Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 285027 Details for
Bug 380795
sys-fs/cryptsetup: dm-crypt-start.sh: get keys via custom pipe
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
0001-get-keys-via-custom-pipe-v2.patch
0001-get-keys-via-custom-pipe-v2.patch (text/plain), 2.97 KB, created by
Leho Kraav (:macmaN @lkraav)
on 2011-08-29 16:59:53 UTC
(
hide
)
Description:
0001-get-keys-via-custom-pipe-v2.patch
Filename:
MIME Type:
Creator:
Leho Kraav (:macmaN @lkraav)
Created:
2011-08-29 16:59:53 UTC
Size:
2.97 KB
patch
obsolete
>From 0011b85ffd6fef96784b4e9b6ae4e008ba8d01b9 Mon Sep 17 00:00:00 2001 >From: Leho Kraav <leho@kraav.com> >Date: Mon, 29 Aug 2011 19:58:08 +0300 >Subject: [PATCH] get keys via custom pipe v2 > >--- > cryptsetup/files/1.0.6-dmcrypt.confd | 11 +++++++++-- > cryptsetup/files/1.1.3-dm-crypt-start.sh | 12 ++++++++---- > 2 files changed, 17 insertions(+), 6 deletions(-) > >diff --git a/cryptsetup/files/1.0.6-dmcrypt.confd b/cryptsetup/files/1.0.6-dmcrypt.confd >index 35a1fd2..f44331b 100644 >--- a/cryptsetup/files/1.0.6-dmcrypt.confd >+++ b/cryptsetup/files/1.0.6-dmcrypt.confd >@@ -79,13 +79,13 @@ > #key='/full/path/to/homekey' > #remdev='/dev/sda1' > >-##/home with gpg protected key on removable media(such as usb-stick) >+## /home with gpg protected key on removable media(such as usb-stick) > #target=crypt-home > #source='/dev/hda5' > #key='/full/path/to/homekey:gpg' > #remdev='/dev/sda1' > >-##/tmp with regular keyfile >+## /tmp with regular keyfile > #target=crypt-tmp > #source='/dev/hda6' > #key='/full/path/to/tmpkey' >@@ -96,3 +96,10 @@ > #mount='crypt-loop-home' > #source='/dev/loop0' > #loop_file='/mnt/crypt/home' >+ >+## Create a key with any command at runtime and pipe it to cryptsetup >+# This example ensures that a certain token has to be present in the >+# system for sha512 to generate a correct password for unlocking the volume >+target=c3 >+source=/dev/sda3 >+pipe='ls /dev/disk/by-uuid | sha512sum' >diff --git a/cryptsetup/files/1.1.3-dm-crypt-start.sh b/cryptsetup/files/1.1.3-dm-crypt-start.sh >index e56dbc9..5be8bf4 100644 >--- a/cryptsetup/files/1.1.3-dm-crypt-start.sh >+++ b/cryptsetup/files/1.1.3-dm-crypt-start.sh >@@ -171,7 +171,11 @@ dm_crypt_execute_dmcrypt() { > ret="$?" > eend "${ret}" "failure running cryptsetup" > else >- cryptsetup ${options} ${arg1} ${arg2} ${arg3} >+ if [ -n "${pipe}" ]; then >+ eval "${pipe}" | cryptsetup ${options} ${arg1} ${arg2} ${arg3} >+ else >+ cryptsetup ${options} ${arg1} ${arg2} ${arg3} >+ fi > ret="$?" > eend "${ret}" "failure running cryptsetup" > fi >@@ -244,7 +248,7 @@ parse_opt() { > } > > local cryptfs_status=0 >-local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev >+local gpg_options key loop_file target targetline options pre_mount post_mount source swap remdev pipe > > CMDLINE="`cat /proc/cmdline`" > for x in ${CMDLINE} >@@ -276,10 +280,10 @@ if [[ -f ${conf_file} ]] && [[ -x /sbin/cryptsetup ]] ; then > ${execute_hook} > > # Prepare for the next target/swap by resetting variables >- unset gpg_options key loop_file target options pre_mount post_mount source swap remdev >+ unset gpg_options key loop_file target options pre_mount post_mount source swap remdev pipe > ;; > >- gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*) >+ gpg_options=*|remdev=*|key=*|loop_file=*|options=*|pre_mount=*|post_mount=*|source=*|pipe=*) > if [[ -z ${target} && -z ${swap} ]] ; then > ewarn "Ignoring setting outside target/swap section: ${targetline}" > continue >-- >1.7.6 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=285027">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 380795
:
284757
| 285027
