SOURCES: util-linux-ng-dm_crypt.patch (NEW) - let "mount -o encryp...
sls
sls at pld-linux.org
Thu Mar 27 05:34:53 CET 2008
Author: sls Date: Thu Mar 27 04:34:53 2008 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- let "mount -o encryption" work (using cryptsetup and device-mapper);
patch based on util-linux-dm_crypt
---- Files affected:
SOURCES:
util-linux-ng-dm_crypt.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/util-linux-ng-dm_crypt.patch
diff -u /dev/null SOURCES/util-linux-ng-dm_crypt.patch:1.1
--- /dev/null Thu Mar 27 05:34:53 2008
+++ SOURCES/util-linux-ng-dm_crypt.patch Thu Mar 27 05:34:48 2008
@@ -0,0 +1,439 @@
+diff -urN util-linux-2.12q.org/mount/cryptsetup.c util-linux-2.12q/mount/cryptsetup.c
+--- util-linux-2.12q.org/mount/cryptsetup.c 1970-01-01 01:00:00.000000000 +0100
++++ util-linux-2.12q/mount/cryptsetup.c 2005-02-27 19:26:34.000000000 +0100
+@@ -0,0 +1,214 @@
++/*
++ * cryptsetup.c - setup and control encrypted devices
++ */
++
++#include <stdio.h>
++#include <string.h>
++#include <stdlib.h>
++
++#include <libcryptsetup.h>
++
++#include "cryptsetup.h"
++#include "nls.h"
++
++extern int verbose;
++extern char *xstrdup (const char *s); /* not: #include "sundries.h" */
++extern void *xmalloc (size_t size); /* idem */
++extern void error (const char *fmt, ...); /* idem */
++
++#ifdef CRYPT_FLAG_READONLY
++
++#define BUFFER_SIZE 128
++#define DEFAULT_HASH "ripemd160"
++#define DEFAULT_KEYSIZE 256
++
++static char *
++xstrtok(char *s, char delim) {
++ static char *p;
++
++ if (!s)
++ s = p;
++ if (s) {
++ p = strchr(s, delim);
++ if (p)
++ *p++ = '\0';
++ }
++ return s;
++}
++
++int
++set_crypt(char **cryptdev, const char *realdev, int offset,
++ char **encryption, int pfd, int *cryptro) {
++ struct crypt_options options;
++ char buffer[BUFFER_SIZE];
++ const char *dir = crypt_get_dir();
++ const char *name = NULL;
++ char *p, *q;
++ int ret;
++
++ if (!dir) {
++ error(_("mount: crypt engine not ready"));
++ return 1;
++ }
++
++ if (**encryption == '@') {
++ int len = strlen(dir);
++ p = *encryption + 1;
++ if (strncmp(dir, p, len) == 0 && p[len] == '/')
++ p += len + 1;
++ q = strchr(p, ':');
++ if (q)
++ *q++ = '\0';
++ else
++ q = p + strlen(p);
++
++ name = p;
++ *encryption = q;
++ }
++
++ if (!name) {
++ p = (char *)realdev;
++ if (*p == '/')
++ p++;
++ if (strncmp(p, "dev/", 4) == 0)
++ p += 4;
++ for(q = buffer; *p && q < &buffer[BUFFER_SIZE - 2]; p++)
++ switch(*p) {
++ case ':':
++ case '/':
++ *q++ = '-';
++ break;
++ case '-':
++ *q++ = '-';
++ *q++ = '-';
++ break;
++ default:
++ *q++ = *p;
++ }
++ strncpy(q, "-crypt", BUFFER_SIZE - (q - buffer));
++ buffer[BUFFER_SIZE - 1] = '\0';
++ name = buffer;
++ }
++
++ p = xstrdup(*encryption);
++
++ memset(&options, 0, sizeof options);
++ options.name = name;
++ options.device = realdev;
++ options.cipher = xstrtok(p, ':');
++ q = xstrtok(NULL, ':');
++ options.key_size = q ? strtoul(q, NULL, 0) : 0;
++ if (!options.key_size)
++ options.key_size = DEFAULT_KEYSIZE;
++ options.hash = xstrtok(NULL, ':');
++ if (!(options.hash && *options.hash))
++ options.hash = DEFAULT_HASH;
++ options.key_file = xstrtok(NULL, ':');
++ if (!(options.key_file && *options.key_file))
++ options.key_file = NULL;
++ options.passphrase_fd = (pfd >= 0) ? pfd : 0;
++ options.flags = 0;
++ if (*cryptro)
++ options.flags |= CRYPT_FLAG_READONLY;
++ options.offset = offset;
++
++ if (options.offset % 512) {
++ error(_("mount: offset must be a multiple of 512 bytes"));
++ return 1;
++ }
++ options.offset >>= 9;
++
++ if (options.key_size % 8) {
++ error(_("mount: key size must be a multiple of 8 bits"));
++ return 1;
++ }
++ options.key_size /= 8;
++
++ ret = crypt_create_device(&options);
++
++ free(p);
++
++ if (ret < 0) {
++ /* use dev as buffer */
++ char *errorstr = buffer;
++ crypt_get_error(errorstr, BUFFER_SIZE);
++ if (!verbose)
++ errorstr = strerror(-ret);
++
++ error(_("mount: cryptsetup failed with: %s"), errorstr);
++ return 1;
++ }
++
++ *cryptdev = (char *)xmalloc(strlen(dir) + strlen(name) + 2);
++ sprintf(*cryptdev, "%s/%s", dir, name);
++
++ if (options.flags & CRYPT_FLAG_READONLY)
++ *cryptro = 1;
++
++ return 0;
++}
++
++int
++del_crypt (const char *device) {
++ struct crypt_options options;
++ const char *dir = crypt_get_dir();
++ int len = strlen(dir);
++ int ret;
++
++ if (!dir) {
++ error(_("mount: crypt engine not ready"));
++ return 1;
++ }
++
++ if (*device == '@') {
++ char *p;
++ device++;
++ p = strchr(device, ':');
++ if (p)
++ *p = '\0';
++ }
++
++ if (strncmp(dir, device, len) == 0 && device[len] == '/')
++ device += len + 1;
++
++ memset(&options, 0, sizeof options);
++ options.name = device;
++
++ ret = crypt_remove_device(&options);
++ if (ret < 0) {
++ char buffer[BUFFER_SIZE];
++ char *errorstr = buffer;
++ crypt_get_error(errorstr, BUFFER_SIZE);
++ if (!verbose)
++ errorstr = strerror(-ret);
++
++ error(_("mount: cryptsetup failed with: %s"), errorstr);
++ return 1;
++ }
++
++ return 0;
++}
++
++#else /* without CRYPT_FLAG_READONLY */
++
++static void
++mutter(void) {
++ fprintf(stderr,
++ _("This mount was compiled without cryptsetup support. "
++ "Please recompile.\n"));
++}
++
++int
++set_crypt(char **cryptdev, const char *realdev, int offset,
++ char **encryption, int pfd, int *cryptro) {
++ mutter();
++ return 1;
++}
++
++int
++del_crypt (const char *device) {
++ mutter();
++ return 1;
++}
++
++#endif
+diff -urN util-linux-2.12q.org/mount/cryptsetup.h util-linux-2.12q/mount/cryptsetup.h
+--- util-linux-2.12q.org/mount/cryptsetup.h 1970-01-01 01:00:00.000000000 +0100
++++ util-linux-2.12q/mount/cryptsetup.h 2005-02-27 19:26:34.000000000 +0100
+@@ -0,0 +1,4 @@
++extern int verbose;
++extern int set_crypt(char **, const char *, int, char **,
++ int, int *);
++extern int del_crypt(const char *);
+diff -urN util-linux-2.12q.org/mount/Makefile.am util-linux-2.12q/mount/Makefile.am
+--- util-linux-2.12q.org/mount/Makefile.am 2005-02-27 19:25:37.000000000 +0100
++++ util-linux-2.12q/mount/Makefile.am 2005-02-27 19:27:21.000000000 +0100
+@@ -9,6 +9,7 @@
+ getusername.h loop.h sundries.h
+
+ mount_common = fstab.c mount_mntent.c getusername.c lomount.c \
++ cryptsetup.c \
+ $(utils_common) $(headers_common) ../lib/env.c
+
+ mount_SOURCES = mount.c $(mount_common) ../lib/setproctitle.c
+@@ -19,8 +19,8 @@
+ losetup_SOURCES = lomount.c loop.h lomount.h
+ losetup_CPPFLAGS = -DMAIN $(AM_CPPFLAGS)
+
+-mount_LDADD = $(LDADD_common)
+-umount_LDADD = $(LDADD_common)
++mount_LDADD = $(LDADD_common) -lcryptsetup
++umount_LDADD = $(LDADD_common) -lcryptsetup
+ swapon_LDADD = $(LDADD_common)
+
+ LDADD_common =
+diff -urN util-linux-2.12q.org/mount/mount.c util-linux-2.12q/mount/mount.c
+--- util-linux-2.12q.org/mount/mount.c 2004-12-21 23:00:36.000000000 +0100
++++ util-linux-2.12q/mount/mount.c 2005-02-27 19:29:40.000000000 +0100
+@@ -28,6 +28,7 @@
+ #include "mntent.h"
+ #include "fstab.h"
+ #include "lomount.h"
++#include "cryptsetup.h"
+ #include "loop.h"
+ #include "linux_fs.h" /* for BLKGETSIZE */
+ #include "mount_guess_rootdev.h"
+@@ -98,11 +99,12 @@
+ #define MS_USER 0x20000000
+ #define MS_OWNER 0x10000000
+ #define MS_GROUP 0x08000000
++#define MS_CRYPT 0x04000000
+ #define MS_COMMENT 0x02000000
+ #define MS_LOOP 0x00010000
+
+ /* Options that we keep the mount system call from seeing. */
+-#define MS_NOSYS (MS_NOAUTO|MS_USERS|MS_USER|MS_COMMENT|MS_LOOP)
++#define MS_NOSYS (MS_NOAUTO|MS_USERS|MS_USER|MS_COMMENT|MS_LOOP|MS_CRYPT)
+
+ /* Options that we keep from appearing in the options field in the mtab. */
+ #define MS_NOMTAB (MS_REMOUNT|MS_NOAUTO|MS_USERS|MS_USER)
+@@ -607,7 +609,7 @@
+ *type = opt_vfstype;
+ }
+
+- *loop = ((*flags & MS_LOOP) || *loopdev || opt_offset || opt_encryption);
++ *loop = ((*flags & MS_LOOP) || *loopdev || (opt_offset && !opt_encryption));
+ *loopfile = *spec;
+
+ if (*loop) {
+@@ -626,7 +628,7 @@
+ printf(_("mount: going to use the loop device %s\n"), *loopdev);
+
+ if ((res = set_loop(*loopdev, *loopfile, offset,
+- opt_encryption, pfd, &loopro))) {
++ NULL /* opt_encryption */, pfd, &loopro))) {
+ if (res == 2) {
+ /* loop dev has been grabbed by some other process,
+ try again, if not given explicitly */
+@@ -636,6 +638,42 @@
+ *spec = *loopdev;
+ if (loopro)
+ *flags |= MS_RDONLY;
++ /* set offset to 0 so that crypto setup doesn't add an offset too */
++ opt_offset = 0;
++ }
++ }
++
++ return 0;
++}
++
++static int
++crypt_check(char **spec, char **type, int *flags,
++ int *crypt, char **cryptdev, char **realdev) {
++ int offset;
++
++ *crypt = ((*flags & MS_CRYPT) || opt_encryption);
++ *realdev = *spec;
++
++ if (*crypt) {
++ *flags |= MS_CRYPT;
++ if (fake) {
++ if (verbose)
++ printf(_("mount: skipping the setup of an encrypted device\n"));
++ } else {
++ int cryptro = (*flags & MS_RDONLY);
++
++ offset = opt_offset ? strtoul(opt_offset, NULL, 0) : 0;
++ if (set_crypt(cryptdev, *realdev, offset,
++ &opt_encryption, pfd, &cryptro)) {
++ if (verbose)
++ printf(_("mount: failed setting up encrypted device\n"));
++ return EX_FAIL;
++ }
++ if (verbose > 1)
++ printf(_("mount: setup crypt device successfully\n"));
++ *spec = *cryptdev;
++ if (cryptro)
++ *flags |= MS_RDONLY;
+ }
+ }
+
+@@ -788,7 +826,9 @@
+ const char *opts, *spec, *node, *types;
+ char *user = 0;
+ int loop = 0;
++ int crypt = 0;
+ const char *loopdev = 0, *loopfile = 0;
++ char *cryptdev = 0, *realdev = 0;
+ struct stat statbuf;
+ int nfs_mount_version = 0; /* any version */
+
+@@ -823,6 +863,10 @@
+ res = loop_check(&spec, &types, &flags, &loop, &loopdev, &loopfile);
+ if (res)
+ goto out;
++
++ res = crypt_check(&spec, &types, &flags, &crypt, &cryptdev, &realdev);
++ if (res)
++ goto out;
+ }
+
+ /*
+@@ -853,6 +897,11 @@
+ if (loop)
+ opt_loopdev = loopdev;
+
++ if (crypt) {
++ char *tmp = xmalloc(strlen(cryptdev) + strlen(opt_encryption) + 3);
++ sprintf(tmp, "@%s:%s", cryptdev, opt_encryption);
++ opt_encryption = tmp;
++ }
+ /*
+ * Call mount.TYPE for types that require a separate mount program.
+ * For the moment these types are ncpfs and smbfs. Maybe also vxfs.
+@@ -863,7 +907,7 @@
+ /* Mount succeeded, report this (if verbose) and write mtab entry. */
+
+ if (!(mounttype & MS_PROPAGATION)) {
+- update_mtab_entry(loop ? loopfile : spec,
++ update_mtab_entry(loop ? loopfile : crypt ? realdev : spec,
+ node,
+ types ? types : "unknown",
+ fix_opts_string (flags & ~MS_NOMTAB, extra_opts, user),
+@@ -879,6 +928,8 @@
+
+ mnt_err = errno;
+
++ if (crypt)
++ del_crypt(spec);
+ if (loop)
+ del_loop(spec);
+
+diff -urN util-linux-2.12q.org/mount/umount.c util-linux-2.12q/mount/umount.c
+--- util-linux-2.12q.org/mount/umount.c 2004-12-20 23:03:45.000000000 +0100
++++ util-linux-2.12q/mount/umount.c 2005-02-27 19:26:34.000000000 +0100
+@@ -15,6 +15,7 @@
+ #include "sundries.h"
+ #include "getusername.h"
+ #include "lomount.h"
++#include "cryptsetup.h"
+ #include "loop.h"
+ #include "fstab.h"
+ #include "env.h"
+@@ -274,6 +275,7 @@
+ int res;
+ int status;
+ const char *loopdev;
++ const char *cryptdev;
+
+ /* Special case for root. As of 0.99pl10 we can (almost) unmount root;
+ the kernel will remount it readonly so that we can carry on running
+@@ -365,12 +367,33 @@
+ }
+ }
+
+- loopdev = 0;
+ if (res >= 0) {
+ /* Umount succeeded */
+ if (verbose)
+ printf (_("%s umounted\n"), spec);
++ }
++
++ cryptdev = 0;
++ if (res >= 0) {
++ /* Free any encrypted devices that we allocated ourselves */
++ if (mc) {
++ char *optl;
++
++ optl = mc->m.mnt_opts ? xstrdup(mc->m.mnt_opts) : "";
++ for (optl = strtok (optl, ","); optl;
++ optl = strtok (NULL, ",")) {
++ if (!strncmp(optl, "encryption=", 11)) {
++ cryptdev = optl+11;
++ break;
++ }
++ }
++ }
++ }
++ if (cryptdev)
++ del_crypt(cryptdev);
+
++ loopdev = 0;
++ if (res >= 0) {
+ /* Free any loop devices that we allocated ourselves */
+ if (mc) {
+ char *optl;
================================================================
More information about the pld-cvs-commit
mailing list