Attachment #26953 for bug #43146

Lines 6-12 Link Here

(-)dmcrypt.orig/dm-crypt.conf (-3 / +5 lines)
6	#IMPORTANT: you should use either no swap at all or only encrypted swaps	6	#IMPORTANT: you should use either no swap at all or only encrypted swaps
7	#when using the dm-crypt init script, otherwise you risk leaking keys to	7	#when using the dm-crypt init script, otherwise you risk leaking keys to
8	#swapspace.	8	#swapspace.
9	#For swap devices, you should use random keystrokes as passphrase	9	#For swap devices, you should use the swap type. It will read some random
		10	#data from the random device instead of asking for a password, and then
		11	#run mkswap on it.
10		12
11	#The optional 'salt=' argument specifies a seed to use along with the hash.	13	#The optional 'salt=' argument specifies a seed to use along with the hash.
12	#Use of a salt makes dictionary attacks more difficult - if possible,	14	#Use of a salt makes dictionary attacks more difficult - if possible,
Lines 18-22 Link Here
18	#for every encrypted device, but it is also not a bad idea to do so.	20	#for every encrypted device, but it is also not a bad idea to do so.
19		21
20	#examples	22	#examples
21	#map=swap0 cipher=aes-plain keysize=32 hash=sha512 device=/dev/hda2 salt=my	23	#map=swap0 type=swap cipher=aes-plain keysize=32 hash=sha512 device=/dev/hda2 salt=my
22	#map=hdb cipher=aes-plain keysize=32 hash=sha512 device=/dev/hdb	24	#map=hdb type=disk cipher=aes-plain keysize=32 hash=sha512 device=/dev/hdb

Lines 10-15 Link Here

(-)dmcrypt.orig/dm-crypt.rc (-2 / +32 lines)
10	dmpath=/dev/mapper/	10	dmpath=/dev/mapper/
11	dmtarget=crypt	11	dmtarget=crypt
12	salts=/etc/salts/	12	salts=/etc/salts/
		13	random_device=/dev/urandom
13		14
14	#FIXME: refuses to start before localmount	15	#FIXME: refuses to start before localmount
15	depend() {	16	depend() {
Lines 30-38 Link Here
30	ewarn "${salts}salt.${salt} does not exist"	31	ewarn "${salts}salt.${salt} does not exist"
31	return 1	32	return 1
32	fi	33	fi
33	hashcmd="$hashcmd -s $salt"	34	hashcmd="$hashcmd -s $salt"
34	fi	35	fi
35		36
		37	#for a swap device we get the key from /dev/random
		38	if [ "$type" == "swap" ]
		39	then
		40	hashcmd="head -c $(($keysize/8)) $random_device"
		41	fi
		42
36	key="`$hashcmd 2> /dev/null \	43	key="`$hashcmd 2> /dev/null \
37	\| hexdump -e \"\\\"\\\" $keysize/1 \\\"%02x\\\" \\\"\\\n\\\"\" \	44	\| hexdump -e \"\\\"\\\" $keysize/1 \\\"%02x\\\" \\\"\\\n\\\"\" \
38	\| sed -e 's/ /0/g' \| head -n 1`"	45	\| sed -e 's/ /0/g' \| head -n 1`"
Lines 80-92 Link Here
80		87
81	eval `echo ${maps[$i]} \| tr ',' ' '`	88	eval `echo ${maps[$i]} \| tr ',' ' '`
82		89
83	if [ "$map" == "" ] \|\| [ "$cipher" == "" ] \|\| [ "$keysize" == "" ] \|\| [ "$hash" == "" ] \|\| [ "$device" == "" ]	90	if [ "$type" == "" ] \|\| [ "$map" == "" ] \|\| [ "$cipher" == "" ] \|\| [ "$keysize" == "" ] \|\| [ "$hash" == "" ] \|\| [ "$device" == "" ]
84	then	91	then
85	ewarn "config for $map missing required values, skipping"	92	ewarn "config for $map missing required values, skipping"
86	status=1	93	status=1
87	continue	94	continue
88	fi	95	fi
89		96
		97	if [ "$type" != "disk" ] && [ "$type" != "swap" ]
		98	then
		99	ewarn "The type must be either 'disk' or 'swap', skipping"
		100	status=1
		101	continue
		102	fi
		103
90	ebegin "creating $map for $device ($cipher/$hash)"	104	ebegin "creating $map for $device ($cipher/$hash)"
91		105
92	if [ ! -b "$device" ]	106	if [ ! -b "$device" ]
Lines 115-120 Link Here
115	eend 1	129	eend 1
116	fi	130	fi
117		131
		132	if [ "$type" == "swap" ] && ! mkswap "$dmpath$map" &> /dev/null
		133	then
		134	ewarn "Failed to create a swap area on $map"
		135	dmsetup remove "$map" &> /dev/null
		136	status=1
		137	eend 1
		138	fi
		139
118	eend 0	140	eend 0
119	done	141	done
120		142
Lines 143-148 Link Here
143	status=1	165	status=1
144	continue	166	continue
145	fi	167	fi
		168
		169	if [ "$type" == "swap" ] && grep -qE "^$dmpath$map" /proc/swaps
		170	then
		171	ewarn "$dmpath$map is still being used for swap space, skipping"
		172	eend 1
		173	status=1
		174	continue
		175	fi
146		176
147	if ! dmsetup remove $map	177	if ! dmsetup remove $map
148	then	178	then

Return to bug 43146