \
})
+static inline int round_up_modulo(int x, int m) {
+ return div_round_up(x, m) * m;
+}
+
static int setup_mapping(const char *cipher, const char *name,
const char *device, unsigned int payloadOffset,
const char *key, size_t keyLength,
@@ -58,7 +62,7 @@
* device's sector size, otherwise the mapping will be refused.
*/
if(device_sector_size < 0) {
- fprintf(stderr,_("Unable to obtain sector size for %s"),device);
+ set_error(_("Unable to obtain sector size for %s"),device);
return -EINVAL;
}
options->size = round_up_modulo(srcLength,device_sector_size)/SECTOR_SIZE;
@@ -97,12 +101,12 @@
static void sigint_handler(int sig)
{
- if(devfd)
- close(devfd);
- if(cleaner_backend && cleaner_name)
- clear_mapping(cleaner_name, cleaner_backend);
- signal(SIGINT, SIG_DFL);
- kill(getpid(), SIGINT);
+ if(devfd)
+ close(devfd);
+ if(cleaner_backend && cleaner_name)
+ clear_mapping(cleaner_name, cleaner_backend);
+ signal(SIGINT, SIG_DFL);
+ kill(getpid(), SIGINT);
}
/* This function is not reentrant safe, as it installs a signal
@@ -138,7 +142,8 @@
r = setup_mapping(dmCipherSpec,name,device,hdr->payloadOffset,key,keyLength,sector,srcLength,backend,mode);
if(r < 0) {
- fprintf(stderr,"Failed to setup dm-crypt key mapping.\nCheck kernel for support for the %s cipher spec and verify that %s contains at least %d sectors.\n",
+ if(!get_error())
+ set_error("Failed to setup dm-crypt key mapping.\nCheck kernel for support for the %s cipher spec and verify that %s contains at least %d sectors",
dmCipherSpec,
device,
sector + div_round_up(srcLength,SECTOR_SIZE));
@@ -187,3 +192,8 @@
{
return LUKS_endec_template(dst,dstLength,hdr,key,keyLength, device, sector, backend, read_blockwise, O_RDONLY);
}
+
+// Local Variables:
+// c-basic-offset: 8
+// indent-tabs-mode: nil
+// End:
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptsetup-1.0.5_SVNr31/luks/keymanage.c new/cryptsetup-1.0.5_SVNr38/luks/keymanage.c
--- old/cryptsetup-1.0.5_SVNr31/luks/keymanage.c 2007-09-11 16:48:42.000000000 +0200
+++ new/cryptsetup-1.0.5_SVNr38/luks/keymanage.c 2007-11-22 14:50:26.000000000 +0100
@@ -43,7 +43,7 @@
(__a - 1) / __b + 1; \
})
-inline int round_up_modulo(int x, int m) {
+static inline int round_up_modulo(int x, int m) {
return div_round_up(x, m) * m;
}
@@ -79,20 +79,20 @@
devfd = open(device,O_RDONLY | O_DIRECT | O_SYNC);
if(-1 == devfd) {
- fprintf(stderr, _("Can't open device: %s\n"), device);
+ set_error(_("Can't open device: %s\n"), device);
return -EINVAL;
}
if(read_blockwise(devfd, hdr, sizeof(struct luks_phdr)) < sizeof(struct luks_phdr)) {
r = -EIO;
} else if(memcmp(hdr->magic, luksMagic, LUKS_MAGIC_L)) { /* Check magic */
- fprintf(stderr, _("%s is not a LUKS partition\n"), device);
+ set_error(_("%s is not a LUKS partition\n"), device);
r = -EINVAL;
} else if(memcmp(hdr->hashSpec, "sha1", 4)) { /* Check for SHA1 - other hashspecs are not implemented ATM */
- fputs(_("unknown hash spec in phdr"), stderr);
+ set_error(_("unknown hash spec in phdr\n"), stderr);
r = -EINVAL;
} else if((hdr->version = ntohs(hdr->version)) != 1) { /* Convert every uint16/32_t item from network byte order */
- fprintf(stderr, _("unknown LUKS version %d\n"), hdr->version);
+ set_error(_("unknown LUKS version %d\n"), hdr->version);
r = -EINVAL;
} else {
hdr->payloadOffset = ntohl(hdr->payloadOffset);
@@ -120,7 +120,7 @@
devfd = open(device,O_RDWR | O_DIRECT | O_SYNC | O_EXCL);
if(-1 == devfd) {
- fprintf(stderr, _("Can't open device: %s\n"), device);
+ set_error(_("Can't open device %s"), device);
return -EINVAL;
}
@@ -192,8 +192,9 @@
currentSector = round_up_modulo(currentSector, alignPayload);
header->payloadOffset=currentSector;
+
uuid_generate(partitionUuid);
- uuid_unparse(partitionUuid, header->uuid);
+ uuid_unparse(partitionUuid, header->uuid);
return 0;
}
@@ -209,12 +210,12 @@
int r;
if(hdr->keyblock[keyIndex].active != LUKS_KEY_DISABLED) {
- fprintf(stderr, _("key %d active, purge first.\n"), keyIndex);
+ set_error( _("key %d active, purge first"), keyIndex);
return -EINVAL;
}
if(hdr->keyblock[keyIndex].stripes < LUKS_STRIPES) {
- fprintf(stderr,_("key material section %d includes too few stripes. Header manipulation?\n"),keyIndex);
+ set_error(_("key material section %d includes too few stripes. Header manipulation?"),keyIndex);
return -EINVAL;
}
r = getRandom(hdr->keyblock[keyIndex].passwordSalt, LUKS_SALTSIZE);
@@ -246,7 +247,8 @@
hdr->keyblock[keyIndex].keyMaterialOffset,
backend);
if(r < 0) {
- fprintf(stderr,"Failed to write to key storage.\n");
+ if(!get_error())
+ set_error("Failed to write to key storage");
goto out;
}
@@ -280,9 +282,6 @@
int r;
if(hdr->keyblock[keyIndex].active != LUKS_KEY_ENABLED) {
-#ifdef LUKS_DEBUG
- fprintf(stderr, _("key %d is disabled.\n"), keyIndex);
-#endif
return -EINVAL;
}
@@ -306,7 +305,8 @@
hdr->keyblock[keyIndex].keyMaterialOffset,
backend);
if(r < 0) {
- fprintf(stderr,"Failed to read from key storage\n");
+ if(!get_error())
+ set_error("Failed to read from key storage");
goto out;
}
@@ -341,9 +341,7 @@
*mk=LUKS_alloc_masterkey(hdr->keyBytes);
for(i=0; i
.SH "COMPATABILITY WITH OLD SUSE TWOFISH PARTITIONS"
-To read images created with SuSE Linux 9.2's loop_fish2 use --cipher
-twofish-cbc-null -s 256 -h sha512, for images created with even
-older SuSE Linux use --cipher twofish-cbc-null -s 192 -h
+To read images created with SuSE Linux 9.2's loop_fish2 use \-\-cipher
+twofish-cbc-null \-s 256 \-h sha512, for images created with even
+older SuSE Linux use \-\-cipher twofish-cbc-null \-s 192 \-h
ripemd160:20
.SH "REPORTING BUGS"
Report bugs to .
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptsetup-1.0.5_SVNr31/po/Makefile.in new/cryptsetup-1.0.5_SVNr38/po/Makefile.in
--- old/cryptsetup-1.0.5_SVNr31/po/Makefile.in 2007-09-11 16:48:42.000000000 +0200
+++ new/cryptsetup-1.0.5_SVNr38/po/Makefile.in 2007-11-22 14:50:26.000000000 +0100
@@ -11,7 +11,7 @@
# Origin: gettext-0.15
PACKAGE = cryptsetup
-VERSION = 1.0.5-pre1
+VERSION = 1.0.6-pre1
PACKAGE_BUGREPORT =
SHELL = /bin/sh
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/cryptsetup-1.0.5_SVNr31/src/cryptsetup.c new/cryptsetup-1.0.5_SVNr38/src/cryptsetup.c
--- old/cryptsetup-1.0.5_SVNr31/src/cryptsetup.c 2007-09-11 16:48:42.000000000 +0200
+++ new/cryptsetup-1.0.5_SVNr38/src/cryptsetup.c 2007-11-22 14:50:26.000000000 +0100
@@ -4,6 +4,7 @@
#include
#include
#include
+#include
#include
#include
@@ -82,7 +83,8 @@
size_t size=0;
fprintf(stderr,"\nWARNING!\n========\n");
fprintf(stderr,"%s\n\nAre you sure? (Type uppercase yes): ",msg);
- getline(&answer,&size,stdin);
+ if(getline(&answer,&size,stdin) == -1)
+ return 0;
if(strcmp(answer,"YES\n") == 0)
r = 1;
free(answer);
@@ -95,20 +97,20 @@
switch(class) {
case CRYPT_LOG_NORMAL:
- puts(msg);
- break;
+ puts(msg);
+ break;
case CRYPT_LOG_ERROR:
- fputs(msg, stderr);
- break;
+ fputs(msg, stderr);
+ break;
default:
- fprintf(stderr, "Internal error on logging class for msg: %s", msg);
- break;
+ fprintf(stderr, "Internal error on logging class for msg: %s", msg);
+ break;
}
}
static struct interface_callbacks cmd_icb = {
- .yesDialog = yesDialog,
- .log = cmdLineLog
+ .yesDialog = yesDialog,
+ .log = cmdLineLog,
};
/* End ICBs */
@@ -118,8 +120,8 @@
char error[256];
if(!errcode) {
- fprintf(stderr, _("Command successful.\n"));
- return;
+ fprintf(stderr, _("Command successful.\n"));
+ return;
}
crypt_get_error(error, sizeof(error));
@@ -305,12 +307,7 @@
int r;
opt_verbose = 1;
- if(LUKS_is_last_keyslot(options.device, options.key_slot) &&
- !yesDialog(_("This is the last keyslot. Device will become unusable after purging this key."))) {
- r = -EINVAL;
- } else {
- r = crypt_luksKillSlot(&options);
- }
+ r = crypt_luksKillSlot(&options);
show_status(-r);
return r;
}
@@ -367,7 +364,7 @@
.device = action_argv[0],
.icb = &cmd_icb,
};
- int r;
+ int r;
r = crypt_luksUUID(&options);
if (r < 0)
@@ -535,3 +532,8 @@
}
return action->handler(action->arg);
}
+
+// Local Variables:
+// c-basic-offset: 8
+// indent-tabs-mode: nil
+// End:
++++++ cryptsetup-mktar ++++++
--- cryptsetup/cryptsetup-mktar 2007-04-25 13:38:25.000000000 +0200
+++ /mounts/work_src_done/STABLE/cryptsetup/cryptsetup-mktar 2007-11-29 13:46:28.000000000 +0100
@@ -1,8 +1,8 @@
#!/bin/sh
# repo is at http://luks.endorphin.org/svn/cryptsetup
-set -e
-SVN_VERSION="1.0.4_SVN`svnversion .`"
-rm -rf cryptsetup-luks-${SVN_VERSION}
-svn export . cryptsetup-luks-${SVN_VERSION}
-tar --owner=root --group=root --force-local -cjf cryptsetup-luks-${SVN_VERSION}.tar.bz2 cryptsetup-luks-${SVN_VERSION}
-rm -rf cryptsetup-luks-${SVN_VERSION}
+set -e -x
+SVN_VERSION="1.0.5_SVNr`svnversion .`"
+rm -rf cryptsetup-${SVN_VERSION}
+svn export . cryptsetup-${SVN_VERSION}
+tar --owner=root --group=root --force-local -cjf cryptsetup-${SVN_VERSION}.tar.bz2 cryptsetup-${SVN_VERSION}
+rm -rf cryptsetup-${SVN_VERSION}
++++++ crypttab.5 ++++++
--- cryptsetup/crypttab.5 2007-05-09 15:06:14.000000000 +0200
+++ /mounts/work_src_done/STABLE/cryptsetup/crypttab.5 2007-11-29 14:07:15.000000000 +0100
@@ -1,17 +1,17 @@
.\" Title: crypttab
.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.71.1 http://docbook.sf.net/
-.\" Date: 05/09/2007
+.\" Generator: DocBook XSL Stylesheets v1.73.1 http://docbook.sf.net/
+.\" Date: 11/29/2007
.\" Manual:
.\" Source:
.\"
-.TH "CRYPTTAB" "5" "05/09/2007" "" ""
+.TH "CRYPTTAB" "5" "11/29/2007" "" ""
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.SH "NAME"
-crypttab \- static information about crypted filesystems
+crypttab - static information about crypted filesystems
.SH "SYNOPSIS"
.PP
\fBcrypttab\fR
@@ -23,111 +23,115 @@
\fI<options>\fR
.RE
.SH "DESCRIPTION"
-The file \fB/etc/crypttab\fR contains descriptive informations about encrypted volumes. Each volume is described on a separate line; columns on each line are separated by tabs or spaces. Lines starting with "\fI#\fR" are comments, empty lines are ignored. The order of records in \fBcrypttab\fR is important because the \fB/etc/init.d/boot.crypto\fR script sequentially iterates through \fBcrypttab\fR entries. All four columns are mandatory, missing or excessive columns will lead to unspecified behaviour.
+The file \fB/etc/crypttab\fR contains descriptive informations about encrypted volumes\. Each volume is described on a separate line; columns on each line are separated by tabs or spaces\. Lines starting with "\fI#\fR" are comments, empty lines are ignored\. The order of records in \fBcrypttab\fR is important because the \fB/etc/init\.d/boot\.crypto\fR script sequentially iterates through \fBcrypttab\fR entries\. All four columns are mandatory, missing or excessive columns will lead to unspecified behaviour\.
.sp
-.TP 4
-\(bu
-The first column,
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'The first column,
\fItarget device\fR
specifies the mapped
-\fIdevice name\fR. It must be a plain filename without any directories. A mapped device
+\fIdevice name\fR\. It must be a plain filename without any directories\. A mapped device
\fB/dev/mapper/\fR\fIdevice name\fR
will be created by
\fBcryptsetup(8)\fR
crypting data from and onto the
-\fIsource device\fR.
-To actually mount that device it needs to be listed in \fB/etc/fstab\fR.
+\fIsource device\fR\.
+.RE
+To actually mount that device it needs to be listed in \fB/etc/fstab\fR\.
+.sp
.sp
-.TP 4
-\(bu
-The second column
+.RS 4
+\h'-04'\(bu\h'+03'The second column
\fIsource device\fR
-specifies the block special device that should hold the encrypted data.
-.TP 4
-\(bu
-The third column
+specifies the block special device that should hold the encrypted data\.
+.RE
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'The third column
\fIkey file\fR
-specifies the file to use for decrypting the encrypted data of the
-\fIsource device\fR.
-It can also be a device name (e.g. \fB/dev/urandom\fR, which is useful for encrypted swap devices). Warning: luks does not support infinite streams (like \fB/dev/urandom\fR), it requires a fixed size key.
-.sp
-If the \fIkey file\fR is the string \fBnone\fR, the key data (i.e. a password or passphrase) will be read interactively from the console. In this case the options precheck, check, checkargs and tries may be useful.
-.sp
-.TP 4
-\(bu
-The fourth field
+specifies a file containing the raw binary key to use for decrypting the encrypted data of the
+\fIsource device\fR\.
+.RE
+The key file can also be a device name (e\.g\. \fB/dev/urandom\fR, which is useful for encrypted swap devices)\. Warning: luks does not support infinite streams (like \fB/dev/urandom\fR), it requires a fixed size key\.
+.sp
+If the \fIkey file\fR is the string \fBnone\fR, the key data (i\.e\. a password or passphrase) will be read interactively from the console\. In this case the options precheck, check, checkargs and tries may be useful\.
+.sp
+.sp
+.RS 4
+\h'-04'\(bu\h'+03'The fourth field
\fIoptions\fR
-specifies the cryptsetup options associated with the encryption process. At minimum, the field should contain the string
+specifies the cryptsetup options associated with the encryption process\. At minimum, the field should contain the string
\fBluks\fR
or the
\fIcipher\fR,
\fIhash\fR
and
\fIsize\fR
-options.
+options\.
+.RE
Options have to be specified in the format: \fIkey\fR=\fIvalue\fR[,\fIkey\fR=\fIvalue\fR \&...]
.sp
.SH "OPTIONS"
.PP
\fBcipher\fR=<cipher>
.RS 4
-Encryption algorithm. See
-\fBcryptsetup \-c\fR.
+Encryption algorithm\. See
+\fBcryptsetup \-c\fR\.
.RE
.PP
\fBsize\fR=<size>
.RS 4
-Encryption key size. See
-\fBcryptsetup \-s\fR.
+Encryption key size\. See
+\fBcryptsetup \-s\fR\.
.RE
.PP
\fBhash\fR=<hash>
.RS 4
-Hash algorithm. See
-\fBcryptsetup \-h\fR.
+Hash algorithm\. See
+\fBcryptsetup \-h\fR\.
.RE
.PP
\fBverify\fR
.RS 4
-Verify password. See
-\fBcryptsetup \-y\fR.
+Verify password\. See
+\fBcryptsetup \-y\fR\.
.RE
.PP
\fBreadonly\fR
.RS 4
-The backing device is read\-only (eg: a dvd).
+The backing device is read\-only (eg: a dvd)\.
.RE
.PP
\fBluks\fR
.RS 4
-Use device with luks extensions.
+Use device with luks extensions\.
.RE
.PP
\fBswap\fR
.RS 4
Run
\fBmkswap\fR
-on the created device.
+on the created device\.
.RE
.PP
\fBtmp\fR
.RS 4
Run
\fBmkfs\fR
-on the created device. The file system to use is specified in
-\fB/etc/fstab\fR. If
+on the created device\. The file system to use is specified in
+\fB/etc/fstab\fR\. If
\fB/etc/fstab\fR
-does not list the mapped device, ext2 is used as fallback.
+does not list the mapped device, ext2 is used as fallback\.
.RE
.PP
\fBprecheck\fR=<precheck>
.RS 4
-Check the source device by suitable program; if the check fails the device is not created; <precheck> is a script to check the source device. The source device is given as argument to the script.
+Check the source device by suitable program; if the check fails the device is not created; <precheck> is a script to check the source device\. The source device is given as argument to the script\.
.RE
.PP
\fBcheck\fR[=<program>]
.RS 4
-Check the content of the mapped device by a suitable program; if the check fails the device is removed. The specified program is run giving the decrypted volume (target device) as first and the value of the checkargs option as second argument. Cryptdisks searches for the given program in /lib/cryptsetup/checks/. If no program is specified, vol_id is used.
+Check the content of the mapped device by a suitable program; if the check fails the device is removed\. The specified program is run giving the decrypted volume (target device) as first and the value of the checkargs option as second argument\. Cryptdisks searches for the given program in /lib/cryptsetup/checks/\. If no program is specified, vol_id is used\.
.RE
.PP
\fBcheckargs\fR=<argument>
@@ -137,37 +141,37 @@
.PP
\fBtries\fR=<num>
.RS 4
-Prompt for the passphrase at most <num> times if the entered passphrase was wrong. Defaults is 3. Only works for LUKS volumes.
+Prompt for the passphrase at most <num> times if the entered passphrase was wrong\. Defaults is 3\. Only works for LUKS volumes\.
.RE
.PP
\fBtimeout\fR=<sec>
.RS 4
-Time out interactive password prompts after <sec> seconds.
+Time out interactive password prompts after <sec> seconds\.
.RE
.PP
\fBloop\fR
.RS 4
-Always attach a loop device before mapping the device. Normally a loop device is used automatically only for image files. Useful if the block size of the physical device does not match the block size of the contained file system. E.g. ext2 on a CD.
+Always attach a loop device before mapping the device\. Normally a loop device is used automatically only for image files\. Useful if the block size of the physical device does not match the block size of the contained file system\. E\.g\. ext2 on a CD\.
.RE
.PP
\fBnoauto\fR
.RS 4
-Causes boot.crypto to skip this record during boot
+Causes boot\.crypto to skip this record during boot
.RE
.PP
\fBpseed=<string>\fR
.RS 4
-Set a string that is appended to the passphrase after hashing. Using different seeds for volumes with the same passphrase makes dictionary attacks harder. Use for compatability with loop\-AES.
+Set a string that is appended to the passphrase after hashing\. Using different seeds for volumes with the same passphrase makes dictionary attacks harder\. Use for compatability with loop\-AES\.
.RE
.PP
\fBitercountk=<num>\fR
.RS 4
-Encrypts the hashed password <num> thousand times using AES\-256. Use for compatability with loop\-AES.
+Encrypts the hashed password <num> thousand times using AES\-256\. Use for compatability with loop\-AES\.
.RE
.PP
\fBloud\fR, \fBssl\fR, \fBgpg\fR, \fBkeyscript\fR
.RS 4
-not supported. Listed here as they are supported by Debian.
+not supported\. Listed here as they are supported by Debian\.
.RE
.SH "CHECKSCRIPTS"
TODO
@@ -197,5 +201,5 @@
cryptsetup(8), /etc/crypttab, fstab(8)
.sp
.SH "AUTHOR"
-Manual page converted to asciidoc by Michael Gebetsroither . Originally written by Bastian Kleineidam for the Debian distribution of cryptsetup. Improved by Jonas Meurer . Modified for SUSE Linux by Ludwig Nussel . Parts of this manual were taken and adapted from the fstab(5) manual page.
+Manual page converted to asciidoc by Michael Gebetsroither \. Originally written by Bastian Kleineidam for the Debian distribution of cryptsetup\. Improved by Jonas Meurer \. Modified for SUSE Linux by Ludwig Nussel \. Parts of this manual were taken and adapted from the fstab(5) manual page\.
.sp
++++++ crypttab.5.txt ++++++
--- cryptsetup/crypttab.5.txt 2007-05-09 10:46:32.000000000 +0200
+++ /mounts/work_src_done/STABLE/cryptsetup/crypttab.5.txt 2007-11-29 14:06:56.000000000 +0100
@@ -33,12 +33,14 @@
- The second column 'source device' specifies the block special
device that should hold the encrypted data.
-- The third column 'key file' specifies the file to use for
-decrypting the encrypted data of the 'source device'.
-
-It can also be a device name (e.g. */dev/urandom*, which is useful
-for encrypted swap devices). Warning: luks does not support infinite
-streams (like */dev/urandom*), it requires a fixed size key.
+- The third column 'key file' specifies a file containing the raw
+binary key to use for decrypting the encrypted data of the 'source
+device'.
+
+The key file can also be a device name (e.g. */dev/urandom*, which
+is useful for encrypted swap devices). Warning: luks does not
+support infinite streams (like */dev/urandom*), it requires a fixed
+size key.
If the 'key file' is the string *none*, the key data (i.e. a
password or passphrase) will be read interactively from the console.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org