summaryrefslogtreecommitdiff
path: root/cryptsetup
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2020-02-03 13:29:46 +0100
committerErich Eckner <git@eckner.net>2020-02-03 13:29:46 +0100
commitd2ef2ec5f391ed44814ceccf429202ec5e47fd64 (patch)
tree0e615691d871f8b03757a0c0f45db85da5c208b7 /cryptsetup
parentcafa49eb5074e02c4504dad40f4bb6cc66287b1c (diff)
downloadarchlinuxewe-d2ef2ec5f391ed44814ceccf429202ec5e47fd64.tar.xz
cryptsetup: removed
Diffstat (limited to 'cryptsetup')
-rw-r--r--cryptsetup/PKGBUILD53
-rw-r--r--cryptsetup/hooks-encrypt144
-rw-r--r--cryptsetup/install-encrypt48
-rw-r--r--cryptsetup/install-sd-encrypt49
-rw-r--r--cryptsetup/test.patch29
5 files changed, 0 insertions, 323 deletions
diff --git a/cryptsetup/PKGBUILD b/cryptsetup/PKGBUILD
deleted file mode 100644
index 57969c96f..000000000
--- a/cryptsetup/PKGBUILD
+++ /dev/null
@@ -1,53 +0,0 @@
-# Maintainer: Erich Eckner <arch at eckner dot net>
-# Contributor: Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
-# Contributor: Thomas Bächler <thomas@archlinux.org>
-
-pkgname=cryptsetup
-pkgver=2.3.0
-pkgrel=1
-pkgdesc='Userspace setup tool for transparent encryption of block devices using dm-crypt'
-arch=(x86_64)
-license=('GPL')
-url='https://gitlab.com/cryptsetup/cryptsetup/'
-depends=('device-mapper' 'openssl' 'popt' 'libutil-linux' 'json-c' 'argon2')
-makedepends=('util-linux')
-options=('!emptydirs')
-validpgpkeys=('2A2918243FDE46648D0686F9D9B0577BD93E98FC') # Milan Broz <gmazyland@gmail.com>
-source=("https://www.kernel.org/pub/linux/utils/cryptsetup/v${pkgver%.*}/${pkgname}-${pkgver}.tar."{xz,sign}
- 'hooks-encrypt'
- 'install-encrypt'
- 'install-sd-encrypt'
- 'test.patch')
-sha512sums=('d4af8edb7a50603028c6c6999ae7a1851d2232ee11d4a501270afb424f0a7dc82893a6a5d30d3a3188634aa80ec1a79f22a91b539910df10d07f8d9ae532cb08'
- 'SKIP'
- 'dab61d2559e16f4b74eb366ee5f41e82799d1bf6312fcb3b20f2750ad91c2ba9f3db43242aed00bb8ca9e34c18e48be2045e64ba68289d5720d78a03303b8161'
- 'd1839c3b352fc6469185ba01a9af47bc820a61ef4c5d54714d6848b1eec8e2eb071c1ff5855eeee797abbb9afa4883658673ee232591d99ed4ea7ca25ec7d312'
- 'aa7b621d9f3afe660c7c5c603c14fa61d026452e521039abc2f00aa771f7dfe4565a3f5697ac57e6acdfb8c8ab34fe9c4424f0c43fd4d3673e9d5a76caae74b3'
- 'a1754a37bae46d7f2e4afcd5ac562505f602e0e62dafa38c8be81b98e9cf38b99a8c27367fb063d1919787df96f012ce3b9837502294a22a4df1bce519a52232')
-
-prepare() {
- cd "${srcdir}"/$pkgname-${pkgver}
- patch -p1 -i ../test.patch
-}
-
-build() {
- cd "${srcdir}"/$pkgname-${pkgver}
-
- ./configure \
- --prefix=/usr \
- --sbindir=/usr/bin \
- --enable-libargon2 \
- --disable-static
- make
-}
-
-package() {
- cd "${srcdir}"/$pkgname-${pkgver}
-
- make DESTDIR="${pkgdir}" install
-
- # install hook
- install -D -m0644 "${srcdir}"/hooks-encrypt "${pkgdir}"/usr/lib/initcpio/hooks/encrypt
- install -D -m0644 "${srcdir}"/install-encrypt "${pkgdir}"/usr/lib/initcpio/install/encrypt
- install -D -m0644 "${srcdir}"/install-sd-encrypt "${pkgdir}"/usr/lib/initcpio/install/sd-encrypt
-}
diff --git a/cryptsetup/hooks-encrypt b/cryptsetup/hooks-encrypt
deleted file mode 100644
index 882d5fb44..000000000
--- a/cryptsetup/hooks-encrypt
+++ /dev/null
@@ -1,144 +0,0 @@
-#!/usr/bin/ash
-
-run_hook() {
- modprobe -a -q dm-crypt >/dev/null 2>&1
- [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
-
- # Get keyfile if specified
- ckeyfile="/crypto_keyfile.bin"
- if [ -n "$cryptkey" ]; then
- IFS=: read ckdev ckarg1 ckarg2 <<EOF
-$cryptkey
-EOF
-
- if [ "$ckdev" = "rootfs" ]; then
- ckeyfile=$ckarg1
- elif resolved=$(resolve_device "${ckdev}" ${rootdelay}); then
- case ${ckarg1} in
- *[!0-9]*)
- # Use a file on the device
- # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
- mkdir /ckey
- mount -r -t "$ckarg1" "$resolved" /ckey
- dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1
- umount /ckey
- ;;
- *)
- # Read raw data from the block device
- # ckarg1 is numeric: ckarg1=offset, ckarg2=length
- dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1
- ;;
- esac
- fi
- [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
- fi
-
- if [ -n "${cryptdevice}" ]; then
- DEPRECATED_CRYPT=0
- IFS=: read cryptdev cryptname cryptoptions <<EOF
-$cryptdevice
-EOF
- else
- DEPRECATED_CRYPT=1
- cryptdev="${root}"
- cryptname="root"
- fi
-
- # This may happen if third party hooks do the crypt setup
- if [ -b "/dev/mapper/${cryptname}" ]; then
- echo "Device ${cryptname} already exists, not doing any crypt setup."
- return 0
- fi
-
- warn_deprecated() {
- echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
- echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
- }
-
- for cryptopt in ${cryptoptions//,/ }; do
- case ${cryptopt} in
- allow-discards)
- cryptargs="${cryptargs} --allow-discards"
- ;;
- *)
- echo "Encryption option '${cryptopt}' not known, ignoring." >&2
- ;;
- esac
- done
-
- if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then
- if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then
- [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
- dopassphrase=1
- # If keyfile exists, try to use that
- if [ -f ${ckeyfile} ]; then
- if eval cryptsetup --key-file ${ckeyfile} open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then
- dopassphrase=0
- else
- echo "Invalid keyfile. Reverting to passphrase."
- fi
- fi
- # Ask for a passphrase
- if [ ${dopassphrase} -gt 0 ]; then
- echo ""
- echo "A password is required to access the ${cryptname} volume:"
-
- #loop until we get a real password
- while ! eval cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do
- sleep 2;
- done
- fi
- if [ -e "/dev/mapper/${cryptname}" ]; then
- if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
- export root="/dev/mapper/root"
- fi
- else
- err "Password succeeded, but ${cryptname} creation failed, aborting..."
- return 1
- fi
- elif [ -n "${crypto}" ]; then
- [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
- msg "Non-LUKS encrypted device found..."
- if echo "$crypto" | awk -F: '{ exit(NF == 5) }'; then
- err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
- err "Non-LUKS decryption not attempted..."
- return 1
- fi
- exe="cryptsetup open --type plain $resolved $cryptname $cryptargs"
- IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF
-$crypto
-EOF
- [ -n "$c_hash" ] && exe="$exe --hash '$c_hash'"
- [ -n "$c_cipher" ] && exe="$exe --cipher '$c_cipher'"
- [ -n "$c_keysize" ] && exe="$exe --key-size '$c_keysize'"
- [ -n "$c_offset" ] && exe="$exe --offset '$c_offset'"
- [ -n "$c_skip" ] && exe="$exe --skip '$c_skip'"
- if [ -f "$ckeyfile" ]; then
- exe="$exe --key-file $ckeyfile"
- else
- echo ""
- echo "A password is required to access the ${cryptname} volume:"
- fi
- eval "$exe $CSQUIET"
-
- if [ $? -ne 0 ]; then
- err "Non-LUKS device decryption failed. verify format: "
- err " crypto=hash:cipher:keysize:offset:skip"
- return 1
- fi
- if [ -e "/dev/mapper/${cryptname}" ]; then
- if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
- export root="/dev/mapper/root"
- fi
- else
- err "Password succeeded, but ${cryptname} creation failed, aborting..."
- return 1
- fi
- else
- err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
- fi
- fi
- rm -f ${ckeyfile}
-}
-
-# vim: set ft=sh ts=4 sw=4 et:
diff --git a/cryptsetup/install-encrypt b/cryptsetup/install-encrypt
deleted file mode 100644
index 4cffb4ff0..000000000
--- a/cryptsetup/install-encrypt
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/bash
-
-build() {
- local mod
-
- add_module "dm-crypt"
- add_module "dm-integrity"
- if [[ $CRYPTO_MODULES ]]; then
- for mod in $CRYPTO_MODULES; do
- add_module "$mod"
- done
- else
- add_all_modules "/crypto/"
- fi
-
- add_binary "cryptsetup"
- add_binary "dmsetup"
- add_file "/usr/lib/udev/rules.d/10-dm.rules"
- add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
- add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
- add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
-
- # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1
- add_binary "/usr/lib/libgcc_s.so.1"
-
- add_runscript
-}
-
-help() {
- cat <<HELPEOF
-This hook allows for an encrypted root device. Users should specify the device
-to be unlocked using 'cryptdevice=device:dmname' on the kernel command line,
-where 'device' is the path to the raw device, and 'dmname' is the name given to
-the device after unlocking, and will be available as /dev/mapper/dmname.
-
-For unlocking via keyfile, 'cryptkey=device:fstype:path' should be specified on
-the kernel cmdline, where 'device' represents the raw block device where the key
-exists, 'fstype' is the filesystem type of 'device' (or auto), and 'path' is
-the absolute path of the keyfile within the device.
-
-Without specifying a keyfile, you will be prompted for the password at runtime.
-This means you must have a keyboard available to input it, and you may need
-the keymap hook as well to ensure that the keyboard is using the layout you
-expect.
-HELPEOF
-}
-
-# vim: set ft=sh ts=4 sw=4 et:
diff --git a/cryptsetup/install-sd-encrypt b/cryptsetup/install-sd-encrypt
deleted file mode 100644
index 1cc16cff9..000000000
--- a/cryptsetup/install-sd-encrypt
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/bash
-
-build() {
- local mod
-
- add_module "dm-crypt"
- add_module "dm-integrity"
- if [[ $CRYPTO_MODULES ]]; then
- for mod in $CRYPTO_MODULES; do
- add_module "$mod"
- done
- else
- add_all_modules "/crypto/"
- fi
-
- add_binary "dmsetup"
- add_file "/usr/lib/udev/rules.d/10-dm.rules"
- add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
- add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
- add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
-
- add_systemd_unit "cryptsetup.target"
- add_binary "/usr/lib/systemd/system-generators/systemd-cryptsetup-generator"
- add_binary "/usr/lib/systemd/systemd-cryptsetup"
-
- add_systemd_unit "systemd-ask-password-console.path"
- add_systemd_unit "systemd-ask-password-console.service"
-
- # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1
- add_binary "/usr/lib/libgcc_s.so.1"
-
- # add mkswap for creating swap space on the fly (see 'swap' in crypttab(5))
- add_binary "mkswap"
-
- [[ -f /etc/crypttab.initramfs ]] && add_file "/etc/crypttab.initramfs" "/etc/crypttab"
-}
-
-help() {
- cat <<HELPEOF
-This hook allows for an encrypted root device with systemd initramfs.
-
-See the manpage of systemd-cryptsetup-generator(8) for available kernel
-command line options. Alternatively, if the file /etc/crypttab.initramfs
-exists, it will be added to the initramfs as /etc/crypttab. See the
-crypttab(5) manpage for more information on crypttab syntax.
-HELPEOF
-}
-
-# vim: set ft=sh ts=4 sw=4 et:
diff --git a/cryptsetup/test.patch b/cryptsetup/test.patch
deleted file mode 100644
index 405f33586..000000000
--- a/cryptsetup/test.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-diff --git a/src/cryptsetup.c b/src/cryptsetup.c
-index df13df3..eb3f625 100644
---- a/src/cryptsetup.c
-+++ b/src/cryptsetup.c
-@@ -84,6 +84,7 @@ static int opt_disable_keyring = 0;
- static const char *opt_priority = NULL; /* normal */
- static const char *opt_integrity = NULL; /* none */
- static int opt_integrity_nojournal = 0;
-+static int opt_integrity_recovery = 0;
- static int opt_integrity_no_wipe = 0;
- static const char *opt_key_description = NULL;
- static int opt_sector_size = 0;
-@@ -182,6 +183,8 @@ static void _set_activation_flags(uint32_t *flags)
-
- if (opt_integrity_nojournal)
- *flags |= CRYPT_ACTIVATE_NO_JOURNAL;
-+ if (opt_integrity_recovery)
-+ *flags |= CRYPT_ACTIVATE_RECOVERY;
-
- /* In persistent mode, we use what is set on command line */
- if (opt_persistent)
-@@ -3409,6 +3412,7 @@ int main(int argc, const char **argv)
- { "disable-keyring", '\0', POPT_ARG_NONE, &opt_disable_keyring, 0, N_("Disable loading volume keys via kernel keyring"), NULL },
- { "integrity", 'I', POPT_ARG_STRING, &opt_integrity, 0, N_("Data integrity algorithm (LUKS2 only)"), NULL },
- { "integrity-no-journal",'\0',POPT_ARG_NONE, &opt_integrity_nojournal, 0, N_("Disable journal for integrity device"), NULL },
-+ { "integrity-recovery-mode", 'R', POPT_ARG_NONE, &opt_integrity_recovery, 0, N_("Recovery mode for integrity device (no journal, no tag checking)"), NULL },
- { "integrity-no-wipe", '\0', POPT_ARG_NONE, &opt_integrity_no_wipe, 0, N_("Do not wipe device after format"), NULL },
- { "token-only", '\0', POPT_ARG_NONE, &opt_token_only, 0, N_("Do not ask for passphrase if activation by token fails"), NULL },
- { "token-id", '\0', POPT_ARG_INT, &opt_token, 0, N_("Token number (default: any)"), NULL },