diff options
-rw-r--r-- | .SRCINFO | 11 | ||||
-rw-r--r-- | PKGBUILD | 13 | ||||
-rw-r--r-- | hooks-encrypt | 23 | ||||
-rw-r--r-- | install-encrypt | 24 | ||||
-rw-r--r-- | install-sd-encrypt | 57 |
5 files changed, 75 insertions, 53 deletions
@@ -1,6 +1,6 @@ pkgbase = cryptsetup-git pkgdesc = Userspace setup tool for transparent encryption of block devices using dm-crypt - pkgver = v2.3.3.r349.gcd3cb945 + pkgver = v2.6.1.r123.g464fe987 pkgrel = 1 url = https://gitlab.com/cryptsetup/cryptsetup arch = armv6h @@ -10,6 +10,7 @@ pkgbase = cryptsetup-git license = GPL makedepends = util-linux makedepends = git + makedepends = asciidoctor depends = device-mapper depends = libdevmapper.so depends = openssl @@ -20,6 +21,8 @@ pkgbase = cryptsetup-git depends = libjson-c.so depends = argon2 depends = libargon2.so + depends = libssh + depends = libssh.so provides = cryptsetup conflicts = cryptsetup options = !emptydirs @@ -28,8 +31,8 @@ pkgbase = cryptsetup-git source = install-encrypt source = install-sd-encrypt sha256sums = SKIP - sha256sums = 10461d20fe3bc357864ace3b408a2e93b4b03b5cff023def3ab126ae9857720d - sha256sums = d325dc239ecc9a5324407b0782da6df2573e8491251836d6c4e65fa61339ce57 - sha256sums = 46af2f1353db1909fc483f20e3fa1e13f1e7c0d14f44c0d6163ce0862916c613 + sha256sums = 839e961e053512293052250b424f38c347cb46c14cbd51d7e2705b3f5378ec02 + sha256sums = 2b71c6c56ef81e5bf4f49dcc08dbd1651b46bda51a8f75a0a342b344b2d0eccd + sha256sums = ec983a55b09dd512ab5b2f329fe611cb10478e4cc1cd3bb65848cf234dcfebd8 pkgname = cryptsetup-git @@ -6,15 +6,16 @@ _gitname=cryptsetup pkgname="${_gitname}-git" _gitbranch=master _gitauthor=cryptsetup -pkgver=v2.3.3.r349.gcd3cb945 +pkgver=v2.6.1.r123.g464fe987 pkgrel=1 pkgdesc='Userspace setup tool for transparent encryption of block devices using dm-crypt' arch=('armv6h' 'armv7h' 'i686' 'x86_64') license=('GPL') url="https://gitlab.com/${_gitauthor}/${_gitname}" depends=('device-mapper' 'libdevmapper.so' 'openssl' 'popt' 'libutil-linux' - 'libuuid.so' 'json-c' 'libjson-c.so' 'argon2' 'libargon2.so') -makedepends=('util-linux' 'git') + 'libuuid.so' 'json-c' 'libjson-c.so' 'argon2' 'libargon2.so' 'libssh' + 'libssh.so') +makedepends=('util-linux' 'git' 'asciidoctor') provides=('libcryptsetup.so') conflicts=('cryptsetup') provides=('cryptsetup') @@ -24,9 +25,9 @@ source=("git+https://gitlab.com/${_gitauthor}/${_gitname}#branch=${_gitbranch}" "install-encrypt" "install-sd-encrypt") sha256sums=('SKIP' - '10461d20fe3bc357864ace3b408a2e93b4b03b5cff023def3ab126ae9857720d' - 'd325dc239ecc9a5324407b0782da6df2573e8491251836d6c4e65fa61339ce57' - '46af2f1353db1909fc483f20e3fa1e13f1e7c0d14f44c0d6163ce0862916c613') + '839e961e053512293052250b424f38c347cb46c14cbd51d7e2705b3f5378ec02' + '2b71c6c56ef81e5bf4f49dcc08dbd1651b46bda51a8f75a0a342b344b2d0eccd' + 'ec983a55b09dd512ab5b2f329fe611cb10478e4cc1cd3bb65848cf234dcfebd8') pkgver() { cd "${srcdir}/${_gitname}" diff --git a/hooks-encrypt b/hooks-encrypt index 6bc1eea35920..031dbb55370b 100644 --- a/hooks-encrypt +++ b/hooks-encrypt @@ -65,9 +65,12 @@ EOF no-read-workqueue|perf-no_read_workqueue) cryptargs="${cryptargs} --perf-no_read_workqueue" ;; - no-write-workqueue|perf-no_read_workqueue) + no-write-workqueue|perf-no_write_workqueue) cryptargs="${cryptargs} --perf-no_write_workqueue" ;; + sector-size=*) + cryptargs="${cryptargs} --sector-size ${cryptopt#*=}" + ;; *) echo "Encryption option '${cryptopt}' not known, ignoring." >&2 ;; @@ -91,13 +94,19 @@ EOF fi # Ask for a passphrase if [ ${dopassphrase} -gt 0 ]; then - echo "" - echo "A password is required to access the ${cryptname} volume:" + if command -v plymouth >/dev/null 2>&1 && plymouth --ping 2>/dev/null; then + plymouth ask-for-password \ + --prompt="A password is required to access the ${cryptname} volume" \ + --command="cryptsetup open --type luks --key-file=- ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}" + else + echo "" + echo "A password is required to access the ${cryptname} volume:" - #loop until we get a real password - while ! eval cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do - sleep 2; - done + #loop until we get a real password + while ! eval cryptsetup open --type luks ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do + sleep 2; + done + fi fi if [ -e "/dev/mapper/${cryptname}" ]; then if [ ${DEPRECATED_CRYPT} -eq 1 ]; then diff --git a/install-encrypt b/install-encrypt index 4cffb4ff014b..2cd9ae013413 100644 --- a/install-encrypt +++ b/install-encrypt @@ -3,25 +3,29 @@ build() { local mod - add_module "dm-crypt" - add_module "dm-integrity" + add_module 'dm-crypt' + add_module 'dm-integrity' if [[ $CRYPTO_MODULES ]]; then for mod in $CRYPTO_MODULES; do add_module "$mod" done else - add_all_modules "/crypto/" + add_all_modules '/crypto/' fi - add_binary "cryptsetup" - add_binary "dmsetup" - add_file "/usr/lib/udev/rules.d/10-dm.rules" - add_file "/usr/lib/udev/rules.d/13-dm-disk.rules" - add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" - add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules" + add_binary 'cryptsetup' + + map add_udev_rule \ + '10-dm.rules' \ + '13-dm-disk.rules' \ + '95-dm-notify.rules' \ + '/usr/lib/initcpio/udev/11-dm-initramfs.rules' # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1 - add_binary "/usr/lib/libgcc_s.so.1" + add_binary '/usr/lib/libgcc_s.so.1' + + # cryptsetup loads the legacy provider which is required for whirlpool + add_binary '/usr/lib/ossl-modules/legacy.so' add_runscript } diff --git a/install-sd-encrypt b/install-sd-encrypt index 42ee25fe98d2..ca68f53de701 100644 --- a/install-sd-encrypt +++ b/install-sd-encrypt @@ -3,48 +3,53 @@ build() { local mod - add_module "dm-crypt" - add_module "dm-integrity" + add_module 'dm-crypt' + add_module 'dm-integrity' if [[ $CRYPTO_MODULES ]]; then for mod in $CRYPTO_MODULES; do add_module "$mod" done else - add_all_modules "/crypto/" + add_all_modules '/crypto/' fi - add_checked_modules "/drivers/char/tpm/" + add_checked_modules '/drivers/char/tpm/' - add_udev_rule "10-dm.rules" - add_udev_rule "13-dm-disk.rules" - add_udev_rule "60-fido-id.rules" - add_udev_rule "95-dm-notify.rules" - add_udev_rule "/usr/lib/initcpio/udev/11-dm-initramfs.rules" + map add_udev_rule \ + '10-dm.rules' \ + '13-dm-disk.rules' \ + '60-fido-id.rules' \ + '95-dm-notify.rules' \ + '/usr/lib/initcpio/udev/11-dm-initramfs.rules' - add_systemd_unit "cryptsetup.target" - add_binary "/usr/lib/systemd/system-generators/systemd-cryptsetup-generator" - add_binary "/usr/lib/systemd/systemd-cryptsetup" - - add_systemd_unit "systemd-ask-password-console.path" - add_systemd_unit "systemd-ask-password-console.service" + map add_systemd_unit 'cryptsetup.target' \ + 'systemd-ask-password-console.path' \ + 'systemd-ask-password-console.service' + map add_binary \ + '/usr/lib/systemd/system-generators/systemd-cryptsetup-generator' \ + '/usr/lib/systemd/systemd-cryptsetup' \ + '/usr/lib/cryptsetup/libcryptsetup-token-systemd-fido2.so' \ + '/usr/lib/cryptsetup/libcryptsetup-token-systemd-pkcs11.so' \ + '/usr/lib/cryptsetup/libcryptsetup-token-systemd-tpm2.so' # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1 - add_binary "/usr/lib/libgcc_s.so.1" + add_binary '/usr/lib/libgcc_s.so.1' + + # cryptsetup loads the legacy provider which is required for whirlpool + add_binary '/usr/lib/ossl-modules/legacy.so' # add libraries dlopen()ed by systemd-cryptsetup - for LIB in fido2 tss2-{{esys,rc,mu},tcti-'*'}; do - for FILE in $(find /usr/lib/ -maxdepth 1 -name "lib${LIB}.so*"); do - if [[ -L "${FILE}" ]]; then - add_symlink "${FILE}" - else - add_binary "${FILE}" - fi - done + for FILE in $(find /usr/lib/ -maxdepth 1 -name "libfido2.so*"); do + if [[ -L "${FILE}" ]]; then + add_symlink "${FILE}" + else + add_binary "${FILE}" + fi done # add mkswap for creating swap space on the fly (see 'swap' in crypttab(5)) - add_binary "mkswap" + add_binary 'mkswap' - [[ -f /etc/crypttab.initramfs ]] && add_file "/etc/crypttab.initramfs" "/etc/crypttab" + [[ -f /etc/crypttab.initramfs ]] && add_file '/etc/crypttab.initramfs' '/etc/crypttab' } help() { |