~alpine/aports

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
2

[alpine-aports] [PATCH] main/cryptsetup: use newest dmcrypt service version from gentoo

Details
Message ID
<1452192090-2733-1-git-send-email-soeren+git@soeren-tempel.net>
Sender timestamp
1452192090
DKIM signature
missing
Download raw message
Patch: +65 -75
The findfs change has been reapplied.
---
 main/cryptsetup/APKBUILD      |   8 +--
 main/cryptsetup/dmcrypt.initd | 132 +++++++++++++++++++-----------------------
 2 files changed, 65 insertions(+), 75 deletions(-)

diff --git a/main/cryptsetup/APKBUILD b/main/cryptsetup/APKBUILD
index 676ce67..7ee5099 100644
--- a/main/cryptsetup/APKBUILD
+++ b/main/cryptsetup/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cryptsetup
pkgver=1.7.0
pkgrel=0
pkgrel=1
pkgdesc="Userspace setup tool for transparent encryption of block devices using the Linux 2.6 cryptoapi"
url="https://gitlab.com/cryptsetup/cryptsetup"
arch="all"
@@ -61,12 +61,12 @@ libs() {
md5sums="ca3fd784f3232136dcd711a31cb0193e  cryptsetup-1.7.0.tar.gz
7d5c8727ea417cabe86df67a9de1de16  flush-stdout.patch
1369aeaed84e41c8d585695596a24bd6  dmcrypt.confd
a9a478ee9b5612379326cd96354779b4  dmcrypt.initd"
058807d0516dec293d382ee27cc89fb8  dmcrypt.initd"
sha256sums="f1d1f010442e9b3ca26ba917be475bf2adbe28452cb30bf8047a9978cc52adcd  cryptsetup-1.7.0.tar.gz
6ac335bb14ff2f90de00769be20da4c5527101fab6593259a4d87be84904ae67  flush-stdout.patch
0c30e081c0b8f879964ae49735f10b05a1d92f4f481042851958860945e13271  dmcrypt.confd
477107555f0bedd662ae8181428de5428122b64139d3033ec7b5c1c801238665  dmcrypt.initd"
a7a930cf14161a18c2ac6c3e7d4b2cf4ed03d9fcd77c89e7a6f6c60bad4bede8  dmcrypt.initd"
sha512sums="f3947ae04424dff479cc2932eb9ef99e33d8d1bf0f47255379940bdd47ddb42224d86dc397ed4b01ac8819faedd8265acc7d61f5fd091e56f3e8836c5b2b7740  cryptsetup-1.7.0.tar.gz
301e3e3da5a899e0a6f01f44fbf37bb6a3f5b6a4fb41243bae6d3b7aea747276e784626cd1b19721cc264652c10ae8c560c4d20094e33bb82fb2fae0160682c0  flush-stdout.patch
d04ae17d3708ef20ade7afb223d4ef19e1b6812e0be8f9499e37e9c71344568b42030d9dd8f6918a9bfb211a3a94b40a9354e3b32a009cb165e84508d0a5e14b  dmcrypt.confd
0f8ca37330dfe4584026277542db63eb31b3fe8060096e840be3b75ba8fb1e8bddff3212c0324dc15cf59a804b74f92f538fbedc8ec876c9c9ece4ab37f00bb0  dmcrypt.initd"
81dad61cdecf1dc529b26eb3cdc15979a582c876b01268f88e7a71c8fae6911137c03bfa63fee64e064e5fb31f673610be27ecab9fc432229f13e7040698bd5c  dmcrypt.initd"
diff --git a/main/cryptsetup/dmcrypt.initd b/main/cryptsetup/dmcrypt.initd
index 900c94c..340b579 100644
--- a/main/cryptsetup/dmcrypt.initd
+++ b/main/cryptsetup/dmcrypt.initd
@@ -1,16 +1,16 @@
#!/sbin/openrc-run
# Copyright 1999-2013 Gentoo Foundation
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup/files/1.5.1-dmcrypt.rc,v 1.1 2013/01/17 23:35:08 robbat2 Exp $

depend() {
	before checkfs fsck

	if grep -qs ^swap= "${conf_file}" ; then
		before swap
	fi
}

# We support multiple dmcrypt instances based on $SVCNAME
execute_hook="dm_crypt_execute_dmcrypt"
# XXX: Should we drop this ?
# execute_hook="dm_crypt_execute_localmount"
conf_file="/etc/conf.d/${SVCNAME}"

# Get splash helpers if available.
@@ -20,9 +20,32 @@ fi

# Setup mappings for an individual target/swap
# Note: This relies on variables localized in the main body below.
dm_crypt_execute_dmcrypt() {
dm_crypt_execute() {
	local dev ret mode foo

	if [ -z "${target}" -a -z "${swap}" ] ; then
		return
	fi

	# Set up default values.
	: ${dmcrypt_key_timeout:=1}
	: ${dmcrypt_max_timeout:=300}
	: ${dmcrypt_retries:=5}

	# Handle automatic look up of the source path.
	if [ -z "${source}" -a -n "${loop_file}" ] ; then
		source=$(losetup --show -f "${loop_file}")
	fi
	case ${source} in
	*=*)
		source="$(findfs ${source})"
		;;
	esac
	if [ -z "${source}" ] || [ ! -e "${source}" ] ; then
		ewarn "source \"${source}\" for ${target} missing, skipping..."
		return
	fi

	if [ -n "${target}" ] ; then
		# let user set options, otherwise leave empty
		: ${options:=' '}
@@ -36,15 +59,6 @@ dm_crypt_execute_dmcrypt() {
		# suspend2 users should have initramfs's init handling their swap partition either way.
		: ${options:='-c aes -h sha1 -d /dev/urandom'}
		: ${pre_mount:='mkswap ${dev}'}
	else
		return
	fi
	if [ "x${source#UUID}" != "x${source}" ]; then
		source="$(findfs ${source})"
	fi
	if [ -z "${source}" ] && [ ! -e "${source}" ] ; then
		ewarn "source \"${source}\" for ${target} missing, skipping..."
		return
	fi

	if [ -n "${loop_file}" ] ; then
@@ -54,11 +68,14 @@ dm_crypt_execute_dmcrypt() {
	fi

	# cryptsetup:
	# luksOpen <device> <name>      # <device> is $source
	# create   <name>   <device>    # <name>   is $target
	local arg1="create" arg2="${target}" arg3="${source}" luks=0

	cryptsetup isLuks ${source} 2>/dev/null && { arg1="luksOpen"; arg2="${source}"; arg3="${target}"; luks=1; }
	# open   <device> <name>      # <device> is $source
	# create <name>   <device>    # <name>   is $target
	local arg1="create" arg2="${target}" arg3="${source}"
	if cryptsetup isLuks ${source} 2>/dev/null ; then
		arg1="open"
		arg2="${source}"
		arg3="${target}"
	fi

	# Older versions reported:
	#	${target} is active:
@@ -84,7 +101,7 @@ dm_crypt_execute_dmcrypt() {
			resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
			trap 'eval "${resettty}"' EXIT HUP INT TERM
			stty -icanon
			[ "${1}" = -t ] && stty min 0 time "$(( $2 * 10 ))"
			stty min 0 time "$(( $2 * 10 ))"
			ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
			eval "${resettty}"
			if [ -z "${ans}" ] ; then
@@ -99,8 +116,8 @@ dm_crypt_execute_dmcrypt() {
		}

		# Notes: sed not used to avoid case where /usr partition is encrypted.
		mode=${key/*:/} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
		key=${key/:*/}
		mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
		key=${key%:*}
		case "${mode}" in
		gpg|reg)
			# handle key on removable device
@@ -116,7 +133,7 @@ dm_crypt_execute_dmcrypt() {
				fi
				i=0
				einfo "Please insert removable device for ${target}"
				while [ ${i} -lt ${dmcrypt_max_timeout:-120} ] ; do
				while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do
					foo=""
					if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
						# keyfile exists?
@@ -124,7 +141,7 @@ dm_crypt_execute_dmcrypt() {
							umount -n "${mntrem}"
							rmdir "${mntrem}"
							einfo "Cannot find ${key} on removable media."
							read_abort "Abort" ${read_timeout:--t 1} && return
							read_abort "Abort" ${dmcrypt_key_timeout} && return
						else
							key="${mntrem}${key}"
							break
@@ -158,13 +175,17 @@ dm_crypt_execute_dmcrypt() {
	if [ "${mode}" = "gpg" ] ; then
		: ${gpg_options:='-q -d'}
		# gpg available ?
		if type -p gpg >/dev/null ; then
			for i in 0 1 2 ; do
		if command -v gpg >/dev/null ; then
			i=0
			while [ ${i} -lt ${dmcrypt_retries} ] ; do
				# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
				# save stdin stdout stderr "values"
				gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3}
				timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \
					cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}
				ret=$?
				[ ${ret} -eq 0 ] && break
				# The timeout command exits 124 when it times out.
				[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
				: $(( i += 1 ))
			done
			eend ${ret} "failure running cryptsetup"
		else
@@ -195,49 +216,21 @@ dm_crypt_execute_dmcrypt() {
	else
		if [ -n "${pre_mount}" ] ; then
			dev="/dev/mapper/${target}"
			ebegin "    pre_mount: ${pre_mount}"
			eval ebegin \""    pre_mount: ${pre_mount}"\"
			eval "${pre_mount}" > /dev/null
			ewend $? || cryptfs_status=1
		fi
	fi
}

# Run any post_mount commands for an individual mount
#
# Note: This relies on variables localized in the main body below.
dm_crypt_execute_localmount() {
	local mount_point

	[ -z "${target}" ] && [ -z "${post_mount}" ] && return

	if ! cryptsetup status ${target} | egrep -q '\<active:' ; then
		ewarn "Skipping unmapped target ${target}"
		cryptfs_status=1
		return
	fi

	mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2)
	if [ -z "${mount_point}" ] ; then
		ewarn "Failed to find mount point for ${target}, skipping"
		cryptfs_status=1
	fi

	if [ -n "${post_mount}" ] ; then
		ebegin "Running post_mount commands for target ${target}"
		eval "${post_mount}" >/dev/null
		eend $? || cryptfs_status=1
	fi
}

# Lookup optional bootparams
get_bootparam_val() {
	# We're given something like:
	#    foo=bar=cow
	# Return the "bar=cow" part.
	case $1 in
	*\=*)
		local key=$(echo "$1" | cut -f1 -d=)
		echo "$1" | cut -c $(( ${#key} + 2 ))
	*=*)
		echo "${1#*=}"
		;;
	esac
}
@@ -249,16 +242,13 @@ start() {
	local x
	for x in $(cat /proc/cmdline) ; do
		case "${x}" in
		key_timeout\=*)
			local KEY_TIMEOUT=$(get_bootparam_val "${x}")
			if [ ${KEY_TIMEOUT} -gt 0 ] ; then
				read_timeout="-t ${KEY_TIMEOUT}"
			fi
		;;
		key_timeout=*)
			dmcrypt_key_timeout=$(get_bootparam_val "${x}")
			;;
		esac
	done

	while read -u 3 targetline ; do
	while read targetline <&3 ; do
		case ${targetline} in
		# skip comments and blank lines
		""|"#"*) continue ;;
@@ -273,7 +263,7 @@ start() {
		case ${targetline} in
		target=*|swap=*)
			# If we have a target queued up, then execute it
			${execute_hook}
			dm_crypt_execute

			# Prepare for the next target/swap by resetting variables
			unset gpg_options key loop_file target options pre_mount post_mount source swap remdev
@@ -286,7 +276,7 @@ start() {
			fi
			;;

		dmcrypt_max_timeout=*)
		dmcrypt_*=*)
			# ignore global options
			continue
			;;
@@ -296,12 +286,12 @@ start() {
			;;
		esac

		# Queue this setting for the next call to dm_crypt_execute_xxx
		# Queue this setting for the next call to dm_crypt_execute
		eval "${targetline}"
	done 3< ${conf_file}

	# If we have a target queued up, then execute it
	${execute_hook}
	dm_crypt_execute

	ewend ${cryptfs_status} "Failed to setup dm-crypt devices"
}
-- 
2.7.0



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

[alpine-aports] [PATCH v2] main/cryptsetup: use newest dmcrypt service version from gentoo

Details
Message ID
<1452193327-6868-1-git-send-email-soeren+git@soeren-tempel.net>
In-Reply-To
<1452192090-2733-1-git-send-email-soeren+git@soeren-tempel.net> (view parent)
Sender timestamp
1452193327
DKIM signature
missing
Download raw message
Patch: +83 -80
The findfs change has been reapplied.
---
 main/cryptsetup/APKBUILD      |   8 +--
 main/cryptsetup/dmcrypt.confd |  23 ++++++--
 main/cryptsetup/dmcrypt.initd | 132 +++++++++++++++++++-----------------------
 3 files changed, 83 insertions(+), 80 deletions(-)

diff --git a/main/cryptsetup/APKBUILD b/main/cryptsetup/APKBUILD
index 676ce67..7ee5099 100644
--- a/main/cryptsetup/APKBUILD
+++ b/main/cryptsetup/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cryptsetup
pkgver=1.7.0
pkgrel=0
pkgrel=1
pkgdesc="Userspace setup tool for transparent encryption of block devices using the Linux 2.6 cryptoapi"
url="https://gitlab.com/cryptsetup/cryptsetup"
arch="all"
@@ -61,12 +61,12 @@ libs() {
md5sums="ca3fd784f3232136dcd711a31cb0193e  cryptsetup-1.7.0.tar.gz
7d5c8727ea417cabe86df67a9de1de16  flush-stdout.patch
1369aeaed84e41c8d585695596a24bd6  dmcrypt.confd
a9a478ee9b5612379326cd96354779b4  dmcrypt.initd"
058807d0516dec293d382ee27cc89fb8  dmcrypt.initd"
sha256sums="f1d1f010442e9b3ca26ba917be475bf2adbe28452cb30bf8047a9978cc52adcd  cryptsetup-1.7.0.tar.gz
6ac335bb14ff2f90de00769be20da4c5527101fab6593259a4d87be84904ae67  flush-stdout.patch
0c30e081c0b8f879964ae49735f10b05a1d92f4f481042851958860945e13271  dmcrypt.confd
477107555f0bedd662ae8181428de5428122b64139d3033ec7b5c1c801238665  dmcrypt.initd"
a7a930cf14161a18c2ac6c3e7d4b2cf4ed03d9fcd77c89e7a6f6c60bad4bede8  dmcrypt.initd"
sha512sums="f3947ae04424dff479cc2932eb9ef99e33d8d1bf0f47255379940bdd47ddb42224d86dc397ed4b01ac8819faedd8265acc7d61f5fd091e56f3e8836c5b2b7740  cryptsetup-1.7.0.tar.gz
301e3e3da5a899e0a6f01f44fbf37bb6a3f5b6a4fb41243bae6d3b7aea747276e784626cd1b19721cc264652c10ae8c560c4d20094e33bb82fb2fae0160682c0  flush-stdout.patch
d04ae17d3708ef20ade7afb223d4ef19e1b6812e0be8f9499e37e9c71344568b42030d9dd8f6918a9bfb211a3a94b40a9354e3b32a009cb165e84508d0a5e14b  dmcrypt.confd
0f8ca37330dfe4584026277542db63eb31b3fe8060096e840be3b75ba8fb1e8bddff3212c0324dc15cf59a804b74f92f538fbedc8ec876c9c9ece4ab37f00bb0  dmcrypt.initd"
81dad61cdecf1dc529b26eb3cdc15979a582c876b01268f88e7a71c8fae6911137c03bfa63fee64e064e5fb31f673610be27ecab9fc432229f13e7040698bd5c  dmcrypt.initd"
diff --git a/main/cryptsetup/dmcrypt.confd b/main/cryptsetup/dmcrypt.confd
index 35a1fd2..642ff08 100644
--- a/main/cryptsetup/dmcrypt.confd
+++ b/main/cryptsetup/dmcrypt.confd
@@ -26,19 +26,30 @@
# Global options:
#----------------

# Max number of checks to perform (1 per second)
#dmcrypt_max_timeout=120
# How long to wait for each timeout (in seconds).
dmcrypt_key_timeout=1

# Max number of checks to perform (see dmcrypt_key_timeout).
#dmcrypt_max_timeout=300

# Number of password retries.
dmcrypt_retries=5

# Arguments:
#-----------
# target=<name>                      == Mapping name for partition.
# swap=<name>                        == Mapping name for swap partition.
# source='<dev>'                     == Real device for partition.
#                                    Note: You can (and should) specify a tag like UUID
#                                    for blkid (see -t option).  This is safer than using
#                                    the full path to the device.
# key='</path/to/keyfile>[:<mode>]'  == Fullpath from / or from inside removable media.
# remdev='<dev>'                     == Device that will be assigned to removable media.
# gpg_options='<opts>'               == Default are --quiet --decrypt
# options='<opts>'                   == cryptsetup, for LUKS you can only use --readonly
# loop_file='<file>'                 == Loopback file.
#                                    Note: If you omit $source, then a free loopback will
#                                    be looked up automatically.
# pre_mount='cmds'                   == commands to execute before mounting partition.
# post_mount='cmds'                  == commands to execute after mounting partition.
#-----------
@@ -79,13 +90,13 @@
#key='/full/path/to/homekey'
#remdev='/dev/sda1'

##/home with gpg protected key on removable media(such as usb-stick)
## /home with gpg protected key on removable media(such as usb-stick)
#target=crypt-home
#source='/dev/hda5'
#key='/full/path/to/homekey:gpg'
#remdev='/dev/sda1'

##/tmp with regular keyfile
## /tmp with regular keyfile
#target=crypt-tmp
#source='/dev/hda6'
#key='/full/path/to/tmpkey'
@@ -93,6 +104,8 @@
#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'

## Loopback file example
#mount='crypt-loop-home'
#target='crypt-loop-home'
#source='/dev/loop0'
#loop_file='/mnt/crypt/home'

# The file must be terminated by a newline.  Or leave this comment last.
diff --git a/main/cryptsetup/dmcrypt.initd b/main/cryptsetup/dmcrypt.initd
index 900c94c..340b579 100644
--- a/main/cryptsetup/dmcrypt.initd
+++ b/main/cryptsetup/dmcrypt.initd
@@ -1,16 +1,16 @@
#!/sbin/openrc-run
# Copyright 1999-2013 Gentoo Foundation
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup/files/1.5.1-dmcrypt.rc,v 1.1 2013/01/17 23:35:08 robbat2 Exp $

depend() {
	before checkfs fsck

	if grep -qs ^swap= "${conf_file}" ; then
		before swap
	fi
}

# We support multiple dmcrypt instances based on $SVCNAME
execute_hook="dm_crypt_execute_dmcrypt"
# XXX: Should we drop this ?
# execute_hook="dm_crypt_execute_localmount"
conf_file="/etc/conf.d/${SVCNAME}"

# Get splash helpers if available.
@@ -20,9 +20,32 @@ fi

# Setup mappings for an individual target/swap
# Note: This relies on variables localized in the main body below.
dm_crypt_execute_dmcrypt() {
dm_crypt_execute() {
	local dev ret mode foo

	if [ -z "${target}" -a -z "${swap}" ] ; then
		return
	fi

	# Set up default values.
	: ${dmcrypt_key_timeout:=1}
	: ${dmcrypt_max_timeout:=300}
	: ${dmcrypt_retries:=5}

	# Handle automatic look up of the source path.
	if [ -z "${source}" -a -n "${loop_file}" ] ; then
		source=$(losetup --show -f "${loop_file}")
	fi
	case ${source} in
	*=*)
		source="$(findfs ${source})"
		;;
	esac
	if [ -z "${source}" ] || [ ! -e "${source}" ] ; then
		ewarn "source \"${source}\" for ${target} missing, skipping..."
		return
	fi

	if [ -n "${target}" ] ; then
		# let user set options, otherwise leave empty
		: ${options:=' '}
@@ -36,15 +59,6 @@ dm_crypt_execute_dmcrypt() {
		# suspend2 users should have initramfs's init handling their swap partition either way.
		: ${options:='-c aes -h sha1 -d /dev/urandom'}
		: ${pre_mount:='mkswap ${dev}'}
	else
		return
	fi
	if [ "x${source#UUID}" != "x${source}" ]; then
		source="$(findfs ${source})"
	fi
	if [ -z "${source}" ] && [ ! -e "${source}" ] ; then
		ewarn "source \"${source}\" for ${target} missing, skipping..."
		return
	fi

	if [ -n "${loop_file}" ] ; then
@@ -54,11 +68,14 @@ dm_crypt_execute_dmcrypt() {
	fi

	# cryptsetup:
	# luksOpen <device> <name>      # <device> is $source
	# create   <name>   <device>    # <name>   is $target
	local arg1="create" arg2="${target}" arg3="${source}" luks=0

	cryptsetup isLuks ${source} 2>/dev/null && { arg1="luksOpen"; arg2="${source}"; arg3="${target}"; luks=1; }
	# open   <device> <name>      # <device> is $source
	# create <name>   <device>    # <name>   is $target
	local arg1="create" arg2="${target}" arg3="${source}"
	if cryptsetup isLuks ${source} 2>/dev/null ; then
		arg1="open"
		arg2="${source}"
		arg3="${target}"
	fi

	# Older versions reported:
	#	${target} is active:
@@ -84,7 +101,7 @@ dm_crypt_execute_dmcrypt() {
			resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
			trap 'eval "${resettty}"' EXIT HUP INT TERM
			stty -icanon
			[ "${1}" = -t ] && stty min 0 time "$(( $2 * 10 ))"
			stty min 0 time "$(( $2 * 10 ))"
			ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
			eval "${resettty}"
			if [ -z "${ans}" ] ; then
@@ -99,8 +116,8 @@ dm_crypt_execute_dmcrypt() {
		}

		# Notes: sed not used to avoid case where /usr partition is encrypted.
		mode=${key/*:/} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
		key=${key/:*/}
		mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
		key=${key%:*}
		case "${mode}" in
		gpg|reg)
			# handle key on removable device
@@ -116,7 +133,7 @@ dm_crypt_execute_dmcrypt() {
				fi
				i=0
				einfo "Please insert removable device for ${target}"
				while [ ${i} -lt ${dmcrypt_max_timeout:-120} ] ; do
				while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do
					foo=""
					if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
						# keyfile exists?
@@ -124,7 +141,7 @@ dm_crypt_execute_dmcrypt() {
							umount -n "${mntrem}"
							rmdir "${mntrem}"
							einfo "Cannot find ${key} on removable media."
							read_abort "Abort" ${read_timeout:--t 1} && return
							read_abort "Abort" ${dmcrypt_key_timeout} && return
						else
							key="${mntrem}${key}"
							break
@@ -158,13 +175,17 @@ dm_crypt_execute_dmcrypt() {
	if [ "${mode}" = "gpg" ] ; then
		: ${gpg_options:='-q -d'}
		# gpg available ?
		if type -p gpg >/dev/null ; then
			for i in 0 1 2 ; do
		if command -v gpg >/dev/null ; then
			i=0
			while [ ${i} -lt ${dmcrypt_retries} ] ; do
				# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
				# save stdin stdout stderr "values"
				gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3}
				timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \
					cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}
				ret=$?
				[ ${ret} -eq 0 ] && break
				# The timeout command exits 124 when it times out.
				[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
				: $(( i += 1 ))
			done
			eend ${ret} "failure running cryptsetup"
		else
@@ -195,49 +216,21 @@ dm_crypt_execute_dmcrypt() {
	else
		if [ -n "${pre_mount}" ] ; then
			dev="/dev/mapper/${target}"
			ebegin "    pre_mount: ${pre_mount}"
			eval ebegin \""    pre_mount: ${pre_mount}"\"
			eval "${pre_mount}" > /dev/null
			ewend $? || cryptfs_status=1
		fi
	fi
}

# Run any post_mount commands for an individual mount
#
# Note: This relies on variables localized in the main body below.
dm_crypt_execute_localmount() {
	local mount_point

	[ -z "${target}" ] && [ -z "${post_mount}" ] && return

	if ! cryptsetup status ${target} | egrep -q '\<active:' ; then
		ewarn "Skipping unmapped target ${target}"
		cryptfs_status=1
		return
	fi

	mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2)
	if [ -z "${mount_point}" ] ; then
		ewarn "Failed to find mount point for ${target}, skipping"
		cryptfs_status=1
	fi

	if [ -n "${post_mount}" ] ; then
		ebegin "Running post_mount commands for target ${target}"
		eval "${post_mount}" >/dev/null
		eend $? || cryptfs_status=1
	fi
}

# Lookup optional bootparams
get_bootparam_val() {
	# We're given something like:
	#    foo=bar=cow
	# Return the "bar=cow" part.
	case $1 in
	*\=*)
		local key=$(echo "$1" | cut -f1 -d=)
		echo "$1" | cut -c $(( ${#key} + 2 ))
	*=*)
		echo "${1#*=}"
		;;
	esac
}
@@ -249,16 +242,13 @@ start() {
	local x
	for x in $(cat /proc/cmdline) ; do
		case "${x}" in
		key_timeout\=*)
			local KEY_TIMEOUT=$(get_bootparam_val "${x}")
			if [ ${KEY_TIMEOUT} -gt 0 ] ; then
				read_timeout="-t ${KEY_TIMEOUT}"
			fi
		;;
		key_timeout=*)
			dmcrypt_key_timeout=$(get_bootparam_val "${x}")
			;;
		esac
	done

	while read -u 3 targetline ; do
	while read targetline <&3 ; do
		case ${targetline} in
		# skip comments and blank lines
		""|"#"*) continue ;;
@@ -273,7 +263,7 @@ start() {
		case ${targetline} in
		target=*|swap=*)
			# If we have a target queued up, then execute it
			${execute_hook}
			dm_crypt_execute

			# Prepare for the next target/swap by resetting variables
			unset gpg_options key loop_file target options pre_mount post_mount source swap remdev
@@ -286,7 +276,7 @@ start() {
			fi
			;;

		dmcrypt_max_timeout=*)
		dmcrypt_*=*)
			# ignore global options
			continue
			;;
@@ -296,12 +286,12 @@ start() {
			;;
		esac

		# Queue this setting for the next call to dm_crypt_execute_xxx
		# Queue this setting for the next call to dm_crypt_execute
		eval "${targetline}"
	done 3< ${conf_file}

	# If we have a target queued up, then execute it
	${execute_hook}
	dm_crypt_execute

	ewend ${cryptfs_status} "Failed to setup dm-crypt devices"
}
-- 
2.7.0



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---

[alpine-aports] [PATCH v3] main/cryptsetup: use newest dmcrypt service version from gentoo

Details
Message ID
<1452193350-7005-1-git-send-email-soeren+git@soeren-tempel.net>
In-Reply-To
<1452192090-2733-1-git-send-email-soeren+git@soeren-tempel.net> (view parent)
Sender timestamp
1452193350
DKIM signature
missing
Download raw message
Patch: +86 -83
The findfs change has been reapplied.
---
 main/cryptsetup/APKBUILD      |  14 ++---
 main/cryptsetup/dmcrypt.confd |  23 ++++++--
 main/cryptsetup/dmcrypt.initd | 132 +++++++++++++++++++-----------------------
 3 files changed, 86 insertions(+), 83 deletions(-)

diff --git a/main/cryptsetup/APKBUILD b/main/cryptsetup/APKBUILD
index 676ce67..eefaace 100644
--- a/main/cryptsetup/APKBUILD
+++ b/main/cryptsetup/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=cryptsetup
pkgver=1.7.0
pkgrel=0
pkgrel=1
pkgdesc="Userspace setup tool for transparent encryption of block devices using the Linux 2.6 cryptoapi"
url="https://gitlab.com/cryptsetup/cryptsetup"
arch="all"
@@ -60,13 +60,13 @@ libs() {

md5sums="ca3fd784f3232136dcd711a31cb0193e  cryptsetup-1.7.0.tar.gz
7d5c8727ea417cabe86df67a9de1de16  flush-stdout.patch
1369aeaed84e41c8d585695596a24bd6  dmcrypt.confd
a9a478ee9b5612379326cd96354779b4  dmcrypt.initd"
8a64af270190d5ecd6e4084d6ccf81de  dmcrypt.confd
058807d0516dec293d382ee27cc89fb8  dmcrypt.initd"
sha256sums="f1d1f010442e9b3ca26ba917be475bf2adbe28452cb30bf8047a9978cc52adcd  cryptsetup-1.7.0.tar.gz
6ac335bb14ff2f90de00769be20da4c5527101fab6593259a4d87be84904ae67  flush-stdout.patch
0c30e081c0b8f879964ae49735f10b05a1d92f4f481042851958860945e13271  dmcrypt.confd
477107555f0bedd662ae8181428de5428122b64139d3033ec7b5c1c801238665  dmcrypt.initd"
3d933a54abe62a547294b83208dbf5d7615d9c7f380d6504c91fff3620530803  dmcrypt.confd
a7a930cf14161a18c2ac6c3e7d4b2cf4ed03d9fcd77c89e7a6f6c60bad4bede8  dmcrypt.initd"
sha512sums="f3947ae04424dff479cc2932eb9ef99e33d8d1bf0f47255379940bdd47ddb42224d86dc397ed4b01ac8819faedd8265acc7d61f5fd091e56f3e8836c5b2b7740  cryptsetup-1.7.0.tar.gz
301e3e3da5a899e0a6f01f44fbf37bb6a3f5b6a4fb41243bae6d3b7aea747276e784626cd1b19721cc264652c10ae8c560c4d20094e33bb82fb2fae0160682c0  flush-stdout.patch
d04ae17d3708ef20ade7afb223d4ef19e1b6812e0be8f9499e37e9c71344568b42030d9dd8f6918a9bfb211a3a94b40a9354e3b32a009cb165e84508d0a5e14b  dmcrypt.confd
0f8ca37330dfe4584026277542db63eb31b3fe8060096e840be3b75ba8fb1e8bddff3212c0324dc15cf59a804b74f92f538fbedc8ec876c9c9ece4ab37f00bb0  dmcrypt.initd"
74422d5e1614b43af894ea01da1ea80d805ec7f77981cbb80a6b1a4becad737a8825d7269812499095a7f50d39fa7da5bf4e4edae63529b1fe87b9176943a733  dmcrypt.confd
81dad61cdecf1dc529b26eb3cdc15979a582c876b01268f88e7a71c8fae6911137c03bfa63fee64e064e5fb31f673610be27ecab9fc432229f13e7040698bd5c  dmcrypt.initd"
diff --git a/main/cryptsetup/dmcrypt.confd b/main/cryptsetup/dmcrypt.confd
index 35a1fd2..642ff08 100644
--- a/main/cryptsetup/dmcrypt.confd
+++ b/main/cryptsetup/dmcrypt.confd
@@ -26,19 +26,30 @@
# Global options:
#----------------

# Max number of checks to perform (1 per second)
#dmcrypt_max_timeout=120
# How long to wait for each timeout (in seconds).
dmcrypt_key_timeout=1

# Max number of checks to perform (see dmcrypt_key_timeout).
#dmcrypt_max_timeout=300

# Number of password retries.
dmcrypt_retries=5

# Arguments:
#-----------
# target=<name>                      == Mapping name for partition.
# swap=<name>                        == Mapping name for swap partition.
# source='<dev>'                     == Real device for partition.
#                                    Note: You can (and should) specify a tag like UUID
#                                    for blkid (see -t option).  This is safer than using
#                                    the full path to the device.
# key='</path/to/keyfile>[:<mode>]'  == Fullpath from / or from inside removable media.
# remdev='<dev>'                     == Device that will be assigned to removable media.
# gpg_options='<opts>'               == Default are --quiet --decrypt
# options='<opts>'                   == cryptsetup, for LUKS you can only use --readonly
# loop_file='<file>'                 == Loopback file.
#                                    Note: If you omit $source, then a free loopback will
#                                    be looked up automatically.
# pre_mount='cmds'                   == commands to execute before mounting partition.
# post_mount='cmds'                  == commands to execute after mounting partition.
#-----------
@@ -79,13 +90,13 @@
#key='/full/path/to/homekey'
#remdev='/dev/sda1'

##/home with gpg protected key on removable media(such as usb-stick)
## /home with gpg protected key on removable media(such as usb-stick)
#target=crypt-home
#source='/dev/hda5'
#key='/full/path/to/homekey:gpg'
#remdev='/dev/sda1'

##/tmp with regular keyfile
## /tmp with regular keyfile
#target=crypt-tmp
#source='/dev/hda6'
#key='/full/path/to/tmpkey'
@@ -93,6 +104,8 @@
#post_mount='chown root:root ${mount_point}; chmod 1777 ${mount_point}'

## Loopback file example
#mount='crypt-loop-home'
#target='crypt-loop-home'
#source='/dev/loop0'
#loop_file='/mnt/crypt/home'

# The file must be terminated by a newline.  Or leave this comment last.
diff --git a/main/cryptsetup/dmcrypt.initd b/main/cryptsetup/dmcrypt.initd
index 900c94c..340b579 100644
--- a/main/cryptsetup/dmcrypt.initd
+++ b/main/cryptsetup/dmcrypt.initd
@@ -1,16 +1,16 @@
#!/sbin/openrc-run
# Copyright 1999-2013 Gentoo Foundation
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/sys-fs/cryptsetup/files/1.5.1-dmcrypt.rc,v 1.1 2013/01/17 23:35:08 robbat2 Exp $

depend() {
	before checkfs fsck

	if grep -qs ^swap= "${conf_file}" ; then
		before swap
	fi
}

# We support multiple dmcrypt instances based on $SVCNAME
execute_hook="dm_crypt_execute_dmcrypt"
# XXX: Should we drop this ?
# execute_hook="dm_crypt_execute_localmount"
conf_file="/etc/conf.d/${SVCNAME}"

# Get splash helpers if available.
@@ -20,9 +20,32 @@ fi

# Setup mappings for an individual target/swap
# Note: This relies on variables localized in the main body below.
dm_crypt_execute_dmcrypt() {
dm_crypt_execute() {
	local dev ret mode foo

	if [ -z "${target}" -a -z "${swap}" ] ; then
		return
	fi

	# Set up default values.
	: ${dmcrypt_key_timeout:=1}
	: ${dmcrypt_max_timeout:=300}
	: ${dmcrypt_retries:=5}

	# Handle automatic look up of the source path.
	if [ -z "${source}" -a -n "${loop_file}" ] ; then
		source=$(losetup --show -f "${loop_file}")
	fi
	case ${source} in
	*=*)
		source="$(findfs ${source})"
		;;
	esac
	if [ -z "${source}" ] || [ ! -e "${source}" ] ; then
		ewarn "source \"${source}\" for ${target} missing, skipping..."
		return
	fi

	if [ -n "${target}" ] ; then
		# let user set options, otherwise leave empty
		: ${options:=' '}
@@ -36,15 +59,6 @@ dm_crypt_execute_dmcrypt() {
		# suspend2 users should have initramfs's init handling their swap partition either way.
		: ${options:='-c aes -h sha1 -d /dev/urandom'}
		: ${pre_mount:='mkswap ${dev}'}
	else
		return
	fi
	if [ "x${source#UUID}" != "x${source}" ]; then
		source="$(findfs ${source})"
	fi
	if [ -z "${source}" ] && [ ! -e "${source}" ] ; then
		ewarn "source \"${source}\" for ${target} missing, skipping..."
		return
	fi

	if [ -n "${loop_file}" ] ; then
@@ -54,11 +68,14 @@ dm_crypt_execute_dmcrypt() {
	fi

	# cryptsetup:
	# luksOpen <device> <name>      # <device> is $source
	# create   <name>   <device>    # <name>   is $target
	local arg1="create" arg2="${target}" arg3="${source}" luks=0

	cryptsetup isLuks ${source} 2>/dev/null && { arg1="luksOpen"; arg2="${source}"; arg3="${target}"; luks=1; }
	# open   <device> <name>      # <device> is $source
	# create <name>   <device>    # <name>   is $target
	local arg1="create" arg2="${target}" arg3="${source}"
	if cryptsetup isLuks ${source} 2>/dev/null ; then
		arg1="open"
		arg2="${source}"
		arg3="${target}"
	fi

	# Older versions reported:
	#	${target} is active:
@@ -84,7 +101,7 @@ dm_crypt_execute_dmcrypt() {
			resettty='stty ${savetty}; trap - EXIT HUP INT TERM'
			trap 'eval "${resettty}"' EXIT HUP INT TERM
			stty -icanon
			[ "${1}" = -t ] && stty min 0 time "$(( $2 * 10 ))"
			stty min 0 time "$(( $2 * 10 ))"
			ans=$(dd count=1 bs=1 2>/dev/null) || ans=''
			eval "${resettty}"
			if [ -z "${ans}" ] ; then
@@ -99,8 +116,8 @@ dm_crypt_execute_dmcrypt() {
		}

		# Notes: sed not used to avoid case where /usr partition is encrypted.
		mode=${key/*:/} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
		key=${key/:*/}
		mode=${key##*:} && ( [ "${mode}" = "${key}" ] || [ -z "${mode}" ] ) && mode=reg
		key=${key%:*}
		case "${mode}" in
		gpg|reg)
			# handle key on removable device
@@ -116,7 +133,7 @@ dm_crypt_execute_dmcrypt() {
				fi
				i=0
				einfo "Please insert removable device for ${target}"
				while [ ${i} -lt ${dmcrypt_max_timeout:-120} ] ; do
				while [ ${i} -lt ${dmcrypt_max_timeout} ] ; do
					foo=""
					if mount -n -o ro "${remdev}" "${mntrem}" 2>/dev/null >/dev/null ; then
						# keyfile exists?
@@ -124,7 +141,7 @@ dm_crypt_execute_dmcrypt() {
							umount -n "${mntrem}"
							rmdir "${mntrem}"
							einfo "Cannot find ${key} on removable media."
							read_abort "Abort" ${read_timeout:--t 1} && return
							read_abort "Abort" ${dmcrypt_key_timeout} && return
						else
							key="${mntrem}${key}"
							break
@@ -158,13 +175,17 @@ dm_crypt_execute_dmcrypt() {
	if [ "${mode}" = "gpg" ] ; then
		: ${gpg_options:='-q -d'}
		# gpg available ?
		if type -p gpg >/dev/null ; then
			for i in 0 1 2 ; do
		if command -v gpg >/dev/null ; then
			i=0
			while [ ${i} -lt ${dmcrypt_retries} ] ; do
				# paranoid, don't store key in a variable, pipe it so it stays very little in ram unprotected.
				# save stdin stdout stderr "values"
				gpg ${gpg_options} ${key} 2>/dev/null | cryptsetup ${options} ${arg1} ${arg2} ${arg3}
				timeout ${dmcrypt_max_timeout} gpg ${gpg_options} ${key} 2>/dev/null | \
					cryptsetup --key-file - ${options} ${arg1} ${arg2} ${arg3}
				ret=$?
				[ ${ret} -eq 0 ] && break
				# The timeout command exits 124 when it times out.
				[ ${ret} -eq 0 -o ${ret} -eq 124 ] && break
				: $(( i += 1 ))
			done
			eend ${ret} "failure running cryptsetup"
		else
@@ -195,49 +216,21 @@ dm_crypt_execute_dmcrypt() {
	else
		if [ -n "${pre_mount}" ] ; then
			dev="/dev/mapper/${target}"
			ebegin "    pre_mount: ${pre_mount}"
			eval ebegin \""    pre_mount: ${pre_mount}"\"
			eval "${pre_mount}" > /dev/null
			ewend $? || cryptfs_status=1
		fi
	fi
}

# Run any post_mount commands for an individual mount
#
# Note: This relies on variables localized in the main body below.
dm_crypt_execute_localmount() {
	local mount_point

	[ -z "${target}" ] && [ -z "${post_mount}" ] && return

	if ! cryptsetup status ${target} | egrep -q '\<active:' ; then
		ewarn "Skipping unmapped target ${target}"
		cryptfs_status=1
		return
	fi

	mount_point=$(grep "/dev/mapper/${target}" /proc/mounts | cut -d' ' -f2)
	if [ -z "${mount_point}" ] ; then
		ewarn "Failed to find mount point for ${target}, skipping"
		cryptfs_status=1
	fi

	if [ -n "${post_mount}" ] ; then
		ebegin "Running post_mount commands for target ${target}"
		eval "${post_mount}" >/dev/null
		eend $? || cryptfs_status=1
	fi
}

# Lookup optional bootparams
get_bootparam_val() {
	# We're given something like:
	#    foo=bar=cow
	# Return the "bar=cow" part.
	case $1 in
	*\=*)
		local key=$(echo "$1" | cut -f1 -d=)
		echo "$1" | cut -c $(( ${#key} + 2 ))
	*=*)
		echo "${1#*=}"
		;;
	esac
}
@@ -249,16 +242,13 @@ start() {
	local x
	for x in $(cat /proc/cmdline) ; do
		case "${x}" in
		key_timeout\=*)
			local KEY_TIMEOUT=$(get_bootparam_val "${x}")
			if [ ${KEY_TIMEOUT} -gt 0 ] ; then
				read_timeout="-t ${KEY_TIMEOUT}"
			fi
		;;
		key_timeout=*)
			dmcrypt_key_timeout=$(get_bootparam_val "${x}")
			;;
		esac
	done

	while read -u 3 targetline ; do
	while read targetline <&3 ; do
		case ${targetline} in
		# skip comments and blank lines
		""|"#"*) continue ;;
@@ -273,7 +263,7 @@ start() {
		case ${targetline} in
		target=*|swap=*)
			# If we have a target queued up, then execute it
			${execute_hook}
			dm_crypt_execute

			# Prepare for the next target/swap by resetting variables
			unset gpg_options key loop_file target options pre_mount post_mount source swap remdev
@@ -286,7 +276,7 @@ start() {
			fi
			;;

		dmcrypt_max_timeout=*)
		dmcrypt_*=*)
			# ignore global options
			continue
			;;
@@ -296,12 +286,12 @@ start() {
			;;
		esac

		# Queue this setting for the next call to dm_crypt_execute_xxx
		# Queue this setting for the next call to dm_crypt_execute
		eval "${targetline}"
	done 3< ${conf_file}

	# If we have a target queued up, then execute it
	${execute_hook}
	dm_crypt_execute

	ewend ${cryptfs_status} "Failed to setup dm-crypt devices"
}
-- 
2.7.0



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)