diff options
author | Narrat | 2021-06-16 21:21:06 +0200 |
---|---|---|
committer | Narrat | 2021-06-16 21:26:29 +0200 |
commit | 1ac8f18d3fd91a317ab6c8214ad312efe730ab53 (patch) | |
tree | a38c183db7ce89a2c5921e822e195f51029d5a90 | |
parent | d378a10a3df0f3b426a5a2ef658699172173e2b4 (diff) | |
download | aur-1ac8f18d3fd91a317ab6c8214ad312efe730ab53.tar.gz |
util-linux-aes: update to 2.37 (UNOFFICIAL)
This is a necessary update for util-linux to avoid breakage of systems.
Sadly there is no new upstream release, so I needed to adapt the patch myself.
Therefore this notice:
This patch isn't the official one. I could have done anything with it.
And it is incomplete. Due to upstream changing their man-page source, this patch doesn't include the changes for the man-pages. There is currently no documentation.
Source code changes were fairly easy to adapt. BUT they're untested and it is possible something broke in a subtle way.
-rw-r--r-- | .SRCINFO | 37 | ||||
-rwxr-xr-x | PKGBUILD | 88 | ||||
-rw-r--r-- | pam-common | 10 | ||||
-rw-r--r-- | pam-login | 1 | ||||
-rw-r--r-- | pam-runuser | 4 | ||||
-rw-r--r-- | pam-su | 13 | ||||
-rw-r--r-- | util-linux-2.37.diff (renamed from util-linux-2.36.2.diff) | 706 | ||||
-rw-r--r-- | util-linux-aes.sysusers | 1 |
8 files changed, 219 insertions, 641 deletions
@@ -1,20 +1,21 @@ pkgbase = util-linux-aes pkgdesc = Miscellaneous system utilities for Linux, with loop-AES support - pkgver = 2.36.2 - pkgrel = 1.4 + pkgver = 2.37 + pkgrel = 3 url = https://github.com/karelzak/util-linux install = util-linux-aes.install arch = x86_64 license = GPL2 - makedepends = systemd - makedepends = python + makedepends = asciidoctor makedepends = libcap-ng makedepends = libxcrypt + makedepends = python + makedepends = systemd makedepends = gtk-doc options = strip - source = https://www.kernel.org/pub/linux/utils/util-linux/v2.36/util-linux-2.36.2.tar.xz - source = https://www.kernel.org/pub/linux/utils/util-linux/v2.36/util-linux-2.36.2.tar.sign - source = util-linux-2.36.2.diff + source = https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-2.37.tar.xz + source = https://www.kernel.org/pub/linux/utils/util-linux/v2.37/util-linux-2.37.tar.sign + source = util-linux-2.37.diff source = util-linux-aes.modules source = pam-login source = pam-common @@ -25,15 +26,15 @@ pkgbase = util-linux-aes source = rfkill-unblock_.service source = rfkill-block_.service validpgpkeys = B0C64D14301CC6EFAEDF60E4E4B71D5EEC39C284 - sha256sums = f7516ba9d8689343594356f0e5e1a5f0da34adfbc89023437735872bb5024c5f + sha256sums = bd07b7e98839e0359842110525a3032fdb8eaf3a90bedde3dd1652d32d15cce5 sha256sums = SKIP - sha256sums = 7eb2693de4bb1b11198f3a873f061d69511a5f965f1ecedeeeff98a7d772d995 + sha256sums = 55de199d09f62a843176608538d65bfc1b591ce927c19298eeb1d2a636485f0f sha256sums = 560ca858961eb997a216ce6b419d900e84688591abf4584ef30c9323ba06fffd - sha256sums = 993a3096c2b113e6800f2abbd5d4233ebf1a97eef423990d3187d665d3490b92 - sha256sums = fc6807842f92e9d3f792d6b64a0d5aad87995a279153ab228b1b2a64d9f32f20 - sha256sums = 95b7cdc4cba17494d7b87f37f8d0937ec54c55de0e3ce9d9ab05ad5cc76bf935 - sha256sums = 51eac9c2a2f51ad3982bba35de9aac5510f1eeff432d2d63c6362e45d620afc0 - sha256sums = a3980e33ef3a8d356379b4964c9730fd525d46e5b28cded5d0b50d6dc8a5563c + sha256sums = 99cd77f21ee44a0c5e57b0f3670f711a00496f198fc5704d7e44f5d817c81a0f + sha256sums = 57e057758944f4557762c6def939410c04ca5803cbdd2bfa2153ce47ffe7a4af + sha256sums = 48d6fba767631e3dd3620cf02a71a74c5d65a525d4c4ce4b5a0b7d9f41ebfea1 + sha256sums = 3f54249ac2db44945d6d12ec728dcd0d69af0735787a8b078eacd2c67e38155b + sha256sums = 10b0505351263a099163c0d928132706e501dd0a008dac2835b052167b14abe3 sha256sums = 7423aaaa09fee7f47baa83df9ea6fef525ff9aec395c8cbd9fe848ceb2643f37 sha256sums = 8ccec10a22523f6b9d55e0d6cbf91905a39881446710aa083e935e8073323376 sha256sums = a22e0a037e702170c7d88460cc9c9c2ab1d3e5c54a6985cd4a164ea7beff1b36 @@ -55,10 +56,13 @@ pkgname = util-linux-aes optdepends = python: python bindings to libmount optdepends = words: default dictionary for look provides = rfkill - provides = util-linux=2.36 + provides = hardlink + provides = util-linux=2.37 conflicts = rfkill + conflicts = hardlink conflicts = util-linux replaces = rfkill + replaces = hardlink backup = etc/pam.d/chfn backup = etc/pam.d/chsh backup = etc/pam.d/login @@ -75,8 +79,7 @@ pkgname = util-linux-libs-aes provides = libmount.so provides = libsmartcols.so provides = libuuid.so - provides = util-linux-libs=2.36 + provides = util-linux-libs=2.37 conflicts = libutil-linux conflicts = util-linux-libs replaces = libutil-linux - @@ -3,24 +3,25 @@ # Contributor: Tom Gundersen <teg@jklm.no> # Contributor: Dave Reisner <dreisner@archlinux.org> # Contributor: milomouse <vincent[at]fea.st> -# Contributor: judd <jvinet[at]zeroflux.org> +# Contributor: judd <jvinet@zeroflux.org> _basename=util-linux pkgbase=util-linux-aes pkgname=(util-linux-aes util-linux-libs-aes) -_pkgmajor=2.36 -pkgver=${_pkgmajor}.2 -pkgrel=1.4 +_pkgmajor=2.37 +_realver=${_pkgmajor} +pkgver=${_realver/-/} +pkgrel=3 pkgdesc='Miscellaneous system utilities for Linux, with loop-AES support' url='https://github.com/karelzak/util-linux' #url="http://sourceforge.net/projects/loop-aes/" arch=('x86_64') -makedepends=('systemd' 'python' 'libcap-ng' 'libxcrypt' 'gtk-doc') +makedepends=('asciidoctor' 'libcap-ng' 'libxcrypt' 'python' 'systemd' 'gtk-doc') license=('GPL2') options=('strip') install=${pkgname}.install validpgpkeys=('B0C64D14301CC6EFAEDF60E4E4B71D5EEC39C284') # Karel Zak -source=("https://www.kernel.org/pub/linux/utils/util-linux/v$_pkgmajor/${_basename}-$pkgver.tar."{xz,sign} +source=("https://www.kernel.org/pub/linux/utils/util-linux/v$_pkgmajor/${_basename}-${_realver}.tar."{xz,sign} "${_basename}-${pkgver}.diff" "${pkgname}.modules" pam-{login,common,runuser,su} @@ -28,15 +29,15 @@ source=("https://www.kernel.org/pub/linux/utils/util-linux/v$_pkgmajor/${_basena '60-rfkill.rules' 'rfkill-unblock_.service' 'rfkill-block_.service') -sha256sums=('f7516ba9d8689343594356f0e5e1a5f0da34adfbc89023437735872bb5024c5f' +sha256sums=('bd07b7e98839e0359842110525a3032fdb8eaf3a90bedde3dd1652d32d15cce5' 'SKIP' - '7eb2693de4bb1b11198f3a873f061d69511a5f965f1ecedeeeff98a7d772d995' + '55de199d09f62a843176608538d65bfc1b591ce927c19298eeb1d2a636485f0f' '560ca858961eb997a216ce6b419d900e84688591abf4584ef30c9323ba06fffd' - '993a3096c2b113e6800f2abbd5d4233ebf1a97eef423990d3187d665d3490b92' - 'fc6807842f92e9d3f792d6b64a0d5aad87995a279153ab228b1b2a64d9f32f20' - '95b7cdc4cba17494d7b87f37f8d0937ec54c55de0e3ce9d9ab05ad5cc76bf935' - '51eac9c2a2f51ad3982bba35de9aac5510f1eeff432d2d63c6362e45d620afc0' - 'a3980e33ef3a8d356379b4964c9730fd525d46e5b28cded5d0b50d6dc8a5563c' + '99cd77f21ee44a0c5e57b0f3670f711a00496f198fc5704d7e44f5d817c81a0f' + '57e057758944f4557762c6def939410c04ca5803cbdd2bfa2153ce47ffe7a4af' + '48d6fba767631e3dd3620cf02a71a74c5d65a525d4c4ce4b5a0b7d9f41ebfea1' + '3f54249ac2db44945d6d12ec728dcd0d69af0735787a8b078eacd2c67e38155b' + '10b0505351263a099163c0d928132706e501dd0a008dac2835b052167b14abe3' '7423aaaa09fee7f47baa83df9ea6fef525ff9aec395c8cbd9fe848ceb2643f37' '8ccec10a22523f6b9d55e0d6cbf91905a39881446710aa083e935e8073323376' 'a22e0a037e702170c7d88460cc9c9c2ab1d3e5c54a6985cd4a164ea7beff1b36') @@ -48,13 +49,7 @@ prepare() { } build() { - cd "$_basename-$pkgver" - - # We ship Debian's hardlink in package 'hardlink', Fedora's hardlink was - # merged in util-linux. For now we disable the latter, but let's dicuss - # the details: - # https://bugs.archlinux.org/task/62896 - # https://github.com/karelzak/util-linux/issues/808 + cd "${_basename}-${_realver}" ./configure \ --prefix=/usr \ @@ -70,16 +65,15 @@ build() { --enable-chfn-chsh \ --enable-write \ --enable-mesg \ - --disable-hardlink \ --with-python=3 make } package_util-linux-aes() { - conflicts=('rfkill' "${_basename}") - provides=('rfkill' "${_basename}=2.36") - replaces=('rfkill') + conflicts=('rfkill' 'hardlink' "${_basename}") + provides=('rfkill' 'hardlink' "${_basename}=2.37") + replaces=('rfkill' 'hardlink') depends=('pam' 'shadow' 'coreutils' 'systemd-libs' 'libsystemd.so' 'libudev.so' 'libcap-ng' 'libxcrypt' 'libcrypt.so' 'util-linux-libs-aes' 'libmagic.so' 'libncursesw.so' 'libreadline.so') @@ -93,45 +87,45 @@ package_util-linux-aes() { etc/pam.d/su etc/pam.d/su-l) - cd "$_basename-$pkgver" + cd "${_basename}-${_realver}" - make DESTDIR="$pkgdir" install + make DESTDIR="${pkgdir}" install # setuid chfn and chsh - chmod 4755 "$pkgdir"/usr/bin/{newgrp,ch{sh,fn}} + chmod 4755 "${pkgdir}"/usr/bin/{newgrp,ch{sh,fn}} # install PAM files for login-utils - install -Dm0644 "$srcdir/pam-common" "$pkgdir/etc/pam.d/chfn" - install -m0644 "$srcdir/pam-common" "$pkgdir/etc/pam.d/chsh" - install -m0644 "$srcdir/pam-login" "$pkgdir/etc/pam.d/login" - install -m0644 "$srcdir/pam-runuser" "$pkgdir/etc/pam.d/runuser" - install -m0644 "$srcdir/pam-runuser" "$pkgdir/etc/pam.d/runuser-l" - install -m0644 "$srcdir/pam-su" "$pkgdir/etc/pam.d/su" - install -m0644 "$srcdir/pam-su" "$pkgdir/etc/pam.d/su-l" + install -Dm0644 "${srcdir}/pam-common" "${pkgdir}/etc/pam.d/chfn" + install -m0644 "${srcdir}/pam-common" "${pkgdir}/etc/pam.d/chsh" + install -m0644 "${srcdir}/pam-login" "${pkgdir}/etc/pam.d/login" + install -m0644 "${srcdir}/pam-runuser" "${pkgdir}/etc/pam.d/runuser" + install -m0644 "${srcdir}/pam-runuser" "${pkgdir}/etc/pam.d/runuser-l" + install -m0644 "${srcdir}/pam-su" "${pkgdir}/etc/pam.d/su" + install -m0644 "${srcdir}/pam-su" "${pkgdir}/etc/pam.d/su-l" # TODO(dreisner): offer this upstream? - sed -i '/ListenStream/ aRuntimeDirectory=uuidd' "$pkgdir/usr/lib/systemd/system/uuidd.socket" + sed -i '/ListenStream/ aRuntimeDirectory=uuidd' "${pkgdir}/usr/lib/systemd/system/uuidd.socket" # adjust for usrmove # TODO(dreisner): fix configure.ac upstream so that this isn't needed - cd "$pkgdir" + cd "${pkgdir}" mv usr/sbin/* usr/bin rmdir usr/sbin ### runtime libs are shipped as part of util-linux-libs - rm "$pkgdir"/usr/lib/lib*.{a,so}* + rm "${pkgdir}"/usr/lib/lib*.{a,so}* ### install systemd-sysusers - install -Dm0644 "$srcdir/util-linux-aes.sysusers" \ - "$pkgdir/usr/lib/sysusers.d/util-linux-aes.conf" + install -Dm0644 "${srcdir}/util-linux-aes.sysusers" \ + "${pkgdir}/usr/lib/sysusers.d/util-linux-aes.conf" - install -Dm0644 "$srcdir/60-rfkill.rules" \ - "$pkgdir/usr/lib/udev/rules.d/60-rfkill.rules" + install -Dm0644 "${srcdir}/60-rfkill.rules" \ + "${pkgdir}/usr/lib/udev/rules.d/60-rfkill.rules" - install -Dm0644 "$srcdir/rfkill-unblock_.service" \ - "$pkgdir/usr/lib/systemd/system/rfkill-unblock@.service" - install -Dm0644 "$srcdir/rfkill-block_.service" \ - "$pkgdir/usr/lib/systemd/system/rfkill-block@.service" + install -Dm0644 "${srcdir}/rfkill-unblock_.service" \ + "${pkgdir}/usr/lib/systemd/system/rfkill-unblock@.service" + install -Dm0644 "${srcdir}/rfkill-block_.service" \ + "${pkgdir}/usr/lib/systemd/system/rfkill-block@.service" # install modules install -Dm644 "${srcdir}/${pkgname}.modules" "${pkgdir}/etc/modules-load.d/${pkgname}.conf" @@ -139,9 +133,9 @@ package_util-linux-aes() { package_util-linux-libs-aes() { pkgdesc="util-linux runtime libraries" - provides=('libutil-linux' 'libblkid.so' 'libfdisk.so' 'libmount.so' 'libsmartcols.so' 'libuuid.so' "${_basename}-libs=2.36") + provides=('libutil-linux' 'libblkid.so' 'libfdisk.so' 'libmount.so' 'libsmartcols.so' 'libuuid.so' "${_basename}-libs=2.37") conflicts=('libutil-linux' "${_basename}-libs") replaces=('libutil-linux') - make -C "$_basename-$pkgver" DESTDIR="$pkgdir" install-usrlib_execLTLIBRARIES + make -C "${_basename}-${_realver}" DESTDIR="${pkgdir}" install-usrlib_execLTLIBRARIES } diff --git a/pam-common b/pam-common index a7bf8a4a5b08..066186e3c3dc 100644 --- a/pam-common +++ b/pam-common @@ -1,6 +1,6 @@ #%PAM-1.0 -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so diff --git a/pam-login b/pam-login index 1960d9497c08..2dac6ab61102 100644 --- a/pam-login +++ b/pam-login @@ -5,3 +5,4 @@ auth requisite pam_nologin.so auth include system-local-login account include system-local-login session include system-local-login +password include system-local-login diff --git a/pam-runuser b/pam-runuser index d5b1ea353ec5..26b59d51c2d5 100644 --- a/pam-runuser +++ b/pam-runuser @@ -1,4 +1,4 @@ #%PAM-1.0 -auth sufficient pam_rootok.so -session include system-login +auth sufficient pam_rootok.so +session include system-login @@ -1,9 +1,10 @@ #%PAM-1.0 -auth sufficient pam_rootok.so +auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. -#auth sufficient pam_wheel.so trust use_uid +#auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. -#auth required pam_wheel.so use_uid -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so +#auth required pam_wheel.so use_uid +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password include system-auth diff --git a/util-linux-2.36.2.diff b/util-linux-2.37.diff index 755bdf888013..01d657096e9c 100644 --- a/util-linux-2.36.2.diff +++ b/util-linux-2.37.diff @@ -1,3 +1,8 @@ +UNOFFICIAL PATCH FOR UTIL-LINUX 2.37 +All doc is lost +May not work at all +USE AT OWN RISK + If this patch does not apply cleanly to newer version of util-linux, try replacing original sys-utils/losetup.8 with version from util-linux that the patch is for. And then apply this patch. @@ -19,10 +24,11 @@ to programs, like this: make -diff -urN util-linux-2.36.2/include/Makemodule.am util-linux-2.36.2-AES/include/Makemodule.am ---- util-linux-2.36.2/include/Makemodule.am 2021-02-12 13:32:01.735988774 +0200 -+++ util-linux-2.36.2-AES/include/Makemodule.am 2021-02-23 18:30:59.347218450 +0200 -@@ -47,6 +47,7 @@ +diff --git a/include/Makemodule.am b/include/Makemodule.am +index 417125bcf..b7f357694 100644 +--- a/include/Makemodule.am ++++ b/include/Makemodule.am +@@ -50,6 +50,7 @@ dist_noinst_HEADERS += \ include/procutils.h \ include/pt-bsd.h \ include/pt-mbr.h \ @@ -30,9 +36,11 @@ diff -urN util-linux-2.36.2/include/Makemodule.am util-linux-2.36.2-AES/include/ include/pt-mbr-partnames.h \ include/pt-gpt-partnames.h \ include/pt-sgi.h \ -diff -urN util-linux-2.36.2/include/xgetpass.h util-linux-2.36.2-AES/include/xgetpass.h ---- util-linux-2.36.2/include/xgetpass.h 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.36.2-AES/include/xgetpass.h 2021-02-23 18:30:59.347218450 +0200 +diff --git a/include/xgetpass.h b/include/xgetpass.h +new file mode 100644 +index 000000000..b5a3c87de +--- /dev/null ++++ b/include/xgetpass.h @@ -0,0 +1,6 @@ +#ifndef UTIL_LINUX_XGETPASS_H +#define UTIL_LINUX_XGETPASS_H @@ -40,20 +48,25 @@ diff -urN util-linux-2.36.2/include/xgetpass.h util-linux-2.36.2-AES/include/xge +extern char *xgetpass(int pfd, const char *prompt); + +#endif /* UTIL_LINUX_XGETPASS_H */ -diff -urN util-linux-2.36.2/lib/Makemodule.am util-linux-2.36.2-AES/lib/Makemodule.am ---- util-linux-2.36.2/lib/Makemodule.am 2021-02-12 13:32:01.736988771 +0200 -+++ util-linux-2.36.2-AES/lib/Makemodule.am 2021-02-23 18:30:59.347218450 +0200 -@@ -34,6 +34,7 @@ +diff --git a/lib/Makemodule.am b/lib/Makemodule.am +index 5d95b37ea..a50d129b7 100644 +--- a/lib/Makemodule.am ++++ b/lib/Makemodule.am +@@ -36,7 +36,8 @@ libcommon_la_SOURCES = \ lib/strutils.c \ - lib/timeutils.c \ - lib/ttyutils.c \ -+ lib/xgetpass.c \ lib/strv.c \ - lib/sha1.c \ - lib/signames.c -diff -urN util-linux-2.36.2/lib/xgetpass.c util-linux-2.36.2-AES/lib/xgetpass.c ---- util-linux-2.36.2/lib/xgetpass.c 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.36.2-AES/lib/xgetpass.c 2021-02-23 18:30:59.347218450 +0200 + lib/timeutils.c \ +- lib/ttyutils.c ++ lib/ttyutils.c \ ++ lib/xgetpass.c + + if LINUX + libcommon_la_SOURCES += \ +diff --git a/lib/xgetpass.c b/lib/xgetpass.c +new file mode 100644 +index 000000000..5d9dbc954 +--- /dev/null ++++ b/lib/xgetpass.c @@ -0,0 +1,64 @@ +/* + * A function to read the passphrase either from the terminal or from @@ -119,10 +132,11 @@ diff -urN util-linux-2.36.2/lib/xgetpass.c util-linux-2.36.2-AES/lib/xgetpass.c + if(p) p[y] = 0; + return p; +} -diff -urN util-linux-2.36.2/libmount/src/Makemodule.am util-linux-2.36.2-AES/libmount/src/Makemodule.am ---- util-linux-2.36.2/libmount/src/Makemodule.am 2021-02-12 13:32:01.742988749 +0200 -+++ util-linux-2.36.2-AES/libmount/src/Makemodule.am 2021-02-23 18:30:59.347218450 +0200 -@@ -27,7 +27,10 @@ +diff --git a/libmount/src/Makemodule.am b/libmount/src/Makemodule.am +index c2579b0ac..1a7e39afe 100644 +--- a/libmount/src/Makemodule.am ++++ b/libmount/src/Makemodule.am +@@ -27,7 +27,10 @@ libmount_la_SOURCES = \ if LINUX libmount_la_SOURCES += \ libmount/src/context.c \ @@ -134,9 +148,11 @@ diff -urN util-linux-2.36.2/libmount/src/Makemodule.am util-linux-2.36.2-AES/lib libmount/src/context_veritydev.c \ libmount/src/context_mount.c \ libmount/src/context_umount.c \ -diff -urN util-linux-2.36.2/libmount/src/aes.c util-linux-2.36.2-AES/libmount/src/aes.c ---- util-linux-2.36.2/libmount/src/aes.c 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.36.2-AES/libmount/src/aes.c 2021-02-23 18:30:59.348218457 +0200 +diff --git a/libmount/src/aes.c b/libmount/src/aes.c +new file mode 100644 +index 000000000..698357684 +--- /dev/null ++++ b/libmount/src/aes.c @@ -0,0 +1,299 @@ +// I retain copyright in this code but I encourage its free use provided +// that I don't carry any responsibility for the results. I am especially @@ -437,9 +453,11 @@ diff -urN util-linux-2.36.2/libmount/src/aes.c util-linux-2.36.2-AES/libmount/sr + + state_out(out_blk, b0); +} -diff -urN util-linux-2.36.2/libmount/src/aes.h util-linux-2.36.2-AES/libmount/src/aes.h ---- util-linux-2.36.2/libmount/src/aes.h 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.36.2-AES/libmount/src/aes.h 2021-02-23 18:30:59.348218457 +0200 +diff --git a/libmount/src/aes.h b/libmount/src/aes.h +new file mode 100644 +index 000000000..660e8cec7 +--- /dev/null ++++ b/libmount/src/aes.h @@ -0,0 +1,97 @@ +// I retain copyright in this code but I encourage its free use provided +// that I don't carry any responsibility for the results. I am especially @@ -538,10 +556,11 @@ diff -urN util-linux-2.36.2/libmount/src/aes.h util-linux-2.36.2-AES/libmount/sr +// if their parameters have not changed. + +#endif // _AES_H -diff -urN util-linux-2.36.2/libmount/src/context.c util-linux-2.36.2-AES/libmount/src/context.c ---- util-linux-2.36.2/libmount/src/context.c 2021-02-12 13:32:01.743988745 +0200 -+++ util-linux-2.36.2-AES/libmount/src/context.c 2021-02-23 18:30:59.348218457 +0200 -@@ -102,7 +102,6 @@ +diff --git a/libmount/src/context.c b/libmount/src/context.c +index ccd050130..da2653751 100644 +--- a/libmount/src/context.c ++++ b/libmount/src/context.c +@@ -102,7 +102,6 @@ void mnt_free_context(struct libmnt_context *cxt) mnt_unref_fs(cxt->fs); mnt_unref_fs(cxt->fs_template); @@ -549,7 +568,7 @@ diff -urN util-linux-2.36.2/libmount/src/context.c util-linux-2.36.2-AES/libmoun mnt_free_lock(cxt->lock); mnt_free_update(cxt->update); -@@ -145,6 +144,8 @@ +@@ -145,6 +144,8 @@ int mnt_reset_context(struct libmnt_context *cxt) DBG(CXT, ul_debugobj(cxt, "<---- reset [status=%d] ---->", mnt_context_get_status(cxt))); @@ -558,9 +577,11 @@ diff -urN util-linux-2.36.2/libmount/src/context.c util-linux-2.36.2-AES/libmoun fl = cxt->flags; mnt_unref_fs(cxt->fs); -diff -urN util-linux-2.36.2/libmount/src/context_loopdev1.c util-linux-2.36.2-AES/libmount/src/context_loopdev1.c ---- util-linux-2.36.2/libmount/src/context_loopdev1.c 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.36.2-AES/libmount/src/context_loopdev1.c 2021-02-23 18:30:59.349218465 +0200 +diff --git a/libmount/src/context_loopdev1.c b/libmount/src/context_loopdev1.c +new file mode 100644 +index 000000000..21cc53f31 +--- /dev/null ++++ b/libmount/src/context_loopdev1.c @@ -0,0 +1,1525 @@ +/* + * Copyright (C) 2011 Karel Zak <kzak@redhat.com> @@ -2087,10 +2108,11 @@ diff -urN util-linux-2.36.2/libmount/src/context_loopdev1.c util-linux-2.36.2-AE + cxt->loopdev_fd = -1; + return 0; +} -diff -urN util-linux-2.36.2/libmount/src/context_umount.c util-linux-2.36.2-AES/libmount/src/context_umount.c ---- util-linux-2.36.2/libmount/src/context_umount.c 2021-02-02 17:41:37.989357326 +0200 -+++ util-linux-2.36.2-AES/libmount/src/context_umount.c 2021-02-23 18:30:59.349218465 +0200 -@@ -384,11 +384,12 @@ +diff --git a/libmount/src/context_umount.c b/libmount/src/context_umount.c +index 57eda75be..a6c59025c 100644 +--- a/libmount/src/context_umount.c ++++ b/libmount/src/context_umount.c +@@ -390,11 +390,12 @@ static int lookup_umount_fs(struct libmnt_context *cxt) */ static int is_associated_fs(const char *devname, struct libmnt_fs *fs) { @@ -2105,7 +2127,7 @@ diff -urN util-linux-2.36.2/libmount/src/context_umount.c util-linux-2.36.2-AES/ /* check if it begins with /dev/loop */ if (strncmp(devname, _PATH_DEV_LOOP, sizeof(_PATH_DEV_LOOP) - 1) != 0) -@@ -400,16 +401,16 @@ +@@ -406,16 +407,16 @@ static int is_associated_fs(const char *devname, struct libmnt_fs *fs) /* check for the offset option in @fs */ optstr = mnt_fs_get_user_options(fs); @@ -2116,15 +2138,14 @@ diff -urN util-linux-2.36.2/libmount/src/context_umount.c util-linux-2.36.2-AES/ - - if (mnt_parse_offset(val, valsz, &offset) != 0) - return 0; -- } -- -- return loopdev_is_used(devname, src, offset, 0, flags); + if (optstr) { + if(mnt_optstr_get_option(optstr, "offset", &val, &valsz) == 0 && val && valsz) + offsetStr = strndup(val, valsz); + if(mnt_optstr_get_option(optstr, "sizelimit", &val, &valsz) == 0 && val && valsz) + sizelimitStr = strndup(val, valsz); -+ } + } +- +- return loopdev_is_used(devname, src, offset, 0, flags); + r = __loDev_is_loop_active_same_back((char *) devname, (char *) src, offsetStr, sizelimitStr); + if(offsetStr) free(offsetStr); + if(sizelimitStr) free(sizelimitStr); @@ -2132,7 +2153,7 @@ diff -urN util-linux-2.36.2/libmount/src/context_umount.c util-linux-2.36.2-AES/ } static int prepare_helper_from_options(struct libmnt_context *cxt, -@@ -974,7 +975,7 @@ +@@ -981,7 +982,7 @@ int mnt_context_prepare_umount(struct libmnt_context *cxt) if (!rc && mnt_context_is_loopdel(cxt) && cxt->fs) { const char *src = mnt_fs_get_srcpath(cxt->fs); @@ -2141,10 +2162,11 @@ diff -urN util-linux-2.36.2/libmount/src/context_umount.c util-linux-2.36.2-AES/ mnt_context_enable_loopdel(cxt, FALSE); } -diff -urN util-linux-2.36.2/libmount/src/optmap.c util-linux-2.36.2-AES/libmount/src/optmap.c ---- util-linux-2.36.2/libmount/src/optmap.c 2021-02-02 17:41:37.991357313 +0200 -+++ util-linux-2.36.2-AES/libmount/src/optmap.c 2021-02-23 18:30:59.349218465 +0200 -@@ -172,10 +172,19 @@ +diff --git a/libmount/src/optmap.c b/libmount/src/optmap.c +index 49e8113d2..e3602f7f4 100644 +--- a/libmount/src/optmap.c ++++ b/libmount/src/optmap.c +@@ -172,10 +172,19 @@ static const struct libmnt_optmap userspace_opts_map[] = { "x-", MNT_MS_XCOMMENT, MNT_NOHLPS | MNT_PREFIX }, /* persistent comments (utab) */ { "X-", MNT_MS_XFSTABCOMM, MNT_NOHLPS | MNT_NOMTAB | MNT_PREFIX }, /* fstab only comments */ @@ -2166,9 +2188,11 @@ diff -urN util-linux-2.36.2/libmount/src/optmap.c util-linux-2.36.2-AES/libmount { "nofail", MNT_MS_NOFAIL, MNT_NOMTAB }, /* Do not fail if ENOENT on dev */ -diff -urN util-linux-2.36.2/libmount/src/rmd160.c util-linux-2.36.2-AES/libmount/src/rmd160.c ---- util-linux-2.36.2/libmount/src/rmd160.c 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.36.2-AES/libmount/src/rmd160.c 2021-02-23 18:30:59.349218465 +0200 +diff --git a/libmount/src/rmd160.c b/libmount/src/rmd160.c +new file mode 100644 +index 000000000..db2b6c491 +--- /dev/null ++++ b/libmount/src/rmd160.c @@ -0,0 +1,532 @@ +/* rmd160.c - RIPE-MD160 + * Copyright (C) 1998 Free Software Foundation, Inc. @@ -2702,9 +2726,11 @@ diff -urN util-linux-2.36.2/libmount/src/rmd160.c util-linux-2.36.2-AES/libmount + rmd160_final( &hd ); + memcpy( outbuf, hd.buf, 20 ); +} -diff -urN util-linux-2.36.2/libmount/src/rmd160.h util-linux-2.36.2-AES/libmount/src/rmd160.h ---- util-linux-2.36.2/libmount/src/rmd160.h 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.36.2-AES/libmount/src/rmd160.h 2021-02-23 18:30:59.349218465 +0200 +diff --git a/libmount/src/rmd160.h b/libmount/src/rmd160.h +new file mode 100644 +index 000000000..d83444fa0 +--- /dev/null ++++ b/libmount/src/rmd160.h @@ -0,0 +1,9 @@ +#ifndef RMD160_H +#define RMD160_H @@ -2715,9 +2741,11 @@ diff -urN util-linux-2.36.2/libmount/src/rmd160.h util-linux-2.36.2-AES/libmount +#endif /*RMD160_H*/ + + -diff -urN util-linux-2.36.2/libmount/src/sha512.c util-linux-2.36.2-AES/libmount/src/sha512.c ---- util-linux-2.36.2/libmount/src/sha512.c 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.36.2-AES/libmount/src/sha512.c 2021-02-23 18:30:59.350218472 +0200 +diff --git a/libmount/src/sha512.c b/libmount/src/sha512.c +new file mode 100644 +index 000000000..25a03ba44 +--- /dev/null ++++ b/libmount/src/sha512.c @@ -0,0 +1,432 @@ +/* + * sha512.c @@ -3151,9 +3179,11 @@ diff -urN util-linux-2.36.2/libmount/src/sha512.c util-linux-2.36.2-AES/libmount + memset(&ctx, 0, sizeof(ctx)); +} +#endif -diff -urN util-linux-2.36.2/libmount/src/sha512.h util-linux-2.36.2-AES/libmount/src/sha512.h ---- util-linux-2.36.2/libmount/src/sha512.h 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.36.2-AES/libmount/src/sha512.h 2021-02-23 18:30:59.350218472 +0200 +diff --git a/libmount/src/sha512.h b/libmount/src/sha512.h +new file mode 100644 +index 000000000..3bbd2b01a +--- /dev/null ++++ b/libmount/src/sha512.h @@ -0,0 +1,45 @@ +/* + * sha512.h @@ -3200,19 +3230,20 @@ diff -urN util-linux-2.36.2/libmount/src/sha512.h util-linux-2.36.2-AES/libmount +/* no sha384_write(), use sha512_write() */ +/* no sha384_final(), use sha512_final(), result in ctx->sha_out[0...47] */ +extern void __loDev_sha384_hash_buffer(unsigned char *, int, unsigned char *, int); -diff -urN util-linux-2.36.2/sys-utils/Makemodule.am util-linux-2.36.2-AES/sys-utils/Makemodule.am ---- util-linux-2.36.2/sys-utils/Makemodule.am 2021-02-12 13:32:01.829988432 +0200 -+++ util-linux-2.36.2-AES/sys-utils/Makemodule.am 2021-02-23 18:30:59.350218472 +0200 -@@ -259,7 +259,7 @@ - if BUILD_LOSETUP +diff --git a/sys-utils/Makemodule.am b/sys-utils/Makemodule.am +index 7f6b5f882..f852281eb 100644 +--- a/sys-utils/Makemodule.am ++++ b/sys-utils/Makemodule.am +@@ -291,7 +291,7 @@ if BUILD_LOSETUP sbin_PROGRAMS += losetup - dist_man_MANS += sys-utils/losetup.8 + MANPAGES += sys-utils/losetup.8 + dist_noinst_DATA += sys-utils/losetup.8.adoc -losetup_SOURCES = sys-utils/losetup.c +losetup_SOURCES = sys-utils/losetup1.c sys-utils/loop.c libmount/src/sha512.c libmount/src/rmd160.c libmount/src/aes.c losetup_LDADD = $(LDADD) libcommon.la libsmartcols.la losetup_CFLAGS = $(AM_CFLAGS) -I$(ul_libsmartcols_incdir) -@@ -359,6 +359,8 @@ +@@ -398,6 +398,8 @@ MANLINKS += sys-utils/swapoff.8 swapon_SOURCES = \ sys-utils/swapon.c \ @@ -3221,7 +3252,7 @@ diff -urN util-linux-2.36.2/sys-utils/Makemodule.am util-linux-2.36.2-AES/sys-ut sys-utils/swapon-common.c \ sys-utils/swapon-common.h \ lib/swapprober.c \ -@@ -375,6 +377,7 @@ +@@ -414,6 +416,7 @@ swapon_LDADD = $(LDADD) \ swapoff_SOURCES = \ sys-utils/swapoff.c \ @@ -3229,9 +3260,11 @@ diff -urN util-linux-2.36.2/sys-utils/Makemodule.am util-linux-2.36.2-AES/sys-ut sys-utils/swapon-common.c \ sys-utils/swapon-common.h \ lib/swapprober.c \ -diff -urN util-linux-2.36.2/sys-utils/loop.c util-linux-2.36.2-AES/sys-utils/loop.c ---- util-linux-2.36.2/sys-utils/loop.c 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.36.2-AES/sys-utils/loop.c 2021-02-23 18:30:59.350218472 +0200 +diff --git a/sys-utils/loop.c b/sys-utils/loop.c +new file mode 100644 +index 000000000..fef091695 +--- /dev/null ++++ b/sys-utils/loop.c @@ -0,0 +1,221 @@ +/* + * loop.c @@ -3454,9 +3487,11 @@ diff -urN util-linux-2.36.2/sys-utils/loop.c util-linux-2.36.2-AES/sys-utils/loo + loopinfo->lo_encrypt_type = 18; /* LO_CRYPT_CRYPTOAPI */ + return(loop_set_status64_ioctl(fd, loopinfo)); +} -diff -urN util-linux-2.36.2/sys-utils/loop.h util-linux-2.36.2-AES/sys-utils/loop.h ---- util-linux-2.36.2/sys-utils/loop.h 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.36.2-AES/sys-utils/loop.h 2021-02-23 18:30:59.350218472 +0200 +diff --git a/sys-utils/loop.h b/sys-utils/loop.h +new file mode 100644 +index 000000000..cc9097bdf +--- /dev/null ++++ b/sys-utils/loop.h @@ -0,0 +1,87 @@ +/* + * loop.h @@ -3545,408 +3580,11 @@ diff -urN util-linux-2.36.2/sys-utils/loop.h util-linux-2.36.2-AES/sys-utils/loo +extern int try_cryptoapi_loop_interface(int, struct loop_info64 *, char *); + +#endif -diff -urN util-linux-2.36.2/sys-utils/losetup.8 util-linux-2.36.2-AES/sys-utils/losetup.8 ---- util-linux-2.36.2/sys-utils/losetup.8 2021-02-12 13:32:01.832988422 +0200 -+++ util-linux-2.36.2-AES/sys-utils/losetup.8 2021-02-23 18:30:59.350218472 +0200 -@@ -1,217 +1,200 @@ --.TH LOSETUP 8 "November 2015" "util-linux" "System Administration" -+.TH LOSETUP 8 "2012-09-24" "Linux" "MAINTENANCE COMMANDS" - .SH NAME - losetup \- set up and control loop devices - .SH SYNOPSIS - .ad l --Get info: --.sp --.in +5 --.B losetup --[\fIloopdev\fP] --.sp --.B losetup \-l --.RB [ \-a ] --.sp --.B losetup \-j --.I file --.RB [ \-o --.IR offset ] --.sp --.in -5 --Detach a loop device: --.sp --.in +5 --.B "losetup \-d" --.IR loopdev ... --.sp --.in -5 --Detach all associated loop devices: --.sp --.in +5 --.B "losetup \-D" --.sp --.in -5 --Set up a loop device: --.sp --.in +5 --.B losetup --.RB [ \-o --.IR offset ] --.RB [ \-\-sizelimit --.IR size ] --.RB [ \-\-sector\-size --.IR size ] --.in +8 --.RB [ \-Pr ] --.RB [ \-\-show ] " \-f" | \fIloopdev\fP --.I file --.sp --.in -13 --Resize a loop device: --.sp --.in +5 --.B "losetup \-c" --.I loopdev --.in -5 -+.B losetup -+[options] -+.I loop_device -+file -+.br -+.B losetup -F -+[options] -+.I loop_device -+[file] -+.br -+.B losetup -+[ -+.B \-d -+] -+.I loop_device -+.br -+.B losetup -a -+.br -+.B losetup -f -+.br -+.B losetup -+.B \-R -+.I loop_device - .ad b - .SH DESCRIPTION - .B losetup - is used to associate loop devices with regular files or block devices, --to detach loop devices, and to query the status of a loop device. If only the --\fIloopdev\fP argument is given, the status of the corresponding loop --device is shown. If no option is given, all loop devices are shown. --.sp --Note that the old output format (i.e., \fBlosetup \-a\fR) with comma-delimited --strings is deprecated in favour of the \fB\-\-list\fR output format. --.sp --It's possible to create more independent loop devices for the same backing --file. --.B This setup may be dangerous, can cause data loss, corruption and overwrites. --Use \fB\-\-nooverlap\fR with \fB\-\-find\fR during setup to avoid this problem. --.sp --The loop device setup is not an atomic operation when used with \fB\-\-find\fP, and --.B losetup --does not protect this operation by any lock. The number of attempts is --internally restricted to a maximum of 16. It is recommended to use for example --.BR flock (1) --to avoid a collision in heavily parallel use cases. -- -+to detach loop devices and to query the status of a loop device. If only the -+\fIloop_device\fP argument is given, the status of the corresponding loop -+device is shown. - .SH OPTIONS --The \fIsize\fR and \fIoffset\fR --arguments may be followed by the multiplicative suffixes KiB (=1024), --MiB (=1024*1024), and so on for GiB, TiB, PiB, EiB, ZiB and YiB (the "iB" is --optional, e.g., "K" has the same meaning as "KiB") or the suffixes --KB (=1000), MB (=1000*1000), and so on for GB, TB, PB, EB, ZB and YB. -- --.TP --.BR \-a , " \-\-all" --Show the status of all loop devices. Note that not all information is accessible --for non-root users. See also \fB\-\-list\fR. The old output format (as printed --without \fB\-\-list)\fR is deprecated. --.TP --.BR \-d , " \-\-detach " \fIloopdev\fR... --Detach the file or device associated with the specified loop device(s). Note --that since Linux v3.7 kernel uses "lazy device destruction". The detach --operation does not return EBUSY error anymore if device is actively used by --system, but it is marked by autoclear flag and destroyed later. --.TP --.BR \-D , " \-\-detach\-all" --Detach all associated loop devices. --.TP --.BR \-f , " \-\-find " "\fR[\fIfile\fR]" --Find the first unused loop device. If a \fIfile\fR argument is present, use --the found device as loop device. Otherwise, just print its name. --.IP "\fB\-\-show\fP" --Display the name of the assigned loop device if the \fB\-f\fP option and a --\fIfile\fP argument are present. --.TP --.BR \-L , " \-\-nooverlap" --Check for conflicts between loop devices to avoid situation when the same --backing file is shared between more loop devices. If the file is already used --by another device then re-use the device rather than a new one. The option --makes sense only with \fB\-\-find\fP. --.TP --.BR \-j , " \-\-associated " \fIfile\fR " \fR[\fB\-o \fIoffset\fR]" --Show the status of all loop devices associated with the given \fIfile\fR. --.TP --.BR \-o , " \-\-offset " \fIoffset --The data start is moved \fIoffset\fP bytes into the specified file or device. The \fIoffset\fP --may be followed by the multiplicative suffixes; see above. --.IP "\fB\-\-sizelimit \fIsize\fP" --The data end is set to no more than \fIsize\fP bytes after the data start. The \fIsize\fP --may be followed by the multiplicative suffixes; see above. --.TP --.BR \-b , " \-\-sector-size " \fIsize --Set the logical sector size of the loop device in bytes (since Linux 4.14). The --option may be used when create a new loop device as well as stand-alone command --to modify sector size of the already existing loop device. --.TP --.BR \-c , " \-\-set\-capacity " \fIloopdev --Force the loop driver to reread the size of the file associated with the --specified loop device. --.TP --.BR \-P , " \-\-partscan" --Force the kernel to scan the partition table on a newly created loop device. Note that the --partition table parsing depends on sector sizes. The default is sector size is 512 bytes, --otherwise you need to use the option \fB\-\-sector\-size\fR together with \fB\-\-partscan\fR. --.TP --.BR \-r , " \-\-read\-only" --Set up a read-only loop device. --.TP --.BR \-\-direct\-io [ =on | off ] --Enable or disable direct I/O for the backing file. The optional argument --can be either \fBon\fR or \fBoff\fR. If the argument is omitted, it defaults --to \fBoff\fR. --.TP --.BR \-v , " \-\-verbose" -+.IP \fB\-a\fP -+Show status of all loop devices. -+.IP "\fB\-C \fIitercountk\fP" -+Runs hashed passphrase through \fIitercountk\fP thousand iterations of AES-256 -+before using it for loop encryption. This consumes lots of CPU cycles at -+loop setup/mount time but not thereafter. In combination with passphrase seed -+this slows down dictionary attacks. Iteration is not done in multi-key mode. -+.IP "\fB\-d\fP" -+Detach the file or device associated with the specified loop device. -+.IP "\fB\-e \fIencryption\fP" -+.RS -+Enable data encryption. Following encryption types are recognized: -+.IP \fBNONE\fP -+Use no encryption (default). -+.PD 0 -+.IP \fBXOR\fP -+Use a simple XOR encryption. -+.IP "\fBAES128 AES\fP" -+Use 128 bit AES encryption. Passphrase is hashed with SHA-256 by default. -+.IP \fBAES192\fP -+Use 192 bit AES encryption. Passphrase is hashed with SHA-384 by default. -+.IP \fBAES256\fP -+Use 256 bit AES encryption. Passphrase is hashed with SHA-512 by default. -+ -+.IP "\fBtwofish128 twofish160 twofish192 twofish256\fP" -+.IP "\fBblowfish128 blowfish160 blowfish192 blowfish256\fP" -+.IP "\fBserpent128 serpent192 serpent256 mars128 mars192\fP" -+.IP "\fBmars256 rc6-128 rc6-192 rc6-256 tripleDES\fP" -+These encryption types are available if they are enabled in kernel -+configuration or corresponding modules have been loaded to kernel. -+.PD -+.RE -+.IP "\fB\-f\fP" -+Find and show next unused loop device. -+.IP "\fB\-F\fP" -+Reads and uses mount options from /etc/fstab that match specified loop -+device, including offset= sizelimit= encryption= pseed= phash= loinit= -+gpgkey= gpghome= cleartextkey= itercountk= and looped to device/file name. -+loop= option in /etc/fstab must match specified loop device name. Command -+line options take precedence in case of conflict. -+.IP "\fB\-G \fIgpghome\fP" -+Set gpg home directory to \fIgpghome\fP, so that gpg uses public/private -+keys on \fIgpghome\fP directory. This is only used when gpgkey file needs to -+be decrypted using public/private keys. If gpgkey file is encrypted with -+symmetric cipher only, public/private keys are not required and this option -+has no effect. -+.IP "\fB\-H \fIphash\fP" -+Uses \fIphash\fP function to hash passphrase. Available hash functions are -+sha256, sha384, sha512 and rmd160. unhashed1 and unhashed2 -+functions also exist for compatibility with some obsolete implementations. -+ -+Hash function random does not ask for passphrase but sets up random keys and -+attempts to put loop to multi-key mode. When random/1777 hash type is used -+as mount option for mount program, mount program will create new file system -+on the loop device and construct initial permissions of file system root -+directory from octal digits that follow the slash character. -+ -+WARNING! DO NOT USE RANDOM HASH TYPE ON PARTITION WITH EXISTING IMPORTANT -+DATA ON IT. RANDOM HASH TYPE WILL DESTROY YOUR DATA. -+.IP "\fB\-I \fIloinit\fP" -+Passes a numeric value of \fIloinit\fP as a parameter to cipher transfer -+function. Cipher transfer functions are free to interpret value as they -+want. -+.IP "\fB\-K \fIgpgkey\fP" -+Passphrase is piped to gpg so that gpg can decrypt file \fIgpgkey\fP which -+contains the real keys that are used to encrypt loop device. If decryption -+requires public/private keys and gpghome is not specified, all users use -+their own gpg public/private keys to decrypt \fIgpgkey\fP. Decrypted -+\fIgpgkey\fP should contain 1 or 64 or 65 keys, each key at least 20 -+characters and separated by newline. If decrypted \fIgpgkey\fP contains 64 -+or 65 keys, then loop device is put to multi-key mode. In multi-key mode -+first key is used for first sector, second key for second sector, and so on. -+65th key, if present, is used as additional input to MD5 IV computation. -+.IP "\fB\-o \fIoffset\fP" -+The data start is moved \fIoffset\fP bytes into the specified file or -+device. Normally offset is included in IV (initialization vector) -+computations. If offset is prefixed with @ character, then offset is not -+included in IV computations. @ prefix functionality may not be supported on -+some older kernels and/or loop drivers. -+.IP "\fB\-p \fIpasswdfd\fP" -+Read the passphrase from file descriptor \fIpasswdfd\fP instead of the -+terminal. If -K option is not being used (no gpg key file), then losetup -+attempts to read 65 keys from \fIpasswdfd\fP, each key at least 20 -+characters and separated by newline. If losetup successfully reads 64 or 65 -+keys, then loop device is put to multi-key mode. If losetup encounters -+end-of-file before 64 keys are read, then only first key is used in -+single-key mode. -+ -+echo SecretPassphraseHere | losetup -p0 -K foo.gpg -e AES128 ... -+ -+In above example, losetup reads passphrase from file descriptor 0 (stdin). -+.IP "\fB\-P \fIcleartextkey\fP" -+Read the passphrase from file \fIcleartextkey\fP instead of the -+terminal. If -K option is not being used (no gpg key file), then losetup -+attempts to read 65 keys from \fIcleartextkey\fP, each key at least 20 -+characters and separated by newline. If losetup successfully reads 64 or 65 -+keys, then loop device is put to multi-key mode. If losetup encounters -+end-of-file before 64 keys are read, then only first key is used in -+single-key mode. If both -p and -P options are used, then -p option takes -+precedence. These are equivalent: -+ -+losetup -p3 -K foo.gpg -e AES128 ... 3<someFileName -+ -+losetup -P someFileName -K foo.gpg -e AES128 ... -+ -+In first line of above example, in addition to normal open file descriptors -+(0==stdin 1==stdout 2==stderr), shell opens the file and passes open file -+descriptor to started losetup program. In second line of above example, -+losetup opens the file itself. -+.IP "\fB\-r\fP" -+Read-only mode. -+.IP "\fB\-R\fP" -+Resize existing, already set up loop device, to new changed underlying -+device size. This option is for changing mounted live file system size on -+LVM volume. This functionality may not be supported on some older kernels -+and/or loop drivers. -+.IP "\fB\-s \fIsizelimit\fP" -+Size of loop device is limited to \fIsizelimit\fP bytes. If unspecified or -+set to zero, loop device size is set to maximum available (file size minus -+offset). This option may not be supported on some older kernels and/or loop -+drivers. -+.IP "\fB\-S \fIpseed\fP" -+Sets encryption passphrase seed \fIpseed\fP which is appended to user supplied -+passphrase before hashing. Using different seeds for different partitions -+makes dictionary attacks slower but does not prevent them if user supplied -+passphrase is guessable. Seed is not used in multi-key mode. -+.IP "\fB\-T\fP" -+Asks passphrase twice. -+.IP "\fB\-v\fP" - Verbose mode. --.TP --.BR \-l , " \-\-list" --If a loop device or the \fB\-a\fR option is specified, print the default columns --for either the specified loop device or all loop devices; the default is to --print info about all devices. See also \fB\-\-output\fP, \fB\-\-noheadings\fP, --\fB\-\-raw\fP, and \fB\-\-json\fP. --.TP --.BR \-O , " \-\-output " \fIcolumn\fR[,\fIcolumn\fR]... --Specify the columns that are to be printed for the \fB\-\-list\fP output. --Use \fB\-\-help\fR to get a list of all supported columns. --.TP --.B \-\-output\-all --Output all available columns. --.TP --.BR \-n , " \-\-noheadings" --Don't print headings for \fB\-\-list\fP output format. --.IP "\fB\-\-raw\fP" --Use the raw \fB\-\-list\fP output format. --.TP --.BR \-J , " \-\-json" --Use JSON format for \fB\-\-list\fP output. --.TP --.BR \-V , " \-\-version" --Display version information and exit. --.TP --.BR \-h , " \-\-help" --Display help text and exit. -- --.SH ENCRYPTION --.B Cryptoloop is no longer supported in favor of dm-crypt. --.B For more details see cryptsetup(8). -- --.SH EXIT STATUS -+.SH RETURN VALUE - .B losetup --returns 0 on success, nonzero on failure. When -+returns 0 on success, nonzero on failure. When - .B losetup - displays the status of a loop device, it returns 1 if the device - is not configured and 2 if an error occurred which prevented --determining the status of the device. -- --.SH ENVIRONMENT --.IP LOOPDEV_DEBUG=all --enables debug output. -+.B losetup -+from determining the status of the device. - - .SH FILES --.TP --.I /dev/loop[0..N] --loop block devices --.TP --.I /dev/loop-control --loop control device -+.nf -+/dev/loop0,/dev/loop1,... loop devices (major=7) -+.fi - .SH EXAMPLE - The following commands can be used as an example of using the loop device. - .nf --.IP --# dd if=/dev/zero of=~/file.img bs=1024k count=10 --# losetup \-\-find \-\-show ~/file.img --/dev/loop0 --# mkfs \-t ext2 /dev/loop0 --# mount /dev/loop0 /mnt -+ -+dd if=/dev/zero of=/file bs=1k count=500 -+head -c 3705 /dev/random | uuencode -m - | head -n 66 \\ -+ | tail -n 65 | gpg --symmetric -a >/etc/fskey9.gpg -+losetup -e AES128 -K /etc/fskey9.gpg /dev/loop0 /file -+mkfs -t ext2 /dev/loop0 -+mount -t ext2 /dev/loop0 /mnt - ... --# umount /dev/loop0 --# losetup \-\-detach /dev/loop0 -+umount /dev/loop0 -+losetup -d /dev/loop0 - .fi -+.SH RESTRICTION -+XOR encryption is terribly weak. - .SH AUTHORS --Karel Zak <kzak@redhat.com>, based on the original version from --Theodore Ts'o <tytso@athena.mit.edu> --.SH AVAILABILITY --The losetup command is part of the util-linux package and is available from --https://www.kernel.org/pub/linux/utils/util-linux/. -+.nf -+Original version: Theodore Ts'o <tytso@athena.mit.edu> -+AES support: Jari Ruusu -+.fi -diff -urN util-linux-2.36.2/sys-utils/losetup1.c util-linux-2.36.2-AES/sys-utils/losetup1.c ---- util-linux-2.36.2/sys-utils/losetup1.c 1970-01-01 02:00:00.000000000 +0200 -+++ util-linux-2.36.2-AES/sys-utils/losetup1.c 2021-02-23 18:30:59.351218479 +0200 +diff --git a/sys-utils/losetup1.c b/sys-utils/losetup1.c +new file mode 100644 +index 000000000..059832de3 +--- /dev/null ++++ b/sys-utils/losetup1.c @@ -0,0 +1,1281 @@ +/* Taken from Ted's losetup.c - Mitch <m.dsouza@mrc-apu.cam.ac.uk> */ +/* Added vfs mount options - aeb - 960223 */ @@ -5229,46 +4867,10 @@ diff -urN util-linux-2.36.2/sys-utils/losetup1.c util-linux-2.36.2-AES/sys-utils + } + return res; +} -diff -urN util-linux-2.36.2/sys-utils/mount.8 util-linux-2.36.2-AES/sys-utils/mount.8 ---- util-linux-2.36.2/sys-utils/mount.8 2021-02-12 13:32:01.835988410 +0200 -+++ util-linux-2.36.2-AES/sys-utils/mount.8 2021-02-23 18:30:59.351218479 +0200 -@@ -823,6 +823,11 @@ - sections. - .RE - -+.IP "\fB\-p, \-\-pass\-fd \fInum\fP" -+In case of a loop mount with encryption, read the passphrase from -+file descriptor -+.I num -+instead of from the terminal. - .TP - .BR "\-\-options\-mode " \fImode - Controls how to combine options from -@@ -2663,13 +2668,19 @@ - .B "mount \-t ext4 /tmp/disk.img /mnt" - .sp - .RE --This type of mount knows about three options, namely --.BR loop ", " offset " and " sizelimit , -+This type of mount knows about 11 options, namely -+.BR loop ", " offset ", " sizelimit ", " encryption ", " pseed ", " phash ", " loinit ", " gpgkey ", " gpghome ", " cleartextkey " and " itercountk - that are really options to - .BR \%losetup (8). - (These options can be used in addition to those specific - to the filesystem type.) - -+If the mount requires a passphrase, you will be prompted for one unless you -+specify a file descriptor to read from instead with the -+.BR \-p -+command line option, or specify a file name with -+.BR cleartextkey -+mount option. - Since Linux 2.6.25 auto-destruction of loop devices is supported, - meaning that any loop device allocated by - .B mount -diff -urN util-linux-2.36.2/sys-utils/mount.c util-linux-2.36.2-AES/sys-utils/mount.c ---- util-linux-2.36.2/sys-utils/mount.c 2021-02-12 13:32:01.835988410 +0200 -+++ util-linux-2.36.2-AES/sys-utils/mount.c 2021-02-23 18:30:59.352218487 +0200 +diff --git a/sys-utils/mount.c b/sys-utils/mount.c +index 0a85a2345..679e939c2 100644 +--- a/sys-utils/mount.c ++++ b/sys-utils/mount.c @@ -36,6 +36,7 @@ #include "c.h" #include "env.h" @@ -5282,10 +4884,10 @@ diff -urN util-linux-2.36.2/sys-utils/mount.c util-linux-2.36.2-AES/sys-utils/mo #include "optutils.h" +static int passfd = -1; - static int mk_exit_code(struct libmnt_context *cxt, int rc); + static struct ul_env_list *envs_removed; - static void suid_drop(struct libmnt_context *cxt) -@@ -96,6 +98,32 @@ + static int mk_exit_code(struct libmnt_context *cxt, int rc); +@@ -105,6 +107,32 @@ static int table_parser_errcb(struct libmnt_table *tb __attribute__((__unused__) return 1; } @@ -5318,7 +4920,7 @@ diff -urN util-linux-2.36.2/sys-utils/mount.c util-linux-2.36.2-AES/sys-utils/mo /* * Replace control chars with '?' to be compatible with coreutils. For more * robust solution use findmnt(1) where we use \x?? hex encoding. -@@ -468,6 +496,7 @@ +@@ -477,6 +505,7 @@ static void __attribute__((__noreturn__)) usage(void) fprintf(out, _( " -o, --options <list> comma-separated list of mount options\n" " -O, --test-opts <list> limit the set of filesystems (use with -a)\n" @@ -5326,7 +4928,7 @@ diff -urN util-linux-2.36.2/sys-utils/mount.c util-linux-2.36.2-AES/sys-utils/mo " -r, --read-only mount the filesystem read-only (same as -o ro)\n" " -t, --types <list> limit the set of filesystem types\n")); fprintf(out, _( -@@ -667,7 +696,7 @@ +@@ -676,7 +705,7 @@ int main(int argc, char **argv) mnt_context_set_tables_errcb(cxt, table_parser_errcb); @@ -5335,7 +4937,7 @@ diff -urN util-linux-2.36.2/sys-utils/mount.c util-linux-2.36.2-AES/sys-utils/mo longopts, NULL)) != -1) { /* only few options are allowed for non-root users */ -@@ -727,6 +756,10 @@ +@@ -736,6 +765,10 @@ int main(int argc, char **argv) if (mnt_context_set_options_pattern(cxt, optarg)) err(MNT_EX_SYSERR, _("failed to set options pattern")); break; @@ -5346,7 +4948,7 @@ diff -urN util-linux-2.36.2/sys-utils/mount.c util-linux-2.36.2-AES/sys-utils/mo case 'L': xasprintf(&srcbuf, "LABEL=\"%s\"", optarg); mnt_context_disable_swapmatch(cxt, 1); -@@ -899,6 +932,8 @@ +@@ -908,6 +941,8 @@ int main(int argc, char **argv) else if (types) mnt_context_set_fstype(cxt, types); @@ -5355,9 +4957,10 @@ diff -urN util-linux-2.36.2/sys-utils/mount.c util-linux-2.36.2-AES/sys-utils/mo if (all) { /* * A) Mount all -diff -urN util-linux-2.36.2/sys-utils/swapoff.c util-linux-2.36.2-AES/sys-utils/swapoff.c ---- util-linux-2.36.2/sys-utils/swapoff.c 2021-02-02 17:41:38.084356716 +0200 -+++ util-linux-2.36.2-AES/sys-utils/swapoff.c 2021-02-23 18:30:59.352218487 +0200 +diff --git a/sys-utils/swapoff.c b/sys-utils/swapoff.c +index 7bfb90a3e..a53c0c7ad 100644 +--- a/sys-utils/swapoff.c ++++ b/sys-utils/swapoff.c @@ -1,4 +1,9 @@ #include <stdio.h> +#include <sys/types.h> @@ -5376,7 +4979,7 @@ diff -urN util-linux-2.36.2/sys-utils/swapoff.c util-linux-2.36.2-AES/sys-utils/ #include "c.h" #include "xalloc.h" #include "closestream.h" -@@ -162,6 +168,45 @@ +@@ -162,6 +168,45 @@ static void __attribute__((__noreturn__)) usage(void) exit(SWAPOFF_EX_OK); } @@ -5422,7 +5025,7 @@ diff -urN util-linux-2.36.2/sys-utils/swapoff.c util-linux-2.36.2-AES/sys-utils/ static int swapoff_all(void) { int nerrs = 0, nsucc = 0; -@@ -196,8 +241,30 @@ +@@ -196,8 +241,30 @@ static int swapoff_all(void) mnt_reset_iter(itr, MNT_ITER_FORWARD); while (tb && mnt_table_find_next_fs(tb, itr, match_swap, NULL, &fs) == 0) { @@ -5455,35 +5058,10 @@ diff -urN util-linux-2.36.2/sys-utils/swapoff.c util-linux-2.36.2-AES/sys-utils/ } mnt_free_iter(itr); -diff -urN util-linux-2.36.2/sys-utils/swapon.8 util-linux-2.36.2-AES/sys-utils/swapon.8 ---- util-linux-2.36.2/sys-utils/swapon.8 2021-02-02 17:41:38.084356716 +0200 -+++ util-linux-2.36.2-AES/sys-utils/swapon.8 2021-02-23 18:30:59.352218487 +0200 -@@ -69,6 +69,22 @@ - .I /proc/swaps - or - .IR /etc/fstab ). -+.PP -+If -+.I loop=/dev/loop? -+and -+.I encryption=AES128 -+options are present in -+.I /etc/fstab -+then -+.BR "swapon -a" -+will set up loop devices using random keys, run -+.BR "mkswap" -+on them, and enable encrypted swap on specified loop devices. Encrypted loop -+devices are set up with page size offset so that unencrypted swap signatures -+on first page of swap devices are not touched. -+.BR "swapoff -a" -+will tear down such loop devices. - - .SH OPTIONS - .TP -diff -urN util-linux-2.36.2/sys-utils/swapon.c util-linux-2.36.2-AES/sys-utils/swapon.c ---- util-linux-2.36.2/sys-utils/swapon.c 2021-02-02 17:41:38.085356709 +0200 -+++ util-linux-2.36.2-AES/sys-utils/swapon.c 2021-02-23 18:30:59.352218487 +0200 +diff --git a/sys-utils/swapon.c b/sys-utils/swapon.c +index 0f47d8516..93ce2a807 100644 +--- a/sys-utils/swapon.c ++++ b/sys-utils/swapon.c @@ -8,6 +8,8 @@ #include <unistd.h> #include <sys/types.h> @@ -5502,7 +5080,7 @@ diff -urN util-linux-2.36.2/sys-utils/swapon.c util-linux-2.36.2-AES/sys-utils/s #include "bitops.h" #include "blkdev.h" #include "pathnames.h" -@@ -721,6 +725,227 @@ +@@ -734,6 +738,227 @@ static int parse_options(struct swap_prop *props, const char *options) } @@ -5730,7 +5308,7 @@ diff -urN util-linux-2.36.2/sys-utils/swapon.c util-linux-2.36.2-AES/sys-utils/s static int swapon_all(struct swapon_ctl *ctl) { struct libmnt_table *tb = get_fstab(); -@@ -738,6 +963,9 @@ +@@ -751,6 +976,9 @@ static int swapon_all(struct swapon_ctl *ctl) while (mnt_table_find_next_fs(tb, itr, match_swap, NULL, &fs) == 0) { /* defaults */ const char *opts; @@ -5740,7 +5318,7 @@ diff -urN util-linux-2.36.2/sys-utils/swapon.c util-linux-2.36.2-AES/sys-utils/s const char *device; struct swap_prop prop; /* per device setting */ -@@ -746,6 +974,10 @@ +@@ -759,6 +987,10 @@ static int swapon_all(struct swapon_ctl *ctl) warnx(_("%s: noauto option -- ignored"), mnt_fs_get_source(fs)); continue; } @@ -5751,7 +5329,7 @@ diff -urN util-linux-2.36.2/sys-utils/swapon.c util-linux-2.36.2-AES/sys-utils/s /* default setting */ prop = ctl->props; -@@ -760,23 +992,38 @@ +@@ -773,23 +1005,38 @@ static int swapon_all(struct swapon_ctl *ctl) if (!device) { if (!prop.no_fail) status |= cannot_find(mnt_fs_get_source(fs)); diff --git a/util-linux-aes.sysusers b/util-linux-aes.sysusers index d7425ae9e299..de04d9f050c3 100644 --- a/util-linux-aes.sysusers +++ b/util-linux-aes.sysusers @@ -1 +1,2 @@ u uuidd 68 +g rfkill - - - |