Date: Friday, May 25, 2012 @ 19:48:44 Author: dreisner Revision: 159619
upgpkg: cryptsetup 1.4.2-1 - update install hook for mkinitcpio 0.9.0 (FS#29992) - add support for UUID cryptkey and cryptdevice (FS#24700) Modified: cryptsetup/trunk/PKGBUILD cryptsetup/trunk/encrypt_hook cryptsetup/trunk/encrypt_install -----------------+ PKGBUILD | 4 ++-- encrypt_hook | 17 +++++++++-------- encrypt_install | 17 +++++++++++------ 3 files changed, 22 insertions(+), 16 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2012-05-25 23:31:16 UTC (rev 159618) +++ PKGBUILD 2012-05-25 23:48:44 UTC (rev 159619) @@ -17,8 +17,8 @@ encrypt_install) sha256sums=('1fe80d7b19d24b3f65d2e446decfed859e2c4d17fdf7c19289d82dc7cd60dfe7' '4e6dbece8d1baad861479aca70d0cf30887420da9b5eab45d65d064c656893ed' - 'e4c00e2da274bf4cab3f72a0de779790a11a946d36b83144e74d3791e230b262' - 'cba1dc38ff6cc4d3740d0badfb2b151bb03d19e8e9fa497569ac2fb6f4196e0e') + 'e0cbcabb81233b4d465833dca0faf1e762dc3cb6611597a25fe24e5d7209f316' + 'cfe465bdad3d958bb2332a05e04f2e1e884422a5714dfd1a0a3b9b74bf7dc6ae') build() { cd "${srcdir}"/$pkgname-${pkgver} Modified: encrypt_hook =================================================================== --- encrypt_hook 2012-05-25 23:31:16 UTC (rev 159618) +++ encrypt_hook 2012-05-25 23:48:44 UTC (rev 159619) @@ -10,20 +10,21 @@ IFS=: read ckdev ckarg1 ckarg2 <<EOF $cryptkey EOF - if poll_device "${ckdev}" ${rootdelay}; then + + if resolved=$(resolve_device "${ckdev}" ${rootdelay}); then case ${ckarg1} in *[!0-9]*) # Use a file on the device # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path mkdir /ckey - mount -r -t "$ckarg1" "$ckdev" /ckey + mount -r -t "$ckarg1" "$resolved" /ckey dd if="/ckey/$ckarg2" of="$ckeyfile" >/dev/null 2>&1 umount /ckey ;; *) # Read raw data from the block device # ckarg1 is numeric: ckarg1=offset, ckarg2=length - dd if="$ckdev" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1 + dd if="$resolved" of="$ckeyfile" bs=1 skip="$ckarg1" count="$ckarg2" >/dev/null 2>&1 ;; esac fi @@ -58,13 +59,13 @@ esac done - if poll_device "${cryptdev}" ${rootdelay}; then - if cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then + if resolved=$(resolve_device "${cryptdev}" ${rootdelay}); then + if cryptsetup isLuks ${resolved} >/dev/null 2>&1; then [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated dopassphrase=1 # If keyfile exists, try to use that if [ -f ${ckeyfile} ]; then - if eval cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; then + if eval cryptsetup --key-file ${ckeyfile} luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; then dopassphrase=0 else echo "Invalid keyfile. Reverting to passphrase." @@ -76,7 +77,7 @@ echo "A password is required to access the ${cryptname} volume:" #loop until we get a real password - while ! eval cryptsetup luksOpen ${cryptdev} ${cryptname} ${cryptargs} ${CSQUIET}; do + while ! eval cryptsetup luksOpen ${resolved} ${cryptname} ${cryptargs} ${CSQUIET}; do sleep 2; done fi @@ -96,7 +97,7 @@ err "Non-LUKS decryption not attempted..." return 1 fi - exe="cryptsetup create $cryptname $cryptdev $cryptargs" + exe="cryptsetup create $cryptname $resolved $cryptargs" IFS=: read c_hash c_cipher c_keysize c_offset c_skip <<EOF $crypto EOF Modified: encrypt_install =================================================================== --- encrypt_install 2012-05-25 23:31:16 UTC (rev 159618) +++ encrypt_install 2012-05-25 23:48:44 UTC (rev 159619) @@ -1,13 +1,16 @@ #!/bin/bash build() { - if [ -z "${CRYPTO_MODULES}" ]; then - MODULES=" dm-crypt $(all_modules "/crypto/")" + local mod + + add_module dm-crypt + if [[ $CRYPTO_MODULES ]]; then + for mod in $CRYPTO_MODULES; do + add_module "$mod" + done else - MODULES=" dm-crypt $CRYPTO_MODULES" + add_all_modules '/crypto/' fi - FILES="" - SCRIPT="encrypt" add_binary "cryptsetup" add_binary "dmsetup" @@ -15,10 +18,12 @@ add_file "/usr/lib/udev/rules.d/13-dm-disk.rules" add_file "/usr/lib/udev/rules.d/95-dm-notify.rules" add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules" + + add_runscript } help() { - cat <<HELPEOF + cat <<HELPEOF This hook allows for an encrypted root device. Users should specify the device to be unlocked using 'cryptdevice=device:dmname' on the kernel command line, where 'device' is the path to the raw device, and 'dmname' is the name given to