diff options
-rw-r--r-- | .SRCINFO | 16 | ||||
-rw-r--r-- | PKGBUILD | 17 | ||||
-rw-r--r-- | encrypt_hook | 13 | ||||
-rw-r--r-- | encrypt_install | 8 | ||||
-rw-r--r-- | sd-encrypt | 23 |
5 files changed, 49 insertions, 28 deletions
@@ -1,21 +1,25 @@ pkgbase = cryptsetup-git pkgdesc = Userspace setup tool for transparent encryption of block devices using dm-crypt - pkgver = v2.0.5.r8.g4f075a1 + pkgver = v2.3.3.r81.gf3ec1e22 pkgrel = 1 url = https://gitlab.com/cryptsetup/cryptsetup arch = armv6h arch = armv7h arch = i686 arch = x86_64 - groups = base license = GPL makedepends = util-linux makedepends = git depends = device-mapper - depends = libgcrypt + depends = libdevmapper.so + depends = openssl depends = popt depends = libutil-linux + depends = libuuid.so depends = json-c + depends = libjson-c.so + depends = argon2 + depends = libargon2.so provides = cryptsetup conflicts = cryptsetup options = !emptydirs @@ -24,9 +28,9 @@ pkgbase = cryptsetup-git source = encrypt_install source = sd-encrypt sha256sums = SKIP - sha256sums = 4406f8dc83f4f1b408e49d557515f721d91b358355c71fbe51f74ab27e5c84ff - sha256sums = cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae - sha256sums = d442304e6a78b3513ebc53be3fe2f1276a7df470c8da701b3ece971d59979bdd + sha256sums = 416aa179ce3c6a7a5eee0861f1f0a4fafac91b69e84a2aae82b6e5a6140e31e2 + sha256sums = d325dc239ecc9a5324407b0782da6df2573e8491251836d6c4e65fa61339ce57 + sha256sums = 31d816b3650a57512a5f9b52c1995fa65a161faa8b37975d07c9a1b8e1a119db pkgname = cryptsetup-git @@ -6,15 +6,16 @@ _gitname=cryptsetup pkgname="${_gitname}-git" _gitbranch=master _gitauthor=cryptsetup -pkgver=v2.0.5.r8.g4f075a1 +pkgver=v2.3.3.r81.gf3ec1e22 pkgrel=1 -pkgdesc="Userspace setup tool for transparent encryption of block devices using dm-crypt" +pkgdesc='Userspace setup tool for transparent encryption of block devices using dm-crypt' arch=('armv6h' 'armv7h' 'i686' 'x86_64') license=('GPL') url="https://gitlab.com/${_gitauthor}/${_gitname}" -groups=('base') -depends=('device-mapper' 'libgcrypt' 'popt' 'libutil-linux' 'json-c') +depends=('device-mapper' 'libdevmapper.so' 'openssl' 'popt' 'libutil-linux' + 'libuuid.so' 'json-c' 'libjson-c.so' 'argon2' 'libargon2.so') makedepends=('util-linux' 'git') +provides=('libcryptsetup.so') conflicts=('cryptsetup') provides=('cryptsetup') options=('!emptydirs') @@ -23,9 +24,9 @@ source=("git+https://gitlab.com/${_gitauthor}/${_gitname}#branch=${_gitbranch}" "encrypt_install" "sd-encrypt") sha256sums=('SKIP' - '4406f8dc83f4f1b408e49d557515f721d91b358355c71fbe51f74ab27e5c84ff' - 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae' - 'd442304e6a78b3513ebc53be3fe2f1276a7df470c8da701b3ece971d59979bdd') + '416aa179ce3c6a7a5eee0861f1f0a4fafac91b69e84a2aae82b6e5a6140e31e2' + 'd325dc239ecc9a5324407b0782da6df2573e8491251836d6c4e65fa61339ce57' + '31d816b3650a57512a5f9b52c1995fa65a161faa8b37975d07c9a1b8e1a119db') pkgver() { cd "${srcdir}/${_gitname}" @@ -39,7 +40,7 @@ pkgver() { build() { cd "${srcdir}/${_gitname}" ./autogen.sh - ./configure --prefix=/usr --sbindir=/usr/bin --disable-static --enable-cryptsetup-reencrypt + ./configure --prefix=/usr --sbindir=/usr/bin --disable-static --enable-libargon2 make } diff --git a/encrypt_hook b/encrypt_hook index 819c4cf60fe0..882d5fb4423d 100644 --- a/encrypt_hook +++ b/encrypt_hook @@ -44,6 +44,12 @@ EOF cryptname="root" fi + # This may happen if third party hooks do the crypt setup + if [ -b "/dev/mapper/${cryptname}" ]; then + echo "Device ${cryptname} already exists, not doing any crypt setup." + return 0 + fi + warn_deprecated() { echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated" echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead." @@ -88,7 +94,7 @@ EOF fi else err "Password succeeded, but ${cryptname} creation failed, aborting..." - exit 1 + return 1 fi elif [ -n "${crypto}" ]; then [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated @@ -110,7 +116,6 @@ EOF if [ -f "$ckeyfile" ]; then exe="$exe --key-file $ckeyfile" else - exe="$exe --verify-passphrase" echo "" echo "A password is required to access the ${cryptname} volume:" fi @@ -119,7 +124,7 @@ EOF if [ $? -ne 0 ]; then err "Non-LUKS device decryption failed. verify format: " err " crypto=hash:cipher:keysize:offset:skip" - exit 1 + return 1 fi if [ -e "/dev/mapper/${cryptname}" ]; then if [ ${DEPRECATED_CRYPT} -eq 1 ]; then @@ -127,7 +132,7 @@ EOF fi else err "Password succeeded, but ${cryptname} creation failed, aborting..." - exit 1 + return 1 fi else err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified." diff --git a/encrypt_install b/encrypt_install index 38e5ddc57b11..4cffb4ff014b 100644 --- a/encrypt_install +++ b/encrypt_install @@ -3,13 +3,14 @@ build() { local mod - add_module dm-crypt + add_module "dm-crypt" + add_module "dm-integrity" if [[ $CRYPTO_MODULES ]]; then for mod in $CRYPTO_MODULES; do add_module "$mod" done else - add_all_modules '/crypto/' + add_all_modules "/crypto/" fi add_binary "cryptsetup" @@ -19,6 +20,9 @@ build() { add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules" + # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1 + add_binary "/usr/lib/libgcc_s.so.1" + add_runscript } diff --git a/sd-encrypt b/sd-encrypt index c18fd2f2422f..1cc16cff9c2f 100644 --- a/sd-encrypt +++ b/sd-encrypt @@ -3,13 +3,14 @@ build() { local mod - add_module dm-crypt + add_module "dm-crypt" + add_module "dm-integrity" if [[ $CRYPTO_MODULES ]]; then for mod in $CRYPTO_MODULES; do add_module "$mod" done else - add_all_modules '/crypto/' + add_all_modules "/crypto/" fi add_binary "dmsetup" @@ -18,14 +19,20 @@ build() { add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules" - add_systemd_unit cryptsetup.target - add_binary /usr/lib/systemd/system-generators/systemd-cryptsetup-generator - add_binary /usr/lib/systemd/systemd-cryptsetup + add_systemd_unit "cryptsetup.target" + add_binary "/usr/lib/systemd/system-generators/systemd-cryptsetup-generator" + add_binary "/usr/lib/systemd/systemd-cryptsetup" - add_systemd_unit systemd-ask-password-console.path - add_systemd_unit systemd-ask-password-console.service + add_systemd_unit "systemd-ask-password-console.path" + add_systemd_unit "systemd-ask-password-console.service" - [[ -f /etc/crypttab.initramfs ]] && add_file /etc/crypttab.initramfs /etc/crypttab + # cryptsetup calls pthread_create(), which dlopen()s libgcc_s.so.1 + add_binary "/usr/lib/libgcc_s.so.1" + + # add mkswap for creating swap space on the fly (see 'swap' in crypttab(5)) + add_binary "mkswap" + + [[ -f /etc/crypttab.initramfs ]] && add_file "/etc/crypttab.initramfs" "/etc/crypttab" } help() { |