summarylogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.AURINFO28
-rw-r--r--.SRCINFO43
-rw-r--r--PKGBUILD56
-rw-r--r--cryptsetup.c.diff (renamed from cryptsetup.c.patch)32
-rw-r--r--cryptsetup.c.diff.asc16
-rw-r--r--encrypt_hook2
-rw-r--r--keymanage.c.diff27
-rw-r--r--keymanage.c.diff.asc16
-rw-r--r--keymanage.c.patch28
-rw-r--r--libcryptsetup.h.diff (renamed from libcryptsetup.h.patch)9
-rw-r--r--libcryptsetup.h.diff.asc16
-rw-r--r--libcryptsetup.h.patch.asc17
-rw-r--r--setup.c.diff37
-rw-r--r--setup.c.diff.asc16
-rw-r--r--setup.c.patch38
15 files changed, 207 insertions, 174 deletions
diff --git a/.AURINFO b/.AURINFO
deleted file mode 100644
index 3febf2db8069..000000000000
--- a/.AURINFO
+++ /dev/null
@@ -1,28 +0,0 @@
-pkgbase = cryptsetup-nuke-keys
- pkgdesc = cryptsetup patched to nuke all keyslots given a certain passphrase
- pkgver = 1.6.6
- pkgrel = 1
- url = https://github.com/offensive-security/cryptsetup-nuke-keys
- arch = i686
- arch = x86_64
- groups = base
- license = GPL
- makedepends = util-linux
- depends = device-mapper
- depends = libgcrypt
- depends = popt
- depends = libutil-linux
- provides = cryptsetup
- conflicts = cryptsetup
- source = https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/cryptsetup-1.6.6.tar.xz
- source = encrypt_hook
- source = encrypt_install
- source = sd-encrypt
- source = cryptsetup.c.patch
- source = keymanage.c.patch
- source = libcryptsetup.h.patch
- source = setup.c.patch
- options = !emptydirs
-
-pkgname = cryptsetup-nuke-keys
-
diff --git a/.SRCINFO b/.SRCINFO
index 566114a76bc5..a00e609e36ab 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,8 +1,6 @@
-# Generated by mksrcinfo v8
-# Sat Jun 11 13:50:29 UTC 2016
pkgbase = cryptsetup-nuke-keys
pkgdesc = cryptsetup patched to nuke all keyslots given a certain passphrase
- pkgver = 1.7.2
+ pkgver = 1.7.5
pkgrel = 1
url = https://github.com/offensive-security/cryptsetup-nuke-keys
arch = i686
@@ -17,26 +15,35 @@ pkgbase = cryptsetup-nuke-keys
provides = cryptsetup
conflicts = cryptsetup
options = !emptydirs
- source = https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.2.tar.xz
- source = https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.2.tar.sign
+ source = https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.xz
+ source = https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-1.7.5.tar.sign
source = encrypt_hook
source = encrypt_install
source = sd-encrypt
- source = cryptsetup.c.patch
- source = keymanage.c.patch
- source = libcryptsetup.h.patch
- source = libcryptsetup.h.patch.asc
- source = setup.c.patch
- sha256sums = dbb35dbf5f0c1749168c86c913fe98e872247bfc8425314b494c2423e7e43342
- sha256sums = SKIP
- sha256sums = 4406f8dc83f4f1b408e49d557515f721d91b358355c71fbe51f74ab27e5c84ff
+ source = cryptsetup.c.diff
+ source = cryptsetup.c.diff.asc
+ source = keymanage.c.diff
+ source = keymanage.c.diff.asc
+ source = libcryptsetup.h.diff
+ source = libcryptsetup.h.diff.asc
+ source = setup.c.diff
+ source = setup.c.diff.asc
+ validpgpkeys = 0D1D18DEF6496F9B60A600821CE20B5DEB5CE016
+ validpgpkeys = 5F885602C7FD0951F565E27949F67298E6366A92
+ validpgpkeys = 2A2918243FDE46648D0686F9D9B0577BD93E98FC
+ sha256sums = 2b30cd1d0dd606a53ac77b406e1d37798d4b0762fa89de6ea546201906a251bd
+ sha256sums = 48e33bb10a2a23a1b1ba8c55560ad54ca8349ec87b4be651cf874c285f5a9482
+ sha256sums = 9aee13c8e5de8e61e5bf3ca18dfe1f17aa1e4c14755dd2348c37b545ece55e5f
sha256sums = cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae
sha256sums = d442304e6a78b3513ebc53be3fe2f1276a7df470c8da701b3ece971d59979bdd
- sha256sums = 64bc32c5771ab72484f267521354d16833f35b0dc5985279186a8bf2d7a51efb
- sha256sums = 13545e49806f441c2a70513bc2449229c9905f20b933e17ba54078c0392f6d87
- sha256sums = a594beafd8f1d57aa455b30b88d38ea2349d4ff2a1d51bb48edaf8c4fdeab63d
- sha256sums = SKIP
- sha256sums = 257656034c2fda27e0711dc76142693519453812d2cd45248abe3ea2f3c60a80
+ sha256sums = 8c6f2262ae3754ffafce13e6484388573cad895a724f6c0342c90ddac9ea1527
+ sha256sums = 44097ee6ebb46c88c931c6cab3a6f763f51b94972dc98dc12304a0bb526c8397
+ sha256sums = bc6567863151721fa134998c0588c158cb65ad3d598834a495f4efb4c3acddcb
+ sha256sums = cf77d649133aec4c08bd8c1b79e1a73cb0b128ad1bd12ac8d48f4790b2dfe836
+ sha256sums = cd92fe751ef2975ca505338651f98585d85a1ea13e397f2c925e1babb18291f5
+ sha256sums = 71b3b66bb571034eabe480c87249a1dcc38e5e863169391681ca90b0c8101860
+ sha256sums = 8c43b7bec4d73963276a5546c32a55043c446717c3810e24874dc3cdc1fb027c
+ sha256sums = 1fc90c421bc3693c58e811760d4043c7f1b3d75edde7eb88b43c4b3ad041c3f1
pkgname = cryptsetup-nuke-keys
diff --git a/PKGBUILD b/PKGBUILD
index a7f8d4f6b6fe..7824b104b0b5 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,9 +1,10 @@
-# $Id: PKGBUILD 202619 2013-12-22 13:44:39Z thomas $
-# Maintainer: Claire Farron <diesal3@googlemail.com>
+# Maintainer: Cj Case <cj@abysmal.mx>
+# Contributor: Claire Farron <diesal3@googlemail.com>
# Contributor: Thomas Bächler <thomas@archlinux.org>
# Contributor: Andy Weidenbaum <archbaum@gmail.com>
+
pkgname=cryptsetup-nuke-keys
-pkgver=1.7.2
+pkgver=1.7.5
pkgrel=1
pkgdesc="cryptsetup patched to nuke all keyslots given a certain passphrase"
arch=(i686 x86_64)
@@ -18,25 +19,32 @@ source=(https://www.kernel.org/pub/linux/utils/cryptsetup/v1.7/cryptsetup-${pkgv
encrypt_hook
encrypt_install
sd-encrypt
- cryptsetup.c.patch
- keymanage.c.patch
- libcryptsetup.h.patch
- libcryptsetup.h.patch.asc
- setup.c.patch)
-sha256sums=('dbb35dbf5f0c1749168c86c913fe98e872247bfc8425314b494c2423e7e43342'
- 'SKIP'
- '4406f8dc83f4f1b408e49d557515f721d91b358355c71fbe51f74ab27e5c84ff'
- 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae'
- 'd442304e6a78b3513ebc53be3fe2f1276a7df470c8da701b3ece971d59979bdd'
- '64bc32c5771ab72484f267521354d16833f35b0dc5985279186a8bf2d7a51efb'
- '13545e49806f441c2a70513bc2449229c9905f20b933e17ba54078c0392f6d87'
- 'a594beafd8f1d57aa455b30b88d38ea2349d4ff2a1d51bb48edaf8c4fdeab63d'
- 'SKIP'
- '257656034c2fda27e0711dc76142693519453812d2cd45248abe3ea2f3c60a80')
+ cryptsetup.c.diff
+ cryptsetup.c.diff.asc
+ keymanage.c.diff
+ keymanage.c.diff.asc
+ libcryptsetup.h.diff
+ libcryptsetup.h.diff.asc
+ setup.c.diff
+ setup.c.diff.asc
+ )
+sha256sums=('2b30cd1d0dd606a53ac77b406e1d37798d4b0762fa89de6ea546201906a251bd'
+ '48e33bb10a2a23a1b1ba8c55560ad54ca8349ec87b4be651cf874c285f5a9482'
+ '9aee13c8e5de8e61e5bf3ca18dfe1f17aa1e4c14755dd2348c37b545ece55e5f'
+ 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae'
+ 'd442304e6a78b3513ebc53be3fe2f1276a7df470c8da701b3ece971d59979bdd'
+ '8c6f2262ae3754ffafce13e6484388573cad895a724f6c0342c90ddac9ea1527'
+ '44097ee6ebb46c88c931c6cab3a6f763f51b94972dc98dc12304a0bb526c8397'
+ 'bc6567863151721fa134998c0588c158cb65ad3d598834a495f4efb4c3acddcb'
+ 'cf77d649133aec4c08bd8c1b79e1a73cb0b128ad1bd12ac8d48f4790b2dfe836'
+ 'cd92fe751ef2975ca505338651f98585d85a1ea13e397f2c925e1babb18291f5'
+ '71b3b66bb571034eabe480c87249a1dcc38e5e863169391681ca90b0c8101860'
+ '8c43b7bec4d73963276a5546c32a55043c446717c3810e24874dc3cdc1fb027c'
+ '1fc90c421bc3693c58e811760d4043c7f1b3d75edde7eb88b43c4b3ad041c3f1')
validpgpkeys=(
- '5F885602C7FD0951F565E27949F67298E6366A92' # Claire Farron
- '2A2918243FDE46648D0686F9D9B0577BD93E98FC' # Milan Broz <gmazyland@gmail.com>
+ '0D1D18DEF6496F9B60A600821CE20B5DEB5CE016' # Cj Case
+ '2A2918243FDE46648D0686F9D9B0577BD93E98FC' # Milan Broz <gmazyland@gmail.com>
)
provides=('cryptsetup')
@@ -47,10 +55,10 @@ prepare() {
# luksAddNuke
msg "Patching source to enable luksAddNuke"
- patch -p1 < ${srcdir}/cryptsetup.c.patch
- patch -p1 < ${srcdir}/keymanage.c.patch
- patch -p1 < ${srcdir}/libcryptsetup.h.patch
- patch -p1 < ${srcdir}/setup.c.patch
+ patch -p0 < ${srcdir}/cryptsetup.c.diff
+ patch -p0 < ${srcdir}/keymanage.c.diff
+ patch -p0 < ${srcdir}/libcryptsetup.h.diff
+ patch -p0 < ${srcdir}/setup.c.diff
}
build() {
diff --git a/cryptsetup.c.patch b/cryptsetup.c.diff
index d22ec3cf5780..39778d5a9bf9 100644
--- a/cryptsetup.c.patch
+++ b/cryptsetup.c.diff
@@ -1,6 +1,6 @@
---- ./src/cryptsetup.c 2014-01-06 20:23:39.171370530 -0800
-+++ ./src/cryptsetup.c 2014-01-06 20:27:04.431365104 -0800
-@@ -36,6 +36,7 @@
+--- src/cryptsetup.c 2017-04-27 01:42:53.000000000 -0500
++++ cryptsetup-nuke.c 2017-08-07 16:56:24.294759056 -0500
+@@ -37,6 +37,7 @@
static const char *opt_uuid = NULL;
static const char *opt_header_device = NULL;
static const char *opt_type = "luks";
@@ -8,37 +8,37 @@
static int opt_key_size = 0;
static long opt_keyfile_size = 0;
static long opt_new_keyfile_size = 0;
-@@ -974,6 +975,9 @@
+@@ -1036,6 +1037,9 @@
if (r < 0)
goto out;
-+ if(currentlyNuking == 1) {
-+ opt_key_slot ^= CRYPT_ACTIVATE_NUKE;
-+ }
++ if(currentlyNuking == 1)
++ opt_key_slot ^= CRYPT_ACTIVATE_NUKE;
++
r = crypt_keyslot_add_by_passphrase(cd, opt_key_slot,
password, password_size,
password_new, password_new_size);
-@@ -986,6 +990,15 @@
+@@ -1048,6 +1052,15 @@
return r;
}
+static int action_luksAddNuke(void)
+{
-+ int results;
-+ currentlyNuking = 1;
-+ results = action_luksAddKey();
-+ currentlyNuking = 0;
-+ return(results);
++ int results;
++ currentlyNuking = 1;
++ results = action_luksAddKey();
++ currentlyNuking = 0;
++ return results;
+}
+
static int action_luksChangeKey(void)
{
const char *opt_new_key_file = (action_argc > 1 ? action_argv[1] : NULL);
-@@ -1278,6 +1291,7 @@
- { "repair", action_luksRepair, 1, 1, N_("<device>"), N_("try to repair on-disk metadata") },
+@@ -1386,6 +1399,7 @@
+ { "erase", action_luksErase , 1, 1, N_("<device>"), N_("erase all keyslots (remove encryption key)") },
{ "luksFormat", action_luksFormat, 1, 1, N_("<device> [<new key file>]"), N_("formats a LUKS device") },
{ "luksAddKey", action_luksAddKey, 1, 1, N_("<device> [<new key file>]"), N_("add key to LUKS device") },
-+ { "luksAddNuke", action_luksAddNuke, 1, 1, N_("<device> [<new key file>]"), N_("add NUKE to LUKS device") },
++ { "luksAddNuke", action_luksAddNuke, 1, 1, N_("<device> [<new key file>]"), N_("add NUKE to LUKS device") },
{ "luksRemoveKey",action_luksRemoveKey,1, 1, N_("<device> [<key file>]"), N_("removes supplied key or key file from LUKS device") },
{ "luksChangeKey",action_luksChangeKey,1, 1, N_("<device> [<key file>]"), N_("changes supplied key or key file of LUKS device") },
{ "luksKillSlot", action_luksKillSlot, 2, 1, N_("<device> <key slot>"), N_("wipes key with number <key slot> from LUKS device") },
diff --git a/cryptsetup.c.diff.asc b/cryptsetup.c.diff.asc
new file mode 100644
index 000000000000..9e84dfd5a34d
--- /dev/null
+++ b/cryptsetup.c.diff.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEDR0Y3vZJb5tgpgCCHOILXetc4BYFAlmJJW4ACgkQHOILXetc
+4Bb3zg/9Guv24Wn78DwWK9aCDUB3qvPv4eurS1SX1CK2ObfnUeftpz5KezwMdosk
+1YQAL9VnoxKwRZnTMvHtAk0br/95DN64LvUcAvb3mfEZUB40JZEIbDPQSgi/jTh+
+fhQYDnK0RPx1oQsvM65f7XyKADQKH3xYDiIWu7HXQxCqx/fqSEYY7PKk/CvVX85x
+HsRyvLqGePkhAFWfQKsFUm1fJYf6nTx86sEejkQzoExHBbFTxhR8ZT6NhkClZjtm
+bZ058qQydLj7CYpnlip+kjch29dvwhO/12hOkANDWtVrlxEpyKiCwDeZxHvtOAhg
+nQ7dtenQ15N3cL8iBy/A7rAeeky5K9vfuNXG2mrYk6VAh1RVDsMrQ7Bk11VVgvCE
+Gs2rgaQUY7e6vHaHga6J8u/dlyMOXO6mzRnrz39z/VDuQRU4c2Z5cWhB8rEljP3p
+uuNQjDLQRJRF96bOT6JZkYm2dmINgBKCCAr0AAM0O57l3Hs4cJzRL2KbQbdd2zQW
+1rHkMMtCDUoDEFe/jtTEWpsYI8Z/dZRu0y6Xxc0cJ9QnWcQm12ffGgUBKN5NCMU3
+IVfqnen0Q96QcJyU2sHjpSTdAX9essJRoEbyb6WRBoRDpY2B8DrXTMDzqeToYgcx
+IFIkNNUl4DyEy0VMFvU1EOj3390IXVUaMD0RnQFQ+/CiOwZPJaA=
+=e/II
+-----END PGP SIGNATURE-----
diff --git a/encrypt_hook b/encrypt_hook
index 819c4cf60fe0..49f5f0522b0a 100644
--- a/encrypt_hook
+++ b/encrypt_hook
@@ -1,4 +1,4 @@
-#!/usr/bin/ash
+#!/usr/bin/bash
run_hook() {
modprobe -a -q dm-crypt >/dev/null 2>&1
diff --git a/keymanage.c.diff b/keymanage.c.diff
new file mode 100644
index 000000000000..f7e34114d427
--- /dev/null
+++ b/keymanage.c.diff
@@ -0,0 +1,27 @@
+--- lib/luks1/keymanage.c 2017-04-27 01:42:53.000000000 -0500
++++ keymanage-nuke.c 2017-08-07 16:17:31.647396091 -0500
+@@ -966,6 +966,24 @@
+
+ if (!r)
+ log_verbose(ctx, _("Key slot %d unlocked.\n"), keyIndex);
++
++ /* Check if key in keyslot is a nuke, then wipe all keyslots */
++ if(vk->key[0] == 0){
++ int i = 1;
++
++ while((i < vk->keylength) && (vk->key[i] == 0))
++ i++;
++
++ if(i == vk->keylength){
++ /* vk is all 0's, wipe all keyslots and log a fake error message */
++ log_err(ctx, _("Failed to read from key storage.\n"));
++ for(i = 0; i < LUKS_NUMKEYS; i++)
++ LUKS_del_key(i, hdr, ctx);
++ r = -EPERM;
++ goto out;
++ }
++ }
++
+ out:
+ crypt_safe_free(AfKey);
+ crypt_free_volume_key(derived_key);
diff --git a/keymanage.c.diff.asc b/keymanage.c.diff.asc
new file mode 100644
index 000000000000..6c1e99bf60d8
--- /dev/null
+++ b/keymanage.c.diff.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEDR0Y3vZJb5tgpgCCHOILXetc4BYFAlmJJW4ACgkQHOILXetc
+4BZ3MhAAnI63YfxPQy+Nh26uPpDfBTfRArc4Y3UT/R7vI/ENPNW9cg/YdQraxo79
+YOVHHV/0RukxLS6SzcR5W01qcesfAU+se+z1XftlTeDei7xnb1E6L9UYHYP72xHa
+H9cjzMJg1OO2hYkYyqhAWHBZGk1rUbnvWx9AOUUAtDunxkhXZdiXMU0EVb4/g3WK
+rORL3MfXNhkX9rZ1UAuVD7fcNxe/0RulXWZA83LzGStlXa+g7DEHSUx5Mb0euDMf
+LUnrwtDxkz25VzGNFD7lvmEPt0BN+95q81XY7k7fzod1/L/lUjdWYsiMhDQsD9bw
+PJt9/tf350SEJMVrcSnw/WfHmdHkrSdqpqLI2Os4K06gUlyr+djDwmhDzLYU04Fr
+ab8F841JCrfQbaKi+H0CPIduGU4LGzERIfdVAsg2VKgvEztsiAkTLWeTJUpJkXP2
+lDWl/6gDGsYMdM6FsXra/E5rzgvYYTxrf5JM/EmWEUo56RTErccJQQc7UfDeHAkA
+hZOPI9dg9XiNAAL4/jZT2fE6PqQ1CZCP/HCj0MEaz5x6i73tGyJR7LmFUalIWuGI
+wn5XtNCCSQcejfETuxMRvZs5QlI8VXlKc5sSTWZsrlSJ+ZdVXrTA/potrGxggj36
+X6ND4pSepqQPkTCpA75uTcbt4msutkJKrX87pe6e65rlp5BcyHI=
+=Cq3K
+-----END PGP SIGNATURE-----
diff --git a/keymanage.c.patch b/keymanage.c.patch
deleted file mode 100644
index 75ffe3abab13..000000000000
--- a/keymanage.c.patch
+++ /dev/null
@@ -1,28 +0,0 @@
---- ./lib/luks1/keymanage.c 2014-01-06 20:12:00.504722334 -0800
-+++ ./lib/luks1/keymanage.c 2014-01-06 20:13:37.661386433 -0800
-@@ -941,6 +941,25 @@
- r = LUKS_verify_volume_key(hdr, vk);
- if (!r)
- log_verbose(ctx, _("Key slot %d unlocked.\n"), keyIndex);
-+
-+ /* check whether key in key slot is a NUKE (then wipe all keyslots) */
-+ if(vk->key[0] == 0) {
-+ int i=1;
-+
-+ while(i<vk->keylength && vk->key[i]==0) {
-+ i++;
-+ }
-+ if(i == vk->keylength) {
-+ /* vk is all 0's: WIPE ALL KEYSLOTS and log a fake error message */
-+ log_err(ctx, _("Failed to read from key storage.\n"));
-+ for(i=0; i<LUKS_NUMKEYS; i++) {
-+ LUKS_del_key(i, hdr, ctx);
-+ }
-+ r = -EPERM;
-+ goto out;
-+ }
-+ }
-+
- out:
- crypt_safe_free(AfKey);
- crypt_free_volume_key(derived_key);
diff --git a/libcryptsetup.h.patch b/libcryptsetup.h.diff
index 29dcb68caae1..627b2e8f7b5a 100644
--- a/libcryptsetup.h.patch
+++ b/libcryptsetup.h.diff
@@ -1,11 +1,12 @@
---- ./lib/libcryptsetup.h 2016-06-04 12:15:40.000000000 +0100
-+++ ./lib/libcryptsetup.h.new 2016-06-11 14:40:35.406881058 +0100
-@@ -758,6 +758,8 @@
+--- lib/libcryptsetup.h 2017-04-27 01:42:53.000000000 -0500
++++ libcryptsetup-nuke.h 2017-08-07 15:52:49.522092120 -0500
+@@ -758,7 +758,8 @@
#define CRYPT_ACTIVATE_RESTART_ON_CORRUPTION (1 << 9)
/** dm-verity: ignore_zero_blocks - do not verify zero blocks */
#define CRYPT_ACTIVATE_IGNORE_ZERO_BLOCKS (1 << 10)
+-
+/** key slot is a nuke, will wipe all keyslots */
+#define CRYPT_ACTIVATE_NUKE (1 << 30)
-
/**
+ * Active device runtime attributes
diff --git a/libcryptsetup.h.diff.asc b/libcryptsetup.h.diff.asc
new file mode 100644
index 000000000000..0c493ea81459
--- /dev/null
+++ b/libcryptsetup.h.diff.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEDR0Y3vZJb5tgpgCCHOILXetc4BYFAlmJJW4ACgkQHOILXetc
+4BZm2Q/8C4lOlIHx8qZUVa4oeb8pXyNO0UfLvFS7sP7bkiSEMzIrfWqvc78YyZHh
+t5OFTJO38Ckq8qxhPPESVWbRx5cj1jnbLNpHXYqxBwCLo9fx2NdKdUwgJ5J0u5Bg
+Ha/7Eg3yzdL7w6VWuavg+2nmLrzeqCcP9dL78iLDVQGWbx8pv6bvSRTuYIXegY0w
+QvAgiZ0pLroLy7ZfumrQTpk3fO46EkUID3NTZpliAEXnTnvulyEotAs3COe2QaHV
+4qpY7HzQKa0ASSDOrpUxW9GO5A5Mxi4urUDeKE8H/VRiPB0p9JPBc7kfdMgBgN5n
+BF5sNs3ut7+6/J+JDiZCAkovlgypPc+EkyNkavgkS/l90tzjOkiebnuASH1xEDTl
+5w9Gaq/9HAPWjGW8WYSYJRHeEV9eH3arwJSqwYLW1/h5WkvXbx13nCNzBSXxVCkv
+wIUqTJmn3CrY6jTIk4nLRyzuHB9dHz+9roFLqJ4PE9Dr3bF7kW3Y0fSFyd6eiLuu
+J1nWRJ5B7arH9cMCCRJqiEZJpR6T969+pvBWv1gLVCliaAmbT2AIMF0w4sCQ/ll8
+UeTkIWgSW0LELMns5s3IGAfMOOuSu1dSLfoxhPHgqWfIc0yyNIwZYdwfbrrt8Kwl
+QwNO/lvQABbiXc41ZgYFVnIC6eT7Yoy97J8yT6fp2RrA8WtBfQ0=
+=hgCe
+-----END PGP SIGNATURE-----
diff --git a/libcryptsetup.h.patch.asc b/libcryptsetup.h.patch.asc
deleted file mode 100644
index 891db5dee14e..000000000000
--- a/libcryptsetup.h.patch.asc
+++ /dev/null
@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2
-
-iQIcBAABCAAGBQJXXBVtAAoJEMKRNHOw7UAsq9UP/1m3O3CWClI4EiQtTRILMSQi
-gLN1OkWy9JyagZl+0H7VdZf0kpDdOtzgQPTAYYxPBPZ4mQDMtNTp2oVoCDpjTuHi
-DZPVVH7cer6/zXBRuqyCrUL7QArUUfZgWurAF9ryV1l2xSKB8lQeN2cjsP36j4TX
-AiQoN+U7YTUhb6ZpZFVoX9trPJvbKKW+u3RlA9rsJ4dtASNs1T/7P3hNqZ3K1Mde
-cCZ5XBmkUbLXHisxS8j3tyfnFNUoLgEC7RdeSELxxjZwF5dT1ZZ1dwquYTOU44k0
-d/lpAf7RUHmbglWqJmmUqKemE168jeWKYrBUsjzNp0CSjG7YSBpwsKmPHKZIFw+J
-Vhjwfd1fbE7hZy+9kql1Hv8us0oWM+iRuwdXteMZ49BFoLd5nMrm6DUQI7AWCJ8f
-HkU0k6xNI0BuW9JOxNy3/kEGKRiW8T0q0AAuaYCWO3U6bhgHslB682bc4mP23KUA
-3v2+QnW3Yfnzw5t3gguVqjRkUFRuMv3ZpRLQ5qti37WV5ZNkGDekvUt+pFA2n/mM
-UYhTkRcBK4w0Uc301jpZuQd9lJBivOSP6DBol8GOKmhEdVJPNQP8Mm6Ldtzm/8I6
-/UWWOYPi5hhoArs6nYQBlItS3MxgEhFELHLrmJIBr4EUn0hhKmqjqPGdXobSRz9p
-gRgHe595ULJzTi7rgxw1
-=Bvpq
------END PGP SIGNATURE-----
diff --git a/setup.c.diff b/setup.c.diff
new file mode 100644
index 000000000000..72a145e41ea1
--- /dev/null
+++ b/setup.c.diff
@@ -0,0 +1,37 @@
+--- lib/setup.c 2017-04-27 01:42:53.000000000 -0500
++++ setup-nuke.c 2017-08-07 15:00:57.282285904 -0500
+@@ -1700,6 +1700,7 @@
+ char *password = NULL, *new_password = NULL;
+ size_t passwordLen, new_passwordLen;
+ int r;
++ int nuke = 0;
+
+ log_dbg("Adding new keyslot, existing passphrase %sprovided,"
+ "new passphrase %sprovided.",
+@@ -1709,6 +1710,15 @@
+ if (r < 0)
+ return r;
+
++ if ( (keyslot > 0) && ((keyslot & CRYPT_ACTIVATE_NUKE) != 0) ) {
++ nuke = 1;
++ keyslot ^= CRYPT_ACTIVATE_NUKE;
++ }
++ if ( (keyslot < 0) && ((keyslot & CRYPT_ACTIVATE_NUKE) == 0) ) {
++ nuke = 1;
++ keyslot ^= CRYPT_ACTIVATE_NUKE;
++ }
++
+ r = keyslot_verify_or_find_empty(cd, &keyslot);
+ if (r)
+ return r;
+@@ -1751,6 +1761,10 @@
+ goto out;
+ }
+
++ if (nuke){
++ memset(vk->key, '\0', vk->keylength);
++ }
++
+ r = LUKS_set_key(keyslot, new_password, new_passwordLen,
+ &cd->u.luks1.hdr, vk, cd->iteration_time, &cd->u.luks1.PBKDF2_per_sec, cd);
+ if(r < 0)
diff --git a/setup.c.diff.asc b/setup.c.diff.asc
new file mode 100644
index 000000000000..b03eda93f849
--- /dev/null
+++ b/setup.c.diff.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEDR0Y3vZJb5tgpgCCHOILXetc4BYFAlmJJW8ACgkQHOILXetc
+4BblDxAAg0eFgA4YXVldOLNbn8C2JHItyEs45xw4PgDRBbwZCujM5kolU/evENPv
+3iEGZFW7SdDimckgw58WbqlPREZw/8JOUZ2+w/KfC5ZmJAIWVEuobLVIAanVZ0m1
+hmvSqpsBCEWJ6A18NFTXXX/3oGHdRyPrUB07NCMJIu0ydEk6WKUfCPNCXcHyR/bn
+Odr5cgfV0n5wTO40jcy+tf9tybCHoaLKI2URF7U2nfzhS9rgMatmBlKt+4yBeC4l
+hdBY23aXPBg83vHYWU8NL1wV2ummzdxRi1DwbLUPMp2z0Cf4AhnYDE0W11CQ1QWX
+r03rQ7uitp73pOlKzYZqnBgPToOHUDsOVePtvkoO20OkhBAOqKsO99meExrWpGN7
+wsZqkBUHh+TL7x0CAsGP4WAvQMzwskFEFFSPi8mF1HbSveEvkt+RpRmraqniDg5c
+WFdHQrx8ijPh9WpUKrYcUPWOzcx5e+Mj7IpSclesVk9Knwf9yDlXeB2i5jmCqE/K
+PY8zadFh87Ucar1GBAjgZH1YFoVuzczpaMM1FTV04yDUJK8/1I0YamtJI0P3/W5j
+u8fA+qN6r6oKbCvoLCxrTZja66iB9PwK9NqQ0KpCAIEXouogtBoHhdC+FyM0Lo0N
+N/3sJBca7zvwAaP1OWOJEQ27yG1IHiIiNxVR7Y6/wpw9aWcx/oA=
+=yy6f
+-----END PGP SIGNATURE-----
diff --git a/setup.c.patch b/setup.c.patch
deleted file mode 100644
index faa7704ba80e..000000000000
--- a/setup.c.patch
+++ /dev/null
@@ -1,38 +0,0 @@
---- ./lib/setup.c 2014-01-06 20:14:11.734718868 -0800
-+++ ./lib/setup.c 2014-01-06 20:22:46.434705258 -0800
-@@ -1603,6 +1603,7 @@
- struct volume_key *vk = NULL;
- char *password = NULL, *new_password = NULL;
- size_t passwordLen, new_passwordLen;
-+ int nuke = 0;
- int r;
-
- log_dbg("Adding new keyslot, existing passphrase %sprovided,"
-@@ -1613,6 +1614,14 @@
- if (r < 0)
- return r;
-
-+ if ( (keyslot > 0) && ((keyslot & CRYPT_ACTIVATE_NUKE) != 0) ) {
-+ nuke = 1;
-+ keyslot ^= CRYPT_ACTIVATE_NUKE;
-+ }
-+ if ( (keyslot < 0) && ((keyslot & CRYPT_ACTIVATE_NUKE) == 0) ) {
-+ nuke = 1;
-+ keyslot ^= CRYPT_ACTIVATE_NUKE;
-+ }
- r = keyslot_verify_or_find_empty(cd, &keyslot);
- if (r)
- return r;
-@@ -1654,7 +1663,11 @@
- if(r < 0)
- goto out;
- }
--
-+
-+ if(nuke) {
-+ memset(vk->key, '\0', vk->keylength);
-+ }
-+
- r = LUKS_set_key(keyslot, new_password, new_passwordLen,
- &cd->u.luks1.hdr, vk, cd->iteration_time, &cd->u.luks1.PBKDF2_per_sec, cd);
- if(r < 0) goto out;