Hello community,
here is the log from the commit of package cryptsetup for openSUSE:Factory
checked in at Tue Apr 7 12:46:08 CEST 2009.
--------
--- cryptsetup/cryptsetup.changes 2009-03-06 13:02:43.000000000 +0100
+++ /mounts/work_src_done/STABLE/cryptsetup/cryptsetup.changes 2009-04-02 09:45:51.000000000 +0200
@@ -1,0 +2,11 @@
+Thu Apr 2 09:33:22 CEST 2009 - lnussel@suse.de
+
+- boot.crypto:
+ * resolve symlinks when searching for loop devices (bnc#490170)
+ * add extra man page tags to avoid FIXME output of docbook
+ * don't pipe password if there's only one device to open
+ * update copyright information
+ * fix spelling and actually stop in pre_stop_hook
+ * introduce initrd option in crypttab (bnc#465711)
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
boot.crypto-0_200903061252.tar.bz2
New:
----
boot.crypto-0_200904020930.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cryptsetup.spec ++++++
--- /var/tmp/diff_new_pack.a28624/_old 2009-04-07 12:45:18.000000000 +0200
+++ /var/tmp/diff_new_pack.a28624/_new 2009-04-07 12:45:18.000000000 +0200
@@ -25,12 +25,12 @@
# hashalot version
%define haver 0.3
# boot.crypto version
-%define bcver 0_200903061252
+%define bcver 0_200904020930
License: BSD 3-Clause; GPL v2 only; GPL v2 or later
Group: System/Base
AutoReqProv: on
Version: 1.0.5_SVNr46
-Release: 62
+Release: 63
Summary: Set Up dm-crypt Based Encrypted Block Devices
Source: cryptsetup-%{version}.tar.bz2
Source1: hashalot-%haver.tar.bz2
@@ -223,6 +223,14 @@
%{_libdir}/libcryptsetup.so
%changelog
+* Thu Apr 02 2009 lnussel@suse.de
+- boot.crypto:
+ * resolve symlinks when searching for loop devices (bnc#490170)
+ * add extra man page tags to avoid FIXME output of docbook
+ * don't pipe password if there's only one device to open
+ * update copyright information
+ * fix spelling and actually stop in pre_stop_hook
+ * introduce initrd option in crypttab (bnc#465711)
* Fri Mar 06 2009 lnussel@suse.de
- boot.crypto:
* print dm name instead of physdev (bnc#456664)
++++++ boot.crypto-0_200903061252.tar.bz2 -> boot.crypto-0_200904020930.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/boot.crypto-0_200903061252/boot.crypto new/boot.crypto-0_200904020930/boot.crypto
--- old/boot.crypto-0_200903061252/boot.crypto 2009-03-06 12:52:00.000000000 +0100
+++ new/boot.crypto-0_200904020930/boot.crypto 2009-04-02 09:30:06.000000000 +0200
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright (C) 1996-2008 SUSE Linux Products GmbH, Nuernberg, Germany.
+# Copyright (C) 1996-2009 SUSE Linux Products GmbH, Nuernberg, Germany.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,7 +17,8 @@
#
# Author: Werner Fink , 2001-2006
# Chris Rivera 2006
-# Ludwig Nussel 2007
+# Matthias Koenig 2008
+# Ludwig Nussel 2007-2009
#
# /etc/init.d/boot.crypto
#
@@ -77,7 +78,7 @@
rc_failed $failed
- cutomize_start_hook
+ customize_start_hook
;;
stop)
@@ -85,7 +86,7 @@
foundit=''
failed=0
- cutomize_pre_stop_hook
+ customize_pre_stop_hook
if test -s $CRYPTOTAB; then
stop_cryptotab
@@ -99,7 +100,7 @@
rc_failed $failed
- cutomize_stop_hook
+ customize_stop_hook
;;
status)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/boot.crypto-0_200903061252/boot.crypto-early new/boot.crypto-0_200904020930/boot.crypto-early
--- old/boot.crypto-0_200903061252/boot.crypto-early 2009-03-06 12:52:00.000000000 +0100
+++ new/boot.crypto-0_200904020930/boot.crypto-early 2009-04-02 09:30:06.000000000 +0200
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright (C) 1996-2008 SUSE Linux Products GmbH, Nuernberg, Germany.
+# Copyright (C) 1996-2009 SUSE Linux Products GmbH, Nuernberg, Germany.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,7 +17,8 @@
#
# Author: Werner Fink , 2001-2006
# Chris Rivera 2006
-# Ludwig Nussel 2007
+# Matthias Koenig 2008
+# Ludwig Nussel 2007-2009
#
# /etc/init.d/boot.crypto
#
@@ -70,7 +71,7 @@
rc_failed $failed
- cutomize_start_hook
+ customize_start_hook
;;
stop)
@@ -78,7 +79,7 @@
foundit=''
failed=0
- cutomize_pre_stop_hook
+ customize_pre_stop_hook
if test -s $CRYPTTAB; then
stop_crypttab
@@ -88,7 +89,7 @@
rc_failed $failed
- cutomize_stop_hook
+ customize_stop_hook
;;
status)
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/boot.crypto-0_200903061252/boot.crypto.functions new/boot.crypto-0_200904020930/boot.crypto.functions
--- old/boot.crypto-0_200903061252/boot.crypto.functions 2009-03-06 12:52:00.000000000 +0100
+++ new/boot.crypto-0_200904020930/boot.crypto.functions 2009-04-02 09:30:06.000000000 +0200
@@ -1,5 +1,5 @@
#!/bin/bash
-# Copyright (C) 1996-2008 SUSE Linux Products GmbH, Nuernberg, Germany.
+# Copyright (C) 1996-2009 SUSE Linux Products GmbH, Nuernberg, Germany.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,7 +17,8 @@
#
# Author: Werner Fink , 2001-2006
# Chris Rivera 2006
-# Ludwig Nussel 2007
+# Matthias Koenig 2008
+# Ludwig Nussel 2007-2009
#
# Determine the base and follow a runlevel link name.
@@ -241,6 +242,34 @@
fi
}
+resolvelink()
+{
+ local var="$1"
+ local dev l d
+ local i=0
+ eval "dev=\"\$$var\""
+ while l=`readlink "$dev"`; do
+ # weird way to find real path of a relative link
+ if [ "${l:0:1}" != / ]; then
+ d=${l%/*}
+ test "$d" != "$l" || d=''
+ if ! cd "${dev%/*}/$d"; then
+ echo "${extd}Warning: can't resolve $dev${norm}"
+ return 1
+ fi
+ l="$PWD/${l##*/}"
+ cd - > /dev/null
+ fi
+ dev="$l"
+ i=$((i+1))
+ if [ "$i" -gt 10 ]; then
+ echo "${extd}Warning: too many symbolic links for $dev${norm}"
+ return 1
+ fi
+ done
+ eval "$var=\"$dev\""
+}
+
start_cryptotab ()
{
local stat=0
@@ -551,6 +580,7 @@
precheck="/lib/cryptsetup/checks/$value"
fi
;;
+ initrd) ;; # ignore here
loud|ssl|gpg|keyscript|*)
echo "unsupported crypttab option: '$param'"
skip='yes'
@@ -906,10 +936,13 @@
/sbin/cryptsetup remove "$name" || { rc_failed 1; failed=1; }
fi
+ linkdev="$physdev"
+ ! test -L "$linkdev" || resolvelink linkdev
# delete the loop device
while read line; do
case "$line" in
- *\(${physdev}\)*) device=${line%%:*}; loopdev='yes' ;;
+ *\(${physdev}\)*) device=${line%%:*}; loopdev='yes'; break ;;
+ *\(${linkdev}\)*) device=${line%%:*}; loopdev='yes'; break ;;
esac
done < <(/sbin/losetup -a)
@@ -1024,10 +1057,13 @@
str=''
loopdev=''
+ linkdev="$physdev"
+ ! test -L "$linkdev" || resolvelink linkdev
# find the loop device
while read line; do
case "$line" in
- *\(${physdev}\)*) loopdev=${line%%:*};;
+ *\(${physdev}\)*) loopdev=${line%%:*}; break ;;
+ *\(${linkdev}\)*) loopdev=${line%%:*}; break ;;
esac
done < <(/sbin/losetup -a)
@@ -1075,9 +1111,9 @@
}
#
-# Cutomize_{start,stop}_hook are for interactive usage only
+# Customize_{start,stop}_hook are for interactive usage only
#
-cutomize_start_hook ()
+customize_start_hook ()
{
local srv
@@ -1105,7 +1141,7 @@
}
-cutomize_pre_stop_hook ()
+customize_pre_stop_hook ()
{
local srv
@@ -1116,11 +1152,11 @@
for srv in $STOP_BEFORE_STOP ; do
test -n "$srv" || break
test -x /etc/init.d/$srv || continue
- /etc/init.d/$srv try-restart
+ /etc/init.d/$srv stop
done
}
-cutomize_stop_hook ()
+customize_stop_hook ()
{
local srv
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/boot.crypto-0_200903061252/cryptotab.5 new/boot.crypto-0_200904020930/cryptotab.5
--- old/boot.crypto-0_200903061252/cryptotab.5 2009-03-06 12:52:00.000000000 +0100
+++ new/boot.crypto-0_200904020930/cryptotab.5 2009-04-02 09:30:06.000000000 +0200
@@ -1,18 +1,174 @@
.\" Title: cryptotab
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 http://docbook.sf.net/
-.\" Date: 01/17/2008
-.\" Manual:
-.\" Source:
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 http://docbook.sf.net/
+.\" Date: 03/31/2009
+.\" Manual: Cryptsetup Manual
+.\" Source: cryptsetup
+.\" Language: English
.\"
-.TH "CRYPTOTAB" "5" "01/17/2008" "" ""
+.TH "CRYPTOTAB" "5" "03/31/2009" "cryptsetup" "Cryptsetup Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-cryptotab - static information about crypted filesystems (deprecated)
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+cryptotab \- static information about crypted filesystems (deprecated)
+.SH "Synopsis"
.PP
\fBcryptotab\fR
.RS 4
@@ -26,17 +182,26 @@
\fIINFO\fR]]
.RE
.SH "DESCRIPTION"
+.if n \{\
.sp
+.\}
+.RS 4
+.BM yellow
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
-Note
-\fB/etc/cryptotab\fR was designed for use with the now deprecated cryptoloop technology and must therefore be considered deprecated as well\. \fB/etc/crypttab\fR (note the missing \(lqo\(rq) should be used instead\.
+.ps +1
+\fBNote\fR
+.ps -1
+.br
.sp
-
-The file \fB/etc/cryptotab\fR contains descriptive informations about encrypted volumes\. Each volume is described on a separate line; columns on each line are separated by tabs or spaces\. Lines starting with "\fI#\fR" are comments, empty lines are ignored\. The order of records in \fBcryptotab\fR is important because the \fB/etc/init\.d/boot\.crypto\fR script sequentially iterates through \fBcryptotab\fR entries\.
+\fB/etc/cryptotab\fR was designed for use with the now deprecated cryptoloop technology and must therefore be considered deprecated as well\&. \fB/etc/crypttab\fR (note the missing \(lqo\(rq) should be used instead\&.
+.sp .5v
+.EM yellow
+.RE
.sp
+The file \fB/etc/cryptotab\fR contains descriptive informations about encrypted volumes\&. Each volume is described on a separate line; columns on each line are separated by tabs or spaces\&. Lines starting with "\fI#\fR" are comments, empty lines are ignored\&. The order of records in \fBcryptotab\fR is important because the \fB/etc/init\&.d/boot\&.crypto\fR script sequentially iterates through \fBcryptotab\fR entries\&.
.TS
tab(:);
lt lt
@@ -47,69 +212,78 @@
lt lt
lt lt.
T{
-\fILOOPDEVICE\fR
.sp
+\fILOOPDEVICE\fR
T}:T{
-specifies the loop device to use for this mapping, for example /dev/loop0
.sp
+specifies the loop device to use for this mapping, for example \FC/dev/loop0\F[]
T}
T{
-\fIDEVICE\fR
.sp
+\fIDEVICE\fR
T}:T{
-specifies the block special device that holds the encrypted data
.sp
+specifies the block special device that holds the encrypted data
T}
T{
-\fIMOUNTPOINT\fR
.sp
+\fIMOUNTPOINT\fR
T}:T{
-specifies the where the volume should be mounted
.sp
+specifies the where the volume should be mounted
T}
T{
-\fIFILESYSTEM\fR
.sp
+\fIFILESYSTEM\fR
T}:T{
-specifies the file system of the volume
.sp
+specifies the file system of the volume
T}
T{
-\fIALGORITHM\fR
.sp
+\fIALGORITHM\fR
T}:T{
+.sp
specifies the encryption algorithm to use
.sp
-
Supported algorithms are \fItwofish\fR, \fItwofishSL92\fR and \fItwofish256\fR
-.sp
T}
T{
-\fIMOUNTOPTIONS\fR
.sp
+\fIMOUNTOPTIONS\fR
T}:T{
-optionally specifies mount option
.sp
+optionally specifies mount option
T}
T{
-\fIINFO\fR
.sp
+\fIINFO\fR
T}:T{
-optionally specifies a string that should be printed when prompting for the passphrase
.sp
+optionally specifies a string that should be printed when prompting for the passphrase
T}
.TE
-.sp
+.sp 1
.SH "EXAMPLES"
.sp
+.if n \{\
.RS 4
+.\}
+.fam C
+.ps -1
.nf
+.BB lightgray
/dev/loop0 /dev/sda6 /secret ext2 twofish256
+.EB lightgray
.fi
+.fam
+.ps +1
+.if n \{\
.RE
+.\}
.SH "SEE ALSO"
-cryptsetup(8), /etc/crypttab, mount(8)
.sp
+cryptsetup(8), /etc/crypttab, mount(8)
.SH "AUTHOR"
-Ludwig Nussel \.
.sp
+Ludwig Nussel \&.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/boot.crypto-0_200903061252/cryptotab.5.txt new/boot.crypto-0_200904020930/cryptotab.5.txt
--- old/boot.crypto-0_200903061252/cryptotab.5.txt 2009-03-06 12:52:00.000000000 +0100
+++ new/boot.crypto-0_200904020930/cryptotab.5.txt 2009-04-02 09:30:06.000000000 +0200
@@ -1,5 +1,7 @@
CRYPTOTAB(5)
============
+:man source: cryptsetup
+:man manual: Cryptsetup Manual
NAME
----
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/boot.crypto-0_200903061252/crypttab.5 new/boot.crypto-0_200904020930/crypttab.5
--- old/boot.crypto-0_200903061252/crypttab.5 2009-03-06 12:52:00.000000000 +0100
+++ new/boot.crypto-0_200904020930/crypttab.5 2009-04-02 09:30:06.000000000 +0200
@@ -1,18 +1,174 @@
.\" Title: crypttab
-.\" Author:
-.\" Generator: DocBook XSL Stylesheets v1.73.1 http://docbook.sf.net/
-.\" Date: 03/14/2008
-.\" Manual:
-.\" Source:
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.74.0 http://docbook.sf.net/
+.\" Date: 04/02/2009
+.\" Manual: Cryptsetup Manual
+.\" Source: cryptsetup
+.\" Language: English
.\"
-.TH "CRYPTTAB" "5" "03/14/2008" "" ""
+.TH "CRYPTTAB" "5" "04/02/2009" "cryptsetup" "Cryptsetup Manual"
+.\" -----------------------------------------------------------------
+.\" * (re)Define some macros
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" toupper - uppercase a string (locale-aware)
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de toupper
+.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
+\\$*
+.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH-xref - format a cross-reference to an SH section
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de SH-xref
+.ie n \{\
+.\}
+.toupper \\$*
+.el \{\
+\\$*
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SH - level-one heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SH
+.\" put an extra blank line of space above the head in non-TTY output
+.if t \{\
+.sp 1
+.\}
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[an-margin]u
+.ti 0
+.HTML-TAG ".NH \\n[an-level]"
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+\." make the size of the head bigger
+.ps +3
+.ft B
+.ne (2v + 1u)
+.ie n \{\
+.\" if n (TTY output), use uppercase
+.toupper \\$*
+.\}
+.el \{\
+.nr an-break-flag 0
+.\" if not n (not TTY), use normal case (not uppercase)
+\\$1
+.in \\n[an-margin]u
+.ti 0
+.\" if not n (not TTY), put a border/line under subheading
+.sp -.6
+\l'\n(.lu'
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" SS - level-two heading that works better for non-TTY output
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de1 SS
+.sp \\n[PD]u
+.nr an-level 1
+.set-an-margin
+.nr an-prevailing-indent \\n[IN]
+.fi
+.in \\n[IN]u
+.ti \\n[SN]u
+.it 1 an-trap
+.nr an-no-space-flag 1
+.nr an-break-flag 1
+.ps \\n[PS-SS]u
+\." make the size of the head bigger
+.ps +2
+.ft B
+.ne (2v + 1u)
+.if \\n[.$] \&\\$*
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BB/BE - put background/screen (filled box) around block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BB
+.if t \{\
+.sp -.5
+.br
+.in +2n
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EB
+.if t \{\
+.if "\\$2"adjust-for-leading-newline" \{\
+.sp -1
+.\}
+.br
+.di
+.in
+.ll
+.gcolor
+.nr BW \\n(.lu-\\n(.i
+.nr BH \\n(dn+.5v
+.ne \\n(BHu+.5v
+.ie "\\$2"adjust-for-leading-newline" \{\
+\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.el \{\
+\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
+.\}
+.in 0
+.sp -.5v
+.nf
+.BX
+.in
+.sp .5v
+.fi
+.\}
+..
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" BM/EM - put colored marker in margin next to block of text
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.de BM
+.if t \{\
+.br
+.ll -2n
+.gcolor red
+.di BX
+.\}
+..
+.de EM
+.if t \{\
+.br
+.di
+.ll
+.gcolor
+.nr BH \\n(dn
+.ne \\n(BHu
+\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
+.in 0
+.nf
+.BX
+.in
+.fi
+.\}
+..
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
-.SH "NAME"
-crypttab - static information about crypted filesystems
-.SH "SYNOPSIS"
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "Name"
+crypttab \- static information about crypted filesystems
+.SH "Synopsis"
.PP
\fBcrypttab\fR
.RS 4
@@ -23,59 +179,87 @@
\fIOPTIONS\fR
.RE
.SH "DESCRIPTION"
-The file \fB/etc/crypttab\fR contains descriptive informations about encrypted volumes\. Each volume is described on a separate line; columns on each line are separated by tabs or spaces\. Lines starting with "\fI#\fR" are comments, empty lines are ignored\. The order of records in \fBcrypttab\fR is important because the \fB/etc/init\.d/boot\.crypto\fR script sequentially iterates through \fBcrypttab\fR entries\. All four columns are mandatory, missing or excessive columns will lead to unspecified behaviour\.
.sp
+The file \fB/etc/crypttab\fR contains descriptive informations about encrypted volumes\&. Each volume is described on a separate line; columns on each line are separated by tabs or spaces\&. Lines starting with "\fI#\fR" are comments, empty lines are ignored\&. The order of records in \fBcrypttab\fR is important because the \fB/etc/init\&.d/boot\&.crypto\fR script sequentially iterates through \fBcrypttab\fR entries\&. All four columns are mandatory, missing or excessive columns will lead to unspecified behaviour\&.
.sp
.RS 4
-\h'-04'\(bu\h'+03'The first column,
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The first column,
\fINAME\fR
specifies the mapped
-\fIdevice name\fR\. It must be a plain filename without any directories\. A mapped device
+\fIdevice name\fR\&. It must be a plain filename without any directories\&. A mapped device
\fB/dev/mapper/\fR\fINAME\fR
will be created by
\fBcryptsetup(8)\fR
crypting data from and onto the
-\fIDEVICE\fR\.
+\fIDEVICE\fR\&.
.sp
To actually mount that device it needs to be listed in
-\fB/etc/fstab\fR\.
+\fB/etc/fstab\fR\&.
.RE
.sp
.RS 4
-\h'-04'\(bu\h'+03'The second column
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The second column
\fIDEVICE\fR
-specifies the block special device that should hold the encrypted data\.
+specifies the block special device that should hold the encrypted data\&.
.RE
.sp
.RS 4
-\h'-04'\(bu\h'+03'The third column
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The third column
\fIKEY\fR
specifies a file containing the raw binary key to use for decrypting the encrypted data of
-\fIDEVICE\fR\. The key file can also be a device name (e\.g\.
-\fB/dev/urandom\fR, which is useful for encrypted swap devices)\.
+\fIDEVICE\fR\&. The key file can also be a device name (e\&.g\&.
+\fB/dev/urandom\fR, which is useful for encrypted swap devices)\&.
.sp
If
\fIKEY\fR
is the string
-\fBnone\fR, the key data (i\.e\. a password or passphrase) will be read interactively from the console\. In this case the options precheck, check, checkargs and tries may be useful\.
+\fBnone\fR, the key data (i\&.e\&. a password or passphrase) will be read interactively from the console\&. In this case the options precheck, check, checkargs and tries may be useful\&.
.sp
Warning: luks does not support infinite streams (like
-\fB/dev/urandom\fR), it requires a fixed size key\. Typically one uses
+\fB/dev/urandom\fR), it requires a fixed size key\&. Typically one uses
\fBnone\fR
-for luks\.
+for luks\&.
.RE
.sp
.RS 4
-\h'-04'\(bu\h'+03'The fourth field
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.sp -1
+.IP \(bu 2.3
+.\}
+The fourth field
\fIOPTIONS\fR
-specifies the cryptsetup options associated with the encryption process\. At minimum, the field should contain the string
+specifies the cryptsetup options associated with the encryption process\&. At minimum, the field should contain the string
\fBluks\fR
or the
\fIcipher\fR,
\fIhash\fR
and
\fIsize\fR
-options\.
+options\&.
.sp
Options have to be specified in the format:
\fIkey\fR=\fIvalue\fR[,\fIkey\fR=\fIvalue\fR
@@ -85,60 +269,60 @@
.PP
\fBcipher\fR=<cipher>
.RS 4
-Encryption algorithm\. See
-\fBcryptsetup \-c\fR\.
+Encryption algorithm\&. See
+\fBcryptsetup \-c\fR\&.
.RE
.PP
\fBsize\fR=<size>
.RS 4
-Encryption key size\. See
-\fBcryptsetup \-s\fR\.
+Encryption key size\&. See
+\fBcryptsetup \-s\fR\&.
.RE
.PP
\fBhash\fR=<hash>
.RS 4
-Hash algorithm\. See
-\fBcryptsetup \-h\fR\.
+Hash algorithm\&. See
+\fBcryptsetup \-h\fR\&.
.RE
.PP
\fBverify\fR
.RS 4
-Verify password\. See
-\fBcryptsetup \-y\fR\.
+Verify password\&. See
+\fBcryptsetup \-y\fR\&.
.RE
.PP
\fBreadonly\fR
.RS 4
-The backing device is read\-only (eg: a dvd)\.
+The backing device is read\-only (eg: a dvd)\&.
.RE
.PP
\fBluks\fR
.RS 4
-Use device with luks extensions\.
+Use device with luks extensions\&.
.RE
.PP
\fBswap\fR
.RS 4
Run
\fBmkswap\fR
-on the created device\.
+on the created device\&.
.RE
.PP
\fBtmp\fR
.RS 4
Run
\fBmkfs\fR
-on the created device\. The file system to use is specified in
-\fB/etc/fstab\fR\. If
+on the created device\&. The file system to use is specified in
+\fB/etc/fstab\fR\&. If
\fB/etc/fstab\fR
-does not list the mapped device, ext2 is used as fallback\.
+does not list the mapped device, ext2 is used as fallback\&.
.RE
.PP
\fBcheck\fR[=<program>]
.RS 4
-Check the content of the mapped device by a suitable program; if the check fails the device is removed\. The specified program is run giving the decrypted volume (/dev/mapper/NAME) as first and the value of the checkargs option as second argument\. Cryptdisks searches for the given program in /lib/cryptsetup/checks/\. If no program is specified,
+Check the content of the mapped device by a suitable program; if the check fails the device is removed\&. The specified program is run giving the decrypted volume (/dev/mapper/NAME) as first and the value of the checkargs option as second argument\&. Cryptdisks searches for the given program in /lib/cryptsetup/checks/\&. If no program is specified,
vol_id
-is used\.
+is used\&.
.RE
.PP
\fBcheckargs\fR=<argument>
@@ -148,59 +332,65 @@
.PP
\fBprecheck\fR=<program>
.RS 4
-Check the source device by suitable program; if the check fails the device is not created; <precheck> is a script to check the source device\. The source device is given as argument to the script\. See also the
+Check the source device by suitable program; if the check fails the device is not created; <precheck> is a script to check the source device\&. The source device is given as argument to the script\&. See also the
\fBcheck\fR
-option\.
+option\&.
.RE
.PP
\fBtries\fR=<num>
.RS 4
-Prompt for the passphrase at most <num> times if the entered passphrase was wrong\. Defaults is 3\. Only works for LUKS volumes\.
+Prompt for the passphrase at most <num> times if the entered passphrase was wrong\&. Defaults is 3\&. Only works for LUKS volumes\&.
.RE
.PP
\fBtimeout\fR=<sec>
.RS 4
-Time out interactive password prompts after <sec> seconds\.
+Time out interactive password prompts after <sec> seconds\&.
.RE
.PP
\fBloop\fR
.RS 4
-Always attach a loop device before mapping the device\. Normally a loop device is used automatically only for image files\. Useful if the block size of the physical device does not match the block size of the contained file system\. E\.g\. ext2 on a CD\.
+Always attach a loop device before mapping the device\&. Normally a loop device is used automatically only for image files\&. Useful if the block size of the physical device does not match the block size of the contained file system\&. E\&.g\&. ext2 on a CD\&.
.RE
.PP
\fBnoauto\fR
.RS 4
-Causes boot\.crypto to skip this record during boot\. To activate this volume later use:
-\fB/etc/init\.d/boot\.crypto start\fR
+Causes boot\&.crypto to skip this record during boot\&. To activate this volume later use:
+\fB/etc/init\&.d/boot\&.crypto start\fR
<name>
.RE
.PP
\fBnoearly\fR
.RS 4
-boot\.crypto is invoked two times\. The first time as boot\.crypto\-early before LVM and MD setup and the second time as boot\.crypto after mounting local filesystems\. This option skips the setup of the device in the first invocation\. It might be needed for crypto file container existing on local filesystems other then root\.
+boot\&.crypto is invoked two times\&. The first time as boot\&.crypto\-early before LVM and MD setup and the second time as boot\&.crypto after mounting local filesystems\&. This option skips the setup of the device in the first invocation\&. It might be needed for crypto file container existing on local filesystems other then root\&.
+.RE
+.PP
+\fBinitrd\fR
+.RS 4
+tells mkinitrd to activate this device in the initrd already\&. Only LUKS and no other options are supported\&. The root partition is detected automatically by mkinitrd and doesn\'t need this option explicitly\&.
.RE
.PP
\fBpseed=<string>\fR
.RS 4
-Set a string that is appended to the passphrase after hashing\. Using different seeds for volumes with the same passphrase makes dictionary attacks harder\. Use for compatability with loop\-AES\.
+Set a string that is appended to the passphrase after hashing\&. Using different seeds for volumes with the same passphrase makes dictionary attacks harder\&. Use for compatability with loop\-AES\&.
.RE
.PP
\fBitercountk=<num>\fR
.RS 4
-Encrypts the hashed password <num> thousand times using AES\-256\. Use for compatability with loop\-AES\.
+Encrypts the hashed password <num> thousand times using AES\-256\&. Use for compatability with loop\-AES\&.
.RE
.PP
\fBloud\fR, \fBssl\fR, \fBgpg\fR, \fBkeyscript\fR
.RS 4
-not supported\. Listed here as they are supported by Debian\.
+not supported\&. Listed here as they are supported by Debian\&.
.RE
.SH "CHECKSCRIPTS"
-check scripts are installed in /lib/cryptsetup/checks/ and are called either before (\fIprecheck\fR option) or after (\fIcheck\fR option) the dm\-crypt target is set up\.
+.sp
+check scripts are installed in \FC/lib/cryptsetup/checks/\F[] and are called either before (\fIprecheck\fR option) or after (\fIcheck\fR option) the dm\-crypt target is set up\&.
.PP
\fBvol_id\fR
.RS 4
-Checks for any known filesystem\. Supports a filesystem type as argument via <checkargs>:
+Checks for any known filesystem\&. Supports a filesystem type as argument via <checkargs>:
.TS
tab(:);
lt lt
@@ -209,20 +399,20 @@
T{
no checkargs
T}:T{
-succeeds if any valid filesystem is found on the device\.
+succeeds if any valid filesystem is found on the device\&.
T}
T{
"none"
T}:T{
-succeeds if no valid filesystem is found on the device\.
+succeeds if no valid filesystem is found on the device\&.
T}
T{
"ext3", "xfs", "swap" etc
T}:T{
-succeeds if the given filesystem type is found on the device\.
+succeeds if the given filesystem type is found on the device\&.
T}
.TE
-.sp
+.sp 1
.RE
.SH "EXAMPLES"
.PP
@@ -246,8 +436,8 @@
cdisk3 /dev/sda3 none cipher=twofish\-cbc\-plain,size=256,hash=sha512
.RE
.SH "SEE ALSO"
-cryptsetup(8), /etc/crypttab, fstab(8)
.sp
+cryptsetup(8), /etc/crypttab, fstab(8)
.SH "AUTHOR"
-Manual page converted to asciidoc by Michael Gebetsroither \. Originally written by Bastian Kleineidam for the Debian distribution of cryptsetup\. Improved by Jonas Meurer \. Modified for SUSE Linux by Ludwig Nussel \. Parts of this manual were taken and adapted from the fstab(5) manual page\.
.sp
+Manual page converted to asciidoc by Michael Gebetsroither \&. Originally written by Bastian Kleineidam for the Debian distribution of cryptsetup\&. Improved by Jonas Meurer \&. Modified for SUSE Linux by Ludwig Nussel \&. Parts of this manual were taken and adapted from the fstab(5) manual page\&.
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/boot.crypto-0_200903061252/crypttab.5.txt new/boot.crypto-0_200904020930/crypttab.5.txt
--- old/boot.crypto-0_200903061252/crypttab.5.txt 2009-03-06 12:52:00.000000000 +0100
+++ new/boot.crypto-0_200904020930/crypttab.5.txt 2009-04-02 09:30:06.000000000 +0200
@@ -1,5 +1,7 @@
CRYPTTAB(5)
===========
+:man source: cryptsetup
+:man manual: Cryptsetup Manual
NAME
----
@@ -126,6 +128,12 @@
the first invocation. It might be needed for crypto file
container existing on local filesystems other then root.
+*initrd*::
+tells mkinitrd to activate this device in the initrd already. Only
+LUKS and no other options are supported. The root partition is
+detected automatically by mkinitrd and doesn't need this option
+explicitly.
+
*pseed=<string>*::
Set a string that is appended to the passphrase after hashing.
Using different seeds for volumes with the same passphrase makes
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/boot.crypto-0_200903061252/mkinitrd/boot-luks.sh new/boot.crypto-0_200904020930/mkinitrd/boot-luks.sh
--- old/boot.crypto-0_200903061252/mkinitrd/boot-luks.sh 2009-03-06 12:52:00.000000000 +0100
+++ new/boot.crypto-0_200904020930/mkinitrd/boot-luks.sh 2009-04-02 09:30:06.000000000 +0200
@@ -15,26 +15,43 @@
## luks_xxx the luks device (e.g. /dev/sda)
##
-case $luks_lang in
- en*)
- # We only support english keyboard layout
- ;;
- *)
- echo "Only english keyboard layout supported."
- echo "Please ensure that the password is typed correctly."
- ;;
-esac
-
-echo
-echo -n "Enter LUKS Passphrase:"
-read -s pass
-echo
-
-for curluks in $luks; do
- echo $pass | /sbin/cryptsetup luksOpen $(eval echo \$luks_${curluks}) $curluks || \
- /sbin/cryptsetup luksOpen $(eval echo \$luks_${curluks}) $curluks
-done
+luksopen()
+{
+ local dev="$1"
+ eval /sbin/cryptsetup luksOpen "\"\${luks_${luks}}\"" "\"\$dev\""
+}
-pass='xxxxxxxxxxxxxxxxxxxx'
-unset pass
+do_luks() {
+ case $luks_lang in
+ en_*|POSIX)
+ # We only support english keyboard layout
+ ;;
+ *)
+ echo "Only english keyboard layout supported."
+ echo "Please ensure that the password is typed correctly."
+ ;;
+ esac
+ set -- $luks
+
+ # try to reuse passphrase if multiple devices are to be
+ # decrypted
+ if [ $# -gt 1 ]; then
+ local pass
+ echo
+ echo -n "Enter LUKS Passphrase:"
+ read -s pass
+ echo
+
+ for luks in "$@"; do
+ echo $pass | luksopen "$luks" || luksopen "$luks"
+ done
+
+ pass='xxxxxxxxxxxxxxxxxxxx'
+ unset pass
+ else
+ luksopen "$luks"
+ fi
+}
+
+do_luks
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/boot.crypto-0_200903061252/mkinitrd/setup-luks.sh new/boot.crypto-0_200904020930/mkinitrd/setup-luks.sh
--- old/boot.crypto-0_200903061252/mkinitrd/setup-luks.sh 2009-03-06 12:52:00.000000000 +0100
+++ new/boot.crypto-0_200904020930/mkinitrd/setup-luks.sh 2009-04-02 09:30:06.000000000 +0200
@@ -3,9 +3,51 @@
#%stage: crypto
#
+# search for entries that have the 'initrd' option set
+find_crypttab_initrd()
+{
+ test -s /etc/crypttab || return
+
+ local addit extraopts
+
+ while read name physdev keyfile options dummy; do
+ case "$name" in
+ \#*|"") continue ;;
+ esac
+ if [ "$keyfile" != "none" ]; then
+ echo "/etc/crypttab: $name: keyfile not supported by the initrd"
+ continue
+ fi
+ if [ "$options" = "none" ]; then
+ continue
+ fi
+
+ addit=''
+ extraopts=''
+
+ IFS=, eval set -- $options
+ for param in "$@"; do
+ case "$param" in
+ luks) ;;
+ initrd) addit=1 ;;
+ *) extraopts=1 ;;
+ esac
+ done
+
+ if [ -n "$addit" ]; then
+ if [ -n "$extraopts" ]; then
+ echo "/etc/crypttab: $name has extra options, not supported by the initrd"
+ else
+ luks_add_device="$luks_add_device /dev/mapper/$name"
+ fi
+ fi
+ done < /etc/crypttab
+}
+
if [ -x /sbin/cryptsetup -a -x /sbin/dmsetup ] ; then
luks_blockdev=
- luks_add_device="$blockdev $luks_add_device"
+ luks_add_device="$blockdev"
+ find_crypttab_initrd
# bd holds the device we see the decrypted LUKS partition as
for bd in $luks_add_device ; do
luks_name=
@@ -25,6 +67,7 @@
save_var luks_${luks_name}
luks="$luks $luks_name"
+ echo "enabling LUKS support for $luksbd"
luks_blockdev="$luks_blockdev $luksbd"
fi
done
@@ -35,24 +78,21 @@
blockdev="$luks_blockdev"
fi
-if [ "$root_luks" ]; then
- case $LANG in
- en*)
+if [ -n "$root_luks" ]; then
+ case "$LANG" in
+ en_*|POSIX)
# We only support english keyboard layout currently
;;
*)
echo "Only english keyboard layout supported."
echo "Please ensure that the password is typed correctly."
- luks_lang=$LANG
+ luks_lang="$LANG"
;;
esac
- for m in $(cat /proc/crypto | grep module | sed 's/^module .*: \(.*\)$/\1/'); do
- cryptmodules="$cryptmodules $m"
- done
+ cryptmodules=`sed -ne '/^module/s/.*: //p' < /proc/crypto`
fi
save_var root_luks # do we have luks?
save_var luks # which names do the luks devices have?
save_var cryptmodules # required kernel modules for crypto setup
save_var luks_lang # original language settings
-
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org