diff options
author | Cj Case | 2017-08-08 03:50:27 -0500 |
---|---|---|
committer | Cj Case | 2017-08-08 03:50:27 -0500 |
commit | 8c2d03498700d78cc11eed055391e86019983949 (patch) | |
tree | 9dc4ae2cc18e6fd35e5f5b760779ecb4f1863e29 | |
parent | 6d3395ee44e492174feebd4849fe816bb85f04b6 (diff) | |
download | aur-8c2d03498700d78cc11eed055391e86019983949.tar.gz |
Update to 1.7.5
-rw-r--r-- | .AURINFO | 28 | ||||
-rw-r--r-- | .SRCINFO | 43 | ||||
-rw-r--r-- | PKGBUILD | 56 | ||||
-rw-r--r-- | cryptsetup.c.diff (renamed from cryptsetup.c.patch) | 32 | ||||
-rw-r--r-- | cryptsetup.c.diff.asc | 16 | ||||
-rw-r--r-- | encrypt_hook | 2 | ||||
-rw-r--r-- | keymanage.c.diff | 27 | ||||
-rw-r--r-- | keymanage.c.diff.asc | 16 | ||||
-rw-r--r-- | keymanage.c.patch | 28 | ||||
-rw-r--r-- | libcryptsetup.h.diff (renamed from libcryptsetup.h.patch) | 9 | ||||
-rw-r--r-- | libcryptsetup.h.diff.asc | 16 | ||||
-rw-r--r-- | libcryptsetup.h.patch.asc | 17 | ||||
-rw-r--r-- | setup.c.diff | 37 | ||||
-rw-r--r-- | setup.c.diff.asc | 16 | ||||
-rw-r--r-- | setup.c.patch | 38 |
15 files changed, 207 insertions, 174 deletions
diff --git a/.AURINFO b/.AURINFO deleted file mode 100644 index 3febf2db8069..000000000000 --- a/.AURINFO +++ /dev/null @@ -1,28 +0,0 @@ -pkgbase = cryptsetup-nuke-keys - pkgdesc = cryptsetup patched to nuke all keyslots given a certain passphrase - pkgver = 1.6.6 - pkgrel = 1 - url = https://github.com/offensive-security/cryptsetup-nuke-keys - arch = i686 - arch = x86_64 - groups = base - license = GPL - makedepends = util-linux - depends = device-mapper - depends = libgcrypt - depends = popt - depends = libutil-linux - provides = cryptsetup - conflicts = cryptsetup - source = https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.6.tar.xz - source = encrypt_hook - source = encrypt_install - source = sd-encrypt - source = cryptsetup.c.patch - source = keymanage.c.patch - source = libcryptsetup.h.patch - source = setup.c.patch - options = !emptydirs - -pkgname = cryptsetup-nuke-keys - @@ -1,8 +1,6 @@ -# Generated by mksrcinfo v8 -# Sat Jun 11 13:50:29 UTC 2016 pkgbase = cryptsetup-nuke-keys pkgdesc = cryptsetup patched to nuke all keyslots given a certain passphrase - pkgver = 1.7.2 + pkgver = 1.7.5 pkgrel = 1 url = https://github.com/offensive-security/cryptsetup-nuke-keys arch = i686 @@ -17,26 +15,35 @@ pkgbase = cryptsetup-nuke-keys provides = cryptsetup conflicts = cryptsetup options = !emptydirs - source = https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.2.tar.xz - source = https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.2.tar.sign + source = https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.xz + source = https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.sign source = encrypt_hook source = encrypt_install source = sd-encrypt - source = cryptsetup.c.patch - source = keymanage.c.patch - source = libcryptsetup.h.patch - source = libcryptsetup.h.patch.asc - source = setup.c.patch - sha256sums = dbb35dbf5f0c1749168c86c913fe98e872247bfc8425314b494c2423e7e43342 - sha256sums = SKIP - sha256sums = 4406f8dc83f4f1b408e49d557515f721d91b358355c71fbe51f74ab27e5c84ff + source = cryptsetup.c.diff + source = cryptsetup.c.diff.asc + source = keymanage.c.diff + source = keymanage.c.diff.asc + source = libcryptsetup.h.diff + source = libcryptsetup.h.diff.asc + source = setup.c.diff + source = setup.c.diff.asc + validpgpkeys = 0D1D18DEF6496F9B60A600821CE20B5DEB5CE016 + validpgpkeys = 5F885602C7FD0951F565E27949F67298E6366A92 + validpgpkeys = 2A2918243FDE46648D0686F9D9B0577BD93E98FC + sha256sums = 2b30cd1d0dd606a53ac77b406e1d37798d4b0762fa89de6ea546201906a251bd + sha256sums = 48e33bb10a2a23a1b1ba8c55560ad54ca8349ec87b4be651cf874c285f5a9482 + sha256sums = 9aee13c8e5de8e61e5bf3ca18dfe1f17aa1e4c14755dd2348c37b545ece55e5f sha256sums = cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae sha256sums = d442304e6a78b3513ebc53be3fe2f1276a7df470c8da701b3ece971d59979bdd - sha256sums = 64bc32c5771ab72484f267521354d16833f35b0dc5985279186a8bf2d7a51efb - sha256sums = 13545e49806f441c2a70513bc2449229c9905f20b933e17ba54078c0392f6d87 - sha256sums = a594beafd8f1d57aa455b30b88d38ea2349d4ff2a1d51bb48edaf8c4fdeab63d - sha256sums = SKIP - sha256sums = 257656034c2fda27e0711dc76142693519453812d2cd45248abe3ea2f3c60a80 + sha256sums = 8c6f2262ae3754ffafce13e6484388573cad895a724f6c0342c90ddac9ea1527 + sha256sums = 44097ee6ebb46c88c931c6cab3a6f763f51b94972dc98dc12304a0bb526c8397 + sha256sums = bc6567863151721fa134998c0588c158cb65ad3d598834a495f4efb4c3acddcb + sha256sums = cf77d649133aec4c08bd8c1b79e1a73cb0b128ad1bd12ac8d48f4790b2dfe836 + sha256sums = cd92fe751ef2975ca505338651f98585d85a1ea13e397f2c925e1babb18291f5 + sha256sums = 71b3b66bb571034eabe480c87249a1dcc38e5e863169391681ca90b0c8101860 + sha256sums = 8c43b7bec4d73963276a5546c32a55043c446717c3810e24874dc3cdc1fb027c + sha256sums = 1fc90c421bc3693c58e811760d4043c7f1b3d75edde7eb88b43c4b3ad041c3f1 pkgname = cryptsetup-nuke-keys @@ -1,9 +1,10 @@ -# $Id: PKGBUILD 202619 2013-12-22 13:44:39Z thomas $ -# Maintainer: Claire Farron <diesal3@googlemail.com> +# Maintainer: Cj Case <cj@abysmal.mx> +# Contributor: Claire Farron <diesal3@googlemail.com> # Contributor: Thomas Bächler <thomas@archlinux.org> # Contributor: Andy Weidenbaum <archbaum@gmail.com> + pkgname=cryptsetup-nuke-keys -pkgver=1.7.2 +pkgver=1.7.5 pkgrel=1 pkgdesc="cryptsetup patched to nuke all keyslots given a certain passphrase" arch=(i686 x86_64) @@ -18,25 +19,32 @@ source=(https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-${pkgv encrypt_hook encrypt_install sd-encrypt - cryptsetup.c.patch - keymanage.c.patch - libcryptsetup.h.patch - libcryptsetup.h.patch.asc - setup.c.patch) -sha256sums=('dbb35dbf5f0c1749168c86c913fe98e872247bfc8425314b494c2423e7e43342' - 'SKIP' - '4406f8dc83f4f1b408e49d557515f721d91b358355c71fbe51f74ab27e5c84ff' - 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae' - 'd442304e6a78b3513ebc53be3fe2f1276a7df470c8da701b3ece971d59979bdd' - '64bc32c5771ab72484f267521354d16833f35b0dc5985279186a8bf2d7a51efb' - '13545e49806f441c2a70513bc2449229c9905f20b933e17ba54078c0392f6d87' - 'a594beafd8f1d57aa455b30b88d38ea2349d4ff2a1d51bb48edaf8c4fdeab63d' - 'SKIP' - '257656034c2fda27e0711dc76142693519453812d2cd45248abe3ea2f3c60a80') + cryptsetup.c.diff + cryptsetup.c.diff.asc + keymanage.c.diff + keymanage.c.diff.asc + libcryptsetup.h.diff + libcryptsetup.h.diff.asc + setup.c.diff + setup.c.diff.asc + ) +sha256sums=('2b30cd1d0dd606a53ac77b406e1d37798d4b0762fa89de6ea546201906a251bd' + '48e33bb10a2a23a1b1ba8c55560ad54ca8349ec87b4be651cf874c285f5a9482' + '9aee13c8e5de8e61e5bf3ca18dfe1f17aa1e4c14755dd2348c37b545ece55e5f' + 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae' + 'd442304e6a78b3513ebc53be3fe2f1276a7df470c8da701b3ece971d59979bdd' + '8c6f2262ae3754ffafce13e6484388573cad895a724f6c0342c90ddac9ea1527' + '44097ee6ebb46c88c931c6cab3a6f763f51b94972dc98dc12304a0bb526c8397' + 'bc6567863151721fa134998c0588c158cb65ad3d598834a495f4efb4c3acddcb' + 'cf77d649133aec4c08bd8c1b79e1a73cb0b128ad1bd12ac8d48f4790b2dfe836' + 'cd92fe751ef2975ca505338651f98585d85a1ea13e397f2c925e1babb18291f5' + '71b3b66bb571034eabe480c87249a1dcc38e5e863169391681ca90b0c8101860' + '8c43b7bec4d73963276a5546c32a55043c446717c3810e24874dc3cdc1fb027c' + '1fc90c421bc3693c58e811760d4043c7f1b3d75edde7eb88b43c4b3ad041c3f1') validpgpkeys=( - '5F885602C7FD0951F565E27949F67298E6366A92' # Claire Farron - '2A2918243FDE46648D0686F9D9B0577BD93E98FC' # Milan Broz <gmazyland@gmail.com> + '0D1D18DEF6496F9B60A600821CE20B5DEB5CE016' # Cj Case + '2A2918243FDE46648D0686F9D9B0577BD93E98FC' # Milan Broz <gmazyland@gmail.com> ) provides=('cryptsetup') @@ -47,10 +55,10 @@ prepare() { # luksAddNuke msg "Patching source to enable luksAddNuke" - patch -p1 < ${srcdir}/cryptsetup.c.patch - patch -p1 < ${srcdir}/keymanage.c.patch - patch -p1 < ${srcdir}/libcryptsetup.h.patch - patch -p1 < ${srcdir}/setup.c.patch + patch -p0 < ${srcdir}/cryptsetup.c.diff + patch -p0 < ${srcdir}/keymanage.c.diff + patch -p0 < ${srcdir}/libcryptsetup.h.diff + patch -p0 < ${srcdir}/setup.c.diff } build() { diff --git a/cryptsetup.c.patch b/cryptsetup.c.diff index d22ec3cf5780..39778d5a9bf9 100644 --- a/cryptsetup.c.patch +++ b/cryptsetup.c.diff @@ -1,6 +1,6 @@ ---- ./src/cryptsetup.c 2014-01-06 20:23:39.171370530 -0800 -+++ ./src/cryptsetup.c 2014-01-06 20:27:04.431365104 -0800 -@@ -36,6 +36,7 @@ +--- src/cryptsetup.c 2017-04-27 01:42:53.000000000 -0500 ++++ cryptsetup-nuke.c 2017-08-07 16:56:24.294759056 -0500 +@@ -37,6 +37,7 @@ static const char *opt_uuid = NULL; static const char *opt_header_device = NULL; static const char *opt_type = "luks"; @@ -8,37 +8,37 @@ static int opt_key_size = 0; static long opt_keyfile_size = 0; static long opt_new_keyfile_size = 0; -@@ -974,6 +975,9 @@ +@@ -1036,6 +1037,9 @@ if (r < 0) goto out; -+ if(currentlyNuking == 1) { -+ opt_key_slot ^= CRYPT_ACTIVATE_NUKE; -+ } ++ if(currentlyNuking == 1) ++ opt_key_slot ^= CRYPT_ACTIVATE_NUKE; ++ r = crypt_keyslot_add_by_passphrase(cd, opt_key_slot, password, password_size, password_new, password_new_size); -@@ -986,6 +990,15 @@ +@@ -1048,6 +1052,15 @@ return r; } +static int action_luksAddNuke(void) +{ -+ int results; -+ currentlyNuking = 1; -+ results = action_luksAddKey(); -+ currentlyNuking = 0; -+ return(results); ++ int results; ++ currentlyNuking = 1; ++ results = action_luksAddKey(); ++ currentlyNuking = 0; ++ return results; +} + static int action_luksChangeKey(void) { const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL); -@@ -1278,6 +1291,7 @@ - { "repair", action_luksRepair, 1, 1, N_("<device>"), N_("try to repair on-disk metadata") }, +@@ -1386,6 +1399,7 @@ + { "erase", action_luksErase , 1, 1, N_("<device>"), N_("erase all keyslots (remove encryption key)") }, { "luksFormat", action_luksFormat, 1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") }, { "luksAddKey", action_luksAddKey, 1, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") }, -+ { "luksAddNuke", action_luksAddNuke, 1, 1, N_("<device> [<new key file>]"), N_("add NUKE to LUKS device") }, ++ { "luksAddNuke", action_luksAddNuke, 1, 1, N_("<device> [<new key file>]"), N_("add NUKE to LUKS device") }, { "luksRemoveKey",action_luksRemoveKey,1, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") }, { "luksChangeKey",action_luksChangeKey,1, 1, N_("<device> [<key file>]"), N_("changes supplied key or key file of LUKS device") }, { "luksKillSlot", action_luksKillSlot, 2, 1, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") }, diff --git a/cryptsetup.c.diff.asc b/cryptsetup.c.diff.asc new file mode 100644 index 000000000000..9e84dfd5a34d --- /dev/null +++ b/cryptsetup.c.diff.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEDR0Y3vZJb5tgpgCCHOILXetc4BYFAlmJJW4ACgkQHOILXetc +4Bb3zg/9Guv24Wn78DwWK9aCDUB3qvPv4eurS1SX1CK2ObfnUeftpz5KezwMdosk +1YQAL9VnoxKwRZnTMvHtAk0br/95DN64LvUcAvb3mfEZUB40JZEIbDPQSgi/jTh+ +fhQYDnK0RPx1oQsvM65f7XyKADQKH3xYDiIWu7HXQxCqx/fqSEYY7PKk/CvVX85x +HsRyvLqGePkhAFWfQKsFUm1fJYf6nTx86sEejkQzoExHBbFTxhR8ZT6NhkClZjtm +bZ058qQydLj7CYpnlip+kjch29dvwhO/12hOkANDWtVrlxEpyKiCwDeZxHvtOAhg +nQ7dtenQ15N3cL8iBy/A7rAeeky5K9vfuNXG2mrYk6VAh1RVDsMrQ7Bk11VVgvCE +Gs2rgaQUY7e6vHaHga6J8u/dlyMOXO6mzRnrz39z/VDuQRU4c2Z5cWhB8rEljP3p +uuNQjDLQRJRF96bOT6JZkYm2dmINgBKCCAr0AAM0O57l3Hs4cJzRL2KbQbdd2zQW +1rHkMMtCDUoDEFe/jtTEWpsYI8Z/dZRu0y6Xxc0cJ9QnWcQm12ffGgUBKN5NCMU3 +IVfqnen0Q96QcJyU2sHjpSTdAX9essJRoEbyb6WRBoRDpY2B8DrXTMDzqeToYgcx +IFIkNNUl4DyEy0VMFvU1EOj3390IXVUaMD0RnQFQ+/CiOwZPJaA= +=e/II +-----END PGP SIGNATURE----- diff --git a/encrypt_hook b/encrypt_hook index 819c4cf60fe0..49f5f0522b0a 100644 --- a/encrypt_hook +++ b/encrypt_hook @@ -1,4 +1,4 @@ -#!/usr/bin/ash +#!/usr/bin/bash run_hook() { modprobe -a -q dm-crypt >/dev/null 2>&1 diff --git a/keymanage.c.diff b/keymanage.c.diff new file mode 100644 index 000000000000..f7e34114d427 --- /dev/null +++ b/keymanage.c.diff @@ -0,0 +1,27 @@ +--- lib/luks1/keymanage.c 2017-04-27 01:42:53.000000000 -0500 ++++ keymanage-nuke.c 2017-08-07 16:17:31.647396091 -0500 +@@ -966,6 +966,24 @@ + + if (!r) + log_verbose(ctx, _("Key slot %d unlocked.\n"), keyIndex); ++ ++ /* Check if key in keyslot is a nuke, then wipe all keyslots */ ++ if(vk->key[0] == 0){ ++ int i = 1; ++ ++ while((i < vk->keylength) && (vk->key[i] == 0)) ++ i++; ++ ++ if(i == vk->keylength){ ++ /* vk is all 0's, wipe all keyslots and log a fake error message */ ++ log_err(ctx, _("Failed to read from key storage.\n")); ++ for(i = 0; i < LUKS_NUMKEYS; i++) ++ LUKS_del_key(i, hdr, ctx); ++ r = -EPERM; ++ goto out; ++ } ++ } ++ + out: + crypt_safe_free(AfKey); + crypt_free_volume_key(derived_key); diff --git a/keymanage.c.diff.asc b/keymanage.c.diff.asc new file mode 100644 index 000000000000..6c1e99bf60d8 --- /dev/null +++ b/keymanage.c.diff.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEDR0Y3vZJb5tgpgCCHOILXetc4BYFAlmJJW4ACgkQHOILXetc +4BZ3MhAAnI63YfxPQy+Nh26uPpDfBTfRArc4Y3UT/R7vI/ENPNW9cg/YdQraxo79 +YOVHHV/0RukxLS6SzcR5W01qcesfAU+se+z1XftlTeDei7xnb1E6L9UYHYP72xHa +H9cjzMJg1OO2hYkYyqhAWHBZGk1rUbnvWx9AOUUAtDunxkhXZdiXMU0EVb4/g3WK +rORL3MfXNhkX9rZ1UAuVD7fcNxe/0RulXWZA83LzGStlXa+g7DEHSUx5Mb0euDMf +LUnrwtDxkz25VzGNFD7lvmEPt0BN+95q81XY7k7fzod1/L/lUjdWYsiMhDQsD9bw +PJt9/tf350SEJMVrcSnw/WfHmdHkrSdqpqLI2Os4K06gUlyr+djDwmhDzLYU04Fr +ab8F841JCrfQbaKi+H0CPIduGU4LGzERIfdVAsg2VKgvEztsiAkTLWeTJUpJkXP2 +lDWl/6gDGsYMdM6FsXra/E5rzgvYYTxrf5JM/EmWEUo56RTErccJQQc7UfDeHAkA +hZOPI9dg9XiNAAL4/jZT2fE6PqQ1CZCP/HCj0MEaz5x6i73tGyJR7LmFUalIWuGI +wn5XtNCCSQcejfETuxMRvZs5QlI8VXlKc5sSTWZsrlSJ+ZdVXrTA/potrGxggj36 +X6ND4pSepqQPkTCpA75uTcbt4msutkJKrX87pe6e65rlp5BcyHI= +=Cq3K +-----END PGP SIGNATURE----- diff --git a/keymanage.c.patch b/keymanage.c.patch deleted file mode 100644 index 75ffe3abab13..000000000000 --- a/keymanage.c.patch +++ /dev/null @@ -1,28 +0,0 @@ ---- ./lib/luks1/keymanage.c 2014-01-06 20:12:00.504722334 -0800 -+++ ./lib/luks1/keymanage.c 2014-01-06 20:13:37.661386433 -0800 -@@ -941,6 +941,25 @@ - r = LUKS_verify_volume_key(hdr, vk); - if (!r) - log_verbose(ctx, _("Key slot %d unlocked.\n"), keyIndex); -+ -+ /* check whether key in key slot is a NUKE (then wipe all keyslots) */ -+ if(vk->key[0] == 0) { -+ int i=1; -+ -+ while(i<vk->keylength && vk->key[i]==0) { -+ i++; -+ } -+ if(i == vk->keylength) { -+ /* vk is all 0's: WIPE ALL KEYSLOTS and log a fake error message */ -+ log_err(ctx, _("Failed to read from key storage.\n")); -+ for(i=0; i<LUKS_NUMKEYS; i++) { -+ LUKS_del_key(i, hdr, ctx); -+ } -+ r = -EPERM; -+ goto out; -+ } -+ } -+ - out: - crypt_safe_free(AfKey); - crypt_free_volume_key(derived_key); diff --git a/libcryptsetup.h.patch b/libcryptsetup.h.diff index 29dcb68caae1..627b2e8f7b5a 100644 --- a/libcryptsetup.h.patch +++ b/libcryptsetup.h.diff @@ -1,11 +1,12 @@ ---- ./lib/libcryptsetup.h 2016-06-04 12:15:40.000000000 +0100 -+++ ./lib/libcryptsetup.h.new 2016-06-11 14:40:35.406881058 +0100 -@@ -758,6 +758,8 @@ +--- lib/libcryptsetup.h 2017-04-27 01:42:53.000000000 -0500 ++++ libcryptsetup-nuke.h 2017-08-07 15:52:49.522092120 -0500 +@@ -758,7 +758,8 @@ #define CRYPT_ACTIVATE_RESTART_ON_CORRUPTION (1 << 9) /** dm-verity: ignore_zero_blocks - do not verify zero blocks */ #define CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS (1 << 10) +- +/** key slot is a nuke, will wipe all keyslots */ +#define CRYPT_ACTIVATE_NUKE (1 << 30) - /** + * Active device runtime attributes diff --git a/libcryptsetup.h.diff.asc b/libcryptsetup.h.diff.asc new file mode 100644 index 000000000000..0c493ea81459 --- /dev/null +++ b/libcryptsetup.h.diff.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEDR0Y3vZJb5tgpgCCHOILXetc4BYFAlmJJW4ACgkQHOILXetc +4BZm2Q/8C4lOlIHx8qZUVa4oeb8pXyNO0UfLvFS7sP7bkiSEMzIrfWqvc78YyZHh +t5OFTJO38Ckq8qxhPPESVWbRx5cj1jnbLNpHXYqxBwCLo9fx2NdKdUwgJ5J0u5Bg +Ha/7Eg3yzdL7w6VWuavg+2nmLrzeqCcP9dL78iLDVQGWbx8pv6bvSRTuYIXegY0w +QvAgiZ0pLroLy7ZfumrQTpk3fO46EkUID3NTZpliAEXnTnvulyEotAs3COe2QaHV +4qpY7HzQKa0ASSDOrpUxW9GO5A5Mxi4urUDeKE8H/VRiPB0p9JPBc7kfdMgBgN5n +BF5sNs3ut7+6/J+JDiZCAkovlgypPc+EkyNkavgkS/l90tzjOkiebnuASH1xEDTl +5w9Gaq/9HAPWjGW8WYSYJRHeEV9eH3arwJSqwYLW1/h5WkvXbx13nCNzBSXxVCkv +wIUqTJmn3CrY6jTIk4nLRyzuHB9dHz+9roFLqJ4PE9Dr3bF7kW3Y0fSFyd6eiLuu +J1nWRJ5B7arH9cMCCRJqiEZJpR6T969+pvBWv1gLVCliaAmbT2AIMF0w4sCQ/ll8 +UeTkIWgSW0LELMns5s3IGAfMOOuSu1dSLfoxhPHgqWfIc0yyNIwZYdwfbrrt8Kwl +QwNO/lvQABbiXc41ZgYFVnIC6eT7Yoy97J8yT6fp2RrA8WtBfQ0= +=hgCe +-----END PGP SIGNATURE----- diff --git a/libcryptsetup.h.patch.asc b/libcryptsetup.h.patch.asc deleted file mode 100644 index 891db5dee14e..000000000000 --- a/libcryptsetup.h.patch.asc +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQIcBAABCAAGBQJXXBVtAAoJEMKRNHOw7UAsq9UP/1m3O3CWClI4EiQtTRILMSQi -gLN1OkWy9JyagZl+0H7VdZf0kpDdOtzgQPTAYYxPBPZ4mQDMtNTp2oVoCDpjTuHi -DZPVVH7cer6/zXBRuqyCrUL7QArUUfZgWurAF9ryV1l2xSKB8lQeN2cjsP36j4TX -AiQoN+U7YTUhb6ZpZFVoX9trPJvbKKW+u3RlA9rsJ4dtASNs1T/7P3hNqZ3K1Mde -cCZ5XBmkUbLXHisxS8j3tyfnFNUoLgEC7RdeSELxxjZwF5dT1ZZ1dwquYTOU44k0 -d/lpAf7RUHmbglWqJmmUqKemE168jeWKYrBUsjzNp0CSjG7YSBpwsKmPHKZIFw+J -Vhjwfd1fbE7hZy+9kql1Hv8us0oWM+iRuwdXteMZ49BFoLd5nMrm6DUQI7AWCJ8f -HkU0k6xNI0BuW9JOxNy3/kEGKRiW8T0q0AAuaYCWO3U6bhgHslB682bc4mP23KUA -3v2+QnW3Yfnzw5t3gguVqjRkUFRuMv3ZpRLQ5qti37WV5ZNkGDekvUt+pFA2n/mM -UYhTkRcBK4w0Uc301jpZuQd9lJBivOSP6DBol8GOKmhEdVJPNQP8Mm6Ldtzm/8I6 -/UWWOYPi5hhoArs6nYQBlItS3MxgEhFELHLrmJIBr4EUn0hhKmqjqPGdXobSRz9p -gRgHe595ULJzTi7rgxw1 -=Bvpq ------END PGP SIGNATURE----- diff --git a/setup.c.diff b/setup.c.diff new file mode 100644 index 000000000000..72a145e41ea1 --- /dev/null +++ b/setup.c.diff @@ -0,0 +1,37 @@ +--- lib/setup.c 2017-04-27 01:42:53.000000000 -0500 ++++ setup-nuke.c 2017-08-07 15:00:57.282285904 -0500 +@@ -1700,6 +1700,7 @@ + char *password = NULL, *new_password = NULL; + size_t passwordLen, new_passwordLen; + int r; ++ int nuke = 0; + + log_dbg("Adding new keyslot, existing passphrase %sprovided," + "new passphrase %sprovided.", +@@ -1709,6 +1710,15 @@ + if (r < 0) + return r; + ++ if ( (keyslot > 0) && ((keyslot & CRYPT_ACTIVATE_NUKE) != 0) ) { ++ nuke = 1; ++ keyslot ^= CRYPT_ACTIVATE_NUKE; ++ } ++ if ( (keyslot < 0) && ((keyslot & CRYPT_ACTIVATE_NUKE) == 0) ) { ++ nuke = 1; ++ keyslot ^= CRYPT_ACTIVATE_NUKE; ++ } ++ + r = keyslot_verify_or_find_empty(cd, &keyslot); + if (r) + return r; +@@ -1751,6 +1761,10 @@ + goto out; + } + ++ if (nuke){ ++ memset(vk->key, '\0', vk->keylength); ++ } ++ + r = LUKS_set_key(keyslot, new_password, new_passwordLen, + &cd->u.luks1.hdr, vk, cd->iteration_time, &cd->u.luks1.PBKDF2_per_sec, cd); + if(r < 0) diff --git a/setup.c.diff.asc b/setup.c.diff.asc new file mode 100644 index 000000000000..b03eda93f849 --- /dev/null +++ b/setup.c.diff.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEDR0Y3vZJb5tgpgCCHOILXetc4BYFAlmJJW8ACgkQHOILXetc +4BblDxAAg0eFgA4YXVldOLNbn8C2JHItyEs45xw4PgDRBbwZCujM5kolU/evENPv +3iEGZFW7SdDimckgw58WbqlPREZw/8JOUZ2+w/KfC5ZmJAIWVEuobLVIAanVZ0m1 +hmvSqpsBCEWJ6A18NFTXXX/3oGHdRyPrUB07NCMJIu0ydEk6WKUfCPNCXcHyR/bn +Odr5cgfV0n5wTO40jcy+tf9tybCHoaLKI2URF7U2nfzhS9rgMatmBlKt+4yBeC4l +hdBY23aXPBg83vHYWU8NL1wV2ummzdxRi1DwbLUPMp2z0Cf4AhnYDE0W11CQ1QWX +r03rQ7uitp73pOlKzYZqnBgPToOHUDsOVePtvkoO20OkhBAOqKsO99meExrWpGN7 +wsZqkBUHh+TL7x0CAsGP4WAvQMzwskFEFFSPi8mF1HbSveEvkt+RpRmraqniDg5c +WFdHQrx8ijPh9WpUKrYcUPWOzcx5e+Mj7IpSclesVk9Knwf9yDlXeB2i5jmCqE/K +PY8zadFh87Ucar1GBAjgZH1YFoVuzczpaMM1FTV04yDUJK8/1I0YamtJI0P3/W5j +u8fA+qN6r6oKbCvoLCxrTZja66iB9PwK9NqQ0KpCAIEXouogtBoHhdC+FyM0Lo0N +N/3sJBca7zvwAaP1OWOJEQ27yG1IHiIiNxVR7Y6/wpw9aWcx/oA= +=yy6f +-----END PGP SIGNATURE----- diff --git a/setup.c.patch b/setup.c.patch deleted file mode 100644 index faa7704ba80e..000000000000 --- a/setup.c.patch +++ /dev/null @@ -1,38 +0,0 @@ ---- ./lib/setup.c 2014-01-06 20:14:11.734718868 -0800 -+++ ./lib/setup.c 2014-01-06 20:22:46.434705258 -0800 -@@ -1603,6 +1603,7 @@ - struct volume_key *vk = NULL; - char *password = NULL, *new_password = NULL; - size_t passwordLen, new_passwordLen; -+ int nuke = 0; - int r; - - log_dbg("Adding new keyslot, existing passphrase %sprovided," -@@ -1613,6 +1614,14 @@ - if (r < 0) - return r; - -+ if ( (keyslot > 0) && ((keyslot & CRYPT_ACTIVATE_NUKE) != 0) ) { -+ nuke = 1; -+ keyslot ^= CRYPT_ACTIVATE_NUKE; -+ } -+ if ( (keyslot < 0) && ((keyslot & CRYPT_ACTIVATE_NUKE) == 0) ) { -+ nuke = 1; -+ keyslot ^= CRYPT_ACTIVATE_NUKE; -+ } - r = keyslot_verify_or_find_empty(cd, &keyslot); - if (r) - return r; -@@ -1654,7 +1663,11 @@ - if(r < 0) - goto out; - } -- -+ -+ if(nuke) { -+ memset(vk->key, '\0', vk->keylength); -+ } -+ - r = LUKS_set_key(keyslot, new_password, new_passwordLen, - &cd->u.luks1.hdr, vk, cd->iteration_time, &cd->u.luks1.PBKDF2_per_sec, cd); - if(r < 0) goto out; |