Summary: | sys-fs/cryptsetup: add support for detached LUKS header | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Oleg Akimov <akimov.shop> |
Component: | [OLD] Core system | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | UNCONFIRMED --- | ||
Severity: | enhancement | CC: | gokturk, lucianposton |
Priority: | Normal | Keywords: | PATCH |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
plain diff
enable detached LUKS header support updated patch for 2.4.0-dmcrypt.rc updated patch for 2.4.0-dmcrypt.confd updated patch for 2.4.0-dmcrypt.rc updated patch for 2.4.0-dmcrypt.rc updated patch for 2.4.0-dmcrypt.rc Updated patch for latest stable cryptsetup 2.4.3-r2 Updated patch for latest stable cryptsetup 2.4.3-r2 Updated patch for latest stable cryptsetup 2.4.3-r2 Updated patch for latest stable cryptsetup 2.4.3-r2 Updated patch for latest stable cryptsetup 2.6.1 |
Description
Oleg Akimov
2013-12-08 19:25:16 UTC
Created attachment 364964 [details, diff]
plain diff
patch for /etc/init.d/dmcrypt
Comment on attachment 364964 [details, diff]
plain diff
Please attach a unified patch next time.
Created attachment 365052 [details, diff]
enable detached LUKS header support
Comment on attachment 365052 [details, diff] enable detached LUKS header support >+ cryptsetup isLuks ${source} 2>/dev/null \ >+ && { arg1="luksOpen"; arg2="${source}"; arg3="${target}"; luks=1; } i know existing code style likes to pack multiple statements on one line, but let's get away from that if cryptsetup isLuks ${source} 2>/dev/null ; then ... var assignments ... fi otherwise, patch looks fine I'd like to see this enhancement go in. The code style suggestion above is already in the gentoo tree. Is something else blocking this issue? Created attachment 767170 [details, diff]
updated patch for 2.4.0-dmcrypt.rc
Created attachment 767171 [details, diff]
updated patch for 2.4.0-dmcrypt.confd
I've brought the original patch from Oleg up to date, so it patches against 2.4.0-dmcrypt.rc (used by the currently stable sys-fs/cryptsetup-2.4.3). I've also patched the 2.4.0-dmcrypt.conf to add an example of using the detached header with a usb stick. I've tested them and am currently using both patches applied to my system, it would be nice to get these included for others to use. Created attachment 767898 [details, diff]
updated patch for 2.4.0-dmcrypt.rc
I realised that the patches included an 'isLuks' check which fails when using a partition with a detached header, with the following: # cryptsetup -v isLuks /dev/<my_device> Command failed with code -1 (wrong or missing parameters). so the conditional to assign the arg_header never executes in 2.4.0-dmcrypt.rc, and it appears to be treated as --type=plain (it becomes clear when the removable drive isn't plugged in). I've updated the patch with a fix. Created attachment 775014 [details, diff]
updated patch for 2.4.0-dmcrypt.rc
Updated patch to unset the luks header file path variable after use, so subsequent encrypted volumes can work when a detached header is not used.
(In reply to Stephen Kirkby from comment #11) > Created attachment 775014 [details, diff] [details, diff] > updated patch for 2.4.0-dmcrypt.rc > > Updated patch to unset the luks header file path variable after use, so > subsequent encrypted volumes can work when a detached header is not used. ``` + if [ cryptsetup isLuks ${source} 2>/dev/null ] || [ -n "${luks_header}" ] ; then ``` should be ``` + if cryptsetup isLuks ${source} 2>/dev/null || [ -n "${luks_header}" ] ; then ``` . Created attachment 778130 [details, diff]
updated patch for 2.4.0-dmcrypt.rc
Patch updated
Created attachment 832213 [details, diff]
Updated patch for latest stable cryptsetup 2.4.3-r2
Created attachment 832215 [details, diff]
Updated patch for latest stable cryptsetup 2.4.3-r2
Although the latest cryptsetup-2.4.3-r2 supports detached headers, I've kept this patch alive as it supports the detached header on a removable drive.
Created attachment 861072 [details, diff]
Updated patch for latest stable cryptsetup 2.4.3-r2
Added additional logic to wait for a specified time after unmounting the removable media, to ensure the device doesn't get remounted before the user removes it.
Created attachment 861073 [details, diff]
Updated patch for latest stable cryptsetup 2.4.3-r2
Added additional logic to wait for a specified time after unmounting the removable media, to ensure the device doesn't get remounted before the user removes it.
Created attachment 876383 [details, diff]
Updated patch for latest stable cryptsetup 2.6.1
Added fix for when user doesn't have encrypted swap enabled, so subsequent detached header targets will still work (simple change to move function declaration higher).
|